Machine Learning is the study of methods for programming computers to learn. Computers are applied to a wide range of tasks, and for most of these it is relatively easy for programmers to design and implement the necessary software. However, there are many tasks for which this is difficult or impossible. These can be divided into four general categories. First, there are problems for which there exist no human experts. For example, in modern automated manufacturing facilities, there is a need to predict machine failures before they occur by analyzing sensor readings. Because the machines are new, there are no human experts who can be interviewed by a programmer to provide the knowledge necessary to build a computer system. A machine learning system can study recorded data and subsequent machine failures and learn prediction rules. Second, there are problems where human experts exist, but where they are unable to explain their expertise. This is the case in many perceptual tasks, such as speech recognition, hand-writing recognition, and natural language understanding. Virtually all humans exhibit expert-level abilities on these tasks, but none of them can describe the detailed steps that they follow as they perform them. Fortunately, humans can provide machines with examples of the inputs and correct outputs for these tasks, so machine learning algorithms can learn to map the inputs to the outputs. Third, there are problems where phenomena are changing rapidly. In finance, for example, people would like to predict the future behavior of the stock market, of consumer purchases, or of exchange rates. These behaviors change frequently, so that even if a programmer could construct a good predictive computer program, it would need to be rewritten frequently. A learning program can relieve the programmer of this burden by constantly modifying and tuning a set of learned prediction rules. Fourth, there are applications that need to be customized for each computer user separately. Consider, for example, a program to filter unwanted electronic mail messages. Different users will need different filters. It is unreasonable to expect each user to program his or her own rules, and it is infeasible to provide every user with a software engineer to keep the rules up-to-date. A machine learning system can learn which mail messages the user rejects and maintain the filtering rules automatically. Machine learning addresses many of the same research questions as the fields of statistics, data mining, and psychology, but with differences of emphasis. Statistics focuses on understanding the phenomena that have generated the data, often with the goal of testing different hypotheses about those phenomena. Data mining seeks to find patterns in the data that are understandable by people. Psychological studies of human learning aspire to understand the mechanisms underlying the various learning behaviors exhibited by people (concept learning, skill acquisition, strategy change, etc.).

Machine learning

National Institute of Standards and Technology における超伝導研究及び生活

C4.5: Programs for Machine Learning (書評)

At some point in the future, how far out we do not exactly know, wireless access to the Internet will outstrip all other forms of access bringing the freedom of mobility to the way we access the we...

ACM SIGCOMM computer communication review

Physical layer security (PHY-security) takes the advantages of channel randomness nature of transmission media to achieve communication confidentiality and authentication. Wiretap coding and signal processing technologies are expected to play vital roles in this new security mechanism. PHY-security has attracted a lot of attention due to its unique features and the fact that our daily life relies heavily on wireless communications for sensitive and private information transmissions. Compared to conventional cryptography that works to ensure all involved entities to load proper and authenticated cryptographic information, PHY-security technologies perform security functions without considering about how those security protocols are executed. In other words, it does not require to implement any extra security schemes or algorithms on other layers above the physical layer. This survey introduces the fundamental theories of PHY-security, covering confidentiality and authentication, and provides an overview on the state-of-the-art works on PHY-security technologies that can provide secure communications in wireless systems, along with the discussions on challenges and their proposed solutions. Furthermore, at the end of this paper, the open issues are identified as our future research directions.

Physical Layer Security for Next Generation Wireless Networks: Theories, Technologies, and Challenges

Physical-layer identification of wireless devices, commonly referred to as Radio Frequency (RF) fingerprinting, is the process of identifying a device based on transmission imperfections exhibited by its radio transceiver. It can be used to improve access control in wireless networks, revent device cloning and complement message authentication protocols. This paper studies the feasibility of performing impersonation attacks on the modulation-based and transient-based fingerprinting techniques. Both techniques are vulnerable to impersonation attacks; however, transient-based techniques are more difficult to reproduce due to the effects of the wireless channel and antenna in their recording process. We assess the feasibility of performing impersonation attacks by extensive measurements as well as simulations using collected data from wireless devices. We discuss the implications of our findings and how they affect current device identification techniques and related applications.

