A Machine Learning Approach for Uniform Intrusion Detection

Saurabh Devulapalli (11167824)

23 July 2021

Intrusion Detection Systems are vital for computer networks as they protect against attacks that lead to privacy breaches and data leaks. Over the years, researchers have formulated intrusion detection systems (IDS) using machine learning and/or deep learning to detect network anomalies and identify four main attacks namely, Denial of Service (DoS), Probe, Remote to Local (R2L) and User to Root (U2R). However, the existing models are efficient in detecting just few of the aforementioned attacks while having inadequate detection rates for the rest. This deficiency makes it difficult to choose an appropriate IDS model when a user does not know what attacks to expect. Thus, there is a need for an IDS model that can detect, with uniform efficiency, all the four main classes of network intrusions. This research is aimed at exploring a machine learning approach to an intrusion detection model that can detect DoS, Probe, R2L and U2R attack classes with uniform and high efficiency. A multilayer perceptron was trained in an ensemble with J48 decision tree. The resultant ensemble learning model achieved over 85% detection rates for each of DoS, probe, R2L, and U2R attacks.

Pattern Recognition and Data Mining

Computer System Security

Machine Learning

Intrusion Detection

Modeling Rational Adversaries: Predicting Behavior and Developing Deterrents

Benjamin D Harsha (11186139)

26 July 2021

In the field of cybersecurity, it is often not possible to construct systems that are resistant to all attacks. For example, even a well-designed password authentication system will be vulnerable to password cracking attacks because users tend to select low-entropy passwords. In the field of cryptography, we often model attackers as powerful and malicious and say that a system is broken if any such attacker can violate the desired security properties. While this approach is useful in some settings, such a high bar is unachievable in many security applications e.g., password authentication. However, even when the system is imperfectly secure, it may be possible to deter a rational attacker who seeks to maximize their utility. In particular, if a rational adversary finds that the cost of running an attack is higher than their expected rewards, they will not run that particular attack. In this dissertation we argue in support of the following statement: Modeling adversaries as rational actors can be used to better model the security of imperfect systems and develop stronger defenses. We present several results in support of this thesis. First, we develop models for the behavior of rational adversaries in the context of password cracking and quantum key-recovery attacks. These models allow us to quantify the damage caused by password breaches, quantify the damage caused by (widespread) password length leakage, and identify imperfectly secure settings where a rational adversary is unlikely to run any attacks i.e. quantum key-recovery attacks. Second, we develop several tools to deter rational attackers by ensuring the utility-optimizing attack is either less severe or nonexistent. Specifically, we develop tools that increase the cost of offline password cracking attacks by strengthening password hashing algorithms, strategically signaling user password strength, and using dedicated Application-Specific Integrated Circuits (ASICs) to store passwords.

Computation Theory and Mathematics

Computer System Security

rational adversary

cryptography

passwords

password security

password cracking

USER ATTRIBUTION IN DIGITAL FORENSICS THROUGH MODELING KEYSTROKE AND MOUSE USAGE DATA USING XGBOOST

Shruti Gupta (12112488)

20 April 2022

<p>The increase in the use of digital devices, has vastly increased the amount of data used and consequently, has increased the availability and relevance of digital evidence. Typically, digital evidence helps to establish the identity of an offender by identifying the username or the user account logged into the device at the time of offense. Investigating officers need to establish the link between that user and an actual person. This is difficult in the case of computers that are shared or compromised. Also, the increasing amount of data in digital investigations necessitates the use of advanced data analysis approaches like machine learning, while keeping pace with the constantly evolving techniques. It also requires reporting on known error rates for these advanced techniques. There have been several research studies exploring the use of behavioral biometrics to support this user attribution in digital forensics. However, the use of the state-of-the-art XGBoost algorithm, hasn’t been explored yet. This study builds on previously conducted research by modeling user interaction using the XGBoost algorithm, based on features related to keystroke and mouse usage, and verifying the performance for user attribution. With an F1 score and Area Under the Receiver Operating Curve (AUROC) of .95, the algorithm successfully attributes the user event to the right user. The XGBoost model also outperforms other classifiers based on algorithms such as Support Vector Machines (SVM), Boosted SVM and Random Forest.</p>

Computer System Security

Computer-Human Interaction

digital forensics

user attribution

behavioral biometrics

USING TEMPORAL NETWORKS TO FIND THE INFLUENCER NODE OF THE BUGGY SITES IN THE CODE COMMUNITIES

Kanwardeep Singh Walia (12091133)

