Your search keyword '"Browsers"' showing total 744 results

51. Breaking WebAssembly Crypto Miner Detection by Obfuscation

Author

Ekner, Gustav and Ekner, Gustav

Abstract

Blockchain-based cryptocurrencies is a fairly new concept with a worldwide spread, and there is a massive amount of currencies. Several of them involve so-called currency mining, a feature of Proof-of-Work based blockchains. One problem with currency mining is that it can be performed when visiting websites in the user's browser, exploiting the user's resources and consuming energy. This has spawned a wide variety of crypto mining detection algorithms in the research. A particular issue that can make detection difficult is if the code of the miner has been obfuscated. Because of the limited research on detecting obfuscated miners, this thesis selects a state-of-the-art detection algorithm and uses it to analyze crypto miners obfuscated with various obfuscation techniques. A dataset of Wasm binaries is constructed by filtering out miners with the help of the detection algorithm. The result indicates that multiple obfuscation techniques, all trivial to implement with basic find-and-replacement, are highly effective at hindering the miner detector. Some techniques lower the detection rate by 100% on the dataset. The effectiveness seems to depend primarily on how many lines are modified in the program, and secondly on what modifications exactly are performed. Also, the obfuscated samples do not take a longer time to analyze, on the contrary, the mean execution time of the detection algorithm becomes primarily shorter. The conclusion is that more research must be done in constructing detection algorithms robust towards code obfuscation, and that the detection rate of today's algorithms might be misleading if there is a large amount of obfuscated miners on the web., Blockkedjebaserade kryptovalutor är ett relativt nytt koncept som spridit sig globalt, och det finns en uppsjö med kryptovalutor. Flera av dem involverar mining (”valutagrävning”), en företeelse hos Proof-of-work-baserade blockkedjor. Ett problem med mining är att det kan genomföras när en användare besöker webbsidor i webbläsaren, och därmed utnyttja användarens resurser och förbruka onödig energi. Detta har lett till forskning på flera olika typer av detektorer för mining. Ett särskilt problem som kan försvåra detektering är om miner-koden har obfuskerats. På grund av den begränsade forskningen på att detektera obfuskerade miner-program väljs i detta examensarbete en state-of-the-art-algoritm för detektering, och denna används för att analysera miner-program obfuskerade med olika obfuskeringstekniker. Ett dataset av Wasm-binärer konstrueras genom att filtrera ut miner-program med hjälp av detekteringsalgoritmen. Resultatet indikerar att flera obfuskeringstekniker, samtliga triviala att implementera med grundläggande hitta-och-ersätt-operationer, är mycket effektiva för att hindra detektorn. Vissa tekniker minskar detekteringsgraden med 100% på det dataset som används. Effektiviteten verkar primärt bero på hur många rader som är modifierade i programmet, och sekundärt på exakt vad för slags modifikation som genomförs. Dessutom tar de obfuskerade programmen inte längre tid att analysera, i själva verket är genomsnittstiden för detekteringsalgoritmen i huvudsak kortare jämfört med de ej obfuskerade. Slutsatsen är att mer forskning måste genomföras för att konstruera detekteringsalgoritmer som är robusta mot kodobfuskering, och detekteringsgraden hos dagens detekteringsalgoritmer kan vara vilseledande om det finns en stor mängd obfuskerade miner-program på webben.

Published

2023

52. Fisheries restrictions and their cascading effects on herbivore abundance and macroalgae removal at Kenyan coral reefs

Author

Knoester, Ewout G., Plug, Veerle, Murk, Albertinka J., Sande, Susan O., Osinga, R., Knoester, Ewout G., Plug, Veerle, Murk, Albertinka J., Sande, Susan O., and Osinga, R.

Abstract

The increase of macroalgae at degraded reefs impedes several ecosystem services and calls for effective methods to facilitate a return to coral dominance. Removal of macroalgae (browsing) is typically realized by fish, but the role and identity of browsers at the heavily-fished East African coast is still largely unknown. This study investigated how browsing pressure at Kenyan reefs (−4.700, 39.396) related to fisheries management and herbivore community. From October 2018 to January 2019, consumption during 24-h buffet assays using the brown macroalgae Sargassum and Padina was determined and video recorded at six sites: two in fished zones, two in marine reserves (traditional fishing allowed) and two in no-take zones. Herbivorous fish composition, biomass and sea urchin density were also determined. Consumption of Sargassum and Padina was nearly three-fold lower in the fished zones (26% and 28% of macroalgal biomass consumed, respectively) compared to the no-take zones (62% and 82%), with intermediate consumption in the marine reserves (48% and 71%). Herbivore biomass was seven-fold higher in no-take zones and included substantially more browsers (mainly unicornfishes, Naso spp.) and scrapers (scarids), which were associated with the higher browsing pressure. Browsers and scrapers were predominantly responsible for the consumption of macroalgae as determined by video recordings, though key species differed across sites. In contrast, damselfish-dominated fished sites were associated with high sea urchin densities and low browsing pressure. These results indicate that fishing restrictions are likely to support reef resilience by increasing herbivorous fish biomass of key species and thereby promote macroalgae removal.

Published

2023

53. A first assessment of megaherbivore subsidies in artificial waterholes in Hwange National Park, Zimbabwe.

Author

Hulot, Florence D., Prijac, Antonin, Lefebvre, Jean-Pierre, Msiteli-Shumba, Stembile, and Kativu, Shakkie

Subjects

*ATMOSPHERIC nitrogen, *NATIONAL parks & reserves, *SUBSIDIES, *DOMESTIC animals, *ORGANIC compounds, *MANURES

Abstract

The transfer of terrestrial organic matter by terrestrial wild and domestic animals when they urinate and defecate directly in Savanna Rivers has already been studied. However, the eulittoral zone around waterholes receives organic matter during the dry season, which is diluted in the ecosystem when the waterholes returns to its wet season level. In our study, we evaluated this pathway of subsidies in Hwange National Park, Zimbabwe, by estimating dung density in the eulittoral zone at the peak of the dry season. We also collected dung from different herbivore species during the dry and wet seasons to measure nutrient content and estimate nitrogen and phosphorus leaching rates. Our results show a decrease in carbon:phosphorus and nitrogen:phosphorus ratios in the dry season compared to the wet season. During the dry season, the deposition of total carbon, nitrogen, and phosphorus, mostly due to elephants, is estimated to be 8.65, 0.25, and 0.06 g/m2/day, respectively, while the leaching rates of dissolved inorganic nitrogen and phosphorus are 1.52 mg and 6.59 mg m2/day, respectively. No specific coloured dissolved organic matter signature for dung was identified. We discuss the temporal dynamics of the subsidies as a distinctive feature of the system. [ABSTRACT FROM AUTHOR]

Published

2019

54. Exposing Cookie Policy Flaws Through an Extensive Evaluation of Browsers and Their Extensions.

Author

Franken, Gertjan, Van Goethem, Tom, and Joosen, Wouter

Abstract

Online abuses give browser users an incentive to employ third-party cookie policies. These policies, built directly into the browser or provided through extensions, are intended to enhance the user's security and privacy. Unfortunately, virtually every policy can be bypassed. [ABSTRACT FROM AUTHOR]

Published

2019

55. MODELO DE DIFUSÃO DE BASS ADAPTADO À PENETRAÇÃO DE MERCADO DE E-COMMERCE COM FOCO NO POSICIONAMENTO ORGÂNICO DE BUSCADORES.

