29,986 research outputs found
Unsupervised Anomaly-based Malware Detection using Hardware Features
Recent works have shown promise in using microarchitectural execution
patterns to detect malware programs. These detectors belong to a class of
detectors known as signature-based detectors as they catch malware by comparing
a program's execution pattern (signature) to execution patterns of known
malware programs. In this work, we propose a new class of detectors -
anomaly-based hardware malware detectors - that do not require signatures for
malware detection, and thus can catch a wider range of malware including
potentially novel ones. We use unsupervised machine learning to build profiles
of normal program execution based on data from performance counters, and use
these profiles to detect significant deviations in program behavior that occur
as a result of malware exploitation. We show that real-world exploitation of
popular programs such as IE and Adobe PDF Reader on a Windows/x86 platform can
be detected with nearly perfect certainty. We also examine the limits and
challenges in implementing this approach in face of a sophisticated adversary
attempting to evade anomaly-based detection. The proposed detector is
complementary to previously proposed signature-based detectors and can be used
together to improve security.Comment: 1 page, Latex; added description for feature selection in Section 4,
results unchange
Data analysis strategies for the detection of gravitational waves in non-Gaussian noise
In order to analyze data produced by the kilometer-scale gravitational wave
detectors that will begin operation early next century, one needs to develop
robust statistical tools capable of extracting weak signals from the detector
noise. This noise will likely have non-stationary and non-Gaussian components.
To facilitate the construction of robust detection techniques, I present a
simple two-component noise model that consists of a background of Gaussian
noise as well as stochastic noise bursts. The optimal detection statistic
obtained for such a noise model incorporates a natural veto which suppresses
spurious events that would be caused by the noise bursts. When two detectors
are present, I show that the optimal statistic for the non-Gaussian noise model
can be approximated by a simple coincidence detection strategy. For simulated
detector noise containing noise bursts, I compare the operating characteristics
of (i) a locally optimal detection statistic (which has nearly-optimal behavior
for small signal amplitudes) for the non-Gaussian noise model, (ii) a standard
coincidence-style detection strategy, and (iii) the optimal statistic for
Gaussian noise.Comment: 5 pages RevTeX, 4 figure
Importance Sampling for Objetive Funtion Estimations in Neural Detector Traing Driven by Genetic Algorithms
To train Neural Networks (NNs) in a supervised way, estimations of an objective function must be carried out. The value of this function decreases as the training progresses and so, the number of test observations necessary for an accurate estimation has to be increased. Consequently, the training computational cost is unaffordable for very low objective function value estimations, and the use of Importance Sampling (IS) techniques becomes convenient. The study of three different objective functions is considered, which implies the proposal of estimators of the objective function using IS techniques: the Mean-Square error, the Cross Entropy error and the Misclassification error criteria. The values of these functions are estimated by IS techniques, and the results are used to train NNs by the application of Genetic Algorithms. Results for a binary detection in Gaussian noise are provided. These results show the evolution of the parameters during the training and the performances of the proposed detectors in terms of error probability and Receiver Operating Characteristics curves. At the end of the study, the obtained results justify the convenience of using IS in the training
Time-ordered data simulation and map-making for the PIXIE Fourier transform spectrometer
We develop a time-ordered data simulator and map-maker for the proposed PIXIE
Fourier transform spectrometer and use them to investigate the impact of
polarization leakage, imperfect collimation, elliptical beams, sub-pixel
effects, correlated noise and spectrometer mirror jitter on the PIXIE data
analysis. We find that PIXIE is robust to all of these effects, with the
exception of mirror jitter which could become the dominant source of noise in
the experiment if the jitter is not kept significantly below . Source code is available at https://github.com/amaurea/pixie.Comment: 27 pages, 15 figures. Accepted for publication in JCA
Tuning Windowed Chi-Squared Detectors for Sensor Attacks
A model-based windowed chi-squared procedure is proposed for identifying
falsified sensor measurements. We employ the widely-used static chi-squared and
the dynamic cumulative sum (CUSUM) fault/attack detection procedures as
benchmarks to compare the performance of the windowed chi-squared detector. In
particular, we characterize the state degradation that a class of attacks can
induce to the system while enforcing that the detectors do not raise alarms
(zero-alarm attacks). We quantify the advantage of using dynamic detectors
(windowed chi-squared and CUSUM detectors), which leverages the history of the
state, over a static detector (chi-squared) which uses a single measurement at
a time. Simulations using a chemical reactor are presented to illustrate the
performance of our tools
- …