Biblio

Deep learning is a highly effective machine learning technique for large-scale problems. The optimization of nonconvex functions in deep learning literature is typically restricted to the class of first-order algorithms. These methods rely on gradient information because of the computational complexity associated with the second derivative Hessian matrix inversion and the memory storage required in large scale data problems. The reward for using second derivative information is that the methods can result in improved convergence properties for problems typically found in a non-convex setting such as saddle points and local minima. In this paper we introduce TRMinATR - an algorithm based on the limited memory BFGS quasi-Newton method using trust region - as an alternative to gradient descent methods. TRMinATR bridges the disparity between first order methods and second order methods by continuing to use gradient information to calculate Hessian approximations. We provide empirical results on the classification task of the MNIST dataset and show robust convergence with preferred generalization characteristics.

Sequential recommendation algorithms aim to predict users' future behavior given their historical interactions. A recent line of work has achieved state-of-the-art performance on sequential recommendation tasks by adapting ideas from metric learning and knowledge-graph completion. These algorithms replace inner products with low-dimensional embeddings and distance functions, employing a simple translation dynamic to model user behavior over time. In this paper, we propose TransFM, a model that combines translation and metric-based approaches for sequential recommendation with Factorization Machines (FMs). Doing so allows us to reap the benefits of FMs (in particular, the ability to straightforwardly incorporate content-based features), while enhancing the state-of-the-art performance of translation-based models in sequential settings. Specifically, we learn an embedding and translation space for each feature dimension, replacing the inner product with the squared Euclidean distance to measure the interaction strength between features. Like FMs, we show that the model equation for TransFM can be computed in linear time and optimized using classical techniques. As TransFM operates on arbitrary feature vectors, additional content information can be easily incorporated without significant changes to the model itself. Empirically, the performance of TransFM significantly increases when taking content features into account, outperforming state-of-the-art models on sequential recommendation tasks for a wide variety of datasets.

Software Defined Networking (SDN), and its popular implementation OpenFlow, represent the foundation for the design and implementation of modern networks. The essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. Such applications, implemented with the usage of OpenFlow rules, are already integral components of widely used SDN controllers such as Floodlight or OpenDayLight. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this paper we introduce a new attack vector on SDN by showing how the detailed composition of flow rules can be reconstructed by network users without any prior knowledge of the SDN controller or its architecture. To our best knowledge, in SDN, such reconnaissance techniques have not been considered so far. We introduce SDNMap, an open-source scanner that is able to accurately reconstruct the detailed composition of flow rules by performing active probing and listening to the network traffic. We demonstrate in a number of real-world SDN applications that this ability provides adversaries with a significant attack advantage and discuss ways to prevent the introduced reconnaissance techniques. Our SDNMap scanner is able to reconstruct flow rules between network endpoints with an accuracy of over 96%.

The essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. Such applications, implemented with the usage of OpenFlow rules, are already integral components of widely used SDN controllers such as Floodlight or OpenDayLight. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this demo [4, 5] we present our open-source scanner SDNMap and demonstrate the findings discussed in the paper "Adversarial Network Forensics in Software Defined Networking" [6]. On two real world examples, Floodlight's Access Control Lists (ACL) and Floodlight's Load Balancer (LBaaS), we show that severe security issues arise with the ability to reconstruct the details of OpenFlow rules on the data-plane.

