Using model checking to identify errors in intrusion detection signatures

Most intrusion detection systems deployed today apply misuse detection as analysis method. Misuse detection searches for attack traces in the recorded audit data using predefined patterns. The matching rules are called signatures. The definition of signatures is up to now an empirical process based on expert knowledge and experience. The analysis success and accordingly the acceptance of intrusion detection systems in general depend essentially on the topicality of the deployed signatures. Methods for a systematic development of signatures have scarcely been reported yet, so the modeling of a new signature is a time-consuming, cumbersome, and error-prone process. The modeled signatures have to be validated and corrected to improve their quality. So far only signature testing is applied for this. Signature testing is still a rather empirical and time-consuming process to detect modeling errors. In this paper, we present the first approach for verifying signature specifications using the Spin model checker. The signatures are modeled in the specification language EDL, which leans on colored Petri nets. We show how the signature specification is transformed into a Promela model and how characteristic specification errors can be found by Spin.     

利用角度签名进行3维表面配准

3维表面的配准在3维物体重建、场景检测和物体识别过程中起着重要的作用。为此提出了一种新的3维表面表示方法——角度签名(angle signature),并将其用于3维表面配准。该表示方法将表面的局部几何信息表示成为1维的向量,具有对刚体变换的不变性。由于其简洁的表示方式,可以实现表面的快速配准。此外,该方法较其他3维表面的表示方法具有更强的鲁棒性。在实际应用中,为了提高表面配准的速度,首先筛选出特征点,然后利用特征点寻找表面之间的对应关系,从而将刚体变换的参数求出,实现表面的配准。实验结果表明,采用角度签名实现物体表面配准具有较快的速度和较高的精度。     

Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures

In this paper, we explore the problem of creating emph{vulnerability signatures}. A vulnerability signature is based on a program vulnerability, and is not specific to any particular exploit. The advantage of vulnerability signatures is that their quality can be guaranteed. In particular, we create vulnerability signatures which are guaranteed to have zero false positives. We show how to automate signature creation for any vulnerability that can be detected by a runtime monitor. We provide a formal definition of a vulnerability signature, and investigate the computational complexity of creating and matching vulnerability signatures. We systematically explore the design space of vulnerability signatures. We also provide specific techniques for creating vulnerability signatures in a variety of language classes. In order to demonstrate our techniques, we have built a prototype system. Our experiments show that we can, using a single exploit, automatically generate a vulnerability signature as a regular expression, as a small program, or as a system of constraints. We demonstrate techniques for creating signatures of vulnerabilities which can be exploited via multiple program paths. Our results indicate that our approach is a viable option for signature generation, especially when guarantees are desired.     

Ground truth An underview †

Abstract

In an ideal world (for remote sensing) the nature of the surface would be completely specified by the spectral signature. In the real world, however, the compexity of natural surfaces, effects of the atmosphere and ambiguity of the spectral signatures act to limit remote sensing without ground truth to applications that demand little from the radiometric quantities in the data. Ground surveys are complementary to the synoptic overview provided by satellites, helping to link the image data to the surface context. This paper reviews the purposes and problems of such ground surveys and examines in particular the nature of the relationship between the object of inquiry and the spectral signature. The investigator must select object variables that are both appropriate to the application and well matched to the spectral signature. This problem is discussed in the context of vegetation canopies.     

样条小波基的构造及其在汉字签名鉴别中的应用

基于笔画描述的汉字轮廓线，小波变换能更有效地提取签字的字形特征。该文提出了一种基于小波变换的笔迹鉴别的新方法，利用B-样条函数更适合于计算机图形中的曲线与曲面处理的特性，设计了适合系统特点的四阶样条小波，对签字的每一笔画进行小波变换，又设计了一组公式对各笔画的特征进行合成，从而抽取出了更加稳定有效的签字特征。     

Surface signatures: an orientation independent free-form surface representation scheme for the purpose of objects registration and matching

This paper introduces anew free-form surface representation scheme for the purpose of fast and accurate registration and matching. Accurate registration of surfaces is a common task in computer vision. The proposed representation scheme captures the surface curvature information (seen from certain points) and produces images, called "surface signatures," at these points. Matching signatures of different surfaces enables the recovery of the transformation parameters between these surfaces. We propose using template matching to compare the signature images. To enable partial matching, another criterion, the overlap ratio is used. This representation scheme can be used as a global representation of the surface as well as a local one and performs near real-time registration. We show that the signature representation can be used to recover scaling transformation as well as matching objects in 3D scenes in the presence of clutter and occlusion. Applications presented include: free-form object matching, multimodal medical volumes registration, and dental teeth reconstruction from intraoral images.     

