-
GameVLM: A Decision-making Framework for Robotic Task Planning Based on Visual Language Models and Zero-sum Games
Authors:
Aoran Mei,
Jianhua Wang,
Guo-Niu Zhu,
Zhongxue Gan
Abstract:
With their prominent scene understanding and reasoning capabilities, pre-trained visual-language models (VLMs) such as GPT-4V have attracted increasing attention in robotic task planning. Compared with traditional task planning strategies, VLMs are strong in multimodal information parsing and code generation and show remarkable efficiency. Although VLMs demonstrate great potential in robotic task…
▽ More
With their prominent scene understanding and reasoning capabilities, pre-trained visual-language models (VLMs) such as GPT-4V have attracted increasing attention in robotic task planning. Compared with traditional task planning strategies, VLMs are strong in multimodal information parsing and code generation and show remarkable efficiency. Although VLMs demonstrate great potential in robotic task planning, they suffer from challenges like hallucination, semantic complexity, and limited context. To handle such issues, this paper proposes a multi-agent framework, i.e., GameVLM, to enhance the decision-making process in robotic task planning. In this study, VLM-based decision and expert agents are presented to conduct the task planning. Specifically, decision agents are used to plan the task, and the expert agent is employed to evaluate these task plans. Zero-sum game theory is introduced to resolve inconsistencies among different agents and determine the optimal solution. Experimental results on real robots demonstrate the efficacy of the proposed framework, with an average success rate of 83.3%.
△ Less
Submitted 22 May, 2024;
originally announced May 2024.
-
The Conspiracy Money Machine: Uncovering Telegram's Conspiracy Channels and their Profit Model
Authors:
Vincenzo Imperati,
Massimo La Morgia,
Alessandro Mei,
Alberto Maria Mongardini,
Francesco Sassi
Abstract:
In recent years, major social media platforms have implemented increasingly strict moderation policies, resulting in bans and restrictions on conspiracy theory-related content. To circumvent these restrictions, conspiracy theorists are turning to alternatives, such as Telegram, where they can express and spread their views with fewer limitations. Telegram offers channels -- virtual rooms where onl…
▽ More
In recent years, major social media platforms have implemented increasingly strict moderation policies, resulting in bans and restrictions on conspiracy theory-related content. To circumvent these restrictions, conspiracy theorists are turning to alternatives, such as Telegram, where they can express and spread their views with fewer limitations. Telegram offers channels -- virtual rooms where only administrators can broadcast messages -- and a more permissive content policy. These features have created the perfect breeding ground for a complex ecosystem of conspiracy channels.
In this paper, we illuminate this ecosystem. First, we propose an approach to detect conspiracy channels. Then, we discover that conspiracy channels can be clustered into four distinct communities comprising over 17,000 channels. Finally, we uncover the "Conspiracy Money Machine," revealing how most conspiracy channels actively seek to profit from their subscribers. We find conspiracy theorists leverage e-commerce platforms to sell questionable products or lucratively promote them through affiliate links. Moreover, we observe that conspiracy channels use donation and crowdfunding platforms to raise funds for their campaigns. We determine that this business involves hundreds of donors and generates a turnover of over $90 million.
△ Less
Submitted 24 October, 2023;
originally announced October 2023.
-
ASSERT: Automated Safety Scenario Red Teaming for Evaluating the Robustness of Large Language Models
Authors:
Alex Mei,
Sharon Levy,
William Yang Wang
Abstract:
As large language models are integrated into society, robustness toward a suite of prompts is increasingly important to maintain reliability in a high-variance environment.Robustness evaluations must comprehensively encapsulate the various settings in which a user may invoke an intelligent system. This paper proposes ASSERT, Automated Safety Scenario Red Teaming, consisting of three methods -- sem…
▽ More
As large language models are integrated into society, robustness toward a suite of prompts is increasingly important to maintain reliability in a high-variance environment.Robustness evaluations must comprehensively encapsulate the various settings in which a user may invoke an intelligent system. This paper proposes ASSERT, Automated Safety Scenario Red Teaming, consisting of three methods -- semantically aligned augmentation, target bootstrap**, and adversarial knowledge injection. For robust safety evaluation, we apply these methods in the critical domain of AI safety to algorithmically generate a test suite of prompts covering diverse robustness settings -- semantic equivalence, related scenarios, and adversarial. We partition our prompts into four safety domains for a fine-grained analysis of how the domain affects model performance. Despite dedicated safeguards in existing state-of-the-art models, we find statistically significant performance differences of up to 11% in absolute classification accuracy among semantically related scenarios and error rates of up to 19% absolute error in zero-shot adversarial settings, raising concerns for users' physical safety.
