Soma-notes - User contributions [en]

CCS2011: Enemy of the Good

2011-03-13T21:58:30Z

Colin: /* Introduction */

=ToDo=

* Gather data from different IDS observables to show they aren't Gaussian
** system calls (Luc)
** network traffic
** log files
* Machine learning
** standard machine learning methods approximate distributions
** approximation works best if Gaussian but has limits (show mathematically)
** non-Gaussian distributions place much harsher restrictions on error rates, they don't go down proportionally to sample size? (more math)
* [[Survey of results in IDS literature]]

=Title=

The Enemy of the Good: Re-evaluating Research Directions in Intrusion Detection

=Abstract=

=Introduction=

* For IDS to work, we need very accurate detectors
** base rate fallacy
** specifically, very low false alarm rates
* To date, nobody has achieved sufficiently low false alarm rates to be universally applicable
** signature and spec methods can be ad-hoc tuned to be good enough but then have poor coverage of new attacks
** adaptive methods cannot be sufficiently tuned
* We argue that we can't get low enough false alarm rates, that there are fundamental limits on IDS performance due to the underlying distributions of legitimate and attacker behavior.
* Reasons:
** legit behavior is non-Gaussian, largely power-law like, meaning they have fat tails
** attacker behavior cannot be sampled sufficiently to learn distribution
** and besides, attacker behavior keeps changing to follow new attack innovations (more like spread of disease than Gaussian, fundamentally not stationary) and to behave more like legitimate behavior to avoid defenders
** if we could get good samples of both classes, we might be able to separate them; but instead we must do one-class learning and one-class learning cannot deal well with very long tails.
** "adaptive concept drift"

IDS Requirements

* scalability in false alarms
* detect wide range of attacks
** realistically won't catch all attacks, but should go significantly beyond "just what I've seen" (otherwise cannot address attacker innovation)
* low resource usage (network, CPU, storage/IO, user, administrator)
* Stated this way, looks like a ML problem

Machine Learning
* many, many techniques
* basic idea: combine a-priori knowledge built into learning method with observations to create classification model
* IDS is a binary classification problem
* most accurate methods require representative set of each class
* if not both, need at least one representative set
* to do this, data should have certain characteristics

Legitimate behavior

**Classifier technology and the illusion of progress[http://arxiv.org/pdf/math.ST/0606441]

Sections:
* Problem
*

Best case scenario: credit card fraud detection
* Two class learning is possible
* Relatively low rate of data
* Still has persistent false positives _and_ false negatives

===Limits of ML===

Objective: Argue that, while there are still improvements to be made in ML algorithm development and refinement, both the "law of diminishing returns", and the challenging data realities implicit in IDS indicated our efforts should be refocused.

Question: Do researchers still attempt to apply binary classifiers to IDS?
* If this is the case, and, perhaps, regardless, the ML section can be structured as follows:

ML Section
*Overview of binary and one-class classification
**Discrimination based approach versus a recognition based approach
**The type of results produced
***One-class: Helicopter gearbox, breast cancer mammogram, continuous typist recognition, etc. Conceptually these all seem approximately Gaussian, and good results were achieved.
**What are the data requirements need in order to achieve these results
***For binary: assume a representative set of data has been drawn from class ω1 and ω2. The distributions are generally assumed to be stationary, if not, extra consideration has to be given. With these assumptions, we theoretically expect that the degree to which class ω1 and class ω2 overlap will define the minimum error threshold.
*** Based on the fact that neither user behaviour nor attacker behaviour is stationary, and the fact that acquiring a representative set of, even historic, attacker data is extremely challenging (to put it mildly), the notion of building a necessarily accurate model based on the binary classification paradigm is a formidable one.
***For one-class: assume a representative set of data has been drawn from class ω1, and, as a result, the distribution can be generalized to a level of accuracy necessary for the model to achieve an acceptably low error rate in future application. Assuming the classes are generally separable, this can be done for parametric distributions, such as Gaussian, and non-parametric distributions, provided they are devoid of a “fat tail”.
**Law of Diminishing Returns
***discussion based on hand
*Conclusion
**For these reasons, and those articulated in the remained of this paper, we believe that the prudent next step in IDS research is a thorough examination of novel techniques for dealing with current degree of FP. More specifically, this thesis arises from the fact that it is clear that the added benefit of the increasingly sophisticated ML algorithms is diminishing, and that, to some degree, FP are, and will remain, a fact of life in IDS.

