-
Give and Take: An End-To-End Investigation of Giveaway Scam Conversion Rates
Authors:
Enze Liu,
George Kappos,
Eric Mugnier,
Luca Invernizzi,
Stefan Savage,
David Tao,
Kurt Thomas,
Geoffrey M. Voelker,
Sarah Meiklejohn
Abstract:
Scams -- fraudulent schemes designed to swindle money from victims -- have existed for as long as recorded history. However, the Internet's combination of low communication cost, global reach, and functional anonymity has allowed scam volumes to reach new heights. Designing effective interventions requires first understanding the context: how scammers reach potential victims, the earnings they mak…
▽ More
Scams -- fraudulent schemes designed to swindle money from victims -- have existed for as long as recorded history. However, the Internet's combination of low communication cost, global reach, and functional anonymity has allowed scam volumes to reach new heights. Designing effective interventions requires first understanding the context: how scammers reach potential victims, the earnings they make, and any potential bottlenecks for durable interventions. In this short paper, we focus on these questions in the context of cryptocurrency giveaway scams, where victims are tricked into irreversibly transferring funds to scammers under the pretense of even greater returns. Combining data from Twitter, YouTube and Twitch livestreams, landing pages, and cryptocurrency blockchains, we measure how giveaway scams operate at scale. We find that 1 in 1000 scam tweets, and 4 in 100,000 livestream views, net a victim, and that scammers managed to extract nearly \$4.62 million from just hundreds of victims during our measurement window.
△ Less
Submitted 15 May, 2024;
originally announced May 2024.
-
Structural Analysis of GRAFCET Control Specifications
Authors:
Aron Schnakenbeck,
Robin Mroß,
Marcus Völker,
Stefan Kowalewski,
Alexander Fay
Abstract:
The graphical modeling language GRAFCET is used as a formal specification language in industrial control design. This paper proposes a structural analysis that approximates the variable values of GRAFCET to allow verification on specification level. GRAFCET has different elements resulting in concurrent behavior, which in general results in a large state space for analyses like model checking. The…
▽ More
The graphical modeling language GRAFCET is used as a formal specification language in industrial control design. This paper proposes a structural analysis that approximates the variable values of GRAFCET to allow verification on specification level. GRAFCET has different elements resulting in concurrent behavior, which in general results in a large state space for analyses like model checking. The proposed analysis approach approximates that state space and takes into consideration the entire set of GRAFCET elements leading to concurrent behavior. The analysis consists of two parts: We present an algorithm analyzing concurrent steps to approximate the step variables and we adapt analysis means from the field of Petri nets to approximate internal and output variables. The proposed approach is evaluated using an industrial-sized example to demonstrate that the analysis is capable of verifying behavioral errors and is not limited by the specification size of practical plants.
△ Less
Submitted 1 July, 2024; v1 submitted 20 July, 2023;
originally announced July 2023.
-
A Control Flow based Static Analysis of GRAFCET using Abstract Interpretation
Authors:
Aron Schnakenbeck,
Robin Mroß,
Marcus Völker,
Stefan Kowalewski,
Alexander Fay
Abstract:
The graphical modeling language GRAFCET is used as a formal specification language in industrial control design. This paper proposes a static analysis approach based on the control flow of GRAFCET using abstract interpretation to allow verification on specification level. GRAFCET has different elements leading to concurrent behavior, which in general results in a large state space. To get precise…
▽ More
The graphical modeling language GRAFCET is used as a formal specification language in industrial control design. This paper proposes a static analysis approach based on the control flow of GRAFCET using abstract interpretation to allow verification on specification level. GRAFCET has different elements leading to concurrent behavior, which in general results in a large state space. To get precise results and reduce the state space, we propose an analysis suitable for GRAFCET instances without concurrent behavior. We point out how to check for the absence of concurrency and present a flow-sensitive analysis for these GRAFCET instances. The proposed approach is evaluated on an industrial-sized example.
△ Less
Submitted 25 August, 2023; v1 submitted 2 June, 2023;
originally announced June 2023.
