Specific Application Programming Interface Research Articles

Ransomware Behavior on Windows Endpoint: An Analysis

This paper provides a comprehensive examination of ransomware behavior on Windows endpoints, exploring the intrusion mechanisms, proliferation methods, and the mitigating strategies that can be employed. It provides a comparative analysis of several ransomware families and their effects on Windows systems, culminating with suggestions for future research directions in enhancing endpoint security against ransomware attacks. In the wake of a rising number of ransomware attacks worldwide, epitomized by the damaging disruptions to the Colonial Pipeline and the Irish Health Service Executive, the persistent threat of ransomware to critical infrastructure has never been more apparent. While Windows endpoints remain primary targets, these attacks have also highlighted a less explored but crucial aspect of ransomware behavior: the exploitation of Application Programming Interface (API) calls integral to the Windows operating system. This comprehensive study provides an exhaustive investigation into the interplay between ransomware and Windows APIs, emphasizing the patterns of invocation and manipulative misuse by various ransomware families. By investigating specific API calls, such as the CryptEncrypt function in the Cryptography API for encryption, and the CreateFile and WriteFile functions in the File API for file system interaction, we illuminate the mechanisms by which ransomware carry out their damaging actions. Further, using the real-world examples drawn from the Colonial Pipeline and Irish Health Service Executive incidents, among others, the study shows how these API calls were manipulated during actual ransomware attacks. In these cases, ransomware like DarkSide and Conti used Windows APIs not just for the primary tasks of encryption and file system manipulation, but also for achieving network communication, maintaining persistence, and even thwarting detection. By presenting a comparative analysis of API call sequences in both benign and ransomware-infected Windows environments, this study serves as a critical exploration into the behavior of these malicious entities. The different patterns observed provide us with valuable insights into their operational strategies and offer opportunities for the development of detection heuristics. The insights derived from this research contribute significantly to our understanding of the behavior patterns of recent, high-profile ransomware attacks. In turn, this work aims to guide the evolution of more sophisticated, behavior-based detection mechanisms, thus strengthening the security posture of Windows endpoints. Ultimately, this study underscores the need for continuous research into API call patterns, as the cybersecurity landscape continues to face dynamic and increasingly sophisticated threats.

Understanding the potential and pitfalls of digital phenotypes to measure population mental health and wellbeing

BackgroundDigital phenotypes such as social media data are increasingly being used to infer supposed trends in population mental health and wellbeing. These methods are attractive for their potential scale and timeliness. However, many methodological aspects need investigation to establish if these approaches could be applied successfully. We aim to explore these challenges by linking digital phenotypes to high-quality epidemiological data in a birth cohort study. MethodsWe retrospectively linked social media data from Twitter for 661 consenting participants in the Avon Longitudinal Study of Parents and Children, a multigenerational population cohort study. Participants volunteered their Twitter usernames, after a series of focus groups with 14 cohort participants about the acceptability of social media data linkage. Twitter data were used to test the effectiveness of inferring mental health and wellbeing from a range of sentiment analysis algorithms in combination with behavioural and temporal features. These methods were evaluated with participant-level survey data collected during the COVID-19 pandemic (April 9, 2020, to July 3, 2020), including with the Warwick Edinburgh Mental Wellbeing Scale, the General Anxiety Disorder-7 scale, and the Mood and Feelings Questionnaire. Ethical approval for the study was obtained from the Avon Longitudinal Study of Parents and Children Ethics and Law Committee, and informed consent was obtained from participants. FindingsTwitter provides a specific Application Programming Interface for academic research, granting free access to the full history archive and thus enabling the collection of data from cohorts. The focus groups determined that data linkage with Twitter and subsequent sharing is acceptable when data are anonymised. However, publicly available data such as Twitter data can be easily identifiable, and we are therefore exploring methods that would preserve privacy more effectively for data sharing. Our initial results show that temporal features have a key influence on the sensitivity and specificity of a model for the inference of wellbeing, anxiety, and depression when used in combination with textual and behavioural features. This influence varies depending on the specific outcome measure. Ongoing analyses will establish whether extrapolating successful models to alternative population samples is possible. InterpretationEarly results suggest that different mental health and wellbeing outcomes require individual models with uniquely tuned features. Cohort studies are a rich source of training data, but attention must be given to adequate anonymisation practices. FundingThis work was supported by the Health Foundation, the Alan Turing Institute, a Philip Leverhulme Prize to CMAH, and the Medical Research Council.

