Biblio
Denial-of-Service (DoS) attacks pose a threat to any service provider on the internet. While traditional DoS flooding attacks require the attacker to control at least as much resources as the service provider in order to be effective, so-called low-rate DoS attacks can exploit weaknesses in careless design to effectively deny a service using minimal amounts of network traffic. This paper investigates one such weakness found within version 2.2 of the popular Apache HTTP Server software. The weakness concerns how the server handles the persistent connection feature in HTTP 1.1. An attack simulator exploiting this weakness has been developed and shown to be effective. The attack was then studied with spectral analysis for the purpose of examining how well the attack could be detected. Similar to other papers on spectral analysis of low-rate DoS attacks, the results show that disproportionate amounts of energy in the lower frequencies can be detected when the attack is present. However, by randomizing the attack pattern, an attacker can efficiently reduce this disproportion to a degree where it might be impossible to correctly identify an attack in a real world scenario.
Cyber Physical Systems (CPS) are composed of multiple physical and computing components that are deeply intertwined, operate on differing spatial and temporal scales, and interact with one another in fluid, context dependent, manners. Cyber Physical Systems often include smart components that use local adaptation to improve whole system performance or to provide damage response. Evolvable and Adaptive Hardware (EAH) components, at least conceptually, are often represented as an enabling technology for such smart components. This paper will outline one approach to applying CPS thinking to better address a growing need to address Verification and Validation (V&V) questions related to the use of EAH smart components. It will argue that, perhaps fortuitously, the very adaptations EAH smart components employ for performance improvement may also be employed to maintain V&V capability.
Previously, we introduced Evolutionary Model Consistency Checking (EMCC) as an adjunct to Evolvable and Adaptive Hardware (EAH) methods. The core idea was to dual-purpose objective function evaluations to simultaneously enable EA search of hardware configurations while simultaneously enabling a model-based inference of the nature of the damage that necessitated the hardware adaptation. We demonstrated the efficacy of this method by modifying a pair of EAH oscillators inside a simulated Flapping-Wing Micro Air Vehicle (FW-MAV). In that work, we were able to show that one could, while online in normal service, evolve wing gait patterns that corrected altitude control errors cause by mechanical wing damage while simultaneously determining, with high precision, what the wing lift force deficits that necessitated the adaptation. In this work, we extend the method to be able to also determine wing drag force deficits. Further, we infer the now extended set of four unknown damage estimates without substantially increasing the number of objective function evaluations required. In this paper we will provide the outlines of a formal derivation of the new inference method plus experimental validation of efficacy. The paper will conclude with commentary on several practical issues, including better containment of estimation error by introducing more in-flight learning trials and why one might argue that these techniques could eventually be used on a true free-flying flapping wing vehicle.
Evolutionary Computation has been suggested as a means of providing ongoing adaptation of robot controllers. Most often, using Evolutionary Computation to that end focuses on recovery of acceptable robot performance with less attention given to diagnosing the nature of the failure that necessitated the adaptation. In previous work, we introduced the concept of Evolutionary Model Consistency Checking in which candidate robot controller evaluations were dual-purposed for both evolving control solutions and extracting robot fault diagnoses. In that less developed work, we could only detect single wing damage faults in a simulated Flapping Wing Micro Air Vehicle. We now extend the method to enable detection and diagnosis of both single wing and dual wing faults. This paper explains those extensions, demonstrates their efficacy via simulation studies, and provides discussion on the possibility of augmenting EC adaptation by exploiting extracted fault diagnoses to speed EC search.
To date, work in evolvable and adaptive hardware (EAH) has been largely isolated from primary inclusion into larger design processes. Almost without exception, EAH efforts are aimed at creating systems whole cloth, creating drop-in replacements for existing components of a larger design, or creating after-the-fact fixes for designs found to be deficient. This paper will discuss early efforts in integrating EAH methods into the design of a controller for a flapping-wing micro air vehicle (FWMAV). The FWMAV project is extensive, multidisciplinary, and on going. Because EAH methods were in consideration during its earliest design stages, this project provides a rich environment in which to explore means of effectively combining EAH and traditional design methodologies. In addition to providing a concrete EAH design that addresses potential problems with FWMAV flight in a unique way, this paper will also provide a provisional list of EAH design integration principles, drawn from our experiences to date.
Evolvable and Adaptive Hardware (EAH) Systems have been a subject of study for about two decades. This paper argues that viewing EAH devices in isolation from the larger systems in which they serve as components is somewhat dangerous in that EAH devices can subvert the design hierarchies upon which designers base verification and validation efforts. The paper proposes augmenting EAH components with additional machinery to enable the application of model-checking and related Cyber-Physical Systems techniques to extract evolving intra-module relationships for formal verification and validation purposes.
We proposed a multi-granularity approach to present risk information of mobile apps to the end users. Within this approach the highest level is a summary risk index, which allows quick and easy comparison among multiple apps that provide similar functionality. We have developed several types of risk index, such as text saying “High Risk” or number of filled circles (Gates, Chen, Li, & Proctor, 2014). Through both online and in-lab studies, we found that when presented the interface with the summary risk index, participants made more secure app-selection decisions. Subsequent research showed that framing of the summary risk information affects users’ app-selection decisions, and positive framing in terms of safety has an advantage over negative framing in terms of risk (Chen, Gates, Li, & Proctor, 2014).
In addition to the summary risk index, some users may also want more detailed risk information for the apps. We have been developing an intermediate-level risk display that presents only the major risk categories. As a first step, we conducted user studies to have expert users’ identify the major risk categories (personal privacy, monetary loss, and device stability) and validate the categories on typical users (Jorgensen, Chen, Gates, Li, Proctor, & Yu, 2015). In a subsequent study, we are developing a graphical display to incorporate these risk categories into the current app interface and test its effectiveness.
This multi-granularity approach can be applied to risk communication in other contexts. For example, in the context of communicating the potential risk associated with phishing attacks, an effective warning should be designed to include both higher-level and lower-level risk information: A higher-level index information about how likely an email message or website is a phishing one should be presented to users and inform them about the potential risk in an easy-to-comprehend manner; a more detailed explanation should also be available for users who want to know more about the warning and the index. We have completed a pilot study in this area and are initiating a full study to investigate the effectiveness of such an interface in preventing users from being phished successfully.
Recently personal information due to the APT attack, the economic damage and leakage of confidential information is a serious social problem, a great deal of research has been done to solve this problem. APT attacks are threatening traditional hacking techniques as well as to increase the success rate of attacks using sophisticated attack techniques such attacks Zero-Day vulnerability in order to avoid detection techniques and state-of-the-art security because it uses a combination of intelligence. In this paper, the malicious code is designed to detect APT attack based on APT attack behavior ontology that occur during the operation on the target system, it uses intelligent APT attack than to define inference rules can be inferred about malicious attack behavior to propose a method that can be detected.
to appear
In our previous work [1], we presented a study of using performance escalation to automatic detect Distributed Denial of Service (DDoS) types of attacks. We propose to enhance the work of security threat detection by using mobile phones as the detector to identify outliers of normal traffic patterns as threats. The mobile solution makes detection portable to any services. This paper also shows that the same detection method works for advanced persistent threats.