The Experts below are selected from a list of 105 Experts worldwide ranked by ideXlab platform
Peng Liu - One of the best experts on this subject based on the ideXlab platform.
-
DSN - RoboADS: Anomaly Detection Against Sensor and Actuator Misbehaviors in Mobile Robots
2018 48th Annual IEEE IFIP International Conference on Dependable Systems and Networks (DSN), 2018Co-Authors: Pinyao Guo, Hunmin Kim, Nurali Virani, Minghui Zhu, Peng LiuAbstract:Mobile robots such as unmanned vehicles integrate heterogeneous capabilities in sensing, computation, and control. They are representative cyber-physical systems where the cyberspace and the physical world are strongly coupled. However, the safety of mobile robots is significantly threatened by cyber/physical attacks and software/hardware failures. These threats can thwart normal robot operations and cause robot misbehaviors. In this paper, we propose a novel anomaly detection system, which leverages physical dynamics of mobile robots to detect misbehaviors in sensors and actuators. We explore issues raised in real-world implementations, e.g., distinctive robot dynamic models, sensor quantity and quality, decision parameters, etc., for practicality purposes. We implement the detection system on two types of mobile robots and evaluate the detection performance against various misbehavior scenarios, including signal interference, sensor spoofing, Logic Bomb and physical jamming. The experiments show detection effectiveness and small detection delays.
-
Exploiting Physical Dynamics to Detect Actuator and Sensor Attacks in Mobile Robots.
arXiv: Cryptography and Security, 2017Co-Authors: Pinyao Guo, Hunmin Kim, Nurali Virani, Minghui Zhu, Peng LiuAbstract:Mobile robots are cyber-physical systems where the cyberspace and the physical world are strongly coupled. Attacks against mobile robots can transcend cyber defenses and escalate into disastrous consequences in the physical world. In this paper, we focus on the detection of active attacks that are capable of directly influencing robot mission operation. Through leveraging physical dynamics of mobile robots, we develop RIDS, a novel robot intrusion detection system that can detect actuator attacks as well as sensor attacks for nonlinear mobile robots subject to stochastic noises. We implement and evaluate a RIDS on Khepera mobile robot against concrete attack scenarios via various attack channels including signal interference, sensor spoofing, Logic Bomb, and physical damage. Evaluation of 20 experiments shows that the averages of false positive rates and false negative rates are both below 1%. Average detection delay for each attack remains within 0.40s.
Dennis Titze - One of the best experts on this subject based on the ideXlab platform.
-
AINA - ConDroid: Targeted Dynamic Analysis of Android Applications
2015 IEEE 29th International Conference on Advanced Information Networking and Applications, 2015Co-Authors: Julian Schütte, Rafael Fedler, Dennis TitzeAbstract:Recent years have seen the development of a multitude of tools for the security analysis of Android applications. A major deficit of current fully automated security analyses, however, is their inability to drive execution to interesting parts, such as where code is dynamically loaded or certain data is decrypted. In fact, security-critical or downright offensive code may not be reached at all by such analyses when dynamically checked conditions are not met by the analysis environment. To tackle this unsolved problem, we propose a tool combining static call path analysis with byte code instrumentation and a heuristic partial symbolic execution, which aims at executing interesting calls paths. It can systematically locate potentially security-critical code sections and instrument applications such that execution of these sections can be observed in a dynamic analysis. Among other use cases, this can be leveraged to force applications into revealing dynamically loaded code, a simple yet effective way to circumvent detection by security analysis software such as the Google Play Store's Bouncer. We illustrate the functionality of our tool by means of a simple Logic Bomb example and a real-life security vulnerability which is present in hunderd of apps and can still be actively exploited at this time.
Atefeh Tajpour - One of the best experts on this subject based on the ideXlab platform.
-
All About Malwares (Malicious Codes).
Security and Management, 2010Co-Authors: Hossein Rouhani Zeidanloo, Payam Vahdani Amoli, Farzaneh Tabatabaei, Atefeh TajpourAbstract:-Malware, short term for malicious software, is a software which is developed to penetrate computers in a network without the user's permission or notification. Malware is a common term for a variety type of malicious software. In general, Malwares include Worm, Botnet, virus, Trojan horse, Backdoor, Rootkit, Logic Bomb, Rabbit and Spyware. Despite many works that have been done in the area of Malware, still there is not any distinct classification which differentiates different kind of Malwares and explains each of them thoroughly. In this paper, we define each of them in detail and emphasize their differences. We also conclude our studies in this area with providing a diagram which gives a comprehensive overview about Malware. Among the diverse forms of malware, botnet and worm are the most widespread and serious threat which occur commonly in today's cyber attacks. Therefore, we concentrate more on them and their communication topologies.