=What Goes Wrong=

* Poor results
** datasets do not represent real-world usage or scenarios accurately
** insufficient or misleading tests of false positive rates
** Even when rates are accurate, they are misinterpreted: high FP rates are not considered to be high (wrong time scale, lack of attention to scalability)
** misleading integration of attacks into legitimate behavior
* Administrative overhead
** rules that can only be created by experts, but system requires end users to create custom rules
** experts required to interpret output
** insufficient context for even experts to interpret output
** assumption of existence of security personnel that won't even exist in many important contexts
* Computational overhead
** can system keep up with normal workloads?
** can system keep up with attacker-generated workloads?
* Anomalies versus attacks
** why is one a good proxy for the other?
** why is chosen feature(s) particularly good at detecting attacks?
* Out of the box algorithms applied w/o understanding security problem
* Attacker evasion: how can attacker manipulate system? Can system lead to environment that is easier to attack?

=Discussion=

=Conclusion=

=References=

CCS2011: Enemy of the Good

2011-02-28T14:45:46Z

Colin: /* Introduction */

=Title=

How to Evaluate Intrusion Detection Systems

=Abstract=

=Introduction=

* Evaluating non-adaptive IDSs (signature, specification) is like evaluating a programming language
** quality of individual solutions does not indicate quality of framework
** quality over all solutions might say something, but that is very hard to measure

* Adaptive IDSs has been seen as a machine learning problem, but it really isn't.
* Multiple papers criticizing specific ML approaches to IDS [CITES]
* Problem is general

* Why?
**Classifier technology and the illusion of progress[http://arxiv.org/pdf/math.ST/0606441]

Sections:
* Problem
*

=What Goes Wrong=

* Poor results
** datasets do not represent real-world usage or scenarios accurately
** insufficient or misleading tests of false positive rates
** Even when rates are accurate, they are misinterpreted: high FP rates are not considered to be high (wrong time scale, lack of attention to scalability)
** misleading integration of attacks into legitimate behavior
* Administrative overhead
** rules that can only be created by experts, but system requires end users to create custom rules
** experts required to interpret output
** insufficient context for even experts to interpret output
** assumption of existence of security personnel that won't even exist in many important contexts
* Computational overhead
** can system keep up with normal workloads?
** can system keep up with attacker-generated workloads?
* Anomalies versus attacks
** why is one a good proxy for the other?
** why is chosen feature(s) particularly good at detecting attacks?
* Out of the box algorithms applied w/o understanding security problem
* Attacker evasion: how can attacker manipulate system? Can system lead to environment that is easier to attack?

=Discussion=

=Conclusion=

=References=

CCS2011: Enemy of the Good

2011-02-28T14:45:10Z

Colin: /* Introduction */

=Title=

How to Evaluate Intrusion Detection Systems

=Abstract=

=Introduction=

* Evaluating non-adaptive IDSs (signature, specification) is like evaluating a programming language
** quality of individual solutions does not indicate quality of framework
** quality over all solutions might say something, but that is very hard to measure

* Adaptive IDSs has been seen as a machine learning problem, but it really isn't.
* Multiple papers criticizing specific ML approaches to IDS [CITES]
* Problem is general

* Why?
**[http://arxiv.org/pdf/math.ST/0606441]

Sections:
* Problem
*

=What Goes Wrong=

* Poor results
** datasets do not represent real-world usage or scenarios accurately
** insufficient or misleading tests of false positive rates
** Even when rates are accurate, they are misinterpreted: high FP rates are not considered to be high (wrong time scale, lack of attention to scalability)
** misleading integration of attacks into legitimate behavior
* Administrative overhead
** rules that can only be created by experts, but system requires end users to create custom rules
** experts required to interpret output
** insufficient context for even experts to interpret output
** assumption of existence of security personnel that won't even exist in many important contexts
* Computational overhead
** can system keep up with normal workloads?
** can system keep up with attacker-generated workloads?
* Anomalies versus attacks
** why is one a good proxy for the other?
** why is chosen feature(s) particularly good at detecting attacks?
* Out of the box algorithms applied w/o understanding security problem
* Attacker evasion: how can attacker manipulate system? Can system lead to environment that is easier to attack?

=Discussion=

=Conclusion=

=References=

Intrusion Detection: Winter 2011 (COMP 5900X)

2011-01-28T16:08:25Z

Colin: /* inMobi */

=Readings=

Note that many PDF links are via the Carleton University Library's proxy; to access these you need your Carleton ID number and library PIN. However, if you have trouble accessing them, try doing a search on the authors and titles; the same PDFs are generally also available from other websites.

