Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware

This paper focuses on the anticipatory enhancement of methods of detecting stealth software. Cyber security detection tools are insufficiently powerful to reveal the most recent cyber-attacks which use malware. In this paper, we will present first an idea of the highest stealth malware, as this is the most complicated scenario for detection because it combines both existing anti-forensic techniques together with their potential improvements. Second, we present new detection methods, which are resilient to this hidden prototype. To help solve this detection challenge, we have analyzed Windows memory content using a new method of Shannon Entropy calculation; methods of digital photogrammetry; the Zipf Mandelbrot law, as well as by disassembling the memory content and analyzing the output. Finally, we present an idea and architecture of the software tool, which uses CUDA enabled GPU hardware to speed-up memory forensics. All three ideas are currently a work in progress

Acceleration of Statistical Detection of Zero-day Malware in the Memory Dump Using CUDA-enabled GPU Hardware

This paper focuses on the anticipatory enhancement of methods of detecting stealth software. Cyber security detection tools are insufficiently powerful to reveal the most recent cyber-attacks which use malware. In this paper, we will present first an idea of the highest stealth malware, as this is the most complicated scenario for detection because it combines both existing anti-forensic techniques together with their potential improvements. Second, we will present new detection methods which are resilient to this hidden prototype. To help solve this detection challenge, we have analyzed Windows’ memory content using a new method of Shannon Entropy calculation; methods of digital photogrammetry; the Zipf–Mandelbrot law, as well as by disassembling the memory content and analyzing the output. Finally, we present an idea and architecture of the software tool, which uses CUDA-enabled GPU hardware, to speed-up memory forensics. All three ideas are currently a work in progress. Keywords: rootkit detection, anti-forensics, memory analysis, scattered fragments, anticipatory enhancement, CUDA

Enhancing the Senses: How Technological Advances Shape Our View of the Law

This memorial lecture was given at West Virginia University, which houses, among other relevant programs, the Biometric Knowledge Center. The lecture surveys the application of a variety of legal topics to biometrics. Covered areas include basic research funding choices, freedom of speech, association and religion, search and seizure, and informational privacy

Forensics from trusted computing and remote attestation

Abstract. The demand for forensics tools is ever-increasing as cyber-attacks become more frequent and devastating. The only way to maintain the system’s trusted state is to keep the mechanisms to uncover malware more competitive than cyber-attackers’ abilities to create them. We provide a digital forensics tool and procedures specifically tailored for integration with remote attestation. Example Root Cause Analysis investigations are performed, where digital forensics plays the main role of evidence provider.Rikostekninen tieto tietoturvallisesti käyttäen etätodennusta. Tiivistelmä. Tietoturvahyökkäysten yleistyessä tarve rikostodennustyökaluille lisääntyy. Ainut keino digitaalisten järjestelmien turvaamiseksi, on olla askeleen edellä tietoturvahyökkääjiä. Onnistuakseen tässä tavoitteessa tietoturvatutkijoiden on kehitettävä jatkuvasti tehokkaampia menetelmiä haittaohjelmien havaitsemiseksi. Tämä työ tarjoaa uuden digitaalisen rikostutkinnan työkalun, jota voidaan hyödyntää etätodennuksen kanssa. Työssä esitellään tutkintatapausesimerkkejä, joiden lopputuloksiin päästään hyödyntäen perussyyanalyysiä ja digitaalisen rikostutkinnan työkalua todistuaineiston tarjoajana

