An official website of the United States government
Abstract The problem of distinguishing identical twins and non‐twin look‐alikes in automated facial recognition (FR) applications has become increasingly important with the widespread adoption of facial biometrics. Due to the high facial similarity of both identical twins and look‐alikes, these face pairs represent the hardest cases presented to facial recognition tools. This work presents an application of one of the largest twin data sets compiled to date to address two FR challenges: (1) determining a baseline measure of facial similarity between identical twins and (2) applying this similarity measure to determine the impact of doppelgangers, or look‐alikes, on FR performance for large face data sets. The facial similarity measure is determined via a deep convolutional neural network. This network is trained on a tailored verification task designed to encourage the network to group together highly similar face pairs in the embedding space and achieves a test AUC of 0.9799. The proposed network provides a quantitative similarity score for any two given faces and has been applied to large‐scale face data sets to identify similar face pairs. An additional analysis that correlates the comparison score returned by a facial recognition tool and the similarity score returned by the proposed network has also been performed.
more »
« less
Anomaly Detection in ICS Networks with Fuzzy Hashing
Abstract—The recent increase in attacks against publicly networked industrial control systems (ICS) has demonstrated a need for network-based anomaly detection systems, offering realtime flagging of potentially malicious activity by internal and external threat actors. Fuzzy hashing, also known as similarity hashing, has gained popularity in malware analysis and digital forensics circles as it provides analysts functionality to determine the similarity of two pieces of data by providing a similarity score. This work proposes a scheme that utilizes the similarity score to find variations from a self-establishing baseline in an ICS network to identify anomalous network traffic sections that could signify malicious activity.
more »
« less
- Award ID(s):
- 1754101
- PAR ID:
- 10556876
- Editor(s):
- Sugunaraj, Niroop
- Publisher / Repository:
- IEEE
- Date Published:
- ISBN:
- 979-8-3503-8641-7
- Subject(s) / Keyword(s):
- Index Terms—ICS, SCADA, Fuzzy Hashing, Anomaly Detection, Operational Technology
- Format(s):
- Medium: X
- Location:
- Grand Forks, ND
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Recently, wireless communication technologies, such as Wireless Local Area Networks (WLANs), have gained increasing popularity in industrial control systems (ICSs) due to their low cost and ease of deployment, but communication delays associated with these technologies make it unsuitable for critical real-time and safety applications. To address concerns on network-induced delays of wireless communication technologies and bring their advantages into modern ICSs, wireless network infrastructure based on the Parallel Redundancy Protocol (PRP) has been proposed. Although application-specific simulations and measurements have been conducted to show that wireless network infrastructure based on PRP can be a viable solution for critical applications with stringent delay performance constraints, little has been done to devise an analytical framework facilitating the adoption of wireless PRP infrastructure in miscellaneous ICSs. Leveraging the deterministic network calculus (DNC) theory, we propose to analytically derive worst-case bounds on network- induced delays for critical ICS applications. We show that the problem of worst-case delay bounding for a wireless PRP network can be solved by performing network-calculus-based analysis on its non-feedforward traffic pattern. Closed-form expressions of worst-case delays are derived, which has not been found previously and allows ICS architects/designers to compute worst- case delay bounds for ICS tasks in their respective application domains of interest. Our analytical results not only provide insights into the impacts of network-induced delays on latency- critical tasks but also allow ICS architects/operators to assess whether proper wireless RPR network infrastructure can be adopted into their systems.more » « less
-
Malicious insiders cause significant loss to organizations. Due to an extremely small number of malicious activities from insiders, insider threat is hard to detect. In this article, we present a Dirichlet Marked Hawkes Process (DMHP) to detect malicious activities from insiders in real-time. DMHP combines the Dirichlet process and marked Hawkes processes to model the sequence of user activities. The Dirichlet process is capable of detecting unbounded user modes (patterns) of infinite user activities, while, for each detected user mode, one set of marked Hawkes processes is adopted to model user activities from time and activity type (e.g., WWW visit or send email) information so that different user modes are modeled by different sets of marked Hawkes processes. To achieve real-time malicious insider activity detection, the likelihood of the most recent activity calculated by DMHP is adopted as a score to measure the maliciousness of the activity. Since the majority of user activities are benign, those activities with low likelihoods are labeled as malicious activities. Experimental results on two datasets show the effectiveness of DMHP.more » « less
-
Abstract Traditional tests of concept knowledge generate scores to assess how well a learner understands a concept. Here, we investigated whether patterns of brain activity collected during a concept knowledge task could be used to compute a neural ‘score’ to complement traditional scores of an individual’s conceptual understanding. Using a novel data-driven multivariate neuroimaging approach—informational network analysis—we successfully derived a neural score from patterns of activity across the brain that predicted individual differences in multiple concept knowledge tasks in the physics and engineering domain. These tasks include an fMRI paradigm, as well as two other previously validated concept inventories. The informational network score outperformed alternative neural scores computed using data-driven neuroimaging methods, including multivariate representational similarity analysis. This technique could be applied to quantify concept knowledge in a wide range of domains, including classroom-based education research, machine learning, and other areas of cognitive science.more » « less
-
Geometric Sensitive Hashing functions, a family of Local Sensitive Hashing functions, are neural network models that learn class-specific manifold geometry in supervised learning. However, given a set of supervised learning tasks, understanding the manifold geometries that can represent each task and the kinds of relationships between the tasks based on them has received little attention. We explore a formalization of this question by considering a generative process where each task is associated with a high-dimensional manifold, which can be done in brain-like models with neuromodulatory systems. Following this formulation, we define Task-specific Geometric Sensitive Hashing and show that a randomly weighted neural network with a neuromodulation system can realize this function.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- The DOI is not currently available.
