Explore the vast range of titles available.

Recent progress in machine learning has led to promising results in behavioral malware detection. Behavioral modeling identifies malicious processes via features derived by their runtime behavior. Behavioral features hold great promise as they are intrinsically related to the functioning of each malware, and are therefore considered difficult to evade. Indeed, while a significant amount of results exists on evasion of static malware features, evasion of dynamic features has seen limited work. This paper examines the robustness of behavioral ransomware detectors to evasion and proposes multiple novel techniques to evade them. Ransomware behavior differs significantly from that of benign processes, making it an ideal best case for behavioral detectors, and a difficult candidate for evasion. We identify and propose a set of novel attacks that distribute the overall malware workload across a small set of independent, cooperating processes in order to avoid the generation of significant behavioral features. Our most effective attack decreases the accuracy of a state-of-the-art classifier from 98.6 to 0% using only 18 cooperating processes. Furthermore, we show our attacks to be effective against commercial ransomware detectors in a black-box setting. Finally, we evaluate a detector designed to identify our most effective attack, as well as discuss potential directions to mitigate our most advanced attack.

Several cybersecurity domains, such as ransomware detection, forensics and data analysis, require methods to reliably identify encrypted data fragments. Typically, current approaches employ statistics derived from byte-level distribution, such as entropy estimation, to identify encrypted fragments. However, modern content types use compression techniques which alter data distribution pushing it closer to the uniform distribution. The result is that current approaches exhibit unreliable encryption detection performance when compressed data appear in the dataset. Furthermore, proposed approaches are typically evaluated over few data types and fragment sizes, making it hard to assess their practical applicability. This paper compares existing statistical tests on a large, standardized dataset and shows that current approaches consistently fail to distinguish encrypted and compressed data on both small and large fragment sizes. We address these shortcomings and design EnCoD , a learning-based classifier which can reliably distinguish compressed and encrypted data. We evaluate EnCoD on a dataset of 16 different file types and fragment sizes ranging from 512B to 8KB. Our results highlight that EnCoD outperforms current approaches by a wide margin, with accuracy ranging from ∼ 82 % for 512B fragments up to ∼ 92 % for 8KB data fragments. Moreover, EnCoD can pinpoint the exact format of a given data fragment, rather than performing only binary classification like previous approaches.

Wireless Sensor Networks (WSNs) are often deployed in hostile environments where an adversary can physically capture some of the nodes, first can reprogram, and then, can replicate them in a large number of clones, easily taking control over the network. A few distributed solutions to address this fundamental problem have been recently proposed. However, these solutions are not satisfactory. First, they are energy and memory demanding: A serious drawback for any protocol to be used in the WSN-resource-constrained environment. Further, they are vulnerable to the specific adversary models introduced in this paper. The contributions of this work are threefold. First, we analyze the desirable properties of a distributed mechanism for the detection of node replication attacks. Second, we show that the known solutions for this problem do not completely meet our requirements. Third, we propose a new self-healing, Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks, and we show that it satisfies the introduced requirements. Finally, extensive simulations show that our protocol is highly efficient in communication, memory, and computation; is much more effective than competing solutions in the literature; and is resistant to the new kind of attacks introduced in this paper, while other solutions are not.

Adversarial attacks, wherein slight inputs are carefully crafted to mislead intelligent models, have attracted increasing attention. However, a critical gap persists between theoretical advancements and practical application, particularly in structured data like network traffic, where interdependent features complicate effective adversarial manipulations. Moreover, ambiguity in current approaches restricts reproducibility and limits progress in this field. Hence, existing defenses often fail to handle evolving adversarial attacks. This paper proposes a novel approach for black-box adversarial attacks that addresses these limitations. Unlike prior work, which often assumes system access or relies on repeated probing, our method strictly respects black-box constraints, reducing interaction to avoid detection and better reflect real-world scenarios. We present an adaptive feature selection strategy using change-point detection and causality analysis to identify and target sensitive features for perturbation. This lightweight design ensures low computational cost and high deployability. Our comprehensive experiments show the attack’s effectiveness in evading detection with minimal interaction, enhancing its adaptability and applicability in real-world scenarios. By advancing the understanding of adversarial attacks in network traffic, this work lays a foundation for developing robust defenses.

A distributed Wireless Sensor Network (WSN) is a collection of low-end devices with wireless message exchange capabilities. Due to the scarcity of hardware resources, the lack of network infrastructures, and the threats to security, implementing secure pair-wise communications among any pair of sensors is a challenging problem in distributed WSNs. In particular, memory and energy consumption as well as resilience to sensor physical compromise are the most stringent requirements. In this paper, we introduce a new threat model to communications confidentiality in WSNs, the smart attacker model. Under this new, more realistic model, the security features of previously proposed schemes decrease drastically. We then describe a novel pseudo-random key pre-deployment strategy ESP that combines all the following properties: (a) it supports an energy-efficient key discovery phase requiring no communications; (b) it provides node to node authentication; (c) it is highly resistant to the smart attacker. We provide both asymptotic results and extensive simulations of the schemes that are beingproposed. [PUBLICATION ABSTRACT]

We analyze the security vulnerabilities of PEAS, ASCENT, and CCP, three well-known topology maintenance protocols (TMPs) for sensor networks. These protocols aim to increase the lifetime of the sensor network by only maintaining a subset of nodes in an active or awake state. The design of these protocols assumes that the sensor nodes will be deployed in a trusted, nonadversarial environment, and does not take into account the impact of attacks launched by malicious insider or outsider nodes. We propose a metaprotocol (Meta-TMP) to represent the class of topology maintenance protocols. The Meta-TMP provides us with a better understanding of the characteristics and of how a specific TMP works, and it can be used to study the vulnerabilities of a specific TMP. We describe various types of malicious behavior and actions that can be carried out by an adversary to attack a wireless sensor network by exploiting the TMP being used in the network. We describe three attacks against these protocols that may be used to reduce the lifetime of the sensor network, or to degrade the functionality of the sensor application by reducing the network connectivity and the sensing coverage that can be achieved. Further, we describe countermeasures that can be taken to increase the robustness of the protocols and make them resilient to such attacks.

