Biblio

The complexity, multiplicity, and impact of cyber-attacks have been increasing at an alarming rate despite the significant research and development investment in cyber security products and tools. The current techniques to detect and protect cyber infrastructures from these smart and sophisticated attacks are mainly characterized as being ad hoc, manual intensive, and too slow. We present in this paper AIM-PSC that is developed jointly by researchers at AVIRTEK and The University of Arizona Center for Cloud and Autonomic Computing that is inspired by biological systems, which can efficiently handle complexity, dynamism and uncertainty. In AIM-PSC system, an online monitoring and multi-level analysis are used to analyze the anomalous behaviors of networks, software systems and applications. By combining the results of different types of analysis using a statistical decision fusion approach we can accurately detect any types of cyber-attacks with high detection and low false alarm rates and proactively respond with corrective actions to mitigate their impacts and stop their propagation.

When a complex scene such as rotation within a plane is encountered, the recognition rate of facial expressions will decrease much. A facial expression recognition algorithm based on CNN and LBP feature fusion is proposed in this paper. Firstly, according to the problem of the lack of feature expression ability of CNN in the process of expression recognition, a CNN model was designed. The model is composed of structural units that have two successive convolutional layers followed by a pool layer, which can improve the expressive ability of CNN. Then, the designed CNN model was used to extract the facial expression features, and local binary pattern (LBP) features with rotation invariance were fused. To a certain extent, it makes up for the lack of CNN sensitivity to in-plane rotation changes. The experimental results show that the proposed method improves the expression recognition rate under the condition of plane rotation to a certain extent and has better robustness.

Many attacks target vulnerabilities of home IoT devices, such as bugs in outdated software and weak passwords. The home network is at a vantage point for deploying security appliances to deal with such IoT attacks. We propose a comprehensive home network defense, Pot2DPI, and use it to raise an attacker's uncertainty about devices and enable the home network to monitor traffic, detect anomalies, and filter malicious packets. The security offered by Pot2DPI comes from a synthesis of practical techniques: honeypot, deep packet inspection (DPI), and a realization of moving target defense (MTD) in port forwarding. In particular, Pot2DPI has a chain of honeypot and DPI that collects suspicious packet traces, acquires attack signatures, and installs filtering rules at a home router timely. Meanwhile, Pot2DPI shuffles the mapping of ports between the router and the devices connected to it, making a targeted attack difficult and defense more effective. Pot2DPI is our first step towards securing a smart home.

Malware analysis relies heavily on the use of virtual machines (VMs) for functionality and safety. There are subtle differences in operation between virtual and physical machines. Contemporary malware checks for these differences and changes its behavior when it detects a VM presence. These anti-VM techniques hinder malware analysis. Existing research approaches to uncover differences between VMs and physical machines use randomized testing, and thus cannot guarantee completeness. In this article, we propose a detect-and-hide approach, which systematically addresses anti-VM techniques in malware. First, we propose cardinal pill testing—a modification of red pill testing that aims to enumerate the differences between a given VM and a physical machine through carefully designed tests. Cardinal pill testing finds five times more pills by running 15 times fewer tests than red pill testing. We examine the causes of pills and find that, while the majority of them stem from the failure of VMs to follow CPU specifications, a small number stem from under-specification of certain instructions by the Intel manual. This leads to divergent implementations in different CPU and VM architectures. Cardinal pill testing successfully enumerates the differences that stem from the first cause. Finally, we propose VM Cloak—a WinDbg plug-in which hides the presence of VMs from malware. VM Cloak monitors each execute malware command, detects potential pills, and at runtime modifies the command’s outcomes to match those that a physical machine would generate. We implemented VM Cloak and verified that it successfully hides VM presence from malware.

Volumetric DDoS attacks continue to inflict serious damage. Many proposed defenses for mitigating such attacks assume that a monitoring system has already detected the attack. However, many proposed DDoS monitoring systems do not focus on efficiently analyzing high volume network traffic to provide important characterizations of the attack in real-time to downstream traffic filtering systems. We propose a scalable real-time framework for an effective volumetric DDoS monitoring system that leverages modern big data technologies for streaming analytics of high volume network traffic to accurately detect and characterize attacks.