A Taxonomy of Modern GPGPU Programming Methods: On the Benefits of a Unified Specification

Several Application Programming Interfaces (APIs) and frameworks have been proposed to simplify the development of General-Purpose GPU (GPGPU) applications. GPGPU application development typically involves specific customization for the target operating systems and hardware devices. The effort to port applications from one API to the other (or to develop multi-target applications) is complicated by the availability of a plethora of specifications, which in essence offers very similar underlying functionality. In this work we provide an in-depth study of six state-of-the-art GPGPU APIs. From these we derive a taxonomy of the common semantics and propose a unified specification. We describe a methodology to translate this unified specification into different target APIs. This simplifies cross-platform application development and provides a clean framework for benchmarking. Our proposed unified specification is called GUST (GPGPU Unified Specification and Translation) and it captures common functionality found in compute-only APIs (e.g., CUDA and OpenCL), in the compute pipeline of traditional graphic-oriented APIs (e.g., OpenGL and Direct3D11) and in last-generation bare-metal APIs (e.g., Vulkan and Direct3D12). The proposed translation methodology solves differences between specific APIs in a transparent manner, without hiding available tuning knobs for compute kernel optimizations and fostering best programming practices in a simple manner.

BIM and IoT Sensors Integration: A Framework for Consumption and Indoor Conditions Data Monitoring of Existing Buildings

The low accessibility to the information regarding buildings current performances causes deep difficulties in planning appropriate interventions. Internet of Things (IoT) sensors make available a high quantity of data on energy consumptions and indoor conditions of an existing building that can drive the choice of energy retrofit interventions. Moreover, the current developments in the topic of the digital twin are leading the diffusion of Building Information Modeling (BIM) methods and tools that can provide valid support to manage all data and information for the retrofit process. This paper shows the aim and the findings of research focused on testing the integrated use of BIM methodology and IoT systems. A common data platform for the visualization of building indoor conditions (e.g., temperature, luminance etc.) and of energy consumption parameters was carried out. This platform, tested on a case study located in Italy, is developed with the integration of low-cost IoT sensors and the Revit model. To obtain a dynamic and automated exchange of data between the sensors and the BIM model, the Revit software was integrated with the Dynamo visual programming platform and with a specific Application Programming Interface (API). It is an easy and straightforward tool that can provide building managers with real-time data and information about the energy consumption and the indoor conditions of buildings, but also allows for viewing of the historical sensor data table and creating graphical historical sensor data. Furthermore, the BIM model allows the management of other useful information about the building, such as dimensional data, functions, characteristics of the components of the building, maintenance status etc., which are essential for a much more conscious, effective and accurate management of the building and for defining the most suitable retrofit scenarios.

Linked Open Biodiversity Data (LOBD): A semantic application for integrating biodiversity information

