Visible to the public Biblio

Found 2376 results

Filters: First Letter Of Last Name is K  [Clear All Filters]
Conference Paper
Kolomeets, Maxim, Chechulin, Andrey, Zhernova, Ksenia, Kotenko, Igor, Gaifulina, Diana.  2020.  Augmented reality for visualizing security data for cybernetic and cyberphysical systems. 2020 28th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). :421—428.
The paper discusses the use of virtual (VR) and augmented (AR) reality for visual analytics in information security. Paper answers two questions: “In which areas of information security visualization VR/AR can be useful?” and “What is the difference of the VR/AR from similar methods of visualization at the level of perception of information?”. The first answer is based on the investigation of information security areas and visualization models that can be used in VR/AR security visualization. The second answer is based on experiments that evaluate perception of visual components in VR.
Khorev, P.B..  2018.  Authenticate Users with Their Work on the Internet. 2018 IV International Conference on Information Technologies in Engineering Education (Inforino). :1–4.
Examines the shortcomings of existing methods of user authentication when accessing remote information systems. Proposed method of multi-factor authentication based on validation of knowledge of a secret password and verify that the habits and preferences of Internet user's interests, defined by registration in the system. Identifies the language and tools implementation of the proposed authentication algorithm.
Kansuwan, Thivanon, Chomsiri, Thawatchai.  2019.  Authentication Model using the Bundled CAPTCHA OTP Instead of Traditional Password. 2019 Joint International Conference on Digital Arts, Media and Technology with ECTI Northern Section Conference on Electrical, Electronics, Computer and Telecommunications Engineering (ECTI DAMT-NCON). :5—8.
In this research, we present identity verification using the “Bundled CAPTCHA OTP” instead of using the traditional password. This includes a combination of CAPTCHA and One Time Password (OTP) to reduce processing steps. Moreover, a user does not have to remember any password. The Bundled CAPTCHA OTP which is the unique random parameter for any login will be used instead of a traditional password. We use an e-mail as the way to receive client-side the Bundled CAPTCHA OTP because it is easier to apply without any problems compare to using mobile phones. Since mobile phones may be crashing, lost, change frequently, and easier violent access than e-mail. In this paper, we present a processing model of the proposed system and discuss advantages and disadvantages of the model.
Beemer, A., Graves, E., Kliewer, J., Kosut, O., Yu, P..  2020.  Authentication with Mildly Myopic Adversaries. 2020 IEEE International Symposium on Information Theory (ISIT). :984—989.

In unsecured communications settings, ascertaining the trustworthiness of received information, called authentication, is paramount. We consider keyless authentication over an arbitrarily-varying channel, where channel states are chosen by a malicious adversary with access to noisy versions of transmitted sequences. We have shown previously that a channel condition termed U-overwritability is a sufficient condition for zero authentication capacity over such a channel, and also that with a deterministic encoder, a sufficiently clear-eyed adversary is essentially omniscient. In this paper, we show that even if the authentication capacity with a deterministic encoder and an essentially omniscient adversary is zero, allowing a stochastic encoder can result in a positive authentication capacity. Furthermore, the authentication capacity with a stochastic encoder can be equal to the no-adversary capacity of the underlying channel in this case. We illustrate this for a binary channel model, which provides insight into the more general case.

Manishankar, S., Arjun, C. S., Kumar, P. R. A..  2017.  An authorized security middleware for managing on demand infrastructure in cloud. 2017 International Conference on Intelligent Computing and Control (I2C2). :1–5.
Recent increases in the field of infrastructure has led to the emerging of cloud computing a virtualized computing platform. This technology provides a lot of pros like rapid elasticity, ubiquitous network access and on-demand access etc. Compare to other technologies cloud computing provides many essential services. As the elasticity and scalability increases the chance for vulnerability of the system is also high. There are many known and unknown security risks and challenges present in this environment. In this research an environment is proposed which can handle security issues and deploys various security levels. The system handles the security of various infrastructure like VM and also handles the Dynamic infrastructure request control. One of the key feature of proposed approach is Dual authorization in which all account related data will be authorized by two privileged administrators of the cloud. The auto scalability feature of the cloud is be made secure for on-demand service request handling by providing an on-demand scheduler who will process the on-demand request and assign the required infrastructure. Combining these two approaches provides a secure environment for cloud users as well as handle On-demand Infrastructure request.
Gaston, J., Narayanan, M., Dozier, G., Cothran, D. L., Arms-Chavez, C., Rossi, M., King, M. C., Xu, J..  2018.  Authorship Attribution vs. Adversarial Authorship from a LIWC and Sentiment Analysis Perspective. 2018 IEEE Symposium Series on Computational Intelligence (SSCI). :920-927.

