Previously, we proposed and implemented a Self-structuring Data Learning Algorithm. This realized software package and the concept are still progressing. Earlier, it was tested with synthetic data and exhibited interesting results. The objectives of this paper are testing the algorithm with raw infrared and visual images and updating the algorithm as required. We first performed registration transformation and detection from the images with an existing software package. We then registered the detections with the registration transformations from both infrared and visual images. The registered detections were delivered to the algorithm for target detection and tracking without modification. Results revealed inability to handle very noisy infrared image features. To overcome this problem, we developed multiscale grid processing to improve detection classification in the algorithm. This updated algorithm shows much better target detection and tracking with the real-world data. More algorithm enhancements are in work such as incorporating pattern recognition, classification, and fusion.
Side-Channel Analysis (SCA) is an increasingly well-known method for non-invasively extracting information from unintended “side-channel” emissions given off by electronic devices. The common method for extracting side-channel information is via a near-field antenna probe placed in the vicinity (i.e., millimeters) of the target device. The antenna detects and amplifies the radio-frequency (RF) emissions given off by the device and transmits the information for analysis and testing. Side-channel attacks are most known for their utility in cryptanalytics; however, they can also be used to fingerprint devices or even determine the digital state of the system. In this work, characterization studies on a 1- GHz antenna using Riscure’s RF probe station are performed. For RF-SCA, the ultimate limits of signal sensitivity and frequency response are determined by the antenna characteristics. In addition, the effective source-receiver distance (SRD), cross-talk and spatial signal averaging at various SRDs have to be characterized for signal attenuation and normalization. From our testing, it appears that the Riscure probe has a peak frequency response at about 200 MHz. For example, the 418MHz antenna had multiple peaks at 130 MHz, 172 MHz, 213 MHz, and 370 MHz, as well as multiple less significant protrusions at higher frequencies. The BeeHive100C probe peaked at exactly 200 MHz but had a couple of side-lobes in the 600-800 MHz range. The Pharad 30-512 MHz antenna peaked at a slightly lower 193MHz, although, some response was observed in the 600-800 MHz range as in the other antennas. The Pharad 225-6000MHz antenna exhibited a similar peak but lesser roll-off and an elevated response at increased frequencies than its predecessor.
The Internet of Things (IoT) and Internet of Everything (IoE) has driven the proliferation of processors into nearly every powered device around us: from thermostats to refrigerators to light bulbs. From a security perspective, IoT/IoE creates a new layer of signals and systems that can be exploited to access supporting network layers. Our research focuses on leveraging the analog side channels of IoT/IoE processors, for defensive purposes. We apply signal-processing and machine-learning techniques to collected RF emissions to detect if code running on the processor has been modified (i.e., corrupted or injected with malware). The paper describes our process for positioning a wide-bandwidth RF probe over the device under test (DuT). Classifiers are implemented for identifying the code running on the device. We demonstrate the ability to detect, identify, and isolate instructions based on signatures learned during initial DuT characterization. The probe is positioned to capture RF signals that support-vector machine (SVM) classifiers can accurately discriminate between instructions, rather than relying on raw power leakage. At this well-discriminated location, the signatures of each instruction are extracted by applying principal component analysis (PCA) to separate its signal into components (fetch, opcode, operands, and values). These signatures are used to identify instructions in the test code. Additionally, this paper discusses applying our methodology to blocks of code/algorithms using sequence learning algorithms. These techniques enable significant reduction in feature dimensions improving speed and accuracy of instruction level classification of low-SNR RF sidechannels.
This paper details the process we went through to visualize the output for our data learning algorithm. We have been developing a hierarchical self-structuring learning algorithm based around the general principles of the LaRue model. One example of a proposed application of this algorithm would be traffic analysis, chosen because it is conceptually easy to follow and there is a significant amount of already existing data and related research material with which to work with. While we choose the tracking of vehicles for our initial approach, it is by no means the only target of our algorithm. Flexibility is the end goal, however, we still need somewhere to start. To that end, this paper details our creation of the visualization GUI for our algorithm, the features we included and the initial results we obtained from our algorithm running a few of the traffic based scenarios we designed.
In this paper, we elaborate on what we did to implement our self-structuring data learning algorithm. To recap, we are working to develop a data learning algorithm that will eventually be capable of goal driven pattern learning and extrapolation of more complex patterns from less complex ones. At this point we have developed a conceptual framework for the algorithm, but have yet to discuss our actual implementation and the consideration and shortcuts we needed to take to create said implementation. We will elaborate on our initial setup of the algorithm and the scenarios we used to test our early stage algorithm. While we want this to be a general algorithm, it is necessary to start with a simple scenario or two to provide a viable development and testing environment. To that end, our discussion will be geared toward what we include in our initial implementation and why, as well as what concerns we may have. In the future, we expect to be able to apply our algorithm to a more general approach, but to do so within a reasonable time, we needed to pick a place to start.
In this paper, we propose a hierarchical self-structuring learning algorithm based around the general principles of the Stanovich/Evans framework and “Quest” group definition of unexpected query. One of the main goals of our algorithm is for it to be capable of patterns learning and extrapolating more complex patterns from less complex ones. This pattern learning, influenced by goals, either learned or predetermined, should be able to detect and reconcile anomalous behaviors. One example of a proposed application of this algorithm would be traffic analysis. We choose this example, because it is conceptually easy to follow. Despite the fact that we are unlikely to develop superior traffic tracking techniques using our algorithm, a traffic based scenario remains a good starting point if only do to the easy availability of data and the number of other known techniques. In any case, in this scenario, the algorithm would observe and track all vehicular traffic in a particular area. After some initial time passes, it would begin detecting and learning the traffic’s patters. Eventually the patterns would stabilize. At that point, “new” patterns could be considered anomalies, flagged, and handled accordingly. This is only one, particular application of our proposed algorithm. Ideally, we want to make it as general as possible, such that it can be applies to numerous different problems with varying types of sensory input and data types, such as IR, RF, visual, census data, meta data, etc.
The two stage hierarchical unsupervised learning system has been proposed for modeling complex dynamic surveillance
and cyberspace systems. Using a modification of the expectation maximization learning approach, we introduced a three
layer approach to learning concepts from input data: features, objects, and situations. Using the Bernoulli model, this
approach models each situation as a collection of objects, and each object as a collection of features. Further complexity
is added with the addition of clutter features and clutter objects. During the learning process, at the lowest level, only
binary feature information (presence or absence) is provided. The system attempts to simultaneously determine the
probabilities of the situation and presence of corresponding objects from the detected features. The proposed approach
demonstrated robust performance after a short training period. This paper discusses this hierarchical learning system in a
broader context of different feedback mechanisms between layers and highlights challenges on the road to practical
We applied a two stage unsupervised hierarchical learning system to model complex dynamic surveillance and cyber space monitoring systems using a non-commercial version of the NeoAxis visualization software. The hierarchical scene learning and recognition approach is based on hierarchical expectation maximization, and was linked to a 3D graphics engine for validation of learning and classification results and understanding the human – autonomous system relationship. Scene recognition is performed by taking synthetically generated data and feeding it to a dynamic logic algorithm. The algorithm performs hierarchical recognition of the scene by first examining the features of the objects to determine which objects are present, and then determines the scene based on the objects present. This paper presents a framework within which low level data linked to higher-level visualization can provide support to a human operator and be evaluated in a detailed and systematic way.