933 research outputs found
Partial Evaluation for Java Malware Detection
The fact that Java is platform independent gives hackers the opportunity to write exploits that can target users on any platform, which has a JVM implementation. Metasploit is a well-known source of Java exploits and to circumvent detection by Anti Virus (AV) software, obfuscation techniques are routinely applied to make an exploit more difficult to recognise. Popular obfuscation techniques for Java include string obfuscation and applying reflection to hide method calls; two techniques that can either be used together or independently. This paper shows how to apply partial evaluation to remove these obfuscations and thereby improve AV matching. The paper presents a partial evaluator for Jimple, which is a typed three-address code suitable for optimisation and program analysis, and also demonstrates how the residual Jimple code, when transformed back into Java, improves the detection rates of a number of commercial AV products
Superpotentials from variational derivatives rather than Lagrangians in relativistic theories of gravity
The prescription of Silva to derive superpotential equations from variational
derivatives rather than from Lagrangian densities is applied to theories of
gravity derived from Lovelock Lagrangians in the Palatini representation.
Spacetimes are without torsion and isolated sources of gravity are minimally
coupled. On a closed boundary of spacetime, the metric is given and the
connection coefficients are those of Christoffel. We derive equations for the
superpotentials in these conditions. The equations are easily integrated and we
give the general expression for all superpotentials associated with Lovelock
Lagrangians. We find, in particular, that in Einstein's theory, in any number
of dimensions, the superpotential, valid at spatial and at null infinity, is
that of Katz, Bicak and Lynden-Bell, the KBL superpotential. We also give
explicitly the superpotential for Gauss-Bonnet theories of gravity. Finally, we
find a simple expression for the superpotential of Einstein-Gauss-Bonnet
theories with an anti-de Sitter background: it is minus the KBL superpotential,
confirming, as it should, the calculation of the total mass-energy of spacetime
at spatial infinity by Deser and Tekin.Comment: Scheduled to appear in Class. Quantum Grav. August 200
Does Dysbiosis Play a Role in Age-Related Hearing Impairment?
Age-related hearing impairment (ARHI) is prevalent in older adults, affecting at least 60% of people by the time they reach 71 to 80 years of age.1 The number of people with ARHI will necessarily increase as humans live longer and a greater proportion of the population is older.2 Hearing loss does not just impact communication; it is associated with loneliness and depression, cognitive decline and dementia, as well as reduced physical well-being.3-6 A decade ago, an international report calculated that hearing loss cost Europe £213 billion annually.7 There is currently no effective drug treatment for hearing loss. Hearing aids (average cost £2,300/pair) are the most commonly prescribed ameliorative therapy, but uptake is low; and among those who obtain hearing aids, a high proportion do not use them or are dissatisfied with them. Hearing loss prevention is therefore of compelling necessity, and genetic studies will help us understand how and why people lose their hearing ability and will inform prevention strategies
Self-reported hearing loss questions provide a good measure for genetic studies: a polygenic risk score analysis from UK Biobank
Age-related hearing impairment (ARHI) is very common in older adults and has major impact on quality of life. The
heritability of ARHI has been estimated to be around 50%. The present study aimed to estimate heritability and
environmental contributions to liability of ARHI and the extent to which a polygenic risk score (PRS) derived from a recent
genome-wide association study of questionnaire items regarding hearing loss using the UK Biobank is predictive of hearing
loss in other samples. We examined (1) a sample from TwinsUK who have had hearing ability measured by pure-tone
audiogram and the speech-to-noise ratio test as well as questionnaire measures that are comparable with the UK Biobank
questionnaire items and (2) European and non-European samples from the UK Biobank which were not part of the original
GWAS. Results indicated that the questionnaire items were over 50% heritable in TwinsUK and comparable with the
objective hearing measures. In addition, we found very high genetic correlation (0.30–0.84) between the questionnaire
responses and objective hearing measures in the TwinsUK sample. Finally, PRS computed from weighted UK Biobank
GWAS results were predictive of both questionnaire and objective measures of hearing loss in the TwinsUK sample, as well
as questionnaire-measured hearing loss in Europeans but not non-European subpopulations. These results demonstrate the
utility of questionnaire-based methods in genetic association studies of hearing loss in adults and highlight the differences in
genetic predisposition to ARHI by ethnic background
You shall not pass: Mitigating SQL Injection Attacks on Legacy Web Applications
SQL injection (SQLi) attacks pose a significant threat to the security of web
applications. Existing approaches do not support object-oriented programming
that renders these approaches unable to protect the real-world web apps such as
Wordpress, Joomla, or Drupal against SQLi attacks. We propose a novel hybrid
static-dynamic analysis for PHP web applications that limits each PHP function
for accessing the database. Our tool, SQLBlock, reduces the attack surface of
the vulnerable PHP functions in a web application to a set of query descriptors
that demonstrate the benign functionality of the PHP function. We implement
SQLBlock as a plugin for MySQL and PHP. Our approach does not require any
modification to the web app. W evaluate SQLBlock on 11 SQLi vulnerabilities in
Wordpress, Joomla, Drupal, Magento, and their plugins. We demonstrate that
SQLBlock successfully prevents all 11 SQLi exploits with negligible performance
overhead (i.e., a maximum of 3% on a heavily-loaded web server)Comment: Accepted in ASIACCS 202
- …