Theses and Dissertations from UMD

Permanent URI for this communityhttp://hdl.handle.net/1903/2

New submissions to the thesis/dissertation collections are added automatically as they are received from the Graduate School. Currently, the Graduate School deposits all theses and dissertations from a given semester after the official graduation date. This means that there may be up to a 4 month delay in the appearance of a give thesis/dissertation in DRUM

More information is available at Theses and Dissertations at University of Maryland Libraries.

Browse

Subject: search.filters.subject.detection

Search Results

Now showing 1 - 10 of 10
  • Thumbnail Image
    Item
    Systematic Analysis of Adversaries' Exploitations of the End-host
    (2024) Avllazagaj, Erin; Dumitras, Tudor; Kwon, Yonghwi; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    In the pipeline of a cyber attack, the malicious actor will first gain a foothold in the target system through a malware. The malware detection is still a challenging problem, as the malware authors are constantly evolving their techniques to evade detection. Therefore, it is important for us to understand why that is the case and what can the defenders do to improve the detection of the malware. In this thesis, I explore the behavior of the malware in the real users’ machines and how it changes across different executions. I show that the malware exhibits more variability than benign samples and that certain actions are often more prone to variability than others. This is the first study that quantitatively analyzes the behavior of the malware in the wildI leverage an observation from the first project, where variability in the malware samples happens due to running privilege escalation exploits. The variability in behavior is due to the fact that the malware sometimes runs in non-privileged mode and tries to run an exploit to escalate its privileges. For these reasons, I propose a new methodology to systematically discover sensitive memory corruption targets that cause privilege escalation. At last, I explore the sensitive memory corruption targets in the Linux kernel. Specifically, I propose a methodology to systematically discover sensitive fields in the Linux kernel that, when corrupted, lead the system into an exploitable state. This system, called SCAVY, is based on a novel definition of the exploitable state that allows the attacker to read and write into files and memory locations that they would normally. SCAVY explores the exploitable states based on the threat model of a local unprivileged attacker with the ability to issue system calls and with the capability to read/write into a limited location in the kernel memory. The framework revealed that there are 17 sensitive fields across 12 Linux kernel C structs that, when overwritten with the correct value, lead the system into an exploitable state. In this definition, unlike prior work, I consider the system to be in an exploitable state when the weird machine allows the attacker to read and/or write into files and memory locations that they would normally not be able to. This state can be used to write into sensitive files such as //etc//passwd where the exploit author can create a new root account on the vulnerable host and log in as that. Additionally, if the attacker can read unreadable files such as //etc//shadow they can leak passwords of root accounts, de-hash them and log in as the root account. I utilize these targets to develop 6 exploits for 5 CVE vulnerabilities. I also demonstrated the severity of these fields and the applicability of the exploitable state by exploiting CVE-2022-27666. I overwrote the f mapping pointer in struct file and caused a write into //etc//passwd. Unlike the original exploit, ours didn’t need to break KASLR, modify global variables or require support of FUSE-fs from the vulnerable host. This makes our methodology more extensible and more stable, since the exploit requires fewer corruption in the kernel memory and it doesn’t rely on the need to have the addresses of the kernel’s symbols for calculating the KASLR offset. Additionally, our exploit doesn’t modify global variables, which makes it more stable and less likely to crash the kernel, during its runtime. Our findings show that new memory corruption targets can change the security implications of vulnerabilities, urging researchers to proactively discover memory corruption targets.
  • Thumbnail Image
    Item
    Bio-templated Substrates for Biosensor Applications
    (2013) Fu, Angela Li-Hui; Kofinas, Peter; Bioengineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Nanopatterning of materials is of particular interest for applications in biosensors, microfluidics, and drug delivery devices. In biosensor applications there is a need for rapid, low cost, and durable system for detection. This dissertation aims to investigate methods to pattern nanostructured surfaces using virus particles as templates. The virus species used in these experiments is a cysteine modified tobacco mosaic virus. The first project utilized the lamellar microphase separation of a block copolymer to pattern the virus particles. Although microphase separation of the poly(styrene-b-2-vinylpyridine) (PS-P2VP) into lamellae was confirmed, specificity of the viruses to the gold doped block of the polymer could not be achieved. Single virus particles lay across multiple lamellae and aggregated in side-to-side and head-to-tail arrangements. The second project studied the effect of a surfactant on virus assembly