-
Security and Management - All About Malwares (Malicious Codes).
2010Co-Authors: Hossein Rouhani Zeidanloo, Payam Vahdani Amoli, Farzaneh Tabatabaei, Atefeh TajpourAbstract:Malware, short term for malicious software, is a software which is developed to penetrate computers in a network without the user’s permission or notification. Malware is a common term for a variety type of malicious software. In general, Malwares include Worm, Botnet, virus, Trojan horse, Backdoor, Rootkit, Logic Bomb, Rabbit and Spyware. Despite many works that have been done in the area of Malware, still there is not any distinct classification which differentiates different kind of Malwares and explains each of them thoroughly. In this paper, we define each of them in detail and emphasize their differences. We also conclude our studies in this area with providing a diagram which gives a comprehensive overview about Malware. Among the diverse forms of malware, botnet and worm are the most widespread and serious threat which occur commonly in today‘s cyber attacks. Therefore, we concentrate more on them and their communication topologies.
Pinyao Guo - One of the best experts on this subject based on the ideXlab platform.
-
DSN - RoboADS: Anomaly Detection Against Sensor and Actuator Misbehaviors in Mobile Robots
2018 48th Annual IEEE IFIP International Conference on Dependable Systems and Networks (DSN), 2018Co-Authors: Pinyao Guo, Hunmin Kim, Nurali Virani, Minghui Zhu, Peng LiuAbstract:Mobile robots such as unmanned vehicles integrate heterogeneous capabilities in sensing, computation, and control. They are representative cyber-physical systems where the cyberspace and the physical world are strongly coupled. However, the safety of mobile robots is significantly threatened by cyber/physical attacks and software/hardware failures. These threats can thwart normal robot operations and cause robot misbehaviors. In this paper, we propose a novel anomaly detection system, which leverages physical dynamics of mobile robots to detect misbehaviors in sensors and actuators. We explore issues raised in real-world implementations, e.g., distinctive robot dynamic models, sensor quantity and quality, decision parameters, etc., for practicality purposes. We implement the detection system on two types of mobile robots and evaluate the detection performance against various misbehavior scenarios, including signal interference, sensor spoofing, Logic Bomb and physical jamming. The experiments show detection effectiveness and small detection delays.
-
Exploiting Physical Dynamics to Detect Actuator and Sensor Attacks in Mobile Robots.
arXiv: Cryptography and Security, 2017Co-Authors: Pinyao Guo, Hunmin Kim, Nurali Virani, Minghui Zhu, Peng LiuAbstract:Mobile robots are cyber-physical systems where the cyberspace and the physical world are strongly coupled. Attacks against mobile robots can transcend cyber defenses and escalate into disastrous consequences in the physical world. In this paper, we focus on the detection of active attacks that are capable of directly influencing robot mission operation. Through leveraging physical dynamics of mobile robots, we develop RIDS, a novel robot intrusion detection system that can detect actuator attacks as well as sensor attacks for nonlinear mobile robots subject to stochastic noises. We implement and evaluate a RIDS on Khepera mobile robot against concrete attack scenarios via various attack channels including signal interference, sensor spoofing, Logic Bomb, and physical damage. Evaluation of 20 experiments shows that the averages of false positive rates and false negative rates are both below 1%. Average detection delay for each attack remains within 0.40s.
Julian Schütte - One of the best experts on this subject based on the ideXlab platform.
-
AINA - ConDroid: Targeted Dynamic Analysis of Android Applications
2015 IEEE 29th International Conference on Advanced Information Networking and Applications, 2015Co-Authors: Julian Schütte, Rafael Fedler, Dennis TitzeAbstract:Recent years have seen the development of a multitude of tools for the security analysis of Android applications. A major deficit of current fully automated security analyses, however, is their inability to drive execution to interesting parts, such as where code is dynamically loaded or certain data is decrypted. In fact, security-critical or downright offensive code may not be reached at all by such analyses when dynamically checked conditions are not met by the analysis environment. To tackle this unsolved problem, we propose a tool combining static call path analysis with byte code instrumentation and a heuristic partial symbolic execution, which aims at executing interesting calls paths. It can systematically locate potentially security-critical code sections and instrument applications such that execution of these sections can be observed in a dynamic analysis. Among other use cases, this can be leveraged to force applications into revealing dynamically loaded code, a simple yet effective way to circumvent detection by security analysis software such as the Google Play Store's Bouncer. We illustrate the functionality of our tool by means of a simple Logic Bomb example and a real-life security vulnerability which is present in hunderd of apps and can still be actively exploited at this time.
