Association for Computing Machinery
Welcome to the May 23, 2016 edition of ACM TechNews, providing timely information for IT professionals three times a week.

Updated versions of the ACM TechNews mobile apps are available for Android phones and tablets (click here) and for iPhones (click here) and iPads (click here).


DARPA Extreme DDoS Project Transforming Network Attack Mitigation
Network World (05/20/16) Michael Cooney

The U.S. Defense Advanced Research Projects Agency (DARPA) has awarded seven multi-million-dollar contracts to universities and companies under its Extreme DDoS Defense (XD3) program to radically transform extreme distributed denial-of-service (DDoS) mitigation. The latest contract awarded to the University of Pennsylvania (UPenn) will go toward developing defenses against DDoS attacks targeting specific protocols and their logic, which are frequently difficult to diagnose and stop because the total volume of malicious traffic may be low. The UPenn project seeks to localize the specific protocol component under siege and then massively replicate that component to ameliorate the attack, according to DARPA. The agency says low-volume DDoS attacks can be even tougher and more insidious than high-volume attacks because they "target specific applications, protocols, or state-machine behaviors while relying on traffic sparseness (or seemingly innocuous message transmission) to evade traditional intrusion-detection techniques." Current DDoS defense protocols, combining network-based filtering, traffic diversion, and "scrubbing" or replication of stored data, fall short of desired capacities. DARPA says new techniques are needed to offer much greater resilience to attacks across a wider spectrum of contexts. XD3 intends to yield technologies that foil attacks via dispersal of cyber assets, concealing those assets' traits and behaviors, and curbing the impact of penetrating attacks using adaptive mitigation methods on endpoints.

Unveiling the Hidden Layers of Deep Learning
Scientific American (05/20/16) Amanda Montanez

A new method for visualizing the mechanisms and hidden layers of neural networks could provide insights into deep learning. It is established that an order exists to how the hidden layers function, in that from input to output, each layer manages information of increasing complexity. The Tensor Flow project's goal is to shed light on these layers by enabling users to interact and experiment with them via an open source tool described as a neural network playground. The playground employs blue and orange points scattered within a field to "teach" computers to find and echo patterns. By choosing different dot-arrangements of varying degrees of complexity, users can manipulate the learning system by adding new hidden layers and new neurons within each layer. Afterward, every time users hit the "play" button, they can observe as the background color gradient changes to approximate the arrangement of blue and orange dots. As the pattern's complexity grows, additional neurons and layers help the computer to complete the task more successfully. Connections among neurons are imaged as either blue or orange lines, with blue signaling the output for each neuron is the same as its content, while orange means the output is the opposite of each neuron's values.

Dartmouth Contest Shows Computers Aren't Such Good Poets
Associated Press (05/19/16) Michael Casey

A yearlong Dartmouth College competition focused on the performance of artificial intelligence algorithms that generated sonnets to see if a three-judge panel could distinguish between machine- and human-produced content. The panel was asked to read 10 submissions, including six produced by humans and four by two different algorithms. The algorithms were provided with nouns and programmed to produce a sonnet. The software failed to have the flow or narrative of a good poem, and judge Louis Menand notes some sonnets exhibited "idiosyncrasies of syntax and diction, uses of language that were just a little off." Dartmouth professor Dan Rockmore says the computers' poor performance was not entirely surprising, as "the judges were hunting for machines so they are not looking at a Hallmark card and reading the poem inside." Still, fellow Dartmouth professor Michael Casey speculates algorithms may one day be able to reproduce human-level poetic subtlety, form, and precision. He and Rockmore note algorithms currently are playing a role in selecting the content people consume, and being able to produce the content itself is an eventuality, although the artist in this instance would be the algorithm's coder.

How to Create a Malevolent Artificial Intelligence
Technology Review (05/19/16)

Although the emergent field of artificial intelligence (AI) safety studies the unintended consequences of malevolent AIs, University of Louisville researchers Federico Pistono and Roman Yampolskiy aim to correct an important oversight--how such AIs might be designed and the conditions in which they might come about. One factor that could signify possible development of a malevolent AI system is an absence of global oversight boards, which could be more likely by having the development group downplay the significance of its work and the hazards it poses. "The strategy is to disseminate conflicting information that would create doubt in the public's imagination about the dangers and opportunities of artificial general intelligence research," Pistono and Yampolskiy say. They note another telltale sign would be the existence of closed-source code underlying the AI system. Pistono and Yampolskiy are uncertain the open-sourcing of AI software is any safer, as it could give evildoers access to the software as well. Notable closed-source AI developments include Google DeepMind's Go-playing AI, but Google has provided little clarity on how its research is governed. Open source AI efforts include the OpenAI nonprofit to advance digital intelligence so it will benefit mankind without being restrained by the need for financial profitability. A major shortcoming is the practice of cybersecurity for AI lags far behind that of other software in terms of refinement.

