Software similarity and classification

Software similarity and classification is an emerging topic with wide applications. It is applicable to the areas of malware detection, software theft detection, plagiarism detection, and software clone detection. Extracting program features, processing those features into suitable representations, and constructing distance metrics to define similarity and dissimilarity are the key methods to identify software variants, clones, derivatives, and classes of software. Software Similarity and Classification reviews the literature of those core concepts, in addition to relevant literature in each application and demonstrates that considering these applied problems as a similarity and classification problem enables techniques to be shared between areas. Additionally, the authors present in-depth case studies using the software similarity and classification techniques developed throughout the book.

Clonewise - detecting package-level clones using machine learning

Developers sometimes maintain an internal copy of another software or fork development of an existing project. This practice can lead to software vulnerabilities when the embedded code is not kept up to date with upstream sources. We propose an automated solution to identify clones of packages without any prior knowledge of these relationships. We then correlate clones with vulnerability information to identify outstanding security problems. This approach motivates software maintainers to avoid using cloned packages and link against system wide libraries. We propose over 30 novel features that enable us to use to use pattern classification to accurately identify package-level clones. To our knowledge, we are the first to consider clone detection as a classification problem. Our results show our system, Clonewise, compares well to manually tracked databases. Based on our work, over 30 unknown package clones and vulnerabilities have been identified and patched.

Reproducibility of aortic intima-media thickness in infants using edge-detection software and manual caliper measurements

Background: Aortic intima-media thickness measured by transabdominal ultrasound (aIMT) is an intermediate phenotype of cardiovascular risk. We aimed to (1) investigate the reproducibility of aIMT in a population-derived cohort of infants; (2) establish the distribution of aIMT in early infancy; (3) compare measurement by edge-detection software to that by manual sonographic calipers; and (4) assess the effect of individual and environmental variables on image quality. Methods. Participants were term infants recruited to a population-derived birth cohort study. Transabdominal ultrasound was performed at six weeks of age by one of two trained operators. Thirty participants had ultrasounds performed by both operators on the same day. Data were collected on environmental (infant sleeping, presence of a sibling, use of sucrose, timing during study visit) and individual (post-conception age, weight, gender) variables. Two readers assessed image quality and measured aIMT by edge-detection software and a subset by manual sonographic calipers. Measurements were repeated by the same reader and between readers to obtain intra-observer and inter-observer reliability. Results: Aortic IMT was measured successfully using edge-detection in 814 infants, and 290 of these infants also had aIMT measured using manual sonographic calipers. The intra-reader intra-class correlation (ICC) (n = 20) was 0.90 (95% CI 0.76, 0.96), mean difference 1.5 μm (95% LOA -39, 59). The between reader ICC using edge-detection (n = 20) was 0.92 (95% CI 0.82, 0.97) mean difference 2 μm (95% LOA -45.0, 49.0) and with manual caliper measurement (n = 290) the ICC was 0.84 (95% CI 0.80, 0.87) mean difference 5 μm (95% LOA -51.8, 61.8). Edge-detection measurements were greater than those from manual sonographic calipers (mean aIMT 618 μm (50) versus mean aIMT 563 μm (49) respectively; p < 0.001, mean difference 44 μm, 95% LOA -54, 142). With the exception of infant crying (p = 0.001), no associations were observed between individual and environmental variables and image quality. Conclusion: In a population-derived cohort of term infants, aIMT measurement has a high level of intra and inter-reader reproducibility. Measurement of aIMT using edge-detection software gives higher inter-reader ICC than manual sonographic calipers. Image quality is not substantially affected by individual and environmental factors. © 2014 McCloskey et al.; licensee BioMed Central Ltd.

Design of LabVIEW® - based software for the control of sequential injection analysis instrumentation for the determination of morphine.

LabVIEW^®-based software for the automation of a sequential injection analysis instrument for the determination of morphine is presented. Detection was based on its chemiluminescence reaction with acidic potassium permanganate in the presence of sodium polyphosphate. The calibration function approximated linearity (range 5 × 10 ^-10 to 5 × 10 ^-6M) with a line of best fit of y = 1.05 x + 8.9164 (R² = 0.9959), where y is the log₁₀ signal (mV) and x is the log₁₀ morphine concentration (M). Precision, as measured by relative standard deviation, was 0.7% for five replicate analyses of morphine standard (5 × 10^-8_M). The limit of detection (3 σ) was determined as 5 × 10^-11 M morphine.

Sequential injection and liquid chromatography for chemiluminescent detection of opiates

This thesis encompasses the development of analytical instrumentation, software and chemical methodologies for the rapid determination of pharmaceuticals in process extracts. Sensitive detection of morphine, codeine, oripavine and thebaine was achieved by measuring the quantity of light emitted as a result of their reactions with potassium permanganate and tris(2,2'-bipyridyl)ruthenium(III).

Virtual world security inspection : a software inspection process carried out on popular virtual world environments

 Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.

