Analyzing a malware sample requires much more time and cost than creating it. To understand the behavior of a given malware sample, security analysts often make use of API call logs collected by the dynamic malware analysis tools such as a sandbox. As the amount of the log generated for a malware sample could become tremendously large, inspecting the log requires a time-consuming effort. Meanwhile, antivirus vendors usually publish malware analysis reports (vendor reports) on their websites. These malware analysis reports are the results of careful analysis done by security experts. The problem is that even though there are such analyzed examples for malware samples, associating the vendor reports with the sandbox logs is difficult. This makes security analysts not able to retrieve useful information described in vendor reports. To address this issue, we developed a system called AMAR-Generator that aims to automate the generation of malware analysis reports based on sandbox logs by making use of existing vendor reports. Aiming at a convenient assistant tool for security analysts, our system employs techniques including template matching, API behavior mapping, and malicious behavior database to produce concise human-readable reports that describe the malicious behaviors of malware programs. Through the performance evaluation, we first demonstrate that AMAR-Generator can generate human-readable reports that can be used by a security analyst as the first step of the malware analysis. We also demonstrate that AMAR-Generator can identify the malicious behaviors that are conducted by malware from the sandbox logs; the detection rates are up to 96.74%, 100%, and 74.87% on the sandbox logs collected in 2013, 2014, and 2015, respectively. We also present that it can detect malicious behaviors from unknown types of sandbox logs.

Nyquist folding receiver (NYFR) is a novel reconnaissance receiving architecture and it can realize wideband receiving with small amount of equipment. As a tradeoff of non-cooperative wideband receiving, the NYFR output will add an unknown key parameter that is called Nyquist zone (NZ) index. In this letter, we concentrate on the NZ index estimation of the NYFR output. Focusing on the basic pulse radar signals, the constant frequency signal, the binary phase coded signal and the linear frequency modulation signal are considered. The matching component function is proposed to estimate the NZ indexes of the NYFR outputs without the prior information of the signal modulation type. In addition, the relations between the matching component function and the parameters of the NYFR are discussed. Simulation results demonstrate the efficacy of the proposed method.

Permission warnings and privacy policy enforcement are widely used to inform mobile app users of privacy threats. These mechanisms disclose information about use of privacy-sensitive resources such as user location or contact list. However, it has been reported that very few users pay attention to these mechanisms during installation. Instead, a user may focus on a more user-friendly source of information: text description, which is written by a developer who has an incentive to attract user attention. When a user searches for an app in a marketplace, his/her query keywords are generally searched on text descriptions of mobile apps. Then, users review the search results, often by reading the text descriptions; i.e., text descriptions are associated with user expectation. Given these observations, this paper aims to address the following research question: What are the primary reasons that text descriptions of mobile apps fail to refer to the use of privacy-sensitive resources? To answer the research question, we performed empirical large-scale study using a huge volume of apps with our ACODE (Analyzing COde and DEscription) framework, which combines static code analysis and text analysis. We developed light-weight techniques so that we can handle hundred of thousands of distinct text descriptions. We note that our text analysis technique does not require manually labeled descriptions; hence, it enables us to conduct a large-scale measurement study without requiring expensive labeling tasks. Our analysis of 210,000 apps, including free and paid, and multilingual text descriptions collected from official and third-party Android marketplaces revealed four primary factors that are associated with the inconsistencies between text descriptions and the use of privacy-sensitive resources: (1) existence of app building services/frameworks that tend to add API permissions/code unnecessarily, (2) existence of prolific developers who publish many applications that unnecessarily install permissions and code, (3) existence of secondary functions that tend to be unmentioned, and (4) existence of third-party libraries that access to the privacy-sensitive resources. We believe that these findings will be useful for improving users' awareness of privacy on mobile software distribution platforms.