Although Stylometry has been effectively used for Authorship Attribution, there is a growing number of methods being developed that allow authors to mask their identity [2, 13]. In this paper, we investigate the usage of non-traditional feature sets for Authorship Attribution. By using non-traditional feature sets, one may be able to reveal the identity of adversarial authors who are attempting to evade detection from Authorship Attribution systems that are based on more traditional feature sets. In addition, we demonstrate how GEFeS (Genetic & Evolutionary Feature Selection) can be used to evolve high-performance hybrid feature sets composed of two non-traditional feature sets for Authorship Attribution: LIWC (Linguistic Inquiry & Word Count) and Sentiment Analysis. These hybrids were able to reduce the Adversarial Effectiveness on a test set presented in [2] by approximately 33.4%.

Babiker, M., Khalifa, O. O., Htike, K. K., Hassan, A., Zaharadeen, M..  2017.  Automated daily human activity recognition for video surveillance using neural network. 2017 IEEE 4th International Conference on Smart Instrumentation, Measurement and Application (ICSIMA). :1–5.

Surveillance video systems are gaining increasing attention in the field of computer vision due to its demands of users for the seek of security. It is promising to observe the human movement and predict such kind of sense of movements. The need arises to develop a surveillance system that capable to overcome the shortcoming of depending on the human resource to stay monitoring, observing the normal and suspect event all the time without any absent mind and to facilitate the control of huge surveillance system network. In this paper, an intelligent human activity system recognition is developed. Series of digital image processing techniques were used in each stage of the proposed system, such as background subtraction, binarization, and morphological operation. A robust neural network was built based on the human activities features database, which was extracted from the frame sequences. Multi-layer feed forward perceptron network used to classify the activities model in the dataset. The classification results show a high performance in all of the stages of training, testing and validation. Finally, these results lead to achieving a promising performance in the activity recognition rate.

Gulzar, Muhammad Ali, Interlandi, Matteo, Han, Xueyuan, Li, Mingda, Condie, Tyson, Kim, Miryung.  2017.  Automated Debugging in Data-Intensive Scalable Computing. Proceedings of the 2017 Symposium on Cloud Computing. :520–534.

Developing Big Data Analytics workloads often involves trial and error debugging, due to the unclean nature of datasets or wrong assumptions made about data. When errors (e.g., program crash, outlier results, etc.) arise, developers are often interested in identifying a subset of the input data that is able to reproduce the problem. BigSift is a new faulty data localization approach that combines insights from automated fault isolation in software engineering and data provenance in database systems to find a minimum set of failure-inducing inputs. BigSift redefines data provenance for the purpose of debugging using a test oracle function and implements several unique optimizations, specifically geared towards the iterative nature of automated debugging workloads. BigSift improves the accuracy of fault localizability by several orders-of-magnitude ($\sim$103 to 107×) compared to Titian data provenance, and improves performance by up to 66× compared to Delta Debugging, an automated fault-isolation technique. For each faulty output, BigSift is able to localize fault-inducing data within 62% of the original job running time.

Pope, Aaron Scott, Morning, Robert, Tauritz, Daniel R., Kent, Alexander D..  2018.  Automated Design of Network Security Metrics. Proceedings of the Genetic and Evolutionary Computation Conference Companion. :1680–1687.

Many abstract security measurements are based on characteristics of a graph that represents the network. These are typically simple and quick to compute but are often of little practical use in making real-world predictions. Practical network security is often measured using simulation or real-world exercises. These approaches better represent realistic outcomes but can be costly and time-consuming. This work aims to combine the strengths of these two approaches, developing efficient heuristics that accurately predict attack success. Hyper-heuristic machine learning techniques, trained on network attack simulation training data, are used to produce novel graph-based security metrics. These low-cost metrics serve as an approximation for simulation when measuring network security in real time. The approach is tested and verified using a simulation based on activity from an actual large enterprise network. The results demonstrate the potential of using hyper-heuristic techniques to rapidly evolve and react to emerging cybersecurity threats.

