A comparison of adversarial malware generators

Autoři
Louthánová, P.; Kozák, M.; Jureček, M.; Stamp, M.; Di Troia, F.
Rok
2024
Publikováno
Journal of Computer Virology and Hacking Techniques. 2024, 2024 1-17. ISSN 2263-8733.
Typ
Článek
Pracoviště
Anotace
Machine learning has proven to be a valuable tool for automated malware detection, but machine learning systems have also been shown to be subject to adversarial attacks. This paper summarizes and compares related work on generating adversarial malware samples, specifically malicious Windows Portable Executable files. In contrast with previous research, we not only compare generators of adversarial malware examples theoretically, but we also provide an experimental comparison and evaluation for practical usability. We use gradient-based, evolutionary-based, and reinforcement-based approaches to create adversarial samples, which we test against selected antivirus products. The results show that applying optimized modifications to previously detected malware can lead to incorrect classification of the file as benign. Moreover, generated malicious samples can be effectively employed against detection models other than those used to produce them, and combinations of methods can construct new instances that avoid detection. Based on our findings, the Gym-malware generator, which uses reinforcement learning, has the greatest practical potential. This generator has the fastest average sample production time of 5.73 s and the highest average evasion rate of 44.11%. Using the Gym-malware generator in combination with itself further improved the evasion rate to 58.35%. However, other tested methods scored significantly lower in our experiments than reported in the original publications, highlighting the importance of a standardized evaluation environment.

Ab initio translationally invariant nucleon-nucleus optical potentials

Autoři
Burrows, M.; Launey, K.D.; Mercenne, A.; Baker, R.B.; Sargsyan, G.H.; Dytrych, T.; Langr, D.
Rok
2024
Publikováno
PHYSICAL REVIEW C. 2024, 109 ISSN 2469-9985.
Typ
Článek
Pracoviště
Anotace
We combine the ab initio symmetry-adapted no-core shell model (SA-NCSM) with the single-particle Green's function approach to construct optical potentials rooted in first principles. Specifically, we show that total cross sections and phase shifts for neutron elastic scattering from a 4He target with projectile energies between 0.5 and 10 MeV closely reproduce the experiment. In addition, we discuss an important new development that resolves a long-standing issue with spurious center-of-mass motion in the Green's function formalism for many-body approaches. The new development opens a path for first-principle predictions of cross sections for elastic scattering of single-nucleon projectiles, nucleon capture, and deuteron breakup reactions, feasible for a broad range of open-shell spherical and deformed nuclei in the SA-NCSM approach.

Action Duration Generalization for Exact Multi-Agent Collective Construction

Autoři
Rameš, M.; Surynek, P.
Rok
2024
Publikováno
Proceedings of the 16th International Conference on Agents and Artificial Intelligence. Setúbal: Science and Technology Publications, Lda, 2024. p. 718-725. vol. 3. ISSN 2184-433X. ISBN 978-989-758-680-4.
Typ
Stať ve sborníku
Pracoviště
Anotace
This paper addresses exact approaches to multi-agent collective construction problem which tasks a group of cooperative agents to build a given structure in a blocksworld under the gravity constraint. We propose a generalization of the existing exact model based on mixed integer linear programming by accommodating varying agent action durations. We refer to the model as a fraction-time model. The introduction of action durations enables one to create a more realistic model for various domains. It provides a significant reduction of plan execution duration at the cost of increased computational time, which rises steeply the closer the model gets to the exact real-world action duration. We also propose a makespan estimation function for the fraction-time model. This can be used to estimate the construction time reduction size for cost-benefit analysis. The fraction-time model and the makespan estimation function have been evaluated in a series of experiments using a set of benchmark st ructures. The results show a significant reduction of plan execution duration for non-constant duration actions due to decreasing synchronization overhead at the end of each action. According to the results, the makespan estimation function provides a reasonably accurate estimate of the makespan.

