111 research outputs found
Crime Scene Re-investigation: A Postmortem Analysis of Game Account Stealers' Behaviors
As item trading becomes more popular, users can change their game items or
money into real money more easily. At the same time, hackers turn their eyes on
stealing other users game items or money because it is much easier to earn
money than traditional gold-farming by running game bots. Game companies
provide various security measures to block account- theft attempts, but many
security measures on the user-side are disregarded by users because of lack of
usability. In this study, we propose a server-side account theft detection
system base on action sequence analysis to protect game users from malicious
hackers. We tested this system in the real Massively Multiplayer Online Role
Playing Game (MMORPG). By analyzing users full game play log, our system can
find the particular action sequences of hackers with high accuracy. Also, we
can trace where the victim accounts stolen money goes.Comment: 7 pages, 8 figures, In Proceedings of the 15th Annual Workshop on
Network and Systems Support for Games (NetGames 2017
Bridging Active Exploration and Uncertainty-Aware Deployment Using Probabilistic Ensemble Neural Network Dynamics
In recent years, learning-based control in robotics has gained significant
attention due to its capability to address complex tasks in real-world
environments. With the advances in machine learning algorithms and
computational capabilities, this approach is becoming increasingly important
for solving challenging control problems in robotics by learning unknown or
partially known robot dynamics. Active exploration, in which a robot directs
itself to states that yield the highest information gain, is essential for
efficient data collection and minimizing human supervision. Similarly,
uncertainty-aware deployment has been a growing concern in robotic control, as
uncertain actions informed by the learned model can lead to unstable motions or
failure. However, active exploration and uncertainty-aware deployment have been
studied independently, and there is limited literature that seamlessly
integrates them. This paper presents a unified model-based reinforcement
learning framework that bridges these two tasks in the robotics control domain.
Our framework uses a probabilistic ensemble neural network for dynamics
learning, allowing the quantification of epistemic uncertainty via Jensen-Renyi
Divergence. The two opposing tasks of exploration and deployment are optimized
through state-of-the-art sampling-based MPC, resulting in efficient collection
of training data and successful avoidance of uncertain state-action spaces. We
conduct experiments on both autonomous vehicles and wheeled robots, showing
promising results for both exploration and deployment.Comment: 2023 Robotics: Science and Systems (RSS). Project page:
https://taekyung.me/rss2023-bridgin
Achieving Protection Selectivitiy in DC Shipboard Power Systems Employing Additional Bus Capacitance
With the implementation of energy efficiency regulations for all ships, DC shipboard power systems (SPS) have attracted much attention from the shipbuilding industry due to their advantages in fuel savings with variable speed engines and the closed bus-tie operation for dynamic positioning vessels. However, DC protection coordination is one of the main obstacles to employ DC power systems into ship power networks. Because, in the DC SPSs, fast fault clearing, e.g., several milliseconds, is necessary to avoid the failure of power converters which have much lower short-circuit withstand capabilities than conventional AC electrical equipment, e.g., generators, transformers and cables. This paper presents a comprehensive analysis of voltage drops and fault clearing time to achieve protection selectivity for centralized and distributed DC SPSs. Furthermore, impacts of additional bus capacitance, which is combined with the existing DC SPSs, are analysed in terms of the protection selectivity. The results show that employing the additional bus capacitance has great advantages in a bus protection by mitigating the voltage drop at the unfaulted bus and a feeder protection by providing the selectivity between the faulty and the adjacent feeders
Extending Protection Selectivity in DC Shipboard Power Systems by Means of Additional Bus Capacitance
DC shipboard power systems have been connsidered as a promising solution for stricter environmental regulations on ships due to their main benefits in fuel savings with variable speed engines and easy integration of energy storage systems. In order to employ the DC solution in the shipboard power systems, the DC power systems have to be protected from a system fault with protection selectivity to minimise impacts of the fault or to avoid other undesirable situations in the system. For low-voltage DC shipboard power systems, a three-level protection has been proposed: fast action (1st) - bus separation by solid-state DC bus-tie switch, medium action (2nd) - feeder protection by high-speed fuse and slow action (3rd)- generator-rectifier fault controls. This paper proposes a new method by means of additional bus capacitance added in main DC buses to help the reliable operation of the three-level protection. The principle of the proposed method is introduced and the sizing of the additional bus capacitanceis addressed in this paper. With the modelling of the DC shipboard power systems, the analyses of voltage drops for the bus separation failure and fault clearing time for the feeder protection are carried out to verify the proposed method. The results show that the proposed method not only mitigates the voltage drop for the bus separation failure, but also achieves the selectivity and the sensitivity for the feeder protection
Review of Protection Coordination Technologies in DC Distribution Systems
With the evolution of power electronics technologies, DC networks have been considered as promising distribution systems for future grids. This new concept of power systems comes with technical challenges in protection coordination, a result of the no natural current zero- crossing point and very low thermal capacity of semiconductors in power converters. In order to overcome this technological barrier, many researches have been conducted. This paper presents a summary of the state-of-the-art on protection coordination technologies in DC distribution systems considering whole DC protection procedure: fault detection, fault localization, fault isolation and backup protection. In addition, two different protection schemes for low-voltage DC (LVDC) shipboard power systems (SPS) which are commercially viable measures are described
DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing
The Content Security Policy (CSP) is one of the de facto security mechanisms that mitigate web threats. Many websites have been deploying CSPs mainly to mitigate cross-script scripting (XSS) attacks by instructing client browsers to constrain JavaScript (JS) execution. However, a browser bug in CSP enforcement enables an adversary to bypass a deployed CSP, posing a security threat. As the CSP specification evolves, CSP becomes more complicated in supporting an increasing number of directives, which brings additional complexity to implementing correct enforcement behaviors. Unfortunately, the finding of CSP enforcement bugs in a systematic way has been largely understudied.
In this paper, we propose DiffCSP, the first differential testing framework to find CSP enforcement bugs regarding JS execution. DiffCSP generates CSPs and a comprehensive set of HTML instances that exhibit all known ways of executing JS snippets. DiffCSP then executes each HTML instance for each generated policy across different browsers, thereby collecting inconsistent execution results. To analyze a large volume of the execution results, we leverage a decision tree and identify common causes of the observed inconsistencies. We demonstrate the efficacy of DiffCSP by finding 29 security bugs and eight functional bugs. We also show that three bugs are due to unclear descriptions of the CSP specification.
We further identify the common root causes of CSP enforcement bugs, such as incorrect CSP inheritance and hash handling. Moreover, we confirm the risky trend of client browsers deriving completely different interpretations from the same CSPs, which raises security concerns. Our study demonstrates the effectiveness of DiffCSP for identifying CSP enforcement bugs, and our findings contributed to patching six security bugs in major browsers, including Chrome and Safari
- âŠ