415 research outputs found

    Efficient Identification of Timed Automata: Theory and practice

    No full text
    This thesis contains a study in a subfield of artificial intelligence, learning theory, machine learning, and statistics, known as system (or language) identification. System identification is concerned with constructing (mathematical) models from observations. Such a model is an intuitive description of a complex system. One of the main nice properties of models is that they can be visualized and inspected in order to provide insight into the different behaviors of a system. In addition, they can be used to perform different calculations, such as making predictions, analyzing properties, diagnosing errors, performing simulations, and many more. Models are therefore extremely useful tools for understanding, interpreting, and modifying different kinds of systems. Unfortunately, it can be very difficult to construct a model by hand. This thesis investigates the difficulty of automatically identifying models from observations. Observations of some process and its environment are given. These observations form sequences of events. Using system identification, we try to discover the logical structure underlying these event sequences. A well-known model of such a logical structure is the deterministic finite state automaton (DFA). A DFA is a language model. Hence, its identification (or inference) problem has been well studied in the grammatical inference field. Knowing this, we want to take an established method to learn a DFA and apply it to our event sequences. However, when observing a system there often is more information than just the sequence of symbols (events): the time at which these symbols occur is also available. A DFA can be used to model this time information implicitly. A disadvantage of such an approach is that it can result in an exponential blowup of both the input data and the resulting size of the model. In this thesis, we propose a different method that uses the time information directly in order to produce a timed model. We use a well-known DFA variant that includes the notion of time, called the timed automaton (TA). TAs are commonly used to model and reason about real-time systems. A TA models the timed information explicitly, i.e., using numbers. Because numbers use a binary representation of time, such an explicit representation can result in exponentially more compact models than an implicit representation. Therefore, also the time, space, and data required to identify TAs can be exponentially smaller than the time, space, and data required to identify DFAs. This efficiency argument is our main reason we are interested in identifying TAs. The work in this thesis makes four major contributions to the state-of-the-art on this topic: 1. It contains a thorough theoretical study of the complexity of identifying TAs from data. 2. It provides an algorithm for identifying a simple TA from labeled data, i.e., from event sequences for which it is known to which type of system behavior they belong. 3. It extends this algorithm to the setting of unlabeled data, i.e., from event sequences with unknown behaviors. 4. It shows how to apply this algorithm to the problem of identifying a real-time monitoring system. These contributions are of importance for anyone who is interested in identifying timed systems. Most importantly, both in our theoretical work and in our experiments we show that identifying a TA by using the time information directly is more efficient than identifying an equivalent DFA. In addition, our techniques can be applied to many interesting problems due to their generality. Examples are gaining insight into a real-time process, recognizing different process behaviors, identifying process models, and analyzing black-box systems.Software TechnologyElectrical Engineering, Mathematics and Computer Scienc

