boosting foundations and algorithms, boosting foundations and algorithms amazon com, boosting foundations and algorithms read online, boosting foundations and algorithms in searchworks catalog, boosting foundations and algorithms adaptive computation, download e book for kindle boosting foundations and, contents, bhlmann hothorn boosting algorithms regularization, boosting foundations and algorithms by robert e schapire, boosting lagout, an introduction to boosting and leveraging face rec, explaining adaboost robert schapire, pdf boosting foundations and algorithms adaptive, boosting foundations and algorithms pdf machine learning, boosting foundations and algorithms 1 ebooks, boosting machine learning wikipedia, boosting foundations and algorithms free computer, boosting foundations and algorithms ieee, theoretical foundations and algorithms for outlier ensembles, ensemble methods foundations and algorithms, boosting foundations and algorithms kybernetes vol 42, the evolution of boosting algorithms arxiv, boosting foundations and algorithms paraglide com, foundations of machine learning boosting, boosting algorithms regularization prediction and model, boosting foundations and algorithms amazon co uk, chapter 3 boosting algorithms a review of methods theory, optimal and adaptive algorithms for online boosting, boosting foundations and algorithms adaptive computation, boosting the mit press, boosting foundations and algorithms ebook 2012, boosting foundations and algorithms amazon co uk, book review of boosting foundations and algorithms, boosting foundations and algorithms kybernetes vol 42, boosting foundations and algorithms indiebound org, download boosting foundations and algorithms adaptive, boosting foundations and algorithms adaptive computation, boosting foundations and algorithms adaptive computation, free download here pdfsdocuments2 com, boosting foundations and algorithms book 2012, boosting foundations and algorithms principal researcher, buy boosting foundations and algorithms adaptive, boosting foundations and algorithms adaptive computation, boosting foundations and algorithms request pdf, boosting foundations and algorithms beck shop de, new book boosting foundations and algorithms by robert, boosting the mit press, a short introduction to boosting computer science andboosting boosting general method of converting rough rules of thumb into highly accurate prediction rule technically assume given weak learning algorithm that can consistently nd classiers rules of thumb at least slightly better than random say accuracy 55, boosting foundations and algorithms adaptive computation and machine learning series robert e schapire yoav freund on amazon com free shipping on qualifying offers an accessible introduction and essential reference for an approach to machine learning that creates highly accurate prediction rules by combining many weak and inaccurate ones lt b gt lt p gt lt p gt lt i gt boosting lt i gt is an approach to, boosting foundations and algorithms by robert e schapire yoav freund publisher the mit press 2014 isbn 13 9780262310413 number of pages 544 description boosting is an approach to machine learning based on the idea of creating a highly accurate predictor by combining many weak and inaccurate rules of thumb, a remarkably rich theory has evolved around boosting with connections to a range of topics including statistics game theory convex optimization and information geometry boosting

Boosting: Foundations and Algorithms.

With the integration of mobile devices into daily life, smartphones are privy to increasing amounts of sensitive information. Sophisticated mobile malware, particularly Android malware, acquire or utilize such data without user consent. It is therefore essential to devise effective techniques to analyze and detect these threats. This article presents a comprehensive survey on leading Android malware analysis and detection techniques, and their effectiveness against evolving malware. This article categorizes systems by methodology and date to evaluate progression and weaknesses. This article also discusses evaluations of industry solutions, malware statistics, and malware evasion techniques and concludes by supporting future research paths.

/pdf/the-evolution-of-android-malware-and-android-analysis-1887k95rid.pdf

The Evolution of Android Malware and Android Analysis Techniques

Side-channel attacks monitor some aspect of a computer system's behavior to infer the values of secret data. Numerous side-channels have been exploited, including those that monitor caches, the branch predictor, and the memory address bus. This paper presents a method of defending against a broad class of side-channel attacks, which we refer to as digital side-channel attacks. The key idea is to obfuscate the program at the source code level to provide the illusion that many extraneous program paths are executed. This paper describes the technical issues involved in using this idea to provide confidentiality while minimizing execution overhead. We argue about the correctness and security of our compiler transformations and demonstrate that our transformations are safe in the context of a modern processor. Our empirical evaluation shows that our solution is 8.9× faster than prior work (GhostRider [20]) that specifically defends against memory trace-based side-channel attacks.

/pdf/raccoon-closing-digital-side-channels-through-obfuscated-23v9j5sd04.pdf

Raccoon: closing digital side-channels through obfuscated execution

We present BranchScope - a new side-channel attack where the attacker infers the direction of an arbitrary conditional branch instruction in a victim program by manipulating the shared directional branch predictor. The directional component of the branch predictor stores the prediction on a given branch (taken or not-taken) and is a different component from the branch target buffer (BTB) attacked by previous work. BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit. Our attack targets complex hybrid branch predictors with unknown organization. We demonstrate how an attacker can force these predictors to switch to a simple 1-level mode to simplify the direction recovery. We carry out BranchScope on several recent Intel CPUs and also demonstrate the attack against an SGX enclave.

BranchScope: A New Side-Channel Attack on Directional Branch Predictor

Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are inconsistent given the measures taken by malware writers to elude static detection. We propose the DroidRA instrumentation-based approach to address this issue in a non-invasive way. With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. Our approach allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results.

