Gilbert L. Peterson

User identification and authentication using multi-modal behavioral biometrics

Abstract Biometric computer authentication has an advantage over password and access card authentication in that it is based on something you are, which is not easily copied or stolen. One way of performing biometric computer authentication is to use behavioral tendencies associated with how a user interacts with the computer. However, behavioral biometric authentication accuracy rates are worse than more traditional authentication methods. This article presents a behavioral biometric system that fuses user data from keyboard, mouse, and Graphical User Interface (GUI) interactions. Combining the modalities results in a more accurate authentication decision based on a broader view of the users computer activity while requiring less user interaction to train the system than previous work. Testing over 31 users shows that fusion techniques significantly improve behavioral biometric authentication accuracy over single modalities on their own. Between the two fusion techniques presented, feature fusion and an ensemble based classification method, the ensemble method performs the best with a False Acceptance Rate (FAR) of 2.10% and a False Rejection Rate (FRR) 2.24%.

An evolutionary algorithm to generate hyper-ellipsoid detectors for negative selection

This paper introduces hyper-ellipsoids as an improvement to hyper-spheres as intrusion detectors in a negative selection problem within an artificial immune system. Since hyper-spheres are a specialization of hyper-ellipsoids, hyper-ellipsoids retain the benefits of hyper-spheres. However, hyper-ellipsoids are much more flexible, mostly in that they can be stretched and reoriented. The viability of using hyper-ellipsoids is established using several pedagogical problems. We conjecture that fewer hyper-ellipsoids than hyper-spheres are needed to achieve similar coverage of nonself space in a negative selection problem. Experimentation validates this conjecture. In pedagogical benchmark problems, the number of hyper-ellipsoids to achieve good results is significantly (~50%) smaller than the associated number of hyper-spheres.

A new blind method for detecting novel steganography

Steganography is the art of hiding a message in plain sight. Modern steganographic tools that conceal data in innocuous-looking digital image files are widely available. The use of such tools by terrorists, hostile states, criminal organizations, etc., to camouflage the planning and coordination of their illicit activities poses a serious challenge. Most steganography detection tools rely on signatures that describe particular steganography programs. Signature-based classifiers offer strong detection capabilities against known threats, but they suffer from an inability to detect previously unseen forms of steganography. Novel steganography detection requires an anomaly-based classifier. This paper describes and demonstrates a blind classification algorithm that uses hyper-dimensional geometric methods to model steganography-free jpeg images. The geometric model, comprising one or more convex polytopes, hyper-spheres, or hyper-ellipsoids in the attribute space, provides superior anomaly detection compared to previous research. Experimental results show that the classifier detects, on average, 85.4% of Jsteg steganography images with a mean embedding rate of 0.14 bits per pixel, compared to previous research that achieved a mean detection rate of just 65%. Further, the classification algorithm creates models for as many training classes of data as are available, resulting in a hybrid anomaly/signature or signature-only based classifier, which increases Jsteg detection accuracy to 95%.

The latest generation Whegs™ robot features a passive-compliant body joint

Current autonomous and semi-autonomous robotic platforms are limited to functioning in highly structured environments such as buildings and roads. Autonomous robots that could explore and navigate rugged terrain and highly unstructured environments such as collapsed buildings would have large dividends in civilian and military applications. In this work, we present the next generation of Whegstrade robots, DAGSI Whegstrade, which has been completed and extensively field tested. Several innovations have made the robot more rugged and well suited to autonomous operation. Specifically, an actively controlled, passively compliant body joint has been tested in three different modes of operation to judge the usefulness of the mechanism. A two-dimensional dynamic simulation of the robot has also been constructed, and has been used to study the effects of weight distribution on obstacle climbing and to investigate future autonomous climbing strategies. Moving the center of mass forward allowed the robot to climb taller obstacles. DAGSI Whegstrade can climb rectangular obstacles as tall as 2.19 times the length of a leg.

