Global ETD Search

1	MULTIPLE LOGS ANALYSIS FOR DETECTING ZERO-DAY BACKDOOR TROJANS Caravut, Sinchai 15 May 2008 (has links) No description available. Computer Science detecting backdoor trojans
2	Detecting Backdoor Kao, Cheng-yuan 12 August 2004 (has links) Cyber space is like a society. Attacking events happen all the time. No matter what is in the cyber space. We need to do many things to defend our computers and network devices form attackers, for example: update patches, install anti-virus software, firewalls and intrusion detection system. In all kinds of network attacks, it is hard to detect that an attacker install a backdoor after he crack the system. He can do many things by the backdoor, like steal sensitive or secret information. Otherwise, intrusion detection systems are responsible for early warnings, but they usually need to capture all the network packets include the headers and contents to analyze. It costs many overheads for the system. The goal of our research is to detect backdoors correctly, and we only use the network packet headers to analyze. Network Security Backdoor Data Mining Intrusion Detection
3	Backdoor Detection based on SVM Tzeng, Zhong-Chiang 29 July 2005 (has links) With the improvement of computer technologies and the wide use of the Internet, network security becomes more and more significant. According to the relevant statistics, malicious codes such as virus, worms, backdoors, and Trojans launch a lot of attacks. Backdoors are especially critical. Not only can it cross firewalls and antivirus software but also will steal confidential information and misuse network resources and launch attacks such as DDoS¡]Distributed Denial of Service¡^. In this research, we analyze the properties and categories of backdoors and the application of data mining and support vector machines in intrusion detection. This research will focus on detecting the behavior of backdoor connection, and we propose a detecting architecture. The architecture is based on SVM, which is a machine learning method based on statistic theory and proposed by Vapnik to solve the problems in Neural Network techniques. In system modules, this research chooses IPAudit as our network monitor and libsvm as a SVM classifier. The packets captured by IPAudit will be classified into interactive or non-interactive flow by libsvm, and the result will be compared with legal service lists to determine whether a connection is a backdoor connection. We compare the accuracy of SVM, C4.5, and Na Intrusion Detection Backdoor Data Mining and Classification SVM
4	Check Your Other Door: Creating Backdoor Attacks in the Frequency Domain Hammoud, Hasan Abed Al Kader 04 1900 (has links) Deep Neural Networks (DNNs) are ubiquitous and span a variety of applications ranging from image classification and facial recognition to medical image analysis and real-time object detection. As DNN models become more sophisticated and complex, the computational cost of training these models becomes a burden. For this reason, outsourcing the training process has been the go-to option for many DNN users. Unfortunately, this comes at the cost of vulnerability to backdoor attacks. These attacks aim at establishing hidden backdoors in the DNN such that it performs well on clean samples but outputs a particular target label when a trigger is applied to the input. Current backdoor attacks generate triggers in the spatial domain; however, as we show in this work, it is not the only domain to exploit and one should always "check the other doors". To the best of our knowledge, this work is the first to propose a pipeline for generating a spatially dynamic (changing) and invisible (low norm) backdoor attack in the frequency domain. We show the advantages of utilizing the frequency domain for creating undetectable and powerful backdoor attacks through extensive experiments on various datasets and network architectures. Unlike most spatial domain attacks, frequency-based backdoor attacks can achieve high attack success rates with low poisoning rates and little to no drop in performance while remaining imperceptible to the human eye. Moreover, we show that the backdoored models (poisoned by our attacks) are resistant to various state-of-the-art (SOTA) defenses, and so we contribute two possible defenses that can successfully evade the attack. We conclude the work with some remarks regarding a network’s learning capacity and the capability of embedding a backdoor attack in the model. backdoor attacks robustness security deep neural networks
5	Harnessing tractability in constraint satisfaction problems Carbonnel, Clément 07 December 2016 (has links) (PDF) The Constraint Satisfaction Problem (CSP) is a fundamental NP-complete problem with many applications in artificial intelligence. This problem has enjoyed considerable scientific attention in the past decades due to its practical usefulness and the deep theoretical questions it relates to. However, there is a wide gap between practitioners, who develop solving techniques that are efficient for industrial instances but exponential in the worst case, and theorists who design sophisticated polynomial-time algorithms for restrictions of CSP defined by certain algebraic properties. In this thesis we attempt to bridge this gap by providing polynomial-time algorithms to test for membership in a selection of major tractable classes. Even if the instance does not belong to one of these classes, we investigate the possibility of decomposing efficiently a CSP instance into tractable subproblems through the lens of parameterized complexity. Finally, we propose a general framework to adapt the concept of kernelization, central to parameterized complexity but hitherto rarely used in practice, to the context of constraint reasoning. Preliminary experiments on this last contribution show promising results. Constraint Satisfaction Problem Tractable class Polymorphism Backdoor Parameterized complexity Kernelization