14 April 2022

<p>The cyber-attacks have increased, and with everything going digital, data theft has become a significant issue. This raises an alarm on the security of the source code. Sometimes, to release products early, the security of the code is compromised. Static analysis tools can help in finding possible security issues. Identifying and fixing the security issues may overwhelm the software developers. This process of "fixing" the errors or securing the code may take a lot of time, and the product may be released before all the errors are fixed. But these vulnerabilities in the source code may cost millions of dollars in case of a data breach. It is important to fix the security issues in the source code before releasing the product. This leads to the question of how to fix errors quickly so products can be rolled out with fewer security issues? A possible solution is to use temporal networks to find the influencer nodes in the source code. If these influencer variables are fixed, the connected security issues depending on the influencer in the community (functions) will also get fixed. The research question of the study: Can we identify the influencer node of the buggy site in the source code using temporal networks (K-tool) if the buggy sites present in the source code are identified using static analysis? The study also aims to know if it is faster to find the influencer node using the K-tool than the betweenness centrality algorithm. This research is an "Applied research" and will target the code written in C programming language. Possible vulnerabilities that can be fixed include "Integer Overflow", "Out of bounds", and "Buffer overflow." In the future, we plan to extend to other errors such as "Improper input validation." In this research, we will discuss how we can find the influencer node of the vulnerability (buggy site) in the source code after running the static analysis. Fixing this influencer node will fix the remaining errors pointed out by the static analysis. This will help in reducing the number of fixes to be done in the source code so that the product can be rolled out faster with less security issues.</p> <p><br></p>

Computer System Security

static analysis

influencers

nodes

C language

betweenness centrality

bugs

security

important nodes

TREE-BASED UNIDIRECTIONAL NEURAL NETWORKS FOR LOW-POWER COMPUTER VISION ON EMBEDDED DEVICES

Abhinav Goel (12468279)

27 April 2022

<p>Deep Neural Networks (DNNs) are a class of machine learning algorithms that are widelysuccessful in various computer vision tasks. DNNs filter input images and videos with manyconvolution operations in each layer to extract high-quality features and achieve high ac-curacy. Although highly accurate, the state-of-the-art DNNs usually require server-gradeGPUs, and are too energy, computation and memory-intensive to be deployed on most de-vices. This is a significant problem because billions of mobile and embedded devices that donot contain GPUs are now equipped with high definition cameras. Running DNNs locallyon these devices enables applications such as emergency response and safety monitoring,because data cannot always be offloaded to the Cloud due to latency, privacy, or networkbandwidth constraints.</p> <p>Prior research has shown that a considerable number of a DNN’s memory accesses andcomputation are redundant when performing computer vision tasks. Eliminating these re-dundancies will enable faster and more efficient DNN inference on low-power embedded de-vices. To reduce these redundancies and thereby reduce the energy consumption of DNNs,this thesis proposes a novel Tree-based Unidirectional Neural Network (TRUNK) architec-ture. Instead of a single large DNN, multiple small DNNs in the form of a tree work togetherto perform computer vision tasks. The TRUNK architecture first finds thesimilaritybe-tween different object categories. Similar object categories are grouped intoclusters. Similarclusters are then grouped into a hierarchy, creating a tree. The small DNNs at every nodeof TRUNK classify between different clusters. During inference, for an input image, oncea DNN selects a cluster, another DNN further classifies among the children of the cluster(sub-clusters). The DNNs associated with other clusters are not used during the inferenceof that image. By doing so, only a small subset of the DNNs are used during inference,thus reducing redundant operations, memory accesses, and energy consumption. Since eachintermediate classification reduces the search space of possible object categories in the image,the small efficient DNNs still achieve high accuracy.</p> <p>In this thesis, we identify the computer vision applications and scenarios that are wellsuited for the TRUNK architecture. We develop methods to use TRUNK to improve the efficiency of the image classification, object counting, and object re-identification problems.We also present methods to adapt the TRUNK structure for different embedded/edge ap-plication contexts with different system architectures, accuracy requirements, and hardware constraints.</p> <p>Experiments with TRUNK using several image datasets reveal the effectiveness of theproposed solution to reduce memory requirement by∼50%, inference time by∼65%, energyconsumption by∼65%, and the number of operations by∼45% when compared with existingDNN architectures. These experiments are conducted on consumer-grade embedded systems:NVIDIA Jetson Nano, Raspberry Pi 3, and Raspberry Pi Zero. The TRUNK architecturehas only marginal losses in accuracy when compared with the state-of-the-art DNNs.</p>

Computer Engineering

Computer Software

Computer Vision

Computer System Architecture

Computer Vision

Low-Power

Embedded Devices

SADDAS; a self-contained analog to digital data acquisition system.

Petersen, Walter Anton

01 January 1972

SADDAS, a. Self-contained Analog to Digital Data Acquisition System, converts analog voltage inputs to formatted BCD (binary coded decimal digital magnetic tape. SADDAS consists of a 16 channel multiplexer, a 17 bit (4 digits + sign) 40 microsecond analog to digital converter, a 512 byte 8 bit core memory, a 30 IPS (inches per second) digital tape recorder at a density of 556 cpi (characters per inch), and a controller which integrates these instruments into a flexible and easy-to-use system. Sampling rates in excess of 360 samples per second may be used when converting seven channels of data, such as IRIG (Inter Range Instrumentation Group) analog magnetic tapes.