Author

de Queiroz, Alexandre Hering, Rojas Lezana, Álvaro Guilhermo, and Uriona Maldonado, Maurício

Abstract

Copyright of Revista Producao Online is the property of Associacao Brasileira de Engenharia de Producao and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2019

56. Effects of pruning on the concentration of secondary metabolites in Colophospermum mopane leaves.

Author

Makhado, Rudzani A, Potgieter, Martin J, and Luus-Powell, Wilmien J

Subjects

METABOLITES, LEAVES, FORAGE plants, TREE pruning, LEAF growth, GROWING season

Abstract

Colophospermum mopane, commonly known as mopane, produces secondary metabolites during the growing season. However, there is still insufficient knowledge on the quantity of secondary metabolites and the effect of browsers on the concentration of secondary metabolites. A pruning experiment was conducted in the Musina Nature Reserve, Limpopo province, South Africa, to simulate the effect of browsers on the concentration of secondary metabolites in mopane leaves. The twigs from 40 selected experimental mopane trees were pruned back 50 mm from their tips using a hand shear. The total amount of leaf and shoot biomass removed from branches of selected experimental trees was less than 10%. Three independent samples composed of seven mopane leaves per 40 mopane trees were randomly collected from the canopies of experimental and control trees per sampling event. The dried leaves from each three independent samples were then mixed separately and a pooled sample of 10 g per treatment per sample cycle (55 d) was used for determination of total phenols (TP), condensed tannins (CT) and protein-precipitating tannins (PPT). Results showed that <10% pruning does not have an effect on the amount of secondary metabolites in the mopane leaves. The concentration of TP, CT and PPT increased during leaf flush in October and then declined as the leaves matured and aged. It is concluded that the amount of secondary metabolites in mopane leaves is not dependent on <10% pruning, but appeared to be associated with leaf growth stages. The ability of mopane to produce secondary metabolites has implications on the seasonal diet composition and distribution of browsers in mopane woodland. [ABSTRACT FROM AUTHOR]

Published

2019

57. A Longitudinal View of Dual-Stacked Websites—Failures, Latency and Happy Eyeballs.

Author

Bajpai, Vaibhav and Schonwalder, Jurgen

Subjects

WEBSITES, CASCADING style sheets, EYE, INTERNET content, INTERNET protocols

Abstract

IPv6 measurement studies have focussed on measuring IPv6 adoption, while studies on measuring IPv6 performance have either become dated or only provide a snapshot view. We provide a longitudinal view of the performance of dual-stacked websites. We show that (since 2013) latency towards ALEXA 10K websites with AAAA entries over the six years have reduced by 29% over IPv4 and by 57% over IPv6. As of Dec 2018, 56% of these websites are faster over IPv6 with 95% of the rest being at most 1 ms slower. We also identify glitches in web content delivery that once fixed can help improve the user experience over IPv6. Using a publicly available dataset, we show that 40% of ALEXA 1M websites with AAAA entries were not accessible over IPv6 in 2009. These complete failures have reduced to 1.9% as of Jan 2019. However, our data collection on partial failures helps identify further that 27% of these popular websites with AAAA entries still suffer from partial failure over IPv6. These partial failures are affected by DNS resolution errors on images, javascript and CSS content. For 12% of these websites, more than half of the content belonging to same-origin sources fails over IPv6, while analytics and third-party advertisements contribute to failures from cross-origin sources. Our results also contribute to the IETF standardisation process. We witness that using an happy eyeballs timer value of 250 ms, clients prefer IPv6 connections to 99% of ALEXA 10 K websites (with AAAA entries) more than 96% of the time. Although, this makes clients prefer slower IPv6 connections in 81% of the cases. Our results show that a Happy Eyeballs (MBA) timer value of 150 ms does not severly affect IPv6 preference towards websites. The entire dataset presenting results on partial failures, latency and HE used in this paper is publicly released. [ABSTRACT FROM AUTHOR]

Published

2019

58. Using Variable Dwell Time to Accelerate Gaze-Based Web Browsing with Two-Step Selection.

Author

Chen, Zhaokang and Shi, Bertram E.

Subjects

*USER interfaces, *WEB browsing, *COMMAND languages (Computer science), *HYPERLINKS, *ERROR rates, *PROBABILITY theory, *HEURISTIC

Abstract

In order to avoid the "Midas Touch" problem, gaze-based interfaces for selection often introduce a dwell time: a fixed amount of time the user must fixate upon an object before it is selected. Past interfaces have used a uniform dwell time across all objects. Here, we propose a gaze-based browser using a two-step selection policy with variable dwell time. In the first step, a command (e.g., "back" or "select") is chosen from a menu using a dwell time that is constant across the different commands. In the second step, if the "select" command is chosen, the user selects a hyperlink using a dwell time that varies between different hyperlinks. We assign shorter dwell times to more likely hyperlinks and longer dwell times to less likely hyperlinks. In order to infer the likelihood each hyperlink will be selected, we have developed a probabilistic model of natural gaze behavior while surfing the web. We have evaluated a number of heuristic and probabilistic methods for varying the dwell times using both simulation and experiment. Our results demonstrate that varying dwell time improves the user experience in comparison with fixed dwell time, resulting in fewer errors and increased speed. While all of the methods for varying dwell time resulted in improved performance, the probabilistic models yielded much greater gains than the simple heuristics. The best performing model reduces error rate by 50% compared to 100ms uniform dwell time while maintaining a similar response time. It reduces response time by 60% compared to 300ms uniform dwell time while maintaining a similar error rate. [ABSTRACT FROM AUTHOR]

Published

2019

59. Sensor-Based Mobile Web Cross-Site Input Inference Attacks and Defenses.

Author

Zhao, Rui, Yue, Chuan, and Han, Qi

Abstract

In this paper, we investigate the accelerometer and gyroscope motion sensor-based cross-site input inference attacks that may compromise the security of many mobile Web users, and quantify the extent to which they can be effective. We formulate our attacks as a typical multi-class classification problem and build an inference framework that trains a classifier in the training phase and predicts the user’s new inputs in the attacking phase. To make our attacks effective and realistic, we design unique techniques and address major data quality and data segmentation challenges. We intensively evaluate the effectiveness of our attacks using 98 691 keystrokes collected from 20 participants. Overall, our attacks are effective, for example, they are about 10.8 times more effective than the random guessing attacks regarding inferring letters. We also perform experiments to evaluate the effect of using the data perturbation defense techniques on decreasing the accuracy of our input inference attacks. Our results demonstrate that researchers, smartphone vendors, and app developers should pay serious attention to the motion sensor-based cross-site input inference attacks that can be pervasively performed, and start to design and deploy effective defense techniques. [ABSTRACT FROM AUTHOR]

Published

2019

60. Device Fingerprinting and Identification

Author

Alfaraj, Omar Khalid

Subjects

browsers, personal data, cookies, Fingerprints, uniqueness, verification

Abstract

Browsers are our portal to the web, and if users want a secure, adequate and smart services, websites need to know some information about their browser, operating system and their hardware device. Modern day browsers have evolved a lot; browsers that provide the beauty of the web also provide a dark side, a rich environment of exploitable information that can identify a device. This is called “device fingerprinting,” which is the technique of identifying visitors of a website and verifying if they are who they claim to be. The idea of fingerprinting is to gather some data that helps to recognize the user amongst others. The data collected could be categorized into three main types: Firstly, the device-related data such as graphics card type, and CPU information. Secondly, the information related to the software such as operating system and browser. Thirdly, the user behavioral data such as the mouse speed and keyboard pattern. Websites used to use cookies for identification, however, there is a new and better methodology nowadays. This paper will show what can be used for device fingerprinting as an alternative to cookies. I conclude that there is always a trade-off between privacy and a good service on the internet. Keywords: Fingerprints, browsers, uniqueness, verification, personal data, cookies. Title: Device Fingerprinting and Identification Author: Omar Khalid Alfaraj International Journal of Computer Science and Information Technology Research ISSN 2348-1196 (print), ISSN 2348-120X (online) Vol. 11, Issue 1, January 2023 - March 2023 Page No: 71-78 Research Publish Journals Website: www.researchpublish.com Published Date: 22-March-2023 DOI: https://doi.org/10.5281/zenodo.7759680 Paper Download Link (Source) https://www.researchpublish.com/papers/device-fingerprinting-and-identification, International Journal of Computer Science and Information Technology Research, ISSN 2348-1196 (print), ISSN 2348-120X (online), Research Publish Journals, Website: www.researchpublish.com