-
Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy
Authors:
Enze Liu,
Gautam Akiwate,
Mattijs Jonker,
Ariana Mirian,
Grant Ho,
Geoffrey M. Voelker,
Stefan Savage
Abstract:
The critical role played by email has led to a range of extension protocols (e.g., SPF, DKIM, DMARC) designed to protect against the spoofing of email sender domains. These protocols are complex as is, but are further complicated by automated email forwarding -- used by individual users to manage multiple accounts and by mailing lists to redistribute messages. In this paper, we explore how such em…
▽ More
The critical role played by email has led to a range of extension protocols (e.g., SPF, DKIM, DMARC) designed to protect against the spoofing of email sender domains. These protocols are complex as is, but are further complicated by automated email forwarding -- used by individual users to manage multiple accounts and by mailing lists to redistribute messages. In this paper, we explore how such email forwarding and its implementations can break the implicit assumptions in widely deployed anti-spoofing protocols. Using large-scale empirical measurements of 20 email forwarding services (16 leading email providers and four popular mailing list services), we identify a range of security issues rooted in forwarding behavior and show how they can be combined to reliably evade existing anti-spoofing controls. We further show how these issues allow attackers to not only deliver spoofed email messages to prominent email providers (e.g., Gmail, Microsoft Outlook, and Zoho), but also reliably spoof email on behalf of tens of thousands of popular domains including sensitive domains used by organizations in government (e.g., state.gov), finance (e.g., transunion.com), law (e.g., perkinscoie.com) and news (e.g., washingtonpost.com) among others.
△ Less
Submitted 19 April, 2023; v1 submitted 14 February, 2023;
originally announced February 2023.
-
Hopper: Modeling and Detecting Lateral Movement (Extended Report)
Authors:
Grant Ho,
Mayank Dhiman,
Devdatta Akhawe,
Vern Paxson,
Stefan Savage,
Geoffrey M. Voelker,
David Wagner
Abstract:
In successful enterprise attacks, adversaries often need to gain access to additional machines beyond their initial point of compromise, a set of internal movements known as lateral movement. We present Hopper, a system for detecting lateral movement based on commonly available enterprise logs. Hopper constructs a graph of login activity among internal machines and then identifies suspicious seque…
▽ More
In successful enterprise attacks, adversaries often need to gain access to additional machines beyond their initial point of compromise, a set of internal movements known as lateral movement. We present Hopper, a system for detecting lateral movement based on commonly available enterprise logs. Hopper constructs a graph of login activity among internal machines and then identifies suspicious sequences of loginsthat correspond to lateral movement. To understand the larger context of each login, Hopper employs an inference algorithm to identify the broader path(s) of movement that each login belongs to and the causal user responsible for performing a path's logins. Hopper then leverages this path inference algorithm, in conjunction with a set of detection rules and a new anomaly scoring algorithm, to surface the login paths most likely to reflect lateral movement. On a 15-month enterprise dataset consisting of over 780 million internal logins, Hop-per achieves a 94.5% detection rate across over 300 realistic attack scenarios, including one red team attack, while generating an average of <9 alerts per day. In contrast, to detect the same number of attacks, prior state-of-the-art systems would need to generate nearly 8x as many false positives.
△ Less
Submitted 27 May, 2021;
originally announced May 2021.
-
Detecting and Characterizing Lateral Phishing at Scale
Authors:
Grant Ho,
Asaf Cidon,
Lior Gavish,
Marco Schweighauser,
Vern Paxson,
Stefan Savage,
Geoffrey M. Voelker,
David Wagner
Abstract:
We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefitting from both the implicit trust and the information in the hijacked user's account. We develop a cl…
▽ More
We present the first large-scale characterization of lateral phishing attacks, based on a dataset of 113 million employee-sent emails from 92 enterprise organizations. In a lateral phishing attack, adversaries leverage a compromised enterprise account to send phishing emails to other users, benefitting from both the implicit trust and the information in the hijacked user's account. We develop a classifier that finds hundreds of real-world lateral phishing emails, while generating under four false positives per every one-million employee-sent emails. Drawing on the attacks we detect, as well as a corpus of user-reported incidents, we quantify the scale of lateral phishing, identify several thematic content and recipient targeting strategies that attackers follow, illuminate two types of sophisticated behaviors that attackers exhibit, and estimate the success rate of these attacks. Collectively, these results expand our mental models of the 'enterprise attacker' and shed light on the current state of enterprise phishing attacks.
△ Less
Submitted 2 October, 2019;
originally announced October 2019.