SADDAS (Electronic computer system)

Computer and Systems Architecture

Computer Engineering

Data Storage Systems

INVESTIGATING ESCAPE VULNERABILITIES IN CONTAINER RUNTIMES

Michael J Reeves (10797462)

14 May 2021

Container adoption has exploded in recent years with over 92% of companies using containers as part of their cloud infrastructure. This explosion is partly due to the easy orchestration and lightweight operations of containers compared to traditional virtual machines. As container adoption increases, servers hosting containers become more attractive targets for adversaries looking to gain control of a container to steal trade secrets, exfiltrate customer data, or hijack hardware for cryptocurrency mining. To control a container host, an adversary can exploit a vulnerability that enables them to escape from the container onto the host. This kind of attack is termed a “container escape” because the adversary is able to execute code on the host from within the isolated container. The vulnerabilities which allow container escape exploits originate from three main sources: (1) container profile misconfiguration, (2) the host’s Linux kernel, and (3) the container runtime. While the first two cases have been studied in the literature, to the best of the author’s knowledge, there is, at present, no work that investigates the impact of container runtime vulnerabilities. To fill this gap, a survey over container runtime vulnerabilities was conducted investigating 59 CVEs for 11 different container runtimes. As CVE data alone would limit the investigation analysis, the investigation focused on the 28 CVEs with publicly available proof of concept (PoC) exploits. To facilitate this analysis, each exploit was broken down into a series of high-level commands executed by the adversary called “steps”. Using the steps of each CVE’s corresponding exploit, a seven-class taxonomy of these 28 vulnerabilities was constructed revealing that 46% of the CVEs had a PoC exploit which enabled a container escape. Since container escapes were the most frequently occurring category, the nine corresponding PoC exploits were further analyzed to reveal that the underlying cause of these container escapes was a host component leaking into the container. This survey provides new insight into system vulnerabilities exposed by container runtimes thereby informing the direction of future research.

Applied Computer Science

Computer System Security

containers

Container Runtime,

Security

vulnerability survey

CVE survey

Blockchain-Based Security Framework for the Internet of Things and Home Networks

Diego Miguel Mendez Mena (10711719)

27 April 2021

During recent years, attacks on Internet of Things (IoT) devices have grown significantly. Cyber criminals have been using compromised IoT machines to attack others, which include critical internet infrastructure systems. Latest attacks increase the urgency for the information security research community to develop new strategies and tools to safeguard vulnerable devices at any level. Millions of intelligent things are now part of home-based networks that are usually disregarded by solutions platforms, but not by malicious entities.<br>Therefore, the following document presents a comprehensive framework that aims to secure home-based networks, but also corporate and service provider ones. The proposed solution utilizes first-hand information from different actors from different levels to create a decentralized privacy-aware Cyber Threat Information (CTI) sharing network, capable of automate network responses by relying on the secure properties of the blockchain powered by the Ethereum algorithms.

Computer System Security

Internet of Things security

blockchain algorithm

network security technologies

network security system

Ethereum blockchain

Program structures and computer architectures for parallel processing

Montagne, Euripides.

January 1985

No description available.

Computer architecture.

Computer engineering.

Parallel programming (Computer science)

Vivaldi II (Computer system)

[en] A COMPUTER GRAPHICS SYSTEM FOR DOCKING FIGURES TARGETING THE PAPER PACKAGING INDUSTRY / [pt] UM SISTEMA DE COMPUTAÇÃO GRÁFICA PARA O ENCAIXE DE FIGURAS VISANDO O SETOR DE EMBALAGENS DE PAPEL

DOUGLAS POHL MARTINS

09 April 2018

[pt] Este trabalho apresenta o desenvolvimento de um sistema computacional para ser utilizado na diagramação (encaixe) de figuras planas em cartões retangulares na indústria de embalagens de papel. O sistema aparece como o primeiro passo para a automação total da fabricação de embalagens. Consta de quatro subsistemas: a edição de figuras; e edição de cores das arestas destas figuras; a confecção e edição de encaixes,onde se leva em conta a relação entre as cores das arestas das figuras de acordo com diferentes tipos de problema; a saída destes encaixes por plotter. É apresentada uma discussão detalhada sobre os cálculos de distância entre figuras e sua utilização no esquema de encaixe. Uma série de exemplos gráficos e apresentada cobrindo as diversas situações possíveis. / [en] This research work consists of the development of a computer system to be used in the nesting of plane figures on rectangular cardboards in the paper industry. This system is a first step towards the total automation of the manufacture of paper packs. The system consists of four parts: a figure editor; a subsystem for editing the colors of the edges; the nesting subsystem, in which the colors of the edges are taken into account; and a subsystem for outputing the drawings. A detailed discussion on the calculation of the distance between the figures and its influence on the nesting system is presented. Finally, graphical examples which cover the various possible situations are presented.