Average-case complexity of a branch-and-bound algorithm for MIN DOMINATING SET

Autoři
Denat, T.; Harutyunyan, A.; Melissinos, N.; Paschos, V. T..
Rok
2024
Publikováno
Discrete Applied Mathematics. 2024, 345 4-8. ISSN 0166-218X.
Typ
Článek
Pracoviště
Anotace
The average-case complexity of a branch-and-bound algorithm for MIN DOMINATING SET problem in random graphs in the G(n, p) model is studied. We identify phase transitions between subexponential and exponential average-case complexities, depending on the growth of the probability p with respect to the number n of nodes. (c) 2023 Elsevier B.V. All rights reserved.

Classification and online clustering of zero-day malware

Autoři
Jurečková, O.; Jureček, M.; Stamp, M.; Di Troia, F.; Lórencz, R.
Rok
2024
Publikováno
Journal of Computer Virology and Hacking Techniques. 2024, 2024 1-14. ISSN 2263-8733.
Typ
Článek
Pracoviště
Anotace
A large amount of new malware is constantly being generated, which must not only be distinguished from benign samples, but also classified into malware families. For this purpose, investigating how existing malware families are developed and examining emerging families need to be explored. This paper focuses on the online processing of incoming malicious samples to assign them to existing families or, in the case of samples from new families, to cluster them. We experimented with seven prevalent malware families from the EMBER dataset, four in the training set and three additional new families in the test set. The features were extracted by static analysis of portable executable files for the Windows operating system. Based on the classification score of the multilayer perceptron, we determined which samples would be classified and which would be clustered into new malware families. We classified 97.21% of streaming data with a balanced accuracy of 95.33%. Then, we clustered the remaining data using a self-organizing map, achieving a purity from 47.61% for four clusters to 77.68% for ten clusters. These results indicate that our approach has the potential to be applied to the classification and clustering of zero-day malware into malware families.

Creating valid adversarial examples of malware

Autoři
Kozák, M.; Jureček, M.; Stamp, M.; Di Troia, F.
Rok
2024
Publikováno
Journal of Computer Virology and Hacking Techniques. 2024, 2024 1-15. ISSN 2263-8733.
Typ
Článek
Pracoviště
Anotace
Because of its world-class results, machine learning (ML) is becoming increasingly popular as a go-to solution for many tasks. As a result, antivirus developers are incorporating ML models into their toolchains. While these models improve malware detection capabilities, they also carry the disadvantage of being susceptible to adversarial attacks. Although this vulnerability has been demonstrated for many models in white-box settings, a black-box scenario is more applicable in practice for the domain of malware detection. We present a method of creating adversarial malware examples using reinforcement learning algorithms. The reinforcement learning agents utilize a set of functionality-preserving modifications, thus creating valid adversarial examples. Using the proximal policy optimization (PPO) algorithm, we achieved an evasion rate of 53.84% against the gradient-boosted decision tree (GBDT) detector. The PPO agent previously trained against the GBDT classifier scored an evasion rate of 11.41% against the neural network-based classifier MalConv and an average evasion rate of 2.31% against top antivirus programs. Furthermore, we discovered that random application of our functionality-preserving portable executable modifications successfully evades leading antivirus engines, with an average evasion rate of 11.65%. These findings indicate that ML-based models used in malware detection systems are sensitive to adversarial attacks and that better safeguards need to be taken to protect these systems.

Evolvable transformation of knowledge graphs into human-oriented formats

Rok
2024
Publikováno
Journal of Intelligent Information Systems. 2024, 62(2), 295-316. ISSN 0925-9902.
Typ
Článek
Pracoviště
Anotace
Along with the ongoing digitalization of society, we witness a strong movement to make scientific data FAIR, machine-actionable, and available in the form of knowledge graphs. On the other hand, converting machine-actionable data from knowledge graphs back into human-oriented formats, including documents, graphical, or voice user interfaces, poses significant challenges. The solutions often build on various templates tailored to specific platforms on top of the shared underlying data. These templates suffer from limited reusability, making their adaptations difficult. Moreover, the continuous evolution of data or technological advancements requires substantial efforts to maintain these templates over time. In general, these challenges increase software development costs and are error-prone. In this paper, we propose a solution based on Normalized Systems Theory to address this challenge with the aim of achieving evolvability and sustainability in the transformation process of knowledge graphs into human-oriented formats with broad applicability across domains and technologies. We explain the theoretical foundation and design theorems used in our solution and outline the approach and implementation details. We theoretically evaluate our solution by comparing it to the traditional approach, where the systems are crafted manually. The evaluation shows that our solution is more efficient and effective on a large scale, reducing the human labor required to maintain various templates and supported target platforms. Next, we demonstrate the technical feasibility of our solution on a proof-of-concept implementation in a domain of data management planning that may also serve as a basis for future development.

