PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
This PDF file contains the front matter associated with SPIE Proceedings Volume 10630, including the Title Page, Copyright information, Table of Contents, and Conference Committee listing.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Moving target defense (MTD) is a defense method for defending client/server applications. MTD works to abstract some portion of how a system works in order to make the application more difficult for an attacker to defeat. Argonne is developing three different implementations: Multiple OS Rotational Environment (MORE-MTD), Dynamic Application Rotational Environment (DARE-MTD), and Stream Splitting (SS-MTD). MORE-MTD rotates the host operating systems to mitigate known/unknown exploits from attackers. By moving the target to a different operating system in a given amount of time, the attacker will be forced to gather data on the target and attempt an exploit in that given amount of time. DARE-MTD takes the same approach as MORE-MTD, but the rotation is focused on the application hosting service rather than the operating system. By rotating the application service, this can mitigate potential vulnerabilities in the service that could be exploited by an attacker. SS-MTD sends data packets over multiple communication channels mitigating the possibility of an attacker intercepting a complete stream of data at any single point. Once the complete data is split into data packets, SS-MTD handles the distribution of the packets through different mediums and/or different hosts across the internet. The receiving mediums and/or hosts would then send the data packets to the designated target converging all data packets back into the complete stream of data. In the event of an attack for all MTD implementations, the probability of success by the attacker is significantly decreased and the resiliency of each system is increased.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
During a playoff game, the visual boards throughout a sold-out stadium displays warnings to evacuate because of a hazardous situation, such as a fire inside the venue. Suddenly, spectators are panicked, stadium workers are confused, and the evacuation team designated by the venue begins the task of getting a large crowd out safely and effectively. The power then suddenly goes out amidst the evacuation efforts. This disconcerting event might have begun with a cyber attack on the systems controlling the stadium. A cyber attacker might have gained access to remotely controllable systems, possibly causing physical harm. With professional sports teams and stadiums becoming more and more connected through technology for an improved spectator experience, an increased need for cybersecurity is evident. Fans are susceptible to phishing scams through mobile applications, while remotely controlled systems are vulnerable to hacking. Public wireless networks are open to man-in-the-middle attacks. Professional stadiums may also be in close proximity to one another in large cities, leading to traffic management issues as well as network isolation concerns. If shared or wireless networking resources exist among more than one entity, propagation across the network may occur, leaving multiple venues open to malicious actors. Also, with the increased reliance on technological capabilities throughout sports, the integrity of the game can be negatively impacted. The integration of cyber into such aspects of the game as player performance and data analytics can leave teams within various leagues susceptible to cyber attacks.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
We will review Saltzer and Schroeder’s security principles of (1) complete mediation; (2) least privilege; and (3) privilege separation. We will also briefly review security tag (or label) propagation. In security tag propagation, a set of rules are used to compute the security attributes of each computation. For example, C = A + B, where A is trusted and B is not trusted. The result C is labeled not trusted. We do not want to use the untrusted result, C, to control any shared computer resource. Using an untrusted result to control (or manage) a shared resource would leave a cybersecurity vulnerability. We illustrate how security tag (or label) propagation can be implemented in the two level security tag architecture in the OS Friendly Microprocessor Architecture. We describe the benefits of using two level security tags for security tag computations.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Side-channel signals have long been used in cryptanalysis, and recently they have also been utilized as a way to monitor program execution without involving the monitored system in its own monitoring. Both of these use-cases for side-channel analysis have seen steady improvement, allowing ever-smaller deviations in program behavior to be monitored (to track program behavior and/or identify anomalies) or exploited (to steal sensitive information). However, there is still very little intuition about where the limits for this are, e.g. whether a single-instruction or a single-bit difference can realistically be recovered from the signal.