Automatic game strategy data acquisition is important for the realization of the professional strategy analysis systems by providing evaluation values such as the team status and the efficacy of plays. The key factor that influences the performance of the strategy data acquisition in volleyball game is the unknown player roles. Player role means the position with game meaning of each player in the team formation, such as the setter, attacker and blocker. The unknown player role makes individual player unreliable and loses the contribution of each player in the strategy analysis. This paper proposes a court-divisional team motion feature and a player performance curve to deal with the unknown player roles in strategy data acquisition. Firstly, the court-divisional team motion feature is proposed for the team tactical status detection. This feature reduces the influence of individual player information by summing up the ball relative motion density of all the players in divided court area, which corresponds to the different plays. Secondly, the player performance curves are proposed for the efficacy variables acquisition in attack play. The player roles candidates are detected by three features that represent the entire process of a player starting to rush (or jump) to the ball and hit the ball: the ball relative distance, ball approach motion and the attack motion feature. With the 3D ball trajectories and multiple players' positions tracked from multi-view volleyball game videos, the experimental detection rate of each team status (attack, defense-ready, offense-ready and offense status) are 75.2%, 84.2%, 79.7% and 81.6%. And for the attack efficacy variables acquisition, the average precision of the set zone, the number of available attackers, the attack tempo and the number of blockers are 100%, 100%, 97.8%, and 100%, which achieve 8.3% average improvement compared with manual acquisition.

The aim of this work is to develop a method for the simultaneous analysis of multiple groups and their members based on hierarchical tensor manifold modeling. The method is particularly designed to analyze multiple teams, such as sports teams and business teams. The proposed method represents members' data using a nonlinear manifold for each team, and then these manifolds are further modeled using another nonlinear manifold in the model space. For this purpose, the method estimates the role of each member in the team, and discovers correspondences between members that play similar roles in different teams. The proposed method was applied to basketball league data, and it demonstrated the ability of knowledge discovery from players' statistics. We also demonstrated that the method could be used as a general tool for multi-level multi-group analysis by applying it to marketing data.

We studied complicated superstable periodic orbits (SSPOs) in a spiking neuron model with a rectangular threshold signal. The neuron exhibited SSPOs with various periods that changed dramatically when we varied the parameter space. Using a one-dimensional return map defined by the spike phase, we evaluated period changes and showed its complicated distribution. Finally, we constructed a test circuit to confirm the typical phenomena displayed by the mathematical model.

Hazes with various properties spread widely across flat areas with depth continuities and corner areas with depth discontinuities. Removing haze from a single hazy image is difficult due to its ill-posed nature. To solve this problem, this study proposes a modified hybrid median filter that performs a median filter to preserve the edges of flat areas and a hybrid median filter to preserve depth discontinuity corners. Recovered scene radiance, which is obtained by removing hazy particles, restores image visibility using adaptive nonlinear curves for dynamic range expansion. Using comparative studies and quantitative evaluations, this study shows that the proposed method achieves similar or better results than those of other state-of-the-art methods.

A fusion framework between CNN and RNN is proposed dedicatedly for air-writing recognition. By modeling the air-writing using both spatial and temporal features, the proposed network can learn more information than existing techniques. Performance of the proposed network is evaluated by using the alphabet and numeric datasets in the public database namely the 6DMG. Average accuracy of the proposed fusion network outperforms other techniques, i.e. 99.25% and 99.83% are observed in the alphabet gesture and the numeric gesture, respectively. Simplified structure of RNN is also proposed, which can attain about two folds speed-up of ordinary BLSTM network. It is also confirmed that only the distance between consecutive sampling points is enough to attain high recognition performance.

Mining software repositories allow software practitioners to improve the quality of software systems and to support maintenance based on historical data. Such data is scattered across autonomous and heterogeneous information sources, such as version control, bug tracking and build automation systems. Despite having many tools to track and measure the data originated from such repositories, software practitioners often suffer from a scarcity of the techniques necessary to dynamically leverage software repositories to fulfill their complex information needs. For example, answering a question such as “What is the number of commits between two successful builds?” requires tiresome manual inspection of multiple repositories. As a solution, this paper presents a conceptual framework and a proof of concept visual query interface to satisfy distinct software quality related information needs of software practitioners. The data originated from repositories is integrated and analyzed to perform systematic investigations, which helps to uncover hidden relationships between software quality and trends of software evolution. This approach has several significant benefits such as the ability to perform real-time analyses, the ability to combine data from various software repositories and generate queries dynamically. The framework evaluated with 31 subjects by using a series of questions categorized into three software evolution scenarios. The evaluation results evidently show that our framework surpasses the state of the art tools in terms of correctness, time and usability.

