Crime Scene Re-investigation: A Postmortem Analysis of Game Account Stealers' Behaviors

As item trading becomes more popular, users can change their game items or money into real money more easily. At the same time, hackers turn their eyes on stealing other users game items or money because it is much easier to earn money than traditional gold-farming by running game bots. Game companies provide various security measures to block account- theft attempts, but many security measures on the user-side are disregarded by users because of lack of usability. In this study, we propose a server-side account theft detection system base on action sequence analysis to protect game users from malicious hackers. We tested this system in the real Massively Multiplayer Online Role Playing Game (MMORPG). By analyzing users full game play log, our system can find the particular action sequences of hackers with high accuracy. Also, we can trace where the victim accounts stolen money goes.Comment: 7 pages, 8 figures, In Proceedings of the 15th Annual Workshop on Network and Systems Support for Games (NetGames 2017

Bridging Active Exploration and Uncertainty-Aware Deployment Using Probabilistic Ensemble Neural Network Dynamics

In recent years, learning-based control in robotics has gained significant attention due to its capability to address complex tasks in real-world environments. With the advances in machine learning algorithms and computational capabilities, this approach is becoming increasingly important for solving challenging control problems in robotics by learning unknown or partially known robot dynamics. Active exploration, in which a robot directs itself to states that yield the highest information gain, is essential for efficient data collection and minimizing human supervision. Similarly, uncertainty-aware deployment has been a growing concern in robotic control, as uncertain actions informed by the learned model can lead to unstable motions or failure. However, active exploration and uncertainty-aware deployment have been studied independently, and there is limited literature that seamlessly integrates them. This paper presents a unified model-based reinforcement learning framework that bridges these two tasks in the robotics control domain. Our framework uses a probabilistic ensemble neural network for dynamics learning, allowing the quantification of epistemic uncertainty via Jensen-Renyi Divergence. The two opposing tasks of exploration and deployment are optimized through state-of-the-art sampling-based MPC, resulting in efficient collection of training data and successful avoidance of uncertain state-action spaces. We conduct experiments on both autonomous vehicles and wheeled robots, showing promising results for both exploration and deployment.Comment: 2023 Robotics: Science and Systems (RSS). Project page: https://taekyung.me/rss2023-bridgin

Achieving Protection Selectivitiy in DC Shipboard Power Systems Employing Additional Bus Capacitance

With the implementation of energy efficiency regulations for all ships, DC shipboard power systems (SPS) have attracted much attention from the shipbuilding industry due to their advantages in fuel savings with variable speed engines and the closed bus-tie operation for dynamic positioning vessels. However, DC protection coordination is one of the main obstacles to employ DC power systems into ship power networks. Because, in the DC SPSs, fast fault clearing, e.g., several milliseconds, is necessary to avoid the failure of power converters which have much lower short-circuit withstand capabilities than conventional AC electrical equipment, e.g., generators, transformers and cables. This paper presents a comprehensive analysis of voltage drops and fault clearing time to achieve protection selectivity for centralized and distributed DC SPSs. Furthermore, impacts of additional bus capacitance, which is combined with the existing DC SPSs, are analysed in terms of the protection selectivity. The results show that employing the additional bus capacitance has great advantages in a bus protection by mitigating the voltage drop at the unfaulted bus and a feeder protection by providing the selectivity between the faulty and the adjacent feeders

Extending Protection Selectivity in DC Shipboard Power Systems by Means of Additional Bus Capacitance

DC shipboard power systems have been connsidered as a promising solution for stricter environmental regulations on ships due to their main benefits in fuel savings with variable speed engines and easy integration of energy storage systems. In order to employ the DC solution in the shipboard power systems, the DC power systems have to be protected from a system fault with protection selectivity to minimise impacts of the fault or to avoid other undesirable situations in the system. For low-voltage DC shipboard power systems, a three-level protection has been proposed: fast action (1st) - bus separation by solid-state DC bus-tie switch, medium action (2nd) - feeder protection by high-speed fuse and slow action (3rd)- generator-rectifier fault controls. This paper proposes a new method by means of additional bus capacitance added in main DC buses to help the reliable operation of the three-level protection. The principle of the proposed method is introduced and the sizing of the additional bus capacitanceis addressed in this paper. With the modelling of the DC shipboard power systems, the analyses of voltage drops for the bus separation failure and fault clearing time for the feeder protection are carried out to verify the proposed method. The results show that the proposed method not only mitigates the voltage drop for the bus separation failure, but also achieves the selectivity and the sensitivity for the feeder protection

Review of Protection Coordination Technologies in DC Distribution Systems

With the evolution of power electronics technologies, DC networks have been considered as promising distribution systems for future grids. This new concept of power systems comes with technical challenges in protection coordination, a result of the no natural current zero- crossing point and very low thermal capacity of semiconductors in power converters. In order to overcome this technological barrier, many researches have been conducted. This paper presents a summary of the state-of-the-art on protection coordination technologies in DC distribution systems considering whole DC protection procedure: fault detection, fault localization, fault isolation and backup protection. In addition, two different protection schemes for low-voltage DC (LVDC) shipboard power systems (SPS) which are commercially viable measures are described

DiffCSP: Finding Browser Bugs in Content Security Policy Enforcement through Differential Testing

The Content Security Policy (CSP) is one of the de facto security mechanisms that mitigate web threats. Many websites have been deploying CSPs mainly to mitigate cross-script scripting (XSS) attacks by instructing client browsers to constrain JavaScript (JS) execution. However, a browser bug in CSP enforcement enables an adversary to bypass a deployed CSP, posing a security threat. As the CSP specification evolves, CSP becomes more complicated in supporting an increasing number of directives, which brings additional complexity to implementing correct enforcement behaviors. Unfortunately, the finding of CSP enforcement bugs in a systematic way has been largely understudied. In this paper, we propose DiffCSP, the first differential testing framework to find CSP enforcement bugs regarding JS execution. DiffCSP generates CSPs and a comprehensive set of HTML instances that exhibit all known ways of executing JS snippets. DiffCSP then executes each HTML instance for each generated policy across different browsers, thereby collecting inconsistent execution results. To analyze a large volume of the execution results, we leverage a decision tree and identify common causes of the observed inconsistencies. We demonstrate the efficacy of DiffCSP by finding 29 security bugs and eight functional bugs. We also show that three bugs are due to unclear descriptions of the CSP specification. We further identify the common root causes of CSP enforcement bugs, such as incorrect CSP inheritance and hash handling. Moreover, we confirm the risky trend of client browsers deriving completely different interpretations from the same CSPs, which raises security concerns. Our study demonstrates the effectiveness of DiffCSP for identifying CSP enforcement bugs, and our findings contributed to patching six security bugs in major browsers, including Chrome and Safari