Scientists frequently collect biological and environmental information over years and store it in database systems to answer their own research questions without exposing it in repositories that make it easy to find and retrieve. While in recent years the community working on biodiversity informatics has made significant strides by creating common shared vocabularies such as the Darwin Core (DwC, Wieczorek et al. 2012) and publishing mechanisms such as the Integrated Publishing Toolkit (IPT, Robertson et al. 2014), integration is largely limited to the aggregation of datasets and full interoperability has still not been achieved. In this context, The Semantic Web (SW) aims to represent information in a way that, in addition to the human-centered display purposes, it can be used autonomously by machines for integration and reuse across applications. From the biodiversity informatics point of view, interoperability and links among data sources would allow integration of information that is otherwise disconnected, enabling scientists to answer broader questions. These considerations provide strong motivations to formulate a web application considering the semantic interoperability that may provide answers to questions such as the following: (Q1) Is it possible to complement taxonomic, bibliographic and environmental information of a particular species without relying on specific Application Programming Interfaces (APIs)? (Q2) How to relate occurrences of species with environmental variables within a specific region? (Q3) What are the bibliographic references associated with a given species? (Q1) Is it possible to complement taxonomic, bibliographic and environmental information of a particular species without relying on specific Application Programming Interfaces (APIs)? (Q2) How to relate occurrences of species with environmental variables within a specific region? (Q3) What are the bibliographic references associated with a given species? With questions such as these in mind, we present the design of a proof-of-concept application: Linked Open Biodiversity Data (LOBD). LOBD uses Linked Data (LD) (Heath and Bizer 2011) to complement species occurrence information previously extracted from GBIF and converted to Resource Description Framework (RDF) (Zárate et al. 2020) with information about the taxa in question from different RDF datasets, such as Wikidata, NCBI Taxonomy, Springer Nature SciGraph and OpenCitation corpus. A simplified view of the architecture is shown in Fig. 1. To achieve semantic interoperability, we use the SPARQL query language, which allows us not to depend on specific APIs to retrieve information. The application consists of three modules: General information, where the Wikidata endpoint is used to retrieve additional information about the selected species, including links to other databases and information about the species extracted from National Center for Biotechnology Information (NCBI) Taxonomy. Bibliography, where all publications related to the species are retrieved and extracted from OpenCitation. Environment, where users can plot species on a map and add layers related to marine regions as well as environmental layers (e.g., temperature, salinity, etc). General information, where the Wikidata endpoint is used to retrieve additional information about the selected species, including links to other databases and information about the species extracted from National Center for Biotechnology Information (NCBI) Taxonomy. Bibliography, where all publications related to the species are retrieved and extracted from OpenCitation. Environment, where users can plot species on a map and add layers related to marine regions as well as environmental layers (e.g., temperature, salinity, etc). For the development of the application, we use the Shiny framework for R, access to SPARQL endpoints is done through the SPARQL package, marine regions are obtained from marineregion.org and the environmental layers are extracted from Bio-ORACLE. The data used for this article were collected by the Center for the Study of Marine Systems at the National Patagonian Sci-Tech Centre (CCT CENPAT-CONICET), and are published and available through the GBIF network. Linked Data is a powerful tool for scientists, as it allows generating new approaches to biodiversity informatics, which can help to address the data integration challenges. Users would benefit from complementing the current prevalent use of vocabularies that are not ontologically defined (like DwC) for sharing biodiversity data. Although this application is a proof of concept, it shows that with little effort, it is possible to achieve greater interoperability between datasets that were not initially represented as LD.

API Chaser: Taint-Assisted Sandbox for Evasive Malware Analysis

We propose a design and implementation for an Application Programming Interface (API) monitoring system called API Chaser, which is resistant to evasion-type anti-analysis techniques, e.g., stolen code and code injection. The core technique in API Chaser is code tainting, which enables us to identify precisely the execution of monitored instructions by propagating three types of taint tags added to the codes of API, malware, and benign executables, respectively. Additionally, we introduce taint-based control transfer interception, which is a technique to capture precisely API calls invoked from evasive malware. We evaluate API Chaser based on several real-world and synthetic malware to demonstrate the accuracy of our API hooking technique. We also perform a large-scale malware experiment by analyzing 8, 897 malware samples to show the practical capability of API Chaser. These experimental results show that 701 out of 8, 897 malware samples employ hook evasion techniques to hide specific API calls, while 344 malware ones use target evasion techniques to hide the source of API calls.

Enabling Better Interoperability for HealthCare: Lessons in Developing a Standards Based Application Programing Interface for Electronic Medical Record Systems.