Exact Algorithms and Lowerbounds for Multiagent Path Finding: Power of Treelike Topology

Rok
2024
Publikováno
Proceedings of the 38th AAAI Conference on Artificial Intelligence. Menlo Park: AAAI Press, 2024. p. 17380-17388. ISSN 2159-5399.
Typ
Stať ve sborníku
Pracoviště
Anotace
In the Multiagent Path Finding (MAPF for short) problem, we focus on efficiently finding non-colliding paths for a set of k agents on a given graph G, where each agent seeks a path from its source vertex to a target. An important measure of the quality of the solution is the length of the proposed schedule l, that is, the length of a longest path (including the waiting time). In this work, we propose a systematic study under the parameterized complexity framework. The hardness results we provide align with many heuristics used for this problem, whose running time could potentially be improved based on our Fixed-Parameter Tractability (FPT) results. We show that MAPF is W[1]-hard with respect to k (even if k is combined with the maximum degree of the input graph). The problem remains NP-hard in planar graphs even if the maximum degree and the makespan l are fixed constants. On the positive side, we show an FPT algorithm for k+l. As we continue, the structure of G comes into play. We give an FPT algorithm for parameter k plus the diameter of the graph G. The MAPF problem is W[1]-hard for cliquewidth of G plus l while it is FPT for treewidth of G plus l.

Flexibility and rigidity of frameworks consisting of triangles and parallelograms

Autoři
Grasegger, G.; Legerský, J.
Rok
2024
Publikováno
Computational Geometry: Theory and Applications. 2024, 120 ISSN 0925-7721.
Typ
Článek
Pracoviště
Anotace
A framework, which is a (possibly infinite) graph with a realization of its vertices in the plane, is called flexible if it can be continuously deformed while preserving the edge lengths. We focus on flexibility of frameworks in which 4-cycles form parallelograms. For the class of frameworks considered in this paper (allowing triangles), we prove that the following are equivalent: flexibility, infinitesimal flexibility, the existence of at least two classes of an equivalence relation based on 3- and 4-cycles and being a non -trivial subgraph of the Cartesian product of graphs. We study the algorithmic aspects and the rotationally symmetric version of the problem. The results are illustrated on frameworks obtained from tessellations by regular polygons.

Jacobi–Lie Models and Supergravity Equations

Autoři
Hlavatý, L.; Petr, I.
Rok
2024
Publikováno
Progress of Theoretical and Experimental Physics. 2024, 2024(5), ISSN 2050-3911.
Typ
Článek
Pracoviště
Anotace
Poisson-Lie T-duality/plurality was recently generalized to Jacobi-Lie T-plurality formulated in terms of Double Field Theory and based on Leibniz algebras given by structure coefficients $f_{ab}{}^{c}, f_{c}{}^{ab},$ and $Z_a, Z^a$. We investigate three- and four-dimensional sigma models corresponding to six-dimensional Leibniz algebras with $f_b{}^{ba} \neq 0$, $Z^a=0$. We show that these algebras are plural one to another and, moreover, to an algebra with $f_b{}^{ba}= 0$, $Z^a=0$. These pluralities are used for construction of Jacobi--Lie models. It was conjectured that plural models should satisfy generalized supergravity equations. We have found examples of models satisfying ``true'' generalized supergravity equations where no trivialization to usual supergravity equations s is possible. On the other hand, we show that there are also models corresponding to algebras with $f_b{}^{ba}\neq 0$, $Z^a=0$ where the Killing vector appearing in generalized supergravity equations either vanishes or can be removed by suitable gauge transformation. Such models then satisfy usual supergravity equations, i.e. vanishing beta-function equations.