Published

2023

61. Fisheries restrictions and their cascading effects on herbivore abundance and macroalgae removal at Kenyan coral reefs

Author

Ewout Geerten Knoester, Veerle Eline Plug, AJ Murk, Susan Okoth Sande, and Ronald Osinga

Subjects

Reef restoration, Marine Animal Ecology, WIMEK, Padina, Browsers, Sargassum, WIAS, Mariene Dierecologie, Aquatic Science, Grazers, Protected area, Ecology, Evolution, Behavior and Systematics

Abstract

The increase of macroalgae at degraded reefs impedes ecosystem services and calls for effective methods to facilitate a return to coral dominance. Removal of macroalgae (i.e. browsing) is typically realized by fish, but the role and identity of browsers at the heavily-fished East African Coast is still largely unknown. This study investigated how browsing pressure at Kenyan reefs (-4.700, 39.396) related to fisheries management and herbivore abundance. From October 2018 to January 2019, consumption during 24-h buffet assays using the brown macroalgae Sargassum and Padina was determined and video recorded at six sites: two in fished zones, two in marine reserves (traditional fishing allowed) and two in no-take zones. Herbivorous fish composition and biomass and urchin abundance were also determined. Consumption of both Sargassum and Padina was significantly lower in the fished zones (25% and 27% of macroalgal biomass consumed, respectively) compared to the no-take zones (66% and 81%), with intermediate consumption in the marine reserves (49% and 73%). Biomasses of herbivorous fish (browsers, grazers and scrapers) were between 3 to 30 times higher in the protected zones, whereas sea urchins and territorial damselfish were more abundant in fished zones. Macroalgae consumption correlated positively with the biomass of browsing and grazing fish and negatively with sea urchin abundance. Fish from various functional groups were identified as dominant browsers and these differed strongly across sites. These results indicate that fishing restrictions are likely to support reef resilience by increasing herbivorous fish biomass of key species and thereby promote macroalgae removal.

Published

2023

62. Performance Evaluation of Web Browsers in Android

Author

Harsha Prabha, E, Piraviperumal, Dhivya, Naik, Dinesh, Kamath, Sowmya, Prasad, Gaurav, and Das, Vinu V., editor

Published

2013

63. Intuitive Large Image Database Browsing Using Perceptual Similarity Enriched by Crowds

Author

Padilla, Stefano, Halley, Fraser, Robb, David A., Chantler, Mike J., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Wilson, Richard, editor, Hancock, Edwin, editor, Bors, Adrian, editor, and Smith, William, editor

Published

2013

64. On Influential Trends in Interactive Video Retrieval: Video Browser Showdown 2015–2017.

Author

Lokoc, Jakub, Bailer, Werner, Schoeffmann, Klaus, Muenzer, Bernd, and Awad, George

Abstract

The last decade has seen innovations that make video recording, manipulation, storage, and sharing easier than ever before, thus impacting many areas of life. New video retrieval scenarios emerged as well, which challenge the state-of-the-art video retrieval approaches. Despite recent advances in content analysis, video retrieval can still benefit from involving the human user in the loop. We present our experience with a class of interactive video retrieval scenarios and our methodology to stimulate the evolution of new interactive video retrieval approaches. More specifically, the video browser showdown evaluation campaign is thoroughly analyzed, focusing on the years 2015–2017. Evaluation scenarios, objectives, and metrics are presented, complemented by the results of the annual evaluations. The results reveal promising interactive video retrieval techniques adopted by the most successful tools and confirm assumptions about the different complexity of various types of interactive retrieval scenarios. A comparison of the interactive retrieval tools with automatic approaches (including fully automatic and manual query formulation) participating in the TRECVID 2016 ad hoc video search task is discussed. Finally, based on the results of data analysis, a substantial revision of the evaluation methodology for the following years of the video browser showdown is provided. [ABSTRACT FROM AUTHOR]

Published

2018

65. Termites confer resistance to changes in tree composition following reduced browsing in an African savanna.

Author

Michalet, Richard, Acanakwo, Erik F., Sheil, Douglas, Moe, Stein R., and Okullo, Paul

Subjects

*TREES, *TERMITES, *HERBIVORES, *UNGULATES, *MOUNDS (Archaeology)

Abstract

Questions: Ungulates affect plant community structure and composition. Vegetation response to these effects are variable. Wild large herbivore populations are declining globally, but how tree communities respond to this change is not clear. We experimentally examined how tree communities respond to changes in ungulate abundance in a heterogeneous landscape. Location: Lake Mburo National Park, Uganda. Methods: We recorded tree species in nine replicate sites each with four treatment plots: fenced off‐mound (excluding ungulates), unfenced off‐mound, fenced and unfenced on‐mound. Each species was assessed for fruit type, leafing strategy, spinescence and bark thickness. We compared tree communities on‐ and off‐mound, with and without ungulates using PERMANOVA, and the effects of habitat, fencing and time on stem density and traits using generalized linear mixed effects model. Results: Stem density increased by 88% off‐mound and 138% on‐mound (p = 0.005) with fencing, between 2006 and 2015. Whether tree communities occurred on‐ or off‐mound determined species composition, but fencing had little effect. Tree traits were not markedly altered by fencing on‐mound. Off‐mound, fencing was associated with a 38% increase in the proportion of fleshy‐fruited tree stems (p < 0.001), 18% decline in armed tree stems (p = 0.035) and a 44% reduction in mean bark thickness (p = 0.001). Conclusion: Our study highlights the important role mounds play in maintaining tree community composition with declining ungulate abundance. While ungulates influence tree communities off‐mounds they have little effect on tree composition and traits of mound‐borne trees. Thus, Macrotermes mounds support distinct tree communities that are robust to exclusion of ungulates. Tree community response to loss of wild ungulate populations is unclear. We recorded tree species on‐ and off‐mound habitats, with and without ungulates. We found that stem density increased both on‐ and off‐mound in the absence of ungulates. Species composition was determined by habitat type, but not ungulate exclusion. Termite‐mounds maintain distinct tree communities that are robust to ungulate loss. [ABSTRACT FROM AUTHOR]

Published

2018

66. A Component Architecture for the Internet of Things.

Author

Brooks, Christopher, Jerady, Chadlia, Kim, Hokeun, Lee, Edward A., Lohstroh, Marten, Nouvelletz, Victor, Osyk, Beth, and Weber, Matt

Subjects

INTERNET of things, CYBER physical systems, CLOUD computing, COMPUTER architecture, SEMANTICS

Abstract

In this paper, we describe a component-based software architecture for the Internet of Things in which proxies for Things and services that we call “accessors” interact with one another under a concurrent, time-stamped, discrete-event (DE) semantics. These proxies are analogous to web pages, which proxy a cloud-based service such as a bank, but instead of being designed to interface those services with humans, accessors are designed to interface services and Things with other services and Things. A deterministic DE semantics is combined with a widely used pattern for handling network interactions that we call asynchronous atomic callbacks (AACs). AAC enables many concurrent pending requests to be active at once without blocking and without the treacherous concurrency pitfalls of threads. In effect, our architecture combines AAC with actors where the actor model has been endowed with a temporal semantics. We show how this architecture can leverage the previously reported secure swarm toolkit (SST) to achieve stateof- the-art authentication, authorization, and encryption of interactions across networks. [ABSTRACT FROM AUTHOR]

Published

2018

67. Proposed Approach to Detect Phishing Webpage Based on Multi-Browsers.

Author

Wahab, Hala Bahjet Abdul and Abed, Thikra M.

