This document discusses strategies for containing computer viruses in a network. It presents a game theoretic model where nodes choose whether to install antivirus software. Nash equilibria are characterized but can be inefficient. Computing the optimal strategy that minimizes total infection risk is NP-hard. Approximating this solution can be reduced to the sum-of-squares partition problem, allowing for a near-optimal deployment. Open problems consider extensions like taxation mechanisms and strategic behavior.
It presents various approximation schemes including absolute approximation, epsilon approximation and also presents some polynomial time approximation schemes. It also presents some probabilistically good algorithms.
Implicit schemes are needed in order to have fast runtime in wave models. Parallelization using the Message Passing Interface are needed in order to run on computers with thousands of processors. Implicit schemes rely on preconditioner in order for the iterative schemes to converge fast. Thus we need fast preconditioners and we present those here.
Surrogate models emulate expensive computer simulations. The objective is to approximate a function, $f$, of $d$ variables to a given tolerance, $\varepsilon$, using as few function values as possible, preferably $O(d)$. We explain how tractability theory provides lower bounds on the number of function values required for any possible method. We also propose method for sampling $f$ and approximating $f$ that achieves this objective and the kind of underlying structure that $f$ must have for success.
It presents various approximation schemes including absolute approximation, epsilon approximation and also presents some polynomial time approximation schemes. It also presents some probabilistically good algorithms.
Implicit schemes are needed in order to have fast runtime in wave models. Parallelization using the Message Passing Interface are needed in order to run on computers with thousands of processors. Implicit schemes rely on preconditioner in order for the iterative schemes to converge fast. Thus we need fast preconditioners and we present those here.
Surrogate models emulate expensive computer simulations. The objective is to approximate a function, $f$, of $d$ variables to a given tolerance, $\varepsilon$, using as few function values as possible, preferably $O(d)$. We explain how tractability theory provides lower bounds on the number of function values required for any possible method. We also propose method for sampling $f$ and approximating $f$ that achieves this objective and the kind of underlying structure that $f$ must have for success.
You Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing ItAleksandr Yampolskiy
Cinchcast (aka BlogTalkRadio) is a startup in New York City.
Using only a phone, you can broadcast your message globally to millions of listeners.
Thousands of broadcasts are happening every day on topics ranging from technology to battling cancer.
In this talk, we will discuss how we accomplished this, the technology behind it, and the challenges ahead.
We will talk about what it's like building a startup in .NET and the techniques we have used to scale, such as
HTML and donut caching, lazy loading of data, elastic search, as well as marrying telephony to the web stack.
This talk describes the benefits of social media as well as its security challenges. It also outlines sample defenses that companies can adopt. It was given at CSO breakfast club in NYC.
"Hiring Great Technologists in Six Easy Steps"
In this talk, we discuss:
- What it takes to hire and retain great engineers in New York area.
- Qualities you should look for in a technical co-founder.
- Does it make sense to outsource?
- As well as other topics raised by the audience.
Afterwards, we will continue with networking among the group's members.
Please feel free to write your questions ahead of time in the comments section.
You Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing ItAleksandr Yampolskiy
Cinchcast (aka BlogTalkRadio) is a startup in New York City.
Using only a phone, you can broadcast your message globally to millions of listeners.
Thousands of broadcasts are happening every day on topics ranging from technology to battling cancer.
In this talk, we will discuss how we accomplished this, the technology behind it, and the challenges ahead.
We will talk about what it's like building a startup in .NET and the techniques we have used to scale, such as
HTML and donut caching, lazy loading of data, elastic search, as well as marrying telephony to the web stack.
This talk describes the benefits of social media as well as its security challenges. It also outlines sample defenses that companies can adopt. It was given at CSO breakfast club in NYC.
"Hiring Great Technologists in Six Easy Steps"
In this talk, we discuss:
- What it takes to hire and retain great engineers in New York area.
- Qualities you should look for in a technical co-founder.
- Does it make sense to outsource?
- As well as other topics raised by the audience.
Afterwards, we will continue with networking among the group's members.
Please feel free to write your questions ahead of time in the comments section.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Elevating Tactical DDD Patterns Through Object Calisthenics
Inoculation strategies for victims of viruses
1. Inoculation Strategies for
Victims of Viruses and
the Sum-of-Squares
Partition Problem
James Aspnes, Kevin Chang,
and Aleksandr Yampolskiy
(Yale University)
Copyright (C) 2005 by Aleksandr
Yampolskiy
2. Outline
Ø Motivation
n Our Model
n Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
3. Question: Will you install anti-virus
software?
Norton AntiVirus 2005 = $49.95
Value of your data = $350.00
Infection probability = 1/10
Expected loss = $35.00
Copyright (C) 2005 by Aleksandr
Yampolskiy
4. Answer: Probably not.
Norton AntiVirus 2005 = $49.95
Value of your data = $350.00
Infection probability = 1/10
Expected loss = $35.00
Copyright (C) 2005 by Aleksandr
Yampolskiy
5. This selfish behavior…
n …fails to achieve the social optimum.