===January 25, 2011===
* Anderson (1980), [http://csrc.nist.gov/publications/history/#ande80 Computer Security Threat Monitoring and Surveillance]. ([[http://csrc.nist.gov/publications/history/ande80.pdf PDF])
* Denning (1986), [http://dx.doi.org/10.1109/TSE.1987.232894 An Intrusion Detection Model]. ([http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=1702202 PDF])

===January 27, 2011===
* Smaha (1988), [http://dx.doi.org/10.1109/ACSAC.1988.113412 Haystack: An Intrusion Detection System]. ([http://ieeexplore.ieee.org.proxy.library.carleton.ca/xpls/abs_all.jsp?arnumber=113412 PDF])
* Vaccaro & Liepins (1989), [http://dx.doi.org/10.1109/SECPRI.1989.36302 Detection of Anomalous Computer Session Activity]. ([http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=36302 PDF])

=Research=

==Android advertisement services==

===Google Adwords===
AdSense:
- Advertising program that's used by publishers
- Contexual Advertising (to surrouding context)

AdWords:
- an ad brokerage system
- a pay-per-click advertizing program used by Advertisers
- Advertisers create short, text based ads that are very closely relatated to chosen keywords and then allow those ads to be shown on other people's web sites that feature the chosen keyword.

Instead of the traditional model of displaying ads on manually chosen sites, AdWords displays the ads according to the content of the hosting web page (“travel,” “new york giants,” “perfume”), and advertisers pay the host each time a user clicks on an ad. Google makes money from the system both by hosting ads on its own search and other sites and by collecting a commission for all ads hosted on other sites.

AdWords consists of 3 main parts: the ranking part that drives its search and ad lists, the terming part that drives its association of ads with content, and the valuing part that drives its valuation of ads.

AdWords technically refers to only one of several sub-systems (the one that attaches the smartertravel.com ad to the word “smart travel”) that constitute the larger AdWords system, along with Google's search and AdWords ad ranking systems and the AdWords pay-per-click / ad auction payment system.

Publishers get paid by:
- Unique visits
- Click-through-rate
- Avergage cost-per-click

----

A code snippet provided by Google and embedded in the publishers page grabs the Ads off Google's Ad server.
A third party Ad server can be used through AdSense.[http://www.google.com/adsense/support/bin/answer.py?hl=en&answer=94145
]

"How will Google prevent malware from third-party ads?

Google is actively working with trusted advertisers and partners to reduce the risk of malware. We specifically forbid fourth-party calls or sub-syndication to advertisers or vendors we haven't certified.

Also, all third-party ads are checked for malware when they're initially entered into our system. Google also employs an automated malware checker that continuously scans all third-party creatives running through the network. Any ad with malware will be automatically pulled from the network to protect our partner websites and their users."

----
'''Maleware exploits (Google recommended)'''
[http://www.provos.org/index.php?/categories/6-Malware]

'''Google online security blog'''
[http://googleonlinesecurity.blogspot.com/]

'''The Ghost In The Browser, Analysis of web-based Malware.'''[http://www.usenix.org/event/hotbots07/tech/full_papers/provos/provos.pdf]

'''BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation'''.[http://www.usenix.org/events/sec07/tech/full_papers/gu/gu.pdf]

'''Effective and Efficient Malware Detection at the End Host'''.[http://www.usenix.org/events/sec09/tech/full_papers/kolbitsch.pdf]

'''Malware Characterization through Alert Pattern Discovery'''.[http://www.usenix.org/event/leet09/tech/full_papers/cheung/cheung.pdf]

'''A View on Current Malware Behaviors'''.[http://www.usenix.org/event/leet09/tech/full_papers/bayer/bayer.pdf]

'''Automatic Generation of Remediation Procedures for Malware Infections'''.[http://www.usenix.org/events/sec10/tech/full_papers/Paleari.pdf]
----
Very good paper with a wealth of technical infromation on how AdWords works:
'''Google AdWords as a Network of Grey Surveillance'''
[http://scholar.lib.vt.edu/theses/available/etd-02082010-004431/unrestricted/Roberts_HM_T_2010.pdf]

'''Google Display Network'''
[http://www.google.com/adwords/displaynetwork/]

'''AdSense for mobile content'''
[http://www.google.com/adsense/support/bin/topic.py?hl=en&topic=11951]

----

====Admob====
----

"AdMob is a mobile advertising company founded by Omar Hamoui. It was incorporated in 2006 and is based in San Mateo, California. In November 2009 it was acquired by Google for $750 million. The acquisition was completed on May 27, 2010. Apple Inc. had also expressed interest in purchasing the company the same year, but they were out-bid by Google, and have since introduced their own iAd advertising platform.[6] Prior to being acquired by Google, AdMob acquired the company AdWhirl, formerly Adrollo, which is a platform for developing advertisements in iPhone applications. AdMob offers advertising solutions for many mobile platforms, including Android, iOS, webOS, Flash Lite, and all standard mobile web browsers.

