Multi-aspect, robust, and memory exclusive guest os fingerprinting

Precise fingerprinting of an operating system (OS) is critical to many security and forensics applications in the cloud, such as virtual machine (VM) introspection, penetration testing, guest OS administration, kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM always exists in all these applications, in this article, we present OS-Sommelier+, a multi-aspect, memory exclusive approach for precise and robust guest OS fingerprinting in the cloud. It works as follows: given a physical memory dump of a guest OS, OS-Sommelier+ first uses a code hash based approach from kernel code aspect to determine the guest OS version. If code hash approach fails, OS-Sommelier+ then uses a kernel data signature based approach from kernel data aspect to determine the version. We have implemented a prototype system, and tested it with a number of Linux kernels. Our evaluation results show that the code hash approach is faster but can only fingerprint the known kernels, and data signature approach complements the code signature approach and can fingerprint even unknown kernels

MIT Space Engineering Research Center

The Space Engineering Research Center (SERC) at MIT, started in Jul. 1988, has completed two years of research. The Center is approaching the operational phase of its first testbed, is midway through the construction of a second testbed, and is in the design phase of a third. We presently have seven participating faculty, four participating staff members, ten graduate students, and numerous undergraduates. This report reviews the testbed programs, individual graduate research, other SERC activities not funded by the Center, interaction with non-MIT organizations, and SERC milestones. Published papers made possible by SERC funding are included at the end of the report

Nonparametric estimation of structural breakpoints

This paper proposes point and interval estimates of location and size of jumps in multiple regression curves or its derivatives. We are mainly concerned with time series models where structural breaks occur at a given period of time or they are explained by the value taken by some predictor (e.g. threshold models). No previous knowledge of the underlying regression function is required. Left and right limits of the function, with respect to the regressor explaining the break, are estimated at each data point using multivariate multiplicative kernels. The univariate kernel corresponding to the regressor explaining the break is one-sided, with all its mass at the right or left of zero. Since left and right limits are the same, except at the break point, the location of the jump is estimated as the observed regressor value maximizing the difference between left and right limit estimates. This difference, evaluated at the estimated location point, is the estimation of the jump size. A small Monte Carlo study and an empirical application to USA macroecomic data illustrates the performance of the procedure in small samples. The paper also discusses some extensions, in particular the identification of the coordinate explaining the break, the application of the procedure to the estimation of parametric models, and robustification of the method for the influence of outliers

Neural networks and support vector machines based bio-activity classification

Classification of various compounds into their respective biological activity classes is important in drug discovery applications from an early phase virtual compound filtering and screening point of view. In this work two types of neural networks, multi layer perceptron (MLP) and radial basis functions (RBF), and support vector machines (SVM) were employed for the classification of three types of biologically active enzyme inhibitors. Both of the networks were trained with back propagation learning method with chemical compounds whose active inhibition properties were previously known. A group of topological indices, selected with the help of principle component analysis (PCA) were used as descriptors. The results of all the three classification methods show that the performance of both the neural networks is better than the SVM