Malware target recognition via static heuristics

Organizations increasingly rely on the confidentiality, integrity and availability of their information and communications technologies to conduct effective business operations while maintaining their competitive edge. Exploitation of these networks via the introduction of undetected malware ultimately degrades their competitive edge, while taking advantage of limited network visibility and the high cost of analyzing massive numbers of programs. This article introduces the novel Malware Target Recognition (MaTR) system which combines the decision tree machine learning algorithm with static heuristic features for malware detection. By focusing on contextually important static heuristic features, this research demonstrates superior detection results. Experimental results on large sample datasets demonstrate near ideal malware detection performance (99.9+% accuracy) with low false positive (8.73e-4) and false negative rates (8.03e-4) at the same point on the performance curve. Test results against a set of publicly unknown malware, including potential advanced competitor tools, show MaTRs superior detection rate (99%) versus the union of detections from three commercial antivirus products (60%). The resulting model is a fine granularity sensor with potential to dramatically augment cyberspace situation awareness.

A function-to-task process model for adaptive automation system design

Abstract Adaptive automation systems allow the user to complete a task seamlessly with a computer performing tasks at which the human operator struggles. Unlike traditional systems that allocate functions to either the human or the machine, adaptive automation varies the allocation of functions during system operation. Creating these systems requires designers to consider issues not present during static system development. To assist in adaptive automation system design, this paper presents the concept of inherent tasks and takes advantage of this concept to create the function-to-task design process model . This process model helps the designer determine how to allocate functions to the human, machine, or dynamically between the two. An illustration of the process demonstrates the potential complexity within adaptive automation systems and how the process model aids in understanding this complexity during early stage design.

Applicability of Latent Dirichlet Allocation to multi-disk search

Abstract Digital forensics practitioners face a continual increase in the volume of data they must analyze, which exacerbates the problem of finding relevant information in a noisy domain. Current technologies make use of keyword based search to isolate relevant documents and minimize false positives with respect to investigative goals. Unfortunately, selecting appropriate keywords is a complex and challenging task. Latent Dirichlet Allocation (LDA) offers a possible way to relax keyword selection by returning topically similar documents. This research compares regular expression search techniques and LDA using the Real Data Corpus (RDC). The RDC, a set of over 2400 disks from real users, is first analyzed to craft effective tests. Three tests are executed with the results indicating that, while LDA search should not be used as a replacement to regular expression search, it does offer benefits. First, it is able to locate documents when few, if any, of the keywords exist within them. Second, it improves data browsing and deals with keyword ambiguity by segmenting the documents into topics.

Insider Threat Detection Using Virtual Machine Introspection

This paper presents a methodology for signaling potentially malicious insider behavior using virtual machine introspection (VMI). VMI provides a novel means to detect potential malicious insiders because the introspection tools remain transparent and inaccessible to the guest and are extremely difficult to subvert. This research develops a four step methodology for development and validation of malicious insider threat alerting using VMI. A malicious attacker taxonomy is used to decompose each scenario to aid identification of observables for monitoring for potentially malicious actions. The effectiveness of the identified observables is validated using two data sets. Results of the research show the developed methodology is effective in detecting the malicious insider scenarios on Windows guests.

Real-time behavior-based robot control

Behavior-based systems form the basis of autonomous control for many robots, but there is a need to ensure these systems respond in a timely manner. Unexpected latency can adversely affect the quality of an autonomous system’s operations, which in turn can affect lives and property in the real-world. A robots ability to detect and handle external events is paramount to providing safe and dependable operation. This paper presents a concurrent version of a behavior-based system called the Real-Time Unified Behavior Framework, which establishes a responsive basis of behavior-based control that does not bind the system developer to any single behavior hierarchy. The concurrent design of the framework is based on modern software engineering principles and only specifies a functional interface for components, leaving the implementation details to the developers. In addition, the individual behaviors are executed by a real-time scheduler, guaranteeing the responsiveness of routines that are critical to the autonomous system’s safe operation. Experimental results demonstrate the ability of this approach to provide predictable temporal operation, independent of fluctuations in high-level computational loads.

Incorporating decision-theoretic planning in a robot architecture

Abstract The goal of robotics research is to design a robot to fulfill a variety of tasks in the real world. Inherent in the real world is a high degree of uncertainty about the robot’s behavior and about the world. We introduce a robot task architecture, DTRC, that generates plans with actions that incorporate costs and uncertain effects, and states that yield rewards. The use of a decision-theoretic planner in a robot task architecture is demonstrated on the mobile robot domain of miniature golf. The miniature golf domain shows the application of decision-theoretic planning in an inherently uncertain domain, and demonstrates that by using decision-theoretic planning as the reasoning method in a robot task architecture, accommodation for uncertain information plays a direct role in the reasoning process.