Man-machine partial program analysis for malware detection

With the meteoric rise in popularity of the Android platform, there is an urgent need to combat the accompanying proliferation of malware. Existing work addresses the area of consumer malware detection, but cannot detect novel, sophisticated, domain-specific malware that is targeted specifically at one aspect of an organization (eg. ground operations of the US Military). Adversaries can exploit domain knowledge to camoflauge malice within the legitimate behaviors of an app and behind a domain-specific trigger, rendering traditional approaches such as signature-matching, machine learning, and dynamic monitoring ineffective. Manual code inspections are also inadequate, scaling poorly and introducing human error. Yet, there is a dire need to detect this kind of malware before it causes catastrophic loss of life and property. This dissertation presents the Security Toolbox, our novel solution for this challenging new problem posed by DARPA\u27s Automated Program Analysis for Cybersecurity (APAC) program. We employ a human-in-the-loop approach to amplify the natural intelligence of our analysts. Our automation detects interesting program behaviors and exposes them in an analysis Dashboard, allowing the analyst to brainstorm flaw hypotheses and ask new questions, which in turn can be answered by our automated analysis primitives. The Security Toolbox is built on top of Atlas, a novel program analysis platform made by EnSoft. Atlas uses a graph-based mathematical abstraction of software to produce a unified property multigraph, exposes a powerful API for writing analyzers using graph traversals, and provides both automated and interactive capabilities to facilitate program comprehension. The Security Toolbox is also powered by FlowMiner, a novel solution to mine fine-grained, compact data flow summaries of Java libraries. FlowMiner allows the Security Toolbox to complete a scalable and accurate partial program analysis of an application without including all of the libraries that it uses (eg. Android). This dissertation presents the Security Toolbox, Atlas, and FlowMiner. We provide empirical evidence of the effectiveness of the Security Toolbox for detecting novel, sophisticated, domain-specific Android malware, demonstrating that our approach outperforms other cutting-edge research tools and state-of-the-art commercial programs in both time and accuracy metrics. We also evaluate the effectiveness of Atlas as a program analysis platform and FlowMiner as a library summary tool

Retrieving Leaf Area Index (LAI) Using Remote Sensing: Theories, Methods and Sensors

The ability to accurately and rapidly acquire leaf area index (LAI) is an indispensable component of process-based ecological research facilitating the understanding of gas-vegetation exchange phenomenon at an array of spatial scales from the leaf to the landscape. However, LAI is difficult to directly acquire for large spatial extents due to its time consuming and work intensive nature. Such efforts have been significantly improved by the emergence of optical and active remote sensing techniques. This paper reviews the definitions and theories of LAI measurement with respect to direct and indirect methods. Then, the methodologies for LAI retrieval with regard to the characteristics of a range of remotely sensed datasets are discussed. Remote sensing indirect methods are subdivided into two categories of passive and active remote sensing, which are further categorized as terrestrial, aerial and satellite-born platforms. Due to a wide variety in spatial resolution of remotely sensed data and the requirements of ecological modeling, the scaling issue of LAI is discussed and special consideration is given to extrapolation of measurement to landscape and regional levels

Ticagrelor in patients with diabetes and stable coronary artery disease with a history of previous percutaneous coronary intervention (THEMIS-PCI) : a phase 3, placebo-controlled, randomised trial

Background: Patients with stable coronary artery disease and diabetes with previous percutaneous coronary intervention (PCI), particularly those with previous stenting, are at high risk of ischaemic events. These patients are generally treated with aspirin. In this trial, we aimed to investigate if these patients would benefit from treatment with aspirin plus ticagrelor. Methods: The Effect of Ticagrelor on Health Outcomes in diabEtes Mellitus patients Intervention Study (THEMIS) was a phase 3 randomised, double-blinded, placebo-controlled trial, done in 1315 sites in 42 countries. Patients were eligible if 50 years or older, with type 2 diabetes, receiving anti-hyperglycaemic drugs for at least 6 months, with stable coronary artery disease, and one of three other mutually non-exclusive criteria: a history of previous PCI or of coronary artery bypass grafting, or documentation of angiographic stenosis of 50% or more in at least one coronary artery. Eligible patients were randomly assigned (1:1) to either ticagrelor or placebo, by use of an interactive voice-response or web-response system. The THEMIS-PCI trial comprised a prespecified subgroup of patients with previous PCI. The primary efficacy outcome was a composite of cardiovascular death, myocardial infarction, or stroke (measured in the intention-to-treat population). Findings: Between Feb 17, 2014, and May 24, 2016, 11 154 patients (58% of the overall THEMIS trial) with a history of previous PCI were enrolled in the THEMIS-PCI trial. Median follow-up was 3·3 years (IQR 2·8–3·8). In the previous PCI group, fewer patients receiving ticagrelor had a primary efficacy outcome event than in the placebo group (404 [7·3%] of 5558 vs 480 [8·6%] of 5596; HR 0·85 [95% CI 0·74–0·97], p=0·013). The same effect was not observed in patients without PCI (p=0·76, p interaction=0·16). The proportion of patients with cardiovascular death was similar in both treatment groups (174 [3·1%] with ticagrelor vs 183 (3·3%) with placebo; HR 0·96 [95% CI 0·78–1·18], p=0·68), as well as all-cause death (282 [5·1%] vs 323 [5·8%]; 0·88 [0·75–1·03], p=0·11). TIMI major bleeding occurred in 111 (2·0%) of 5536 patients receiving ticagrelor and 62 (1·1%) of 5564 patients receiving placebo (HR 2·03 [95% CI 1·48–2·76], p<0·0001), and fatal bleeding in 6 (0·1%) of 5536 patients with ticagrelor and 6 (0·1%) of 5564 with placebo (1·13 [0·36–3·50], p=0·83). Intracranial haemorrhage occurred in 33 (0·6%) and 31 (0·6%) patients (1·21 [0·74–1·97], p=0·45). Ticagrelor improved net clinical benefit: 519/5558 (9·3%) versus 617/5596 (11·0%), HR=0·85, 95% CI 0·75–0·95, p=0·005, in contrast to patients without PCI where it did not, p interaction=0·012. Benefit was present irrespective of time from most recent PCI. Interpretation: In patients with diabetes, stable coronary artery disease, and previous PCI, ticagrelor added to aspirin reduced cardiovascular death, myocardial infarction, and stroke, although with increased major bleeding. In that large, easily identified population, ticagrelor provided a favourable net clinical benefit (more than in patients without history of PCI). This effect shows that long-term therapy with ticagrelor in addition to aspirin should be considered in patients with diabetes and a history of PCI who have tolerated antiplatelet therapy, have high ischaemic risk, and low bleeding risk