Sensor Pattern Noise Analysis and Identification

Tato práce pojednává o extrakci referenčního šumu fotoaparátu, což je aditivní šum vyskytující se v každé digitální fotografii a je unikátní pro každý fotoaparát. V práci jsou diskutovány metody extrakce šumu a metody k porovnání získaných šumů s cílem zjistit fotoaparát, jímž byla fotografie pořízena. Dále je implementována aplikace, která využívá nejvhodnější z těchto metod. Práce obsahuje řadu experimentů zjišťující různé parametry běhu aplikace v závislosti na vstupních fotografiích a jejich parametrech.This work is about extraction of sensor pattern noise of digital camera which is additive noise that is present in every digital photograph and which is unique for every camera. Suitable sensor pattern noise extraction methods are discussed for noise extraction and comparation with aim to find out with which camera the digital picture was taken. Best method is implemented as an application. The work describes few experiments that are reviewing the application performance based on many different photographs given to the application.

Forensic Malware Analysis

Tato diplomová práce popisuje metody a postupy používané při forenzní analýze malware, včetně metod statické i dynamické analýzy malware. S využitím popisovaných metod je poté navrhnut nástroj určený k užívání bezpečnostními týmy CSIRT, jež vyšetřovateli bezpečnostního incidentu umožní rychle analyzovat a rozhodnout roli vzorku malware s nímž se setká při šetření bezpečnostního incidentu. Tento nástroj je v rámci práce podrobně popsán v odborném technickém návrhu založeném na specifických požadavcích bezpečnostních týmů CSIRT specifikovaných taktéž v obsahu práce. Na základě tohoto návrhu je implementován nástroj ForensIRT, jež je následně otestován analýzou vzorku malware Cridex. Konečně výsledky této analýzy jsou porovnány s výsledky ostatních srovnatelných nástrojů určených k forenzní analýze malware.This master's thesis describes methodologies used in malware forensic analysis including methods used in static and dynamic analysis. Based on those methods a tool intended to be used by Computer Security Incident Response Teams (CSIRT) is designed to allow fast analysis and decisions regarding malware samples in security incident investigations. The design of this tool is thorougly described in the work along with the tool's requirements on which the tool design is based on. Based on the design a ForensIRT tool is implemented and then used to analyze a malware sample Cridex to demonstrate its capabilities. Finally the analysis results are compared to those of other comparable available malware forensics tools.

Enabling SSH Protocol Visibility in Flow Monitoring

The network flow monitoring has evolved to collect information beyond the network and transport layers, most importantly the application layer information. This information is used to improve network security and performance by enabling more precise performance analysis and intrusion detection. In this paper, we contribute to this effort by extending flow monitoring with information from the SSH protocol. Firstly, we analyze the SSH protocol to determine which information can be obtained from the connection establishment phase. Based on the analysis, we create an extension to our flow monitoring infrastructure that allows obtaining the selected information. Lastly, we analyze the SSH connections observed in the university campus network and discuss the benefits of performing the detailed SSH protocol analysis. We argue that with a precise recognition of login attempt results it is possible to improve the detection of successful brute-force password attacks. Moreover, we publish an anonymized version of our dataset including the SSH specific information

Double Spin Asymmetry of Electrons from Heavy Flavor Decays in p+p Collisions at sqrt(s)=200 GeV

We report on the first measurement of double-spin asymmetry, A_LL, of electrons from the decays of hadrons containing heavy flavor in longitudinally polarized p+p collisions at sqrt(s)=200 GeV for p_T= 0.5 to 3.0 GeV/c. The asymmetry was measured at mid-rapidity (|eta|<0.35) with the PHENIX detector at the Relativistic Heavy Ion Collider. The measured asymmetries are consistent with zero within the statistical errors. We obtained a constraint for the polarized gluon distribution in the proton of |Delta g/g(log{_10}x= -1.6^+0.5_-0.4, {mu}=m_T^c)|^2 < 0.033 (1 sigma), based on a leading-order perturbative-quantum-chromodynamics model, using the measured asymmetry.Comment: 385 authors, 17 pages, 15 figures, 5 tables. Submitted to Phys. Rev. D. Plain text data tables for the points plotted in figures for this and previous PHENIX publications are (or will be) publicly available at http://www.phenix.bnl.gov/papers.htm

Upsilon (1S+2S+3S) production in d+Au and p+p collisions at sqrt(s_NN)=200 GeV and cold-nuclear matter effects

The three Upsilon states, Upsilon(1S+2S+3S), are measured in d+Au and p+p collisions at sqrt(s_NN)=200 GeV and rapidities 1.2<|y|<2.2 by the PHENIX experiment at the Relativistic Heavy-Ion Collider. Cross sections for the inclusive Upsilon(1S+2S+3S) production are obtained. The inclusive yields per binary collision for d+Au collisions relative to those in p+p collisions (R_dAu) are found to be 0.62 +/- 0.26 (stat) +/- 0.13 (syst) in the gold-going direction and 0.91 +/- 0.33 (stat) +/- 0.16 (syst) in the deuteron-going direction. The measured results are compared to a nuclear-shadowing model, EPS09 [JHEP 04, 065 (2009)], combined with a final-state breakup cross section, sigma_br, and compared to lower energy p+A results. We also compare the results to the PHENIX J/psi results [Phys. Rev. Lett. 107, 142301 (2011)]. The rapidity dependence of the observed Upsilon suppression is consistent with lower energy p+A measurements.Comment: 495 authors, 11 pages, 9 figures, 5 tables. Submitted to Phys. Rev. C. Plain text data tables for the points plotted in figures for this and previous PHENIX publications are (or will be) publicly available at http://www.phenix.bnl.gov/papers.htm