The Saturn-mass exoplanet WASP-39b has been the subject of extensive efforts to determine its atmospheric properties using transmission spectroscopy 1 – 4 . However, these efforts have been hampered by modelling degeneracies between composition and cloud properties that are caused by limited data quality 5 – 9 . Here we present the transmission spectrum of WASP-39b obtained using the Single-Object Slitless Spectroscopy (SOSS) mode of the Near Infrared Imager and Slitless Spectrograph (NIRISS) instrument on the JWST. This spectrum spans 0.6–2.8 μm in wavelength and shows several water-absorption bands, the potassium resonance doublet and signatures of clouds. The precision and broad wavelength coverage of NIRISS/SOSS allows us to break model degeneracies between cloud properties and the atmospheric composition of WASP-39b, favouring a heavy-element enhancement (‘metallicity’) of about 10–30 times the solar value, a sub-solar carbon-to-oxygen (C/O) ratio and a solar-to-super-solar potassium-to-oxygen (K/O) ratio. The observations are also best explained by wavelength-dependent, non-grey clouds with inhomogeneous coverageof the planet’s terminator. The transmission spectrum of the exoplanet WASP-39b is obtained using observations from the Single-Object Slitless Spectroscopy mode of the Near Infrared Imager and Slitless Spectrograph instrument aboard the JWST.

Adversarial attacks, wherein slight inputs are carefully crafted to mislead intelligent models, have attracted increasing attention. However, a critical gap persists between theoretical advancements and practical application, particularly in structured data like network traffic, where interdependent features complicate effective adversarial manipulations. Moreover, ambiguity in current approaches restricts reproducibility and limits progress in this field. Hence, existing defenses often fail to handle evolving adversarial attacks. This paper proposes a novel approach for black-box adversarial attacks that addresses these limitations. Unlike prior work, which often assumes system access or relies on repeated probing, our method strictly respects black-box constraints, reducing interaction to avoid detection and better reflect real-world scenarios. We present an adaptive feature selection strategy using change-point detection and causality analysis to identify and target sensitive features for perturbation. This lightweight design ensures low computational cost and high deployability. Our comprehensive experiments show the attack’s effectiveness in evading detection with minimal interaction, enhancing its adaptability and applicability in real-world scenarios. By advancing the understanding of adversarial attacks in network traffic, this work lays a foundation for developing robust defenses.

The nature of mobile ad hoc networks (MANETs), often unattended, makes this type of networks subject to some unique security issues. In particular, one of the most vexing problem for MANETs security is the node capture attack: an adversary can capture a node from the network eventually acquiring all the cryptographic material stored in it. Further, the captured node can be reprogrammed by the adversary and redeployed in the network in order to perform malicious activities. In this paper, we address the node capture attack in MANETs. We start from the intuition that mobility, in conjunction with a reduced amount of local cooperation, helps computing effectively and with a limited resource usage network global security properties. Then, we develop this intuition and use it to design a mechanism to detect the node capture attack. We support our proposal with a wide set of experiments showing that mobile networks can leverage mobility to compute global security properties, like node capture detection, with a small overhead.

Measuring the abundances of carbon and oxygen in exoplanet atmospheres is considered a crucial avenue for unlocking the formation and evolution of exoplanetary systems 1 , 2 . Access to the chemical inventory of an exoplanet requires high-precision observations, often inferred from individual molecular detections with low-resolution space-based 3 – 5 and high-resolution ground-based 6 – 8 facilities. Here we report the medium-resolution ( R  ≈ 600) transmission spectrum of an exoplanet atmosphere between 3 and 5 μm covering several absorption features for the Saturn-mass exoplanet WASP-39b (ref.  9 ), obtained with the Near Infrared Spectrograph (NIRSpec) G395H grating of JWST. Our observations achieve 1.46 times photon precision, providing an average transit depth uncertainty of 221 ppm per spectroscopic bin, and present minimal impacts from systematic effects. We detect significant absorption from CO 2 (28.5 σ ) and H 2 O (21.5 σ ), and identify SO 2 as the source of absorption at 4.1 μm (4.8 σ ). Best-fit atmospheric models range between 3 and 10 times solar metallicity, with sub-solar to solar C/O ratios. These results, including the detection of SO 2 , underscore the importance of characterizing the chemistry in exoplanet atmospheres and showcase NIRSpec G395H as an excellent mode for time-series observations over this critical wavelength range 10 . The medium-resolution transmission spectrum of the exoplanet WASP-39b, described using observations from the Near Infrared Spectrograph G395H grating aboard JWST, shows significant absorption from CO 2 and H 2 O and detection of SO 2 .