-
A Research Framework for Virtual Reality Neurosurgery Based on Open-Source Tools
Authors:
Lukas D. J. Fiederer,
Hisham Alwanni,
Martin Völker,
Oliver Schnell,
Jürgen Beck,
Tonio Ball
Abstract:
Fully immersive virtual reality (VR) has the potential to improve neurosurgical planning. For example, it may offer 3D visualizations of relevant anatomical structures with complex shapes, such as blood vessels and tumors. However, there is a lack of research tools specifically tailored for this area. We present a research framework for VR neurosurgery based on open-source tools and preliminary ev…
▽ More
Fully immersive virtual reality (VR) has the potential to improve neurosurgical planning. For example, it may offer 3D visualizations of relevant anatomical structures with complex shapes, such as blood vessels and tumors. However, there is a lack of research tools specifically tailored for this area. We present a research framework for VR neurosurgery based on open-source tools and preliminary evaluation results. We showcase the potential of such a framework using clinical data of two patients and research data of one subject. As a first step toward practical evaluations, two certified senior neurosurgeons positively assessed the usefulness of the VR visualizations using head-mounted displays. The methods and findings described in our study thus provide a foundation for research and development aiming at versatile and user-friendly VR tools for improving neurosurgical planning and training.
△ Less
Submitted 14 August, 2019;
originally announced August 2019.
-
Cross-paradigm pretraining of convolutional networks improves intracranial EEG decoding
Authors:
Joos Behncke,
Robin Tibor Schirrmeister,
Martin Völker,
Jiří Hammer,
Petr Marusič,
Andreas Schulze-Bonhage,
Wolfram Burgard,
Tonio Ball
Abstract:
When it comes to the classification of brain signals in real-life applications, the training and the prediction data are often described by different distributions. Furthermore, diverse data sets, e.g., recorded from various subjects or tasks, can even exhibit distinct feature spaces. The fact that data that have to be classified are often only available in small amounts reinforces the need for te…
▽ More
When it comes to the classification of brain signals in real-life applications, the training and the prediction data are often described by different distributions. Furthermore, diverse data sets, e.g., recorded from various subjects or tasks, can even exhibit distinct feature spaces. The fact that data that have to be classified are often only available in small amounts reinforces the need for techniques to generalize learned information, as performances of brain-computer interfaces (BCIs) are enhanced by increasing quantity of available data. In this paper, we apply transfer learning to a framework based on deep convolutional neural networks (deep ConvNets) to prove the transferability of learned patterns in error-related brain signals across different tasks. The experiments described in this paper demonstrate the usefulness of transfer learning, especially improving performances when only little data can be used to distinguish between erroneous and correct realization of a task. This effect could be delimited from a transfer of merely general brain signal characteristics, underlining the transfer of error-specific information. Furthermore, we could extract similar patterns in time-frequency analyses in identical channels, leading to selective high signal correlations between the two different paradigms. Classification on the intracranial data yields in median accuracies up to $(81.50 \pm 9.49)\,\%$. Decoding on only $10\%$ of the data without pre-training reaches performances of $(54.76 \pm 3.56)\,\%$, compared to $(64.95 \pm 0.79)\,\%$ with pre-training.
△ Less
Submitted 20 July, 2018; v1 submitted 20 June, 2018;
originally announced June 2018.
-
A large-scale evaluation framework for EEG deep learning architectures
Authors:
Felix A. Heilmeyer,
Robin T. Schirrmeister,
Lukas D. J. Fiederer,
Martin Völker,
Joos Behncke,
Tonio Ball
Abstract:
EEG is the most common signal source for noninvasive BCI applications. For such applications, the EEG signal needs to be decoded and translated into appropriate actions. A recently emerging EEG decoding approach is deep learning with Convolutional or Recurrent Neural Networks (CNNs, RNNs) with many different architectures already published. Here we present a novel framework for the large-scale eva…
▽ More
EEG is the most common signal source for noninvasive BCI applications. For such applications, the EEG signal needs to be decoded and translated into appropriate actions. A recently emerging EEG decoding approach is deep learning with Convolutional or Recurrent Neural Networks (CNNs, RNNs) with many different architectures already published. Here we present a novel framework for the large-scale evaluation of different deep-learning architectures on different EEG datasets. This framework comprises (i) a collection of EEG datasets currently including 100 examples (recording sessions) from six different classification problems, (ii) a collection of different EEG decoding algorithms, and (iii) a wrapper linking the decoders to the data as well as handling structured documentation of all settings and (hyper-) parameters and statistics, designed to ensure transparency and reproducibility. As an applications example we used our framework by comparing three publicly available CNN architectures: the Braindecode Deep4 ConvNet, Braindecode Shallow ConvNet, and two versions of EEGNet. We also show how our framework can be used to study similarities and differences in the performance of different decoding methods across tasks. We argue that the deep learning EEG framework as described here could help to tap the full potential of deep learning for BCI applications.
△ Less
Submitted 25 July, 2018; v1 submitted 18 June, 2018;
originally announced June 2018.
