Electrical & Computer Engineering Theses and Dissertations

Permanent URI for this collectionhttp://hdl.handle.net/1903/2765

Browse

Subject: search.filters.subject.detection

Search Results

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Systematic Analysis of Adversaries' Exploitations of the End-host
    (2024) Avllazagaj, Erin; Dumitras, Tudor; Kwon, Yonghwi; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    In the pipeline of a cyber attack, the malicious actor will first gain a foothold in the target system through a malware. The malware detection is still a challenging problem, as the malware authors are constantly evolving their techniques to evade detection. Therefore, it is important for us to understand why that is the case and what can the defenders do to improve the detection of the malware. In this thesis, I explore the behavior of the malware in the real users’ machines and how it changes across different executions. I show that the malware exhibits more variability than benign samples and that certain actions are often more prone to variability than others. This is the first study that quantitatively analyzes the behavior of the malware in the wildI leverage an observation from the first project, where variability in the malware samples happens due to running privilege escalation exploits. The variability in behavior is due to the fact that the malware sometimes runs in non-privileged mode and tries to run an exploit to escalate its privileges. For these reasons, I propose a new methodology to systematically discover sensitive memory corruption targets that cause privilege escalation. At last, I explore the sensitive memory corruption targets in the Linux kernel. Specifically, I propose a methodology to systematically discover sensitive fields in the Linux kernel that, when corrupted, lead the system into an exploitable state. This system, called SCAVY, is based on a novel definition of the exploitable state that allows the attacker to read and write into files and memory locations that they would normally. SCAVY explores the exploitable states based on the threat model of a local unprivileged attacker with the ability to issue system calls and with the capability to read/write into a limited location in the kernel memory. The framework revealed that there are 17 sensitive fields across 12 Linux kernel C structs that, when overwritten with the correct value, lead the system into an exploitable state. In this definition, unlike prior work, I consider the system to be in an exploitable state when the weird machine allows the attacker to read and/or write into files and memory locations that they would normally not be able to. This state can be used to write into sensitive files such as //etc//passwd where the exploit author can create a new root account on the vulnerable host and log in as that. Additionally, if the attacker can read unreadable files such as //etc//shadow they can leak passwords of root accounts, de-hash them and log in as the root account. I utilize these targets to develop 6 exploits for 5 CVE vulnerabilities. I also demonstrated the severity of these fields and the applicability of the exploitable state by exploiting CVE-2022-27666. I overwrote the f mapping pointer in struct file and caused a write into //etc//passwd. Unlike the original exploit, ours didn’t need to break KASLR, modify global variables or require support of FUSE-fs from the vulnerable host. This makes our methodology more extensible and more stable, since the exploit requires fewer corruption in the kernel memory and it doesn’t rely on the need to have the addresses of the kernel’s symbols for calculating the KASLR offset. Additionally, our exploit doesn’t modify global variables, which makes it more stable and less likely to crash the kernel, during its runtime. Our findings show that new memory corruption targets can change the security implications of vulnerabilities, urging researchers to proactively discover memory corruption targets.
  • Thumbnail Image
    Item
    NONLINEAR DETECTION, ESTIMATION, AND CONTROL FOR FREE-SPACE OPTICAL COMMUNICATION
    (2008-08-01) Komaee, Arash; Krishnaprasad, P. S.; Narayan, Prakash; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    In free-space optical communication, the intensity of a laser beam is modulated by a message, the beam propagates through free-space or atmosphere, and eventually strikes the receiver. At the receiver, an optical sensor converts the optical energy into an electrical signal, which is processed to reconstruct the original message. The promising features of this communication scheme such as high-bandwidth, power efficiency, and security, render it a viable means for high data rate point-to-point communication. In this dissertation, we adopt a stochastic approach to address two major issues associated with free-space optics: digital communication over an atmospheric channel and maintaining optical alignment between the transmitter and the receiver, in spite of their relative motion. Associated with these issues, we consider several detection, estimation, and optimal control problems with point process observations. Although these problems are motivated by