Subjects

PHISHING, IDENTITY theft, INTERNET security, COMPUTER security, SPAM email

Abstract

Copyright of Diyala Journal for Pure Science is the property of Republic of Iraq Ministry of Higher Education & Scientific Research (MOHESR) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

68. Botnet in the Browser: Understanding Threats Caused by Malicious Browser Extensions.

Author

Perrotta, Raffaello and Hao, Feng

Abstract

Browser extension systems risk exposing APIs, which are too permissive and cohesive with the browser’s internal structure, leaving a hole for malicious developers to exploit security critical functionality. We present a botnet framework based on malicious browser extensions and provide an exhaustive range of attacks that can be launched in this framework. [ABSTRACT FROM AUTHOR]

Published

2018

69. Toward Rendering-Latency Reduction for Composable Web Services via Priority-Based Object Caching.

Author

Hu, Han, Li, Yuanlong, and Wen, Yonggang

Abstract

Web services serve as the cornerstone of the Internet for rendering webpages. The initial rendering latency of webpages, which depends on a subset of critical objects required by the webpage, is a key metric for web services. In this work, we propose to identify this set of critical objects systematically with the goal of caching them at a higher priority to reduce the initial rendering time. We first conduct a measurement study on a mainstream content delivery network provider, the results of which suggest that not all currently cached objects are critical and that only a small portion of the critical objects are cached. Thus, we model the critical-object aware caching scheme as a constrained optimization problem. Using the stochastic optimization framework, we decompose the problem into a set of one-shot optimization problems, which are proved to be NP-hard. We then develop two greedy algorithms with different computational complexity but the same performance bound. Finally, we integrate the resulting approximation algorithms into an online algorithm. Through trace-based simulations, we verify that our proposed algorithm can reduce service latency and network traffic by ensuring a higher cache hit ratio. [ABSTRACT FROM AUTHOR]

Published

2018

70. Tapir: Automation Support of Exploratory Testing Using Model Reconstruction of the System Under Test.

Author

Bures, Miroslav, Frajtak, Karel, and Ahmed, Bestoun S.

Subjects

*SOFTWARE reengineering, *AUTOMATION, *WEBSITES, *METADATA, *IMAGE reconstruction

Abstract

For a considerable number of software projects, the creation of effective test cases is hindered by design documentation that is either lacking, incomplete, or obsolete. The exploratory testing approach can serve as a sound method in such situations. However, the efficiency of this testing approach strongly depends on the method, the documentation of explored parts of a system, the organization and distribution of work among individual testers on a team, and the minimization of potential (very probable) duplicities in performed tests. In this paper, we present a framework for replacing and automating a portion of these tasks. A screen-flow-based model of the tested system is incrementally reconstructed during the exploratory testing process by tracking testers’ activities. With additional metadata, the model serves for an automated navigation process for a tester. Compared with the exploratory testing approach, which is manually performed in two case studies, the proposed framework allows the testers to explore a greater extent of the tested system and enables greater detection of the defects present in the system. The results show that the time efficiency of the testing process improved with the framework support. This efficiency can be increased by team-based navigational strategies that are implemented within the proposed framework, which is documented by another case study presented in this paper. [ABSTRACT FROM AUTHOR]

Published

2018

71. Access Types Effect on Internet Video Services and Its Implications on CDN Caching.

Author

Xie, Gaogang, Li, Zhenyu, Kaafar, Mohamed Ali, and Wu, Qinghua

Subjects

*CONTENT delivery networks, *DIGITAL video, *DIGITAL image processing, *VIDEO on demand, *CACHE memory

Abstract

Video providers heavily rely on geographically distributed content distribution networks (CDNs) to place video content as close to users as possible, with an aim of improving video quality and avoiding single point of failure at the server side. The effectiveness of CDNs is mostly dependent on the content consumption patterns. Currently, video providers are offering access to content from different platforms (e.g., mobile devices and PC clients), which might result in distinct video content consumption patterns and finally affect the efficiency of CDN caching. Nevertheless, the access type effect on Internet videos is not well understood. In this paper, using a data set consisting of 26 million video requests of a large-scale commercial video-on-demand system, we study the effect of three main access types, i.e., proprietary software on PC clients, Web browser, and mobile apps. Several observations suggest that access types should be considered carefully in CDN design. In particular, the user engagement, user interests in content, and video popularity dynamics patterns, three important factors for video caching, vary remarkably in the three access types. Leveraging off our findings, we propose an access type-aware CDN caching system that associates a cache for each access type and also several optimizations, including partial caching of videos based on chunk-level caching, cross-platform read-only cache access, and prefiltering of the least popular videos. Trace-driven simulations demonstrate that the access type-aware CDN caching achieves high cache hit rate and, more importantly, greatly reduces the disk load that is measured by the number of cache replacement operations. [ABSTRACT FROM PUBLISHER]

Published

2018

72. A New User Front End for EAST Remote Participation.

Author

Sun, Xiaoyang, Ji, Zhenshan, Wang, Feng, and Wang, Yang

Subjects

*TOKAMAKS, *REMOTE handling (Radioactive substances), *SUPERCONDUCTING device testing, *NUCLEAR reactors, *NUCLEAR fusion, *EQUIPMENT & supplies, DESIGN & construction

Abstract

The Web-based remote participation system for experimental advanced superconducting tokamak (EAST RPS) has been developed to provide a high-efficient and low-cost way to meet international collaboration requirements. The EAST RPS team focused on the extension, update, and optimization for the RPS during last two years. In the first version, EAST RPS has established Apache-Flex based front-end components to provide a platform-independent user interface. However, some Web browsers, such as Firefox, Google Chrome, and Microsoft Edge, and operation systems (iOS and android) stop supporting or disable the flash player plugin by default, and the Flex technology will become less relevant in the future. The purpose of this paper is to provide an update of the RPD in EAST. The front-end migration should be a priority to update the EAST RPS. The open source, cross-platform, maintainability, and life cycle are the key features that the front-end platform must have. The technical solutions for the new user front end for EAST RPS are offered in this paper. [ABSTRACT FROM AUTHOR]

Published

2018

73. Plausible Deniability in Web Search—From Detection to Assessment.

Author

Mac Aonghusa, Pol and Leith, Douglas J.