Machine Learning Metrics for Network Datasets Evaluation

Autoři
Soukup, D.; Uhříček, D.; Vašata, D.; Čejka, T.
Rok
2024
Publikováno
ICT Systems Security and Privacy Protection. Cham: Springer, 2024. p. 307-320. ISSN 1868-4238. ISBN 978-3-031-56325-6.
Typ
Stať ve sborníku
Pracoviště
Anotace
High-quality datasets are an essential requirement for leveraging machine learning (ML) in data processing and recently in network security as well. However, the quality of datasets is overlooked or underestimated very often. Having reliable metrics to measure and describe the input dataset enables the feasibility assessment of a dataset. Imperfect datasets may require optimization or updating, e.g., by including more data and merging class labels. Applying ML algorithms will not bring practical value if a dataset does not contain enough information. This work addresses the neglected topics of dataset evaluation and missing metrics. We propose three novel metrics to estimate the quality of an input dataset and help with its improvement or building a new dataset. This paper describes experiments performed on public datasets to show the benefits of the proposed metrics and theoretical definitions for more straightforward interpretation. Additionally, we have implemented and published Python code so that the metrics can be adopted by the worldwide scientific community.

NetTiSA: Extended IP flow with time-series features for universal bandwidth-constrained high-speed network traffic classification

Autoři
Rok
2024
Publikováno
Computer Networks. 2024, 240 1-22. ISSN 1389-1286.
Typ
Článek
Pracoviště
Anotace
Network traffic monitoring based on IP Flows is a standard monitoring approach that can be deployed to various network infrastructures, even the large ISP networks connecting millions of people. Since flow records traditionally contain only limited information (addresses, transport ports, and amount of exchanged data), they are also commonly extended by additional features that enable network traffic analysis with high accuracy. These flow extensions are, however, often too large or hard to compute, which then allows only offline analysis or limits their deployment only to smaller-sized networks. This paper proposes a novel extended IP flow called NetTiSA (Network Time Series Analysed) flow, based on analysing the time series of packet sizes. By thoroughly testing 25 different network traffic classification tasks, we show the broad applicability and high usability of NetTiSA flow. For practical deployment, we also consider the sizes of flows extended by NetTiSA features and evaluate the performance impacts of their computation in the flow exporter. The novel features proved to be computationally inexpensive and showed excellent discriminatory performance. The trained machine learning classifiers with proposed features mostly outperformed the state-of-the-art methods. NetTiSA finally bridges the gap and brings universal, small-sized, and computationally inexpensive features for traffic classification that can be scaled up to extensive monitoring infrastructures, bringing the machine learning traffic classification even to 100 Gbps backbone lines.

On The Challenges of Bringing Cryptography from Papers to Products: Results from an Interview Study with Experts

Autoři
Fischer, K.; Trummová, I.; Gajland, P.; Acar, Y.; Fahl, S.; Sasse, A.
Rok
2024
Publikováno
33rd USENIX Security Symposium. The USENIX Association, 2024.
Typ
Stať ve sborníku
Pracoviště
Anotace
Cryptography serves as the cornerstone of information security and privacy in modern society. While notable progress has been made in the implementation of cryptographic techniques, a substantial portion of research outputs in cryptography, which strive to offer robust security solutions, are either implemented inadequately or not at all. Our study aims to investigate the challenges involved in bringing cryptography innovations from papers to products. To address this open question, we conducted 21 semistructured interviews with cryptography experts who possess extensive experience (10+ years) in academia, industry, and nonprofit and governmental organizations. We aimed to gain insights into their experiences with deploying cryptographic research outputs, their perspectives on the process of bringing cryptography to products, and the necessary changes within the cryptography ecosystem to facilitate faster, wider, and more secure adoption. We identified several challenges including misunderstandings and miscommunication among stakeholders, unclear delineation of responsibilities, misaligned or conflicting incentives, and usability challenges when bringing cryptography from theoretical papers to end-user products. Drawing upon our findings, we provide a set of recommendations for cryptography researchers and practitioners. We encourage better supporting cross-disciplinary engagement between cryptographers, standardization organizations, and software developers for increased cryptography adoption.