/pdf/attacks-on-physical-layer-identification-44mimf3iz7.pdf

Attacks on physical-layer identification

Traffic flow from a traffic source with a source IP address to a customer system with a destination IP address is filtered by comparing the source IP address to a customer blacklist. If the source IP address is on the customer blacklist, then traffic to the customer system is blocked; else, traffic to the customer system is allowed. The customer blacklist is generated from a network blacklist, comprising IP addresses of unwanted traffic sources, and a customer whitelist, comprising IP addresses of wanted traffic sources. The customer blacklist is generated by removing from the network blacklist any IP address also on the customer whitelist. The network blacklist is generated by acquiring raw blacklists from reputation systems. IP addresses on the raw blacklists are sorted by prefix groups, which are rank ordered by traffic frequency. Top prefix groups are selected for the network blacklist.

Filtering unwanted data traffic via a per-customer blacklist

BitTorrent is currently one of the most popular peer-to-peer systems. BitTorrent clients are widely spread all over the world and account for a large fraction of today's Internet traffic. In this paper, we show that BitTorrent can be exploited by misdirecting clients to send their traffic toward any host on the Internet. The volume of a BitTorrent swarm can thus be converted into firepower for launching a distributed denial-of-service attack that can exhaust the victim's resources, including access bandwidth and connection resources. We identify novel exploits of the BitTorrent system and conduct real-life experiments that demonstrate the feasibility and severity of such attacks. We characterize the volume, duration and spread of attack traffic observed in our experiments. Finally, we discuss possible fixes and the limits of both attack and defense approaches.

/pdf/bottorrent-misusing-bittorrent-to-launch-ddos-attacks-2t9ew9g4da.pdf

BotTorrent: misusing BitTorrent to launch DDoS attacks

In this paper we consider the problem of secure pattern matching that allows single character wildcards and substring matching in the malicious (stand-alone) setting. Our protocol, called 5PM, is executed between two parties: Server, holding a text of length n, and Client, holding a pattern of length m to be matched against the text, where our notion of matching is more general and includes non-binary alphabets, non-binary Hamming distance and non-binary substring matching.

5PM is the first protocol with communication complexity sub-linear in circuit size to compute non-binary substring matching in the malicious model (general MPC has communication complexity which is at least linear in the circuit size). 5PM is also the first sublinear protocol to compute non-binary Hamming distance in the malicious model. Additionally, in the honest-but-curious (semi-honest) model, 5PM is asymptotically more efficient than the best known scheme when amortized for applications that require single charcter wildcards or substring pattern matching. 5PM in the malicious model requires O((m+n)k2) bandwidth and O(m+n) encryptions, where m is the pattern length and n is the text length. Further, 5PM can hide pattern size with no asymptotic additional costs in either computation or bandwidth. Finally, 5PM requires only 2 rounds of communication in the honest-but-curious model and 8 rounds in the malicious model. Our techniques reduce pattern matching and generalized Hamming distance problem to a novel linear algebra formulation that allows for generic solutions based on any additively homomorphic encryption. We believe our efficient algebraic techniques are of independent interest.

/pdf/5pm-secure-pattern-matching-4pzqczgjpr.pdf

5PM: secure pattern matching

In this paper we consider the problem of secure pattern matching that allows single-character wildcards and substring matching in the malicious stand-alone setting. Our protocol, called 5PM, is executed between two parties: Server, holding a text of length n, and Client, holding a pattern of length m to be matched against the text, where our notion of matching is more general than traditionally considered and includes non-binary alphabets, non-binary Hamming distance and non-binary substring matching.5PM is the first secure expressive pattern matching protocol designed to optimize round complexity by carefully specifying the entire protocol round by round. 5PM requires only eight rounds in the malicious static corruptions model. In the malicious model, 5PM requires O((m+n)k2) communication complexity and O(m+n) encryptions, where m is the pattern length and n is the text length. Further, 5PM can hide pattern size with no asymptotic additional costs in either computation or bandwidth.

/pdf/5pm-secure-pattern-matching-2fmyng0m6k.pdf

Karim El Defrawy

Papers

Attacks on physical-layer identification

Filtering unwanted data traffic via a per-customer blacklist

BotTorrent: misusing BitTorrent to launch DDoS attacks

5PM: secure pattern matching

5PM: Secure pattern matching