Abstract

Web personalization uses what systems know about us to create content targeted at our interests. When unwanted personalization suggests we are interested in sensitive or embarrassing topics, a natural reaction is to deny interest. This is a practical response only if denial of our interest is credible or plausible. Adopting a definition of plausible deniability in the usual sense of “on the balance of probabilities,” we develop a practical and scalable tool called PDE, allowing a user to decide when their ability to plausibly deny interest in sensitive topics is compromised. We show that threats to plausible deniability are readily detectable for all the topics tested in an extensive testing program. Of particular concern is observation of threats to deniability of interest in topics related to health and sexual preferences. We show that this remains the case when attempting to disrupt search engine learning through noise query injection and click obfuscation. We design a defense technique exploiting uninteresting, proxy topics and show that it provides a more effective defense of plausible deniability in our experiments. [ABSTRACT FROM PUBLISHER]

Published

2018

74. Fast Physics on the Web Using C++, JavaScript, and Emscripten.

Author

Zakai, Alon

Subjects

C++, JAVASCRIPT programming language, WEB browsers, COMPUTER simulation, SCRIPTING languages (Computer science), SOFTWARE engineering

Abstract

The web is now capable of running computationally intensive code at near-native speed, enabling new types of content such as physics simulations to be easily shared online. In this article, the author shows how to do just that by writing code in C++ and compiling it to the web with the open-source Emscripten tool, which generates asm.js, a fast subset of JavaScript that runs in all web browsers. [ABSTRACT FROM AUTHOR]

Published

2018

75. Hopf bifurcation in a grazing system with two delays.

Author

Mendy, A., Tewa, J.J., Lam, M., and Tchinda Mouofo, P.

Subjects

*HOPF bifurcations, *LIFE zones, *FOOD chains, *MATHEMATICAL models, *QUALITATIVE chemical analysis, *DYNAMICAL systems

Abstract

Abstract Life in the Sahelian zone is very difficult due to lack of resources on a permanent basis. This scarcity of resources leads the pastor, with their flock to organize themselves to better resist the difficult conditions. Pastoralism is of paramount importance for this region. There is an urgent need to understand this way of life in order to help pastors to better organize themselves. In this paper, we propose mathematical models that consist of three food trophic chains. We consider and formalize, in a given location, interactions between browsers, grazers and forage resources. We first analyze the resulting system without delays and in a second time take into account two positive and discrete time-delays. In our model, delays denote an average time required in order that food consumed by browsers and grazers are beneficial for them. Qualitative analysis of the delays-free model shows several equilibria as well as various situations of multistability. Considering delay as parameter, we investigate the effect of delay on the stability of equilibria. It is found that the delays can lead the system dynamic behavior to exhibit stability switches, and Hopf bifurcation occurs when the delay crosses some critical value. By applying the normal form theory and the center manifold theorem, the explicit formula which determines the stability and direction of the bifurcating periodic solutions is determined. Finally based on a nonstandard numerical scheme, we provide some numerical simulations in order to illustrate our qualitative results and support discussions. [ABSTRACT FROM AUTHOR]

Published

2019

76. Managing Potentially Intrusive Practices in the Browser: A User-Centered Perspective

Author

Daniel Smullen, Norman Sadeh, Arthur Edelstein, Yaxing Yao, Yuanyuan Feng, and Rebecca Weiss

Subjects

understanding, Ethics, browsers, Computer science, 05 social sciences, Perspective (graphical), interaction design, security, QA75.5-76.95, 02 engineering and technology, privacy, BJ1-1725, usability, World Wide Web, mental models, Electronic computers. Computer science, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 0501 psychology and cognitive sciences, preferences, 050107 human factors, settings, General Environmental Science

Abstract

Browser users encounter a broad array of potentially intrusive practices: from behavioral profiling, to crypto-mining, fingerprinting, and more. We study people’s perception, awareness, understanding, and preferences to opt out of those practices. We conducted a mixed-methods study that included qualitative (n=186) and quantitative (n=888) surveys covering 8 neutrally presented practices, equally highlighting both their benefits and risks. Consistent with prior research focusing on specific practices and mitigation techniques, we observe that most people are unaware of how to effectively identify or control the practices we surveyed. However, our user-centered approach reveals diverse views about the perceived risks and benefits, and that the majority of our participants wished to both restrict and be explicitly notified about the surveyed practices. Though prior research shows that meaningful controls are rarely available, we found that many participants mistakenly assume opt-out settings are common but just too difficult to find. However, even if they were hypothetically available on every website, our findings suggest that settings which allow practices by default are more burdensome to users than alternatives which are contextualized to website categories instead. Our results argue for settings which can distinguish among website categories where certain practices are seen as permissible, proactively notify users about their presence, and otherwise deny intrusive practices by default. Standardizing these settings in the browser rather than being left to individual websites would have the advantage of providing a uniform interface to support notification, control, and could help mitigate dark patterns. We also discuss the regulatory implications of the findings.

Published

2021

77. GIS Processing on the Web

Author

Knutsson, Erik, Rydhe, Manne, Knutsson, Erik, and Rydhe, Manne

Abstract

Today more and more advanced and demanding applications are finding their way to the web. These are applications like video editing, games, and mathematical calculations. Up until a few years ago, JavaScript was the only language present on the web. That was until Mozilla, Google, Microsoft, and Apple decided to develop WebAssembly. WebAssembly is a low-level language, similar to assembly, but running in the browser. WebAssembly was not created to replace JavaScript, but to be used alongside it and complement JavaScript’s weaknesses. WebAssembly is still a relatively new language (2017) and is in continuous development. This work is presented as a guideline, and to give a general direction of how WebAssembly is performing (in 2022) when operating on GIS data. When comparing the execution speed of WebAssembly running in different environments (NodeJS, Google Chrome, and Mozilla Firefox), NodeJS was the fastest. The second fastest was Mozilla Firefox, and the slowest was Google Chrome. However, when compared to the native implementation in C++, no environment came close to the developers’ promised 10% slowdown compared to the native code. The average slowdowns found in this study were: The benchmark with small input files ran 63% slower than native. The benchmark with medium input files ran 62% slower than native, and the benchmarks with large input files ran 68% slower than native. The results are comparable to the study [6], which found that the slowdown was around 45% when running WebAssembly on Mozilla Firefox and 55% on Google Chrome with a peak of 2.5 times slowdown compared to native. This study aimed to measure memory usage in the different environments for operations on GIS data. However, the methods used in this study to measure memory proved to be too unsophisticated when dealing with JIT and garbage collection. For future work, a more detailed "memory allocated over time" graph should probably be used to be able to measure the peaks of memory currently all

Published

2022

78. The Western Woodland of Ethiopia:A study of the woody vegetation and flora between the Ethiopian Highlands and the lowlands of the Nile Valley in the Sudan and South Sudan

Author

Friis, Ib, van Breugel, Paulo, Weber, Odile, Demissew, Sebsebe, Friis, Ib, van Breugel, Paulo, Weber, Odile, and Demissew, Sebsebe

Abstract

The western woodlands of Ethiopia have been less studied than the highlands, with a first description published in 1940. Based on fieldwork and herbarium studies we intend to increase the knowledge of these woodlands. Some authors describe them as one continuous zone from south to north, spanning ca. 10° latitude and dominated by species of Combretum and Terminalia but sometimes with various names applied to the vegetation at its limits. The Atlas of the Potential Vegetation of Ethiopia (2010) followed the continuous model. In the Sudan and South Sudan, the same vegetation is described as distinct types defined on soil and rainfall. Reviewing species composition, environment, research-history and human influence, we present our own observations of the woody species and map their distribution in Ethiopia, review their ecological adaptations and model the total distribution in Africa of twelve characteristic species. We use our data for clustering and principal component analyses to study continuity and discontinuity of the vegetation and the drivers of variation. The appearance of the western woodlands is variable, and cluster analyses indicate that a high number of small and narrowly defined units might be identified. A significant number of trees are widespread from north to south, but some are restricted to the north, a few to the centre and south, and many just enter the woodlands with a main distribution elsewhere. At a high level, our analysis defines two or three weakly defined clusters, (1) the northern woodlands to just south of the Abay River and continuing far south as a brim along the western escarpment of Ethiopia, (2) woodlands south of the Abay at altitudes above cluster no. (1), and (3) dry woodlands of the upper Tacazze and Abay Rivers. Many environmental factors explain small but important parts of the variation. The clusters relate to variables such as latitude, altitude, climate and soil types, while slope, fire frequency and other parameters are