In this paper, we use a popular open-source cryptographic software package as a test subject to demonstrate that, with enough training data, enough signal bandwidth, and enough signal-to-noise ratio, the decision of branch instructions that cause even single-instruction-differences in program execution can be recovered from the electromagnetic (EM) emanations of an IoT/embedded system. We additionally show that, in cryptographic implementations where branch decisions contain information about the secret key, nearly all such information can be extracted from the signal that corresponds to only a single cryptographic operation (e.g. encryption). Finally, we analyze how the received signal bandwidth, the amount of training, and the signal-to-noise ratio (SNR) affect the accuracy of side-channel-based reconstruction of individual branch decisions that occur during program execution.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
In computer systems, information leaks from the physical hardware through side-channel signals such as power draw. We can exploit these signals to infer the state of ongoing computational tasks without having direct access to the device. This paper investigates the application of recent deep learning techniques to side-channel analysis in both classification of machine state and anomaly detection. We use real data collected from three different devices: an Arduino, a Raspberry Pi, and a Siemens PLC. For classification we compare the performance of a Multi-Layer Perceptron and a Long Short-Term Memory classifiers. Both achieve near-perfect accuracy on binary classification and around 90% accuracy on a multi-class problem. For anomaly detection we explore an autoencoder based model. Our experiments show the potential of using these deep learning techniques in side-channel analysis and cyber-attack detection.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Todays commercial processors provide various hardware capabilities for monitoring and protecting systems from cyber intrusions. One technique suggested in the literature is to utilize hardware assisted virtualization (HAV) capabilities of modern processors and a hypervisor to provide security protections for a virtualized operating system (OS) and applications. Under this design, however, the security of the hypervisor is critically important. We use a formally verified microkernel (the security embedded L4, or seL4, microkernel) as a security hypervisor in order to provide a strong foundation for building security protections. We report on a series of experiments that measure the overheads associated with adding security protections into a system via our security hypervisor. Our security hypervisor uses common capabilities found in HAV extensions of modern processors to regain execution control every time the guest OS performs a context switch. This enables the hypervisor to perform additional security checks before running applications, including code verification and data integrity checks. Utilizing HAV in this manner adds significant overhead to guest OS context switches, an average of 6X in our experiments. To understand how this overhead affects system performance, we conducted experiments to measure the performance of a webserver under heavy traffic load. The system performance overhead with the context switch hooks in place was negligible. Therefore, utilizing HAV with a formally verified microkernel hypervisor is a viable and resource-effective method for enabling security protections.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Internet of Things (IoT) and other similar devices often have little to no security and thus can be readily exploited in any number of ways. In this work, we collect radio frequency (RF) emissions from simple processors on several IoT devices and apply machine learning techniques to detect modifications (corrupted or injected via malware) in ‘known’ software running on the processor. We can detect these modifications due to the correlation between RF emissions and the digital state of the devices. Every bit flip produces a small but potentially detectable electrical pulse. Our approach to developing the recognition algorithm is to adapt to the variability created by the input data by recognizing the sequences in which instruction blocks are executed. Seemingly minor changes to input values can have a detectable effect on the measured RF side channel. We collect RF data from a variety of IoT devices with clock speeds varying from 16-96 MHz. A 1-GHz Riscure RF near-field antenna probe was placed within a millimeter of the IoT device, RF emissions were acquired, and software controls triggered data collection. A classification architecture was trained using object code portioned into blocks to develop the truth data. We then applied new data to the trained block classifier. This approach detects deviations in individual blocks and block sequences as a whole, allowing a greater level of detection resolution than just binary ‘Yes/No’ classification. Initial testing results showed greater than 90% classification accuracy for block-level modifications, and we can detect deviations from truth data with 100% accuracy.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