A novel secure spatial modulation (SM) scheme based on dynamic multi-parameter weighted-type fractional Fourier transform (WFRFT), abbreviated as SMW, is proposed. Each legitimate transmitter runs WFRFT on the spatially modulated super symbols before transmit antennas, the parameters of which are dynamically updated using the transmitting bits. Each legitimate receiver runs inverse WFRFT to demodulate the received signals, the parameters of which are also dynamically generated using the recovered bits with the same updating strategies as the transmitter. The dynamic update strategies of WFRFT parameters are designed. As a passive eavesdropper is ignorant of the initial WFRFT parameters and the dynamic update strategies, which are indicated by the transmitted bits, it cannot recover the original information, thereby guaranteeing the communication security between legitimate transmitter and receiver. Besides, we formulate the maximum likelihood (ML) detector and analyze the secrecy capacity and the upper bound of BER. Simulations demonstrate that the proposed SMW scheme can achieve a high level of secrecy capacity and maintain legitimate receiver's low BER performance while deteriorating the eavesdropper's BER.

In this letter, we consider the harvested-energy fairness problem in cognitive multicast systems with simultaneous wireless information and power transfer. In the cognitive multicast system, a cognitive transmitter with multi-antenna sends the same information to cognitive users in the presence of licensed users, and cognitive users can decode information and harvest energy with a power-splitting structure. The harvested-energy fairness problem is formulated and solved by using two proposed algorithms, which are based on semidefinite relaxation with majorization-minimization method, and sequential parametric convex approximation with feasible point pursuit technique, respectively. Finally, the performances of the proposed solutions and baseline schemes are verified by simulation results.

Sparse code multiple access (SCMA) based on the message passing algorithm (MPA) for multiuser detection is a competitive non-orthogonal multiple access technique for fifth-generation wireless communication networks Among the existing multiuser detection schemes for uplink (UP) SCMA systems, the serial MPA (S-MPA) scheme, where messages are updated sequentially, generally converges faster than the conventional MPA (C-MPA) scheme, where all messages are updated in a parallel manner. In this paper, the optimization of message scheduling in the S-MPA scheme is proposed. Firstly, some statistical results for the probability density function (PDF) of the received signal are obtained at various signal-to-noise ratios (SNR) by using the Monte Carlo method. Then, based on the non-orthogonal property of SCMA, the data mapping relationship between resource nodes and user nodes is comprehensively analyzed. A partial codeword transmission of S-MPA (PCTS-MPA) with threshold decision scheme of PDF is proposed and verified. Simulations show that the proposed PCTS-MPA not only reduces the complexity of MPA without changing the bit error ratio (BER), but also has a faster convergence than S-MPA, especially at high SNR values.

Accurate visual correspondence is the foundation of many computer vision based applications. Since existing image matching algorithms generate mismatches inevitably, a reliable mismatch-removal algorithm is highly desired to remove mismatches and preserve true matches. This paper proposes a hierarchical progressive trust (HPT) model to solve this problem. The HPT model first adopts a “trust the most trustworthy ones” strategy to select anchor inliers in its bottom layer, and then progressively propagates the trust from bottom layer to other layers in a bottom-up way: 1) bottom layer verifies anchor inliers with the guidance of local features; 2) middle layers progressively estimate local transformations and perform local verifications; 3) top layer estimates a global transformation with an anchor-inliers-guided expectation maximization (EM) algorithm and performs global verifications. Experimental results show that the proposed HPT model achieves higher performance than state-of-the-art mismatch-removal methods under both rigid transformations and non-rigid deformations.

A significant portion of computational resources of embedded systems for visual detection is dedicated to feature extraction, and this severely affects the detection accuracy and processing performance of the system. To solve this problem, we propose a feature descriptor based on histograms of oriented gradients (HOG) consisting of simple linear algebra that can extract equivalent information to the conventional HOG feature descriptor at a low computational cost. In an evaluation, a leading-edge detection algorithm with this decomposed vector HOG (DV-HOG) achieved equivalent or better detection accuracy compared with conventional HOG feature descriptors. A hardware implementation of DV-HOG occupies approximately 14.2 times smaller cell area than that of a conventional HOG implementation.

