Results 1  10
of
109
Polymorphic Worm Detection Using Structural Information of Executables
 In RAID
, 2005
"... Abstract. Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities that affect a large number of hosts. Because of the speed at which worms spread to large computer populations, countermeasures based on human reaction time are not feasible. Therefo ..."
Abstract

Cited by 105 (12 self)
 Add to MetaCart
Abstract. Network worms are malicious programs that spread automatically across networks by exploiting vulnerabilities that affect a large number of hosts. Because of the speed at which worms spread to large computer populations, countermeasures based on human reaction time are not feasible. Therefore, recent research has focused on devising new techniques to detect and contain network worms without the need of human supervision. In particular, a number of approaches have been proposed to automatically derive signatures to detect network worms by analyzing a number of wormrelated network streams. Most of these techniques, however, assume that the worm code does not change during the infection process. Unfortunately, worms can be polymorphic. That is, they can mutate as they spread across the network. To detect these types of worms, it is necessary to devise new techniques that are able to identify similarities between different mutations of a worm. This paper presents a novel technique based on the structural analysis of binary code that allows one to identify structural similarities between different worm mutations. The approach is based on the analysis of a worm’s control flow graph and introduces an original graph coloring technique that supports a more precise characterization of the worm’s structure. The technique has been used as a basis to implement a worm detection system that is resilient to many of the mechanisms used to evade approaches based on instruction sequences only.
A Lagrangian Relaxation Network for Graph Matching
 IEEE Trans. Neural Networks
, 1996
"... A Lagrangian relaxation network for graph matching is presented. The problem is formulated as follows: given graphs G and g, find a permutation matrix M that brings the two sets of vertices into correspondence. Permutation matrix constraints are formulated in the framework of deterministic annealing ..."
Abstract

Cited by 26 (7 self)
 Add to MetaCart
A Lagrangian relaxation network for graph matching is presented. The problem is formulated as follows: given graphs G and g, find a permutation matrix M that brings the two sets of vertices into correspondence. Permutation matrix constraints are formulated in the framework of deterministic annealing. Our approach is in the same spirit as a Lagrangian decomposition approach in that the row and column constraints are satisfied separately with a Lagrange multiplier used to equate the two "solutions." Due to the unavoidable symmetries in graph isomorphism (resulting in multiple global minima), we add a symmetrybreaking selfamplification term in order to obtain a permutation matrix. With the application of a fixpoint preserving algebraic transformation to both the distance measure and selfamplification terms, we obtain a Lagrangian relaxation network. The network performs minimization with respect to the Lagrange parameters and maximization with respect to the permutation matrix variable...
On the (Non)Universality of the OneTime Pad
 In Proc. 43rd FOCS
, 2002
"... Randomization is vital in cryptography: secret keys should be randomly generated and most cryptographic primitives (e.g., encryption) must be probabilistic. As a common abstraction, it is assumed that there is a source of truly random bits available to all the participants of the system. While conve ..."
Abstract

Cited by 22 (12 self)
 Add to MetaCart
Randomization is vital in cryptography: secret keys should be randomly generated and most cryptographic primitives (e.g., encryption) must be probabilistic. As a common abstraction, it is assumed that there is a source of truly random bits available to all the participants of the system. While convenient, this assumption is often highly unrealistic, and cryptographic systems have to be built based on imperfect sources of randomness. Remarkably, this fundamental problem has received little or no attention so far, despite the fact that a related question of simulating probabilistic (BPP) algorithms with imperfect random sources has a long and rich history.
Modelling And Solving English Peg Solitaire
 PROCEEDINGS CPAIOR'03
, 2003
"... Peg Solitaire is a well known puzzle which can prove difficult despite its simple rules. Pegs are arranged on a board such that at least one `hole' remains. By making draughtslike moves, pegs are gradually removed until no further moves are possible or some goal configuration is achieved. T ..."
Abstract

