Gilbert Peterson - Profile on Academia.edu (original) (raw)

Papers by Gilbert Peterson

Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficul... more Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficult task. Code obfuscation is an anti-debugging technique makes detection even more challenging. The Rule Engine Detection by Intermediate Representation (REDIR) system for automated static detection of obfuscated anti-debugging techniques is a prototype designed to help the RCE analyst improve performance through this tedious task. Three tenets form the REDIR foundation. First, Intermediate Representation (IR) improves the analyzability of binary programs by reducing a large instruction set down to a handful of semantically equivalent statements. Next, an Expert System (ES) rule-engine searches the IR and initiates a sense-making process for anti-debugging technique detection. Finally, an IR analysis process confirms the presence of an anti-debug technique. The REDIR system is implemented as a debugger plug-in. Within the debugger, REDIR interacts with a program in the disassembly view. Debugger users can instantly highlight anti-debugging techniques and determine if the presence of a debugger will cause a program to take a conditional jump or fall through to the next instruction.

IET Computer Vision, 2016

Automated feature matching of nuclear detonations enables 3D point cloud reconstruction, and esta... more Automated feature matching of nuclear detonations enables 3D point cloud reconstruction, and establishment a volume-based model to reduce uncertainty in estimating the yield of nuclear detonations solely from video.

Ant colony optimization (ACO) algorithms can generate quality solutions to combinatorial optimiza... more Ant colony optimization (ACO) algorithms can generate quality solutions to combinatorial optimization problems. However, like many stochastic algorithms, the quality of solutions worsen as problem sizes grow. In an effort to increase performance, we added the variable step size off-policy hill-climbing algorithm called PDWoLF (Policy Dynamics Win or Learn Fast) to several ant colony algorithms: Ant System, Ant Colony System, Elitist-Ant System, Rank-based Ant System, and Max-Min Ant System. Easily integrated into each ACO algorithm, the PDWoLF component maintains a set of policies separate from the ant colony's pheromone. Similar to pheromone but with different update rules, the PDWoLF policies provide a second estimation of solution quality and guide the construction of solutions. Experiments on large traveling salesman problems (TSPs) show that incorporating PDWoLF with the aforementioned ACO algorithms that do not make use of local optimizations produces shorter tours than the ACO algorithms alone.

Improving occupancy grid FastSLAM by integrating navigation sensors

2011 IEEE/RSJ International Conference on Intelligent Robots and Systems, 2011

Proceedings of Spie the International Society For Optical Engineering, 2007

... against the embedded image and manipulates nearby DCT blocks to maintain DCT histogram. ... D... more ... against the embedded image and manipulates nearby DCT blocks to maintain DCT histogram. ... DCT as well as some commonly used wavelet decompositions used in image processing. ... The features are then generated by calculating the difference between a target coefficient in ...

Dynamic coalition formation under uncertainty

2009 Ieee Rsj International Conference on Intelligent Robots and Systems, Oct 1, 2009

Workload-Adaptive Human Interface to Aid Robust Decision Making in Human-System Interface. Year 1 Report

2007 40th Annual Hawaii International Conference on System Sciences, Jan 3, 2007

The Department of Electrical and Computer Engineering (AFIT/ENG) at the Air Force Institute of Te... more The Department of Electrical and Computer Engineering (AFIT/ENG) at the Air Force Institute of Technology (AFIT), currently offers a graduate-level introductory course in digital forensics. Students are introduced and exposed to several challenges and topics in the digital forensics course. The course addresses the ethical and legal procedures as well as basic forensic science principles in only the most general manner. A larger percentage of lecture and lab time is spent discussing the technical details of incident response and media analysis. The detail into the network forensics and digital device analysis topics start to breach technical details but not to the level of attempting mastery. This course provides our students with real world digital forensics experience to prepare them for the challenges they may face in postgraduate employment.

2014 Ieee Applied Imagery Pattern Recognition Workshop, Oct 1, 2014

During the 1950s and 1960s the United States conducted and filmed over 200 atmospheric nuclear te... more During the 1950s and 1960s the United States conducted and filmed over 200 atmospheric nuclear tests establishing the foundations of atmospheric nuclear detonation behavior. Each explosion was documented with about 20 videos from three or four points of view. Synthesizing the videos into a 3D video will improve yield estimates and reduce error factors. The videos were captured at a nominal 2500 frames per second, but range from 2300-3100 frames per second during operation. In order to combine them into one 3D video, individual video frames need to be correlated in time with each other. When the videos were captured a timing system was used that shined light in a video every 5 milliseconds creating a small circle exposed in the frame. This paper investigates several method of extracting the timing from images in the cases when the timing marks are occluded and washed out, as well as when the films are exposed as expected. Results show an improvement over past techniques. For normal videos, occluded videos, and washed out videos, timing is detected with 99.3%, 77.3%, and 88.6% probability with a 2.6%, 11.3%, 5.9% false alarm rate, respectively.

The Enhancement of Graduate Digital Forensics Education via the DC3 Digital Forensics Challenge

Hicss, 2009

... The last step was to read the optical image with WinHex [24]. When this step was performed, t... more ... The last step was to read the optical image with WinHex [24]. When this step was performed, the text “QDueling is legal in Paraguay as long as both parties are registered blood donors” was repeated for several hundred megabytes. ...

The Global Information Grid (GIG) is the military's computer and communications network which sup... more The Global Information Grid (GIG) is the military's computer and communications network which supports the myriad of military missions. Military missions are highly planned, passing through many hands in the strategy-to-task methodology to ensure completeness, accuracy, coordination, cohesion, and appropriateness. A benefit of this planning is the possibility to collect knowledge of future conditions that could be of use to network designers whose goals include optimizing and protecting the GIG. This advanced knowledge includes which networked military equipment will be involved, what their capabilities are, where they will be, when they will be there, and particulars on the required data flows. A Network Tasking Order process is proposed as a means of collecting this information, analyzing the information to generate network taskings, and disseminating those taskings. Tactical integration of assets in mobile networks is introduced as another planning variable in the battlefield; not unlike logistical considerations such as fuel, ammunition, water, and so on used currently in operation planning. Modeling and simulation is used to support the proposed benefits.