Copyright (C) 2005 by Aleksandr
Yampolskiy
6. What if instead…
n …a benevolent dictator decided which
computers install an anti-virus?
Center node
must install
an anti-virus
or else!
Copyright (C) 2005 by Aleksandr
Yampolskiy
7. Outline
n Motivation
Ø Our Model
n Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
8. Our Model
n The network is an undirected graph
G = (V,E).
n Installing anti-virus software is a single
round non-cooperative game.
n The players are the network nodes:
V = {0,1,…,n-1}.
Copyright (C) 2005 by Aleksandr
Yampolskiy
9. Our Model : Strategies
n Each node has two actions: do nothing or
inoculate itself.
n Strategy profile summarizes
players’ choices.
n ai = probability that node i installs anti-
virus software
Copyright (C) 2005 by Aleksandr
Yampolskiy
10. Our Model : Attack Model
n After the nodes choose their strategies,
the adversary picks a starting point for
infection uniformly at random
n Node i gets infected if it has no anti-virus
software installed and if any of its
neighbors become infected.
Copyright (C) 2005 by Aleksandr
Yampolskiy
11. Our Model : Attack Model (cont.)
n Example: Only node 3 installs anti-virus
software. Adversary chooses to infect
node 2.
0 1
2 3
4 5
Copyright (C) 2005 by Aleksandr
Yampolskiy
12. Our Model : Attack Graph
0 1 0 1
2 3 2 3
4 5 4 5
network graph G Copyright (C) 2005 by Aleksandr
Yampolskiy
attack graph Ga= G - Ia
13. Our Model : Individual Costs
n Anti-virus software costs C. Expected loss
from virus is L.
n Cost of strategy to node i:
n Here, pi(a) = Pr[i is infected | i does not
install an anti-virus]
Copyright (C) 2005 by Aleksandr
Yampolskiy
14. Our Model : Social Cost
n Social cost of is simply a sum of
individual costs:
Copyright (C) 2005 by Aleksandr
Yampolskiy
15. Outline
n Motivation
n Our Model
Ø Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
16. Nash Strategies
n Def: Strategy profile is in Nash
equilibrium if no node can improve its
payoff by switching to a different strategy:
for i = 0,...,n-1 and any x 2 [0,1],
n Fact: Nash strategies do not optimize total
social cost (cf. Prisoner’s Dilemma)
Copyright (C) 2005 by Aleksandr
Yampolskiy
17. Nash Strategies (cont.)
Thm: There is a threshold t=Cn/L such that each
node in a Nash equilibrium
¨ will install an anti-virus if it would otherwise end up in
a component of expected size > t
¨ will not install an anti-virus if it would end up in a
component of expected size < t.
¨ is indifferent between installing and not installing
when the expected size = t.
Copyright (C) 2005 by Aleksandr
Yampolskiy
18. Nash Strategies (cont.)
n Corollary: Let t = Cn/L. Then a pure
strategy is a Nash equilibrium if and only
if
¨ Every component in Ga has size · t
¨ Inserting any secure node j and its edges into
Ga yields a component of size ¸ t.
Copyright (C) 2005 by Aleksandr
Yampolskiy
19. Nash Strategies (cont.)
n Example: Let C=0.5,L=1 so that t=Cn/L=2.5.
Then is not a Nash equilibrium.
0 1 0 1
2 3 2 3
4 5 4 5
Copyright (C) 2005 by Aleksandr
network graph G Yampolskiy attack graph Ga= G - Ia
20. Nash Strategies (cont.)
Thm: It is NP-hard to compute a pure Nash
equilibrium with lowest (resp., highest) cost.
Proof sketch: By reduction to VERTEX COVER
(resp., INDEPENDENT DOMINATING SET) .
¨ Set C, L so that t=Cn/L=1.5.
¨ In a Nash equilibrium, (a) every vulnerable node
has all neighbors secure; (b) every secure node
has an insecure neighbor
Copyright (C) 2005 by Aleksandr
Yampolskiy
21. Nash Strategies (cont.)
n If V’µ V is a minimal vertex cover, then
installing software on its nodes satisfies
(a) because V’ is a vertex cover and (b)
because V’ is minimal.
n Conversely, if V’ are secure nodes in a
Nash equilibrium, then V’ is a vertex cover
by (a).
Copyright (C) 2005 by Aleksandr
Yampolskiy
22. Nash Strategies (cont.)
n Nash Theorem guarantees our game has
a mixed Nash equilibrium.
n But does it make sense talking about pure
Nash equilibria?
Copyright (C) 2005 by Aleksandr
Yampolskiy
23. Nash Strategies (cont.)
Yes, it does!
Thm: If at each step some node with
suboptimal strategy switches its strategy,
the system converges to a pure Nash
equilibrium in · 2n steps.
