An Artificial Neural Network for Wavelet Steganalysis

Hiding messages in image data, called steganography, is used for both legal and illicit purposes. The detection of hidden messages in image data stored on websites and computers, called steganalysis, is of prime importance to cyber forensics personnel. Automating the detection of hidden messages is a requirement, since the shear amount of image data stored on computers or websites makes it impossible for a person to investigate each image separately. This paper describes research on a prototype software system that automatically classifies an image as having hidden information or not, using a sophisticated artificial neural network (ANN) system. An ANN software package, the ISU ACL NetWorks Toolkit, is trained on a selection of image features that distinguish between stego and nonstego images. The novelty of this ANN is that it is a blind classifier that gives more accurate results than previous systems. It can detect messages hidden using a variety of different types of embedding algorithms. A Graphical User Interface (GUI) combines the ANN, feature selection, and embedding algorithms into a prototype software package that is not currently available to the cyber forensics community

CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS

Intrusion detection systems (IDS) have been widely adopted within the IT community, as passive monitoring tools that report security related problems to system administrators. However, the increasing number and evolving complexity of attacks, along with the growth and complexity of networking infrastructures, has led to overwhelming numbers of IDS alerts, which allow significantly smaller timeframe for a human to respond. The need for automated response is therefore very much evident. However, the adoption of such approaches has been constrained by practical limitations and administrators' consequent mistrust of systems' abilities to issue appropriate responses. The thesis presents a thorough analysis of the problem of intrusions, and identifies false alarms as the main obstacle to the adoption of automated response. A critical examination of existing automated response systems is provided, along with a discussion of why a new solution is needed. The thesis determines that, while the detection capabilities remain imperfect, the problem of false alarms cannot be eliminated. Automated response technology must take this into account, and instead focus upon avoiding the disruption of legitimate users and services in such scenarios. The overall aim of the research has therefore been to enhance the automated response process, by considering the context of an attack, and investigate and evaluate a means of making intelligent response decisions. The realisation of this objective has included the formulation of a response-oriented taxonomy of intrusions, which is used as a basis to systematically study intrusions and understand the threats detected by an IDS. From this foundation, a novel Flexible Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis from which flexible and escalating levels of response are offered, according to the context of an attack. The thesis describes the design and operation of the architecture, focusing upon the contextual factors influencing the response process, and the way they are measured and assessed to formulate response decisions. The architecture is underpinned by the use of response policies which provide a means to reflect the changing needs and characteristics of organisations. The main concepts of the new architecture were validated via a proof-of-concept prototype system. A series of test scenarios were used to demonstrate how the context of an attack can influence the response decisions, and how the response policies can be customised and used to enable intelligent decisions. This helped to prove that the concept of flexible automated response is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain

An Anti-Cheating System for Online Interviews and Exams

Remote examination and job interviews have gained popularity and become indispensable because of both pandemics and the advantage of remote working circumstances. Most businesses and educational organizations use these platforms for recruitment as well as online exams. However, one of the critical problems of the remote examination systems is conducting the exams in a reliable environment. In this work, we present a cheating analysis pipeline for online interviews and exams. The system only requires a video of the candidate, which is recorded during the exam by using a webcam without a need for any extra tool. Then cheating detection pipeline is employed to detect the presence of another person, electronic device usage, and candidate absence status. The pipeline consists of face detection, face recognition, object detection, and face tracking algorithms. To evaluate the performance of the pipeline we collected a private video dataset. The video dataset includes both cheating activities and clean videos. Ultimately, our pipeline presents an efficient and fast guideline for detecting and analyzing cheating actions in an online interview and exam video

Developing an in house vulnerability scanner for detecting Template Injection, XSS, and DOM-XSS vulnerabilities

Web applications are becoming an essential part of today's digital world. However, with the increase in the usage of web applications, security threats have also become more prevalent. Cyber attackers can exploit vulnerabilities in web applications to steal sensitive information or take control of the system. To prevent these attacks, web application security must be given due consideration. Existing vulnerability scanners fail to detect Template Injection, XSS, and DOM-XSS vulnerabilities effectively. To bridge this gap in web application security, a customized in-house scanner is needed to quickly and accurately identify these vulnerabilities, enhancing manual security assessments of web applications. This thesis focused on developing a modular and extensible vulnerability scanner to detect Template Injection, XSS, and DOM-based XSS vulnerabilities in web applications. Testing the scanner against other free and open-source solutions on the market showed that it outperformed them on Template injection vulnerabilities and nearly all on XSS-type vulnerabilities. While the scanner has limitations, focusing on specific injection vulnerabilities can result in better performance

