skip to main content

Search for: All records

Creators/Authors contains: "Wang, Gang"

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. Free, publicly-accessible full text available July 1, 2024
    more » « less
    Free, publicly-accessible full text available April 27, 2024
  3. Free, publicly-accessible full text available April 1, 2024
  4. Reliable methods for host-layer intrusion detection remained an open problem within computer security. Recent research has recast intrusion detection as a provenance graph anomaly detection problem thanks to concurrent advancements in machine learning and causal graph auditing. While these approaches show promise, their robustness against an adaptive adversary has yet to be proven. In particular, it is unclear if mimicry attacks, which plagued past approaches to host intrusion detection, have a similar effect on modern graph-based methods. In this work, we reveal that systematic design choices have allowed mimicry attacks to continue to abound in provenance graph host intrusion detection systems (Prov-HIDS). Against a corpus of exemplar Prov-HIDS, we develop evasion tactics that allow attackers to hide within benign process behaviors. Evaluating against public datasets, we demonstrate that an attacker can consistently evade detection (100% success rate) without modifying the underlying attack behaviors. We go on to show that our approach is feasible in live attack scenarios and outperforms domain-general adversarial sample techniques. Through open sourcing our code and datasets, this work will serve as a benchmark for the evaluation of future Prov-HIDS. 
    more » « less
  5. Free, publicly-accessible full text available May 1, 2024
  6. Free, publicly-accessible full text available April 1, 2024
  7. Today's disinformation campaigns may use deceptively altered photographs to promote a false narrative. In some cases, viewers may be unaware of the alteration and thus may more readily accept the promoted narrative. In this work, we consider whether this effect can be lessened by explaining to the viewer how an image has been manipulated. To explore this idea, we conduct a two-part study. We started with a survey (n=113) to examine whether users are indeed bad at identifying manipulated images. Our result validated this conjecture as participants performed barely better than random guessing (60% accuracy). Then we explored our main hypothesis in a second survey (n=543). We selected manipulated images circulated on the Internet that pictured political figures and opinion influencers. Participants were divided into three groups to view the original (unaltered) images, the manipulated images, and the manipulated images with explanations, respectively. Each image represents a single case study and is evaluated independently of the others. We find that simply highlighting and explaining the manipulation to users was not always effective. When it was effective, it did help to make users less agreeing with the intended messages behind the manipulation. However, surprisingly, the explanation also had an opposite (e.g.,negative) effect on users' feeling/sentiment toward the subjects in the images. Based on these results, we discuss open-ended questions which could serve as the basis for future research in this area. 
    more » « less
  8. Abstract Water resources sustainability in High Mountain Asia (HMA) surrounding the Tibetan Plateau (TP)—known as Asia’s water tower—has triggered widespread concerns because HMA protects millions of people against water stress 1,2 . However, the mechanisms behind the heterogeneous trends observed in terrestrial water storage (TWS) over the TP remain poorly understood. Here we use a Lagrangian particle dispersion model and satellite observations to attribute about 1 Gt of monthly TWS decline in the southern TP during 2003–2016 to westerlies-carried deficit in precipitation minus evaporation (PME) from the southeast North Atlantic. We further show that HMA blocks the propagation of PME deficit into the central TP, causing a monthly TWS increase by about 0.5 Gt. Furthermore, warming-induced snow and glacial melt as well as drying-induced TWS depletion in HMA weaken the blocking of HMA’s mountains, causing persistent northward expansion of the TP’s TWS deficit since 2009. Future projections under two emissions scenarios verified by satellite observations during 2020–2021 indicate that, by the end of the twenty-first century, up to 84% (for scenario SSP245) and 97% (for scenario SSP585) of the TP could be afflicted by TWS deficits. Our findings indicate a trajectory towards unsustainable water systems in HMA that could exacerbate downstream water stress. 
    more » « less