Summary form only given. All-optical switching (AOS) has been observed in ferromagnetic (FM) layers and synthetic ferrimagnetic heterostructures [1-4]. In this work, we use anomalous Hall effect (AHE) measurements to demonstrate controlled helicity-dependent switching in synthetic ferrimagnetic heterostructures. The two FM layers are engineered to have different Curie temperatures Tc1 (fixed) and Tc2 (variable). We show that irrespective of whether Tc2 is higher or lower than Tc1, the final magnetic configuration of the heterostructure is controlled by using the laser polarization to set the magnetic state of the FM layer with the highest Tc. All samples were grown on glass substrates at room temperature by DC magnetron sputtering. Two sets of samples were prepared. The first set are single FM layers with layer composition Ta (3 nm)/Pt (4 nm)/FM1(2)/Pt capping (4 nm), where FM1 = Co (0.6 nm) is a Co layer and FM2 = CoFeB (tCoFeB)/Pt(0.4 nm)/ CoFeB (tCoFeB) (0.2 ≤ tCoFeB ≤ 0.6 nm) is a composite CoFeB layer where both CoFeB layers are ferromagnetically coupled and act as a single layer. FM1 and FM2 were used to produce the second set of synthetic ferrimagnetic samples with layer structure Ta (3 nm)/Pt (4 nm)/FM1/Pt (0.4 nm)/Ru (0.9 nm)/Pt (0.4 nm)/FM2/Pt capping (4 nm). The Ru layer provides the antiferromagnetic RKKY interlayer exchange coupling between the adjacent FM1 and FM2 layers while the Pt layers on either side of the Ru layer can tune the strength of the coupling and stabilize their perpendicular anisotropy [5]. To study the AOS, we use a Ti: sapphire fs-laser with a wavelength of 800 nm and a pulse duration of 43 fs. A quarter-wave plate is used to create a circularly polarized [right(σ+) and left-handed (σ-)] beam. We first measured the magnetic properties of the FM1 and FM2 layers using vibrating sample magnetometry (VSM). All FM samples show full remanence in perpendicular hyst- resis loops at room temperature (not shown). The temperature-dependent magnetization scans (not shown) give a Curie temperature Tc1 of 524 K for FM1. For FM2, increasing tCoFeB increases its Curie temperatureTc2. At tCoFeB = 0.5 nm, Tc2 - Tc1. Hall crosses are patterned by optical lithography and ion milling. The width of the current carrying wire is - 5 um, giving a DC current density of - 6 x 109 A/m2 during the measurement. Figure 1(a) shows the resulting perpendicular Hall hysteresis loop of the synthetic ferrimagnetic sample with tCoFeB = 0.2 nm. At remanence, the stable magnetic configurations are the two antiparallel orientations of FM1 and FM2 [State I and II in Fig. 1(a)]. To study the AOS, we swept the laser beam with a power of 0.45 mW and a speed of 1 μm/sec across the Hall cross, and the corresponding Hall voltage was constantly monitored. In Fig. 1(b), we show the normalized Hall voltage, VHall, as a function of the laser beam position x for both beam polarizations σ+ and σ-. The initial magnetic configuration was State I. When the beam is at the center of the cross (position B), both beam polarizations give VHall - 0. As the beam leaves the cross (position C), the σbeam changes the magnetic configurations from State I to State II (FM1 magnetization pointing down), while the system reverts to State I using the σ+ beam. Changing the initial configuration from State I to State II results in the same final magnetic configurations, determined by the laser beam polarizations (not shown). Similar results (not shown) were obtained for samples with tCoFeB ≤ 0.4 nm. However, at tCoFeB = 0.6 nm, the σbeam results in the final magnetic configurations with FM2 magnetization pointing down (State I) and the σ+ beam results in the State II configuration, suggesting that the final state is determined by the beam polar

As Internet of Things (IoT) devices become more and more prevalent, it is important for research to be done around the security and integrity of them. By doing so, consumers can make well-informed choices about the smart devices that they purchase. This poster presents information about how three different IoT-specific malware variants operate and impact newly connected devices.

In the 21st century, each country must make decisions on how to utilize modern technologies to maximize benefits and minimize repercussions. For example, the United States Department of Defense (DoD) needs to be able to share information efficiently with its allies while simultaneously preventing unwarranted access or attacks. These attacks pose a threat to the national security of the United States, but proper use of the cyberspace provides countless benefits. The aim of this paper is to explore Identity and Access Management (IdAM) technologies that the Department of Defense can use in joint operations with allies that will allow efficient information-sharing and enhance security. To this end, we have created a methodology and a model for evaluating Identity and Access Management technologies that the Department of Defense can use in joint operations with other nations, with a specific focus on Japan and Australia. To evaluate these systems, we employed an approach that incorporates Political, Operational, Economic and Technical (POET) factors. Governance protocols, technological solutions, and political factors were first thoroughly reviewed and then used to construct an evaluation model to formally assess Identity and Access Management alternatives. This model provides systematic guidance on how the Department of Defense can improve their use of Identity and Access Management systems in the future.