Published

2022

79. Meta-driven Browsers

Author

Bergel, Alexandre, Ducasse, Stéphane, Putney, Colin, Wuyts, Roel, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Rangan, C. Pandu, editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, and De Meuter, Wolfgang, editor

Published

2007

80. CPU Port Contention Without SMT

Author

Thomas Rokicki, Clémentine Maurice, Michael Schwarz, Security & PrIvaCY (SPICY), SYSTÈMES LARGE ÉCHELLE (IRISA-D1), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), Self-adaptation for distributed services and large software systems (SPIRALS), Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 (CRIStAL), Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS)-Centrale Lille-Université de Lille-Centre National de la Recherche Scientifique (CNRS), Helmholtz Center for Information Security [Saarbrücken] (CISPA), ANR-19-CE39-0007,MIAOUS,Attaques sur la micro-architecture des systèmes ubiquitaires(2019), and ANR-21-CE39-0019,FACADES,Fingerprinting et exploration des attaques et défenses sur CPU depuis des scripts web(2021)

Subjects

CPU port contention, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Browsers, Side channels, Fingerprinting

Abstract

International audience; CPU port contention has been used in the last years as a stateless side channel to perform side-channel attacks and transient execution attacks. One drawback of this channel is that it heavily relies on simultaneous multi-threading, which can be absent from some CPUs or simply disabled by the OS. In this paper, we present sequential port contention, which does not require SMT. It exploits sub-optimal scheduling to execution ports for instruction-level parallelization. As a result, specifically-crafted instruction sequences on a single thread suffer from an increased latency. We show that sequential port contention can be exploited from web browsers in WebAssembly. We present an automated framework to search for instruction sequences leading to sequential port contention for specific CPU generations, which we evaluated on 50 different CPUs. An attacker can use these sequences from the browser to determine the CPU generation within 12 s with a 95 % accuracy. This fingerprint is highly stable and resistant to system noise, and we show that mitigations are either expensive or only probabilistic.

Published

2022

81. A Hybrid Web Browser Architecture for Mobile Devices

Author

CHO, J., SEO, E., and JEONG, J.

Subjects

Browsers, Internet, Mobile computing, Web services, World Wide Web, Electrical engineering. Electronics. Nuclear engineering, TK1-9971, Computer engineering. Computer hardware, TK7885-7895

Abstract

Web browsing on mobile networks is slow in comparison to wired or Wi-Fi networks. Particularly, the connection establishment phase including DNS lookups and TCP handshakes takes a long time on mobile networks due to its long round-trip latency. In this paper, we propose a novel web browser architecture that aims to improve mobile web browsing performance. Our approach delegates the connection establishment and HTTP header field delivery tasks to a dedicated proxy server located at the joint point between the WAN and mobile network. Since the traffic for the connection establishment and HTTP header fields delivery passes only through the WAN between the proxy and web servers, our approach significantly reduces both the number and size of packets on the mobile network. Our evaluation showed that the proposed scheme reduces the number of mobile network packets by up to 42% and, consequently, the average page loading time is shortened by up to 52%.

Published

2014

82. A Probabilistic Logic of Cyber Deception.

Author

Jajodia, Sushil, Park, Noseong, Pierazzi, Fabio, Pugliese, Andrea, Serra, Edoardo, Simari, Gerardo I., and Subrahmanian, V. S.

Abstract

Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker’s state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests. [ABSTRACT FROM PUBLISHER]

Published

2017

83. Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application.

Author

Marchal, Samuel, Armano, Giovanni, Grondahl, Tommi, Saari, Kalle, Singh, Nidhi, and Asokan, N.

Subjects

*PHISHING, *EMAIL spoofing, *CONTENT analysis, *PHISHING prevention, *INTERNET fraud prevention

Abstract

Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings. [ABSTRACT FROM AUTHOR]

Published

2017

84. SWAROVsky: Optimizing Resource Loading for Mobile Web Browsing.

Author

Liu, Xuanzhe, Ma, Yun, Wang, Xinyang, Liu, Yunxin, Xie, Tao, and Huang, Gang

Subjects

WEB browsing, WIRELESS communications, WIRELESS sensor nodes, WIRELESS sensor networks, DATA transmission systems, MOBILE computing

Abstract

Imperfect Web resource loading prevents mobile Web browsing from providing satisfactory user experience. In this article, we design and implement the SWAROVsky system to address three main issues of current inefficient Web resource loading: (1) on-demand and thus slow loading of sub-resources of webpages; (2) duplicated loading of resources with different URLs but the same content; and (3) redundant loading of the same resource due to improper cache configurations. SWAROVsky employs a dual-proxy architecture that comprises a remote cloud-side proxy and a local proxy on mobile devices. The remote proxy proactively loads webpages from their original Web servers and maintains a resource loading graph for every single webpage. Based on the graph, the remote proxy is capable of deciding which resources are “really” needed for the webpage and their loading orders, and thus can synchronize these needed resources with the local proxy of a client efficiently and timely. The local proxy also runs an intelligent and light-weight algorithm to identify resources with different URLs but the same content, and thus can avoid duplicated downloading of the same content via network. Our system can be used with existing Web browsers and Web servers, and does not break the normal semantics of a webpage. Evaluations with 50 websites show that on average our system can reduce the page load time by 43.1 percent and the network data transmission by 57.6 percent, while imposing marginal system overhead. [ABSTRACT FROM AUTHOR]

Published

2017

85. ReWAP: Reducing Redundant Transfers for Mobile Web Browsing via App-Specific Resource Packaging.

Author

Liu, Xuanzhe, Ma, Yun, Dong, Shuailiang, Liu, Yunxin, Xie, Tao, and Huang, Gang

Subjects

WEB browsing, INFORMATION retrieval, PACKAGING research, INFORMATION storage & retrieval systems

Abstract

Redundant transfer of resources is a critical issue for compromising the performance of mobile Web applications (a.k.a., apps) in terms of data traffic, load time, and even energy consumption. Evidence demonstrates that the current cache mechanisms are far from satisfactory. With lessons learned from how native apps manage their resources, in this article, we present the ReWAP approach to fundamentally reducing redundant transfers by restructuring the resource loading of mobile Web apps. ReWAP is based on an efficient resource-packaging mechanism where stable resources are encapsulated and maintained into a package, and such a package shall be loaded always from the local storage and updated by explicitly refreshing. By retrieving and analyzing the update of resources, ReWAP maintains resource packages that can accurately identify which resources can be loaded from the local storage for a considerably long period. ReWAP also provides a wrapper for mobile Web apps to enable loading and updating resource packages in the local storage as well as loading resources from resource packages. ReWAP can be easily and seamlessly deployed into existing mobile Web architectures with minimal modifications, and is transparent to end-users. We evaluate ReWAP based on continuous 15-day access traces of 50 mobile Web apps randomly chosen from Alexa top 500 ranking list. Compared to the original mobile Web apps with cache enabled, ReWAP can significantly reduce the data traffic, with the median saving up to 51 percent. In addition, ReWAP can incur only very minor runtime overhead of the client-side browsers and thus does not compromise user experiences. [ABSTRACT FROM AUTHOR]

Published

2017

86. An Asynchronous P300-Based Brain-Computer Interface Web Browser for Severely Disabled People.

Author

Martinez-Cagigal, Victor, Gomez-Pilar, Javier, Alvarez, Daniel, and Hornero, Roberto

Subjects

BRAIN-computer interfaces, ELECTROENCEPHALOGRAPHY, MEANS of communication for people with disabilities

