The growth of user-generated content service platforms has led to people relying on user-generated content (UGC) rather than search engines when searching for and accessing information on the web. Attackers can also use UGC on a UGC service platform to disseminate web-based social engineering (SE) attacks to a large number of people. In this paper, we focus on an event-synced navigation attack, a type of web-based SE attack that generates UGC with links to malicious websites and distributes it synced with a real-life event at a specific time. To understand the attacks in the wild, we propose a three-step system to detect event-synced navigation attacks in real time by capturing the inevitable footprints left by attackers. We evaluate each step of the proposed system and determine that the proposed system can classify malicious and non-malicious UGC with 97% accuracy. In addition, we performed a comprehensive measurement study on event-synced navigation attacks spread from popular UGC platforms. We found that 34.1% of the fully qualified domain names of malicious websites associated with the event-synced navigation attack were spread from two or more UGC platforms. Finally, we also found that 87.8% of FQDN associated with well-known type of malicious websites (i.e., information theft, survey scams, suspicious browser plugin installations, etc.) survive for more than 100 days and that countermeasures taken by the UGC platform only covered 31.0% of the malicious UGC we detected in this study even though the malicious websites were accessed frequently.
In the conventional WWW search or P2P file sharing systems, users search for some information by using the explicit information such as keywords, addresses or content names. However, it is very difficult to obtain real-time information immediately just after serious accident (i.e. fires, earthquake, explosion by terrorism, traffic accidents and so on) happens suddenly. The conventional information systems, whether it is centralized nor distributed, cannot support user accesses, since they cannot provide any contents with the Explicit Information, in such short time. In this paper, we propose a new communication scheme named COC - content oriented communications. In COC, distributed information systems don't observe the explicit information (keywords, addresses, content names, etc.) but the implicit information (locations, time, speed, etc.). This is why we call our system content oriented. In this paper, we introduce COC, which enables us to decrease the personal damage of a disaster in a local area where the disaster occurs by searching and getting some information for the evacuation.
The purpose of this paper is to implement a mechanism, that a wireless mobile terminal can utilize multiple wireless base stations simultaneously and have access to the IPv6 Internet via them, under the environment where it receives different waves from them. For this purpose, we adopted LIN6 as a mobility-transparent protocol, and implements the following functions by adding extensions to LIN6; 1) a LIN6 node can utilize the multiple prefixes received from multiple wireless base stations, and 2) the delays of sending TCP SYN and SYN+ACK are reduced by means of improving the procedure of getting location information
All Android markets are confronted with malicious apps, but they differ in how effective they deal with them. In this study, we evaluate the mitigation efforts of Google Play and four third-party markets. We define three metrics and measure how sensitive they are to different detection results from anti-virus vendors. Malware presence in three third-party markets – Liqucn, eoeMarket and Mumayi – is around ten times higher than in Google Play and Freeware Lovers. Searching for certain keywords in Google Play leads leads to a fifty times higher malware rate than those for popular apps. Finally, we measure malware survival times and find that Google Play seems to be the only market that effectively removes malware, though it contains a cluster of apps flagged as adware and malware over long time periods. This points to different incentives for app markets, anti-virus vendors and users.
Lung nodule classification is a class imbalanced problem, as nodules are found with much lower frequency than non-nodules. In the class imbalanced problem, conventional classifiers tend to be overwhelmed by the majority class and ignore the minority class. We showed that cascaded convolutional neural networks can classify the nodule candidates precisely for a class imbalanced nodule candidate data set in our previous study. In this paper, we propose Fusion classifier in conjunction with the cascaded convolutional neural network models. To fuse the models, nodule probabilities are calculated by using the convolutional neural network models at first. Then, Fusion classifier is trained and tested by the nodule probabilities. The proposed method achieved the sensitivity of 94.4% and 95.9% at 4 and 8 false positives per scan in Free Receiver Operating Characteristics (FROC) curve analysis, respectively.
This paper proposes an adaptive modulation and coding for our previously proposed semi-blind interference suppression on an uplink multiuser massive MIMO system. In a multi-cell environment, inter-cell interference increases as the cell edge is approached. In a multiuser MIMO, orthogonal pilots provide efficient channel estimation. However, orthogonal pilots must be reused in each cell due to the upper bound on the number of orthogonal sequences. This causes a pilot contamination. To suppress inter-user and inter-cell interferences in this environment, we previously proposed a semi-blind interference suppression scheme. However, this approach has a problem of degraded interference suppression performance in certain user terminals when using higher order modulation schemes more than 16QAM. Therefore, we propose to introduce adaptive modulation and coding scheme according to partitioned cell region. In the proposed method, forward error correction is performed at the transmitter (user terminal), and the receiver performs decoding and re-encoding of the transmitted symbol. Additionally, the combination of modulation scheme and coding rate is optimized based on the transmission distance from the base station. This approach can increase interference suppression performance compared to the conventional method.
The increase in phishing attacks through email and short message service (SMS) has shown no signs of deceleration. The first thing we need to do to combat the ever-increasing number of phishing attacks is to collect and characterize more phishing cases that reach end users. Without understanding these characteristics, anti-phishing countermeasures cannot evolve. In this study, we propose an approach using Twitter as a new observation point to immediately collect and characterize phishing cases via e-mail and SMS that evade countermeasures and reach users. Specifically, we propose CrowdCanary, a system capable of structurally and accurately extracting phishing information (e.g., URLs and domains) from tweets about phishing by users who have actually discovered or encountered it. In our three months of live operation, CrowdCanary identified 35,432 phishing URLs out of 38,935 phishing reports. We confirmed that 31,960 (90.2%) of these phishing URLs were later detected by the anti-virus engine, demonstrating that CrowdCanary is superior to existing systems in both accuracy and volume of threat extraction. We also analyzed users who shared phishing threats by utilizing the extracted phishing URLs and categorized them into two distinct groups - namely, experts and non-experts. As a result, we found that CrowdCanary could collect information that is specifically included in non-expert reports, such as information shared only by the company brand name in the tweet, information about phishing attacks that we find only in the image of the tweet, and information about the landing page before the redirect. Furthermore, we conducted a detailed analysis of the collected information on phishing sites and discovered that certain biases exist in the domain names and hosting servers of phishing sites, revealing new characteristics useful for unknown phishing site detection.
With the spread of service platforms that enable users to generate content, people use user-generated content (UGC) to search for and access information on the web instead of search engines. Attackers can also use UGC on a service platform (UGC platform) to spread web-based social engineering (SE) attacks to a large number of people. In this paper, we focus on a type of web-based SE attack, called an event-synced navigation attack, which generates UGC with links navigating users to malicious websites and distribute it synced with a real-life event at a specific time. To understand the attacks in the wild, we propose a new system for detecting event-synced navigation attacks in real time by capturing the inevitable footprints left by attacks that affect a large number of users. We evaluate each of the three steps of the proposed system and finally find that the system can classify malicious and non-malicious UGC with 97% accuracy. Furthermore, we perform a comprehensive measurement study on event-synced navigation attacks spread from popular UGC platforms (Twitter, Facebook, YouTube, and Reddit) and confirm that many event-synced navigation attacks are deployed in the wild.
