Biblio
Human face detection plays an essential role in the first stage of face processing applications. In this study, an enhanced face detection framework is proposed to improve detection rate based on skin color and provide a validation process. A preliminary segmentation of the input images based on skin color can significantly reduce search space and accelerate the process of human face detection. The primary detection is based on Haar-like features and the Adaboost algorithm. A validation process is introduced to reject non-face objects, which might occur during the face detection process. The validation process is based on two-stage Extended Local Binary Patterns. The experimental results on the CMU-MIT and Caltech 10000 datasets over a wide range of facial variations in different colors, positions, scales, and lighting conditions indicated a successful face detection rate.
In a continually evolving cyber-threat landscape, the detection and prevention of cyber attacks has become a complex task. Technological developments have led organisations to digitise the majority of their operations. This practice, however, has its perils, since cybespace offers a new attack-surface. Institutions which are tasked to protect organisations from these threats utilise mainly network data and their incident response strategy remains oblivious to the needs of the organisation when it comes to protecting operational aspects. This paper presents a system able to combine threat intelligence data, attack-trend data and organisational data (along with other data sources available) in order to achieve automated network-defence actions. Our approach combines machine learning, visual analytics and information from business processes to guide through a decision-making process for a Security Operation Centre environment. We test our system on two synthetic scenarios and show that correlating network data with non-network data for automated network defences is possible and worth investigating further.
Approximate Computing aims at trading off computational accuracy against improvements regarding performance, resource utilization and power consumption by making use of the capability of many applications to tolerate a certain loss of quality. A key issue is the dependency of the impact of approximation on the input data as well as user preferences and environmental conditions. In this context, we therefore investigate the concept of self-adaptive image processing that is able to autonomously adapt 2D-convolution filter operators of different accuracy degrees by means of partial reconfiguration on Field-Programmable-Gate-Arrays (FPGAs). Experimental evaluation shows that the dynamic system is able to better exploit a given error tolerance than any static approximation technique due to its responsiveness to changes in input data. Additionally, it provides a user control knob to select the desired output quality via the metric threshold at runtime.
Visual Tracking methods based on particle filter framework uses frequently the state space information of the target object to calculate the observation model, However this often gives a poor estimate if unexpected motions happen, or under conditions of cluttered backgrounds illumination changes, because the model explores the state space without any additional information of current state. In order to avoid the tracking failure, we address in this paper, Particle filter based visual tracking, in which the target appearance model is represented through an adaptive conjunction of color histogram, and space based appearance combining with velocity parameters, then the appearance models is estimated using particles whose weights, are incrementally updated for dynamic adaptation of the cue parametrization.
Wireless Sensor Network (WSN) provide the means for efficient intelligence, surveillance, and reconnaissance (ISR) applications. However, deploying such networks in irregular terrains can be time-consuming, error-prone, and in most cases, result in unpredictable performance. For example, when WSN are deployed in forests or terrains with vegetation, measuring campaigns (using trial/error) are required to determine the path loss driving node positioning to ensure network connectivity. This paper proposes an architecture for planning optimal deployments of WSN. Specifically, it proposes the use of airborne Light Detection and Ranging (LiDAR), an Inertial Measurement Unit (IMU), a Global Positioning System (GPS), and a Stereo Camera (SC) to detect forest characteristics with real-time mapping which reduces the need for trial campaigns; thus, minimizing costs, time, and complexity. The proposed approach expands the state-of-the-art to optimize the performance of WSN upon deployment.
The Internet of Things leads to the inter-connectivity of a wide range of devices. This heterogeneity of hardware and software poses significant challenges to security. Constrained IoT devices often do not have enough resources to carry the overhead of an intrusion protection system or complex security protocols. A typical initial step in network security is a network scan in order to find vulnerable nodes. In the context of IoT, the initiator of the scan can be particularly interested in finding constrained devices, assuming that they are easier targets. In IoT networks hosting devices of various types, performing a scan with a high discovery rate can be a challenging task, since low-power networks such as IEEE 802.15.4 are easily overloaded. In this paper, we propose an approach to increase the efficiency of network scans by combining them with active network measurements. The measurements allow the scanner to differentiate IoT nodes by the used network technology. We show that the knowledge gained from this differentiation can be used to control the scan strategy in order to reduce probe losses.
