Zero-day malware detection based on supervised learning algorithms of API call signatures

Zero-day or unknown malware are created using code obfuscation techniques that can modify the parent code to produce offspring copies which have the same functionality but with different signatures. Current techniques reported in literature lack the capability of detecting zero-day malware with the required accuracy and efficiency. In this paper, we have proposed and evaluated a novel method of employing several data mining techniques to detect and classify zero-day malware with high levels of accuracy and efficiency based on the frequency of Windows API calls. This paper describes the methodology employed for the collection of large data sets to train the classifiers, and analyses the performance results of the various data mining algorithms adopted for the study using a fully automated tool developed in this research to conduct the various experimental investigations and evaluation. Through the performance results of these algorithms from our experimental analysis, we are able to evaluate and discuss the advantages of one data mining algorithm over the other for accurately detecting zero-day malware successfully. The data mining framework employed in this research learns through analysing the behavior of existing malicious and benign codes in large datasets. We have employed robust classifiers, namely Naïve Bayes (NB) Algorithm, k−Nearest Neighbor (kNN) Algorithm, Sequential Minimal Optimization (SMO) Algorithm with 4 differents kernels (SMO - Normalized PolyKernel, SMO – PolyKernel, SMO – Puk, and SMO- Radial Basis Function (RBF)), Backpropagation Neural Networks Algorithm, and J48 decision tree and have evaluated their performance. Overall, the automated data mining system implemented for this study has achieved high true positive (TP) rate of more than 98.5%, and low false positive (FP) rate of less than 0.025, which has not been achieved in literature so far. This is much higher than the required commercial acceptance level indicating that our novel technique is a major leap forward in detecting zero-day malware. This paper also offers future directions for researchers in exploring different aspects of obfuscations that are affecting the IT world today.

Separation of Doppler radar-based respiratory signatures

Respiration detection using microwave Doppler radar has attracted significant interest primarily due to its unobtrusive form of measurement. With less preparation in comparison with attaching physical sensors on the body or wearing special clothing, Doppler radar for respiration detection and monitoring is particularly useful for long-term monitoring applications such as sleep studies (i.e. sleep apnoea, SIDS). However, motion artefacts and interference from multiple sources limit the widespread use and the scope of potential applications of this technique. Utilising the recent advances in independent component analysis (ICA) and multiple antenna configuration schemes, this work investigates the feasibility of decomposing respiratory signatures into each subject from the Doppler-based measurements. Experimental results demonstrated that FastICA is capable of separating two distinct respiratory signatures from two subjects adjacent to each other even in the presence of apnoea. In each test scenario, the separated respiratory patterns correlate closely to the reference respiration strap readings. The effectiveness of FastICA in dealing with the mixed Doppler radar respiration signals confirms its applicability in healthcare applications, especially in long-term home-based monitoring as it usually involves at least two people in the same environment (i.e. two people sleeping next to each other). Further, the use of FastICA to separate involuntary movements such as the arm swing from the respiratory signatures of a single subject was explored in a multiple antenna environment. The separated respiratory signal indeed demonstrated a high correlation with the measurements made by a respiratory strap used currently in clinical settings.

Examining the development of the Victorian Certificate of Applied Learning and its implications for schools and teacher education in Australia

The Victorian Certificate of Applied Learning (VCAL) is a very successful senior secondary school qualification introduced in the Australian state of Victoria in 2002. Applied learning in the VCAL engages senior students in a combination of work-based learning, service-learning, and project-based learning and aims to provide them with the skills, knowledge, and attitudes to make informed choices regarding pathways to work and further education. The program has enjoyed rapid growth and its system-wide adoption by Victorian secondary schools, Technical and Further Education (TAFE) institutions, Registered Training Organizations (RTOs), and Adult and Community Education (ACE) providers has broadened significantly the range of senior schooling pathway options for young people. This paper will examine reasons for developing an applied learning senior secondary certificate and its rapid growth in Victoria since 2002. The authors draw on a number of case studies to profile the unique nature of applied learning in the VCAL, including its dimensions of service learning, work-based learning, and project-based learning. These case studies are also used to discuss a number of implications that have emerged from the use of applied learning in the VCAL, including approaches to teaching and assessment that will support applied learning and the development of new partnerships between VCAL providers and community partners. Finally, the paper considers significant implications the VCAL has created for teacher education in Victoria by discussing the new Graduate Diploma of Education (Applied Learning) developed by Deakin University.