    Detecting malicious behaviour using system calls

    No full text
    The emergence of Apple’s Macintosh computers’ popularity introduces new threats and challenges for the security on the Mac. For a long time, OS X security has benefitted from the popularity of Microsoft Windows. The threat landscape for the Mac is rapidly changing as the marketshare of the Mac is approaching 15%1. Malware on Apple’s OS X systems emerges to be an increasing security threat that is currently solely countered with ancient anti-virus (AV) technologies [18]. Current AV technologies pose a performance overhead on the entire system and have an inherent delayed effectiveness, due to their signature based detection [15][31]. In addition, current malware uses many forms of obfuscation to prevent detection by AV technologies, redering AV technologies useless against advanced threats [15][31]. Consequently, the need for more advanced detection and prevention techniques of malware is increasing. Detection of malicious behaviour instead of malicious signatures, ought to provide a more advanced form of protection. A system call is referred to as the request and service of specific, basic, functionality provided to applications by the operating system. This Master thesis answers the research question: “Is it possible to detect malicious behaviour per- formed by malware, based on monitoring system calls?” Presented is a novel, generic, behavioural detection and prevention mechanism for malware on OS X based on system calls. System call traces can be used to describe the behaviour of processes [11]. Much effort was put into the development of a kernel module that bypasses kernel security mechanisms and rewires one of the operating system’s core functionalities; system call handling. The rewiring of system call handling provided the ability to log all of the system call invocations performed by processes running on the monitored system. A significant amount of OS X malware and benign applications were executed in a monitored environment of which system call traces were collected. Based on analysing heat map visualisations and manual sequential analysis of the system call traces of both malicious and benign processes, anomalies in the malicious traces could be observed. Subsequently, several mali- cious system call patterns and detection rules were extracted providing detection of malware on OS X. The most successful defined pattern is constructed around the executions of Unix shell processes per- formed by malware. It is shown that this detection pattern results in a 100% detection rate of all malware possible to obtain for this thesis. Even advanced malware in an infected OS X application, known as OSX.KeyRanger.A, was detected using this method. In order to evaluate the False Positive Rate (FPR) accurately in real world scenarios, three different user profiles were defined. Applications distributed via the Mac App Store do not generate false positives. In case of the developer user profile type, the FPR increases to 20%. Applications responsible for the false positives feature a cross-platform nature, such as MATLAB, R, LaTeX and interpreters for scripting languages. A conducted survey under Mac users verified these conclusions. However, the number of false positive generating benign applications is very limited and whitelisting solutions provided can reduce the FPR in this developer user profile.Electrical Engineering, Mathematics and Computer ScienceIntelligent System

    Mobile Application Security: An assessment of bunq's financial app

    No full text
    Several blackbox testing techniques were researched and put to practice. Using these techniques, an assessment of bunq's app has been made.Cyber Security GroupIntelligent SystemsElectrical Engineering, Mathematics and Computer Scienc

    Context-Based Spelling Correction for the Dutch Language: Applied on spelling errors extracted from the Dutch Wikipedia revision history

    No full text
    In this thesis we did research on context-based spellchecking approaches for the Dutch language. Context-based approaches enable the detection of real-word spelling errors by using the context in which the errors occur. We also assessed if we could improve the ranking of replacement candidates by using the context. To be able to measure the performance of the different techniques used, a dataset containing erroneous-corrected sentence pairs was obtained from the Dutch Wikipedia revision history. This dataset contains a wide variety of human generated spelling errors, and consists of over 1.4 million instances. It can serve as a basis for further research. The obtained dataset showed to be a valuable source for the creation of an error model, with which we could improve the ranking of candidate replacement words. This model takes the character context in which erroneous edit operations occur into account, and therefore reflects what kind of edit operations are more likely to occur. The spellchecking results using our dataset show that the context-based approach used, works for both the detection of errors and the ranking of candidate replacements. A comparison with literature was made to assess if the technique used performs as good for Dutch as for English and we conclude that the performance is comparable. The error model trained on our dataset was shown to work better than the context-based approach for the task of candidate ranking.Information ArchitectureWeb Information SystemsElectrical Engineering, Mathematics and Computer Scienc

    Feather-pecking and injurious pecking in organic laying hens in 107 flocks from eight european countries

    No full text
    Feather-pecking and cannibalism may reduce the potential of organic husbandry to enhance the welfare of laying hens. We report risk factors for these issues based on a large survey of 107 commercial flocks in eight European countries. Information was collected regarding housing, management and flock characteristics (age, genotype). Near the end of lay, 50 hens per flock were assessed for plumage condition and wounds. Potential influencing factors were screened and submitted to a multivariate model. The majority of the flocks (81%) consisted of brown genotypes and were found in six countries. Since white genotypes (19%) were found only in the two Scandinavian countries, a country effect could not be excluded. Therefore, separate models were made for brown and white genotypes. Feather damage in brown hens could be explained by a model containing a lower dietary protein content and no daily access to the free range (30% of the variation explained). For feather damage in white hens, no model could be made. Wounds in brown hens were associated with not having daily access to free range (14% of the variation explained). Wounds in white hens were explained by a model containing not topping-up litter during the laying period (26% of the variation explained). These results suggest that better feeding management, daily access to the free-range area and improved litter management may reduce incidence of plumage damage and associated injurious pecking, hence enhancing the welfare of organic laying hens. Since this was an epidemiological study, further experimental studies are needed to investigate the causal relationships