We applied machine learning to detect changes in state of key registers in digital devices from their analog RF emissions. As digital devices operate, they emit information via analog side channels. We collected the RF side channel with a 500-MHz shielded loop probe from Riscure, placed in the nearfield (<1mm) of the device under test (DuT). We investigated a number of Internet-of-Thing (IoT) DuTs including Arduino Uno and PIC24 processors. Conventional processors implement instructions as a sequence of subtasks. The first subtasks include incrementing the program counter (PC) register and fetching the next instruction from program memory to the instruction register (IR). These two subtasks occur almost every instruction cycle. We ran programs on the DuT and collected the RF emissions. We parsed the object code of the programs to determine the state of key registers including the PC and IR during each instruction cycle and observed that the RF signal of each cycle is strongly correlated with the Hamming Distance (HD) (i.e., the number of bits changing) in the PC and IR registers. Based on this result, we developed classifiers to extract the HD of the PC, IR, as well as the stack pointer (SP). The classification results vary with true HD as some values are rare and have few examples in the training set. The classification accuracy exceeds 99% for the PC and the IR. Due to the relatively few HD in the training set for the SP, its results slightly exceeded 97%.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Field Programmable Gate Arrays (FPGAs) are increasingly vital components of electronic systems used in numerous industries. FPGAs possess well-documented logic and hardware vulnerabilities that could allow an adversary to penetrate and manipulate FPGA-based electronic infrastructure. To detect such attacks against FPGA firmware, we developed a technique that exploits the unintended RF side-channel emitted from an FPGA. Our approach presumes that malicious modification to a trusted FPGA bitstream will result in changes in radio frequency (RF) emissions—changes that our technique can detect and measure using signal processing and machine learning. The development of our RF side-channel technique was divided into three tasks: (1) determine if firmware changes can be detected using side-channel emissions, (2) determine the minimum firmware change that can be detected, and (3) extend our approach to work across multiple devices of the same type. We used the Digilent Arty development board to accomplish these tasks. We developed baseline firmware for the board and then generated additional bitstreams that incorporated quantifiable changes in the logic and placement. We then collected RF side-channel emissions for each bitstream using the Riscure EM Probe Station, which uses a 1 GHz bandwidth near-field antenna. Using our RF side-channel approach, we were able to detect the movement of a single register or lookup table element by one slice. We proved the effectiveness of our technique to detect changes across multiple FPGAs of the same type by achieving detection accuracy greater than 98%.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
We use machine learning to characterize the state of digital devices based on their analog emissions. As digital devices operate, they emit internal information into a number of analog side channels. Remote sensing of these unintended signals leads to low signal-to-noise-ratio (SNR) and significant clutter. We developed classifiers to determine which program is executing on a digital device based on analog radio-frequency (RF) emissions collected via a 500-MHz Riscure RF probe. A standard algorithm was developed to serve as a baseline program and intrusions were simulated by introducing minor modifications to this program. We collected a thousand RF traces from each of these modified programs running on ten different devices for thousands of instruction cycles. The ten devices tested are representative of the Internet of Things (IoT) devices including Arduino Unos and PIC24 processors. Our primary approach to mitigating the impact of low SNR is to extend the program execution and signal collection time. Collecting a training set with more traces than samples is not practical. Even after down-sampling the raw data to thirty samples per instruction, the number of samples exceeds the number of traces by orders of magnitude. Such a training set nearly guarantees overlearning. To mitigate this, we present our Whitened Mean Classifier as a method to whiten this sparse training set and avoid overlearning. Classification accuracy exceeded 90% for the modified programs on a subset of the ten devices.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
All digital devices leak information through unintended emissions into analog side channels. The RF side channel enables passive collection of high-bandwidth information about the digital state of the device. We collected these RF emissions with a 500-MHz Riscure probe placed in the nearfield of the device under test (DuT) and applied machine learning to detect what program is running on the processor to identify malware intrusions. We explored the applicability of a generalized algorithm classification infrastructure built from a training set of similar DuTs to a similar device from a different production batch (same model number, different serial number.) We collected RF-SC data for five programs running on 28 distinct Arduino Unos (and 28 MSP430 processors.) We trained program classifiers on RF data from all but one DuT and tested the classifiers on the device withheld from the training set. The high-SNR signal provided by the Riscure probe enabled almost perfect classification results when we trained and tested on the same device. Our classification results remained above 99% when we generalized testing to the new DuT of the same model but a different serial number. The classifier was trained on 27 of the devices and tested to determine its ability to detect deviations from a baseline algorithm on a withheld device. The worst misclassification rate was a mere 0.08%.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