Taylor, Joshua, Zaffarano, Kara, Koller, Ben, Bancroft, Charlie, Syversen, Jason.  2016.  Automated Effectiveness Evaluation of Moving Target Defenses: Metrics for Missions and Attacks. Proceedings of the 2016 ACM Workshop on Moving Target Defense. :129–134.

In this paper, we describe the results of several experiments designed to test two dynamic network moving target defenses against a propagating data exfiltration attack. We designed a collection of metrics to assess the costs to mission activities and the benefits in the face of attacks and evaluated the impacts of the moving target defenses in both areas. Experiments leveraged Siege's Cyber-Quantification Framework to automatically provision the networks used in the experiment, install the two moving target defenses, collect data, and analyze the results. We identify areas in which the costs and benefits of the two moving target defenses differ, and note some of their unique performance characteristics.

Kurian, N.A., Thomas, A., George, B..  2014.  Automated fault diagnosis in Multiple Inductive Loop Detectors. India Conference (INDICON), 2014 Annual IEEE. :1-5.

Multiple Inductive Loop Detectors are advanced Inductive Loop Sensors that can measure traffic flow parameters in even conditions where the traffic is heterogeneous and does not conform to lanes. This sensor consists of many inductive loops in series, with each loop having a parallel capacitor across it. These inductive and capacitive elements of the sensor may undergo open or short circuit faults during operation. Such faults lead to erroneous interpretation of data acquired from the loops. Conventional methods used for fault diagnosis in inductive loop detectors consume time and effort as they require experienced technicians and involve extraction of loops from the saw-cut slots on the road. This also means that the traffic flow parameters cannot be measured until the sensor system becomes functional again. The repair activities would also disturb traffic flow. This paper presents a method for automating fault diagnosis for series-connected Multiple Inductive Loop Detectors, based on an impulse test. The system helps in the diagnosis of open/short faults associated with the inductive and capacitive elements of the sensor structure by displaying the fault status conveniently. Since the fault location as well as the fault type can be precisely identified using this method, the repair actions are also localised. The proposed system thereby results in significant savings in both repair time and repair costs. An embedded system was developed to realize this scheme and the same was tested on a loop prototype.
 

Ngow, Y T, Goh, S H, Leo, J, Low, H W, Kamoji, Rupa.  2020.  Automated nets extraction for digital logic physical failure analysis on IP-secure products. 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA). :1—6.
GDSII layouts of IP-confidential products are heavily controlled and access is only granted to certain privileged personnel. Failure analysts are generally excluded. Without guidance from GDSII, failure analysis, specifically physical inspection based on fault isolation findings cannot proceed. To overcome this challenge, we develop an automated approach that enables image snapshots relevant to failure analysts to be furnished without compromising the confidentiality of the GDSII content in this paper. Modules built are executed to trace the suspected nets and extract them into multiple images of different pre-defined frame specifications to facilitate failure analysis.
Enoch, Simon Yusuf, Hong, Jin B., Ge, Mengmeng, Alzaid, Hani, Kim, Dong Seong.  2018.  Automated Security Investment Analysis of Dynamic Networks. Proceedings of the Australasian Computer Science Week Multiconference. :6:1-6:10.
It is important to assess the cost benefits of IT security investments. Typically, this is done by manual risk assessment process. In this paper, we propose an approach to automate this using graphical security models (GSMs). GSMs have been used to assess the security of networked systems using various security metrics. Most of the existing GSMs assumed that networks are static, however, modern networks (e.g., Cloud and Software Defined Networking) are dynamic with changes. Thus, it is important to develop an approach that takes into account the dynamic aspects of networks. To this end, we automate security investments analysis of dynamic networks using a GSM named Temporal-Hierarchical Attack Representation Model (T-HARM) in order to automatically evaluate the security investments and their effectiveness for a given period of time. We demonstrate our approach via simulations.
Ayoade, G., Chandra, S., Khan, L., Hamlen, K., Thuraisingham, B..  2018.  Automated Threat Report Classification over Multi-Source Data. 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC). :236–245.

