1,779 research outputs found
Rock falls impacting railway tracks. Detection analysis through an artificial intelligence camera prototype
During the last few years, several approaches have been proposed to improve early warning systems for managing geological risk
due to landslides, where important infrastructures (such as railways, highways, pipelines, and aqueducts) are exposed elements.
In this regard, an Artificial intelligence Camera Prototype (AiCP) for real-time monitoring has been integrated in a multisensor
monitoring system devoted to rock fall detection. An abandoned limestone quarry was chosen at Acuto (central Italy) as test-site
for verifying the reliability of the integratedmonitoring system. A portion of jointed rockmass, with dimensions suitable for optical
monitoring, was instrumented by extensometers. One meter of railway track was used as a target for fallen blocks and a weather
station was installed nearby. Main goals of the test were (i) evaluating the reliability of the AiCP and (ii) detecting rock blocks that
reach the railway track by the AiCP. At this aim, several experiments were carried out by throwing rock blocks over the railway
track. During these experiments, the AiCP detected the blocks and automatically transmitted an alarm signal
HyperDbg: Reinventing Hardware-Assisted Debugging (Extended Version)
Software analysis, debugging, and reverse engineering have a crucial impact
in today's software industry. Efficient and stealthy debuggers are especially
relevant for malware analysis. However, existing debugging platforms fail to
address a transparent, effective, and high-performance low-level debugger due
to their detectable fingerprints, complexity, and implementation restrictions.
In this paper, we present HyperDbg, a new hypervisor-assisted debugger for
high-performance and stealthy debugging of user and kernel applications. To
accomplish this, HyperDbg relies on state-of-the-art hardware features
available in today's CPUs, such as VT-x and extended page tables. In contrast
to other widely used existing debuggers, we design HyperDbg using a custom
hypervisor, making it independent of OS functionality or API. We propose
hardware-based instruction-level emulation and OS-level API hooking via
extended page tables to increase the stealthiness. Our results of the dynamic
analysis of 10,853 malware samples show that HyperDbg's stealthiness allows
debugging on average 22% and 26% more samples than WinDbg and x64dbg,
respectively. Moreover, in contrast to existing debuggers, HyperDbg is not
detected by any of the 13 tested packers and protectors. We improve the
performance over other debuggers by deploying a VMX-compatible script engine,
eliminating unnecessary context switches. Our experiment on three concrete
debugging scenarios shows that compared to WinDbg as the only kernel debugger,
HyperDbg performs step-in, conditional breaks, and syscall recording, 2.98x,
1319x, and 2018x faster, respectively. We finally show real-world applications,
such as a 0-day analysis, structure reconstruction for reverse engineering,
software performance analysis, and code-coverage analysis
Recommended from our members
An Email Worm Vaccine Architecture
We present an architecture for detecting "zero-day" worms and viruses in incoming email. Our main idea is to intercept every incoming message, pre-scan it for potentially dangerous attachments, and only deliver messages that are deemed safe. Unlike traditional scanning techniques that rely on some form of pattern matching (signatures), we use behavior-based anomaly detection. Under our approach, we "open" all suspicious attachments inside an instrumented virtual machine looking for dangerous actions, such as writing to the Windows registry, and flag suspicious messages. The attachment processing can be offloaded to a cluster of ancillary machines (as many as are needed to keep up with a site's email load), thus not imposing any computational load on the mail server. Messages flagged are put in a "quarantine" area for further, more labor-intensive processing. Our implementation shows that we can use a large number of malware-checking VMs operating in parallel to cope with high loads. Finally, we show that we are able to detect the actions of all malicious software we tested, while keeping the false positive rate to under 5%
Outlier detection in multivariate time series via projection pursuit
This article uses Projection Pursuit methods to develop a procedure for detecting outliers in a multivariate time series. We show that testing for outliers in some projection directions could be more powerful than testing the multivariate series directly. The optimal directions for detecting outliers are found by numerical optimization of the kurtosis coefficient of the projected series. We propose an iterative procedure to detect and handle multiple outliers based on univariate search in these optimal directions. In contrast with the existing methods, the proposed procedure can identify outliers without pre-specifying a vector ARMA model for the data. The good performance of the proposed method is verified in a Monte Carlo study and in a real data analysis
A Zero-Sum Game Framework for Optimal Sensor Placement in Uncertain Networked Control Systems under Cyber-Attacks
This paper proposes a game-theoretic approach to address the problem of
optimal sensor placement against an adversary in uncertain networked control
systems. The problem is formulated as a zero-sum game with two players, namely
a malicious adversary and a detector. Given a protected performance vertex, we
consider a detector, with uncertain system knowledge, that selects another
vertex on which to place a sensor and monitors its output with the aim of
detecting the presence of the adversary. On the other hand, the adversary, also
with uncertain system knowledge, chooses a single vertex and conducts a
cyber-attack on its input. The purpose of the adversary is to drive the attack
vertex as to maximally disrupt the protected performance vertex while remaining
undetected by the detector. As our first contribution, the game payoff of the
above-defined zero-sum game is formulated in terms of the Value-at-Risk of the
adversary's impact. However, this game payoff corresponds to an intractable
optimization problem. To tackle the problem, we adopt the scenario approach to
approximately compute the game payoff. Then, the optimal monitor selection is
determined by analyzing the equilibrium of the zero-sum game. The proposed
approach is illustrated via a numerical example of a 10-vertex networked
control system.Comment: 8 pages, 3 figues, Accepted to the 61st Conference on Decision and
Control, Cancun, December 202
- …