[Design and support performance evaluation of medical multi-position auxiliary support exoskeleton mechanism].

Aiming at the status of muscle and joint damage caused on surgeons keeping surgical posture for a long time, this paper designs a medical multi-position auxiliary support exoskeleton with multi-joint mechanism by analyzing the surgical postures and conducting conformational studies on different joints respectively. Then by establishing a human-machine static model, this study obtains the joint torque and joint force before and after the human body wears the exoskeleton, and calibrates the strength of the exoskeleton with finite element analysis software. The results show that the maximum stress of the exoskeleton is less than the material strength requirements, the overall deformation is small, and the structural strength of the exoskeleton meets the use requirements. Finally, in this study, subjects were selected to participate in the plantar pressure test and biomechanical simulation with the man-machine static model, and the results were analyzed in terms of plantar pressure, joint torque and joint force, muscle force and overall muscle metabolism to assess the exoskeleton support performance. The results show that the exoskeleton has better support for the whole body and can reduce the musculoskeletal burden. The exoskeleton mechanism in this study better matches the actual working needs of surgeons and provides a new paradigm for the design of medical support exoskeleton mechanism.

Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping Study.

Security is a significant priority for cloud-native systems, regardless of the system size and complexity. Therefore, one must utilize a set of defensive mechanisms or controls to protect the system from exploitation by potential adversaries. There is an expanding amount of research on security issues, including attacks against individual microservices or overall systems and their corresponding defense mechanism options. This study intends to provide a comprehensive overview of currently used defense mechanisms involving static analysis that can detect and react against associated attacks and vulnerabilities. We present a systematic literature review that extracts current approaches for the security analysis of microservices and the violation of security principles. We gathered 1049 relevant publications, of which 50 were selected as primary studies. We are providing practitioners and developers with a structured survey of the existing literature of defensive solutions for microservice architectures and cloud-native systems to aid them in identifying applicable solutions for their systems.

A Survey of the Security Analysis of Embedded Devices.

Embedded devices are pervasive nowadays with the rapid development of the Internet of Things (IoT). This brings significant security issues that make the security analysis of embedded devices important. This paper presents a survey on the security analysis research of embedded devices. First, we analyze the embedded device types and their operating systems. Then, we describe a major dynamic security analysis method for an embedded device, i.e., simulating the firmware of the embedded device and performing fuzzing on the web interface provided by the firmware. Third, we discuss some other issues in embedded security analysis, such as analyzing the attack surface, applying static analysis, and performing large-scale analysis. Based on these analyses, we finally conclude three challenges in the current research and present our insights for future research directions.

Detection of Android Malware in the Internet of Things through the K-Nearest Neighbor Algorithm.

Predicting attacks in Android malware devices using machine learning for recommender systems-based IoT can be a challenging task. However, it is possible to use various machine-learning techniques to achieve this goal. An internet-based framework is used to predict and recommend Android malware on IoT devices. As the prevalence of Android devices grows, the malware creates new viruses on a regular basis, posing a threat to the central system's security and the privacy of the users. The suggested system uses static analysis to predict the malware in Android apps used by consumer devices. The training of the presented system is used to predict and recommend malicious devices to block them from transmitting the data to the cloud server. By taking into account various machine-learning methods, feature selection is performed and the K-Nearest Neighbor (KNN) machine-learning model is proposed. Testing was carried out on more than 10,000 Android applications to check malicious nodes and recommend that the cloud server block them. The developed model contemplated all four machine-learning algorithms in parallel, i.e., naive Bayes, decision tree, support vector machine, and the K-Nearest Neighbor approach and static analysis as a feature subset selection algorithm, and it achieved the highest prediction rate of 93% to predict the malware in real-world applications of consumer devices to minimize the utilization of energy. The experimental results show that KNN achieves 93%, 95%, 90%, and 92% accuracy, precision, recall and f1 measures, respectively.

E2E-RDS: Efficient End-to-End Ransomware Detection System Based on Static-Based ML and Vision-Based DL Approaches.

