User-Behavior Based Detection of Infection Onset

A major vector of computer infection is through exploiting software or design flaws in networked applications such as the browser. Malicious code can be fetched and executed on a victim’s machine without the user’s permission, as in drive-by download (DBD) attacks. In this paper, we describe a new tool called DeWare for detecting the onset of infection delivered through vulnerable applications. DeWare explores and enforces causal relationships between computer-related human behaviors and system properties, such as file-system access and process execution. Our tool can be used to provide real time protection of a personal computer, as well as for diagnosing and evaluating untrusted websites for forensic purposes. Besides the concrete DBD detection solution, we also formally define causal relationships between user actions and system events on a host. Identifying and enforcing correct causal relationships have important applications in realizing advanced and secure operating systems. We perform extensive experimental evaluation, including a user study with 21 participants, thousands of legitimate websites (for testing false alarms), as well as 84 malicious websites in the wild. Our results show that DeWare is able to correctly distinguish legitimate download events from unauthorized system events with a low false positive rate (< 1%)

Learning Fast and Slow: PROPEDEUTICA for Real-time Malware Detection

In this paper, we introduce and evaluate PROPEDEUTICA, a novel methodology and framework for efficient and effective real-time malware detection, leveraging the best of conventional machine learning (ML) and deep learning (DL) algorithms. In PROPEDEUTICA, all software processes in the system start execution subjected to a conventional ML detector for fast classification. If a piece of software receives a borderline classification, it is subjected to further analysis via more performance expensive and more accurate DL methods, via our newly proposed DL algorithm DEEPMALWARE. Further, we introduce delays to the execution of software subjected to deep learning analysis as a way to "buy time" for DL analysis and to rate-limit the impact of possible malware in the system. We evaluated PROPEDEUTICA with a set of 9,115 malware samples and 877 commonly used benign software samples from various categories for the Windows OS. Our results show that the false positive rate for conventional ML methods can reach 20%, and for modern DL methods it is usually below 6%. However, the classification time for DL can be 100X longer than conventional ML methods. PROPEDEUTICA improved the detection F1-score from 77.54% (conventional ML method) to 90.25%, and reduced the detection time by 54.86%. Further, the percentage of software subjected to DL analysis was approximately 40% on average. Further, the application of delays in software subjected to ML reduced the detection time by approximately 10%. Finally, we found and discussed a discrepancy between the detection accuracy offline (analysis after all traces are collected) and on-the-fly (analysis in tandem with trace collection). Our insights show that conventional ML and modern DL-based malware detectors in isolation cannot meet the needs of efficient and effective malware detection: high accuracy, low false positive rate, and short classification time.Comment: 17 pages, 7 figure

B.O.G.G.L.E.S.: Boundary Optical GeoGraphic Lidar Environment System

The purpose of this paper is to describe a pseudo X-ray vision system that pairs a Lidar scanner with a visualization device. The system as a whole is referred to as B.O.G.G.L.E.S. There are several key factors that went into the development of this system and the background information and design approach are thoroughly described. B.O.G.G.L.E.S functionality is depicted through the use of design constraints and the analysis of test results. Additionally, many possible developments for B.O.G.G.L.E.S are proposed in the paper. This indicates that there are various avenues of improvement for this project that could be implemented in the future

Computer-Aided System for Wind Turbine Data Analysis

Context: The current work on wind turbine failure detection focuses on researching suitable signal processing algorithms and developing efficient diagnosis algorithms. The laboratory research would involve large and complex data, and it can be a daunting task. Aims: To develop a Computer-Aided system for assisting experts to conduct an efficient laboratory research on wind turbine data analysis. System is expected to provide data visualization, data manipulation, massive data processing and wind turbine failure detection. Method: 50G off-line SCADA data and 4 confident diagnosis algorithms were used in this project. Apart from the instructions from supervisor, this project also gained help from two experts from Engineering Department. Java and Microsoft SQL database were used to develop the system. Results: Data visualization provided 6 different charting solutions and together with robust user interactions. 4 failure diagnosis solutions and data manipulations were provided in the system. In addition, dedicated database server and Matlab API with Java RMI were used to resolve the massive data processing problem. Conclusions: Almost all of the deliverables were completed. Friendly GUI and useful functionalities make user feel more comfortable. The final product does enable experts to conduct an efficient laboratory research. The end of this project also gave some potential extensions of the system

Flashover performance of lightning protected buildings using scaled models and electric field analysis

In early era, Benjamin Franklin discovered that the application of Lightning Rod (also known as the Franklin Rod) method is found to be effectived as a lightning protective device for buildings. Hence, it was considered among the best solution to overcome the problems facing by publics due to lightning strikes. However, few years later it was found that the corroded Franklin Rod due to the impact of environmental contaminations tends to reduce its ability to effectively capture the lightning strikes. The directly or indirectly impacts of lightning strikes had caused owners to spend huge amount of money just to repair damages on the buildings. Nowadays, there were many professional standards and documents guiding public to properly install the building’s lightning protection system, yet the same damages problems had shown to be frequently occur that related to the strikes often bypasses the of Lightning Air Terminal (LAT) system. The main reason for this could be due to lacking ideas by learned circle of lightning experts as not to fully understand the behavior of Franklin Rods system when it interacts with the lightning leaders. Therefore, this thesis discusses the works that investigated the flashover performances occurred on the buildings with various structural geometry shapes. The case study method is using small scaled models for both laboratory and simulation works, aiming to understand the Franklin Rods performance on capturing lightning leaders. Summarizing the works, about 11 scaled-down building shape models equipped with Franklin Rods system are selected in the case studies such as follows; a conical, gable, triangular, half circle, L-shape, square, cylindrical, butterfly, pyramid, rectangular and inclined like shapes. These models were then injected with 30 lightning flashes each using the 100 kVpeak single stage impulse generator. This number of flashes is considered as total two-years lightning activity frequencies in Malaysia, which the lighting flash density is statistically recorded to be around 15 flashes / year / km2. The maximum applied voltage is about 86.5 kVpeak. The model scaling concept is based on 1:30 cm ratio for every 3 m height of building structure. Interestingly, the overall work data had shown that the pyramid-like shapes is found to be the best structure type to be used in reducing the LAT bypasses and direct strike damages. The structure’s Franklin Rod protection system captured the least number of strikes during competitive tests conducted on all of the scaled down building models. Works of electric field analysis on all building models were conducted using ANSYS Maxwell simulation tool. Utilisation of electric field plot data in this work enables the creation of likelihood factor (ranging from 0.1 to 0.9) method that so useful to capable predict the strikes pattern occurring on dedicated terminal rod. Both laboratory and simulation work also confirm that the edge shapes play crucial roles as intense electric fields is found to accumulate on the edges area when the Franklin Rod intercepts the lightning leaders. These mentioned findings lead to introducing better method of LAT placement on the top of the building, whereby the existing lightning protection system is recommended to have one of installed LAT rods elongated to act as sacrificial point to directly attract lightning strikes. All the work and key findings in this work can contribute to the science and technology field toward having a better LAT lightning protection system and also lead to better decision in selecting / designing the shapes and edges concept as to reduce likelihood of LAT bypasses and damages of the building structure