    Modelling of Induction Heating for Offshore Pipeline Field Joints: A Systematic Approach for Development of a Simulation Model Leading Towards Understanding of Induction Heating Parameters for Optimised Heat Profile Design

    No full text
    Induction heating is used to heat offshore pipeline field joints to a required temperature for application of anti-corrosion coatings. The objective of induction heating is to obtain a uniform surface temperature of typically 230 ± 10 °C in a time-span of minutes. The desired temperature profile of the field joint, also known as heat profile is usually obtained in an systematic experimental approach by fine tuning of the coil geometry and power settings. The experimental approach contains many individual experiments which is time and resource consuming, especially whenever a complex geometry (a collar) is present in the field joint. For the experimental approach, Heerema Marine Contractors mainly relies on know-how about induction heating provided by subcontractors. In future, development of deep water oil fields will result in high operational flow line temperatures. This development increases the performance requirements for anti-corrosion coatings, leading towards increased requirements for more equally heated field joint surfaces. The challenges of uniform surface heating of collars, the dependence on subcontractors and the future developments are the motivation for this research project. Heerema Marine Contractors has the ambition to improve control of the induction heating process, to be able to deliver good quality flow lines required for future developments. The objective of this research project is the development of an induction heating prediction model based on understanding of the underlying physics. Modelling of induction heating is a complex field of engineering which only gained interest since the 1990's due to major improvements in computing power of PCs. Little knowledge is available in literature about development of an accurate induction heating prediction model. Therefore it was decided to use a systematic approach in which a prediction model was developed from a basic cylinder model by various steps into a full-scale model including a complex geometry. Firstly, material properties were obtained. Literature and analysis of Maxwell's equations showed that accurate evaluation of material properties and its temperature dependence is a key towards accurate predictions of the induction heating process. Secondly, a basic model was developed based on a simplified geometry of the field joint. Due to limited time and resources it was chosen to perform frequency-transient analyses. Therefore non-linearities in magnetic fields were linearised. This model was verified by use of a semi-analytical equations and found to be suitable for further development. After verification of the basic model, the model was used to model small-scale geometries including collar. It was concluded that hysteresis losses can have a significant contribution in high frequency induction heating and must be taken into account in modelling to obtain accurate temperature predictions. A simplified method was introduced to account for hysteresis losses in linearised magnetic fields. After validation with high frequency experiments, the model predicted for 90% of all data within ±10 °C of experimental data. The largest offset with respect to experimental data was considered to be the minimum achieved accuracy. The accuracy was Tpredicted = Tmeasured ± 13 °C. The small-scale model was used as basis for a full-scale model in which a typical offshore pipeline field joint was modelled. Due to high magnetic field intensities it was concluded that saturation in the magnetic flux density has a significant effect on the induction heating process. The model was validated by use of experiments. Two validation steps were included: first without collar and second with collar. The model predicted for 88% of all data within ± 10 °C of experimental data based on a field joint without collar. Based on the largest offset with experimental data the accuracy of the model was Tpredicted = Tmeasured ± 15 °C. For modelling of a field joint with collar, accurate results could only be obtained in validation for a limited range of the magnetic field intensity due to non-linear limitations in the solver technique. The required accuracy of ±10 °C was too ambitious for the model developed in the thesis project. However, the limitations can be overcome when a full time-dependent solver would be used, which results in long simulation times. During small-scale experiments it was observed that the induction heating process is very sensitive and therefore repeatability of the induction heating process is limited. During full-scale experiments for the validation of the model, large temperature deviations on the field joint were observed on positions that should have had an equal temperature. The precision of experimental measurements was limited, since deviations up to 11 \degree C were present. Therefore it was concluded that further development and validation of an accurate prediction model is limited by the experimental precision. The research project was the start of a greater project within Heerema Marine Contractors, in which the model developed during the thesis project can be further developed for optimisation of coil design. For further development it is recommended to improve the experimental methods to obtain validation data. A second recommendation is accurate determination of material properties of the alloys used in the field joint. Furthermore a time dependent solver should be selected to improve the non-linear magnetic relationship simulations for high magnetic field intensity around the collar.Aerospace EngineeringAerospace Structures and Material

