Radio Frequency RF Distinct Native Attribute (RF-DNA) Fingerprinting is a PHY-based security method that enhances device identification (ID). ZigBee 802.15.4 security is of interest here given its widespread deployment in Critical Infrastructure (CI) applications. RF-DNA features can be numerous, correlated, and noisy. Feature Dimensional Reduction Analysis (DRA) is considered here with a goal of: 1) selecting appropriate features (feature selection) and 2) selecting the appropriate number of features (dimensionality assessment). Five selection methods are considered based on Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) feature relevance ranking, and p-value and test statistic rankings from both the two-sample Kolmogorov-Smirnov (KS) Test and the one-way Analysis of Variance (ANOVA) F-test. Dimensionality assessment is considered using previous qualitative (subjective) methods and quantitative methods developed herein using data covariance matrices and the KS and F-test p-values. ZigBee discrimination (classification and ID verification) is evaluated under varying signal-to-noise ratio (SNR) conditions for both authorized and unauthorized rogue devices. Test statistic approaches emerge as superior to p-value approaches and offer both higher resolution in selecting features and generally better device discrimination. With appropriate feature selection, using only 16% of the data is shown to achieve better classification performance than when using all of the data. Preliminary firstlook results for Z-Wave devices are also presented and shown to be consistent with ZigBee device fingerprinting performance.
Firewalls, especially at large organizations, process high velocity internet traffic and flag suspicious events and activities. Flagged events can be benign, such as misconfigured routers, or malignant, such as a hacker trying to gain access to a specific computer. Confounding this is that flagged events are not always obvious in their danger and the high velocity nature of the problem. Current work in firewall log analysis is manual intensive and involves manpower hours to find events to investigate. This is predominantly achieved by manually sorting firewall and intrusion detection/prevention system log data. This work aims to improve the ability of analysts to find events for cyber forensics analysis. A tabulated vector approach is proposed to create meaningful state vectors from time-oriented blocks. Multivariate and graphical analysis is then used to analyze state vectors in human-machine collaborative interface. Statistical tools, such as the Mahalanobis distance, factor analysis, and histogram matrices, are employed for outlier detection. This research also introduces the breakdown distance heuristic as a decomposition of the Mahalanobis distance, by indicating which variables contributed most to its value. This work further explores the application of the tabulated vector approach methodology on collected firewall logs. Lastly, the analytic methodologies employed are integrated into embedded analytic tools so that cyber analysts on the front-line can efficiently deploy the anomaly detection capabilities.
In this letter, a reliable, simple, and intuitive approach for hyperspectral imagery (HSI) anomaly detection (AD) is presented. This method, namely, the global iterative principal component analysis (PCA) reconstruction-error-based anomaly detector (GIPREBAD), examines AD by computing errors (residuals) associated with reconstructing the original image using PCA projections. PCA is a linear transformation and feature extraction process commonly used in HSI and frequently appears in operation prior to any AD task. PCA features represent a projection of the original data into lower-dimensional subspace. An iterative approach is used to mitigate outlier influence on background covariance estimates. GIPREBAD results are provided using receiver-operating-characteristic curves for HSI from the hyperspectral digital imagery collection experiment.
Results are compared against the Reed-Xiaoli (RX) algorithm, the linear RX (LRX) algorithm, and the support vector data description (SVDD) algorithm. The results show that the proposed GIPREBAD method performs favorably compared with RX, LRX, and SVDD and is both intuitively and computationally simpler than either RX or SVDD.Index Terms-Anomaly detection (AD), dimensionality reduction (DR), hyperspectral imagery (HSI), hyperspectral imaging, object detection, principal component analysis (PCA), reconstruction error, remote sensing, residual analysis, support vector data description (SVDD).
Artificial Intelligence (AI), has many benefits, including the ability to find complex patterns, automation, and meaning making. Through these benefits, AI has revolutionized image processing among numerous other disciplines. AI further has the potential to revolutionize other domains; however, this will not happen until we can address the "ilities": repeatability, explain-ability, reliability, use-ability, trust-ability, etc. Notably, many problems with the "ilities" are due to the artistic nature of AI algorithm development, especially hyperparameter determination. AI algorithms are often crafted products with the hyperparameters learned experientially. As such, when applying the same algorithm to new problems, the algorithm may not perform due to inappropriate settings. This research aims to provide a straightforward and reliable approach to automatically determining suitable hyperparameter settings when given an AI algorithm. Results, show reasonable performance is possible and end-to-end examples are given for three deep learning algorithms and three different data problems.
Improved network security is addressed using device dependent physical-layer (PHY) based fingerprints from Ethernet cards to augment traditional MAC-based ID verification. The investigation uses unintentional Ethernet cable emissions and device fingerprints comprised of Constellation-Based, Distinct Native Attribute (CB-DNA) features. Near-field collection probe derivative effects dictated the need for developing a twodimensional (2D) binary constellation for demodulation and CB-DNA extraction. Results show that the 2D constellation provides reliable demodulation (bit estimation) and device discrimination using symbol cluster statistics for CB-DNA. Bit Error Rate (BER) and Cross-Manufacturer Discrimination (CMD) results are provided for 16 devices from 4 different manufactures. Device discrimination is assessed using both Nearest Neighbor (NN) and Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) classifiers. Overall results are promising and include CMD average classification accuracy of %C = 76.73% (NN) and %C = 91.38% (MDA/ML).
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.