Proprietary (or semi-proprietary) protocols are widely adopted in industrial control systems (ICSs). Inferring protocol format by reverse engineering is important for many network security applications, e.g., program tests and intrusion detection. Conventional protocol reverse engineering methods have been proposed which are considered time-consuming, tedious, and error-prone. Recently, automatical protocol reverse engineering methods have been proposed which are, however, neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations. In this paper, we present a framework called the industrial control system protocol reverse engineering framework (ICSPRF) that aims to extract ICS protocol fields with high accuracy. ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context, e.g., basic block (BBL) group. As a result, by monitoring program execution, we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format. We evaluate our approach with six open-source ICS protocol implementations. The results show that ICSPRF can identify individual protocol fields with high accuracy (on average a 94.3% match ratio). ICSPRF also has a low coarse-grained and overly fine-grained match ratio. For the same metric, ICSPRF is more accurate than AutoFormat (88.5% for all evaluated protocols and 80.0% for binary-based protocols).
In recent years, PowerShell has increasingly been reported as appearing in a variety of cyber attacks. However, because the PowerShell language is dynamic by design and can construct script fragments at different levels, state-of-the-art static analysis based PowerShell attack detection approaches are inherently vulnerable to obfuscations. In this paper, we design the first generic, effective, and lightweight deobfuscation approach for PowerShell scripts. To precisely identify the obfuscated script fragments, we define obfuscation based on the differences in the impacts on the abstract syntax trees of PowerShell scripts and propose a novel emulation-based recovery technology. Furthermore, we design the first semantic-aware PowerShell attack detection system that leverages the classic objective-oriented association mining algorithm and newly identifies 31 semantic signatures. The experimental results on 2342 benign samples and 4141 malicious samples show that our deobfuscation method takes less than 0.5 s on average and increases the similarity between the obfuscated and original scripts from 0.5% to 93.2%. By deploying our deobfuscation method, the attack detection rates for Windows Defender and VirusTotal increase substantially from 0.33% and 2.65% to 78.9% and 94.0%, respectively. Moreover, our detection system outperforms both existing tools with a 96.7% true positive rate and a 0% false positive rate on average.
Analyzing network robustness under various circumstances is generally regarded as a challenging problem. Robustness against failure is one of the essential properties of large-scale dynamic network systems such as power grids, transportation systems, communication systems, and computer networks. Due to the network diversity and complexity, many topological features have been proposed to capture specific system properties. For power grids, a popular process for improving a network’s structural robustness is via the topology design. However, most of existing methods focus on localized network metrics, such as node connectivity and edge connectivity, which do not encompass a global perspective of cascading propagation in a power grid. In this paper, we use an informative global metric algebraic connectivity because it is sensitive to the connectedness in a broader spectrum of graphs. Our process involves decreasing the average propagation in a power grid by minimizing the increase in its algebraic connectivity. We propose a topology-based greedy strategy to optimize the robustness of the power grid. To evaluate the network robustness, we calculate the average propagation using MATCASC to simulate cascading line outages in power grids. Experimental results illustrate that our proposed method outperforms existing techniques.
When obtaining three-dimensional (3D) face point cloud data based on structured light, factors related to the environment, occlusion, and illumination intensity lead to holes in the collected data, which affect subsequent recognition. In this study, we propose a hole-filling method based on stereo-matching technology combined with a B-spline. The algorithm uses phase information acquired during raster projection to locate holes in the point cloud, simultaneously extracting boundary point cloud sets. By registering the face point cloud data using the stereo-matching algorithm and the data collected using the raster projection method, some supplementary information points can be obtained at the holes. The shape of the B-spline curve can then be roughly described by a few key points, and the control points are put into the hole area as key points for iterative calculation of surface reconstruction. Simulations using smooth ceramic cups and human face models showed that our model can accurately reproduce details and accurately restore complex shapes on the test surfaces. Simulation results indicated the robustness of the method, which is able to fill holes on complex areas such as the inner side of the nose without a prior model. This approach also effectively supplements the hole information, and the patched point cloud is closer to the original data. This method could be used across a wide range of applications requiring accurate facial recognition.
Recently, graph neural networks (GNNs) have achieved remarkable performance in representation learning on graph-structured data. However, as the number of network layers increases, GNNs based on the neighborhood aggregation strategy deteriorate due to the problem of oversmoothing, which is the major bottleneck for applying GNNs to real-world graphs. Many efforts have been made to improve the process of feature information aggregation from directly connected nodes, i.e., breadth exploration. However, these models perform the best only in the case of three or fewer layers, and the performance drops rapidly for deep layers. To alleviate oversmoothing, we propose a nested graph attention network (NGAT), which can work in a semi-supervised manner. In addition to breadth exploration, a k-layer NGAT uses a layer-wise aggregation strategy guided by the attention mechanism to selectively leverage feature information from the kth-order neighborhood, i.e., depth exploration. Even with a 10-layer or deeper architecture, NGAT can balance the need for preserving the locality (including root node features and the local structure) and aggregating the information from a large neighborhood. In a number of experiments on standard node classification tasks, NGAT outperforms other novel models and achieves state-of-the-art performance.