An Open Source Toolbox for Pure Mathematics
CORDIS News (05/20/16)

The European Union-funded OPENDREAMKIT project seeks to support an ecosystem of open source mathematical software systems by promoting the technological development of open source math programs by, for example, enhancing user interfaces (UIs) and easing collaboration between research communities. OPENDREAMKIT also aims to simplify access, distribution, and portability on platforms that include high-performance computers and cloud services. The project's central element is the creation of virtual research environments (VRE) to enable groups of researchers based anywhere in the world to work collaboratively on an individual project basis. OPENDREAMKIT is pursuing this goal by adapting popular software-based math apps for use in the interactive, collaborative open source environment. The end product will be a flexible toolkit that lets researchers establish customizable VREs that can support the entire research lifecycle. The OPENDREAMKIT toolkit will be comprised of community-developed open software, databases, and services. The project team's initial effort was developing a component-based VRE architecture by adapting existing software, databases, and UI components for the mathematics sector. The toolkit is designed to improve and unify existing computational apps, and extend the Jupyter Notebook via a flexible UI so research groups of all sizes can quickly set up a tailored collaborative VRE.

Interdisciplinary UW-Led Research Team to Protect Against Advanced Persistent Threats
The Daily of the University of Washington (05/19/16) Arunabh Satpathy

An interdisciplinary team of researchers from the University of Washington (UW), the University of California, Berkeley, and others received a five-year, $7.5-million Multidisciplinary University Research Initiative (MURI) grant from the U.S. Department of Defense (DoD) to model and create defenses against advanced persistent threats (APTs). "An intelligent adversary observes the system, learns the vulnerabilities, and then chooses one or more vulnerabilities to exploit and mount an attack," says Radha Poovendran, principal investigator and director of UW's Network Security Lab. Due to the complexity of APTs, which involve multiple vulnerabilities, steps, and their requirements, the MURI grant calls for teams to be interdisciplinary in nature and pursue opportunities that "intersect more than one traditional technical discipline," says the DoD. The researchers have a range of different skills, including network security, information theory, mathematical optimization, and dynamic games. "The way we are going to look at it will be at the algorithmic level and the outcomes will be algorithms and software," Poovendran says. The researchers also acknowledge the presence of graduate and postdoctoral students as an essential part of the process. "This is a significantly different way of working because people come from very different areas, expertise, and domain knowledge and styles of working," Poovendran says.

Audio Fingerprinting Being Used to Track Web Users, Study Finds
TechCrunch (05/19/16) Natasha Lomas

Princeton University researchers have identified a new technique hackers can use to compromise Web users' privacy, as well as to quantify the ongoing usage of some better-known tracking techniques. The technique is based on fingerprinting a machine's audio stack via the AudioContext application programming interface (API). Instead of collecting sound played or recorded on a machine, the technique harvests the audio signature of the individual machine and uses that as an identifier to track a Web user. "Audio signals processed on different machines or browsers may have slight differences due to hardware or software differences between the machines, while the same combination of machine and browser will produce the same output," according to the researchers. Despite these concerns, the researchers found the audio fingerprinting technique was not widespread, nor was it being used by some of the common tracker blocker/privacy tools they also examined. They conducted measurements to follow the trackers using OpenWP, an open source tool, which enabled a wider-scale study and was able to pick up more trackers because they used a fully featured consumer browser to harvest the necessary data compared to a more stripped-down version. "Without full support for new Web technologies we would not have been able to discover and measure the use of the AudioContext API for device fingerprinting," the researchers note.

Robots Get Creative to Cut Through Clutter
Carnegie Mellon News (PA) (05/18/16) Byron Spice

Carnegie Mellon University (CMU) researchers have developed rearrangement planner software that helps robots deal with clutter. They applied the software to a two-armed mobile robot called the Home Exploring Robot Butler, and they also tested the software on the U.S. National Aeronautics and Space Administration's KRex robot. KRex used the software to find suitable paths across an obstacle-filled landscape while pushing an object. Traditional robots are good at "pick-and-place" processes, and although this skill is very useful in places in which clutter is not a problem, that is not what robots will encounter when they land on distant planets, or when "helpmate" robots are commonplace in peoples' homes. The software is designed to understand the basic physics of its world, and it can be taught to focus on certain items that might be valuable or delicate. One limitation of the system is once a robot has evaluated a situation and developed a plan to move an object, it blindly executes that plan. The researchers currently are working on providing tactile and other feedback that can alert the robot to changes and miscalculations to help it make corrections when necessary.

