121 research outputs found
ShmCaffe: A Distributed Deep Learning Platform with Shared Memory Buffer for HPC Architecture
One of the reasons behind the tremendous success of deep learning theory and applications in the recent days is advances in distributed and parallel high performance computing (HPC). This paper proposes a new distributed deep learning platform, named ShmCaffe, which utilizes remote shared memory for communication overhead reduction in massive deep neural network training parameter sharing. ShmCaffe is designed based on Soft Memory Box (SMB), a virtual shared memory framework. In the SMB framework, the remote shared memory is used as a shared buffer for asynchronous massive parameter sharing among many distributed deep learning processes. Moreover, a hybrid method that combines asynchronous and synchronous parameter sharing methods is also discussed in this paper for improving scalability. As a result, ShmCaffe is 10.1 times faster than Caffe and 2.8 times faster than Caffe-MPI for deep neural network training when Inception\-v1 is trained with 16 GPUs. We verify the convergence of the Inception\-v1 model training using ShmCaffe-A and ShmCaffe-H by varying the number of workers. Furthermore, we evaluate scalability of ShmCaffe by analyzing the computation and communication times per one iteration of deep learning training in four convolutional neural network (CNN) models
Crime Scene Reconstruction: Online Gold Farming Network Analysis
Many online games have their own ecosystems, where players can purchase in-game assets using game money. Players can obtain game money through active participation or "real money trading" through official channels: converting real money into game money. The unofficial market for real money trading gave rise to gold farming groups (GFGs), a phenomenon with serious impact in the cyber and real worlds. GFGs in massively multiplayer online role-playing games (MMORPGs) are some of the most interesting underground cyber economies because of the massive nature of the game. To detect GFGs, there have been various studies using behavioral traits. However, they can only detect gold farmers, not entire GFGs with internal hierarchies. Even worse, GFGs continuously develop techniques to hide, such as forming front organizations, concealing cyber-money, and changing trade patterns when online game service providers ban GFGs. In this paper, we analyze the characteristics of the ecosystem of a large-scale MMORPG, and devise a method for detecting GFGs. We build a graph that characterizes virtual economy transactions, and trace abnormal trades and activities. We derive features from the trading graph and physical networks used by GFGs to identify them in their entirety. Using their structure, we provide recommendations to defend effectively against GFGs while not affecting the existing virtual ecosystem.
Pricing data tampering in automated fare collection with NFC-equipped smartphones
Automated Fare Collection (AFC) systems have been globally deployed for decades, particularly in the public transportation network where the transit fee is calculated based on the length of the trip (a.k.a., distance-based pricing AFC systems). Although most messages of AFC systems are insecurely transferred in plaintext, system operators did not pay much attention to this vulnerability, since the AFC network is basically isolated from the public network (e.g., the Internet) - there is no way of exploiting such a vulnerability from the outside of the AFC network. Nevertheless, in recent years, the advent of Near Field Communication (NFC)-equipped smartphones has opened up a channel to invade into the AFC network from the mobile Internet, i.e., by Host-based Card Emulation (HCE) over NFC-equipped smartphones. In this paper, we identify a novel paradigm of attacks, called LessPay, against modern distance-based pricing AFC systems, enabling users to pay much less than what they are supposed to be charged. The identified attack has two important properties: 1) it is invisible to AFC system operators because the attack never causes any inconsistency in the back-end database of the operators; and 2) it can be scalable to affect a large number of users (e.g., 10,000) by only requiring a moderate-sized AFC card pool (e.g., containing 150 cards). To evaluate the efficacy of the attack, we developed an HCE app to launch the LessPay attack; and the real-world experiments demonstrate not only the feasibility of the LessPay attack (with 97.6 percent success rate) but also its low cost in terms of bandwidth and computation. Finally, we propose, implement and evaluate four types of countermeasures, and present security analysis and comparison of these countermeasures on defending against the LessPay attack.Ministry of Education (MOE)National Research Foundation (NRF)This work is supported by the National Key R&D Program of China under grant 2018YFB1004700, the High-Tech R&D Program of China (“863–China Cloud” Major Program) under grant 2015AA01A201, the National Natural Science Foundation of China (NSFC) under grants 61471217, 61432002 and 61632020. M. Li is supported by the Singapore MOE Tier-1 grant RG125/17, Tier-2 grant MOE2016-T2-2- 023, and NTU CoE grant M4081879. Aziz Mohaisen is supported by NSF under grant CNS-1643207 and NRF under grant NRF-2016K1A1A2912757
Towards Automatic and Lightweight Detection and Classification of Malicious Web Contents
Defending Internet of Things Against Malicious Domain Names using D-FENS
Malicious domain names have long been pervasive in the global DNS (Domain Name System) infrastructure and lend themselves to undesirable activities such as phishing or even DNS-based attacks like distributed denial-of-service (DDoS) and DNS rebinding. With the rise and explosive growth of the Internet of Things (IoT), adversaries are exploiting these devices which typically lack security measures to launch DNS-based attacks through malicious domain names. Typical countermeasures against such malicious domain names employ blacklists and whitelists to determine which domain names should be resolved. While these domain lists offer fast lookup times, they require carefully curated and up-to-date information which tends to fall short of detecting newly-registered malicious domain names. In this work, we present a system called D-FENS (DNS Filtering & Extraction Network System) which works in tandem with blacklists and features a live DNS server and binary classifier to accurately predict unreported malicious domain names. The D-FENS classifier model operates at the character-level and leverages the use of deep learning architectures such as Convolutional Neural Networks (CNN) and Long Short-Term Memory networks (LSTM) for real-time classification which forgoes the need for feature-engineering typically associated with traditional machine learning approaches. Sourcing from free and open datasets, we evaluate our system and achieve a 0.95 area under the receiver operating characteristic curve for binary classification. By accurately predicting unreported malicious domain names in real-time, D-FENS prevents Internet-connected systems from unknowingly connecting to potentially malicious domain names
Leakage of .onion at the DNS Root: Measurements, Causes, and Countermeasures
The Tor hidden services, one of the features of the Tor anonymity network, are widely used for providing anonymity to services within the Tor network. Tor uses the.onion pseudo-top-level domain for naming convention and to route requests to these hidden services. The.onion namespace is not delegated to the global domain name system (DNS), and Tor is designed in such a way that all.onion queries are routed within the Tor network. However, and despite the careful design of Tor, numerous.onion requests are still today observed in the global DNS infrastructure, thus calling for further investigation. In this paper, we present the state of.onion requests received at the global DNS and as viewed from two large DNS traces: a continuous period of observation at the A and J DNS root nodes over a longitudinal period of time and a synthesis of Day In The Life of the Internet data repository that gathers a synchronized DNS capture of two days per year over multiple years. We found that.onion leakage in the DNS infrastructure to be both prevalent and persistent. Our characterization of the leakage shows various features, including high volumes of leakage that are diverse, geographically distributed, and targeting various types of hidden services. Furthermore, we found that various spikes in the.onion request volumes can be correlated with various global events, including geopolitical events. We attribute the leakage to various causes that are plausible based on various assessments, and provide various remedies with varying benefits
- …