Solid Texturing of Soft Objects

Since the shape of a soft object changes in response to its surroundings, it is difficult to give a single position in space as the location of the object. Indeed objects can and do break dynamically into subobjects. This means that you cannot map a solid texture onto such an object simply by using a function of the space coordinates. We have taken a different approach. Our soft objects are modeled as the volume enclosed by an isosurf ace of a field calculated from a set of key points. For each key point, we describe an abstract texture space. Any point on the surface of an object has, associated with each key point, a position in this space and a field contribution. A vector sum of these positions, weighted by the field contributions, is used to select a surface specification from the texture space. Textures mapped with this process retain their consistency during distortion and metamorphoses of objects, permitting a great variety of animation effects.     

An adaptive genetic-based signature learning system for intrusion detection

Rule-based intrusion detection systems generally rely on hand crafted signatures developed by domain experts. This could lead to a delay in updating the signature bases and potentially compromising the security of protected systems. In this paper, we present a biologically-inspired computational approach to dynamically and adaptively learn signatures for network intrusion detection using a supervised learning classifier system. The classifier is an online and incremental parallel production rule-based system.A signature extraction system is developed that adaptively extracts signatures to the knowledge base as they are discovered by the classifier. The signature extraction algorithm is augmented by introducing new generalisation operators that minimise overlap and conflict between signatures. Mechanisms are provided to adapt main algorithm parameters to deal with online noisy and imbalanced class data. Our approach is hybrid in that signatures for both intrusive and normal behaviours are learnt.The performance of the developed systems is evaluated with a publicly available intrusion detection dataset and results are presented that show the effectiveness of the proposed system.     

Off-line signature verification and forgery detection using fuzzy modeling

Automatic signature verification is a well-established and an active area of research with numerous applications such as bank check verification, ATM access, etc. This paper proposes a novel approach to the problem of automatic off-line signature verification and forgery detection. The proposed approach is based on fuzzy modeling that employs the Takagi-Sugeno (TS) model. Signature verification and forgery detection are carried out using angle features extracted from box approach. Each feature corresponds to a fuzzy set. The features are fuzzified by an exponential membership function involved in the TS model, which is modified to include structural parameters. The structural parameters are devised to take account of possible variations due to handwriting styles and to reflect moods. The membership functions constitute weights in the TS model. The optimization of the output of the TS model with respect to the structural parameters yields the solution for the parameters. We have also derived two TS models by considering a rule for each input feature in the first formulation (Multiple rules) and by considering a single rule for all input features in the second formulation. In this work, we have found that TS model with multiple rules is better than TS model with single rule for detecting three types of forgeries; random, skilled and unskilled from a large database of sample signatures in addition to verifying genuine signatures. We have also devised three approaches, viz., an innovative approach and two intuitive approaches using the TS model with multiple rules for improved performance.     

Using Landmarks to Establish a Point-to-Point Correspondence between Signatures

This paper introduces a new approach for point-to-point correspondence finding, which can be used as pre-processing stage of a handwritten signature verification procedure. This approach provides a solid basis for comparing function features of two handwritten signatures. Corner points of the signatures are first extracted based on velocity information. The characteristics of curvilinear velocity and angular velocity are combined successfully by functions based on membership criteria. The signatures to be compared are then segmented at landmarks obtained by corner matching based on similarity measures. In the last step, the corresponding pairs of segments are mapped by a point-to-point matching algorithm, minimising a curve deformation energy. The techniques described were applied to a set of 188 signatures from 19 volunteers. The resulting point-to-point matching of signature pairs was satisfactory in all cases where there was a visual agreement between the signatures. Received: 01 February 1999, Received in revised form: 05 May 1999, Accepted: 24 May 1999     

基于语义的恶意代码行为特征提取及检测方法

提出一种基于语义的恶意代码行为特征提取及检测方法,通过结合指令层的污点传播分析与行为层的语义分析,提取恶意代码的关键行为及行为间的依赖关系;然后,利用抗混淆引擎识别语义无关及语义等价行为,获取具有一定抗干扰能力的恶意代码行为特征.在此基础上,实现特征提取及检测原型系统.通过对多个恶意代码样本的分析和检测,完成了对该系统的实验验证.实验结果表明,基于上述方法提取的特征具有抗干扰能力强等特点,基于此特征的检测对恶意代码具有较好的识别能力.     

一种安全有效的基于身份的聚合签名方案

聚合签名是一种将n个来自于n不同签名者对n个不同消息m的签名聚合成一个单一签名的数字签名技术。利用双线性对技术,提出了一种有效的基于身份的聚合签名方案。同已有的基于身份的聚合签名方案相比,该方案在签名验证方面具有较低的计算成本。最后利用计算Diffie-Hellman问题的困难性在随机预言模型下证明了该方案在适应性选择消息和身份攻击下的不可伪造性。     

基于身份聚合签名方案的安全性分析与改进

聚合签名是一种将n个来自不同的签名者对n个不同的消息m的签名聚合成一个单一的签名的数字签名技术。分析了两种签名方案,证明了这两个基于身份聚合签名方案的不安全性。在此基础上,利用双线性技术,提出了改进的基于身份的聚合签名方案。在随机预言模型下,基于Diffie-Hellman问题的计算困难性,证明了提出方案在适应性选择消息和身份攻击下的不可伪造性。     

Finite element based tracking of deforming surfaces

We present an approach to robustly track the geometry of an object that deforms over time from a set of input point clouds captured from a single viewpoint. The deformations we consider are caused by applying forces to known locations on the object’s surface. Our method combines the use of prior information on the geometry of the object modeled by a smooth template and the use of a linear finite element method to predict the deformation. This allows the accurate reconstruction of both the observed and the unobserved sides of the object. We present tracking results for noisy low-quality point clouds acquired by either a stereo camera or a depth camera, and simulations with point clouds corrupted by different error terms. We show that our method is also applicable to large non-linear deformations.     