With an increase in targeted attacks such as advanced persistent threats (APTs), enterprise system defenders require comprehensive frameworks that allow them to collaborate and evaluate their defense systems against such attacks. MITRE has developed a framework which includes a database of different kill-chains, tactics, techniques, and procedures that attackers employ to perform these attacks. In this work, we leverage natural language processing techniques to extract attacker actions from threat report documents generated by different organizations and automatically classify them into standardized tactics and techniques, while providing relevant mitigation advisories for each attack. A naïve method to achieve this is by training a machine learning model to predict labels that associate the reports with relevant categories. In practice, however, sufficient labeled data for model training is not always readily available, so that training and test data come from different sources, resulting in bias. A naïve model would typically underperform in such a situation. We address this major challenge by incorporating an importance weighting scheme called bias correction that efficiently utilizes available labeled data, given threat reports, whose categories are to be automatically predicted. We empirically evaluated our approach on 18,257 real-world threat reports generated between year 2000 and 2018 from various computer security organizations to demonstrate its superiority by comparing its performance with an existing approach.

Kobeissi, N., Bhargavan, K., Blanchet, B..  2017.  Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach. 2017 IEEE European Symposium on Security and Privacy (EuroS P). :435–450.

Many popular web applications incorporate end-toend secure messaging protocols, which seek to ensure that messages sent between users are kept confidential and authenticated, even if the web application's servers are broken into or otherwise compelled into releasing all their data. Protocols that promise such strong security guarantees should be held up to rigorous analysis, since protocol flaws and implementations bugs can easily lead to real-world attacks. We propose a novel methodology that allows protocol designers, implementers, and security analysts to collaboratively verify a protocol using automated tools. The protocol is implemented in ProScript, a new domain-specific language that is designed for writing cryptographic protocol code that can both be executed within JavaScript programs and automatically translated to a readable model in the applied pi calculus. This model can then be analyzed symbolically using ProVerif to find attacks in a variety of threat models. The model can also be used as the basis of a computational proof using CryptoVerif, which reduces the security of the protocol to standard cryptographic assumptions. If ProVerif finds an attack, or if the CryptoVerif proof reveals a weakness, the protocol designer modifies the ProScript protocol code and regenerates the model to enable a new analysis. We demonstrate our methodology by implementing and analyzing a variant of the popular Signal Protocol with only minor differences. We use ProVerif and CryptoVerif to find new and previously-known weaknesses in the protocol and suggest practical countermeasures. Our ProScript protocol code is incorporated within the current release of Cryptocat, a desktop secure messenger application written in JavaScript. Our results indicate that, with disciplined programming and some verification expertise, the systematic analysis of complex cryptographic web applications is now becoming practical.

Künnemann, Robert, Esiyok, Ilkan, Backes, Michael.  2019.  Automated Verification of Accountability in Security Protocols. 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). :397—39716.

Accountability is a recent paradigm in security protocol design which aims to eliminate traditional trust assumptions on parties and hold them accountable for their misbehavior. It is meant to establish trust in the first place and to recognize and react if this trust is violated. In this work, we discuss a protocol-agnostic definition of accountability: a protocol provides accountability (w.r.t. some security property) if it can identify all misbehaving parties, where misbehavior is defined as a deviation from the protocol that causes a security violation. We provide a mechanized method for the verification of accountability and demonstrate its use for verification and attack finding on various examples from the accountability and causality literature, including Certificate Transparency and Krollˆ\textbackslashtextbackslashprimes Accountable Algorithms protocol. We reach a high degree of automation by expressing accountability in terms of a set of trace properties and show their soundness and completeness.

Kwon, Y., Kim, H. K., Koumadi, K. M., Lim, Y. H., Lim, J. I..  2017.  Automated Vulnerability Analysis Technique for Smart Grid Infrastructure. 2017 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1–5.