AdMob is one of the world's largest mobile advertising platforms and claims to serve more than 40 billion mobile banner and text ads per month across mobile Web sites and handset applications" - [http://en.wikipedia.org/wiki/AdMob]

''' How to publish an ad for mobile application developers '''

----

- Create an account on AdMob.
- Choose your platform from the list of supported platforms, we will select Android. A screen shot from Admob.com of the list of supported platforms:
[[File:platforms.jpg]]
- After going through some settings screens , you will be given a publisher ID (for example: a14234a2430bff2).
- Make sure that Test mode is enabled. This allows testing ads in a test environment.
- You will be asked to download a publisher's code file.
- The Android SDK documentation can be found here: [http://www.admob.com/docs/AdMob_Android_SDK_Instructions.pdf]
- Add the jar file to build path of the Android project
- Make sure that the application has Internet access permission by modifying the manifest file.
- Add Admob activity tags in the application's manifest file.

Supported API Actions when clicking on an in-application Ad:

- url - (Default) Click-to-Browser for promoting websites
- app - Click-to-Market for promoting Android applications
- canvas - Click-to-Canvas which is a notice that appears over current screen
- call - Click-to-Phone Call
- map - Click-to-Google Map
- video - Click-to-YouTube

Notes on the decompiled .jar file (information below might now be very accurate):

- http://r.admob.com/ad_source.php is used to get Ad using an HTTP post
- References to JSON object in AdWebView, but not 100% sure if they're used in the AdView view
- Time Delta enforced between refreshes. You can not get a new Ad before a certain number of seconds.

'''Wikipage for Admob developers'''[http://developer.admob.com/wiki/Android]
----

===WebKit===

"WebKit is an open source web browser engine." [http://webkit.org/] It is a framework that manages content and presents it on the display of a device. This gives the app developer control over how content is displayed on a specific platform, instead of placing the onus on the web designer to create platform specific content.

The Android API for WebKit can be found here: [http://developer.android.com/reference/android/webkit/package-summary.html].

Browsing through the API, you will find the web content display is controlled by the WebView class [http://developer.android.com/reference/android/webkit/WebView.html]. Various settings configurable for WebView instances can be controlled through functions provided by the WebSettings class [http://developer.android.com/reference/android/webkit/WebSettings.html]. For example:

- public void setAllowFileAccess (boolean allow)
- public void setAllowFileAccess (boolean allow)

----

===Recent Exploits===
Just picked this up from slashdot, trojan horse on android! [http://mobile.slashdot.org/story/11/01/20/1534236/Soundminder-Android-Trojan-Hears-Credit-Cards]
----

===inMobi===

InMobi [http://www.inmobi.com/] claims to be the worlds largest independent ad network, providing solutions for advertisers, producers.

They target the major of platforms, including Android and iPhone

Generally speaking, their ads can take a diverse set forms:

Full screen
Expandable
Scrolling
Touch to enlarge
Rotating
Video

Banners
Text characters

Click to landing page
Click to download
Click to play video
Click to call
Click to lead
Click to text

''Ad Publishers''– InMobi supplies PHP-CURL, JSP, .NET, RUBY, PERL and ASP code snippets for acquiring ads. Pasting the basic code into a site creates a space for a single ad. In addition, an advanced code library is available for running multiple ads on a page, and/or for specifying parameters such as demographics, language and location.

''Ad Publishers'' – InMobi provides filtering mechanisms to facilitate the filtering of ad types and/or sources.

''Application developers'' – InMobi supplies SDKs for Android and iPhone applications developers.

Further investigation is require in order to understand the specifics of ad development and their integration into web pages and mobile applications. Only superficial details are provided on the InMobi page.

