* update 2024-12-20 06:20:18

arXiv_db/Malware/2024.md

@@ -3950,3 +3950,27 @@
 
 </details>
 
+<details>
+
+<summary>2024-12-18 02:19:52 - Quantitative Measurement of Cyber Resilience: Modeling and Experimentation</summary>
+
+- *Michael J. Weisman, Alexander Kott, Jason E. Ellis, Brian J. Murphy, Travis W. Parker, Sidney Smith, Joachim Vandekerckhove*
+
+- `2303.16307v2` - [abs](http://arxiv.org/abs/2303.16307v2) - [pdf](http://arxiv.org/pdf/2303.16307v2)
+
+> Cyber resilience is the ability of a system to resist and recover from a cyber attack, thereby restoring the system's functionality. Effective design and development of a cyber resilient system requires experimental methods and tools for quantitative measuring of cyber resilience. This paper describes an experimental method and test bed for obtaining resilience-relevant data as a system (in our case -- a truck) traverses its route, in repeatable, systematic experiments. We model a truck equipped with an autonomous cyber-defense system and which also includes inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performance degradation caused by the malware's attack. We propose parsimonious mathematical models to aid in quantifying systems' resilience to cyber attacks. Using the models, we identify quantitative characteristics obtainable from experimental data, and show that these characteristics can serve as useful quantitative measures of cyber resilience.
+
+</details>
+
+<details>
+
+<summary>2024-12-18 03:03:58 - 4.5 Million (Suspected) Fake Stars in GitHub: A Growing Spiral of Popularity Contests, Scams, and Malware</summary>
+
+- *Hao He, Haoqin Yang, Philipp Burckhardt, Alexandros Kapravelos, Bogdan Vasilescu, Christian Kästner*
+
+- `2412.13459v1` - [abs](http://arxiv.org/abs/2412.13459v1) - [pdf](http://arxiv.org/pdf/2412.13459v1)
+
+> GitHub, the de-facto platform for open-source software development, provides a set of social-media-like features to signal high-quality repositories. Among them, the star count is the most widely used popularity signal, but it is also at risk of being artificially inflated (i.e., faked), decreasing its value as a decision-making signal and posing a security risk to all GitHub users. In this paper, we present a systematic, global, and longitudinal measurement study of fake stars in GitHub. To this end, we build StarScout, a scalable tool able to detect anomalous starring behaviors (i.e., low activity and lockstep) across the entire GitHub metadata. Analyzing the data collected using StarScout, we find that: (1) fake-star-related activities have rapidly surged since 2024; (2) the user profile characteristics of fake stargazers are not distinct from average GitHub users, but many of them have highly abnormal activity patterns; (3) the majority of fake stars are used to promote short-lived malware repositories masquerading as pirating software, game cheats, or cryptocurrency bots; (4) some repositories may have acquired fake stars for growth hacking, but fake stars only have a promotion effect in the short term (i.e., less than two months) and become a burden in the long term. Our study has implications for platform moderators, open-source practitioners, and supply chain security researchers.
+
+</details>
+