Hub-based reliable gene expression algorithm to classify ER+ and ER- breast cancer subtypes

Identifying gene signatures that are associatedwith the estrogen receptor based breast cancer samples is achallenging problem that has significant implications in breastcancer diagnosis and treatment. Various existing approaches foridentifying gene signatures have been developed but are not ableto achieve the satisfactory results because of their severallimitations. Subnetwork-based approaches have shown to be arobust classification method that uses interaction datasets suchas protein-protein interaction datasets. It has been reported thatthese interaction datasets contain many irrelevant interactionsthat have no biological meaning associated with them, and thusit is essential to filter out those interactions which can improvethe classification results. In this paper, we therefore, proposed ahub-based reliable gene expression algorithm (HRGE) thateffectively extracts the significant biologically-relevantinteractions and uses hub-gene topology to generate thesubnetwork based gene signatures for ER+ and ER- breastcancer subtypes. The proposed approach shows the superiorclassification accuracy amongst the other existing classifiers, inthe validation dataset.

Efficient and short certificateless signatures secure against realistic adversaries

The notion of certificateless cryptography is aimed to eliminate the use of certificates in traditional public key cryptography and also to solve the key-escrow problem in identity-based cryptography. Many kinds of security models have been designed for certificateless cryptography and many new schemes have been introduced based on the correspondence of the security models. In generally speaking, a stronger security model can ensure a certificateless cryptosystem with a higher security level, but a realistic model can lead to a more efficient scheme. In this paper, we focus on the efficiency of a certificateless signature (CLS) scheme and introduce an efficient CLS scheme with short signature size. On one hand, the security of the scheme is based on a realistic model. In this model, an adversary is not allowed to get any valid signature under false public keys. On the other hand, our scheme is as efficient as BLS short signature scheme in both communication and computation and, therefore, turns out to be more efficient than other CLS schemes proposed so far. We provide a rigorous security proof of our scheme in the random oracle model. The security of our scheme is based on the k-CAA hard problem and a new discovered hard problem, namely the modified k-CAA problem. Our scheme can be applied to systems where signatures are typed in by human or systems with low-bandwidth channels and/or low-computation power.

Forgeability of Wang-Zhu-Feng-Yau’s attribute-based signature with policy-and-endorsement mechanism

Recently, Wang et al. presented a new construction of attribute-based signature with policy-and-endorsement mechanism. The existential unforgeability of their scheme was claimed to be based on the strong Diffie-Hellman assumption in the random oracle model. Unfortunately, by carefully revisiting the design and security proof of Wang et al.’s scheme, we show that their scheme cannot provide unforgeability, namely, a forger, whose attributes do not satisfy a given signing predicate, can also generate valid signatures. We also point out the flaws in Wang et al.’s proof.

RRHGE: a novel approach to classify the estrogen receptor based breast cancer subtypes

Breast cancer is the most common type of cancer among females with a high mortality rate. It is essential to classify the estrogen receptor based breast cancer subtypes into correct subclasses, so that the right treatments can be applied to lower the mortality rate. Using gene signatures derived from gene interaction networks to classify breast cancers has proven to be more reproducible and can achieve higher classification performance. However, the interactions in the gene interaction network usually contain many false-positive interactions that do not have any biological meanings. Therefore, it is a challenge to incorporate the reliability assessment of interactions when deriving gene signatures from gene interaction networks. How to effectively extract gene signatures from available resources is critical to the success of cancer classification.

IPA: Integrated predictive gene signature from gene expression based breast cancer patient samples

Background: Novel predictive markers are needed to accurately diagnose the breast cancer patients so they do not need to undergo any unnecessary aggressive therapies. Various gene expression studies based predictive gene signatureshave generated in the recent past to predict the binary estrogen-receptor subclass or to predict the therapy response subclass. However, the existing algorithms comes with many limitations, including low predictive performances over multiple cohorts of patients and non-significant or limited biological roles associated with thepredictive gene signatures. Therefore, the aim of this study is to develop novel predictive markers with improved performances.Methods: We propose a novel prediction algorithm called IPA to construct a predictive gene signature for performing multiple prediction tasks of predicting estrogen-receptor based binary subclass and predicting chemotherapy response (neoadjuvantly) based binary subclass. The constructed gene signature with considering multiple classification techniques was used to evaluate the algorithm performance on multiple cohorts of breast cancer patients.Results: The evaluation on multiple validation cohorts demonstrated that proposed algorithm achieved stable and high performance to perform prediction tasks, with consideration given to any classification techniques. We show that the predictive gene signature of our proposed algorithm reflects the mechanisms underlying the estrogen-receptors or response to therapy with significant greater biological interpretations, compared with the other existing algorithm.