==iOS advertisement services==

===iAds===

This is what I could find so far, please feel free to correct any mistakes - Ben


iAd [http://advertising.apple.com/] is an Apple created web advertisement framework integrated to iOS starting with iOS 4. To embed iAds into an iPhone/iPad app, the programmer can use the Xcode IDE [http://developer.apple.com/technologies/tools/xcode.html] to add "Ad Banners" into their apps. Some tutorials of adding banners can be found in the following links:


<li>http://bees4honey.com/blog/tutorial/how-to-add-iad-banner-in-iphoneipad-app/
<li>http://www.raywenderlich.com/1371/how-to-integrate-iad-into-your-iphone-app


iAds are created using web technologies, such as HTML5, CSS, JavaScript, using a tool called iAdProducer [http://developer.apple.com/iad/iadproducer/]. To have advertisements served, the ad creator must join the iAd Network [http://advertising.apple.com/], and submit their ad(s) for review. [http://forums.macrumors.com/showthread.php?t=960117] The distribution and selection of ads is done by the Apple iAd network, and does not currently support "house ads" (ads where ad author = app developer), but will allow the app developer to "exclude ads from competitors or other unwanted advertisers based on specific keywords, URLs, and application Apple IDs" [http://developer.apple.com/support/ios/iad-network.html#howdoi]


===Google Adwords===

Google AdWords on the iPhone/iPod/iPad is the same service as found on PCs save for minor customizations. These customziations include targetting ads for the platform [http://www.iphonefootprint.com/2008/12/google-adwords-on-iphone/] in addition to key words, and ensuring results fit on the display [http://www.seroundtable.com/archives/016745.html] of the mobile device.

The rearranging of the ad can be attributed to at least the user-agent (UA) in a web request. This can be tested with changing the user-agent in the browser of a PC and performing searches on Google. Instructions on changing the UA for Mozilla Firefox can be found at: http://johnbokma.com/mexit/2004/04/24/changinguseragent.html and iPhone UAs can be found at: http://www.mattcutts.com/blog/iphone-user-agent/

See the AdWords description in the Android section above for a more detailed description.

===inMobi===

===General Interest===

Hey guys, this short article from the BBC is of a general interest nature. However, it does demonstrate the importance of early detection of strange behaviour on smartphones.

http://www.bbc.co.uk/news/technology-12238367

Intrusion Detection: Winter 2011 (COMP 5900X)

2011-01-20T15:11:41Z

Colin: /* inMobi */

==Android advertisement services==

===Google Adwords===
AdSense:
- Advertising program that's used by publishers
- Contexual Advertising (to surrouding context)

AdWords:
- an ad brokerage system
- a pay-per-click advertizing program used by Advertisers
- Advertisers create short, text based ads that are very closely relatated to chosen keywords and then allow those ads to be shown on other people's web sites that feature the chosen keyword.

Instead of the traditional model of displaying ads on manually chosen sites, AdWords displays the ads according to the content of the hosting web page (“travel,” “new york giants,” “perfume”), and advertisers pay the host each time a user clicks on an ad. Google makes money from the system both by hosting ads on its own search and other sites and by collecting a commission for all ads hosted on other sites.

AdWords consists of 3 main parts: the ranking part that drives its search and ad lists, the terming part that drives its association of ads with content, and the valuing part that drives its valuation of ads.

AdWords technically refers to only one of several sub-systems (the one that attaches the smartertravel.com ad to the word “smart travel”) that constitute the larger AdWords system, along with Google's search and AdWords ad ranking systems and the AdWords pay-per-click / ad auction payment system.

Publishers get paid by:
- Unique visits
- Click-through-rate
- Avergage cost-per-click

----

A code snippet provided by Google and embedded in the publishers page grabs the Ads off Google's Ad server.
A third party Ad server can be used through AdSense.[http://www.google.com/adsense/support/bin/answer.py?hl=en&answer=94145
]

"How will Google prevent malware from third-party ads?

Google is actively working with trusted advertisers and partners to reduce the risk of malware. We specifically forbid fourth-party calls or sub-syndication to advertisers or vendors we haven't certified.

Also, all third-party ads are checked for malware when they're initially entered into our system. Google also employs an automated malware checker that continuously scans all third-party creatives running through the network. Any ad with malware will be automatically pulled from the network to protect our partner websites and their users."

