4,122 research outputs found
A study on the false positive rate of Stegdetect
In this paper we analyse Stegdetect, one of the well-known image steganalysis tools, to study its false positive rate. In doing so, we process more than 40,000 images randomly downloaded from the Internet using Google images, together with 25,000 images from the ASIRRA (Animal Species Image Recognition for Restricting Access) public corpus. The aim of this study is to help digital forensic analysts, aiming to study a large number of image files during an investigation, to better understand the capabilities and the limitations of steganalysis tools like Stegdetect. The results obtained show that the rate of false positives generated by Stegdetect depends highly on the chosen sensitivity value, and it is generally quite high. This should support the forensic expert to have better interpretation in their results, and taking the false positive rates into consideration. Additionally, we have provided a detailed statistical analysis for the obtained results to study the difference in detection between selected groups, close groups and different groups of images. This method can be applied to any steganalysis tool, which gives the analyst a better understanding of the detection results, especially when he has no prior information about the false positive rate of the tool
leave a trace - A People Tracking System Meets Anomaly Detection
Video surveillance always had a negative connotation, among others because of
the loss of privacy and because it may not automatically increase public
safety. If it was able to detect atypical (i.e. dangerous) situations in real
time, autonomously and anonymously, this could change. A prerequisite for this
is a reliable automatic detection of possibly dangerous situations from video
data. This is done classically by object extraction and tracking. From the
derived trajectories, we then want to determine dangerous situations by
detecting atypical trajectories. However, due to ethical considerations it is
better to develop such a system on data without people being threatened or even
harmed, plus with having them know that there is such a tracking system
installed. Another important point is that these situations do not occur very
often in real, public CCTV areas and may be captured properly even less. In the
artistic project leave a trace the tracked objects, people in an atrium of a
institutional building, become actor and thus part of the installation.
Visualisation in real-time allows interaction by these actors, which in turn
creates many atypical interaction situations on which we can develop our
situation detection. The data set has evolved over three years and hence, is
huge. In this article we describe the tracking system and several approaches
for the detection of atypical trajectories
BlogForever D2.4: Weblog spider prototype and associated methodology
The purpose of this document is to present the evaluation of different solutions for capturing blogs, established methodology and to describe the developed blog spider prototype
Design and implementation of a mobile phone application to help people with visual dysfunction visually inspect their surrounding spaces
Aquest projecte consisteix en el desenvolupament de software amb l’objectiu d’ajudar a persones amb discapacitat visual a moure’s i ubicar-se en espais interiors, que probablement siguin el seu entorn personal i domèstic.
Aquest software està dissenyat per permetre al seu usuari fer una foto de l’entorn que l’envolta i donar-li una resposta oral que expliqui algunes de les característiques de la fotografia, definint per tant l’espai que la persona vol analitzar. A més, l'usuari ha de ser capaç de fer saber a l'aplicació què vol examinar gràficament en particular.
L’usuari executa l’aplicació mòbil cada vegada que la vol utilitzar, operant-la mitjançant ordres de veu. Per tal de detectar, reconèixer i inspeccionar els objectes i entorns circumdants, s’utilitzen tecnologies d’aprenentatge profund i xarxes d’interacció entre dispositius per proporcionar els esforços computacionals i les comunicacions.
S'ha realitzat una avaluació de la precisió i robustesa de les xarxes neurals al mateix temps que s’han anat desenvolupant per tal de dissenyar i implementar solucions que les facin més fiables. S’han implementat llenguatges de programació per a la creació d'aplicacions software i protocols de comunicació amb èxit per tal desenvolupar el programari funcional en la seva totalitat.Este proyecto consiste en el desarrollo de software con el objetivo de ayudar a personas con discapacidad visual a moverse y ubicarse en espacios interiores, que probablemente sean su entorno personal y doméstico.
Este software está diseñado para permitir a su usuario hacer una foto del entorno que le rodea y darle una respuesta oral que explique algunas de las características de la fotografía, definiendo por tanto el espacio que la persona quiere analizar. Además, el usuario debe ser capaz de hacer saber a la aplicación qué quiere examinar gráficamente en particular.
El usuario ejecuta la aplicación móvil cada vez que la quiere utilizar, operándola mediante comandos de voz. Con el fin de detectar, reconocer e inspeccionar los objetos y entornos circundantes, se utilizan tecnologías de aprendizaje profundo y redes de interacción entre dispositivos para proporcionar los esfuerzos computacionales y las comunicaciones.