onto a gold chip. The experiments included placing a gold chip in virus solutions with varying triton concentrations (0-0.15%), then plating the virus particles with a metal. Results showed that as the triton concentration in the virus solution increases, the virus density on the surface decreases. The gold coated virus particles were applied to Surface Enhanced Raman Spectroscopy (SERS) detection in the final project. SERS is of interest for biosensor applications due to its rapid detection, low cost, portability, and label-free characteristics. In recent years, it has shown signal enhancement using gold, silver, and copper nanoparticles in solutions and on roughened surfaces. The gold plated virus surfaces were tested as SERS substrates using R6G dye as the analyte. An enhancement factor (EF) of 10^4 was seen in these samples versus the non-SERS substrate. This corresponded to the sample with 0.05% triton in the virus solution which showed the most intersection points between the virus particles and the most uniform coverage of the viruses on the surface. This value is lower than that of previous studies; however, future work may be performed to optimize conditions to achieve the highest signal possible.
  • Thumbnail Image
    Item
    Neutron Detection by Noble Gas Excimer Scintillation
    (2013) Beasten, Amy Elizabeth; Al-Sheikhly, Mohamad; Nuclear Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    The field of neutron detection has many essential applications, from nuclear reactor instrumentation, oil-well logging, radiation safety, and, in recent years, homeland security. Due to the shortage and increasing cost of the neutron absorber used in most conventional gas-filled proportional counters, there has been an increased motivation for the development of alternative methods of neutron detection that do not rely on 3He. Excimer-based neutron detection (END) is a potential alternative with many advantages, notably the lack of dependence on 3He. Similar to traditional proportional counters, END operates on the interaction of a neutron with a neutron absorbing nucleus (10B, 6Li, or 3He). The energetic charged particles produced in these reactions lose energy in the surrounding gas background and cause ionization and excitation of the noble gas molecules. The difference between END and traditional gas-filled detectors, which collect the ionized charge to produce a detectable signal, is the formation of noble gas excimers (Ar2*, Kr2*, or Xe2*). These excited dimers decay from an excited state back to ground level and emit far-ultraviolet (FUV) radiation in the form of photons which can be collected using a photomultiplier tube (PMT) or other photon detector. The most important advantage to these potential detectors is the fact that they do not rely on the use of 3He. The excimer scintillation yield from rare noble gases following the 10B neutron capture reaction in both 10B enriched BF3 gas and reticulated vitreous carbon foam (RVC) coated with a layer of B4C is the focus of this thesis. Experimental data were collected at the National Institute of Standards and Technology (NIST) and on a recently established thermal neutron beamline at the Maryland University Training Reactor (MUTR). The comparison of these data to data from previous thin-film experiments provides the groundwork for the continuation of future END work using these materials, which will be used to develop and optimize a deployable neutron detector based on excimer emission.
  • Thumbnail Image
    Item
    Modeling Helicopter Near-Horizon Harmonic Noise due to Transient Maneuvers
    (2013) Sickenberger, Richard Dwight; Baeder, James; Schmitz, Fredric; Aerospace Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    A new first principles model has been developed to estimate the external harmonic noise radiation for a helicopter performing transient maneuvers in the longitudinal plane. This model, which simulates the longitudinal fuselage dynamics, main rotor blade flapping, and far field acoustics, was validated using in-flight measurements and recordings from ground microphones during a full-scale flight test featuring a Bell 206B-3 helicopter. The flight test was specifically designed to study transient maneuvers. The validated model demonstrated that the flapping of the main rotor blades does not significantly affect the acoustics radiated by the helicopter during maneuvering flight. Furthermore, the model also demonstrated that Quasi-Static Acoustic Mapping (Q-SAM) methods can be used to reliably predict the noise radiated during transient maneuvers. The model was also used to identify and quantify the contributions of main rotor thickness noise, low frequency loading noise, and blade-vortex interaction (BVI) noise during maneuvering flight for the Bell 206B-3 helicopter. Pull-up and push-over maneuvers from pure longitudinal cyclic and pure collective control inputs were investigated. The contribution of thickness noise and low frequency loading noise during maneuvering flight was found to depend on the orientation of the tip-path plane relative to the observer. The contribution of impulsive BVI noise during maneuvering flight was found to depend on the inflow through the main rotor and the orientation of the tip-path plane relative to the observer.
  • Thumbnail Image
    Item
    The Development and Testing of an Implicit Lie Detection System