△ Less
Submitted 11 November, 2023; v1 submitted 14 October, 2023;
originally announced October 2023.
-
Let's Think Frame by Frame with VIP: A Video Infilling and Prediction Dataset for Evaluating Video Chain-of-Thought
Authors:
Vaishnavi Himakunthala,
Andy Ouyang,
Daniel Rose,
Ryan He,
Alex Mei,
Yujie Lu,
Chinmay Sonar,
Michael Saxon,
William Yang Wang
Abstract:
Despite exciting recent results showing vision-language systems' capacity to reason about images using natural language, their capacity for video reasoning remains under-explored. We motivate framing video reasoning as the sequential understanding of a small number of keyframes, thereby leveraging the power and robustness of vision-language while alleviating the computational complexities of proce…
▽ More
Despite exciting recent results showing vision-language systems' capacity to reason about images using natural language, their capacity for video reasoning remains under-explored. We motivate framing video reasoning as the sequential understanding of a small number of keyframes, thereby leveraging the power and robustness of vision-language while alleviating the computational complexities of processing videos. To evaluate this novel application, we introduce VIP, an inference-time challenge dataset designed to explore models' reasoning capabilities through video chain-of-thought. Inspired by visually descriptive scene plays, we propose two formats for keyframe description: unstructured dense captions and structured scene descriptions that identify the focus, action, mood, objects, and setting (FAMOuS) of the keyframe. To evaluate video reasoning, we propose two tasks: Video Infilling and Video Prediction, which test abilities to generate multiple intermediate keyframes and predict future keyframes, respectively. We benchmark GPT-4, GPT-3, and VICUNA on VIP, demonstrate the performance gap in these complex video reasoning tasks, and encourage future work to prioritize language models for efficient and generalized video reasoning.
△ Less
Submitted 9 November, 2023; v1 submitted 23 May, 2023;
originally announced May 2023.
-
Visual Chain of Thought: Bridging Logical Gaps with Multimodal Infillings
Authors:
Daniel Rose,
Vaishnavi Himakunthala,
Andy Ouyang,
Ryan He,
Alex Mei,
Yujie Lu,
Michael Saxon,
Chinmay Sonar,
Diba Mirza,
William Yang Wang
Abstract:
Recent advances in large language models elicit reasoning in a chain-of-thought that allows models to decompose problems in a human-like fashion. Though this paradigm improves multi-step reasoning ability in language models, it is limited by being unimodal and applied mainly to question-answering tasks. We claim that incorporating visual augmentation into reasoning is essential, especially for com…
▽ More
Recent advances in large language models elicit reasoning in a chain-of-thought that allows models to decompose problems in a human-like fashion. Though this paradigm improves multi-step reasoning ability in language models, it is limited by being unimodal and applied mainly to question-answering tasks. We claim that incorporating visual augmentation into reasoning is essential, especially for complex, imaginative tasks. Consequently, we introduce VCoT, a novel method that leverages chain-of-thought prompting with vision-language grounding to recursively bridge the logical gaps within sequential data. Our method uses visual guidance to generate synthetic multimodal infillings that add consistent and novel information to reduce the logical gaps for downstream tasks that can benefit from temporal reasoning, as well as provide interpretability into models' multi-step reasoning. We apply VCoT to the Visual Storytelling and WikiHow summarization datasets and demonstrate through human evaluation that VCoT offers novel and consistent synthetic data augmentation beating chain-of-thought baselines, which can be used to enhance downstream performance.
△ Less
Submitted 22 January, 2024; v1 submitted 3 May, 2023;
originally announced May 2023.