A machine learning taxonomic classifier for science publications

Dissertação de mestrado integrado em Engineering and Management of Information SystemsThe evolution in scientific production, associated with the growing interdomain collaboration of knowledge and the increasing co-authorship of scientific works remains supported by processes of manual, highly subjective classification, subject to misinterpretation. The very taxonomy on which this same classification process is based is not consensual, with governmental organizations resorting to taxonomies that do not keep up with changes in scientific areas, and indexers / repositories that seek to keep up with those changes. We find a reality distinct from what is expected and that the domains where scientific work is recorded can easily be misrepresentative of the work itself. The taxonomy applied today by governmental bodies, such as the one that regulates scientific production in Portugal, is not enough, is limiting, and promotes classification in areas close to the desired, therefore with great potential for error. An automatic classification process based on machine learning algorithms presents itself as a possible solution to the subjectivity problem in classification, and while it does not solve the issue of taxonomy mismatch this work shows this possibility with proved results. In this work, we propose a classification taxonomy, as well as we develop a process based on machine learning algorithms to solve the classification problem. We also present a set of directions for future work for an increasingly representative classification of evolution in science, which is not intended as airtight, but flexible and perhaps increasingly based on phenomena and not just disciplines.A evolução na produção de ciência, associada à crescente colaboração interdomínios do conhecimento e à também crescente coautoria de trabalhos permanece suportada por processos de classificação manual, subjetiva e sujeita a interpretações erradas. A própria taxonomia na qual assenta esse mesmo processo de classificação não é consensual, com organismos estatais a recorrerem a taxonomias que não acompanham as alterações nas áreas científicas, e indexadores/repositórios que procuram acompanhar essas mesmas alterações. Verificamos uma realidade distinta do espectável e que os domínios onde são registados os trabalhos científicos podem facilmente estar desenquadrados. A taxonomia hoje aplicada pelos organismos governamentais, como o caso do organismo que regulamenta a produção científica em Portugal, não é suficiente, é limitadora, e promove a classificação em domínios aproximados do desejado, logo com grande potencial para erro. Um processo de classificação automática com base em algoritmos de machine learning apresenta-se como uma possível solução para o problema da subjetividade na classificação, e embora não resolva a questão do desenquadramento da taxonomia utilizada, é apresentada neste trabalho como uma possibilidade comprovada. Neste trabalho propomos uma taxonomia de classificação, bem como nós desenvolvemos um processo baseado em machine learning algoritmos para resolver o problema de classificação. Apresentamos ainda um conjunto de direções para trabalhos futuros para uma classificação cada vez mais representativa da evolução nas ciências, que não pretende ser hermética, mas flexível e talvez cada vez mais baseada em fenómenos e não apenas em disciplinas

The AFIT ENgineer, Volume 5, issue 1

In this issue: 2023 Graduation WMD research at AFIT NOAA aerosol research at AFIT AFIT Model Sho

Accurate Modeling of the Siemens S7 SCADA Protocol for Intrusion Detection and Digital Forensics

The Siemens S7 protocol is commonly used in SCADA systems for communications between a Human Machine Interface (HMI) and the Programmable Logic Controllers (PLCs). This paper presents a model-based Intrusion Detection Systems (IDS) designed for S7 networks. The approach is based on the key observation that S7 traffic to and from a specific PLC is highly periodic; as a result, each HMI-PLC channel can be modeled using its own unique Deterministic Finite Automaton (DFA). The resulting DFA-based IDS is very sensitive and is able to flag anomalies such as a message appearing out of its position in the normal sequence or a message referring to a single unexpected bit. The intrusion detection approach was evaluated on traffic from two production systems. Despite its high sensitivity, the system had a very low false positive rate - over 99.82% of the traffic was identified as normal

Researcher Access to Born-Digital Collections: an Exploratory Study

While a small, but growing number of institutions offer access to born-digital collections, there is scant literature documenting researcher interaction with these materials. This paper addresses this gap through documenting and analyzing researcher interactions to portions of born-digital collections at New York University (NYU) Libraries, with the cooperation of NYU’s Fales Library and Special Collection and the Digital Library and Technology Solutions Department, as well as the National Digital Stewardship Residency (NDSR) program. From September 2014-May 2015, NYU Libraries began implementing an “access-driven” born-digital workflow for their 3 archives: Fales Library and Special Collections, NYU University Archives, and the Tamiment Library and Robert F. Wagner Archives, using several model collections as part of a 9 month NDSR project. One goal was to provide access to these collections by the end of the project period. The project concluded with 5 researcher interviews investigating how researchers navigate, understand, and value forms of born-digital access. This paper will focus on these interviews and how new forms of access were interpreted and received