Abstract

This paper presents an electroencephalographic (EEG) P300-based brain–computer interface (BCI) Internet browser. The system uses the “odd-ball” row-col paradigm for generating the P300 evoked potentials on the scalp of the user, which are immediately processed and translated into web browser commands. There were previous approaches for controlling a BCI web browser. However, to the best of our knowledge, none of them was focused on an assistive context, failing to test their applications with a suitable number of end users. In addition, all of them were synchronous applications, where it was necessary to introduce a “read-mode” command in order to avoid a continuous command selection. Thus, the aim of this study is twofold: 1) to test our web browser with a population of multiple sclerosis (MS) patients in order to assess the usefulness of our proposal to meet their daily communication needs; and 2) to overcome the aforementioned limitation by adding a threshold that discerns between control and non-control states, allowing the user to calmly read the web page without undesirable selections. The browser was tested with sixteen MS patients and five healthy volunteers. Both quantitative and qualitative metrics were obtained. MS participants reached an average accuracy of 84.14%, whereas 95.75% was achieved by control subjects. Results show that MS patients can successfully control the BCI web browser, improving their personal autonomy. [ABSTRACT FROM AUTHOR]

Published

2017

87. Detecting Mobile Malicious Webpages in Real Time.

Author

Amrutkar, Chaitrali, Kim, Young Seuk, and Traynor, Patrick

Subjects

SMARTPHONES, WEB browsing, MALWARE, HTML (Document markup language)

Abstract

Mobile specific webpages differ significantly from their desktop counterparts in content, layout, and functionality. Accordingly, existing techniques to detect malicious websites are unlikely to work for such webpages. In this paper, we design and implement kAYO, a mechanism that distinguishes between malicious and benign mobile webpages. kAYO makes this determination based on static features of a webpage ranging from the number of iframes to the presence of known fraudulent phone numbers. First, we experimentally demonstrate the need for mobile specific techniques and then identify a range of new static features that highly correlate with mobile malicious webpages. We then apply kAYO to a dataset of over 350,000 known benign and malicious mobile webpages and demonstrate 90 percent accuracy in classification. Moreover, we discover, characterize, and report a number of webpages missed by Google Safe Browsing and VirusTotal, but detected by kAYO. Finally, we build a browser extension using kAYO to protect users from malicious mobile websites in real-time. In doing so, we provide the first static analysis technique to detect malicious mobile webpages. [ABSTRACT FROM AUTHOR]

Published

2017

88. A Survey on Web Tracking: Mechanisms, Implications, and Defenses.

Author

Bujlow, Tomasz, Carela-Espanol, Valentin, Lee, Beom-Ryeol, and Barlet-Ros, Pere

Subjects

WEB services, INTERNET security, WEB browsers, HUMAN fingerprints, ONLINE data processing

Abstract

Privacy seems to be the Achilles’ heel of today’s web. Most web services make continuous efforts to track their users and to obtain as much personal information as they can from the things they search, the sites they visit, the people they contact, and the products they buy. This information is mostly used for commercial purposes, which go far beyond targeted advertising. Although many users are already aware of the privacy risks involved in the use of internet services, the particular methods and technologies used for tracking them are much less known. In this survey, we review the existing literature on the methods used by web services to track the users online as well as their purposes, implications, and possible user’s defenses. We present five main groups of methods used for user tracking, which are based on sessions, client storage, client cache, fingerprinting, and other approaches. A special focus is placed on mechanisms that use web caches, operational caches, and fingerprinting, as they are usually very rich in terms of using various creative methodologies. We also show how the users can be identified on the web and associated with their real names, e-mail addresses, phone numbers, or even street addresses. We show why tracking is being used and its possible implications for the users. For each of the tracking methods, we present possible defenses. Some of them are specific to a particular tracking approach, while others are more universal (block more than one threat). Finally, we present the future trends in user tracking and show that they can potentially pose significant threats to the users’ privacy. [ABSTRACT FROM AUTHOR]

Published

2017

89. Characterizing the HTTPS Trust Landscape: A Passive View from the Edge.

Author

Ouvrier, Gustaf, Laterman, Michel, Arlitt, Martin, and Carlsson, Niklas

Subjects

*HTTP (Computer network protocol), *ONLINE banking, *SOCIAL networks, *WEB browsers, *INTERNET, *MOBILE communication systems

Abstract

Our society increasingly relies on web-based services like online banking, shopping, and socializing. Many of these services heavily depend on secure end-to-end transactions to transfer personal, financial, and other sensitive information. At the core of ensuring secure transactions are the HTTPS protocol and the "trust" relationships between many involved parties, including users, browsers, servers, domain owners, and the third-party CAs that issue certificates binding ownership of public keys with servers and domains. This article presents an overview of the current trust landscape and provides statistics to illustrate and quantify some of the risks facing typical users. Using measurement results obtained through passive monitoring of the HTTPS traffic between a campus network and the Internet, we provide concrete examples and characterize the certificate usage and trust relationships in this complex landscape. By comparing our observations against known vulnerabilities and problems, we highlight and discuss the actual security that typical Internet users (e.g., the people on campus) experience. Our measurements cover both mobile and stationary users, consider the involved trust relationships, and provide insights into how the HTTPS protocol is used and the weaknesses observed in practice. While the security properties vary significantly between sessions, out of the 232 million HTTPS sessions we observed, more than 25 percent had weak security properties. [ABSTRACT FROM PUBLISHER]

Published

2017

90. Cybercrime at a Scale: A Practical Study of Deployments of HTTP-Based Botnet Command and Control Panels.

Author

Sood, Aditya K, Zeadally, Sherali, and Bansal, Rohit

Subjects

*CYBERCRIMINALS, *BOTNETS, *COMPUTER crimes, *HTTP (Computer network protocol), *PORTS (Electronic computer system)

Abstract

Cybercriminals deploy botnets for conducting nefarious operations on the Internet. Botnets are managed on a large scale and harness the power of compromised machines, which are controlled through centralized portals known as C&C panels. C&C panels are considered as attackers' primary operating environment through which bots are controlled and updated at regular intervals of time. C&C panels also store information stolen from the compromised machines as a part of the data exfiltration activity. In this empirical study, we analyzed many over 9000 C&C web URLs to better understand the deployment and the operational characteristics of HTTP-based botnets. [ABSTRACT FROM PUBLISHER]

Published

2017

91. How Far Are We from WebRTC-1.0? An Update on Standards and a Look at What's Next.

Author

Loreto, Salvatore and Romano, Simon Pietro

Subjects

*WEB browsers, *INTERNET protocols, *CODECS, *MULTIPLEXING, *MULTIMEDIA communications

Abstract

Real-time communication between browsers has represented an unprecedented standardization effort involving both the IETF and the W3C. These activities have involved both the real-time protocol suite and the application-level JavaScript APIs to be offered to developers in order to allow them to easily implement interoperable real-time multimedia applications in the web. This article sheds light on the current status of standardization, with special focus on the upcoming final release of the so-called WebRTC-1.0 standard ecosystem. It takes stock of the situation with respect to hot topics such as codecs, session description and stream multiplexing. It also briefly discusses how standard bodies are dealing with seamless integration of the initially competing effort known as "Object Real Time Communications." [ABSTRACT FROM PUBLISHER]

Published

2017

92. Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats.