An approach to faulty reader detection in RFID reader network

Radio Frequency Identification (RFID) technology is becoming increasingly popular as an automated tool for object monitoring and identification in a cost-efficient manner. RFID systems are made up of heterogeneous components consisting of both hardware and software. RFID components such as the readers are prone to failures with serious consequences to the overall system. Thus, issues such as reliability and dependability of RFID systems are receiving attention recently. This mandates fault management that includes monitoring the health of RFID readers and accessing the RFID reader configurations remotely. Therefore, an approach that detects the faulty readers with the aim to minimize the impacts of the faulty readers on the system reliability and dependability is of paramount importance. In this chapter, the authors discuss an approach to detect faulty readers in networked RFID system environments. Performance evaluation of the approach against other techniques is presented and shows that it performs reasonably well in the presence of faulty readers.

Polymorphic malware detection using Hierarchical Hidden Markov Model

Binary signatures have been widely used to detect malicious software on the current Internet. However, this approach is unable to achieve the accurate identification of polymorphic malware variants, which can be easily generated by the malware authors using code generation engines. Code generation engines randomly produce varying code sequences but perform the same desired malicious functions. Previous research used flow graph and signature tree to identify polymorphic malware families. The key difficulty of previous research is the generation of precisely defined state machine models from polymorphic variants. This paper proposes a novel approach, using Hierarchical Hidden Markov Model (HHMM), to provide accurate inductive inference of the malware family. This model can capture the features of self-similar and hierarchical structure of polymorphic malware family signature sequences. To demonstrate the effectiveness and efficiency of this approach, we evaluate it with real malware samples. Using more than 15,000 real malware, we find our approach can achieve high true positives, low false positives, and low computational cost.

Virtual property theft detection framework

 The issue of virtual property theft in virtual worlds is a serious problem which has ramifications in both the real and virtual world. Virtual world users invest a considerable amount of time, effort and often money to collect virtual property items, only to have them stolen by thieves. Many virtual property thefts go undetected, with thieves often stealing virtual property items without resistance, leaving victims to discover the theft only after it has occurred. This paper presents the design of a detection framework that uses an algorithm for identifying virtual property theft at two key stages: account intrusion and unauthorized virtual property trades. Initial tests of this framework on a synthetic data set show an 80% detection rate with no false positives. This framework can allow virtual world developers to tailor and extend it to suit their specific virtual world software and provide an effective way of detecting virtual property theft while being a low maintenance, user friendly and cost effective.

Visual mouse : SIFT detection and PCA recognition

The paper presents the Visual Mouse (VM), a novel and simple system for interaction with displays via hand gestures. Our method includes detecting bare hands using the fast SIFT (Scale-Invariant Feature Transform) algorithm saving long training time of the Adaboost algorithm, tracking hands based on the CAMShift algorithm, recognizing hand gestures in cluttered background via Principle Components Analysis (PCA) without extracting clear-cut hand contour, and defining simple and robustly interpretable vocabularies of hand gestures, which are subsequently used to control a computer mouse. The system provides a fast and simple interaction experience without the need for more expensive hardware and software.

Malicious code detection architecture inspired by human immune system

Malicious code is a threat to computer systems globally. In this paper, we outline the evolution of malicious code attacks. The threat is evolving, leaving challenges for attackers to improve attack techniques and for researchers and security specialists to improve detection accuracy. We present a novel architecture for an effective defense against malicious code attack, inspired by the human immune system. We introduce two phases of program execution: Adolescent and Mature Phase. The first phase uses a malware profile matching mechanism, whereas the second phase uses a program profile matching mechanism. Both mechanisms are analogous to the innate immune system

Control flow-based malware variant detection

Static detection of malware variants plays an important role in system security and control flow has been shown as an effective characteristic that represents polymorphic malware. In our research, we propose a similarity search of malware to detect these variants using novel distance metrics. We describe a malware signature by the set of control flowgraphs the malware contains. We use a distance metric based on the distance between feature vectors of string-based signatures. The feature vector is a decomposition of the set of graphs into either fixed size k-subgraphs, or q-gram strings of the high-level source after decompilation. We use this distance metric to perform pre-filtering. We also propose a more effective but less computationally efficient distance metric based on the minimum matching distance. The minimum matching distance uses the string edit distances between programs' decompiled flowgraphs, and the linear sum assignment problem to construct a minimum sum weight matching between two sets of graphs. We implement the distance metrics in a complete malware variant detection system. The evaluation shows that our approach is highly effective in terms of a limited false positive rate and our system detects more malware variants when compared to the detection rates of other algorithms. © 2013 IEEE.

Policy-based SQLIA detection and prevention approach for RFID systems

While SQL injection attacks have been plaguing web application systems for years, the possibility of them affecting RFID systems was only identified very recently. However, very little work exists to mitigate this serious security threat to RFID-enabled enterprise systems. In this paper, we propose a policy-based SQLIA detection and prevention method for RFID systems. The proposed technique creates data validation and sanitization policies during content analysis and enforces those policies during runtime monitoring. We tested all possible types of dynamic queries that may be generated in RFID systems with all possible types of attacks that can be mounted on those systems. We present an analysis and evaluation of the proposed approach to demonstrate the effectiveness of the proposed approach in mitigating SQLIA.

Robust object detection under partial occlusion

This thesis focuses on the problem of object detection under partial occlusion in complex scenes through exploring new bottom-up and top-down detection models to cope with object discontinuities and ambiguity caused by partial occlusion and allow for a more robust and adaptive detection of varied objects from different scenes.