Parallel CRC optimisations on the x64 architecture: a per-partes method

Rok
2024
Publikováno
International Journal of Parallel, Emergent and Distributed Systems. 2024, 39(3), 292-316. ISSN 1744-5760.
Typ
Článek
Pracoviště
Anotace
Each generation of CPU provides more resources and new features. These increase the ability to perform algorithms faster and with a higher degree of parallelism. The article discusses methods used to optimise CRC generation algorithms for long data blocks with consideration of the capabilities of contemporary systems. We analysed known software CRC algorithms and combined all known principles into a solution scalable in multiple CPU cores on single and multi-socket systems. Various algorithms were evaluated on contemporary multicore systems with 1 × 4, 1 × 64, 2 × 12, and 4 × 26 cores. The results show how the performance is affected by the architecture of the memory subsystem. Compared to the original sequential Sarwate algorithm, our algorithms are 48.0, 51.1, 38.0, and 28.8 times faster.

Parallel multithreaded deduplication of data sequences in nuclear structure calculations

Autoři
Langr, D.; Dytrych, T.
Rok
2024
Publikováno
International Journal of High Performance Computing Applications. 2024, 38(1), 5-16. ISSN 1094-3420.
Typ
Článek
Pracoviště
Anotace
High performance computing (HPC) applications that work with redundant sequences of data can benefit from their deduplication. We study this problem on the symmetry-adapted no-core shell model (SA-NCSM), where redundant sequences of different kinds naturally emerge in the data of the basis of the Hilbert space physically relevant to a modeled nucleus. For a fast solution of this problem on multicore architectures, we propose and present three multithreaded algorithms, which employ either concurrent hash tables or parallel sorting methods. Furthermore, we present evaluation and comparison of these algorithms based on experiments performed with real-world SA-NCSM calculations. The results indicate that the fastest option is to use a concurrent hash table, provided that it supports sequences of data as a type of table keys. If such a hash table is not available, the algorithm based on parallel sorting is a viable alternative.

Periodicity of general multidimensional continued fractions using repetend matrix form

Autoři
Rok
2024
Publikováno
EXPOSITIONES MATHEMATICAE. 2024, 42(3), ISSN 0723-0869.
Typ
Článek
Pracoviště
Anotace
We consider expansions of vectors by a general class of multidimensional continued fraction algorithms. If the expansion is eventually periodic, then we describe the possible structure of a matrix corresponding to the repetend and use it to prove that a number of vectors have an eventually periodic expansion in the Algebraic Jacobi–Perron algorithm. Further, we give criteria for vectors to have purely periodic expansions; in particular, the vector cannot be totally positive.

Recommendations with minimum exposure guarantees: A post-processing framework

Autoři
Lopes, R.; da Silva Alves, R.; Ledent, A.; Santos, R.L.T.; Kloft, M.
Rok
2024
Publikováno
Expert Systems with Applications. 2024, 236 1-9. ISSN 1873-6793.
Typ
Článek
Pracoviště
Anotace
Relevance-based ranking is a popular ingredient in recommenders, but it frequently struggles to meet fairness criteria because social and cultural norms may favor some item groups over others. For instance, some items might receive lower ratings due to some sort of bias (e.g. gender bias). A fair ranking should balance the exposure of items from advantaged and disadvantaged groups. To this end, we propose a novel post-processing framework to produce fair, exposure-aware recommendations. Our approach is based on an integer linear programming model maximizing the expected utility while satisfying a minimum exposure constraint. The model has fewer variables than previous work and thus can be deployed to larger datasets and allows the organization to define a minimum level of exposure for groups of items. We conduct an extensive empirical evaluation indicating that our new framework can increase the exposure of items from disadvantaged groups at a small cost of recommendation accuracy