Performing large-scale malware classification is increasingly becoming a critical step in malware analytics as the number and variety of malware samples is rapidly growing. Statistical machine learning constitutes an appealing method to cope with this increase as it can use mathematical tools to extract information out of large-scale datasets and produce interpretable models. This has motivated a surge of scientific work in developing machine learning methods for detection and classification of malicious executables. However, an optimal method for extracting the most informative features for different malware families, with the final goal of malware classification, is yet to be found. Fortunately, neural networks have evolved to the state that they can surpass the limitations of other methods in terms of hierarchical feature extraction. Consequently, neural networks can now offer superior classification accuracy in many domains such as computer vision and natural language processing. In this paper, we transfer the performance improvements achieved in the area of neural networks to model the execution sequences of disassembled malicious binaries. We implement a neural network that consists of convolutional and feedforward neural constructs. This architecture embodies a hierarchical feature extraction approach that combines convolution of n-grams of instructions with plain vectorization of features derived from the headers of the Portable Executable (PE) files. Our evaluation results demonstrate that our approach outperforms baseline methods, such as simple Feedforward Neural Networks and Support Vector Machines, as we achieve 93% on precision and recall, even in case of obfuscations in the data.
The paper considers an issues of protecting data from unauthorized access by users' authentication through keystroke dynamics. It proposes to use keyboard pressure parameters in combination with time characteristics of keystrokes to identify a user. The authors designed a keyboard with special sensors that allow recording complementary parameters. The paper presents an estimation of the information value for these new characteristics and error probabilities of users' identification based on the perceptron algorithms, Bayes' rule and quadratic form networks. The best result is the following: 20 users are identified and the error rate is 0.6%.
In the past the security of building automation solely depended on the security of the devices inside or tightly connected to the building. In the last years more devices evolved using some kind of cloud service as a back-end or providers supplying some kind of device to the user. Also, the number of building automation systems connected to the Internet for management, control, and data storage increases every year. These developments cause the appearance of new threats on building automation. As Internet of Thing (IoT) and building automation intertwine more and more these threats are also valid for IoT installations. The paper presents new attack vectors and new threats using the threat model of Meyer et al.[1].
This paper presents a quantitative study of adaptive filtering to cancel the EMG artifact from ECG signals. The proposed adaptive algorithm operates in real time; it adjusts its coefficients simultaneously with signals acquisition minimizing a cost function, the summation of weighted least square errors (LSE). The obtained results prove the success and the effectiveness of the proposed algorithm. The best ones were obtained for the forgetting factor equals to 0.99 and the regularization parameter equals to 0.02..
There is a long-standing need for improved cybersecurity through automation of attack signature detection, classification, and response. In this paper, we present experimental test bed results from an implementation of autonomic control plane feedback based on the Observe, Orient, Decide, Act (OODA) framework. This test bed modeled the building blocks for a proposed zero trust cloud data center network. We present test results of trials in which identity management with automated threat response and packet-based authentication were combined with dynamic management of eight distinct network trust levels. The log parsing and orchestration software we created work alongside open source log management tools to coordinate and integrate threat response from firewalls, authentication gateways, and other network devices. Threat response times are measured and shown to be a significant improvement over conventional methods.
Cognitive radio networks (CRNs) enable secondary users (SU) to make use of licensed spectrum without interfering with the signal generated by primary users (PUs). To avoid such interference, the SU is required to sense the medium for a period of time and eventually use it only if the band is perceived to be idle. In this context, the encryption process is carried out for the SU requests prior to their transmission whilst the strength of the security in CRNs is directly proportional to the length of the encryption key. If a request of a PU on arrival finds an SU request being either encrypted or transmitted, then the SU is preempted from service. However, excessive sensing time for the detection of free spectrum by SUs as well as extended periods of the CRN being at an insecure state have an adverse impact on network performance. To this end, a generalized stochastic Petri net (GSPN) is proposed in order to investigate sensing vs. security vs. performance trade-offs, leading to an efficient use of the spectrum band. Typical numerical simulation experiments are carried out, based on the application of the Mobius Petri Net Package and associated interpretations are made.