Copyright (C) 2005 by Aleksandr
Yampolskiy
24. Price of Anarchy [KP99]
n Price of anarchy measures how far away a
Nash equilibrium can be from the social
optimum
n Formally, it is the worst-case ratio between
cost of Nash equilibrium and cost of social
optimum
n For network G and costs C, L, we denote it:
Copyright (C) 2005 by Aleksandr
Yampolskiy
25. Price of Anarchy (cont.)
Lower Bound: For a star graph K1,n,
ρ(G, C, L) = n/2.
Upper Bound: For any graph G and any C, L,
ρ(G, C, L)· n.
Thm: Price of anarchy in our game is
ρ(G, C, L) = Θ(n).
Copyright (C) 2005 by Aleksandr
Yampolskiy
26. Price of Anarchy (cont.)
Proof for lower bound:
Consider a star graph K1,n.
Let C=L(n-1)/n so that t=Cn/L=n-1.
1
n-1 2
n-2 3
0
…
Copyright (C) 2005 by Aleksandr
G = K1,n
Yampolskiy
27. Price of Anarchy (cont.)
Then, is an optimum strategy with
cost C+L(n-1)/n.
1 1
n-1 2 n-1 2
n-2 3 n-2 3
0 0
… …
Copyright (C) 2005 by Aleksandr
G = K1,n Yampolskiy Ga*
28. Price of Anarchy (cont.)
And is worst-cost Nash with
cost C+L(n-1)2/n.
1 1
n-1 2 n-1 2
n-2 3 n-2 3
0 0
… …
Copyright (C) 2005 by Aleksandr
G = K1,n Yampolskiy Ga*
29. Price of Anarchy (cont.)
n Therefore,
n Proof for upper bound uses similar ideas.
Copyright (C) 2005 by Aleksandr
Yampolskiy
30. Outline
n Motivation
n Our Model
n Nash Strategies
Ø Optimal Strategies
n Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
31. Optimal Strategies
n So, allowing users to selfishly choose
whether or not to install anti-virus software
may be very inefficient
n Instead, let’s have a benevolent dictator
compute and impose a solution
maximizing overall welfare
Copyright (C) 2005 by Aleksandr
Yampolskiy
32. Optimal Strategies (cont.)
n We can show:
Thm: Let t=Cn/L. If is an optimum
strategy, then every component in Ga has
size · max(1, (t+1)/2).
n Unfortunately,
Thm: It is NP-hard to compute an optimal
strategy.
Copyright (C) 2005 by Aleksandr
Yampolskiy
33. Optimum Strategies (cont.)
n Naturally, we consider approximating the
solution.
k1=2
0 1 0 1 secure
nodes
2 3 2 3 Ia
k2=2
4 5 4 5
network graph G attack graph Ga=G - Ia
Copyright (C) 2005 by Aleksandr
Yampolskiy
34. Optimum Strategies (cont.)
n For pure strategy , we have:
we concentrate on
this part
Copyright (C) 2005 by Aleksandr
Yampolskiy
35. Outline
n Motivation
n Our Model
n Nash Strategies
n Optimal Strategies
Ø Sum-of-Squares Partition Problem
n Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
36. Sum-of-Squares Partition
n We guess that there are m=|Ia| secure
nodes.
n Problem: By removing a set of at most
m · n nodes, partition the graph into
components H1, …, Hk such that ∑i |Hi|2 is
minimum.
Copyright (C) 2005 by Aleksandr
Yampolskiy
37. Sum-of-Squares Partition (cont.)
Thm: We can find a set of O(log2 n)¢m nodes whose
removal partitions the graph into components
H1,…,Hk such that ∑i |Hi|2 · O(1)¢OPT.
Proof sketch: We use the Leighton-Rao sparse cut
algorithm [LR99]. The approach is similar to greedy
log n approximation algorithm for set cover. We
repeatedly remove the node cut that gives the best
per-node benefit.
Copyright (C) 2005 by Aleksandr
Yampolskiy
38. Outline
n Motivation
n Our Model
n Nash Strategies
n Optimal Strategies
n Sum-of-Squares Partition Problem
Ø Conclusion
Copyright (C) 2005 by Aleksandr
Yampolskiy
39. Conclusion
n We proposed a simple game for modeling
containment of viruses in a network.
n Nash equilibria of our game have a simple
characterization.
n We showed that, in the worst case, they can be
far off from the optimal solution.
n However, a near-optimal deployment of anti-
virus software can be computed by reduction to
the sum-of-squares partition problem.
Copyright (C) 2005 by Aleksandr
Yampolskiy
40. Open Problems
n Introduce a discount (or taxation) mechanism into the
system.
n Suppose nodes can lie about their level of security (or
about who their neighbors are). How do we make truth-
telling a dominant strategy?
n Consider a “smart” adversary who targets the biggest
graph component.
n How do we evaluate what C and L are?
n Is there an algorithm for the sum-of-squares partition
problem with a better approximation ratio?
Copyright (C) 2005 by Aleksandr
Yampolskiy