Semantic Analysis of API Blueprint and OpenAPI Specification

Autoři
Jíša, N.; Pergl, R.
Rok
2024
Publikováno
Information Systems and Technologies WorldCIST 2024. Springer, Cham, 2024. p. 172-181. ISSN 2367-3389.
Typ
Stať ve sborníku
Pracoviště
Anotace
This paper presents a comparative semantic analysis of API Blueprint and OpenAPI Specification, two widely used API description languages. It explores their structural and semantic differences, providing insights into their unique features and capabilities. A significant focus is placed on developing a robust method to convert API blueprint documents into OpenAPI format. This conversion blueprint is designed to maintain the semantic integrity of the original documents, and its referential implementation is provided as well. The study offers contributions to the field of REST API development, particularly for developers and organizations seeking to transition between these specifications without losing the essence of their REST API documentation.

Single-Trace Side-Channel Attacks on NTRU Implementation

Autoři
Rabas, T.; Buček, J.; Lórencz, R.
Rok
2024
Publikováno
SN Computer Science. 2024, 5(2), 1-11. ISSN 2662-995X.
Typ
Článek
Pracoviště
Anotace
Most of the currently used cryptosystems are not secure in the presence of cryptographically relevant quantum computers. As the research in quantum technologies proceeds, a need for quantum-safe cryptography is imminent. NTRU is a post-quantum public-key cryptosystem based on lattices and was a finalist in the 3rd round of the post-quantum standardization process organized by the National Institute of Standards and Technology (NIST). This paper aims to study the implementation security of the cryptosystem with respect to an attacker with access to power leakage. Such a threat model is relevant especially, but not only, for embedded devices. We studied a countermeasure implementation of the NTRU decryption algorithm from An et al. (Appl Sci https://doi.org/10.3390/app8112014 , 2018) that claimed its security against power attacks. This paper revisits an attack presented in as reported by Rabas (In: Proceedings of the9th International Conference on Information Systems Security and Privacy,ICISSP 2023, Lisbon, 2023) that shows it is in fact vulnerable even in the case of just a single trace available to the enemy for extracting the key. We then describe a new profiling template attack on the implementation and show experimental results of the attack using the same datasets, resulting in a comparison of these two methods and further confirmation of the vulnerability of the algorithm even to generic profiling attacks. Several possible types of countermeasures are discussed.

The Complexity of Fair Division of Indivisible Items with Externalities

Autoři
Deligkas, A.; Eiben, E.; Korchemna, V.; Schierreich, Š.
Rok
2024
Publikováno
Proceedings of the 38th AAAI Conference on Artificial Intelligence. Menlo Park: AAAI Press, 2024. p. 9653-9661. ISSN 2159-5399.
Typ
Stať ve sborníku
Pracoviště
Anotace
We study the computational complexity of fairly allocating a set of indivisible items under externalities. In this recently-proposed setting, in addition to the utility the agent gets from their bundle, they also receive utility from items allocated to other agents. We focus on the extended definitions of envy-freeness up to one item (EF1) and of envy-freeness up to any item (EFX), and we provide the landscape of their complexity for several different scenarios. We prove that it is NP-complete to decide whether there exists an EFX allocation, even when there are only three agents, or even when there are only six different values for the items. We complement these negative results by showing that when both the number of agents and the number of different values for items are bounded by a parameter the problem becomes fixed-parameter tractable. Furthermore, we prove that two-valued and binary-valued instances are equivalent and that EFX and EF1 allocations coincide for this class of instances. Finally, motivated from real-life scenarios, we focus on a class of structured valuation functions, which we term agent/item-correlated. We prove their equivalence to the "standard" setting without externalities. Therefore, all previous results for EF1 and EFX apply immediately for these valuations.

Filtr

Za obsah stránky zodpovídá: doc. Ing. Štěpán Starosta, Ph.D.