Se ha realizado una evaluación de la precisión y robustez de las redes neurales a medida que se han ido desarrollando con el fin de diseñar e implementar soluciones que las hagan más fiables. Se han implementado lenguajes de programación para la creación de aplicaciones software y protocolos de comunicación con éxito para desarrollar el software funcional en su totalidad.This project consists in the development of software that helps people with visual impairment move and get along in indoor spaces, which might probably be their personal and domestic surroundings.
This software is meant to allow its user to take a photo of the environment that surrounds him and give him an oral response that explains some of the characteristics of the taken picture, therefore defining the space that the person wants to analyse. Furthermore, the user must be capable of letting the application know what in particular he wants to graphically examine.
The user runs the mobile phone application each time he wants to use it, operating it through voice commands. In order to detect, recognize and inspect the surrounding objects and environments, Deep Learning and cloud technologies are used to provide the computational efforts and communications.
An evaluation of the accuracy and robustness of the neural networks has been performed at the same time than they have been developed in order to design and implement solutions that make them more reliable. Programming languages for the creation of software applications and communication protocols have been successfully implemented to develop the fully functional software
Digital Preservation Services : State of the Art Analysis
Research report funded by the DC-NET project.An overview of the state of the art in service provision for digital preservation and curation. Its focus is on the areas where bridging the gaps is needed between e-Infrastructures and efficient and forward-looking digital preservation services. Based on a desktop study and a rapid analysis of some 190 currently available tools and services for digital preservation, the deliverable provides a high-level view on the range of instruments currently on offer to support various functions within a preservation system.European Commission, FP7peer-reviewe
Web-based strategies in the manufacturing industry
The explosive growth of Internet-based architectures is allowing an efficient access to information resources over geographically dispersed areas. This fact is exerting a major influence on current manufacturing practices. Business activities involving customers, partners, employees and suppliers are being rapidly and efficiently integrated through networked information management environments. Therefore, efforts are required to take advantage of distributed infrastructures that can satisfy information integration and collaborative work strategies in corporate environments. In this research, Internet-based distributed solutions focused on the manufacturing industry are proposed. Three different systems have been developed for the tooling sector, specifically for the company Seco Tools UK Ltd (industrial collaborator). They are summarised as follows. SELTOOL is a Web-based open tool selection system involving the analysis of technical criteria to establish appropriate selection of inserts, toolholders and cutting data for turning, threading and grooving operations. It has been oriented to world-wide Seco customers. SELTOOL provides an interactive and crossed-way of searching for tooling parameters, rather than conventional representation schemes provided by catalogues. Mechanisms were developed to filter, convert and migrate data from different formats to the database (SQL-based) used by SELTOOL.TTS (Tool Trials System) is a Web-based system developed by the author and two other researchers to support Seco sales engineers and technical staff, who would perform tooling trials in geographically dispersed machining centres and benefit from sharing data and results generated by these tests. Through TTS tooling engineers (authorised users) can submit and retrieve highly specific technical tooling data for both milling and turning operations. Moreover, it is possible for tooling engineers to avoid the execution of new tool trials knowing the results of trials carried out in physically distant places, when another engineer had previously executed these trials. The system incorporates encrypted security features suitable for restricted use on the World Wide Web. An urgent need exists for tools to make sense of raw data, extracting useful knowledge from increasingly large collections of data now being constructed and made available from networked information environments. This explosive growth in the availability of information is overwhelming the capabilities of traditional information management systems, to provide efficient ways of detecting anomalies and significant patterns in large sets of data. Inexorably, the tooling industry is generating valuable experimental data. It is a potential and unexplored sector regarding the application of knowledge capturing systems. Hence, to address this issue, a knowledge discovery system called DISKOVER was developed. DISKOVER is an integrated Java-application consisting of five data mining modules, able to be operated through the Internet. Kluster and Q-Fast are two of these modules, entirely developed by the author. Fuzzy-K has been developed by the author in collaboration with another research student in the group at Durham. The final two modules (R-Set and MQG) have been developed by another member of the Durham group. To develop Kluster, a complete clustering methodology was proposed. Kluster is a clustering application able to combine the analysis of quantitative as well as categorical data (conceptual clustering) to establish data classification processes. This module incorporates two original contributions. Specifically, consistent indicators to measure the quality of the final classification and application of optimisation methods to the final groups obtained. Kluster provides the possibility, to users, of introducing case-studies to generate cutting parameters for particular Input requirements. Fuzzy-K is an application having the advantages of hierarchical clustering, while applying fuzzy membership functions to support the generation of similarity measures. The implementation of fuzzy membership functions helped to optimise the grouping of categorical data containing missing or imprecise values. As the tooling database is accessed through the Internet, which is a relatively slow access platform, it was decided to rely on faster Information retrieval mechanisms. Q-fast is an SQL-based exploratory data analysis (EDA) application, Implemented for this purpose
Storytelling for older adults in online social networks with novel web technologies
Tese de mestrado integrado. Engenharia Informática e Computação. Universidade do Porto. Faculdade de Engenharia. 201
A GENERIC ARCHITECTURE FOR INSIDER MISUSE MONITORING IN IT SYSTEMS
Intrusion Detection Systems (IDS) have been widely deployed within many
organisations' IT nenvorks to delect network penetration attacks by outsiders and
privilege escalation attacks by insiders. However, traditional IDS are ineffective for
detecting o f abuse o f legitimate privileges by authorised users within the organisation i.e.