-
Users are the North Star for AI Transparency
Authors:
Alex Mei,
Michael Saxon,
Shiyu Chang,
Zachary C. Lipton,
William Yang Wang
Abstract:
Despite widespread calls for transparent artificial intelligence systems, the term is too overburdened with disparate meanings to express precise policy aims or to orient concrete lines of research. Consequently, stakeholders often talk past each other, with policymakers expressing vague demands and practitioners devising solutions that may not address the underlying concerns. Part of why this hap…
▽ More
Despite widespread calls for transparent artificial intelligence systems, the term is too overburdened with disparate meanings to express precise policy aims or to orient concrete lines of research. Consequently, stakeholders often talk past each other, with policymakers expressing vague demands and practitioners devising solutions that may not address the underlying concerns. Part of why this happens is that a clear ideal of AI transparency goes unsaid in this body of work. We explicitly name such a north star -- transparency that is user-centered, user-appropriate, and honest. We conduct a broad literature survey, identifying many clusters of similar conceptions of transparency, tying each back to our north star with analysis of how it furthers or hinders our ideal AI transparency goals. We conclude with a discussion on common threads across all the clusters, to provide clearer common language whereby policymakers, stakeholders, and practitioners can communicate concrete demands and deliver appropriate solutions. We hope for future work on AI transparency that further advances confident, user-beneficial goals and provides clarity to regulators and developers alike.
△ Less
Submitted 9 March, 2023;
originally announced March 2023.
-
TGDataset: a Collection of Over One Hundred Thousand Telegram Channels
Authors:
Massimo La Morgia,
Alessandro Mei,
Alberto Maria Mongardini
Abstract:
Telegram is one of the most popular instant messaging apps in today's digital age. In addition to providing a private messaging service, Telegram, with its channels, represents a valid medium for rapidly broadcasting content to a large audience (COVID-19 announcements), but, unfortunately, also for disseminating radical ideologies and coordinating attacks (Capitol Hill riot). This paper presents t…
▽ More
Telegram is one of the most popular instant messaging apps in today's digital age. In addition to providing a private messaging service, Telegram, with its channels, represents a valid medium for rapidly broadcasting content to a large audience (COVID-19 announcements), but, unfortunately, also for disseminating radical ideologies and coordinating attacks (Capitol Hill riot). This paper presents the TGDataset, a new dataset that includes 120,979 Telegram channels and over 400 million messages, making it the largest collection of Telegram channels to the best of our knowledge. After a brief introduction to the data collection process, we analyze the languages spoken within our dataset and the topic covered by English channels. Finally, we discuss some use cases in which our dataset can be extremely useful to understand better the Telegram ecosystem, as well as to study the diffusion of questionable news. In addition to the raw dataset, we released the scripts we used to analyze the dataset and the list of channels belonging to the network of a new conspiracy theory called Sabmyk.
△ Less
Submitted 9 March, 2023;
originally announced March 2023.
-
Foveate, Attribute, and Rationalize: Towards Physically Safe and Trustworthy AI
Authors:
Alex Mei,
Sharon Levy,
William Yang Wang
Abstract:
Users' physical safety is an increasing concern as the market for intelligent systems continues to grow, where unconstrained systems may recommend users dangerous actions that can lead to serious injury. Covertly unsafe text is an area of particular interest, as such text may arise from everyday scenarios and are challenging to detect as harmful. We propose FARM, a novel framework leveraging exter…
▽ More
Users' physical safety is an increasing concern as the market for intelligent systems continues to grow, where unconstrained systems may recommend users dangerous actions that can lead to serious injury. Covertly unsafe text is an area of particular interest, as such text may arise from everyday scenarios and are challenging to detect as harmful. We propose FARM, a novel framework leveraging external knowledge for trustworthy rationale generation in the context of safety. In particular, FARM foveates on missing knowledge to qualify the information required to reason in specific scenarios and retrieves this information with attribution to trustworthy sources. This knowledge is used to both classify the safety of the original text and generate human-interpretable rationales, shedding light on the risk of systems to specific user groups and hel** both stakeholders manage the risks of their systems and policymakers to provide concrete safeguards for consumer safety. Our experiments show that FARM obtains state-of-the-art results on the SafeText dataset, showing absolute improvement in safety classification accuracy by 5.9%.
△ Less
Submitted 19 May, 2023; v1 submitted 19 December, 2022;
originally announced December 2022.