-
Intracranial Error Detection via Deep Learning
Authors:
Martin Völker,
Jiří Hammer,
Robin T. Schirrmeister,
Joos Behncke,
Lukas D. J. Fiederer,
Andreas Schulze-Bonhage,
Petr Marusič,
Wolfram Burgard,
Tonio Ball
Abstract:
Deep learning techniques have revolutionized the field of machine learning and were recently successfully applied to various classification problems in noninvasive electroencephalography (EEG). However, these methods were so far only rarely evaluated for use in intracranial EEG. We employed convolutional neural networks (CNNs) to classify and characterize the error-related brain response as measur…
▽ More
Deep learning techniques have revolutionized the field of machine learning and were recently successfully applied to various classification problems in noninvasive electroencephalography (EEG). However, these methods were so far only rarely evaluated for use in intracranial EEG. We employed convolutional neural networks (CNNs) to classify and characterize the error-related brain response as measured in 24 intracranial EEG recordings. Decoding accuracies of CNNs were significantly higher than those of a regularized linear discriminant analysis. Using time-resolved deep decoding, it was possible to classify errors in various regions in the human brain, and further to decode errors over 200 ms before the actual erroneous button press, e.g., in the precentral gyrus. Moreover, deeper networks performed better than shallower networks in distinguishing correct from error trials in all-channel decoding. In single recordings, up to 100 % decoding accuracy was achieved. Visualization of the networks' learned features indicated that multivariate decoding on an ensemble of channels yields related, albeit non-redundant information compared to single-channel decoding. In summary, here we show the usefulness of deep learning for both intracranial error decoding and mapping of the spatio-temporal structure of the human error processing network.
△ Less
Submitted 2 November, 2018; v1 submitted 4 May, 2018;
originally announced May 2018.
-
Deep Transfer Learning for Error Decoding from Non-Invasive EEG
Authors:
Martin Völker,
Robin T. Schirrmeister,
Lukas D. J. Fiederer,
Wolfram Burgard,
Tonio Ball
Abstract:
We recorded high-density EEG in a flanker task experiment (31 subjects) and an online BCI control paradigm (4 subjects). On these datasets, we evaluated the use of transfer learning for error decoding with deep convolutional neural networks (deep ConvNets). In comparison with a regularized linear discriminant analysis (rLDA) classifier, ConvNets were significantly better in both intra- and inter-s…
▽ More
We recorded high-density EEG in a flanker task experiment (31 subjects) and an online BCI control paradigm (4 subjects). On these datasets, we evaluated the use of transfer learning for error decoding with deep convolutional neural networks (deep ConvNets). In comparison with a regularized linear discriminant analysis (rLDA) classifier, ConvNets were significantly better in both intra- and inter-subject decoding, achieving an average accuracy of 84.1 % within subject and 81.7 % on unknown subjects (flanker task). Neither method was, however, able to generalize reliably between paradigms. Visualization of features the ConvNets learned from the data showed plausible patterns of brain activity, revealing both similarities and differences between the different kinds of errors. Our findings indicate that deep learning techniques are useful to infer information about the correctness of action in BCI applications, particularly for the transfer of pre-trained classifiers to new recording sessions or subjects.
△ Less
Submitted 10 January, 2018; v1 submitted 25 October, 2017;
originally announced October 2017.
-
Acting Thoughts: Towards a Mobile Robotic Service Assistant for Users with Limited Communication Skills
Authors:
Felix Burget,
Lukas Dominique Josef Fiederer,
Daniel Kuhner,
Martin Völker,
Johannes Aldinger,
Robin Tibor Schirrmeister,
Chau Do,
Joschka Boedecker,
Bernhard Nebel,
Tonio Ball,
Wolfram Burgard
Abstract:
As autonomous service robots become more affordable and thus available also for the general public, there is a growing need for user friendly interfaces to control the robotic system. Currently available control modalities typically expect users to be able to express their desire through either touch, speech or gesture commands. While this requirement is fulfilled for the majority of users, paraly…
▽ More
As autonomous service robots become more affordable and thus available also for the general public, there is a growing need for user friendly interfaces to control the robotic system. Currently available control modalities typically expect users to be able to express their desire through either touch, speech or gesture commands. While this requirement is fulfilled for the majority of users, paralyzed users may not be able to use such systems. In this paper, we present a novel framework, that allows these users to interact with a robotic service assistant in a closed-loop fashion, using only thoughts. The brain-computer interface (BCI) system is composed of several interacting components, i.e., non-invasive neuronal signal recording and decoding, high-level task planning, motion and manipulation planning as well as environment perception. In various experiments, we demonstrate its applicability and robustness in real world scenarios, considering fetch-and-carry tasks and tasks involving human-robot interaction. As our results demonstrate, our system is capable of adapting to frequent changes in the environment and reliably completing given tasks within a reasonable amount of time. Combined with high-level planning and autonomous robotic systems, interesting new perspectives open up for non-invasive BCI-based human-robot interactions.