We propose using out-of-band emanations from embedded devices in order to detect malicious code execution. We passively monitor involuntary electromagnetic (EM) emissions from embedded devices to find and detect new signals. We demonstrate the efficacy and feasibility of an EM emanation based anomaly detection system using commercial off-the-shelf (COTS) software defined radio (SDR) hardware to detect code execution on an industrial control system (the Allen-Bradley 1756-EWEB module). We have developed a fully automated training and testing framework for this anomaly detection system. In this paper, we describe the system architecture, the cliff-detection algorithm used to process the received emanations, the testing setup and procedures, and our results. When trained on one set of EWEB modules and tested on a separate set, we present an experimental prototype capable of detecting unknown (attack) code execution with 98% accuracy at 100% detection rate. We present data supporting the robustness of these results across 16 physical device instances and with training recordings taken months apart from testing recordings.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
As the Internet of Things (IoT) grows to include billions of connected devices, securing these devices from executing malicious code has become a primary concern. Traditional methods of security such as anti-malware software and firewall protection are often impractical due to the limited computing resources these devices often feature. Given these conditions, one possible approach to securing IoT devices is external monitoring for detection of anomalous behavior. Much like spectral signatures used in remote sensing for object identification, Internet of Things (IoT) devices unintentionally generate a unique signature in the radio frequency (RF) spectrum based on the code being executed. This study investigates methods for processing time domain RF data into a set of machine learning features that can be used to distinguish between a set of known instructions, sub-routines, and programs. A feature clustering approach using the magnitude of points in the frequency spectrum is presented along with other feature extraction methods.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Modern Department of Defense mission systems are very complex and therefore arduous to defend, especially in the cyber domain. A major cause for this concern arises from the fact that implementation of security protections occur at a local scale, while the important operational security issues stem from a global perspective of the system, e.g., mission assurance. Being able to understand network-wide implications of local cyber protections has the potential to significantly impact the strategies we use to protect modern mission systems. In this work, we present a graph-theoretic perspective on this problem, which is based on a framework for modeling and assessing the integrated cyber-physical dynamics of complex systems. Under the framework, these dynamics (and their relationships) are modeled as a graph and then analyzed using processing techniques from graphtheory. We demonstrate the utility of this framework by conducting insider-attack threat analysis and show how the application of security protections at a local scale impact network-wide security properties from an insider perspective. As a test case, we study the problem of search and rescue (SAR) using unmanned aerial vehicle teams. Unmanned vehicle teams engaged in SAR are prototypical cyber-physical systems, in which local intrusions may cause global disruptions. Here, we describe how the insider modeling framework for cyber-physical dynamics applies to this problem and present results of a network-wide assessment of security properties of the system. We use this assessment to design a security protection for the system in which we use cryptographically secure computation techniques to limit the amount of information sharing required between system components without degrading the correct operation of the system. We show how the application of these techniques on a local scale impacts the security properties of the system on a global scale.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
IoT devices are systematically vulnerable to vendor introduced bugs, network as well as supply chain attacks. Further, unprotected and unmonitored physical access is common while single board computer based IoT devices have limited or no ability to detect and mitigate most types of attacks. Various methods have been described that use software based analysis, execution monitoring, and other cryptographic functions but these methods are not practical for small devices and often require modifications or additions to a simple sensor board that uses more power and is itself vulnerable to software bugs. Also, additional software space for non-mission code is difficult or not possible to add. This paper describes a novel light weight method to detect a compromise or abnormal behavior through the monitoring of readable and writable hardware elements on the device. An example prototype is described using an Arduino class device, common for many commercial sensing applications.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Many dedicated embedded processors do not have memory or computational resources to coexist with traditional (host-based) security solutions. As a result, there is interest in using out-of-band analog side-channel measurements and their analyses to accurately monitor and analyze expected program execution. In this paper, we describe an approach to this problem using externally observable multi-band radio frequency (RF) measurements to make inferences about a program’s execution. Because it is very difficult to identify individual instructions solely from their RF emissions, we compare RF measurements with the constrained execution logic of the program so that multiple RF measurements over time can effectively track program execution dynamically. In our approach, a program’s execution is modeled by control flow graphs (CFG) and transitions between nodes of such graphs. We demonstrate that tracking performance can be improved through applications program modifications such as changing basic block transition properties and/or adding new basic blocks that are highly observable. In addition to demonstrating these principled approaches on some simple programs, we present initial results on the complexity and structure of real-world applications programs, namely gzip and md5sum, in this modeling framework.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