6	Harnessing tractability in constraint satisfaction problems / Algorithmes paramétrés pour des problèmes de satisfaction de contraintes presque traitables Carbonnel, Clément 07 December 2016 (has links) Le problème de satisfaction de contraintes (CSP) est un problème NP-complet classique en intelligence artificielle qui a suscité un engouement important de la communauté scientifique grâce à la richesse de ses aspects pratiques et théoriques. Cependant, au fil des années un gouffre s'est creusé entre les praticiens, qui développent des méthodes exponentielles mais efficaces pour résoudre des instances industrielles, et les théoriciens qui conçoivent des algorithmes sophistiqués pour résoudre en temps polynomial certaines restrictions de CSP dont l'intérêt pratique n'est pas avéré. Dans cette thèse nous tentons de réconcilier les deux communautés en fournissant des méthodes polynomiales pour tester automatiquement l'appartenance d'une instance de CSP à une sélection de classes traitables majeures. Anticipant la possibilité que les instances réelles ne tombent que rarement dans ces classes traitables, nous analysons également de manière systématique la possibilité de décomposer efficacement une instance en sous-problèmes traitables en utilisant des méthodes de complexité paramétrée. Finalement, nous introduisons un cadre général pour exploiter dans les CSP les idées développées pour la kernelization, un concept fondamental de complexité paramétrée jusqu'ici peu utilisé en pratique. Ce dernier point est appuyé par des expérimentations prometteuses. / The Constraint Satisfaction Problem (CSP) is a fundamental NP-complete problem with many applications in artificial intelligence. This problem has enjoyed considerable scientific attention in the past decades due to its practical usefulness and the deep theoretical questions it relates to. However, there is a wide gap between practitioners, who develop solving techniques that are efficient for industrial instances but exponential in the worst case, and theorists who design sophisticated polynomial-time algorithms for restrictions of CSP defined by certain algebraic properties. In this thesis we attempt to bridge this gap by providing polynomial-time algorithms to test for membership in a selection of major tractable classes. Even if the instance does not belong to one of these classes, we investigate the possibility of decomposing efficiently a CSP instance into tractable subproblems through the lens of parameterized complexity. Finally, we propose a general framework to adapt the concept of kernelization, central to parameterized complexity but hitherto rarely used in practice, to the context of constraint reasoning. Preliminary experiments on this last contribution show promising results. Problème de satisfaction de Contraintes Classe traitable Polymorphisme Backdoor Complexité paramétrée Kernelisation Constraint satisfaction Problem Tractable class Polymorphism Backdoor Parameterized complexity Kernelization 006
7	Kompilace KNF do backdoor decomposable monotone circuit / Compilation of a CNF into a backdoor decomposable monotone circuit Illner, Petr January 2021 (has links) An NNF circuit is a directed acyclic graph (DAG), where each leaf is labelled with either true/false or a literal, and each inner node represents either a conjunction (∧) or a disjunction (∨). A decomposable NNF (DNNF) is an NNF satisfying the decomposabi- lity property for each conjunction node. The C-BDMC language generalizes the DNNF language. In a C-BDMC, the leaves can contain CNF formulae from a given base class C. In this paper, we focus only on renamable Horn formulae. We experimentally compare the sizes of d-BDMC and d-DNNF representations. We describe a new compilation langu- age, called cara DNNF (c-DNNF), that generalizes the DNNF language. A c-DNNF circuit can be considered as a compressed representation of a DNNF circuit. We present a new experimental knowledge compiler, called CaraCompiler, for converting a CNF formula into a d-BDMC or a (c)d-DNNF circuit. CaraCompiler is based on the state-of-the-art compiler D4. Also, we mention some extensions for the compiler D4, such as caching hypergraph cuts that can reduce the compilation times. 1