Cited by 21 (10 self)
 Add to MetaCart
Peg Solitaire is a well known puzzle which can prove difficult despite its simple rules. Pegs are arranged on a board such that at least one `hole' remains. By making draughtslike moves, pegs are gradually removed until no further moves are possible or some goal configuration is achieved. This paper considers the English variant, consisting of a board in a cross shape with 33 holes. Modelling Peg Solitaire via CP or OR techniques presents a considerable challenge and is examined in detail. The merits of the resulting models are discussed and they are compared empirically. The sequential nature of the puzzle naturally conforms to a planning problem, hence we also present an experimental comparison with several leading AI planning systems. Other
Determinant factorization: A new encoding scheme for spanning trees applied to the probabilistic minimum spanning tree problem
 In Eschelman, L. (Ed.), Proceedings of the S9cth International Conference on Genetic Algorithms
, 1995
"... This paper describes a new encoding scheme for the representation of spanning trees. This new encoding scheme is based on the factorization of the determinant of the indegree matrix of the original graph. Each factor represents a spanning tree if the determinant corresponding to that factor is equa ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
This paper describes a new encoding scheme for the representation of spanning trees. This new encoding scheme is based on the factorization of the determinant of the indegree matrix of the original graph. Each factor represents a spanning tree if the determinant corresponding to that factor is equal to one. Our new determinant encoding will be compared to the Prufer encoding, and to the node and link biased encoding by solving an NPcomplete variation of the minimum spanning tree problem, known as the Probabilistic Minimum Spanning Tree Problem. Given a connected graph G(V,E), a cost function c:E;!< +, and a probability function P:2V;![0 � 1], the problem is to nd an a priori spanning tree of minimum expected length. Our results show a signi cant improvement in using the new determinant encoding and the node and link biased encoding compared to Prufer's encoding. We also show empirically that our new determinant encoding scheme is as good as the node and link biased encoding. Our new determinant encoding works very well for restricted spanning trees, and for incomplete graphs. 1
Design and Analysis of Diagnosis Systems Using Structural Methods
, 2006
"... To my dear wife Åsa In complex and automated technological processes the effects of a fault can quickly propagate and lead to degradation of process performance or even worse to a catastrophic failure. This means that faults have to be found as quickly as possible and decisions have to be made to st ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
To my dear wife Åsa In complex and automated technological processes the effects of a fault can quickly propagate and lead to degradation of process performance or even worse to a catastrophic failure. This means that faults have to be found as quickly as possible and decisions have to be made to stop the propagation of their effects and to minimize process performance degradation. The behavior of the process is affected in different ways by different faults and the fault can be found by ruling out faults for which the expected behavior of the process is not consistent with the observed behavior. In modelbased diagnosis, a model describes the expected behavior of the process for the different faults. A device for finding faults is called a diagnosis system. In the diagnosis systems considered here, a number of tests check the consistency of different parts of the model, by using observations of the process. To be able to identify which fault that has occurred, the set of tests that is used must be carefully
The Shapley Value on Convex Geometries
, 2000
"... A game on a convex geometry is a realvalued function defined on the family L of the closed sets of a closure operator which satisfies the finite MinkowskiKreinMilman property. If L is the boolean algebra 2 N then we obtain an nperson cooperative game. Faigle and Kern investigated games where L i ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
A game on a convex geometry is a realvalued function defined on the family L of the closed sets of a closure operator which satisfies the finite MinkowskiKreinMilman property. If L is the boolean algebra 2 N then we obtain an nperson cooperative game. Faigle and Kern investigated games where L is the distributive lattice of the order ideal of the poset of players. We obtain two classes of axioms that give rise to a unique Shapley value for games on convex geometries.
Towards ModelBased Diagnosis of Coordination Failures
"... With increasing deployment of multiagent and distributed systems, there is an increasing need for failure diagnosis systems. While ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
With increasing deployment of multiagent and distributed systems, there is an increasing need for failure diagnosis systems. While
Formulating Usability
 ACM SIGCHI Bulletin
, 1998
"... Usability is empirical, and often highly contextspecific, but it would be useful for designers to have general estimates of usability from interactive system specifications alone. We discuss how this problem may be approached, and we give examples. We also discuss the justification for the appro ..."
Abstract

Cited by 14 (10 self)
 Add to MetaCart
Usability is empirical, and often highly contextspecific, but it would be useful for designers to have general estimates of usability from interactive system specifications alone. We discuss how this problem may be approached, and we give examples. We also discuss the justification for the approach, since it is unusual to measure usability without involving users. The explicit mathematical content of this paper has been deliberately kept to a minimum.
Maxtolerance graphs as intersection graphs: cliques, cycles, and recognition
 In Proceedings of the 17th annual ACMSIAM symposium on Discrete Algorithms (SODA
, 2006
"... Maxtolerance graphs can be regarded as generalized interval graphs, where two intervals Ii and Ij only induce an edge in the corresponding graph iff they overlap for an amount of at least max{ti, tj} where ti is an individual tolerance parameter associated to each interval Ii. A new geometric chara ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Maxtolerance graphs can be regarded as generalized interval graphs, where two intervals Ii and Ij only induce an edge in the corresponding graph iff they overlap for an amount of at least max{ti, tj} where ti is an individual tolerance parameter associated to each interval Ii. A new geometric characterization of maxtolerance graphs as intersection graphs of isosceles right triangles, shortly called semisquares, leverages the solution of various graphtheoretic problems in connection with maxtolerance graphs. First, we solve the maximal and maximum cliques problem. It arises naturally in DNA sequence analysis where the maximal cliques might be interpreted as functional domains carrying biologically meaningful information. We prove an upper bound of O(n 3) for the number of maximal cliques in maxtolerance graphs and give an efficient O(n 3) algorithm for their computation. In the same vein, the semisquare representation yields a simple proof for the fact that this bound is asymptotically tight, i.e., a class of maxtolerance graphs is presented where the instances have Ω(n 3) maximal cliques. Additionally, we answer an open question posed in [8] by showing that maxtolerance graphs do not contain complements of cycles Cn for n> 9. By exploiting the new representation more deeply, we can go even further and prove that the recognition problem for maxtolerance graphs is NPhard.