-
A Game of NFTs: Characterizing NFT Wash Trading in the Ethereum Blockchain
Authors:
Massimo La Morgia,
Alessandro Mei,
Alberto Maria Mongardini,
Eugenio Nerio Nemmi
Abstract:
The Non-Fungible Token (NFT) market in the Ethereum blockchain experienced explosive growth in 2021, with a monthly trade volume reaching \…
▽ More
The Non-Fungible Token (NFT) market in the Ethereum blockchain experienced explosive growth in 2021, with a monthly trade volume reaching \$6 billion in January 2022. However, concerns have emerged about possible wash trading, a form of market manipulation in which one party repeatedly trades an NFT to inflate its volume artificially. Our research examines the effects of wash trading on the NFT market in Ethereum from the beginning until January 2022, using multiple approaches. We find that wash trading affects 5.66% of all NFT collections, with a total artificial volume of \$3,406,110,774. We look at two ways to profit from wash trading: Artificially increasing the price of the NFT and taking advantage of the token reward systems provided by some marketplaces. Our findings show that exploiting the token reward systems of NFTMs is much more profitable (mean gain of successful operations is \$1.055M on LooksRare), more likely to succeed (more than 80% of operations), and less risky than reselling an NFT at a higher price using wash trading (50% of activities result in a loss). Our research highlights that wash trading is frequent in Ethereum and that NFTMs should implement protective mechanisms to stop such illicit behavior.
△ Less
Submitted 11 April, 2023; v1 submitted 2 December, 2022;
originally announced December 2022.
-
Mitigating Covertly Unsafe Text within Natural Language Systems
Authors:
Alex Mei,
Anisha Kabir,
Sharon Levy,
Melanie Subbiah,
Emily Allaway,
John Judge,
Desmond Patton,
Bruce Bimber,
Kathleen McKeown,
William Yang Wang
Abstract:
An increasingly prevalent problem for intelligent technologies is text safety, as uncontrolled systems may generate recommendations to their users that lead to injury or life-threatening consequences. However, the degree of explicitness of a generated statement that can cause physical harm varies. In this paper, we distinguish types of text that can lead to physical harm and establish one particul…
▽ More
An increasingly prevalent problem for intelligent technologies is text safety, as uncontrolled systems may generate recommendations to their users that lead to injury or life-threatening consequences. However, the degree of explicitness of a generated statement that can cause physical harm varies. In this paper, we distinguish types of text that can lead to physical harm and establish one particularly underexplored category: covertly unsafe text. Then, we further break down this category with respect to the system's information and discuss solutions to mitigate the generation of text in each of these subcategories. Ultimately, our work defines the problem of covertly unsafe language that causes physical harm and argues that this subtle yet dangerous issue needs to be prioritized by stakeholders and regulators. We highlight mitigation strategies to inspire future researchers to tackle this challenging problem and help improve safety within smart systems.
△ Less
Submitted 20 March, 2023; v1 submitted 17 October, 2022;
originally announced October 2022.
-
Token Spammers, Rug Pulls, and SniperBots: An Analysis of the Ecosystem of Tokens in Ethereum and the Binance Smart Chain (BNB)
Authors:
Federico Cernera,
Massimo La Morgia,
Alessandro Mei,
Francesco Sassi
Abstract:
In this work, we perform a longitudinal analysis of the BNB Smart Chain and Ethereum blockchain from their inception to March 2022. We study the ecosystem of the tokens and liquidity pools, highlighting analogies and differences between the two blockchains. We estimate the lifetime of the tokens, discovering that about 60% of them are active for less than one day. Moreover, we find that 1% of addr…
▽ More
In this work, we perform a longitudinal analysis of the BNB Smart Chain and Ethereum blockchain from their inception to March 2022. We study the ecosystem of the tokens and liquidity pools, highlighting analogies and differences between the two blockchains. We estimate the lifetime of the tokens, discovering that about 60% of them are active for less than one day. Moreover, we find that 1% of addresses create an anomalous number of tokens (between 20% and 25%). We present an exit scam fraud and quantify its prevalence on both blockchains. We find that token spammers use short lifetime tokens as disposable tokens to perpetrate these frauds serially. Finally, we present a new kind of trader bot involved in these activities, and we detect their presence and quantify their activity in the exit scam operations.
△ Less
Submitted 14 May, 2024; v1 submitted 16 June, 2022;
originally announced June 2022.