Thumbnail preserving encryption (TPE) was suggested by Wright et al. [Information Hiding & Multimedia Security Workshop 2015] as a way to balance privacy and usability for online image sharing. The idea is to encrypt a plaintext image into a ciphertext image that has roughly the same thumbnail as well as retaining the original image format. At the same time, TPE allows users to take advantage of much of the functionality of online photo management tools, while still providing some level of privacy against the service provider. In this work we present two new approximate TPE encryption schemes. In our schemes, ciphertexts and plaintexts have perceptually similar, but not identical, thumbnails. Our constructions are the first TPE schemes designed to work well with JPEG compression. In addition, we show that they also have provable security guarantees that characterize precisely what information about the plaintext is leaked by the ciphertext image. We empirically evaluate our schemes according to the similarity of plaintext & ciphertext thumbnails, increase in file size under JPEG compression, preservation of perceptual image hashes, among other aspects. We also show how approximate TPE can be an effective tool to thwart inference attacks by machine-learning image classifiers, which have shown to be effective against other image obfuscation techniques.

Data tampering threatens data integrity in emerging non-volatile memories (NVMs). Whereas Merkle Tree (MT) memory authentication is effective in thwarting data tampering attacks, it drastically increases cell writes and memory accesses, adversely impacting NVM energy, lifetime, and system performance (instructions per cycle (IPC)). We propose ASSURE, a low overhead, high performance Authentication Scheme for SecURE energy efficient (ASSURE) NVMs. ASSURE synergistically integrates (i) smart message authentication codes (SMACs), which eliminate redundant cell writes by enabling MAC computation of only modified words on memory writes, with (ii) multi-root MTs (MMTs), which reduce MT reads/writes by constructing either high performance static MMTs (SMMTs) or low overhead dynamic MMTs (DMMTs) over frequently accessed memory regions. Our full-system simulations of the SPEC CPU2006 benchmarks on a triple-level cell (TLC) resistive RAM (RRAM) architecture show that on average, SMMT ASSURE (DMMT ASSURE) reduces NVM energy by 59% (55%), increases memory lifetime by 2.36x (2.11x), and improves IPC by 11% (10%), over state-of-the-art MT memory authentication.

Smart Grids (SGs) are Critical Infrastructures (CI), which are responsible for controlling and maintaining the distribution of electricity. To manage this task, modern SGs integrate an Information and Communication Infrastructure (ICT) beside the electrical power grid. Aside from the benefits derived from the increasing control and management capabilities offered by the ICT, unfortunately the introduction of this cyber layer provides an attractive attack surface for hackers. As a consequence, security becomes a fundamental prerequisite to be fulfilled. In this context, the adoption of Systems Engineering (SE) tools combined with Modeling and Simulation (M&S) techniques represent a promising solution to support the evaluation process of a SG during early design stages. In particular, the paper investigates on the identification, modeling and assessment of attacks in SG environments, by proposing a model for representing attack scenarios as a combination of attack types, attack schema and their temporal occurrence. Simulation techniques are exploited to enable the execution of such attack combinations in the SG domain. Specifically, a simulator, which allows to assess the SG behaviour to identify possible flaws and provide preventive actions before its realization, is developed on the basis of the proposed model and exemplified through a case study.

Recent increases in the field of infrastructure has led to the emerging of cloud computing a virtualized computing platform. This technology provides a lot of pros like rapid elasticity, ubiquitous network access and on-demand access etc. Compare to other technologies cloud computing provides many essential services. As the elasticity and scalability increases the chance for vulnerability of the system is also high. There are many known and unknown security risks and challenges present in this environment. In this research an environment is proposed which can handle security issues and deploys various security levels. The system handles the security of various infrastructure like VM and also handles the Dynamic infrastructure request control. One of the key feature of proposed approach is Dual authorization in which all account related data will be authorized by two privileged administrators of the cloud. The auto scalability feature of the cloud is be made secure for on-demand service request handling by providing an on-demand scheduler who will process the on-demand request and assign the required infrastructure. Combining these two approaches provides a secure environment for cloud users as well as handle On-demand Infrastructure request.