8	Security Evaluation of Intel's Active Management Technology Ververis, Vassilios January 2010 (has links) Intel’s Active Management Technology (AMT) is, a hardware-based platform for remotely managing and securing personal computers out of band. AMT is available in most desktop and notebooks PCs equipped with an Intel Core 2, Centrino, or Centrino 2 processors with support for vPro technology. AMT operates independently of the platform processor and operating system. Remote platform management applications can access AMT securely, even when the platform is turned off, as long as the platform is connected to power supply and to a network. Developers can build applications that utilize AMT using the application programming interface (API) provided by Intel. While this might seem to enable creation of a powerful management tool, a secure infrastructure that is secure against insider and outsider attacks on an enterprise network is difficult. Unfortunately this technology can also potentially be used to create a powerful backdoor that is easily deployed and offers numerous features due to its almost unlimited permissions since the platform can be managed even though it is powered off. / Intel Active Management Technology (AMT) är en hårdvarubaserad plattform för avlägset att hantera och säkra datorer utanför bandet. AMT är tillgänglig de flesta stationära och bärbara dator utrustad med en Intel Core 2, Centrino, eller Centrino 2 processorer med stöd för vPro-teknik. AMT driver oberoende av plattform processor och operativsystem. Remote optimera hanteringen ansökningar kan komma åt AMT säkert, även om Plattformen är avstängd, så länge som plattform är ansluten till linjen makt och till ett nätverk. Utvecklare kan bygga applikationer som utnyttjar AMT använder Application Programming Interface från Intel. Även detta kan verkar för att möjliggöra skapandet av ett kraftfullt verktyg i förvaltningen, faktiskt skapar en säker infrastruktur som är säkert mot insider och outsider angrepp på företagets nätverk är svårt. Tyvärr har denna teknik kan komma i används för att skapa en kraftfull rootkit som är lätt att iordningställas och erbjuder flera egenskaper på grund av dess nästan obegränsade tillstånd eftersom plattformen kan lyckades även om den är avstängd. AMT vPRO out of band remote management backdoor stealth malware security Communication Systems Kommunikationssystem
9	Experimental Evaluation of Kleptographic Backdoors in LWE-based KEMs / Implementation och utvärdering av kleptografiska bakdörrar i LWE-baserad nyckelförhandling Rosén, Miriam January 2023 (has links) This work aims to provide an experimental evaluation of two kleptographic backdoors. The backdoors target the key generation step in Learning with Errors-based crypto algorithms and exploit freedom in choosing the seeds for the algorithm. Based on the descriptions, four variants were implemented, and their detectability was evaluated by measuring their running time and whether the output from the backdoors passed as uniformly random bit strings. Our results show that all variants of the backdoored seed generation were significantly slower than the normal routine, the fastest variant made key generation in Kyber take 10 times as long as normal. All variants did however pass the tests on uniformity. Additionally, previous work describes a countermeasure that makes the backdoors detectable. We have contributed with a description of how the detection could be implemented, and our measurements show that the detection routine makes the key generation approximately 8% slower. cryptography post-quantum backdoor kleptography Other Computer and Information Science Annan data- och informationsvetenskap
10	Network Service Misuse Detection: A Data Mining Approach Hsiao, Han-wei 01 September 2004 (has links) As network services progressively become essential communication and information delivery mechanisms of business operations and individuals¡¦ activities, a challenging network management issue emerges: network service misuse. Network service misuse is formally defined as ¡§abuses or unethical, surreptitious, unauthorized, or illegal uses of network services by those who attempt to mask their uses or presence that evade the management and monitoring of network or system administrators.¡¨ Misuses of network services would inappropriately use resources of network service providers (i.e., server machines), compromise the confidentiality of information maintained in network service providers, and/or prevent other users from using the network normally and securely. Motivated by importance of network service misuse detection, we attempt to exploit the use of router-based network traffic data for facilitating the detection of network service misuses. Specifically, in this thesis study, we propose a cross-training method for learning and predicting network service types from router-based network traffic data. In addition, we also propose two network service misuse detection systems for detecting underground FTP servers and interactive backdoors, respectively. Our evaluations suggest that the proposed cross-training method (specifically, NN->C4.5) outperforms traditional classification analysis techniques (namely C4.5, backpropagation neural network, and Naïve Bayes classifier). In addition, our empirical evaluation conducted in a real-world setting suggests that the proposed underground FTP server detection system could effectively identify underground FTP servers, achieving a recall rate of 95% and a precision rate of 34% (by the NN->C4.5 cross-training technique). Moreover, our empirical evaluation also suggests that the proposed interactive backdoor detection system have the capability in capturing ¡§true¡¨ (or more precisely, highly suspicious) interactive backdoors existing in a real-world network environment. Interactive Backdoor Detection Underground FTP Server Detection Network Management Network Service Misuse Detection Network Traffic Analysis Data Mining

Search results