基于几何中心静态手写签名的识别算法研究*

研究了静态手写体签名识别和认证的问题。针对静态手写体签名无法提供笔画之间前后时序动态信息和手写笔画的压力信息,提出了一种利用手写签名的几何中心作为特征值的识别和认证算法。首先将静态签名图像依据几何中心不断进行切分,使其成为独立的小块;然后依据各个小块的几何中心的相对位置和距离提取特征值;在此基础上进行签名识别和认证。实验结果显示本方法快速有效,所提取的特征能稳定地描述包含集合形变的手写签名字体。该方法能拓展应用到手写体的识别系统中。     

A novel classifier for multivariate instance using graph class signatures

Applications like identifying different customers from their unique buying behaviours, determining ratingsof a product given by users based on different sets of features, etc. require classification using class-specific subsets of features. Most of the existing state-of-the-art classifiers for multivariate data use complete feature set for classification regardless of the different class labels. Decision tree classifier can produce class-wise subsets of features. However, none of these classifiers model the relationship between features which may enhance classification accuracy. We call the class-specific subsets of features and the features’ interrelationships as class signatures. In this work, we propose to map the original input space of multivariate data to the feature space characterized by connected graphs as graphs can easily model entities, their attributes, and relationships among attributes. Mostly, entities are modeled using graphs, where graphs occur naturally, for example, chemical compounds. However, graphs do not occur naturally in multivariate data. Thus, extracting class signatures from multivariate data is a challenging task. We propose some feature selection heuristics to obtain class-specific prominent subgraph signatures. We also propose two variants of class signatures based classifier namely: 1) maximum matching signature (gMM), and 2) score and size of matched signatures (gSM). The effectiveness of the proposed approach on real-world and synthetic datasets has been studied and compared with other established classifiers. Experimental results confirm the ascendancy of the proposed class signatures based classifier on most of the datasets.     

Near neighbor searching with K nearest references

Proximity searching is the problem of retrieving, from a given database, those objects closest to a query. To avoid exhaustive searching, data structures called indexes are built on the database prior to serving queries. The curse of dimensionality is a well-known problem for indexes: in spaces with sufficiently concentrated distance histograms, no index outperforms an exhaustive scan of the database.In recent years, a number of indexes for approximate proximity searching have been proposed. These are able to cope with the curse of dimensionality in exchange for returning an answer that might be slightly different from the correct one.In this paper we show that many of those recent indexes can be understood as variants of a simple general model based on K-nearest reference signatures. A set of references is chosen from the database, and the signature of each object consists of the K references nearest to the object. At query time, the signature of the query is computed and the search examines only the objects whose signature is close enough to that of the query.Many known and novel indexes are obtained by considering different ways to determine how much detail the signature records (e.g., just the set of nearest references, or also their proximity order to the object, or also their distances to the object, and so on), how the similarity between signatures is defined, and how the parameters are tuned. In addition, we introduce a space-efficient representation for those families of indexes, making it possible to search very large databases in main memory. Small indexes are cache friendly, inducing faster queries.We perform exhaustive experiments comparing several known and new indexes that derive from our framework, evaluating their time performance, memory usage, and quality of approximation. The best indexes outperform the state of the art, offering an attractive balance between all these aspects, and turn out to be excellent choices in many scenarios. Our framework gives high flexibility to design new indexes.     

Camenisch群签名方案的改进和成员废除

如何缩短群签名的长度以及如何安全有效废除群成员是阻碍群签名走向实用的两个主要问题．该文对Camenisch群签名方案进行改进，通过缩短其所用知识签名的长度，达到缩短签名长度的目的，所提出的改进方案使签名由原来的2n 4元组缩短为n 5元组，长度缩短了近一半．同时利用公钥状态列表和可信时戳提出一个前向安全的高效群成员废除方案，这个方案的提出纠正了不能用证书撤销列表废除群成员的观点．该文还考虑了后加入成员的超前签名问题，所提出的成员废除方案能防止超前签名．     

限制多方验证者签名的方案

提出了限制多方验证者签名的精确定义,构造了一个有效的限制多方验证者签名方案,该方案只计算一次签名就能同时限制多个验证者验证签名,弥补了一般限制验证者签名方案只有一个限制验证者的局限。分析了在BDHP困难性假设下达到期望的安全需求。该方案不仅支持否认协议,而且比一般限制单方验证者签名方案执行多次的效率高。