    Combining learning with fuzzing for software deobfuscation

    No full text
    Software obfuscation is widely applied to prevent reverse engineering of applications. However, to evaluate security and validate behaviour we are interested in analysis such software. In this thesis, we give an overview of available obfuscation techniques as well as methods to undo this effort through reverse engineering and deobfuscation. We research active learning, which can be used to automatically learn state machine models of obfuscated software. These state machine models give insight into the behaviour of the program. We identify opportunities to improve the quality of existing active learning algorithms through the use of fuzzing to generate test cases. We utilise the AFL fuzzer, which uses a genetic algorithm in combination with test case mutation to create test cases for a target program. By using insight into the program's execution for each test case, it can create more relevant test cases compared to implementations that do not use this information. We use the generated test cases to find counterexamples for learned state machine models; these counterexamples can then be used by the learning algorithm to significantly improve the quality of the learned model. Compared to active learning with the W-method for test case generation, our combination of learning and fuzzing learns models of obfuscated programs with up to 343x more states, and consequently incorporates more of the program's behaviour into the learned state machine model.Embedded SystemsIntelligent Systems, Cyber Security GroupElectrical Engineering, Mathematics and Computer Scienc

    What Does Passive Learning Bring To Adyen?

    No full text
    Analyzing large numbers of log entries can be challenging, especially when there are many short log entries that each describe only one execution of the system, either successful or unsuccessful. How can one determine whether the system is working correctly, based on these logs? The logs that are of interest (e.g., log entries pointing towards some anomaly in the system) may be hidden between all the logs that are of less interest. Luckily, there are so-called passive learning tools that infer a (graph) model from such set of logs, which allows the user to oversee all paths that were taken in the system. In this thesis, we discuss the opportunities for passive learning for Adyen, a large-scale payment company. We compare three different open source passive learning tools (namely Synoptic, InvariMint, and DFASAT) in terms of runtime performance and output complexity, and show that all tools struggle with an increasing input size. We also share the results of a survey we conducted under developers to identify their perceptions, and for which purpose(s) they would use such tools. Furthermore, we provide six examples of different types of analyses that are possible with passive learning (such as finding bugs, comparing within a context, and analyzing timings), and that are useful for the company. We include a short guide on how to adopt passive learning, and what we had to change in one of the tools to make it so useful. Finally, we show how a graph difference tool can help to compare different graphs, for example over different time intervals. This tool highlights differences in both structure and frequencies. Altogether, this shows what passive learning brings to Adyen.Electrical Engineering, Mathematics and Computer ScienceIntelligent SystemsSoftware Engineering Research Grou

    Intelligent Malware Defenses

    No full text
    With rapidly evolving threat landscape surrounding malware, intelligent defenses based on machine learning are paramount. In this chapter, we review the literature proposed in the past decade and identify the state-of-the-art in various related research directions—malware detection, malware analysis, adversarial malware, and malware author attribution. We discuss challenges that emerge when machine learning is applied to malware. We also identify the key issues that need to be addressed by the research community in order to further deepen and systematize research in the malware domain.Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Cyber Securit
    corecore