It is essential to improve intra prediction performance to raise the efficiency of video coding. In video coding standards such as H.265/HEVC, intra prediction is seen as an extension of directional prediction schemes, examples include refinement of directions, planar extension, filtering reference sampling, and so on. From the view point of reducing prediction error, some improvements on intra prediction for standardized schemes have been suggested. However, on the assumption that the correlation between neighboring pixels are static, these conventional methods use pre-defined predictors regardless of the image being encoded. Therefore, these conventional methods cannot reduce prediction error if the images break the assumption made in prediction design. On the other hand, adaptive predictors that change the image being encoded may offer poor coding efficiency due to the overhead of the additional information needed for adaptivity. This paper proposes an adaptive intra prediction scheme that resolves the trade-off between prediction error and adaptivity overhead. The proposed scheme is formulated as a constrained optimization problem that minimizes prediction error under sparsity constraints on the prediction coefficients. In order to solve this problem, a novel solver is introduced as an extension of LARS for multi-class support. Experiments show that the proposed scheme can reduce the amount of encoded bits by 1.21% to 3.24% on average compared to HM16.7.

We propose the cube-based perceptual encryption (C-PE), which consists of cube scrambling, cube rotation, cube negative/positive transformation, and cube color component shuffling, and describe its application to the encryption-then-compression (ETC) system of Motion JPEG (MJPEG). Especially, cube rotation replaces the blocks in the original frames with ones in not only the other frames but also the depth-wise cube sides (spatiotemporal sides) unlike conventional block-based perceptual encryption (B-PE). Since it makes intra-block observation more difficult and prevents unauthorized decryption from only a single frame, it is more robust than B-PE against attack methods without any decryption key. However, because the encrypted frames including the blocks from the spatiotemporal sides affect the MJPEG compression performance slightly, we also devise a version of C-PE with no spatiotemporal sides (NSS-C-PE) that hardly affects compression performance. C-PE makes the encrypted video sequence robust against the only single frame-based algorithmic brute force (ABF) attack with only 21 cubes. The experimental results show the compression efficiency and encryption robustness of the C-PE/NSS-C-PE-based ETC system. C-PE-based ETC system shows mixed results depending on videos, whereas NSS-C-PE-based ETC system shows that the BD-PSNR can be suppressed to about -0.03dB not depending on videos.

This paper proposes gain relaxation in signal enhancement designed for speech recognition. Gain relaxation selectively applies softer enhancement of a target signal to eliminate potential degradation in speech recognition caused by small undesirable distortion in the target signal components. The softer enhancement is a solution to overlooked performance degradation in signal enhancement combined with speech recognition which is encountered in commercial products with an unaware small local noise source. Evaluation of directional interference suppression with signals recorded by a commercial PC (personal computer) demonstrates that signal enhancement over the input is achieved without sacrificing the performance for clean speech.

Adaptive noise cancellation using adaptive filters is a known method for removing noise that interferes with signal measurements. The adaptive noise canceller performs filtering based on the current situation through a windowing process. The shape of the window function determines the tracking performance of the adaptive noise canceller with respect to the fluctuation of the property of the unknown system that noise (reference signal) passes. However, the shape of the window function in the field of adaptive filtering has not yet been considered in detail. This study mathematically treats the effect of the window function on the adaptive noise canceller and proposes an optimization method for the window function in situations where offline processing can be performed, such as biomedical signal measurements. We also demonstrate the validity of the optimized window function through numerical experiments.

Android app developers sometimes copy code snippets posted on a question-and-answer (Q&A) website and use them in their apps. However, if a code snippet has vulnerabilities, Android apps containing the vulnerable snippet could also have the same vulnerabilities. Despite this, the effect of such vulnerable snippets on the Android apps has not been investigated in depth. In this paper, we investigate the correspondence between the vulnerable code snippets and vulnerable apps. we collect code snippets from a Q&A website, extract possibly vulnerable snippets, and calculate similarity between those snippets and bytecode on vulnerable apps. Our experimental results show that 15.8% of all evaluated apps that have SSL implementation vulnerabilities (Improper host name verification), 31.7% that have SSL certificate verification vulnerabilities, and 3.8% that have WEBVIEW remote code execution vulnerabilities contain possibly vulnerable code snippets from Stack Overflow. In the worst case, a single problematic snippet has caused 4,844 apps to contain a vulnerability, accounting for 31.2% of all collected apps with that vulnerability.

To improve detection performance for a reconnaissance receiver, which is designed to detect the non-cooperative MIMO-LFM radar signal under low SNR condition, this letter proposed a novel signal detection method. This method is based on Fractional Fourier Transform with entropy weight (FRFTE) and autocorrelation algorithm. In addition, the flow chart and feasibility of the proposed algorithm are analyzed. Finally, applying our method to Wigner Hough Transform (WHT), we demonstrate the superiority of this method by simulation results.