-
Uncovering the Dark Side of Telegram: Fakes, Clones, Scams, and Conspiracy Movements
Authors:
Massimo La Morgia,
Alessandro Mei,
Alberto Maria Mongardini,
Jie Wu
Abstract:
Telegram is one of the most used instant messaging apps worldwide. Some of its success lies in providing high privacy protection and social network features like the channels -- virtual rooms in which only the admins can post and broadcast messages to all its subscribers. However, these same features contributed to the emergence of borderline activities and, as is common with Online Social Network…
▽ More
Telegram is one of the most used instant messaging apps worldwide. Some of its success lies in providing high privacy protection and social network features like the channels -- virtual rooms in which only the admins can post and broadcast messages to all its subscribers. However, these same features contributed to the emergence of borderline activities and, as is common with Online Social Networks, the heavy presence of fake accounts. Telegram started to address these issues by introducing the verified and scam marks for the channels. Unfortunately, the problem is far from being solved. In this work, we perform a large-scale analysis of Telegram by collecting 35,382 different channels and over 130,000,000 messages. We study the channels that Telegram marks as verified or scam, highlighting analogies and differences. Then, we move to the unmarked channels. Here, we find some of the infamous activities also present on privacy-preserving services of the Dark Web, such as carding, sharing of illegal adult and copyright protected content. In addition, we identify and analyze two other types of channels: the clones and the fakes. Clones are channels that publish the exact content of another channel to gain subscribers and promote services. Instead, fakes are channels that attempt to impersonate celebrities or well-known services. Fakes are hard to identify even by the most advanced users. To detect the fake channels automatically, we propose a machine learning model that is able to identify them with an accuracy of 86%. Lastly, we study Sabmyk, a conspiracy theory that exploited fakes and clones to spread quickly on the platform reaching over 1,000,000 users.
△ Less
Submitted 29 November, 2021; v1 submitted 26 November, 2021;
originally announced November 2021.
-
The Doge of Wall Street: Analysis and Detection of Pump and Dump Cryptocurrency Manipulations
Authors:
Massimo La Morgia,
Alessandro Mei,
Francesco Sassi,
Julinda Stefa
Abstract:
Cryptocurrencies are increasingly popular. Even people who are not experts have started to invest in these securities, and nowadays, cryptocurrency exchanges process transactions for over 100 billion US dollars per month. In spite of this, many cryptocurrencies have low liquidity, and therefore, they are highly prone to market manipulation. This paper performs an in-depth analysis of two market ma…
▽ More
Cryptocurrencies are increasingly popular. Even people who are not experts have started to invest in these securities, and nowadays, cryptocurrency exchanges process transactions for over 100 billion US dollars per month. In spite of this, many cryptocurrencies have low liquidity, and therefore, they are highly prone to market manipulation. This paper performs an in-depth analysis of two market manipulations organized by communities over the Internet: The pump and dump and the crowd pump. The pump and dump scheme is a fraud as old as the stock market. Now, it got new vitality in the loosely regulated market of cryptocurrencies. Groups of highly coordinated people arrange this scam, usually on Telegram and Discord. We monitored these groups for more than 3 years detecting around 900 individual events. We analyze how these communities are organized and how they carry out the fraud. We report on three case studies of pump and dump. Then, we leverage our unique dataset of the verified pump and dumps to build a machine learning model able to detect a pump and dump in 25 seconds from the moment it starts, achieving the results of 94.5% of F1-score. Then, we move on to the crowd pump, a new phenomenon that hit the news in the first months of 2021, when a Reddit community inflates the price of the GameStop stocks (GME) of over 1,900% on Wall Street, the world's largest stock exchange. Later, other Reddit communities replicate the operation on the cryptocurrency markets. The targets were Dogecoin (DOGE) and Ripple (XRP). We reconstruct how these operations developed, and we discuss differences and analogies with the standard pump and dump. Lastly, we illustrate how it is possible to leverage our classifier to detect this kind of operation too.
△ Less
Submitted 3 May, 2021;
originally announced May 2021.