A smart grid is a fully automated power electricity network, which operates, protects and controls all its physical environments of power electricity infrastructure being able to supply energy in an efficient and reliable way. As the importance of cyber-physical system (CPS) security is growing, various vulnerability analysis methodologies for general systems have been suggested, whereas there has been few practical research targeting the smart grid infrastructure. In this paper, we highlight the significance of security vulnerability analysis in the smart grid environment. Then we introduce various automated vulnerability analysis techniques from executable files. In our approach, we propose a novel binary-based vulnerability discovery method for AMI and EV charging system to automatically extract security-related features from the embedded software. Finally, we present the test result of vulnerability discovery applied for AMI and EV charging system in Korean smart grid environment.

Kleinmann, Amit, Wool, Avishai.  2016.  Automatic Construction of Statechart-Based Anomaly Detection Models for Multi-Threaded SCADA via Spectral Analysis. Proceedings of the 2Nd ACM Workshop on Cyber-Physical Systems Security and Privacy. :1–12.

Traffic of Industrial Control System (ICS) between the Human Machine Interface (HMI) and the Programmable Logic Controller (PLC) is highly periodic. However, it is sometimes multiplexed, due to multi-threaded scheduling. In previous work we introduced a Statechart model which includes multiple Deterministic Finite Automata (DFA), one per cyclic pattern. We demonstrated that Statechart-based anomaly detection is highly effective on multiplexed cyclic traffic when the individual cyclic patterns are known. The challenge is to construct the Statechart, by unsupervised learning, from a captured trace of the multiplexed traffic, especially when the same symbols (ICS messages) can appear in multiple cycles, or multiple times in a cycle. Previously we suggested a combinatorial approach for the Statechart construction, based on Euler cycles in the Discrete Time Markov Chain (DTMC) graph of the trace. This combinatorial approach worked well in simple scenarios, but produced a false-alarm rate that was excessive on more complex multiplexed traffic. In this paper we suggest a new Statechart construction method, based on spectral analysis. We use the Fourier transform to identify the dominant periods in the trace. Our algorithm then associates a set of symbols with each dominant period, identifies the order of the symbols within each period, and creates the cyclic DFAs and the Statechart. We evaluated our solution on long traces from two production ICS: one using the Siemens S7-0x72 protocol and the other using Modbus. We also stress-tested our algorithms on a collection of synthetically-generated traces that simulate multiplexed ICS traces with varying levels of symbol uniqueness and time overlap. The resulting Statecharts model the traces with an overall median false-alarm rate as low as 0.16% on the synthetic datasets, and with zero false-alarms on production S7-0x72 traffic. Moreover, the spectral analysis Statecharts consistently out-performed the previous combinatorial Statecharts, exhibiting significantly lower false alarm rates and more compact model sizes.

Kim, Suzi, Choi, Sunghee.  2016.  Automatic Generation of 3D Typography. ACM SIGGRAPH 2016 Posters. :21:1–21:2.
Three-dimensional typography (3D typography) refers to the arrangement of text in three-dimensional space. It injects vitality into the letters, thereby giving the viewer a strong impression that is hard to forget. These days, 3D typography plays an important role in daily life beyond the artistic design. It is easy to observe the 3D typography used in the 3D virtual space such as movie or games. Also it is used frequently in signboard or furniture design. Despite its noticeable strength, most of the 3D typography is generated by just a simple extrusion of flat 2D typography. Comparing with 2D typography, 3D typography is more difficult to generate in short time due to its high complexity.
Krawec, Walter O., Nelson, Michael G., Geiss, Eric P..  2017.  Automatic Generation of Optimal Quantum Key Distribution Protocols. Proceedings of the Genetic and Evolutionary Computation Conference. :1153–1160.
Quantum Key Distribution (QKD) allows two parties to establish a shared secret key secure against an all-powerful adversary. Typically, one designs new QKD protocols and then analyzes their maximal tolerated noise mathematically. If the noise in the quantum channel connecting the two parties is higher than this threshold value, they must abort. In this paper we design and evaluate a new real-coded Genetic Algorithm which takes as input statistics on a particular quantum channel (found using standard channel estimation procedures) and outputs a QKD protocol optimized for the specific given channel. We show how this method can be used to find QKD protocols for channels where standard protocols would fail.
Prinosil, J., Krupka, A., Riha, K., Dutta, M. K., Singh, A..  2015.  Automatic hair color de-identification. 2015 International Conference on Green Computing and Internet of Things (ICGCIoT). :732–736.