Software-defined networks provide new facilities for deploying security mechanisms dynamically. In particular, it is possible to build and adjust security chains to protect the infrastructures, by combining different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. It is important to ensure that these security chains, in view of their complexity and dynamics, are consistent and do not include security violations. We propose in this paper an automated strategy for supporting the verification of security chains in software-defined networks. It relies on an architecture integrating formal verification methods for checking both the control and data planes of these chains, before their deployment. We describe algorithms for translating specifications of security chains into formal models that can then be verified by SMT1 solving or model checking. Our solution is prototyped as a package, named Synaptic, built as an extension of the Frenetic family of SDN programming languages. The performances of our approach are evaluated through extensive experimentations based on the CVC4, veriT, and nuXmv checkers.

The process of digitalisation has an advanced impact on social lives, state affairs, and the industrial automation domain. Ubiquitous networks and the increased requirements in terms of Quality of Service (QoS) create the demand for future-proof network management. Therefore, new technological approaches, such as Software-Defined Networks (SDN) or the 5G Network Slicing concept, are considered. However, the important topic of cyber security has mainly been ignored in the past. Recently, this topic has gained a lot of attention due to frequently reported security related incidents, such as industrial espionage, or production system manipulations. Hence, this work proposes a concept for adding cyber security requirements to future network management paradigms. For this purpose, various security related standards and guidelines are available. However, these approaches are mainly static, require a high amount of manual efforts by experts, and need to be performed in a steady manner. Therefore, the proposed solution contains a dynamic, machine-readable, automatic, continuous, and future-proof approach to model and describe cyber security QoS requirements for the next generation network management.

The process of digitalisation has an advanced impact on social lives, state affairs, and the industrial automation domain. Ubiquitous networks and the increased requirements in terms of Quality of Service (QoS) create the demand for future-proof network management. Therefore, new technological approaches, such as Software-Defined Networks (SDN) or the 5G Network Slicing concept, are considered. However, the important topic of cyber security has mainly been ignored in the past. Recently, this topic has gained a lot of attention due to frequently reported security related incidents, such as industrial espionage, or production system manipulations. Hence, this work proposes a concept for adding cyber security requirements to future network management paradigms. For this purpose, various security related standards and guidelines are available. However, these approaches are mainly static, require a high amount of manual efforts by experts, and need to be performed in a steady manner. Therefore, the proposed solution contains a dynamic, machine-readable, automatic, continuous, and future-proof approach to model and describe cyber security QoS requirements for the next generation network management.

Cloud computing has become an irreversible trend. Together comes the pressing need for verifiability, to assure the client the correctness of computation outsourced to the cloud. Existing verifiable computation techniques all have a high overhead, thus if being deployed in the clouds, would render cloud computing more expensive than the on-premises counterpart. To achieve verifiability at a reasonable cost, we leverage game theory and propose a smart contract based solution. In a nutshell, a client lets two clouds compute the same task, and uses smart contracts to stimulate tension, betrayal and distrust between the clouds, so that rational clouds will not collude and cheat. In the absence of collusion, verification of correctness can be done easily by crosschecking the results from the two clouds. We provide a formal analysis of the games induced by the contracts, and prove that the contracts will be effective under certain reasonable assumptions. By resorting to game theory and smart contracts, we are able to avoid heavy cryptographic protocols. The client only needs to pay two clouds to compute in the clear, and a small transaction fee to use the smart contracts. We also conducted a feasibility study that involves implementing the contracts in Solidity and running them on the official Ethereum network.