Facial expression recognition (FER) for emotion inference has become one of the most important research fields in human-computer interaction. Existing study on FER mainly focuses on visible images, whereas varying lighting conditions may influence their performances. Recent studies have demonstrated the advantages of infrared thermal images reflecting the temperature distributions, which are robust to lighting changes. In this paper, a novel infrared image sequence based FER method is proposed using spatiotemporal feature analysis and deep Boltzmann machines (DBM). Firstly, a dense motion field among infrared image sequences is generated using optical flow algorithm. Then, PCA is applied for dimension reduction and a three-layer DBM structure is designed for final expression classification. Finally, the effectiveness of the proposed method is well demonstrated based on several experiments conducted on NVIE database.

The increasing growth of cybercrimes targeting mobile devices urges an efficient malware analysis platform. With the emergence of evasive malware, which is capable of detecting that it is being analyzed in virtualized environments, bare-metal analysis has become the definitive resort. Existing works mainly focus on extracting the malicious behaviors exposed during bare-metal analysis. However, after malware analysis, it is equally important to quickly restore the system to a clean state to examine the next sample. Unfortunately, state-of-the-art solutions on mobile platforms can only restore the disk, and require a time-consuming system reboot. In addition, all of the existing works require some in-guest components to assist the restoration. Therefore, a kernel-level malware is still able to detect the presence of the in-guest components. We propose Bolt, a transparent restoration mechanism for bare-metal analysis on mobile platform without rebooting. Bolt achieves a reboot-less restoration by simultaneously making a snapshot for both the physical memory and the disk. Memory snapshot is enabled by an isolated operating system (BoltOS) in the ARM TrustZone secure world, and disk snapshot is accomplished by a piece of customized firmware (BoltFTL) for flash-based block devices. Because both the BoltOS and the BoltFTL are isolated from the guest system, even kernel-level malware cannot interfere with the restoration. More importantly, Bolt does not require any modifications into the guest system. As such, Bolt is the first that simultaneously achieves efficiency, isolation, and stealthiness to recover from infection due to malware execution. We have implemented a Bolt prototype working with the Android OS. Experimental results show that Bolt can restore the guest system to a clean state in only 2.80 seconds.

Cryptanalysis (the study of methods to read encrypted information without knowledge of the encryption key) has traditionally been separated into mathematical analysis of weaknesses in cryptographic algorithms, on the one hand, and side-channel attacks which aim to exploit weaknesses in the implementation of encryption and decryption algorithms. Mathematical analysis generally makes assumptions about the algorithm with the aim of reconstructing the key relating plain text to cipher text through brute-force methods. Complexity issues tend to dominate the systematic search for keys. To date, there has been very little research on a third cryptanalysis method: learning the key through convergence based on associations between plain text and cipher text. Recent advances in deep learning using multi-layered artificial neural networks (ANNs) provide an opportunity to reassess the role of deep learning architectures in next generation cryptanalysis methods based on neurocryptography (NC). In this paper, we explore the capability of deep ANNs to decrypt encrypted messages with minimum knowledge of the algorithm. From the experimental results, it can be concluded that DNNs can encrypt and decrypt to levels of accuracy that are not 100% because of the stochastic aspects of ANNs. This aspect may however be useful if communication is under cryptanalysis attack, since the attacker will not know for certain that key K used for encryption and decryption has been found. Also, uncertainty concerning the architecture used for encryption and decryption adds another layer of uncertainty that has no counterpart in traditional cryptanalysis.

Cellular Automata based computing paradigm is an efficient platform for modeling complicated computational problems. This can be used for various applications in the field of Cryptography. In this paper, it is used for generating a DNA cryptography based encryption algorithm. The encoded message in binary format is encrypted to cipher colors with the help of a simple algorithm based on the principles of DNA cryptography and cellular automata. The message will be in compressed form using XOR operator. Since cellular automata and DNA cryptographic principles are exploited, high level of parallelism, reversibility, uniformity etc. can be achieved.

The data accessibility anytime and anywhere is nowadays the key feature for information technology enabled by the ubiquitous network system for huge applications. However, security and privacy are perceived as primary obstacles to its wide adoption when it is applied to the end user application. When sharing sensitive information, personal s' data protection is the paramount requirement for the security and privacy to ensure the trustworthiness of the service provider. To this end, this paper proposes communication security protocol to achieve data protection when a user is sending his sensitive data to the network through gateway. We design a cipher content and key exchange computation process. Finally, the performance analysis of the proposed scheme ensure the honesty of the gateway service provider, since the user has the ability to control who has access to his data by issuing a cryptographic access credential to data users.