Measurements of elliptic and triangular flow in high-multiplicity 3^{3}He++Au collisions at sNN=200\sqrt{s_{_{NN}}}=200 GeV

We present the first measurement of elliptic ($v_2$) and triangular ($v_3$) flow in high-multiplicity $^{3}$He$+$Au collisions at $\sqrt{s_{_{NN}}}=200$ GeV. Two-particle correlations, where the particles have a large separation in pseudorapidity, are compared in $^{3}$He$+$Au and in $p$$+$$p$ collisions and indicate that collective effects dominate the second and third Fourier components for the correlations observed in the $^{3}$He$+$Au system. The collective behavior is quantified in terms of elliptic $v_2$ and triangular $v_3$ anisotropy coefficients measured with respect to their corresponding event planes. The $v_2$ values are comparable to those previously measured in $d$$+$Au collisions at the same nucleon-nucleon center-of-mass energy. Comparison with various theoretical predictions are made, including to models where the hot spots created by the impact of the three $^{3}$He nucleons on the Au nucleus expand hydrodynamically to generate the triangular flow. The agreement of these models with data may indicate the formation of low-viscosity quark-gluon plasma even in these small collision systems.Comment: 630 authors, 9 pages, 4 figures, 2 tables. v2 is the version accepted for publication by Physical Review Letters. Plain text data tables for the points plotted in figures for this and previous PHENIX publications are (or will be) publicly available at http://www.phenix.bnl.gov/papers.htm

Measurement of long-range angular correlation and quadrupole anisotropy of pions and (anti)protons in central dd++Au collisions at sNN\sqrt{s_{_{NN}}}=200 GeV

We present azimuthal angular correlations between charged hadrons and energy deposited in calorimeter towers in central $d$$+$Au and minimum bias $p$$+$$p$ collisions at $\sqrt{s_{_{NN}}}=200$ GeV. The charged hadron is measured at midrapidity $|\eta|<0.35$, and the energy is measured at large rapidity ($-3.7<\eta<-3.1$, Au-going direction). An enhanced near-side angular correlation across $|\Delta\eta| >$ 2.75 is observed in $d$$+$Au collisions. Using the event plane method applied to the Au-going energy distribution, we extract the anisotropy strength $v_2$ for inclusive charged hadrons at midrapidity up to $p_T=4.5$ GeV/$c$. We also present the measurement of $v_2$ for identified $\pi^{\pm}$ and (anti)protons in central $d$$+$Au collisions, and observe a mass-ordering pattern similar to that seen in heavy ion collisions. These results are compared with viscous hydrodynamic calculations and measurements from $p$$+$Pb at $\sqrt{s_{_{NN}}}=5.02$ TeV. The magnitude of the mass-ordering in $d$$+$Au is found to be smaller than that in $p$$+$Pb collisions, which may indicate smaller radial flow in lower energy $d$$+$Au collisions.Comment: 424 authors, 8 pages, and 4 figures. v2 is version accepted for publication in Phys. Rev. Lett. Published version will be at http://www.phenix.bnl.gov/phenix/WWW/info/pp1/161/ Plain text data tables will be at http://www.phenix.bnl.gov/papers.htm

Cold-nuclear-matter effects on heavy-quark production at forward and backward rapidity in d+Au collisions at sqrt(s_NN)=200 GeV

The PHENIX experiment has measured open heavy-flavor production via semileptonic decay muons over the transverse momentum range 1 < pT < 6 GeV/c at forward and backward rapidity (1.4 < |y| < 2.0) in d+Au and p+p collisions at ?sNN = 200 GeV. In central d+Au collisions an enhancement (suppression) of heavy-flavor muon production is observed at backward (forward) rapidity relative to the yield in p+p collisions scaled by the number of binary collisions. Modification of the gluon density distribution in the Au nucleus contributes in terms of anti-shadowing enhancement and shadowing suppression; however, the enhancement seen at backward rapidity exceeds expectations from this effect alone. These results, implying an important role for additional cold nuclear matter effects, serves as a key baseline for heavy-quark measurements in A+A collisions and in constraining the magnitude of charmonia breakup effects at the Relativistic Heavy Ion Collider and the Large Hadron Collider.Comment: 424 authors, 69 insitutions, 8 pages, 4 figures. Submitted to Physical Review Letters. Plain text data tables for the points plotted in figures for this and previous PHENIX publications are (or will be) publicly available at http://www.phenix.bnl.gov/papers.htm