----
'''Maleware exploits (Google recommended)'''
[http://www.provos.org/index.php?/categories/6-Malware]

'''Google online security blog'''
[http://googleonlinesecurity.blogspot.com/]

'''The Ghost In The Browser, Analysis of web-based Malware.'''[http://www.usenix.org/event/hotbots07/tech/full_papers/provos/provos.pdf]

'''BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation'''.[http://www.usenix.org/events/sec07/tech/full_papers/gu/gu.pdf]

'''Effective and Efficient Malware Detection at the End Host'''.[http://www.usenix.org/events/sec09/tech/full_papers/kolbitsch.pdf]

'''Malware Characterization through Alert Pattern Discovery'''.[http://www.usenix.org/event/leet09/tech/full_papers/cheung/cheung.pdf]

'''A View on Current Malware Behaviors'''.[http://www.usenix.org/event/leet09/tech/full_papers/bayer/bayer.pdf]

'''Automatic Generation of Remediation Procedures for Malware Infections'''.[http://www.usenix.org/events/sec10/tech/full_papers/Paleari.pdf]
----
Very good paper with a wealth of technical infromation on how AdWords works:
'''Google AdWords as a Network of Grey Surveillance'''
[http://scholar.lib.vt.edu/theses/available/etd-02082010-004431/unrestricted/Roberts_HM_T_2010.pdf]

'''Google Display Network'''
[http://www.google.com/adwords/displaynetwork/]

'''AdSense for mobile content'''
[http://www.google.com/adsense/support/bin/topic.py?hl=en&topic=11951]

----

====Admob====
----

"AdMob is a mobile advertising company founded by Omar Hamoui. It was incorporated in 2006 and is based in San Mateo, California. In November 2009 it was acquired by Google for $750 million. The acquisition was completed on May 27, 2010. Apple Inc. had also expressed interest in purchasing the company the same year, but they were out-bid by Google, and have since introduced their own iAd advertising platform.[6] Prior to being acquired by Google, AdMob acquired the company AdWhirl, formerly Adrollo, which is a platform for developing advertisements in iPhone applications. AdMob offers advertising solutions for many mobile platforms, including Android, iOS, webOS, Flash Lite, and all standard mobile web browsers.

AdMob is one of the world's largest mobile advertising platforms and claims to serve more than 40 billion mobile banner and text ads per month across mobile Web sites and handset applications" - [http://en.wikipedia.org/wiki/AdMob]

''' How to publish an ad for mobile application developers '''

----

- Create an account on AdMob.
- Choose your platform from the list of supported platforms, we will select Android. A screen shot from Admob.com of the list of supported platforms:
[[File:platforms.jpg]]
- After going through some settings screens , you will be given a publisher ID (for example: a14234a2430bff2).
- Make sure that Test mode is enabled. This allows testing ads in a test environment.
- You will be asked to download a publisher's code file.
- The Android SDK documentation can be found here: [http://www.admob.com/docs/AdMob_Android_SDK_Instructions.pdf]
- Add the jar file to build path of the Android project
- Make sure that the application has Internet access permission by modifying the manifest file.
- Add Admob activity tags in the application's manifest file.

Supported API Actions when clicking on an in-application Ad:

- url - (Default) Click-to-Browser for promoting websites
- app - Click-to-Market for promoting Android applications
- canvas - Click-to-Canvas which is a notice that appears over current screen
- call - Click-to-Phone Call
- map - Click-to-Google Map
- video - Click-to-YouTube

Notes on the decompiled .jar file (information below might now be very accurate):

- http://r.admob.com/ad_source.php is used to get Ad using an HTTP post
- References to JSON object in AdWebView, but not 100% sure if they're used in the AdView view
- Time Delta enforced between refreshes. You can not get a new Ad before a certain number of seconds.

'''Wikipage for Admob developers'''[http://developer.admob.com/wiki/Android]
----

===WebKit===

"WebKit is an open source web browser engine." [http://webkit.org/] It is a framework that manages content and presents it on the display of a device. This gives the app developer control over how content is displayed on a specific platform, instead of placing the onus on the web designer to create platform specific content.

The Android API for WebKit can be found here: [http://developer.android.com/reference/android/webkit/package-summary.html].

Browsing through the API, you will find the web content display is controlled by the WebView class [http://developer.android.com/reference/android/webkit/WebView.html]. Various settings configurable for WebView instances can be controlled through functions provided by the WebSettings class [http://developer.android.com/reference/android/webkit/WebSettings.html]. For example:

- public void setAllowFileAccess (boolean allow)
- public void setAllowFileAccess (boolean allow)

----

===inMobi===

InMobi [http://www.inmobi.com/] claims to be the worlds largest independent ad network, providing solutions for advertisers, producers.

They target the major platforms, including Android and iPhone

Generally speaking, their ads can take a diverse set forms:

Full screen
Expandable
Scrolling
Touch to enlarge
Rotating
Video

Banners
Text characters

Click to landing page
Click to download
Click to play video
Click to call
Click to lead
Click to text

''Ad Publishers''– InMobi supplies PHP-CURL, JSP, .NET, RUBY, PERL and ASP code snippets for acquiring ads. Pasting the basic code into a site creates a space for a single ad. In addition, an advanced code library is available for running multiple ads on a page, and/or for specifying parameters such as demographics, language and location.