Nowadays, ransomware is considered one of the most critical cyber-malware categories. In recent years various malware detection and classification approaches have been proposed to analyze and explore malicious software precisely. Malware originators implement innovative techniques to bypass existing security solutions. This paper introduces an efficient End-to-End Ransomware Detection System (E2E-RDS) that comprehensively utilizes existing Ransomware Detection (RD) approaches. E2E-RDS considers reverse engineering the ransomware code to parse its features and extract the important ones for prediction purposes, as in the case of static-based RD. Moreover, E2E-RDS can keep the ransomware in its executable format, convert it to an image, and then analyze it, as in the case of vision-based RD. In the static-based RD approach, the extracted features are forwarded to eight various ML models to test their detection efficiency. In the vision-based RD approach, the binary executable files of the benign and ransomware apps are converted into a 2D visual (color and gray) images. Then, these images are forwarded to 19 different Convolutional Neural Network (CNN) models while exploiting the substantial advantages of Fine-Tuning (FT) and Transfer Learning (TL) processes to differentiate ransomware apps from benign apps. The main benefit of the vision-based approach is that it can efficiently detect and identify ransomware with high accuracy without using data augmentation or complicated feature extraction processes. Extensive simulations and performance analyses using various evaluation metrics for the proposed E2E-RDS were investigated using a newly collected balanced dataset that composes 500 benign and 500 ransomware apps. The obtained outcomes demonstrate that the static-based RD approach using the AB (Ada Boost) model achieved high classification accuracy compared to other examined ML models, which reached 97%. While the vision-based RD approach achieved high classification accuracy, reaching 99.5% for the FT ResNet50 CNN model. It is declared that the vision-based RD approach is more cost-effective, powerful, and efficient in detecting ransomware than the static-based RD approach by avoiding feature engineering processes. Overall, E2E-RDS is a versatile solution for end-to-end ransomware detection that has proven its high efficiency from computational and accuracy perspectives, making it a promising solution for real-time ransomware detection in various systems.

Nanomechanical study of aqueous-processed h-BN reinforced PVA composites.

Hexagonal boron nitride (h-BN) as a filler has significantly improved the mechanical properties of various polymers composites. Among them, polyvinyl alcohol (PVA) is particularly important for its wide range of industrial applications and biocompatibility nature. However, preparing a homogenous composite of h-BN and PVA in water is troublesome as the aqueous processing of h-BN without any additives is challenging. In this context, a pre-processing technique is used to produce an additive-free aqueous dispersion of h-BN. The uniformly dispersed composites are then prepared with different concentrations of h-BN. Free-standing thin films are fabricated using the doctor blade technique, and nanoindentation is employed to understand their deformation behaviour at smaller length scale for better understanding of micro-mechanism involved. Reduced elastic modulus and hardness of 10 wt% h-BN/PVA composite film are enhanced by ∼93% and ∼159%, respectively, compared to pristine PVA. Frequency sweep dynamic mechanical analysis is performed between 1 and 50 Hz, and the elastic properties of composite materials are found to improve significantly upon addition of h-BN nanosheets. Besides, the impact of h-BN incorporation in stress relaxation behaviour and hardness depth profiling are also investigated. The observed improvement in mechanical properties of the composites may be attributed to the uniform distribution of the nanosheets and the strong interfacial interaction between h-BN and PVA, which ensures efficient mechanical stress transfer at the interface.

Detecting Malware by Analyzing App Permissions on Android Platform: A Systematic Literature Review.

Smartphone adaptation in society has been progressing at a very high speed. Having the ability to run on a vast variety of devices, much of the user base possesses an Android phone. Its popularity and flexibility have played a major role in making it a target of different attacks via malware, causing loss to users, both financially and from a privacy perspective. Different malware and their variants are emerging every day, making it a huge challenge to come up with detection and preventive methodologies and tools. Research has spawned in various directions to yield effective malware detection mechanisms. Since malware can adopt different ways to attack and hide, accurate analysis is the key to detecting them. Like any usual mobile app, malware requires permission to take action and use device resources. There are 235 total permissions that the Android app can request on a device. Malware takes advantage of this to request unnecessary permissions, which would enable those to take malicious actions. Since permissions are critical, it is important and challenging to identify if an app is exploiting permissions and causing damage. The focus of this article is to analyze the identified studies that have been conducted with a focus on permission analysis for malware detection. With this perspective, a systematic literature review (SLR) has been produced. Several papers have been retrieved and selected for detailed analysis. Current challenges and different analyses were presented using the identified articles.