-
Pump and Dumps in the Bitcoin Era: Real Time Detection of Cryptocurrency Market Manipulations
Authors:
Massimo La Morgia,
Alessandro Mei,
Francesco Sassi,
Julinda Stefa
Abstract:
In the last years, cryptocurrencies are increasingly popular. Even people who are not experts have started to invest in these securities and nowadays cryptocurrency exchanges process transactions for over 100 billion US dollars per month. However, many cryptocurrencies have low liquidity and therefore they are highly prone to market manipulation schemes. In this paper, we perform an in-depth analy…
▽ More
In the last years, cryptocurrencies are increasingly popular. Even people who are not experts have started to invest in these securities and nowadays cryptocurrency exchanges process transactions for over 100 billion US dollars per month. However, many cryptocurrencies have low liquidity and therefore they are highly prone to market manipulation schemes. In this paper, we perform an in-depth analysis of pump and dump schemes organized by communities over the Internet. We observe how these communities are organized and how they carry out the fraud. Then, we report on two case studies related to pump and dump groups. Lastly, we introduce an approach to detect the fraud in real time that outperforms the current state of the art, so to help investors stay out of the market when a pump and dump scheme is in action.
△ Less
Submitted 4 May, 2020;
originally announced May 2020.
-
GDPR: When the Right to Access Personal Data Becomes a Threat
Authors:
Luca Bufalieri,
Massimo La Morgia,
Alessandro Mei,
Julinda Stefa
Abstract:
After one year since the entry into force of the GDPR, all web sites and data controllers have updated their procedures to store users' data. The GDPR does not only cover how and what data should be saved by the service providers, but it also guarantees an easy way to know what data are collected and the freedom to export them.
In this paper, we carry out a comprehensive study on the right to ac…
▽ More
After one year since the entry into force of the GDPR, all web sites and data controllers have updated their procedures to store users' data. The GDPR does not only cover how and what data should be saved by the service providers, but it also guarantees an easy way to know what data are collected and the freedom to export them.
In this paper, we carry out a comprehensive study on the right to access data provided by Article 15 of the GDPR. We examined more than 300 data controllers, performing for each of them a request to access personal data. We found that almost each data controller has a slightly different procedure to fulfill the request and several ways to provide data back to the user, from a structured file like CSV to a screenshot of the monitor. We measure the time needed to complete the access data request and the completeness of the information provided. After this phase of data gathering, we analyze the authentication process followed by the data controllers to establish the identity of the requester. We find that 50.4\% of the data controllers that handled the request, even if they store the data in compliance with the GDPR, have flaws in the procedure of identifying the users or in the phase of sending the data, exposing the users to new threats. With the undesired and surprising result that the GDPR, in its present deployment, has actually decreased the privacy of the users of web services.
△ Less
Submitted 4 May, 2020;
originally announced May 2020.
-
Scan-and-Pay on Android is Dangerous
Authors:
Enis Ulqinaku,
Julinda Stefa,
Alessandro Mei
Abstract:
Mobile payments have increased significantly in the recent years and one-to-one money transfers are offered by a wide variety of smartphone applications. These applications usually support scan-and-pay -- a technique that allows a payer to easily scan the destination address of the payment directly from the payee's smartphone screen. This technique is pervasive because it does not require any part…
▽ More
Mobile payments have increased significantly in the recent years and one-to-one money transfers are offered by a wide variety of smartphone applications. These applications usually support scan-and-pay -- a technique that allows a payer to easily scan the destination address of the payment directly from the payee's smartphone screen. This technique is pervasive because it does not require any particular hardware, only the camera, which is present on all modern smartphones. However, in this work we show that a malicious application can exploit the overlay feature on Android to compromise the integrity of transactions that make use of the scan-and-pay technique. We implement Malview, a proof-of-concept malicious application that runs in the background on the payee's smartphone and show that it succeeds in redirecting payments to a malicious wallet. We analyze the weaknesses of the current defense mechanisms and discuss possible countermeasures against the attack.
△ Less
Submitted 24 May, 2019;
originally announced May 2019.