△ Less
Submitted 12 June, 2018; v1 submitted 20 July, 2017;
originally announced July 2017.
-
Topic Modeling of Hierarchical Corpora
Authors:
Do-kyum Kim,
Geoffrey M. Voelker,
Lawrence K. Saul
Abstract:
We study the problem of topic modeling in corpora whose documents are organized in a multi-level hierarchy. We explore a parametric approach to this problem, assuming that the number of topics is known or can be estimated by cross-validation. The models we consider can be viewed as special (finite-dimensional) instances of hierarchical Dirichlet processes (HDPs). For these models we show that ther…
▽ More
We study the problem of topic modeling in corpora whose documents are organized in a multi-level hierarchy. We explore a parametric approach to this problem, assuming that the number of topics is known or can be estimated by cross-validation. The models we consider can be viewed as special (finite-dimensional) instances of hierarchical Dirichlet processes (HDPs). For these models we show that there exists a simple variational approximation for probabilistic inference. The approximation relies on a previously unexploited inequality that handles the conditional dependence between Dirichlet latent variables in adjacent levels of the model's hierarchy. We compare our approach to existing implementations of nonparametric HDPs. On several benchmarks we find that our approach is faster than Gibbs sampling and able to learn more predictive models than existing variational methods. Finally, we demonstrate the large-scale viability of our approach on two newly available corpora from researchers in computer security---one with 350,000 documents and over 6,000 internal subcategories, the other with a five-level deep hierarchy.
△ Less
Submitted 13 April, 2015; v1 submitted 11 September, 2014;
originally announced September 2014.
-
Efficient Algorithms for Distributed Detection of Holes and Boundaries in Wireless Networks
Authors:
Dennis Schieferdecker,
Markus Völker,
Dorothea Wagner
Abstract:
We propose two novel algorithms for distributed and location-free boundary recognition in wireless sensor networks. Both approaches enable a node to decide autonomously whether it is a boundary node, based solely on connectivity information of a small neighborhood. This makes our algorithms highly applicable for dynamic networks where nodes can move or become inoperative.
We compare our algorith…
▽ More
We propose two novel algorithms for distributed and location-free boundary recognition in wireless sensor networks. Both approaches enable a node to decide autonomously whether it is a boundary node, based solely on connectivity information of a small neighborhood. This makes our algorithms highly applicable for dynamic networks where nodes can move or become inoperative.
We compare our algorithms qualitatively and quantitatively with several previous approaches. In extensive simulations, we consider various models and scenarios. Although our algorithms use less information than most other approaches, they produce significantly better results. They are very robust against variations in node degree and do not rely on simplified assumptions of the communication model. Moreover, they are much easier to implement on real sensor nodes than most existing approaches.
△ Less
Submitted 9 March, 2011;
originally announced March 2011.
-
Drawing Binary Tanglegrams: An Experimental Evaluation
Authors:
Martin Nöllenburg,
Danny Holten,
Markus Völker,
Alexander Wolff
Abstract:
A binary tanglegram is a pair <S,T> of binary trees whose leaf sets are in one-to-one correspondence; matching leaves are connected by inter-tree edges. For applications, for example in phylogenetics or software engineering, it is required that the individual trees are drawn crossing-free. A natural optimization problem, denoted tanglegram layout problem, is thus to minimize the number of crossi…
▽ More
A binary tanglegram is a pair <S,T> of binary trees whose leaf sets are in one-to-one correspondence; matching leaves are connected by inter-tree edges. For applications, for example in phylogenetics or software engineering, it is required that the individual trees are drawn crossing-free. A natural optimization problem, denoted tanglegram layout problem, is thus to minimize the number of crossings between inter-tree edges.
The tanglegram layout problem is NP-hard and is currently considered both in application domains and theory. In this paper we present an experimental comparison of a recursive algorithm of Buchin et al., our variant of their algorithm, the algorithm hierarchy sort of Holten and van Wijk, and an integer quadratic program that yields optimal solutions.
△ Less
Submitted 5 June, 2008;
originally announced June 2008.