Andrew Crampton scite author profile

2019

Ransomware is a continuing threat and has resulted in the battle between the development and detection of new techniques. Detection and mitigation systems have been developed and are in wide-scale use; however, their reactive nature has resulted in a continuing evolution and updating process. This is largely because detection mechanisms can often be circumvented by introducing changes in the malicious code and its behaviour. In this paper, we demonstrate a classification technique of integrating both static and dynamic features to increase the accuracy of detection and classification of ransomware. We train supervised machine learning algorithms using a test set and use a confusion matrix to observe accuracy, enabling a systematic comparison of each algorithm. In this work, supervised algorithms such as the Naïve Bayes algorithm resulted in an accuracy of 96% with the test set result, SVM 99.5%, random forest 99.5%, and 96%. We also use Youdens index to determine sensitivity and specificity.

Identification of irregularities and allocation suggestion of relative file system permissions

Parkinson

Journal of Information Security and Applications

2016

It is well established that file system permissions in large, multi-user environments can be audited to identify vulnerabilities with respect to what is regarded as standard practice. For example, identifying that a user has an elevated level of access to a system directory which is unnecessary and introduces a vulnerability. Similarly, the allocation of new file system permissions can be assigned following the same standard practices. On the contrary, and less well established, is the identification of potential vulnerabilities as well as the implementation of new permissions with respect to a system's current access control implementation. Such tasks are heavily reliant on expert interpretation. For example, the assigned relationship between users and groups, directories and their parents, and the allocation of permissions on file system resources all need to be carefully considered.This paper presents the novel use of statistical analysis to establish independence and homogeneity in allocated file system permissions. This independence can be interpreted as potential anomalies in a system's implementation of access control. The paper then presents the use of instance-based learning to suggest the allocation of new permissions conforming to a system's current implementation structure. Following this, both of the presented techniques are then included in a tool for interacting with Microsoft's New Technology File System permissions (NTFS). This involves experimental analysis on six different NTFS directories structures within different organisations. From using this tool we can establish the effectiveness of the developed techniques by evaluating the true positive and true negative instances. The presented results demonstrate the potential of the proposed techniques for overcoming complexities with real-world file system administration.

Detecting and approximating fault lines from randomly scattered data

Mason

2005

Numer Algor

Discretely defined surfaces that exhibit vertical displacements across unknown fault lines can be difficult to approximate accurately unless a representation of the faults is known. Accurate representations of these faults enable the construction of constrained approximation models that can successfully overcome common problems such as over-smoothing.In this paper we review an existing method for detecting fault lines and present a new detection approach based on data triangulations and discrete Gaussian curvature (DGC). Furthermore, we show that if the fault line can be described non-parametrically, then accurate support vector machine (SVM) models can be constructed that are independent of the type of triangulation used in the detection algorithms. We shall also see that SVM models are particularly effective when the data produced by the detection algorithms are noisy. We compare the performances of the various new and established models.

Real-Time Path Planning using a Simulation-Based Markov Decision Process

Naveed

Kitchin

et al. 2011

This paper introduces a novel path planning technique called MCRT which is aimed at non-deterministic, partially known, real-time domains populated with dynamically moving obstacles, such as might be found in a real-time strategy (RTS) game. The technique combines an efficient form of Monte-Carlo tree search with the randomized exploration capabilities of rapidly exploring random tree (RRT) planning. The main innovation of MCRT is in incrementally building an RRT structure with a collision-sensitive reward function, and then re-using it to efficiently solve multiple, sequential goals. We have implemented the technique in MCRT-planner, a program which solves non-deterministic path planning problems in imperfect information RTS games, and evaluated it in comparison to four other state of the art techniques. Planners embedding each technique were applied to a typical RTS game and evaluated using the game score and the planning cost. The empirical evidence demonstrates the success of MCRT-planner.

In-Plane Vibration Investigations of a Noisy Twin Calliper Disc Brake

Fieldhouse

Talbot

Steel

et al. 2003