This paper presents a novel multiple-outlier-robust Kalman filter (MORKF) for linear stochastic discrete-time systems. A new multiple statistical similarity measure is first proposed to evaluate the similarity between two random vectors from dimension to dimension. Then, the proposed MORKF is derived via maximizing a multiple statistical similarity measure based cost function. The MORKF guarantees the convergence of iterations in mild conditions, and the boundedness of the approximation errors is analyzed theoretically. The selection strategy for the similarity function and comparisons with existing robust methods are presented. Simulation results show the advantages of the proposed filter.
The H∞ control method is an effective approach for attenuating the effect of disturbances on practical systems, but it is difficult to obtain the H∞ controller due to the nonlinear Hamilton–Jacobi–Isaacs equation, even for linear systems. This study deals with the design of an H∞ controller for linear discrete-time systems. To solve the related game algebraic Riccati equation (GARE), a novel model-free minimax Q-learning method is developed, on the basis of an offline policy iteration algorithm, which is shown to be Newton’s method for solving the GARE. The proposed minimax Q-learning method, which employs off-policy reinforcement learning, learns the optimal control policies for the controller and the disturbance online, using only the state samples generated by the implemented behavior policies. Different from existing Q-learning methods, a novel gradient-based policy improvement scheme is proposed. We prove that the minimax Q-learning method converges to the saddle solution under initially admissible control policies and an appropriate positive learning rate, provided that certain persistence of excitation (PE) conditions are satisfied. In addition, the PE conditions can be easily met by choosing appropriate behavior policies containing certain excitation noises, without causing any excitation noise bias. In the simulation study, we apply the proposed minimax Q-learning method to design an H∞ load-frequency controller for an electrical power system generator that suffers from load disturbance, and the simulation results indicate that the obtained H∞ load-frequency controller has good disturbance rejection performance.
Driving behavior normalization is important for a fair evaluation of the driving style. The longitudinal control of a vehicle is investigated in this study. The normalization task can be considered as mapping of the driving behavior in a different environment to the uniform condition. Unlike the model-based approach as in previous work, where a necessary driver model is employed to conduct the driving cycle test, the approach we propose directly normalizes the driving behavior using an autoencoder (AE) when following a standard speed profile. To ensure a positive correlation between the vehicle speed and driving behavior, a gate constraint is imposed in between the encoder and decoder to form a gated AE (gAE). This approach is model-free and efficient. The proposed approach is tested for consistency with the model-based approach and for its applications to quantitative evaluation of the driving behavior and fuel consumption analysis. Simulations are conducted to verify the effectiveness of the proposed scheme.
The main purpose of this paper is to study different types of sampling formulas of quaternionic functions, which are bandlimited under various quaternion Fourier and linear canonical transforms. We show that the quaternionic bandlimited functions can be reconstructed from their samples as well as the samples of their derivatives and Hilbert transforms. In addition, the relationships among different types of sampling formulas under various transforms are discussed. First, if the quaternionic function is bandlimited to a rectangle that is symmetric about the origin, then the sampling formulas under various quaternion Fourier transforms are identical. If this rectangle is not symmetric about the origin, then the sampling formulas under various quaternion Fourier transforms are different from each other. Second, using the relationship between the two-sided quaternion Fourier transform and the linear canonical transform, we derive sampling formulas under various quaternion linear canonical transforms. Third, truncation errors of these sampling formulas are estimated. Finally, some simulations are provided to show how the sampling formulas can be used in applications.
While considering a mirror and light rays coming either from a point source or from infinity, the reflected light rays may have an envelope, called a caustic curve. In this paper, we study developable surfaces as mirrors. These caustic surfaces, described in a closed form, are also developable surfaces of the same type as the original mirror surface. We provide efficient, algorithmic computation to find the caustic surface of each of the three types of developable surfaces (cone, cylinder, and tangent surface of a spatial curve). We also provide a potential application of the results in contemporary free-form architecture design.
A radar task priority assignment method based on interval type-2 fuzzy logic system (IT2FLS) was designed to solve the problem of resource management for phased-array radar to detect hypersonic-glide vehicles (HGVs). The mathematical model of the radar task and the motion and detection models of HGVs are described in detail. The target threat of an HGV is divided into maneuver, speed, azimuth, and distance threats. In the radar task priority assignment method based on IT2FLS, the maneuver factor, speed, azimuth difference, distance, and initial priority are input variables. The radar task priority is the output variable. To reduce the number of fuzzy rules and avoid rule explosion, an IT2FLS with a hierarchical structure was designed. Finally, the feasibility of the task priority assignment method was verified by simulations. Simulation results showed that the method based on IT2FLS has a higher precise tracking rate, mean initial priority, and target threat degree, and a shorter offset time.