Domain Abuse Sinks 'Anchors of Trust'
Dark Reading (05/18/16) Kelly Jackson Higgins

Georgia Institute of Technology (Georgia Tech) researchers have developed an algorithm that identifies recycled domain names that are abusing the reputations of retired domains to evade blacklists and propagate malware. The researchers' Alembic algorithm collects Domain Name System (DNS) data on domain infrastructure and behavior to track domain abuse. The Georgia Tech study found 32 percent of all blacklisted domains were expired and recycled. Of the expired domains, 28 percent were being abused, likely to exploit once-trustworthy reputations. Although only 0.2 percent of expired domains were connected to malicious behavior, Vectra Networks' Gunter Ollmann notes the potential for malware authors to re-register sinkholed and expired domains. "There are many tens-of-millions of infected devices attached to the Internet hunting for C&C (command-and-control) domains that have been taken down at some point in time," he says. "Those victim machines can likely be controlled at some time in the future when the bad guys are able to re-acquire the forgotten C&C domains." Formerly malicious domain names also are at risk for re-registration and the monetization of those existing infections.

Big Data, Better Health Care
UDaily (DE) (05/18/16) Diane Kukich

A collaborative effort between University of Delaware (UD) researchers and Christiana Care Health System clinicians uses merged electronic health records from various institutions to enhance the coordination of care and clinical results for patients with chronic kidney disease. The researchers are employing longitudinal data culled from a large pool of patients to initially make predictions concerning hospitalization patterns and later anticipate other trends in the disease. UD professor Hagit Shatkay says a probabilistic model for hospitalization based on the data mirrors various factors, including trends in blood pressure and laboratory results, changes in medications, and the frequency of outpatient visits and phone calls. "These rich and diverse data require that we develop and examine machine learning-based methods for representation of, and prediction from, such data," Shatkay notes. The researchers' approach involves identifying the features that carry the most information about hospitalization so a more compact representation of the data can be generated, while also concentrating on interdependencies among the various measurements to boost predictive efficiency. Shatkay believes the approach her team is developing can be applied on a much broader scale. "We're figuring out ways to sift through these massive amounts of data and determine what's relevant and what's not," she says.

Autonomous Mini Rally Car Teaches Itself to Powerslide
IEEE Spectrum (05/18/16) Evan Ackerman

Researchers at the Georgia Institute of Technology are developing control algorithms that enable small-scale autonomous cars to race around dirt tracks at high speeds. The cars use real-time onboard sensing and processing to maximize their speeds while remaining stable and under control. AutoRally, their electrically-powered research platform, features a global-positioning system, an inertial measurement unit, wheel encoders, a pair of fast video cameras, and a quad-core i7 computer with a Nvidia GTX 750ti graphical-processing unit (GPU) and 32 gigabytes of random-access memory. AutoRally can calculate an optimized trajectory from the weighted average of 2,560 different trajectory possibilities, all simulated in parallel on the onboard GPU. Each of the trajectories represent the oncoming 2.5 seconds of vehicle motion, and AutoRally recomputes this optimization process 60 times every second. A test of the cars powering around a dirt track shows most crashes happened due to either software crashes and not the algorithm itself, or the vehicle having trouble adapting to changes in the track surface. The research could help prepare self-driving cars to handle potentially dangerous driving conditions.

These Are the Salary Expectations of Students Who Know How to Code
Quartz (05/18/16) Alice Truong

Devpost polled 1,700 U.S. students this spring at hacking events it organized on college campuses and found the majority of respondents expect starting salaries of at least $70,000. In addition, more than 90 percent of students who code said receiving equity as part of their compensation was somewhat or very important to them. However, respondents may be somewhat disappointed, because the starting salary for the class of 2015 was $50,561, according to data from the National Association of Colleges and Employers. Computer and information sciences majors who graduated last year earned an average salary of $65,849. Respondents also expect their salaries to rise by $20,000 to $30,000 after five years on the job market. Devpost CEO Brandon Kessler says the optimism from students reflects the surging demand for coding skills. "Wages for software developers are in fact dramatically going up, given the very real shortage of developers and the competition among companies," he notes.

Abstract News © Copyright 2016 INFORMATION, INC.
Powered by Information, Inc.

To submit feedback about ACM TechNews, contact: [email protected]
Current ACM Members: Unsubscribe/Change your email subscription by logging in at myACM.
Non-Members: Unsubscribe