the detection of misfeasance. In essence insider IT abuse does not violate system level
controls, yet violates acceptable usage policy, business controls, or code of conduct
defined by the organisation. However, the acceptable usage policy can vary from one
organisation to another, and the acceptability o f user activities can also change depending
upon the user(s), application, machine, data, and other contextual conditions associated
with the entities involved. The fact that the perpetrators are authorised users and that the
insider misuse activities do not violate system level controls makes detection of insider
abuse more complicated than detection o f attacks by outsiders.
The overall aim o f the research is to determine novel methods by which monitoring and
detection may be improved to enable successful detection of insider IT abuse. The
discussion begins with a comprehensive investigation o f insider IT misuse, encompassing
the breadth and scale of the problem. Consideration is then given to the sufficiency of
existing safeguards, with the conclusion that they provide an inadequate basis for
detecting many o f the problems. This finding is used as the justification for considering
research into alternative approaches.
The realisation of the research objective includes the development of a taxonomy for
identification o f various levels within the system from which the relevant data associated
with each type of misuse can be collected, and formulation of a checklist for
identification of applications that requires misfeasor monitoring. Based upon this
foundation a novel architecture for monitoring o f insider IT misuse, has been designed.
The design offers new analysis procedures to be added, while providing methods to
include relevant contextual parameters from dispersed systems for analysis and reference.
The proposed system differs from existing IDS in the way that it focuses on detecting
contextual misuse of authorised privileges and legitimate operations, rather than detecting
exploitation o f network protocols and system level \ailnerabilities.
The main concepts of the new architecture were validated through a proof-of-concept
prototype system. A number o f case scenarios were used to demonstrate the validity of
analysis procedures developed and how the contextual data from dispersed databases can
be used for analysis of various types of insider activities. This helped prove that the
existing detection technologies can be adopted for detection o f insider IT misuse, and that
the research has thus provided valuable contribution to the domain
Assessing the Use of Mobile Technology for Technical English
Mobile technology in a new learning paradigm indicates the use of mobile and wireless technologies which scaffold the teaching and learning dimension in most tertiary institutions. The objective of this paper is to assess the level of students’ readiness in using a mobile technology for Technical English in one of the technical universities in Malaysia. A quantitative analysis was used through a survey method in which 200 survey questionnaires were sent out to randomly selected students in engineering faculties at the Universiti Teknikal Malaysia Melaka. The findings showed that the majority of students were ready to embark for a mobile-based learning as they had mobile phones equipped with a 3G service for class notes retrieval, multimedia messaging services, video call services for easy interaction among peers and with tutors. The results provide useful guidelines for curriculum designers and educators. Future work should integrate the perspectives of administrative units and educators to gain an overall assessment of the mobile technology readiness from various dimensions
Dissection of Modern Malicious Software
The exponential growth of the number of malicious software samples, known by malware in
the specialized literature, constitutes nowadays one of the major concerns of cyber-security
professionals. The objectives of the creators of this type of malware are varied, and the means
used to achieve them are getting increasingly sophisticated. The increase of the computation
and storage resources, as well as the globalization have been contributing to this growth, and
fueling an entire industry dedicated to developing, selling and improving systems or solutions for
securing, recovering, mitigating and preventing malware related incidents. The success of these
systems typically depends of detailed analysis, often performed by humans, of malware samples
captured in the wild. This analysis includes the search for patterns or anomalous behaviors that
may be used as signatures to identify or counter-attack these threats.