Cyber-Physical Systems (CPS) such as Unmanned Aerial Systems (UAS) sense and actuate their environment in pursuit of a mission. The attack surface of these remotely located, sensing and communicating devices is both large, and exposed to adversarial actors, making mission assurance a challenging problem. While best-practice security policies should be followed, they are rarely enough to guarantee mission success as not all components in the system may be trusted and the properties of the environment (e.g., the RF environment) may be under the control of the attacker. CPS must thus be built with a high degree of resilience to mitigate threats that security cannot alleviate. In this paper, we describe the Agile and Resilient Embedded Systems (ARES) methodology and metric set. The ARES methodology pursues cyber security and resilience (CSR) as high level system properties to be developed in the context of the mission. An analytic process guides system developers in defining mission objectives, examining principal issues, applying CSR technologies, and understanding their interactions.
ICT systems have become an integral part of business and life. At the same time, these systems have become extremely complex. In such systems exist numerous vulnerabilities waiting to be exploited by potential threat actors. pwnPr3d is a novel modelling approach that performs automated architectural analysis with the objective of measuring the cyber security of the modeled architecture. Its integrated modelling language allows users to model software and hardware components with great level of details. To illustrate this capability, we present in this paper the metamodel of UNIX, operating systems being the core of every software and every IT system. After describing the main UNIX constituents and how they have been modelled, we illustrate how the modelled OS integrates within pwnPr3d's rationale by modelling the spreading of a self-replicating malware inspired by WannaCry.
Gaussian random attacks that jointly minimize the amount of information obtained by the operator from the grid and the probability of attack detection are presented. The construction of the attack is posed as an optimization problem with a utility function that captures two effects: firstly, minimizing the mutual information between the measurements and the state variables; secondly, minimizing the probability of attack detection via the Kullback-Leibler (KL) divergence between the distribution of the measurements with an attack and the distribution of the measurements without an attack. Additionally, a lower bound on the utility function achieved by the attacks constructed with imperfect knowledge of the second order statistics of the state variables is obtained. The performance of the attack construction using the sample covariance matrix of the state variables is numerically evaluated. The above results are tested in the IEEE 30-Bus test system.
Internet of Things (IoT) is characterized by heterogeneous devices that interact with each other on a collaborative basis to fulfill a common goal. In this scenario, some of the deployed devices are expected to be constrained in terms of memory usage, power consumption and processing resources. To address the specific properties and constraints of such networks, a complete stack of standardized protocols has been developed, among them the Routing Protocol for Low-Power and lossy networks (RPL). However, this protocol is exposed to a large variety of attacks from the inside of the network itself. To fill this gap, this paper focuses on the design and the integration of a novel Link reliable and Trust aware model into the RPL protocol. Our approach aims to ensure Trust among entities and to provide QoS guarantees during the construction and the maintenance of the network routing topology. Our model targets both node and link Trust and follows a multidimensional approach to enable an accurate Trust value computation for IoT entities. To prove the efficiency of our proposal, this last has been implemented and tested successfully within an IoT environment. Therefore, a set of experiments has been made to show the high accuracy level of our system.
Security of control systems have become a new and important field of research since malicious attacks on control systems indeed occurred including Stuxnet in 2011 and north eastern electrical grid black out in 2003. Attacks on sensors and/or actuators of control systems cause malfunction, instability, and even system destruction. The impact of attack may differ by which instrumentation (sensors and/or actuators) is being attacked. In particular, for control systems with multiple sensors, attack on each sensor may have different impact, i.e., attack on some sensors leads to a greater damage to the system than those for other sensors. To investigate this, we consider sensor bias injection attacks in linear control systems equipped with anomaly detector, and quantify the maximum impact of attack on sensors while the attack remains undetected. Then, we introduce a notion of sensor security index for linear dynamic systems to quantify the vulnerability under sensor attacks. Method of reducing system vulnerability is also discussed using the notion of sensor security index.
This paper presents a true random number generator that exploits the subthreshold properties of jitter of events propagating in a self-timed ring and jitter of events propagating in an inverter based ring oscillator. Design was implemented in 180nm CMOS flash process. Devices provide high quality random bit sequences passing FIPS 140-2 and NIST SP 800-22 statistical tests which guaranty uniform distribution and unpredictability thanks to the physics based entropy source.