''Ad Publishers'' – InMobi provides filtering mechanisms to facilitate the filtering of ad types and/or sources.

''Application developers'' – InMobi supplies SDKs for Android and iPhone applications developers.

Further investigation is require in order to understand the specifics of ad development and their integration into web pages and mobile applications. Only superficial details are provided on the InMobi page.

==iOS advertisement services==

===iAds===

This is what I could find so far, please feel free to correct any mistakes - Ben


iAd [http://advertising.apple.com/] is an Apple created web advertisement framework integrated to iOS starting with iOS 4. To embed iAds into an iPhone/iPad app, the programmer can use the Xcode IDE [http://developer.apple.com/technologies/tools/xcode.html] to add "Ad Banners" into their apps. Some tutorials of adding banners can be found in the following links:


<li>http://bees4honey.com/blog/tutorial/how-to-add-iad-banner-in-iphoneipad-app/
<li>http://www.raywenderlich.com/1371/how-to-integrate-iad-into-your-iphone-app


iAds are created using web technologies, such as HTML5, CSS, JavaScript, using a tool called iAdProducer [http://developer.apple.com/iad/iadproducer/]. To have advertisements served, the ad creator must join the iAd Network [http://advertising.apple.com/], and submit their ad(s) for review. [http://forums.macrumors.com/showthread.php?t=960117] The distribution and selection of ads is done by the Apple iAd network, and does not currently support "house ads" (ads where ad author = app developer), but will allow the app developer to "exclude ads from competitors or other unwanted advertisers based on specific keywords, URLs, and application Apple IDs" [http://developer.apple.com/support/ios/iad-network.html#howdoi]


===Google Adwords===

Google AdWords on the iPhone/iPod/iPad is the same service as found on PCs save for minor customizations. These customziations include targetting ads for the platform [http://www.iphonefootprint.com/2008/12/google-adwords-on-iphone/] in addition to key words, and ensuring results fit on the display [http://www.seroundtable.com/archives/016745.html] of the mobile device.

The rearranging of the ad can be attributed to at least the user-agent (UA) in a web request. This can be tested with changing the user-agent in the browser of a PC and performing searches on Google. Instructions on changing the UA for Mozilla Firefox can be found at: http://johnbokma.com/mexit/2004/04/24/changinguseragent.html and iPhone UAs can be found at: http://www.mattcutts.com/blog/iphone-user-agent/

See the AdWords description in the Android section above for a more detailed description.

===inMobi===

===General Interest===

Hey guys, this short article from the BBC is of a general interest nature. However, it does demonstrate the importance of early detection of strange behaviour on smartphones.

http://www.bbc.co.uk/news/technology-12238367

Intrusion Detection: Winter 2011 (COMP 5900X)

2011-01-17T02:59:16Z

Colin: /* inMobi */

Talk:Google OS

2008-10-27T14:44:52Z

Colin:

Group 3: Bigtable

Questions from: Group 1, GFS

1. How is Bigtable like/unlike a relational database?

ans. Bigtable is unlike a relational database because:
- It stores data in SSTables, which are not in proper relational form.
- A tablet can store multiple versions of the same data based on timestamps.
- The language used to query Bigtable does not support a full relational database functionality.
Bigtable is like a relational database because:
- Server side scripts can be used to filter results similar to some sql queries.

2. What is the role of SSTable in Bigtable?

ans. It is a model for formating data.

3. For the webTable, why are domain names stored in reverse order?

ans. The domain names are stored in reverse order to increase efficiency of a query.

4. How did Bigtable use Chubby?

ans. The master server uses Chubby to track tablet servers.

Questions from Group2, Chubby

1. Why did they not implement the full relational model?

ans. They did not need a full relational model. They only implemented what they thought they needed at the time.

2. When could major compaction occur?

ans. Major compaction could occur when two tables are the same, but stored differently, or when there are lots of gaps due to row deletions.

3. How does Bigtable handle fine-grained locking?

ans.

4. What are the similarities in the architecture between GFS and Bigtable?

ans. They are similar in master selection and the use of Chubby.

Talk:Distributed Shared Memory

2008-09-24T12:00:33Z

Colin: /* Current DSM systems? */

Here is the page where we will be discussing the DSM readings.