-
Using Hover to Compromise the Confidentiality of User Input on Android
Authors:
Enis Ulqinaku,
Luka Malisa,
Julinda Stefa,
Alessandro Mei,
Srdjan Capkun
Abstract:
We show that the new hover (floating touch) technology, available in a number of today's smartphone models, can be abused by any Android application running with a common SYSTEM_ALERT_WINDOW permission to record all touchscreen input into other applications. Leveraging this attack, a malicious application running on the system is therefore able to profile user's behavior, capture sensitive input s…
▽ More
We show that the new hover (floating touch) technology, available in a number of today's smartphone models, can be abused by any Android application running with a common SYSTEM_ALERT_WINDOW permission to record all touchscreen input into other applications. Leveraging this attack, a malicious application running on the system is therefore able to profile user's behavior, capture sensitive input such as passwords and PINs as well as record all user's social interactions. To evaluate our attack we implemented Hoover, a proof-of-concept malicious application that runs in the system background and records all input to foreground applications. We evaluated Hoover with 40 users, across two different Android devices and two input methods, stylus and finger. In the case of touchscreen input by finger, Hoover estimated the positions of users' clicks within an error of 100 pixels and keyboard input with an accuracy of 79%. Hoover captured users' input by stylus even more accurately, estimating users' clicks within 2 pixels and keyboard input with an accuracy of 98%. We discuss ways of mitigating this attack and show that this cannot be done by simply restricting access to permissions or imposing additional cognitive load on the users since this would significantly constrain the intended use of the hover technology.
△ Less
Submitted 2 August, 2017; v1 submitted 4 November, 2016;
originally announced November 2016.
-
Personal Marks and Community Certificates: Detecting Clones in Mobile Wireless Networks of Smart-Phones
Authors:
Marco Valerio Barbera,
Alessandro Mei
Abstract:
We consider the problem of detecting clones in wireless mobile adhoc networks. We assume that one of the devices of the network has been cloned. Everything, including certificates and secret keys. This can happen quite easily, because of a virus that immediately after sending all the content of the infected device to the adversary destroys itself, or just because the owner has left his device unat…
▽ More
We consider the problem of detecting clones in wireless mobile adhoc networks. We assume that one of the devices of the network has been cloned. Everything, including certificates and secret keys. This can happen quite easily, because of a virus that immediately after sending all the content of the infected device to the adversary destroys itself, or just because the owner has left his device unattended for a few minutes in a hostile environment. The problem is to detect this attack. We propose a solution in networks of mobile devices carried by individuals. These networks are composed by nodes that have the capability of using short-range communication technology like blue-tooth or Wi-Fi, where nodes are carried by mobile users, and where links appear and disappear according to the social relationships between the users. Our idea is to use social physical contacts, securely collected by wireless personal smart-phones, as a biometric way to authenticate the legitimate owner of the device and detect the clone attack. We introduce two mechanisms: Personal Marks and Community Certificates. Personal Marks is a simple cryptographic protocol that works very well when the adversary is an insider, a malicious node in the network that is part, or not very far, from the social community of the original device that has been cloned. Community Certificates work very well when the adversary is an outsider, a node that has the goal of using the stolen credentials when interacting with other nodes that are far in the social network from the original device. When combined, these mechanisms provide an excellent protection against this very strong attack. We prove our ideas and solutions with extensive simulations in a real world scenario-with mobility traces collected in a real life experiment
△ Less
Submitted 18 May, 2011;
originally announced May 2011.
-
The Smallville Effect: Social Ties Make Mobile Networks More Secure Against the Node Capture Attack
Authors:
Mauro Conti,
Roberto Di Pietro,
Andrea Gabrielli,
Luigi V. Mancini,
Alessandro Mei
Abstract:
Mobile Ad Hoc networks, due to the unattended nature of the network itself and the dispersed location of nodes, are subject to several unique security issues. One of the most vexed security threat is node capture. A few solutions have already been proposed to address this problem; however, those solutions are either centralized or focused on theoretical mobility models alone. In the former case…
▽ More
Mobile Ad Hoc networks, due to the unattended nature of the network itself and the dispersed location of nodes, are subject to several unique security issues. One of the most vexed security threat is node capture. A few solutions have already been proposed to address this problem; however, those solutions are either centralized or focused on theoretical mobility models alone. In the former case the solution does not fit well the distributed nature of the network while, in the latter case, the quality of the solutions obtained for realistic mobility models severely differs from the results obtained for theoretical models. The rationale of this paper is inspired by the observation that re-encounters of mobile nodes do elicit a form of social ties. Leveraging these ties, it is possible to design efficient and distributed algorithms that, with a moderated degree of node cooperation, enforce the emergent property of node capture detection. In particular, in this paper we provide a proof of concept proposing a set of algorithms that leverage, to different extent, node mobility and node cooperation--that is, identifying social ties--to thwart node capture attack. In particular, we test these algorithms on a realistic mobility scenario. Extensive simulations show the quality of the proposed solutions and, more important, the viability of the proposed approach.