A mixed numerical and analytical technique is presented to investigate OAM beam scattering in turbid water. Single particle scattering from an OAM beam in an underwater environment is computed numerically using COMSOL Multiphysics Modeling Software to generate single scattering functions. The array theorem extends this single scattering function to multiple scatters in a three dimensional space. Simulations predict that OAM illumination reduces forward scattering in low turbidity environments compared to scattering from Gaussian beams. In high turbidity water, scattering results from OAM beams and Gaussian beam converge. Experimental results are presented that are consistent with predictions from simulation.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Passive Source Localization (PSL) of transmitters remains an open topic in signal processing. This paper will contrast and compare the sources of errors for two different phase based PSL algorithms. The first is Phase Difference Of Arrival (PDOA). This forward algorithm relies on several assumptions which can result in inaccurate localization. The second is an inverse algorithm, the Phase Variance Method (PVM). PVM reduces error at the cost of a large number of simple computations that can be performed in parallel. A comparison between the types and sources of errors will be performed along with an example of performance.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
In this paper, we elaborate on what was done to implement a semi-supervised self-structured learning algorithm using aerial visual and infrared (IR) images. The objective of this paper is to focus on the processed visual and IR images and the impact they had on our testing software package with noisy and sparse areal visual and infrared data. We encountered several issues with the processed test data due to noise, invalid detections from shadow, and two or more detections being mistaken as a single detection (or vice versa). The target detections include vehicles, people, noise and unidentified objects. To overcome these phenomena, we utilized our software package to extract information from detections, such as the exact pixel content, orientation, etc. We were also able to infer information from tracks as we built them, such as direction and speed, which further helped. As a result, our algorithm is capable generating patterns to build longer tracks from detections. The improved algorithm also has the ability to differentiate and classify target detections based on binary feature representations and attributes. We plan to further extend this track generation to include learning via pattern recognition, and complex object building.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
A Self-structuring Data Learning Algorithm was introduced and has been implemented in our prior work. While the algorithm and the software package are advancing, it has been tested with both synthetic data and real-world data. After encouraging synthetic data test results, real-world data testing also shows promising outcomes while posing some challenges such as object occlusion, objects merging, and going into and emerging from under bridge. To resolve such problems, a multi-int solution is proposed. One of the key features in this solution is similarity measure. There are different types of similarity measures. In this paper, we primarily focus on aerial images similarity measure. The images we worked on presents unique challenge in similarity measure because of small object in distance and large area image, which consequently provides limited information. To deal with this difficulty, we have developed 14 different similarity metrics by employing Normalized Cross Correlation method, Sum of Squared Differences, and overlapping and colors of pixels. We used object tracking ability to evaluate the metrics. The simulation results show each metric has some advantages and disadvantages. In attempt to improve tracking capability, we imposed some metrics thresholds in addition to the image similarity metrics. Such metrics thresholds were learned from labeled data with valuation of tracking correctness. To further enhance tracking ability, speed similarity was incorporated on top of two features mentioned above. More improvement can be done by studying robustness of images similarity metrics and using tracks fusion.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Modern deep neural networks (DNNs) have been demonstrating a phenomenal success in many exciting appli- cations such as computer vision, speech recognition, and natural language processing, thanks to recent machine learning model innovation and computing hardware advancement. However, recent studies show that state-of- the-art DNNs can be easily fooled by carefully crafted input perturbations that are even imperceptible to human eyes, namely “adversarial examples”, causing the emerging security concerns for DNN based intelligent systems. Moreover, to ease the intensive computation and memory resources requirement imposed by the fast-growing DNN model size, aggressively pruning the redundant model parameters through various hardware-favorable DNN techniques (i.e. hash, deep compression, circulant projection) has become a necessity. This procedure further complicates the security issues of DNN systems. In this paper, we first study the vulnerabilities of hardware-oriented deep compressed DNNs under various adversarial attacks. Then we survey the existing mitigation approaches such as gradient distillation, which is originally tailored to the software-based DNN systems. Inspired by the gradient distillation and weight reshaping, we further develop a near zero-cost but effective gradient silence (GS) method to protect both software and hardware-based DNN systems against adversarial attacks. Compared with defensive distillation, our gradient salience method can achieve better resilience to adversarial attacks without additional training, while still maintaining very high accuracies across small and large DNN models for various image classification benchmarks like MNIST and CIFAR10.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
