Accuracy improvement of multi-stage change-point detection scheme by weighting alerts based on false-positive rate

Software uses cryptography to provide confidentiality in communication and to provide authentication. Additionally, cryptographic algorithms can be used to protect software against cracking core algorithms in software implementation. Recently, malware and ransomware have begun to use encryption to protect their codes from analysis. As for the detection of cryptographic algorithms, previous works have had demerits in analyzing anti-reverse engineered binaries that can detect differences in analysis environments and normal execution. Here, we present a new symmetric-key cryptographic routine detection scheme using hardware tracing. In our experiments, patterns were successfully generated and detected for nine symmetric-key cryptographic algorithms. Additionally, the experimental results show that the false positive rate of our scheme is extremely low and the prototype implementation successfully bypasses anti-reversing techniques. Our work can be used to detect symmetric-key cryptographic routines in malware/ransomware with anti-reversing techniques.

Download Full-text

Multi-Stage Change Point Detection with Copula Conditional Distribution with PCA and Functional PCA

Mathematics ◽

10.3390/math8101777 ◽

2020 ◽

Vol 8 (10) ◽

pp. 1777

Author(s):

Jong-Min Kim ◽

Ning Wang ◽

Yumin Liu

Keyword(s):

Change Point ◽

Manufacturing Industry ◽

Supply And Demand ◽

Multivariate Data ◽

Change Point Detection ◽

Conditional Distributions ◽

Multi Stage ◽

Functional Pca ◽

Point Detection ◽

Uncertainty Environment

A global uncertainty environment, such as the COVID-19 pandemic, has affected the manufacturing industry severely in terms of supply and demand balancing. So, it is common that one stage statistical process control (SPC) chart affects the next-stage SPC chart. It is our research objective to consider a conditional case for the multi-stage multivariate change point detection (CPD) model for highly correlated multivariate data via copula conditional distributions with principal component analysis (PCA) and functional PCA (FPCA). First of all, we review the current available multivariate CPD models, which are the energy test-based control chart (ETCC) and the nonparametric multivariate change point model (NPMVCP). We extend the current available CPD models to the conditional multi-stage multivariate CPD model via copula conditional distributions with PCA for linear normal multivariate data and FPCA for nonlinear non-normal multivariate data.

Download Full-text

Change Point Determination in Audio Data Using Auditory Features

International Journal of Electronics and Telecommunications ◽

10.1515/eletel-2015-0024 ◽

2015 ◽

Vol 61 (2) ◽

pp. 185-190 ◽

Cited By ~ 2

Author(s):

Tomasz Maka

Keyword(s):

Change Point ◽

Feature Space ◽

Change Point Detection ◽

Detection Scheme ◽

Detection Techniques ◽

Detection Process ◽

Feature Spaces ◽

Audio Data ◽

A New Technique ◽

Point Detection

Abstract The study is aimed to investigate the properties of auditory-based features for audio change point detection process. In the performed analysis, two popular techniques have been used: a metric-based approach and the ΔBIC scheme. The efficiency of the change point detection process depends on the type and size of the feature space. Therefore, we have compared two auditory-based feature sets (MFCC and GTEAD) in both change point detection schemes. We have proposed a new technique based on multiscale analysis to determine the content change in the audio data. The comparison of the two typical change point detection techniques with two different feature spaces has been performed on the set of acoustical scenes with single change point. As the results show, the accuracy of the detected positions depends on the feature type, feature space dimensionality, detection technique and the type of audio data. In case of the ΔBIC approach, the better accuracy has been obtained for MFCC feature space in the most cases. However, the change point detection with this feature results in a lower detection ratio in comparison to the GTEAD feature. Using the same criteria as for ΔBIC, the proposed multiscale metric-based technique has been executed. In such case, the use of the GTEAD feature space has led to better accuracy. We have shown that the proposed multiscale change point detection scheme is competitive to the ΔBIC scheme with the MFCC feature space.