A process of de-identification used for privacy protection in multimedia content should be applied not only for primary biometric traits (face, voice) but for soft biometric traits as well. This paper deals with a proposal of the automatic hair color de-identification method working with video records. The method involves image hair area segmentation, basic hair color recognition, and modification of hair color for real-looking de-identified images.

Kim, Dongchil, Kim, Kyoungman, Park, Sungjoo.  2019.  Automatic PTZ Camera Control Based on Deep-Q Network in Video Surveillance System. 2019 International Conference on Electronics, Information, and Communication (ICEIC). :1–3.
Recently, Pan/Tilt/Zoom (PTZ) camera has been widely used in video surveillance systems. However, it is difficult to automatically control PTZ cameras according to moving objects in the surveillance area. This paper proposes an automatic camera control method based on a Deep-Q Network (DQN) for improving the recognition accuracy of anomaly actions in the video surveillance system. To generate PTZ camera control values, the proposed method uses the position and size information of the object which received from the video analysis system. Through implementation results, the proposed method can automatically control the PTZ camera according to moving objects.
Chen, Zhi-Guo, Kang, Ho-Seok, Yin, Shang-Nan, Kim, Sung-Ryul.  2017.  Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph. Proceedings of the International Conference on Research in Adaptive and Convergent Systems. :196–201.

In recent cyber incidents, Ransom software (ransomware) causes a major threat to the security of computer systems. Consequently, ransomware detection has become a hot topic in computer security. Unfortunately, current signature-based and static detection model is often easily evadable by obfuscation, polymorphism, compress, and encryption. For overcoming the lack of signature-based and static ransomware detection approach, we have proposed the dynamic ransomware detection system using data mining techniques such as Random Forest (RF), Support Vector Machine (SVM), Simple Logistic (SL) and Naive Bayes (NB) algorithms for detecting known and unknown ransomware. We monitor the actual (dynamic) behaviors of software to generate API calls flow graphs (CFG) and transfer it in a feature space. Thereafter, data normalization and feature selection were applied to select informative features which are the best for discriminating between various categories of software and benign software. Finally, the data mining algorithms were used for building the detection model for judging whether the software is benign software or ransomware. Our experimental results show that our proposed system can be more effective to improve the performance for ransomware detection. Especially, the accuracy and detection rate of our proposed system with Simple Logistic (SL) algorithm can achieve to 98.2% and 97.6%, respectively. Meanwhile, the false positive rate also can be reduced to 1.2%.

Yang, Ping, Shu, Hui, Kang, Fei, Bu, Wenjuan.  2020.  Automatically Generating Malware Summary Using Semantic Behavior Graphs (SBGs). 2020 Information Communication Technologies Conference (ICTC). :282–291.
In malware behavior analysis, there are limitations in the analysis method of control flow and data flow. Researchers analyzed data flow by dynamic taint analysis tools, however, it cost a lot. In this paper, we proposed a method of generating malware summary based on semantic behavior graphs (SBGs, Semantic Behavior Graphs) to address this issue. In this paper, we considered various situation where behaviors be capable of being associated, thus an algorithm of generating semantic behavior graphs was given firstly. Semantic behavior graphs are composed of behavior nodes and associated data edges. Then, we extracted behaviors and logical relationships between behaviors from semantic behavior graphs, and finally generated a summary of malware behaviors with true intension. Experimental results showed that our approach can effectively identify and describe malicious behaviors and generate accurate behavior summary.
Kelly, Daniel M., Wellons, Christopher C., Coffman, Joel, Gearhart, Andrew S..  2019.  Automatically Validating the Effectiveness of Software Diversity Schemes. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Supplemental Volume (DSN-S). :1–2.
Software diversity promises to invert the current balance of power in cybersecurity by preventing exploit reuse. Nevertheless, the comparative evaluation of diversity techniques has received scant attention. In ongoing work, we use the DARPA Cyber Grand Challenge (CGC) environment to assess the effectiveness of diversifying compilers in mitigating exploits. Our approach provides a quantitative comparison of diversity strategies and demonstrates wide variation in their effectiveness.