== IVY ==
[[User:Soma|Anil]]: What were the key characteristics of IVY? What exactly did Kai Li build?

[[user:Alireza|Alireza]] : IVY was a software based DSM system that's been developed to allow users share their local memories in a distributed manner. IVY was designed to be used in loosely coupled environments. It had five main modules including memory allocation, process management, initialization, remote operation and memory mapping. The main advantage of IVY was gaining performance in parallel applications comparing.

[[user:Alireza|Alireza]] :(Question) Name some of the applications that you would think benefit from using IVY environment? Distributed Database system is the one that is mentioned in the dissertation. Thinks of something different.

[[user:Azalia|Azalia]]:(Answer) Some of the current sample applications can be (CRM) Customer Relationship Management or (ERP) Enterprise Resource Planning applications that serve multiple users across an organization.Another example, imagine a billing system that has to calculate the telephone bills of thousands of customers can benefit from this environment by calculating the bill of multiple customers at the same time on different machines distributed across the network. Even though, each customer bill calculation can be done separately, using a shared memory space for reading input values like cost per minute, or cost per text message can be very useful. In addition, since each customer bill is a separate object the write operation is done in different pages of the shared memory and even using multiple writer algorithm, in this case, does not introduce any concurrency issue.

== Current DSM systems? ==

[[User:soma|Anil]]: What is a current production system that uses distributed shared memory? What about the underlying problem makes DSM a good technological fit?

[[user:Azalia|Azalia]]:(Answer) What is a current production system that uses distributed shared memory?
Any application with complex independent steps that can be parallelized would be suitable for DSM environment. Some of the current sample applications can be (CRM) Customer Relationship Management or (ERP) Enterprise Resource Planning applications that serve multiple users across an organization.
What about the underlying problem makes DSM a good technological fit?
Apart from DSM there are alternative methods for using in distributed environment (e.g. RPC and message passing), they have some inadequacies that DSM has been introduced to address them. For instance, message passing and RPC, have difficulties in sending complex data structures and pointers over the network due to different memory address spaces. The distributed shared memory can be a solution of this problem since all the processors share the same memory address space. In addition, if we consider current RPC technologies like Web Services, we'll realize that for each task we have to pack and send a lot of XML data around. With DSM we can share a memory space and prevent overloading network by sending XML messages.

[[user:Colin|Colin]]:(Answer) Any systems with a great deal of variability in load on its processors could benefit from DSM. This is because the unified address space makes process migration, and thus load balancing, simpler.
(Question) How much more efficient is the movement of data across the networks on a system that implements DSM? Does it not send a comparable amount of data on a page fault as message passing or RPC would to invoke a remote call?

== Difference between DSM and NUMA? ==

[[User:Soma|Anil]] What are the differences between DSM and NUMA? Under what circumstances are each appropriate?

[[User:Alirez|Alireza]]: NUMA follows SMP paradigm where there is common memory bus for accessing shared memories. In addition, one of the most important aspects of the NUMA is that it provides different access time for the processers based on their locations. For instance local processors can have faster access to local memories. In addition, NUMA access to memory is hardware based.

[[User: Joshua Tessier|Joshua Tessier]]: Correct me if I'm wrong but NUMA is basically a type of DSM. In a NUMA system, each processor has access to a common memory, however this common memory is distributed across each of the processors. For example, if there are 8 processors, the total memory is divided into 8 sections. As stated above, the processors have different access times to memory stores. Meanwhile, DSM is just dynamic shared memory; not a specific type like NUMA.

== DSM Implementations? ==
[[User:Azalia|Azalia]]:(Question) What are the different types of DSM Implementations?

[[User:Ywahyudi|Yohan]]:(Answer) There are 3 different types of DSM implementation. The first one is Software-level implementation which can be achieved in user-level, run-time library routine, the OS, or the programming language, for example IVY, Mermaid, Munin, etc. The second one is Hardware-level implementation which ensures that automatic replication of shared data in local memories and processors caches, transparently for software-layer, for example Memnet, Dash, SCI KSR1, etc. Since software is used in hardware support to optimize memory reference, and hardware is used in software solution such as virtual memory management, then the third one is Hybrid Level Implementation which is a combination of both implementation. Several examples of such implementation are Plus, Galactica Net, Alewife, etc.

[[User:Joshua Tessier|Joshua Tessier]]:(Question) Does the hybrid solution hold much relevance today? From what I got in the paper, it came to light due to some limitations of the hardware/OS layers at the time. Today, we have a ton of different tools at our disposal and these limitations are no longer present. How would such a solution be divided today?