Download Full-text

CPMAN: Change Point Detection Approach in Time Series Based on the Prediction of Multi-stage Attention Networks

International Journal of Artificial Intelligence Tools ◽

10.1142/s0218213021500263 ◽

2021 ◽

Vol 30 (05) ◽

pp. 2150026

Author(s):

Haizhou Du ◽

Ziyi Duan ◽

Yang Zheng

Keyword(s):

Time Series ◽

Change Point ◽

Early Stage ◽

Change Point Detection ◽

Change Points ◽

Series Data ◽

Attention Networks ◽

Multi Stage ◽

Detection Approach ◽

Point Detection

Time series change point detection can identify the locations of abrupt points in many dynamic processes. It can help us to find anomaly data in an early stage. At the same time, detecting change points for long, periodic, and multiple input series data has received a lot of attention recently, and is universally applicable in many fields including power, environment, finance, and medicine. However, the performance of classical methods typically scales poorly for such time series. In this paper, we propose CPMAN, a novel prediction-based change point detection approach via multi-stage attention networks. Our model consists of two key modules. First, in the time series prediction module, we employ the multi-stage attention-based networks and integrate the multi-series fusion mechanism. This module can adaptively extract features from the relevant input series and capture the long-term temporal dependencies. Secondly, in the change point detection module, we use the wavelet analysis-based algorithm to detect change points efficiently and identify the change points and outliers. Extensive experiments are conducted on various real-world datasets and synthetic datasets, proving the superiority and effectiveness of CPMAN. Our approach outperforms the state-of-the-art methods by up to 12.1% on the F1 Score.

Download Full-text

Water quality monitoring with online change-point detection methods

Journal of Hydroinformatics ◽

10.2166/hydro.2014.126 ◽

2014 ◽

Vol 17 (1) ◽

pp. 7-19 ◽

Cited By ~ 4

Author(s):

Amadou Ba ◽

Sean A. McKenna

Keyword(s):

Water Quality ◽

Time Series ◽

Change Point ◽

Change Point Detection ◽

Ar Model ◽

Detection Methods ◽

Ratio Test ◽

Positive Rate ◽

Point Detection ◽

Contamination Events

We develop an approach for water quality time series monitoring and contamination event detection. The approach combines affine projection algorithms and an autoregressive (AR) model to predict water quality time series. Then, we apply online change-point detection methods to the estimated residuals to determine the presence, or not, of contamination events. Particularly, we compare the performance of four change-point detection methods, namely, sequential probability ratio test (SPRT), cumulative sum (CUSUM), binomial event discriminator (BED), and online Bayesian change-point detection (OBCPD), by using residuals obtained from four water quality time series, chlorine, conductivity, total organic carbon, and turbidity. Our fundamental criterion for the performance evaluation of the four change-point detection methods is given by the receiver operating characteristic (ROC) curve which is characterized by the true positive rate as a function of the false positive rate. We highlight with detailed experiments that OBCPD provides the best performance for large contamination events, and we also provide insight on the choice of change-point detection algorithms to consider for designing efficient contamination detection schemes.

Download Full-text

Change-point detection-based power quality monitoring in smart grids

APSIPA Transactions on Signal and Information Processing ◽

10.1017/atsip.2015.7 ◽

2015 ◽

Vol 4 ◽

Author(s):

Xingze He ◽

Man-On Pun ◽

C.C. Jay Kuo

Keyword(s):

Power Quality ◽

Change Point ◽

Smart Grids ◽

Economic Loss ◽

Change Point Detection ◽

Quality Monitoring ◽

Detection Scheme ◽

Power Quality Monitoring ◽

Point Detection ◽

Short Time

The enormous economic loss caused by power quality problems (more than $ 150 billion per year in USA) makes power quality monitoring an important component in power grid. With highly connected fragile digital equipment and appliances, Smart Grid has more stringent timeliness and reliability requirements on power quality monitoring. In this work, we propose a change-point detection theory-based power quality monitoring scheme to detect the most detrimental power quality events, such as voltage sags, transients and swells in a quick and reliable manner. We first present a method for single-sensor detection scenario. Based on that, we extend the scheme to multi-sensor joint detection scheme which further enhances the detection performance. A group of conventional power quality monitoring schemes (i.e. Root-mean-square, Short-time Fourier transform, MUSIC, and MBQCUSUM) are compared with the proposed scheme. Experimental results assert the superior of the proposed scheme in terms of detection latency and robustness.