Obtain confidentiality or/and authenticity in Big Data by ID-based generalized signcryption

Recently, the Big Data paradigm has received considerable attention since it gives a great opportunity to mine knowledge from massive amounts of data. However, the new mined knowledge will be useless if data is fake, or sometimes the massive amounts of data cannot be collected due to the worry on the abuse of data. This situation asks for new security solutions. On the other hand, the biggest feature of Big Data is "massive", which requires that any security solution for Big Data should be "efficient". In this paper, we propose a new identity-based generalized signcryption scheme to solve the above problems. In particular, it has the following two properties to fit the efficiency requirement. (1) It can work as an encryption scheme, a signature scheme or a signcryption scheme as per need. (2) It does not have the heavy burden on the complicated certificate management as the traditional cryptographic schemes. Furthermore, our proposed scheme can be proven-secure in the standard model. © 2014 Elsevier Inc. All rights reserved.

An efficient anonymous remote attestation scheme for trusted computing based on improved CPK

 The platform remote attestation (RA) is one of the main features of trusted computing platform proposed by the trusted computing group (TCG). The privacy certificate authority (CA) solution of RA requires users to pay for multiple certificates, and the direct anonymous attestation (DAA) solution leads to inefficiency. TCG RA also suffers from limitations of platform configuration privacy. This paper proposed a RA scheme based on an improved combined public key cryptography (ICPK) (abbreviated to RA-ICPK). RA-ICPK is a certificate-less scheme without using public key infrastructure CA signature or DAA signature, which combines commitment scheme, zero-knowledge proof and ring signature (RS) to own the property of unforgeability and privacy. RA-ICPK is mainly based on elliptic curve cryptography without bilinear pair computing, and only carries out zero-knowledge proof one time. RA-ICPK need not depend on trusted third parties to check trusted platform modules identity and integrity values revocations. © 2014 Springer Science+Business Media New York

Spectral unmixing based on nonnegative matrix factorization with local smoothness constraint

Spectral unmixing (SU) is an emerging problem in the remote sensing image processing. Since both the endmember signatures and their abundances have nonnegative values, it is a natural choice to employ the attractive nonnegative matrix factorization (NMF) methods to solve this problem. Motivated by that the abundances are sparse, the NMF with local smoothness constraint (NMF-LSC) is proposed in this paper. In the proposed method, the smoothness constraint is utilized to impose the sparseness, instead of the traditional L1-norm which is restricted by the underlying column-sum-to-one requirement of the to the abundance matrix. Simulations show the advantages of our algorithm over the compared methods.

Cost-effective authentic and anonymous data sharing with forward security

Data sharing has never been easier with the advances of cloud computing, and an accurate analysis on the shared data provides an array of benefits to both the society and individuals. Data sharing with a large number of participants must take into account several issues, including efficiency, data integrity and privacy of data owner. Ring signature is a promising candidate to construct an anonymous and authentic data sharing system. It allows a data owner to anonymously authenticate his data which can be put into the cloud for storage or analysis purpose. Yet the costly certificate verification in the traditional public key infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. Identity-based (ID-based) ring signature, which eliminates the process of certificate verification, can be used instead. In this paper, we further enhance the security of ID-based ring signature by providing forward security: If a secret key of any user has been compromised, all previous generated signatures that include this user still remain valid. This property is especially important to any large scale data sharing system, as it is impossible to ask all data owners to re-authenticate their data even if a secret key of one single user has been compromised. We provide a concrete and efficient instantiation of our scheme, prove its security and provide an implementation to show its practicality.

Women's human rights and the Muslim question : Iran's one million signatures campaign

Women's Human Rights and the Muslim Question shows how Muslim women have made meaningful contributions to the development of the international framework on gender equality and women's rights. An investigation into the women's movement of Iran offers a practical grounding for this argument, and presents unprecedented findings on how ideological divisions along secular and religious lines have been worked in favour of a rights-based framework for change.The book presents a comprehensive synthesis and analysis of the campaign material of the women's movement 'Change for Equality Campaign'—one of the most progressive and sophisticated movements in the Middle East/Central Asia.