/pdf/droidra-taming-reflection-to-support-whole-program-analysis-1eo02wh1bu.pdf

DroidRA: taming reflection to support whole-program analysis of Android apps

Microarchitectural resources such as caches and predictors can be used to leak information across security domains. Significant prior work has demonstrated attacks and defenses for specific types of such microarchitectural side and covert channels. In this paper, we introduce a general mathematical study of microarchitectural channels using information theory. Our conceptual contribution is a simple mathematical abstraction that captures the common characteristics of all microarchitectural channels. We call this the Bucket model and it reveals that microarchitectural channels are fundamentally different from side and covert channels in networking. We then quantify the communication capacity of several microarchitectural covert channels (including channels that rely on performance counters, AES hardware and memory buses) and measure bandwidths across both KVM based heavy-weight virtualization and light-weight operating-system level isolation. We demonstrate channel capacities that are orders of magnitude higher compared to what was previously considered possible. Finally, we introduce a novel way of detecting intelligent adversaries that try to hide while running covert channel eavesdropping attacks. Our method generalizes a prior detection scheme (that modeled static adversaries) by introducing noise that hides the detection process from an intelligent eavesdropper.

/pdf/understanding-contention-based-channels-and-using-them-for-10ra1s5lc3.pdf

Understanding contention-based channels and using them for defense

Hardware-based malware detectors (HMDs) are a key emerging technology to build trustworthy systems, especially mobile platforms. Quantifying the efficacy of HMDs against malicious adversaries is thus an important problem. The challenge lies in that real-world malware adapts to defenses, evades being run in experimental settings, and hides behind benign applications. Thus, realizing the potential of HMDs as a small and battery-efficient line of defense requires a rigorous foundation for evaluating HMDs. We introduce Sherlock — a white-box methodology that quantifies an HMD's ability to detect malware and identify the reason why. Sherlock first deconstructs malware into atomic, orthogonal actions to synthesize a diverse malware suite. Sherlock then drives both malware and benign programs with real user-inputs, and compares their executions to determine an HMD's operating range, i.e., the smallest malware actions an HMD can detect. We show three case studies using Sherlock to not only quantify HMDs' operating ranges but design better detectors. First, using information about concrete malware actions, we build a discrete-wavelet transform based unsupervised HMD that outperforms prior work based on power transforms by 24.7% (AUC metric). Second, training a supervised HMD using Sherlock's diverse malware dataset yields 12.5% better HMDs than past approaches that train on ad-hoc subsets of malware. Finally, Sherlock shows why a malware instance is detectable. This yields a surprising new result — obfuscation techniques used by malware to evade static analyses makes them more detectable using HMDs.

Quantifying and improving the efficiency of hardware-based mobile malware detectors

Computational characteristics of a program can potentially be used to identify malicious programs from benign ones. However, systematically evaluating malware detection techniques, especially when malware samples are hard to run correctly and can adapt their computational characteristics, is a hard problem.We introduce Morpheus -- a benchmarking tool that includes both real mobile malware and a synthetic malware generator that can be configured to generate a computationally diverse malware sample-set -- as a tool to evaluate computational signatures based malware detection. Morpheus also includes a set of computationally diverse benign applications that can be used to repackage malware into, along with a recorded trace of over 1 hour long realistic human usage for each app that can be used to replay both benign and malicious executions.The current Morpheus prototype targets Android applications and malware samples. Using Morpheus, we quantify the computational diversity in malware behavior and expose opportunities for dynamic analyses that can detect mobile malware. Specifically, the use of obfuscation and encryption to thwart static analyses causes the malicious execution to be more distinctive -- a potential opportunity for detection. We also present potential challenges, specifically, minimizing false positives that can arise due to diversity of benign executions.

Morpheus: benchmarking computational diversity in mobile malware

Hardware-based malware detectors (HMDs) are a key emerging technology to build trustworthy computing platforms, especially mobile platforms. Quantifying the efficacy of HMDs against malicious adversaries is thus an important problem. The challenge lies in that real-world malware typically adapts to defenses, evades being run in experimental settings, and hides behind benign applications. Thus, realizing the potential of HMDs as a line of defense - that has a small and battery-efficient code base - requires a rigorous foundation for evaluating HMDs. 
To this end, we introduce EMMA - a platform to evaluate the efficacy of HMDs for mobile platforms. EMMA deconstructs malware into atomic, orthogonal actions and introduces a systematic way of pitting different HMDs against a diverse subset of malware hidden inside benign applications. EMMA drives both malware and benign programs with real user-inputs to yield an HMD's effective operating range - i.e., the malware actions a particular HMD is capable of detecting. We show that small atomic actions, such as stealing a Contact or SMS, have surprisingly large hardware footprints, and use this insight to design HMD algorithms that are less intrusive than prior work and yet perform 24.7% better. Finally, EMMA brings up a surprising new result - obfuscation techniques used by malware to evade static analyses makes them more detectable using HMDs.

EMMA: A New Platform to Evaluate Hardware-based Mobile Malware Analyses

Various embodiments may include methods, devices, and non-transitory processor-readable media for performing information flow tracking during execution of a software application. A hybrid static/dynamic analysis may be used to track information flow during execution of a software application. In various embodiments, the method may predict a multiple paths of execution, and may utilize these predictions to analyze only actually executing software code. By analyzing only actually executed software code, the method may provide a lightweight and resource-efficient way of detecting actual data leaks as they occur during execution of a software application.

Mikhail Kazdagli

Papers

Understanding contention-based channels and using them for defense

Quantifying and improving the efficiency of hardware-based mobile malware detectors

Morpheus: benchmarking computational diversity in mobile malware

EMMA: A New Platform to Evaluate Hardware-based Mobile Malware Analyses

Information Flow Tracking Using Incremental Profiling