MFDroid: A Stacking Ensemble Learning Framework for Android Malware Detection.

As Android is a popular a mobile operating system, Android malware is on the rise, which poses a great threat to user privacy and security. Considering the poor detection effects of the single feature selection algorithm and the low detection efficiency of traditional machine learning methods, we propose an Android malware detection framework based on stacking ensemble learning-MFDroid-to identify Android malware. In this paper, we used seven feature selection algorithms to select permissions, API calls, and opcodes, and then merged the results of each feature selection algorithm to obtain a new feature set. Subsequently, we used this to train the base learner, and set the logical regression as a meta-classifier, to learn the implicit information from the output of base learners and obtain the classification results. After the evaluation, the F1-score of MFDroid reached 96.0%. Finally, we analyzed each type of feature to identify the differences between malicious and benign applications. At the end of this paper, we present some general conclusions. In recent years, malicious applications and benign applications have been similar in terms of permission requests. In other words, the model of training, only with permission, can no longer effectively or efficiently distinguish malicious applications from benign applications.

Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches.

Ensuring security for modern IoT systems requires the use of complex methods to analyze their software. One of the most in-demand methods that has repeatedly been proven to be effective is static analysis. However, the progressive complication of the connections in IoT systems, the increase in their scale, and the heterogeneity of elements requires the automation and intellectualization of manual experts' work. A hypothesis to this end is posed that assumes the applicability of machine-learning solutions for IoT system static analysis. A scheme of this research, which is aimed at confirming the hypothesis and reflecting the ontology of the study, is given. The main contributions to the work are as follows: systematization of static analysis stages for IoT systems and decisions of machine-learning problems in the form of formalized models; review of the entire subject area publications with analysis of the results; confirmation of the machine-learning instrumentaries applicability for each static analysis stage; and the proposal of an intelligent framework concept for the static analysis of IoT systems. The novelty of the results obtained is a consideration of the entire process of static analysis (from the beginning of IoT system research to the final delivery of the results), consideration of each stage from the entirely given set of machine-learning solutions perspective, as well as formalization of the stages and solutions in the form of "Form and Content" data transformations.

On the adequacy of static analysis warnings with respect to code smell prediction.

Code smells are poor implementation choices that developers apply while evolving source code and that affect program maintainability. Multiple automated code smell detectors have been proposed: while most of them relied on heuristics applied over software metrics, a recent trend concerns the definition of machine learning techniques. However, machine learning-based code smell detectors still suffer from low accuracy: one of the causes is the lack of adequate features to feed machine learners. In this paper, we face this issue by investigating the role of static analysis warnings generated by three state-of-the-art tools to be used as features of machine learning models for the detection of seven code smell types. We conduct a three-step study in which we (1) verify the relation between static analysis warnings and code smells and the potential predictive power of these warnings; (2) build code smell prediction models exploiting and combining the most relevant features coming from the first analysis; (3) compare and combine the performance of the best code smell prediction model with the one achieved by a state of the art approach. The results reveal the low performance of the models exploiting static analysis warnings alone, while we observe significant improvements when combining the warnings with additional code metrics. Nonetheless, we still find that the best model does not perform better than a random model, hence leaving open the challenges related to the definition of ad-hoc features for code smell prediction.

An empirical investigation on the challenges of creating custom static analysis rules for defect localization.

