Information similarity metrics in information security and forensics

We study two information similarity measures, relative entropy and the similarity metric, and methods for estimating them. Relative entropy can be readily estimated with existing algorithms based on compression. The similarity metric, based on algorithmic complexity, proves to be more difficult to estimate due to the fact that algorithmic complexity itself is not computable. We again turn to compression for estimating the similarity metric. Previous studies rely on the compression ratio as an indicator for choosing compressors to estimate the similarity metric. This assumption, however, is fundamentally flawed. We propose a new method to benchmark compressors for estimating the similarity metric. To demonstrate its use, we propose to quantify the security of a stegosystem using the similarity metric. Unlike other measures of steganographic security, the similarity metric is not only a true distance metric, but it is also universal in the sense that it is asymptotically minimal among all computable metrics between two objects. Therefore, it accounts for all similarities between two objects. In contrast, relative entropy, a widely accepted steganographic security definition, only takes into consideration the statistical similarity between two random variables. As an application, we present a general method for benchmarking stegosystems. The method is general in the sense that it is not restricted to any covertext medium and therefore, can be applied to a wide range of stegosystems. For demonstration, we analyze several image stegosystems using the newly proposed similarity metric as the security metric. The results show the true security limits of stegosystems regardless of the chosen security metric or the existence of steganalysis detectors. In other words, this makes it possible to show that a stegosystem with a large similarity metric is inherently insecure, even if it has not yet been broken

On Locating Steganographic Payload using Residuals

LocatingsteganographicpayloadusingWeightedStego-image(WS)residualshasbeenprovensuccessfulprovided a large number of stego images are available. In this paper, we revisit this topic with two goals. First, we argue that it is a promising approach to locate payload by showing that in the ideal scenario where the cover images are available, the expected number of stego images needed to perfectly locate all load-carrying pixels is the logarithm of the payload size. Second, we generalize cover estimation to a maximum likelihood decoding problem and demonstrate that a second-order statistical cover model can be used to compute residuals to locate payload embedded by both LSB replacement and LSB matching steganography

Performance evaluation of two optical architectures for task-specific compressive classification

Many optical systems are used for specific tasks such as classification. Of these systems, the majority are designed to maximize image quality for human observers. However, machine learning classification algorithms do not require the same data representation used by humans. We investigate the compressive optical systems optimized for a specific machine sensing task. Two compressive optical architectures are examined: an array of prisms and neutral density filters where each prism and neutral density filter pair realizes one datum from an optimized compressive sensing matrix, and another architecture using conventional optics to image the aperture onto the detector, a prism array to divide the aperture, and a pixelated attenuation mask in the intermediate image plane. We discuss the design, simulation, and tradeoffs of these systems built for compressed classification of the Modified National Institute of Standards and Technology dataset. Both architectures achieve classification accuracies within 3% of the optimized sensing matrix for compression ranging from 98.85% to 99.87%. The performance of the systems with 98.85% compression were between an F/2 and F/4 imaging system in the presence of noise. (C) The Authors. Published by SPIE under a Creative Commons Attribution 4.0 Unported License. Distribution or reproduction of this work in whole or in part requires full attribution of the original publication, including its DOI.Open access articleThis item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at [email protected]

A general model of resource production and exchange in systems of interdependent specialists.

Infrastructures are networks of dynamically interacting systems designed for the flow of information, energy, and materials. Under certain circumstances, disturbances from a targeted attack or natural disasters can cause cascading failures within and between infrastructures that result in significant service losses and long recovery times. Reliable interdependency models that can capture such multi-network cascading do not exist. The research reported here has extended Sandia's infrastructure modeling capabilities by: (1) addressing interdependencies among networks, (2) incorporating adaptive behavioral models into the network models, and (3) providing mechanisms for evaluating vulnerability to targeted attack and unforeseen disruptions. We have applied these capabilities to evaluate the robustness of various systems, and to identify factors that control the scale and duration of disruption. This capability lays the foundation for developing advanced system security solutions that encompass both external shocks and internal dynamics

Phoenix : Complex Adaptive System of Systems (CASoS) engineering version 1.0.

Complex Adaptive Systems of Systems, or CASoS, are vastly complex ecological, sociological, economic and/or technical systems which we must understand to design a secure future for the nation and the world. Perturbations/disruptions in CASoS have the potential for far-reaching effects due to pervasive interdependencies and attendant vulnerabilities to cascades in associated systems. Phoenix was initiated to address this high-impact problem space as engineers. Our overarching goals are maximizing security, maximizing health, and minimizing risk. We design interventions, or problem solutions, that influence CASoS to achieve specific aspirations. Through application to real-world problems, Phoenix is evolving the principles and discipline of CASoS Engineering while growing a community of practice and the CASoS engineers to populate it. Both grounded in reality and working to extend our understanding and control of that reality, Phoenix is at the same time a solution within a CASoS and a CASoS itself