Download Full-text

FSM based Intrusion Detection of Packet Dropping Attack using Trustworthy Watchdog Nodes

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813999200730223837 ◽

2020 ◽

Vol 13 ◽

Author(s):

Radha Raman Chandan ◽

P.K Mishra

Keyword(s):

Intrusion Detection ◽

False Positive ◽

False Positive Rate ◽

Detection Accuracy ◽

Context Aware ◽

Malicious Nodes ◽

Detection Scheme ◽

Packet Dropping ◽

Positive Rate ◽

Trust Calculation

Introduction: * The proposed TWIST model aims to achieve a secure MANET by detecting and mitigating packet dropping attack using finite state machine based IDS model. * To determine the trust values of the nodes using context-aware trust calculation * To select the trustworthy nodes as watchdog nodes for performing intrusion detection on the network * To detect and isolate the packet dropping attackers from routing activities, the scheme uses FSM based IDS for differen-tiating the packet dropping attacks from genuine nodes in the MANET. Method: In this methodology, instead of launching an intrusion detection system (IDS) in all nodes, an FSM based IDS is placed in the trustworthy watchdog nodes for detecting packet dropping attacker nodes in the network. The proposed FSM based intrusion detection scheme has three steps. The three main steps in the proposed scheme are context- aware trust calculation, watchdog node selection, and FSM based intrusion detection. In the first process, the trust calculation for each node is based on specific parameters that are different for malicious nodes and normal nodes. The second step is the watchdog node selection based on context-aware trust value calculation for ensuring that the trust-worthy network monitors are used for detecting attacker nodes in the network. The final process is FSM based intrusion detection, where the nodes acquire each state based on their behavior during the data routing. Based on the node behavior, the state transition occurs, and the nodes that drop data packets exceeding the defined threshold are moved to the malicious state and restricted to involve in further routing and services in the network Result: The performance of the proposed (TWIST) mechanism is assessed using the Network Simulator 2 (NS2). The proposed TWIST model is implemented by modifying the Ad-Hoc On-Demand Distance Vector (AODV) protocol files in NS2. Moreover, the proposed scheme is compared with Detection and Defense against Packet Drop attack in the MANET (DDPD) scheme. A performance analysis is done for the proposed TWIST model using performance metrics such as detection accuracy, false-positive rate, and overhead and the performance result is compared with that of the DDPD scheme. After the compare result we have analyzed that the proposed TWIST model exhibits better performance in terms of detection accuracy, false positive rate, energy consumption, and overhead compared to the existing DDPD scheme. Conclusion: In the TWIST model, an efficient packet dropping detection scheme based on the FSM model is proposed that efficiently detects the packet dropping attackers in the MANET. The trust is evaluated for each node in the network, and the nodes with the highest trust value are selected as watchdog nodes. The trust calculation based on parameters such as residual energy, the interaction between nodes and the neighbor count is considered for determining watchdog node selec-tion. Thus, the malicious nodes that drop data packets during data forwarding cannot be selected as watchdog nodes. The FSM based intrusion detection is applied in the watchdog nodes for detecting attackers accurately by monitoring the neigh-bor nodes for malicious behavior. The performance analysis is performed between the proposed TWIST mechanism and existing DDPD scheme. The proposed TWIST model exhibits better performance in terms of detection accuracy, false positive rate, energy consumption, and overhead compared to the existing DDPD scheme Discussion: This work may extend the conventional trust measurement of MANET routing, which adopts only routing behavior observation to cope with malicious activity. In addition, performance evaluation of proposed work under packet dropping attack has not been performed for varying the mobility of nodes in terms of speed. Furthermore, various perfor-mance metric parameters like route discovery latency and malicious discovery ratio which can be added for evaluate the performance of protocol in presence of malicious nodes. This may be considered in future work for extension of protocol for better and efficient results. Furthermore, In the future, the scheme will focus on providing proactive detection of packet dropping attacker nodes in MANET using a suitable and efficient statistical method.

Download Full-text