Custom static analysis rules, i.e., rules specific for one or more applications, have been successfully applied to perform corrective and preventive software maintenance. Pattern-driven maintenance (PDM) is a method designed to support the creation of such rules during software maintenance. However, as PDM was recently proposed, few maintainers have reported on its usage. Hence, the challenges and skills needed to apply PDM properly are unknown. In this paper, we investigate the challenges faced by maintainers on applying PDM for creating custom static analysis rules for defect localization. We conducted an observational study on novice maintainers creating custom static analysis rules by applying PDM. The study was divided into three tasks: (i) identifying a defect pattern, (ii) programming a static analysis rule to locate instances of the pattern, and (iii) verifying the located instances. We analyzed the efficiency and acceptance of maintainers on applying PDM and their comments on task challenges. We observed that previous knowledge on debugging, the subject software, and related technologies influenced the performance of maintainers as well as the time to learn the technology involved in rule programming. The results strengthen our confidence that PDM can help maintainers in producing custom static analysis rules for locating defects. However, a proper selection and training of maintainers is needed to apply PDM effectively. Also, using a higher level of abstraction can ease static analysis rule programming for novice maintainers.

Efficient Feature Selection for Static Analysis Vulnerability Prediction.

Common software vulnerabilities can result in severe security breaches, financial losses, and reputation deterioration and require research effort to improve software security. The acceleration of the software production cycle, limited testing resources, and the lack of security expertise among programmers require the identification of efficient software vulnerability predictors to highlight the system components on which testing should be focused. Although static code analyzers are often used to improve software quality together with machine learning and data mining for software vulnerability prediction, the work regarding the selection and evaluation of different types of relevant vulnerability features is still limited. Thus, in this paper, we examine features generated by SonarQube and CCCC tools, to identify those that can be used for software vulnerability prediction. We investigate the suitability of thirty-three different features to train thirteen distinct machine learning algorithms to design vulnerability predictors and identify the most relevant features that should be used for training. Our evaluation is based on a comprehensive feature selection process based on the correlation analysis of the features, together with four well-known feature selection techniques. Our experiments, using a large publicly available dataset, facilitate the evaluation and result in the identification of small, but efficient sets of features for software vulnerability prediction.

The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT's Low-End Devices.

Internet of Things Operating Systems (IoT OSs) run, manage and control IoT devices. Therefore, it is important to secure the source code for IoT OSs, especially if they are deployed on devices used for human care and safety. In this paper, we report the results of our investigations of the security status and the presence of security vulnerabilities in the source code of the most popular open source IoT OSs. Through this research, three Static Analysis Tools (Cppcheck, Flawfinder and RATS) were used to examine the code of sixteen different releases of four different C/C++ IoT OSs, with 48 examinations, regarding the presence of vulnerabilities from the Common Weakness Enumeration (CWE). The examination reveals that IoT OS code still suffers from errors that lead to security vulnerabilities and increase the opportunity of security breaches. The total number of errors in IoT OSs is increasing from version to the next, while error density, i.e., errors per 1K of physical Source Lines of Code (SLOC) is decreasing chronologically for all IoT Oss, with few exceptions. The most prevalent vulnerabilities in IoT OS source code were CWE-561, CWE-398 and CWE-563 according to Cppcheck, (CWE-119!/CWE-120), CWE-120 and CWE-126 according to Flawfinder, and CWE-119, CWE-120 and CWE-134 according to RATS. Additionally, the CodeScene tool was used to investigate the development of the evolutionary properties of IoT OSs and the relationship between them and the presence of IoT OS vulnerabilities. CodeScene reveals strong positive correlation between the total number of security errors within IoT OSs and SLOC, as well as strong negative correlation between the total number of security errors and Code Health. CodeScene also indicates strong positive correlation between security error density (errors per 1K SLOC) and the presence of hotspots (frequency of code changes and code complexity), as well as strong negative correlation between security error density and the Qualitative Team Experience, which is a measure of the experience of the IoT OS developers.

OpCode-Level Function Call Graph Based Android Malware Classification Using Deep Learning.

