1 - 3 of 3
ItemContainer and VM Visualization for Rapid Forensic Analysis( 2020-01-07)Cloud-hosted software such as virtual machines and containers are notoriously difficult to access, observe, and inspect during ongoing security events. This research describes a new, out-of-band forensic tool for rapidly analyzing cloud based software. The proposed tool renders two-dimensional visualizations of container contents and virtual machine disk images. The visualizations can be used to identify container / VM contents, pinpoint instances of embedded malware, and find modified code. The proposed new forensic tool is compared against other forensic tools in a double-blind experiment. The results confirm the utility of the proposed tool. Implications and future research directions are also described.
ItemDNA Feature Selection for Discriminating WirelessHART IIoT Devices( 2020-01-07)This paper summarizes demonstration activity aimed at applying Distinct Native Attribute (DNA) feature selection methods to improve the computational efficiency of time domain fingerprinting methods used to discriminate Wireless Highway Addressable Remote Transducer (WirelessHART) devices being used in Industrial (IIoT) applications. Efficiency is achieved through Dimensional Reduction Analysis (DRA) performed here using both pre-classification analytic (WRS and ReliefF) and post-classification relevance (RndF and GRLVQI) feature selection methods. Comparative assessments are based on statistical fingerprint features extracted from experimentally collected WirelessHART signals, with Multiple Discrimination Analysis, Maximum Likelihood (MDA/ML) estimation showing that pre-classification methods are collectively superior to post-classification methods. Specific DRA results show that an average cross-class percent correct classification differential of 8% ≤ %CD ≤ 1% can be maintained using DRA selected feature sets containing as few as 24 (10%) of the 243 full-dimensional features. Reducing fingerprint dimensionality reduces computational efficiency and improves the potential for operational implementation.