The paper deals with the need to provide security of the VoIP (Voice over IP) architecture. It is not entirely trivial matter to ensure the security of the VoIP services and attacks on telecommunication solutions, built on VoIP technology, grow with an increasing number of active users. In many situations, it is necessary to detect and analyze these attacks, monitor their progress and then prepare an effective defense against them. The best way how to detect attacks on VoIP infrastructure is implementing VoIP Honeypots. We have developed our honeypot solution. The main motivation for the development of our own honeypot for VoIP service is a nonexistent actively developed project with a similar purpose, which is adapted to the new security threats and which is developed according to the needs of the telecommunications market. Honeypot for VoIP services is implemented purely in software and honeypot is able to deal with various types of attacks. The entire solution is based on a Linux platform and it is prepared in a virtual environment for the simplest deployment and clustering possible.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
Internet traffic is increasingly becoming encrypted, making the forensic analysis of packet content yield diminishing returns. Much traffic (web, email, chat, VoIP, etc.) is now protected using the cryptographic protocol known as Transport Layer Security (TLS). In 2014, Google encouraged increased TLS usage by favoring HTTPS in its search (SEO) rankings1. As a result, by 2016, approximately 30 percent of the top page search results on Google used HTTPS (SSL/TLS)1. While the largest fraction of traffic is now video (e.g. Netflix, YouTube), these communications too now use TLS2. Traditional traffic analysis leverages port numbers, domain names, certificate fields, and the available cryptographic suites. TLS fingerprinting3 for traffic classification4 has recently been used, but this is still insufficient to expose suspicious communication. In the absence of actual payload content, additional information such as the inter-packet arrival times, flow direction, TCP headers, and frequencies can be leveraged to estimate the application and data protected with SSL/TLS. For example, researchers leveraged supervised machine learning and a set of features such as previously suggested (packet arrival times, length, etc.) and achieved a 96% accuracy when predicting the 3-tuple of <Operating System, Browser, Application< of various SSL/TLS applications5. Our novel technique leverages data mining techniques and the TLS record size frequencies. We then leverage Multinomial Naïve Bayes and the K-means algorithm to respectively classify TLS sessions to a website and cluster the TLS sessions. We have achieved an accuracy of 90.5% in Multinomial Naïve Bayes Classification of websites and a V-measure of 89.9% and a Silhouette Coefficient of 54.6% in K-means clustering of TLS Sessions according to websites.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
The CASPER system offers a lightweight, multi-disciplinary approach to detect the execution of anomalous code by monitoring the unintended electronic device emissions. Using commodity hardware and a combination of novel signal processing, machine learning, and program analysis techniques, we have demonstrated the ability to detect unknown code running on a device placed 12” from the CASPER system by analyzing the devices RF emissions. Our innovations for the sensors subsystem include multi-antenna processing algorithms which allow us to extend range and extract signal features in the presence of background noise and interference encountered in realistic training and monitoring environments. In addition, robust feature estimation methods have been developed that allow detection of device operating conditions in the presence of varying clock frequency and other aspects that may change from device to device or from training to monitoring. Furthermore, a band-scan technique has been implemented to automatically identify suitable frequency bands for monitoring based on a set of metrics including received power, expected spectral feature content (based on loop length and clock frequency), kurtosis, and mode clustering. CASPER also includes an auto-labeling feature that is used to discover the signal processing features that provide the greatest information for detection without human intervention. The system additionally includes a framework for anomaly detection engines, currently populated with three engines based on n-grams, statistical frequency, and control flow. As we will describe, the combination of these engines reduces the ways in which an attacker can adapt in an attempt to hide from CASPER. We will describe the CASPER concept, components and technologies used, a summary of results to-date, and plans for further development. CASPER is an ongoing research project funded under the DARPA LADS program.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.