Due to the openness of an Android system, many Internet of Things (IoT) devices are running the Android system and Android devices have become a common control terminal for IoT devices because of various sensors on them. With the popularity of IoT devices, malware on Android-based IoT devices is also increasing. People's lives and privacy security are threatened. To reduce such threat, many researchers have proposed new methods to detect Android malware. Currently, most malware detection products on the market are based on malware signatures, which have a fast detection speed and normally a low false alarm rate for known malware families. However, they cannot detect unknown malware and are easily evaded by malware that is confused or packaged. Many new solutions use syntactic features and machine learning techniques to classify Android malware. It has been known that analysis of the Function Call Graph (FCG) can capture behavioral features of malware well. This paper presents a new approach to classifying Android malware based on deep learning and OpCode-level FCG. The FCG is obtained through static analysis of Operation Code (OpCode), and the deep learning model we used is the Long Short-Term Memory (LSTM). We conducted experiments on a dataset with 1796 Android malware samples classified into two categories (obtained from Virusshare and AndroZoo) and 1000 benign Android apps. Our experimental results showed that our proposed approach with an accuracy of 97 % outperforms the state-of-the-art methods such as those proposed by Nikola et al. and Hou et al. (IJCAI-18) with the accuracy of 97 % and 91 % , respectively. The time consumption of our proposed approach is less than the other two methods.

3D Printed Robot Hand Structure Using Four-Bar Linkage Mechanism for Prosthetic Application.

Trans-radial prosthesis is a wearable device that intends to help amputees under the elbow to replace the function of the missing anatomical segment that resembles an actual human hand. However, there are some challenging aspects faced mainly on the robot hand structural design itself. Improvements are needed as this is closely related to structure efficiency. This paper proposes a robot hand structure with improved features (four-bar linkage mechanism) to overcome the deficiency of using the cable-driven actuated mechanism that leads to less structure durability and inaccurate motion range. Our proposed robot hand structure also took into account the existing design problems such as bulky structure, unindividual actuated finger, incomplete fingers and a lack of finger joints compared to the actual finger in its design. This paper presents the improvements achieved by applying the proposed design such as the use of a four-bar linkage mechanism instead of using the cable-driven mechanism, the size of an average human hand, five-fingers with completed joints where each finger is moved by motor individually, joint protection using a mechanical stopper, detachable finger structure from the palm frame, a structure that has sufficient durability for everyday use and an easy to fabricate structure using 3D printing technology. The four-bar linkage mechanism is the use of the solid linkage that connects the actuator with the structure to allow the structure to move. The durability was investigated using static analysis simulation. The structural details and simulation results were validated through motion capture analysis and load test. The motion analyses towards the 3D printed robot structure show 70-98% similar motion range capability to the designed structure in the CAD software, and it can withstand up to 1.6 kg load in the simulation and the real test. The improved robot hand structure with optimum durability for prosthetic uses was successfully developed.

Simulation-Based Design and Optimization of Accelerometers Subject to High-Temperature and High-Impact Loads.

Due to multi-factor coupling behavior, the performance evaluation of an accelerometer subject to high-temperature and high-impact loads poses a significant challenge during its design phase. In this paper, the simulation-based method is applied to optimize the design of the accelerometer. The proposed method can reduce the uncertainties and improve the fidelity of the simulation in the sense that (i) the preloading conditions of fasteners are taken into consideration and modeled in static analysis; (ii) all types of loadings, including bolt preloads, thermal loads, and impact loads, are defined in virtual dynamic prototype of the accelerometer. It is our finding that from static and dynamic analysis, an accelerometer is exposed to the risk of malfunction and even a complete failure if the temperature rises to a certain limit; it has been proved that the thermal properties of sensing components are the most critical factors for an accelerometer to achieve its desired performance. Accordingly, we use a simulation-based method to optimize the thermal expansion coefficient of the sensing element and get the expected design objectives.

Root Exploit Detection and Features Optimization: Mobile Device and Blockchain Based Medical Data Management.

The increasing demand for Android mobile devices and blockchain has motivated malware creators to develop mobile malware to compromise the blockchain. Although the blockchain is secure, attackers have managed to gain access into the blockchain as legal users, thereby comprising important and crucial information. Examples of mobile malware include root exploit, botnets, and Trojans and root exploit is one of the most dangerous malware. It compromises the operating system kernel in order to gain root privileges which are then used by attackers to bypass the security mechanisms, to gain complete control of the operating system, to install other possible types of malware to the devices, and finally, to steal victims' private keys linked to the blockchain. For the purpose of maximizing the security of the blockchain-based medical data management (BMDM), it is crucial to investigate the novel features and approaches contained in root exploit malware. This study proposes to use the bio-inspired method of practical swarm optimization (PSO) which automatically select the exclusive features that contain the novel android debug bridge (ADB). This study also adopts boosting (adaboost, realadaboost, logitboost, and multiboost) to enhance the machine learning prediction that detects unknown root exploit, and scrutinized three categories of features including (1) system command, (2) directory path and (3) code-based. The evaluation gathered from this study suggests a marked accuracy value of 93% with Logitboost in the simulation. Logitboost also helped to predicted all the root exploit samples in our developed system, the root exploit detection system (RODS).