Neural networks (NNs) are currently a very popular topic in machine learning for both research and practice. GPUs are the dominant computing platform for research efforts and are also gaining popularity as a deployment platform for applications such as autonomous vehicles. As a result, GPU vendors such as NVIDIA have spent enormous effort to write special-purpose NN libraries. On other hardware targets, especially mobile GPUs, such vendor libraries are not generally available. Thus, the development of portable, open, high-performance, energy-efficient GPU code for NN operations would enable broader deployment of NN-based algorithms. A root problem is that high efficiency GPU programming suffers from high complexity, low productivity, and low portability. To address this, this work presents a framework to enable productive, high-efficiency GPU programming for NN computations across hardware platforms and programming models. In particular, the framework provides specific support for metaprogramming and autotuning of operations over ND-Arrays. To show the correctness and value of our framework and approach, we implement a selection of NN operations, covering the core operations needed for deploying three common image-processing neural networks. We target three different hardware platforms: NVIDIA, AMD, and Qualcomm GPUs. On NVIDIA GPUs, we show both portability between OpenCL and CUDA as well competitive performance compared to the vendor library. On Qualcomm GPUs, we show that our framework enables productive development of target-specific optimizations, and achieves reasonable absolute performance. Finally, On AMD GPUs, we show initial results that indicate our framework can yield reasonable performance on a new platform with minimal effort.

Bitcoin owes its success to the fact that transactions are transparently recorded in the blockchain, a global public ledger that removes the need for trusted parties. Unfortunately, recording every transaction in the blockchain causes privacy, latency, and scalability issues. Building on recent proposals for "micropayment channels" — two party associations that use the ledger only for dispute resolution — we introduce techniques for constructing anonymous payment channels. Our proposals allow for secure, instantaneous and private payments that substantially reduce the storage burden on the payment network. Specifically, we introduce three channel proposals, including a technique that allows payments via untrusted intermediaries. We build a concrete implementation of our scheme and show that it can be deployed via a soft fork to existing anonymous currencies such as ZCash.

The coming generation of Internet-of-Things (IoT) applications will process massive amounts of incoming data while supporting data mining and online learning. In cases with demanding real-time requirements, such systems behave as smart memories: a high-bandwidth service that captures sensor input, processes it using machine-learning tools, replicates and stores "interesting" data (discarding uninteresting content), updates knowledge models, and triggers urgently-needed responses. Derecho is a high-throughput library for building smart memories and similar services. At its core Derecho implements atomic multicast (Vertical Paxos) and state machine replication (the classic durable Paxos). Derecho's replicated\textbackslashtextlessT\textbackslashtextgreater template defines a replicated type; the corresponding objects are associated with subgroups, which can be sharded into key-value structures. The persistent\textbackslashtextlessT\textbackslashtextgreater and volatile\textbackslashtextlessT\textbackslashtextgreater storage templates implement version vectors with optional NVM persistence. These support time-indexed access, offering lock-free snapshot isolation that blends temporal precision and causal consistency. Derecho automates application management, supporting multigroup structures and providing consistent knowledge of the current membership mapping. A query can access data from many shards or subgroups, and consistency is guaranteed without any form of distributed locking. Whereas many systems run consensus on the critical path, Derecho requires consensus only when updating membership. By leveraging an RDMA data plane and NVM storage, and adopting a novel receiver-side batching technique, Derecho can saturate a 12.5GB RDMA network, sending millions of events per second in each subgroup or shard. In a single subgroup with 2–16 members, through-put peaks at 16 GB/s for large (100MB or more) objects. While key-value subgroups would typically use 2 or 3-member shards, unsharded subgroups could be large. In tests with a 128-member group, Derecho's multicast and Paxos protocols were just 3–5x slower than for a small group, depending on the traffic pattern. With network contention, slow members, or overlapping groups that generate concurrent traffic, Derecho's protocols remain stable and adapt to the available bandwidth.

Multiple transmit and receive antennas can be used to increase the number of independent streams between a transmitter-receiver pair, or to improve the interference resilience property with the help of linear minimum mean squared error (MMSE) receivers. An interference aware inter-cell rank coordination framework for the future fifth generation wireless system is proposed in this article. The proposal utilizes results from random matrix theory to estimate the mean signal-to-interference-plus-noise ratio at the MMSE receiver. In addition, a game-theoretic interference pricing measure is introduced as an inter-cell interference management mechanism to balance the spatial multiplexing vs. interference resilience trade-off. Exhaustive Monte Carlo simulations results demonstrating the performance of the proposed algorithm indicate a gain of around 40% over conventional non interference-aware schemes; and within around 6% of the optimum performance obtained using a brute-force exhaustive search algorithm.