    (2008-12-01) Roberts, Scott Peter; Sigall, Harold; Psychology; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    A series of five experiments were conducted to explore whether Greenwald, McGhee, & Schwartz's (1998) Implicit Association Test (IAT), which purportedly measures implicit affective evaluations, could be modified to differentiate between honest and deceptive responding to forced-choice questioning. Experiments 1 and 2 demonstrated that a dual-discrimination task can in fact be useful in deception detection but that the relative reaction time differences run opposite in direction from those expected from the typical IAT bias pattern. Subsequent experiments assessed the procedure's susceptibility to simple countermeasures (Experiment 4) and tested variations to its trial sequence (Experiment 3) and stimulus presentation (Experiment 5). Neither of the two procedure variants was successful in producing above-chance predictions and instructions to delay reactions times to a constant latency sufficiently undermined the original procedure's efficacy. The applied limitations notwithstanding, the present research extends the relevance of dual-discrimination methodologies and supports the idea that biographical information is cognitively represented such that what is known to be true or false is implicitly associated with one's general concepts of "truth" and "lie" respectively.
  • Thumbnail Image
    Item
    NONLINEAR DETECTION, ESTIMATION, AND CONTROL FOR FREE-SPACE OPTICAL COMMUNICATION
    (2008-08-01) Komaee, Arash; Krishnaprasad, P. S.; Narayan, Prakash; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    In free-space optical communication, the intensity of a laser beam is modulated by a message, the beam propagates through free-space or atmosphere, and eventually strikes the receiver. At the receiver, an optical sensor converts the optical energy into an electrical signal, which is processed to reconstruct the original message. The promising features of this communication scheme such as high-bandwidth, power efficiency, and security, render it a viable means for high data rate point-to-point communication. In this dissertation, we adopt a stochastic approach to address two major issues associated with free-space optics: digital communication over an atmospheric channel and maintaining optical alignment between the transmitter and the receiver, in spite of their relative motion. Associated with these issues, we consider several detection, estimation, and optimal control problems with point process observations. Although these problems are motivated by applications in free-space optics, they are also of direct relevance to the general field of estimation theory and stochastic control. We study the detection aspect of digital communication over an atmospheric channel. This problem is formulated as an M-ary hypothesis testing problem involving a doubly stochastic marked and filtered Poisson process in white Gaussian noise. The formal solutions we obtain for this problem are hard to express in an explicit form, thus we approximate them by appropriate closed form expressions. These approximations can be implemented using finite-dimensional, nonlinear, causal filters. Regarding the optical alignment issue, we consider two problems: active pointing and cooperative optical beam tracking. In the active pointing scheme that we develop for short range applications, the receiving station estimates the center of its incident optical beam based on the output of a position-sensitive photodetector. The transmitter receives this estimate via an independent communication link and incorporates it to accurately aim at the receiving station. A cooperative optical beam tracking system consists of two stations in such a manner that each station points its optical beam toward the other one. The stations employ the arrival direction of the incident optical beams as a guide to precisely point their own beam toward the other station. We develop a detailed stochastic model for this system and employ it to determine a control law which maximizes the flow of optical energy between the stations. In so doing, we consider the effect of light propagation delay, which requires a point-ahead mechanism to compensate for the displacement of the receiving station during propagation time.
  • Thumbnail Image
    Item
    Physics-Based Detection of Subpixel Targets in Hyperspectral Imagery
    (2007-04-25) Broadwater, Joshua Bret; Chellappa, Ramalingam; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Hyperspectral imagery provides the ability to detect targets that are smaller than the size of a pixel. They provide this ability by measuring the reflection and absorption of light at different wavelengths creating a spectral signature for each pixel in the image. This spectral signature contains information about the different materials within the pixel; therefore, the challenge in subpixel target detection lies in separating the target's spectral signature from competing background signatures. Most research has approached this problem in a purely statistical manner. Our approach fuses statistical signal processing techniques with the physics of reflectance spectroscopy and radiative transfer theory. Using this approach, we provide novel algorithms for all aspects of subpixel detection from parameter estimation to threshold determination. Characterization of the target and background spectral signatures is a key part of subpixel detection. We develop an algorithm to generate target signatures based on radiative transfer theory using only the image and a reference signature without the need for calibration, weather information, or source-target-receiver