Complexity and Resource Bound Analysis of Imperative Programs Using Difference Constraints.

Difference constraints have been used for termination analysis in the literature, where they denote relational inequalities of the form x'≤y+c , and describe that the value of x in the current state is at most the value of y in the previous state plus some constant c∈Z . We believe that difference constraints are also a good choice for complexity and resource bound analysis because the complexity of imperative programs typically arises from counter increments and resets, which can be modeled naturally by difference constraints. In this article we propose a bound analysis based on difference constraints. We make the following contributions: (1) our analysis handles bound analysis problems of high practical relevance which current approaches cannot handle: we extend the range of bound analysis to a class of challenging but natural loop iteration patterns which typically appear in parsing and string-matching routines. (2) We advocate the idea of using bound analysis to infer invariants: our soundness proven algorithm obtains invariants through bound analysis, the inferred invariants are in turn used for obtaining bounds. Our bound analysis therefore does not rely on external techniques for invariant generation. (3) We demonstrate that difference constraints are a suitable abstract program model for automatic complexity and resource bound analysis: we provide efficient abstraction techniques for obtaining difference constraint programs from imperative code. (4) We report on a thorough experimental comparison of state-of-the-art bound analysis tools: we set up a tool comparison on (a) a large benchmark of real-world C code, (b) a benchmark built of examples taken from the bound analysis literature and (c) a benchmark of challenging iteration patterns which we found in real source code. (5) Our analysis is more scalable than existing approaches: we discuss how we achieve scalability.

Design Optimization for the Measurement Accuracy Improvement of a Large Range Nanopositioning Stage.

Both an accurate machine design and an adequate metrology loop definition are critical factors when precision positioning represents a key issue for the final system performance. This article discusses the error budget methodology as an advantageous technique to improve the measurement accuracy of a 2D-long range stage during its design phase. The nanopositioning platform NanoPla is here presented. Its specifications, e.g., XY-travel range of 50 mm × 50 mm and sub-micrometric accuracy; and some novel designed solutions, e.g., a three-layer and two-stage architecture are described. Once defined the prototype, an error analysis is performed to propose improvement design features. Then, the metrology loop of the system is mathematically modelled to define the propagation of the different sources. Several simplifications and design hypothesis are justified and validated, including the assumption of rigid body behavior, which is demonstrated after a finite element analysis verification. The different error sources and their estimated contributions are enumerated in order to conclude with the final error values obtained from the error budget. The measurement deviations obtained demonstrate the important influence of the working environmental conditions, the flatness error of the plane mirror reflectors and the accurate manufacture and assembly of the components forming the metrological loop. Thus, a temperature control of ±0.1 °C results in an acceptable maximum positioning error for the developed NanoPla stage, i.e., 41 nm, 36 nm and 48 nm in X-, Y- and Z-axis, respectively.

Three-dimensional positions of the center of resistance of the maxillary canine distal movement under orthodontic force loading.

Using finite-element analysis, we aimed to determine the center of resistance (CRes) of the maxillary canine for setting orthodontic forces. The inclination of the canine was measured by first loading from the mesial to the distal side of the mesial root surface, then the position and direction of the load that minimized the inclination were investigated. The CRes was defined as the set of midpoints of the minimum distances between two inclination lines. Twenty-one CRes values were calculated from a set of seven lines. These CRes data were then aggregated as a 95% confidence ellipsoid of width 0.170×0.016×0.009 mm with center points 4.269, 0.224, and 4.315 mm in the apical, mesial, and lingual directions from the origin, respectively. Further studies are required to effectively apply the CRes identified in this study to clinical applications.