Entity authentication is one of the fundamental information security properties for secure transactions and communications. The combination of biometrics with cryptography is an emerging topic for authentication protocol design. Among the existing biometrics (e.g., fingerprint, face, iris, voice, heart), the heart-signal contains liveness property of biometric samples. In this paper, a remote entity authentication protocol has been proposed based on the randomness of heart biometrics combined with chaos cryptography. To this end, initial keys are generated for chaotic logistic maps based on the heart-signal. The authentication parameters are generated from the initial keys that can be used for claimants and verifiers to authenticate and verify each other, respectively. In this proposed technique, as each session of communication is different from others, therefore many session-oriented attacks are prevented. Experiments have been conducted on sample heart-signal for remote authentication. The results show that the randomness property of the heart-signal can help to implement one of the famous secure encryption, namely one-time pad encryption.

The quantity of information that is collected and stored in computer systems continues to grow rapidly. At the same time, the sensitivity of such information (e.g., detailed medical records) often makes such information valuable to both external attackers, who may obtain information by compromising a system, and malicious insiders, who may misuse information by exercising their authorization. To mitigate compromises and deter misuse, the security administrators of these resources often deploy various types of intrusion and misuse detection systems, which provide alerts of suspicious events that are worthy of follow-up review. However, in practice, these systems may generate a large number of false alerts, wasting the time of investigators. Given that security administrators have limited budget for investigating alerts, they must prioritize certain types of alerts over others. An important challenge in alert prioritization is that adversaries may take advantage of such behavior to evade detection - specifically by mounting attacks that trigger alerts that are less likely to be investigated. In this paper, we model alert prioritization with adaptive adversaries using a Stackelberg game and introduce an approach to compute the optimal prioritization of alert types. We evaluate our approach using both synthetic data and a real-world dataset of alerts generated from the audit logs of an electronic medical record system in use at a large academic medical center.

(No abstract.)

Centrality measures have perpetually been helpful to find the foremost central or most powerful node within the network. There are numerous strategies to compute centrality of a node however in social networks betweenness centrality is the most widely used approach to bifurcate communities within the network, to find out the susceptibility within the complex networks and to generate the scale free networks whose degree distribution follows the power law. In this paper, we've computed betweenness centrality by identifying communities lying within the network. Our algorithm efficiently updates the centrality of the nodes whenever any edge or vertex addition or deletion takes place within the dynamic network by modifying solely a subset of vertices. For the vertex addition, Incremental Algorithm has been used in which Streaming graphs has also been considered. Brandes approach is the most widely used approach for finding out the betweenness centrality however it's still expensive for growing networks since it takes O(mn+n2logn) amount of time and O(n+m) space however our approach efficiently updates the centrality of the nodes by taking O(textbarStextbarn+textbarStextbarnlogn) amount of time where textbarStextbar is the subset of the vertices,m is the number of edges, n is the number of vertices and textbarStextbar≤n holds true.

Although Hebbian learning has long been a key component in understanding neural plasticity, it has not yet been successful in modeling modulatory feedback connections, which make up a significant portion of connections in the brain. We develop a new learning rule designed around the complications of learning modulatory feedback and composed of three simple concepts grounded in physiologically plausible evidence. Using border ownership as a prototypical example, we show that a Hebbian learning rule fails to properly learn modulatory connections, while our proposed rule correctly learns a stimulus-driven model. To the authors' knowledge, this is the first time a border ownership network has been learned. Additionally, we show that the rule can be used as a drop-in replacement for a Hebbian learning rule to learn a biologically consistent model of orientation selectivity, a network which lacks any modulatory connections. Our results predict that the mechanisms we use are integral for learning modulatory connections in the brain and furthermore that modulatory connections have a strong dependence on inhibition.

Using shape context descriptors in the distance uneven grouping and its more extensive description of the shape feature, so this descriptor has the target contour point set deformation invariance. However, the twisted adhesions verification code have more outliers and more serious noise, the above-mentioned invariance of the shape context will become very bad, in order to solve the above descriptors' limitations, this article raise a new algorithm based on the relative shape context and point pattern matching to identify codes. And also experimented on the CSDN site's verification code, the result is that the recognition rate is higher than the traditional shape context and the response time is shorter.

Government-sanctioned and market-based anti-piracy measures can both mitigate economic harm from piracy.