Lip print based authentication in physical access control Environments

Abstract: In modern society, there is an ever-growing need to determine the identity of a person in many applications including computer security, financial transactions, borders, and forensics. Early automated methods of authentication relied mostly on possessions and knowledge. Notably these authentication methods such as passwords and access cards are based on properties that can be lost, stolen, forgotten, or disclosed. Fortunately, biometric recognition provides an elegant solution to these shortcomings by identifying a person based on their physiological or behaviourial characteristics. However, due to the diverse nature of biometric applications (e.g., unlocking a mobile phone to cross an international border), no biometric trait is likely to be ideal and satisfy the criteria for all applications. Therefore, it is necessary to investigate novel biometric modalities to establish the identity of individuals on occasions where techniques such as fingerprint or face recognition are unavailable. One such modality that has gained much attention in recent years which originates from forensic practices is the lip. This research study considers the use of computer vision methods to recognise different lip prints for achieving the task of identification. To determine whether the research problem of the study is valid, a literature review is conducted which helps identify the problem areas and the different computer vision methods that can be used for achieving lip print recognition. Accordingly, the study builds on these areas and proposes lip print identification experiments with varying models which identifies individuals solely based on their lip prints and provides guidelines for the implementation of the proposed system. Ultimately, the experiments encapsulate the broad categories of methods for achieving lip print identification. The implemented computer vision pipelines contain different stages including data augmentation, lip detection, pre-processing, feature extraction, feature representation and classification. Three pipelines were implemented from the proposed model which include a traditional machine learning pipeline, a deep learning-based pipeline and a deep hybridlearning based pipeline. Different metrics reported in literature are used to assess the performance of the prototype such as IoU, mAP, accuracy, precision, recall, F1 score, EER, ROC curve, PR curve, accuracy and loss curves. The first pipeline of the current study is a classical pipeline which employs a facial landmark detector (One Millisecond Face Alignment algorithm) to detect the lip, SURF for feature extraction, BoVW for feature representation and an SVM or K-NN classifier. The second pipeline makes use of the facial landmark detector and a VGG16 or ResNet50 architecture. The findings reveal that the ResNet50 is the best performing method for lip print identification for the current study. The third pipeline also employs the facial landmark detector, the ResNet50 architecture for feature extraction with an SVM classifier. The development of the experiments is validated and benchmarked to determine the extent or performance at which it can achieve lip print identification. The results of the benchmark for the prototype, indicate that the study accomplishes the objective of identifying individuals based on their lip prints using computer vision methods. The results also determine that the use of deep learning architectures such as ResNet50 yield promising results.M.Sc. (Science

TOWARD THE SYSTEMATIZATION OF ACTIVE AUTHENTICATION RESEARCH

Authentication is the vital link between your real self and your digital self. As our digital selves become ever more powerful, the price of failing authentication grows. The most common authentication protocols are static data and employed only once at login. This allows for authentication to be spoofed just once to gain access to an entire user session. Behaviometric protocols continuously consume a user’s behavior as a token of authentication and can be applied throughout a session, thereby eliminating a fixed token to spoof. Research into these protocols as viable forms of authentication is relatively recent and is being conducted on a variety of data sources, features and classification schemes. This work proposes an extensible research framework to aid the systemization and preservation of research in this field by standardizing the interface for raw data collection, processing and interpretation. Specifically, this framework contributes transparent management of data collection and persistence, the presentation of past research in a highly configurable and extensible form, and the standardization of data forms to enhance innovative reuse and comparative analysis of prior research

Poikkeamien havainnointi sieppausvälityspalvelimissa

Use of interception proxies is becoming more popular. They are used to audit access and enforce policies and constraints to important servers or whole network segments. The sheer amount of data captured with the devices makes fully manual pruning of the data impractical. Methods to analyze the gathered data to highlight possible attacks or problems would be valuable in freeing up administrator time and resources. This thesis investigates the use of clustering methods to identify anomalous connections, either by identifying them as outliers or bundling them with other connections which have raised alarm in the past. The work shows that a practical approach can be implemented with a DBSCAN-based clustering method, but concluded that an unsupervised approach is not enough. As a semisupervised method the system can have value in production environments.Sieppausvälityspalvelimien käyttö on yleistymässä. Niitä käytetään käytäntöjen ja rajoitusten täytäntöönpanossa sekä kriittisten palvelimien ja verkon osien käytön valvomisessa. Laitteiden kaappaaman tiedon määrä on niin valtava, että tiedon purkaminen manuaalisesti on epäkäytännöllistä. Menetelmät jotka analysoivat dataa mahdollisten hyökkäysten tai ongelmien esiin nostamiseksi olisivat hyvin arvokkaita vapauttamaan järjestelmänvalvojien aikaa ja resursseja. Tässä työssä tutkitaan ryhmittelyalgoritmien käyttökelpoisuutta epätavallisten yhteyksien havainnoimisessa joko tunnistamalla ne poikkeaviksi, koska ne eivät kuulu mihinkään ryhmään tai asettamalla ne samaan ryhmään sellaisen yhteyden kanssa joka on todettu hälyttäväksi aiemmin. Työssä todetaan, että käytännöllinen sovellus järjestelmästä voidaan toteuttaa käyttäen DBSCAN-pohjaista ryhmittelyalgoritmia, mutta täysin valvomattomalla lähestymistavalla ei saada riittävän hyvää tulosta. Osittain valvottuna menetelmästä voi olla hyötyä tuotantojärjestelmien valvonnassa

Biometric recognition in automated border control : a survey

The increasing demand for traveler clearance at international border crossing points (BCPs) has motivated research for finding more efficient solutions. Automated border control (ABC) is emerging as a solution to enhance the convenience of travelers, the throughput of BCPs, and national security. This is the first comprehensive survey on the biometric techniques and systems that enable automatic identity verification in ABC. We survey the biometric literature relevant to identity verification and summarize the best practices and biometric techniques applicable to ABC, relying on real experience collected in the field. Furthermore, we select some of the major biometric issues raised and highlight the open research areas