geometries. For background signatures, our work identifies that even slight estimation errors in the number of background signatures can severely degrade detection performance. To this end, we present a new method to estimate the number of background signatures specifically for subpixel target detection. At the core of the dissertation is the development of two hybrid detectors which fuse spectroscopy with statistical hypothesis testing. Our results show that the hybrid detectors provide improved performance in three different ways: insensitivity to the number of background signatures, improved detection performance, and consistent performance across multiple images leading to improved receiver operating characteristic curves. Lastly, we present a novel adaptive threshold estimate via extreme value theory. The method can be used on any detector type - not just those that are constant false alarm rate (CFAR) detectors. Even on CFAR detectors our proposed method can estimate thresholds that are better than theoretical predictions due to the inherent mismatch between the CFAR model assumptions and real data. Additionally, our method works in the presence of target detections while still estimating an accurate threshold for a desired false alarm rate.
  • Thumbnail Image
    Item
    Shadow detection in videos acquired by stationary and moving cameras
    (2005-12-09) Trias, Antonio; Chellappa, Rama; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Shadow Detection has become a key issue in object detection, tracking and recognition problems. Object appearances might be completely changed by the effects of shading and shadows. Finding good algorithms for shadow detection and reducing shading effects in order to segment objects from video sequences, will enhance the performance of our detection, tracking and recognition algorithms. In this thesis, we present data, physics and model-driven approaches for detecting shadows and correcting shading effects. The effectiveness of these algorithms in video sequences acquired by stationary surveillance cameras and airborne platforms is illustrated.
  • Thumbnail Image
    Item
    Effects of Temperature and Aerosol Content on Laser-Induced Breakdown Spectroscopy Detection Limits
    (2004-12-06) Kratzsch, Kyle; Buckley, Steven G; Mechanical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Research to analyze effects of ambient temperature and aerosol dispersity on Laser-Induced Breakdown Spectroscopy (LIBS) detection limits is presented in this study. The theoretical results are applicable to future gas turbine exhaust monitoring with LIBS. Modification of a traditional LIBS system provides a method for in situ sampling in a gas turbine exhaust stream. Data collection in a controlled laboratory environment was performed with a LIBS system modified with an intrusive sampling probe to study the effects of temperature and aerosol dispersity on the limits of detection for chromium (Cr), magnesium (Mg), manganese (Mn), and titanium (Ti) particulate. Results show that increasing the temperature of the aerosol flow decreases the elemental mass required for LIBS detection, thereby increasing system sensitivity. Similar gains in system sensitivity occur when samples are taken from monodisperse aerosol relative to polydisperse aerosol. The lowest detection limits of 117 fg Cr, 95 fg Mg, 106 fg Mn, and 841 fg Ti occur when sampling from monodisperse aerosol flow at room temperature conditions.
  • Thumbnail Image
    Item
    DETECTION AND CHARACTERIZATION OF ESCHERICHIA COLI O157:H7 AND SALMONELLA IN FOOD
    (2004-04-26) CUI, SHENGHUI; MENG, JIANGHONG; Food Science
    Escherichia coli O157:H7 and Salmonella are among the most important foodborne pathogens that cause millions cases of infections and hundreds deaths each year in the United States. Beef and poultry products are frequently recognized transmission media for these two organisms. Rapid detection and isolation methods applied to beef or chicken products are expected for these two bacteria. A rapid sample preparation method for E. coli O157:H7 detection by PCR method in ground beef samples was developed by combining different techniques, including filtration, centrifugation, enzyme digestion, and DNA extraction. The detection limit of this method was 103 cells/g without enrichment, and 100 cells/g can be detected after 6 h en-richment. For Salmonella, a poultry specific isolation method was modified from the USDA/FSIS manual by considering the specific characteristics of poultry products. Higher than 95% of the suspect colonies isolated by using the modified method were confirmed as Salmonella by PCR/API 20 E tests. This method was applied on retail organic and conventional chicken samples for Salmonella isolation. All Salmonella isolates were further characterized by serotyping, PFGE and antibiotics susceptibility tests. The results indicated that organic and conventional chicken samples were frequently contaminated with Salmonella, and that Salmonella from organic chicken were more susceptible to antimicrobials commonly used in human and veterinary medicine. High acid resistance capability is another unique characteristic of E. coli O157:H7 which is correlated with low infection dose of this pathogen. Survival mechanism of E. coli O157:H7 cells in gastric juice or acidified LB (pH 2.5) was studied, it was found that the limited availability of glutamate and/or arginine creates an illusion of cell-density-dependent acid sensitive phenotype of E. coli O157:H7 during acid-challenge.