△ Less
Submitted 11 December, 2009;
originally announced December 2009.
-
SWIM: A Simple Model to Generate Small Mobile Worlds
Authors:
Alessandro Mei,
Julinda Stefa
Abstract:
This paper presents small world in motion (SWIM), a new mobility model for ad-hoc networking. SWIM is relatively simple, is easily tuned by setting just a few parameters, and generates traces that look real--synthetic traces have the same statistical properties of real traces. SWIM shows experimentally and theoretically the presence of the power law and exponential decay dichotomy of inter-conta…
▽ More
This paper presents small world in motion (SWIM), a new mobility model for ad-hoc networking. SWIM is relatively simple, is easily tuned by setting just a few parameters, and generates traces that look real--synthetic traces have the same statistical properties of real traces. SWIM shows experimentally and theoretically the presence of the power law and exponential decay dichotomy of inter-contact time, and, most importantly, our experiments show that it can predict very accurately the performance of forwarding protocols.
△ Less
Submitted 22 January, 2009; v1 submitted 16 September, 2008;
originally announced September 2008.
-
Routing in Outer Space: Improved Security and Energy-Efficiency in Multi-Hop Wireless Networks
Authors:
Alessandro Mei,
Julinda Stefa
Abstract:
In this paper we consider security-related and energy-efficiency issues in multi-hop wireless networks. We start our work from the observation, known in the literature, that shortest path routing creates congested areas in multi-hop wireless networks. These areas are critical--they generate both security and energy efficiency issues. We attack these problems and set out routing in outer space, a…
▽ More
In this paper we consider security-related and energy-efficiency issues in multi-hop wireless networks. We start our work from the observation, known in the literature, that shortest path routing creates congested areas in multi-hop wireless networks. These areas are critical--they generate both security and energy efficiency issues. We attack these problems and set out routing in outer space, a new routing mechanism that transforms any shortest path routing protocol (or approximated versions of it) into a new protocol that, in case of uniform traffic, guarantees that every node of the network is responsible for relaying the same number of messages, on expectation. We can show that a network that uses routing in outer space does not have congested areas, does not have the associated security-related issues, does not encourage selfish positioning, and, in spite of using more energy globally, lives longer of the same network using the original routing protocol.
△ Less
Submitted 6 November, 2007;
originally announced November 2007.
-
Online Permutation Routing in Partitioned Optical Passive Star Networks
Authors:
Alessandro Mei,
Romeo Rizzi
Abstract:
This paper establishes the state of the art in both deterministic and randomized online permutation routing in the POPS network. Indeed, we show that any permutation can be routed online on a POPS network either with $O(\frac{d}{g}\log g)$ deterministic slots, or, with high probability, with $5c\lceil d/g\rceil+o(d/g)+O(\log\log g)$ randomized slots, where constant…
▽ More
This paper establishes the state of the art in both deterministic and randomized online permutation routing in the POPS network. Indeed, we show that any permutation can be routed online on a POPS network either with $O(\frac{d}{g}\log g)$ deterministic slots, or, with high probability, with $5c\lceil d/g\rceil+o(d/g)+O(\log\log g)$ randomized slots, where constant $c=\exp (1+e^{-1})\approx 3.927$. When $d=Θ(g)$, that we claim to be the "interesting" case, the randomized algorithm is exponentially faster than any other algorithm in the literature, both deterministic and randomized ones. This is true in practice as well. Indeed, experiments show that it outperforms its rivals even starting from as small a network as a POPS(2,2), and the gap grows exponentially with the size of the network. We can also show that, under proper hypothesis, no deterministic algorithm can asymptotically match its performance.
△ Less
Submitted 25 February, 2005;
originally announced February 2005.
-
Routing Permutations in Partitioned Optical Passive Star Networks
Authors:
Alessandro Mei,
Romeo Rizzi
Abstract:
It is shown that a POPS network with g groups and d processors per group can efficiently route any permutation among the n=dg processors. The number of slots used is optimal in the worst case, and is at most the double of the optimum for all permutations p such that p(i)<>i for all i.
It is shown that a POPS network with g groups and d processors per group can efficiently route any permutation among the n=dg processors. The number of slots used is optimal in the worst case, and is at most the double of the optimum for all permutations p such that p(i)<>i for all i.
△ Less
Submitted 18 September, 2001;
originally announced September 2001.