Author

Sood, Aditya K., Zeadally, Sherali, and Bansal, Rohit

Abstract

Online social networks (OSNs) provide a new dimension to people's lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale. We describe a category of malware (or attacks) known as socioware that exploits OSN environments for performing unauthorized and nefarious activities. Socioware can be an executable, an extension, an exploit code, etc., that conducts malicious operations in OSNs with serious impact on users. Furthermore, we discuss the socioware taxonomy highlighting the characteristics of socioware to illustrate the design and exploitation tactics of OSN malware. In contrast, insider threats (employees or contractors) are posing a grave threat to organizations, with a motivation to steal critical data and monetize it for financial gains. Insider threats have become a serious concern for many organizations today. We present a complete attack model to demonstrate how an insider threat exploits the online trust and confidentiality by transforming an OSN into a socioware distribution platform that infects other employees' systems. Finally, we discuss security defenses that can be adopted to defend against socioware. [ABSTRACT FROM PUBLISHER]

Published

2017

93. Exploring the Relevance of Search Engines: An Overview of Google as a Case Study.

Author

Beltrán-Alfonso, Ricardo, Torres-Tautiva, Andres, Gaona-Garcia, Paulo Alonso, and Montenegro-Marin, Carlos Enrique

Subjects

SEARCH engines, WEB browsers

Abstract

The huge amount of data on the Internet and the diverse list of strategies used to try to link this information with relevant searches through Linked Data have generated a revolution in data treatment and its representation. Nevertheless, the conventional search engines like Google are kept as strategies with good reception to do search processes. The following article presents a study of the development and evolution of search engines, more specifically, to analyze the relevance of findings based on the number of results displayed in paging systems with Google as a case study. Finally, it is intended to contribute to indexing criteria in search results, based on an approach to Semantic Web as a stage in the evolution of the Web. [ABSTRACT FROM AUTHOR]

Published

2017

94. The Market's Law of Privacy: Case Studies in Privacy and Security Adoption.

Author

Gupta, Chetan

Abstract

It might be possible for individual actors in a marketplace to drive the adoption of particular privacy and security standards. Using HTTPS, two-factor authentication, and end-to-end encryption as case studies, the author tries to ascertain which factors are responsible for successful diffusion that improves the privacy of a large number of users. [ABSTRACT FROM PUBLISHER]

Published

2017

95. Long-Term Threats to Ballot Privacy.

Author

Graaf, Jeroen van de

Abstract

To enhance transparency, many new voting systems produce audit data that lets voters verify that their ballot was included in the tally, and lets outsiders verify that the tally was calculated correctly. However, the cryptographic techniques used in these systems provide confidentiality for a few decades only. This threatens ballot privacy in the long term. [ABSTRACT FROM PUBLISHER]

Published

2017

96. Moving Real Exergaming Engines on the Web: The webFitForAll Case Study in an Active and Healthy Ageing Living Lab Environment.

Author

Konstantinidis, Evdokimos I., Bamparopoulos, Giorgos, and Bamidis, Panagiotis D.

Subjects

EXERCISE video games, ACTIVE aging, PHYSIOLOGICAL aspects of aging, MEDICAL technology, MEDICAL innovations, HEALTH of older people, COMPUTER network resources

Abstract

Exergames have been the subject of research and technology innovations for a number of years. Different devices and technologies have been utilized to train the body and the mind of senior people or different patient groups. In the past, we presented FitForAll, the protocol efficacy of which was proven through widely taken (controlled) pilots with more than 116 seniors for a period of two months. The current piece of work expands this and presents the first truly web exergaming platform, which is solely based on HTML5 and JavaScript without any browser plugin requirements. The adopted architecture (controller application communication framework) combines a unified solution for input devices such as MS Kinect and Wii Balance Βoard which may seamlessly be exploited through standard physical exercise protocols (American College of Sports Medicine guidelines) and accommodate high detail logging; this allows for proper pilot testing and usability evaluations in ecologically valid Living Lab environments. The latter type of setups is also used herein for evaluating the web application with more than a dozen of real elderly users following quantitative approaches. [ABSTRACT FROM AUTHOR]

Published

2017

97. Does the Online Card Payment Landscape Unwittingly Facilitate Fraud?

Author

Ali, Mohammed Aamir, Arief, Budi, Emms, Martin, and van Moorsel, Aad

Abstract

An extensive study of the current practice of online payment using credit and debit cards reveals the intrinsic security challenges caused by differences in how payment sites operate. [ABSTRACT FROM PUBLISHER]

Published

2017

98. Color Scheme Adaptation to Enhance User Experience on Smartphone Displays Leveraging Ambient Light.

Author

Yu, Jiadi, Chen, Yingying, and Li, Jianda

Subjects

INFORMATION technology, MOBILE operating systems, CELL phone users, SMARTPHONES, DATA plans

Abstract

With the rapid development of information technology, mobile devices have exhibited increasing popularity in recent years. To support the anytime-anywhere service model of mobile devices, one important problem related to the screen display arises when using these devices (e.g., smartphone and tablet) under various lighting conditions. On one hand, it is hard for users to see the display clearly under strong lighting conditions (e.g., sunlight). On the other hand, the screen appears dazzling under weak lighting conditions. This problem related to the mobile device display can significantly degrade user experience and undermine the successful deployment of the anytime-anywhere mobile service model. Existing solutions mainly focus on the automatic adjustment of brightness level under different light conditions. We show that merely utilizing brightness level to solve the display problem is not enough to maintain the user experience under both strong and weak lighting scenarios through experimenting with over 200 volunteers. In this work, we take a different approach by investigating automatic color scheme adjustment to improve user experience. We find that Readability, Comfort level, and Similarity are major factors that contribute to user experience. In recognizing these problems, we propose a system, ColorVert, which utilizes the DKL color space to adaptively transform color schemes by sensing ambient light to improve user experience under various lighting scenarios. Our experimental evaluation with over 200 precipitants and various mobile devices demonstrates that ColorVert is more effective in both maintaining as well as improving user experience compared with the existing automatic brightness adjustment system. [ABSTRACT FROM AUTHOR]

Published

2017

99. Bandwidth Adaptation by Squeezing Idle Traffic in Browsers: An Active Window Detection Based Approach for Next Generation Networks.

Author

Shahab, Muhammad Basit, Usman, Muhammad Arslan, and Shin, Soo Young

Abstract

This letter proposes a novel algorithm named bandwidth adaptation by squeezing idle traffic (BASIT), which aims at reducing the video traffic in idle tabs/windows of browsers. The algorithm is based on detecting active tabs/windows in the browsers at client end. Video data on idle tabs are intelligently compressed by the server to save network bandwidth. Bandwidth wasted on idle video traffic is reduced by either sending the lowest quality of the video or only audio throughout the idle duration of the tabs/windows. It is understandable that substantial amount of bandwidth can be saved by applying BASIT algorithm on browsers. [ABSTRACT FROM PUBLISHER]

Published

2017

100. A Tale of Browsers and Hunters: Exploration of Diverging Consumer Profiles and Their Characteristics in the Secondhand Marketplace.

Author

Ertz, Myriam, Durif, Fabien, and Arcand, Manon

Abstract

Traditionally, the literature has used the terms "browser" and "hunter" shopping styles interchangeably. In-depth interviews with 12 consumers revealed that however there is a distinction between the two. The results suggest that, browsers may seek to surprise themselves by shopping secondhand, typically by finding a "treasure", but without knowing what they look for, until they unexpectedly find a valuable product and have actually the means to acquire and store it. On the other hand, hunters may search to surprise themselves by shopping secondhand, to find a "rare find", but with full and conscious knowledge of what they are looking for, while having the means to acquire and store the product. Both may have space for storage and spend very little to very large amounts of time, but browsers try to find a random product that they like, whereas hunters aim at finding the specific gem that they are looking for. [ABSTRACT FROM AUTHOR]

Published

2017