This Master of Science (Ms.C.) dissertation addresses problems related with dissecting and analyzing
malware. The main objectives of the underlying work were to study and understand the
techniques used by this type of software nowadays, as well as the methods that are used by
specialists on that analysis, so as to conduct a detailed investigation and produce structured
documentation for at least one modern malware sample. The work was mostly focused in malware
developed for the Operating Systems (OSs) of the Microsoft Windows family for desktops.
After a brief study of the state of the art, the dissertation presents the classifications applied to
malware, which can be found in the technical literature on the area, elaborated mainly by an
industry community or seller of a security product. The structuring of the categories is nonetheless
the result of an effort to unify or complete different classifications. The families of some of
the most popular or detected malware samples are also presented herein, initially in a tabular
form and, subsequently, via a genealogical tree, with some of the variants of each previously
described family. This tree provides an interesting perspective over malware and is one of the
contributions of this programme.
Within the context of the description of functionalities and behavior of malware, some advanced
techniques, with which modern specimens of this type of software are equipped to ease their
propagation and execution, while hindering their detection, are then discussed with more detail.
The discussion evolves to the presentation of the concepts related to the detection and defense
against modern malware, along with a small introduction to the main subject of this work. The
analysis and dissection of two samples of malware is then the subject of the final chapters of the
dissertation. A basic static analysis is performed to the malware known as Stuxnet, while the
Trojan Banker known as Tinba/zuzy is subdued to both basic and advanced dynamic analysis.
The results of this part of the work emphasize difficulties associated with these tasks and the
sophistication and dangerous level of samples under investigation.O crescimento exponencial do número de amostras de software malicioso, conhecido na gíria
informática como malware, constitui atualmente uma das maiores preocupações dos profissionais
de cibersegurança. São vários os objetivos dos criadores deste tipo de software e a forma
cada vez mais sofisticada como os mesmos são alcançados. O aumento da computação e capacidade
de armazenamento, bem como a globalização, têm contribuído para este crescimento, e
têm alimentado toda uma indústria dedicada ao desenvolvimento, venda e melhoramento de
sistemas ou soluções de segurança, recuperação, mitigação e prevenção de incidentes relacionados
com malware. O sucesso destes sistemas depende normalmente da análise detalhada, feita
muitas vezes por humanos, de peças de malware capturadas no seu ambiente de atuação. Esta
análise compreende a procura de padrões ou de comportamentos anómalos que possam servir
de assinatura para identificar ou contra-atacar essas ameaças.
Esta dissertação aborda a problemática da análise e dissecação de malware. O trabalho que
lhe está subjacente tinha como objetivos estudar e compreender as técnicas utilizadas por este
tipo de software hoje em dia, bem como as que são utilizadas por especialistas nessa análise,
de forma a conduzir uma investigação detalhada e a produzir documentação estruturada sobre
pelo menos uma amostra de malware moderna. O trabalho focou-se, sobretudo, em malware
desenvolvido para os sistemas operativos da família Microsoft Windows para computadores de
secretária. Após um breve estudo ao estado da arte, a dissertação apresenta as classificações
de malware encontradas na literatura técnica da especialidade, principalmente usada pela indústria,
resultante de um esforço de unificação das mesmas. São também apresentadas algumas
das famílias de malware mais detetadas da atualidade, inicialmente através de uma tabela e,
posteriormente, através de uma árvore geneológica, com algumas das variantes de cada uma das
famílias descritas previamente. Esta árvore fornece uma perspetiva interessante sobre malware
e constitui uma das contribuições deste programa de mestrado.
Ainda no âmbito da descrição de funcionalidades e comportamentos do malware, são expostas,
com algum detalhe, algumas técnicas avançadas com as quais os programas maliciosos mais
modernos são por vezes munidos com o intuito a facilitar a sua propagação e execução, dificultando
a sua deteção. A descrição evolui para a apresentação dos conceitos adjacentes à deteção
e combate ao malware moderno, assim como para uma pequena introdução ao tema principal
deste trabalho. A análise e dissecação de duas amostras de malware moderno surgem nos capítulos
finais da dissertação. Ao malware conhecido por Stuxnet é feita a análise básica estática,
enquanto que ao Trojan Banker Tinba/zusy é feita e demonstrada a análise dinâmica básica e
avançada. Os resultados desta parte são demonstrativos do grau de sofisticação e perigosidade
destas amostras e das dificuldades associadas a estas tarefas
- …