Efficient trust management between nodes in a huge network is an essential requirement in modern networks. This work shows few generic primitive protocols for creating a trusted link between nodes by deploying unclonable physical tokens as Secret Unknown Ciphers. The proposed algorithms are making use of the clone-resistant physical identity of each participating node. Several generic node authentication protocols are presented. An intermediate node is shown to be usable as a mediator to build trust without having influence on the resulting security chain. The physical clone-resistant identities are using our early concept of Secret Unknown Cipher (SUC) technique. The main target of this work is to show the particular and efficient trust-chaining in large networks when SUC techniques are involved.

This paper provides a systematization of knowledge in the domain of integrated circuit protection through obfuscation with a focus on the recent Boolean satisfiability (SAT) attacks. The study systematically combines real-world IC reverse engineering reports, experimental results using the most recent oracle-guided attacks, and concepts in machine-learning and cryptography to draw a map of the state-of-the-art of IC obfuscation and future challenges and opportunities.

Differential privacy has emerged as a promising mechanism for privacy-safe data mining. One popular differential privacy mechanism allows researchers to pose queries over a dataset, and adds random noise to all output points to protect privacy. While differential privacy produces useful data in many scenarios, added noise may jeopardize utility for queries posed over small populations or over long-tailed datasets. Gehrke et al. proposed crowd-blending privacy, with random noise added only to those output points where fewer than k individuals (a configurable parameter) contribute to the point in the same manner. This approach has a lower privacy guarantee, but preserves more research utility than differential privacy. We propose an even more liberal privacy goal—commoner privacy—which fuzzes (omits, aggregates or adds noise to) only those output points where an individual's contribution to this point is an outlier. By hiding outliers, our mechanism hides the presence or absence of an individual in a dataset. We propose one mechanism that achieves commoner privacy—interactive k-anonymity. We also discuss query composition and show how we can guarantee privacy via either a pre-sampling step or via query introspection. We implement interactive k-anonymity and query introspection in a system called Patrol for network trace processing. Our evaluation shows that commoner privacy prevents common attacks while preserving orders of magnitude higher research utility than differential privacy, and at least 9-49 times the utility of crowd-blending privacy.

Permissionless blockchains protocols such as Bitcoin are inherently limited in transaction throughput and latency. Current efforts to address this key issue focus on off-chain payment channels that can be combined in a Payment-Channel Network (PCN) to enable an unlimited number of payments without requiring to access the blockchain other than to register the initial and final capacity of each channel. While this approach paves the way for low latency and high throughput of payments, its deployment in practice raises several privacy concerns as well as technical challenges related to the inherently concurrent nature of payments that have not been sufficiently studied so far. In this work, we lay the foundations for privacy and concurrency in PCNs, presenting a formal definition in the Universal Composability framework as well as practical and provably secure solutions. In particular, we present Fulgor and Rayo. Fulgor is the first payment protocol for PCNs that provides provable privacy guarantees for PCNs and is fully compatible with the Bitcoin scripting system. However, Fulgor is a blocking protocol and therefore prone to deadlocks of concurrent payments as in currently available PCNs. Instead, Rayo is the first protocol for PCNs that enforces non-blocking progress (i.e., at least one of the concurrent payments terminates). We show through a new impossibility result that non-blocking progress necessarily comes at the cost of weaker privacy. At the core of Fulgor and Rayo is Multi-Hop HTLC, a new smart contract, compatible with the Bitcoin scripting system, that provides conditional payments while reducing running time and communication overhead with respect to previous approaches. Our performance evaluation of Fulgor and Rayo shows that a payment with 10 intermediate users takes as few as 5 seconds, thereby demonstrating their feasibility to be deployed in practice.

The following is a research conducted on the Dark Web to study and identify the ins and outs of the dark web, what the dark web is all about, the various methods available to access the dark web and many others. The researchers have also included the steps and precautions taken before the dark web was opened. Apart from that, the findings and the website links / URL are also included along with a description of the sites. The primary usage of the dark web and some of the researcher's experience has been further documented in this research paper.