We sought to enable better interoperability and easy adoption of healthcare applications by developing a standardized domain independent Application Programming Interface (API) for an Electronic Medical Record (EMR) system. We leveraged the modular architecture of the Open Medical Record System (OpenMRS) to build a Fast Healthcare Interoperability Resources (FHIR) based add-on module that could consume FHIR resources and requests made on OpenMRS. The OpenMRS FHIR module supports a subset of FHIR resources that could be used to interact with clinical data persisted in OpenMRS. We demonstrate the ease of connecting healthcare applications using the FHIR API by integrating a third party Substitutable Medical Apps & Reusable Technology (SMART) application with OpenMRS via FHIR. The OpenMRS FHIR module is an optional component of the OpenMRS platform. The FHIR API significantly reduces the effort required to implement OpenMRS by preventing developers from having to learn or work with a domain specific OpenMRS API. We propose an integration pathway where the domain specific legacy OpenMRS API is gradually retired in favor of the new FHIR API, which would be integrated into the core OpenMRS platform. Our efforts indicate that a domain independent API is a reality for any EMR system. These efforts demonstrate the adoption of an emerging FHIR standard that is seen as a replacement for both Health Level 7 (HL7) Version 2 and Version 3. We propose a gradual integration approach where our FHIR API becomes the preferred method for communicating with the OpenMRS platform.

Distributed aggregation of heterogeneous Web-based Fine Art Information: enabling multi-source accessibility and curation

AbstractThe sources of information on the Web relating to Fine Art and in particular to Fine Artists are numerous, heterogeneous and distributed. Data relating to the biographies of an artist, images of their artworks, location of the artworks and exhibition reviews invariably reside in distinct and seemingly unrelated, or at least unlinked, sources. While communication and exchange exists, there is a great deal of independence between major repositories, such as museum, often owing to their ownership or heritage. This increases the individuality in the repository’s own processes and dissemination. It is currently necessary to browse through numerous different websites to obtain information about any one artist, and at this time there is little aggregation of Fine Art Information. This is in contrast to the domain of books and music, where the aggregation and re-grouping of information (usually by author or artist/band name) has become the norm. A Museum API (Application Programming Interface), however, is a tool that can facilitate a similar information service for the domain of Fine Art, by allowing the retrieval and aggregation of Web-based Fine Art Information, whilst at the same time increasing public access to the content of a museum’s collection. In this paper, we present the case for a pragmatic solution to the problems of heterogeneity and distribution of Fine Art Data and this is the first step towards the comprehensive re-presentation of Fine Art Information in a more ‘artist-centric’ way, via accessible Web applications. This paper examines the domain of Fine Art Information on the Web, putting forward the case for more Web services such as generic Museum APIs, highlighting this via a prototype Web application known as the ArtBridge. The generic Museum API is the standardisation mechanism to enable interfacing with specific Museum APIs.

RAvis: An R-Package for Downloading Information Stored in Proyecto AVIS, a Citizen Science Bird Project

Citizen science projects store an enormous amount of information about species distribution, diversity and characteristics. Researchers are now beginning to make use of this rich collection of data. However, access to these databases is not always straightforward. Apart from the largest and international projects, citizen science repositories often lack specific Application Programming Interfaces (APIs) to connect them to the scientific environments. Thus, it is necessary to develop simple routines to allow researchers to take advantage of the information collected by smaller citizen science projects, for instance, programming specific packages to connect them to popular scientific environments (like R). Here, we present rAvis, an R-package to connect R-users with Proyecto AVIS (http://proyectoavis.com), a Spanish citizen science project with more than 82,000 bird observation records. We develop several functions to explore the database, to plot the geographic distribution of the species occurrences, and to generate personal queries to the database about species occurrences (number of individuals, distribution, etc.) and birdwatcher observations (number of species recorded by each collaborator, UTMs visited, etc.). This new R-package will allow scientists to access this database and to exploit the information generated by Spanish birdwatchers over the last 40 years.