applications in free-space optics, they are also of direct relevance to the general field of estimation theory and stochastic control. We study the detection aspect of digital communication over an atmospheric channel. This problem is formulated as an M-ary hypothesis testing problem involving a doubly stochastic marked and filtered Poisson process in white Gaussian noise. The formal solutions we obtain for this problem are hard to express in an explicit form, thus we approximate them by appropriate closed form expressions. These approximations can be implemented using finite-dimensional, nonlinear, causal filters. Regarding the optical alignment issue, we consider two problems: active pointing and cooperative optical beam tracking. In the active pointing scheme that we develop for short range applications, the receiving station estimates the center of its incident optical beam based on the output of a position-sensitive photodetector. The transmitter receives this estimate via an independent communication link and incorporates it to accurately aim at the receiving station. A cooperative optical beam tracking system consists of two stations in such a manner that each station points its optical beam toward the other one. The stations employ the arrival direction of the incident optical beams as a guide to precisely point their own beam toward the other station. We develop a detailed stochastic model for this system and employ it to determine a control law which maximizes the flow of optical energy between the stations. In so doing, we consider the effect of light propagation delay, which requires a point-ahead mechanism to compensate for the displacement of the receiving station during propagation time.
  • Thumbnail Image
    Item
    Physics-Based Detection of Subpixel Targets in Hyperspectral Imagery
    (2007-04-25) Broadwater, Joshua Bret; Chellappa, Ramalingam; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Hyperspectral imagery provides the ability to detect targets that are smaller than the size of a pixel. They provide this ability by measuring the reflection and absorption of light at different wavelengths creating a spectral signature for each pixel in the image. This spectral signature contains information about the different materials within the pixel; therefore, the challenge in subpixel target detection lies in separating the target's spectral signature from competing background signatures. Most research has approached this problem in a purely statistical manner. Our approach fuses statistical signal processing techniques with the physics of reflectance spectroscopy and radiative transfer theory. Using this approach, we provide novel algorithms for all aspects of subpixel detection from parameter estimation to threshold determination. Characterization of the target and background spectral signatures is a key part of subpixel detection. We develop an algorithm to generate target signatures based on radiative transfer theory using only the image and a reference signature without the need for calibration, weather information, or source-target-receiver geometries. For background signatures, our work identifies that even slight estimation errors in the number of background signatures can severely degrade detection performance. To this end, we present a new method to estimate the number of background signatures specifically for subpixel target detection. At the core of the dissertation is the development of two hybrid detectors which fuse spectroscopy with statistical hypothesis testing. Our results show that the hybrid detectors provide improved performance in three different ways: insensitivity to the number of background signatures, improved detection performance, and consistent performance across multiple images leading to improved receiver operating characteristic curves. Lastly, we present a novel adaptive threshold estimate via extreme value theory. The method can be used on any detector type - not just those that are constant false alarm rate (CFAR) detectors. Even on CFAR detectors our proposed method can estimate thresholds that are better than theoretical predictions due to the inherent mismatch between the CFAR model assumptions and real data. Additionally, our method works in the presence of target detections while still estimating an accurate threshold for a desired false alarm rate.
  • Thumbnail Image
    Item
    Shadow detection in videos acquired by stationary and moving cameras
    (2005-12-09) Trias, Antonio; Chellappa, Rama; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Shadow Detection has become a key issue in object detection, tracking and recognition problems. Object appearances might be completely changed by the effects of shading and shadows. Finding good algorithms for shadow detection and reducing shading effects in order to segment objects from video sequences, will enhance the performance of our detection, tracking and recognition algorithms. In this thesis, we present data, physics and model-driven approaches for detecting shadows and correcting shading effects. The effectiveness of these algorithms in video sequences acquired by stationary surveillance cameras and airborne platforms is illustrated.