Proceedings of the 9th Annual Conference on Genetic and Evolutionary Computation, 2007

The development of coherent and dynamic behaviors for mobile robots is an exceedingly complex end... more The development of coherent and dynamic behaviors for mobile robots is an exceedingly complex endeavor ruled by task objectives, environmental dynamics and the interactions within the behavior structure. This paper discusses the use of genetic programming techniques and the unified behavior framework to develop effective control hierarchies using interchangeable behaviors and arbitration components. Given the number of possible variations provided by the framework, evolutionary programming is used to evolve the overall behavior design. Competitive evolution of the behavior population incrementally develops feasible solutions for the domain through competitive ranking. By developing and implementing many simple behaviors independently and then evolving a complex behavior structure suited to the domain, this approach allows for the reuse of elemental behaviors and eases the complexity of development for a given domain. Additionally, this approach has the ability to locate a behavior structure which a developer may not have previously considered, and whose ability exceeds expectations. The evolution of the behavior structure is demonstrated using agents in the Robocode environment, with the evolved structures performing up to 122 percent better than one crafted by an expert.

The latest generation Whegs

Twenty Third International Flairs Conference, 2010

Real Time Strategy (RTS) games present a challenge for the field of artificial intelligence. The ... more Real Time Strategy (RTS) games present a challenge for the field of artificial intelligence. The size of the state space often makes machine learning solutions intractable and as a result, developers turn towards hand-tailored solutions such as scripts. In this work, we present the Killer Bee Artificial Intelligence (KBAI) agent which uses a predictive nearest neighbor classifier to make decisions in real time. KBAI has a no-loss record against four hand tailored scripts in the RTS game Spring.

An Abstract Behavior Representation for Robust, Dynamic Sequencing in a Hybrid Architecture

HAMR: A Hybrid Multi-Robot Control Architecture

Flairs, 2009

Highly capable multiple robot architectures often resort to micromanagement to provide enhanced c... more Highly capable multiple robot architectures often resort to micromanagement to provide enhanced cooperative abilities, sacrificing individual autonomy. Conversely, multi-robot ar-chitectures that maintain individual autonomy are often lim-ited in their cooperative abilities. This ...

The Enhancement of Graduate Digital Forensics Education via the DC3 Digital Forensics Challenge

2009 42nd Hawaii International Conference on System Sciences, 2009

... The last step was to read the optical image with WinHex [24]. When this step was performed, t... more ... The last step was to read the optical image with WinHex [24]. When this step was performed, the text “QDueling is legal in Paraguay as long as both parties are registered blood donors” was repeated for several hundred megabytes. ...

Simulating windows-based cyber attacks using live virtual machine introspection

... VM. CMAT-V provides situational awareness during simulated cyber attack scenarios. Using stat... more ... VM. CMAT-V provides situational awareness during simulated cyber attack scenarios. Using static forensic analysis techniques, CMAT-V derives semantically relevant information from an arbitrary Windows memory dump. This ...

Proceedings of Spie the International Society For Optical Engineering, 2007

ABSTRACT Images and data files provide an excellent opportunity for concealing illegal or clandes... more ABSTRACT Images and data files provide an excellent opportunity for concealing illegal or clandestine material. Currently, there are over 250 different tools which embed data into an image without causing noticeable changes to the image. From a forensics perspective, when a system is confiscated or an image of a system is generated the investigator needs a tool that can scan and accurately identify files suspected of containing malicious information. The identification process is termed the steganalysis problem which focuses on both blind identification, in which only normal images are available for training, and multi-class identification, in which both the clean and stego images at several embedding rates are available for training. In this paper an investigation of a clustering and classification technique (Expectation Maximization with mixture models) is used to determine if a digital image contains hidden information. The steganalysis problem is for both anomaly detection and multi-class detection. The various clusters represent clean images and stego images with between 1% and 10% embedding percentage. Based on the results it is concluded that the EM classification technique is highly suitable for both blind detection and the multi-class problem.

Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficul... more Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficult task. Code obfuscation is an anti-debugging technique makes detection even more challenging. The Rule Engine Detection by Intermediate Representation (REDIR) system for automated static detection of obfuscated anti-debugging techniques is a prototype designed to help the RCE analyst improve performance through this tedious task. Three tenets form the REDIR foundation. First, Intermediate Representation (IR) improves the analyzability of binary programs by reducing a large instruction set down to a handful of semantically equivalent statements. Next, an Expert System (ES) rule-engine searches the IR and initiates a sense-making process for anti-debugging technique detection. Finally, an IR analysis process confirms the presence of an anti-debug technique. The REDIR system is implemented as a debugger plug-in. Within the debugger, REDIR interacts with a program in the disassembly view. Debugger users can instantly highlight anti-debugging techniques and determine if the presence of a debugger will cause a program to take a conditional jump or fall through to the next instruction.

IET Computer Vision, 2016

Automated feature matching of nuclear detonations enables 3D point cloud reconstruction, and esta... more Automated feature matching of nuclear detonations enables 3D point cloud reconstruction, and establishment a volume-based model to reduce uncertainty in estimating the yield of nuclear detonations solely from video.

Ant colony optimization (ACO) algorithms can generate quality solutions to combinatorial optimiza... more Ant colony optimization (ACO) algorithms can generate quality solutions to combinatorial optimization problems. However, like many stochastic algorithms, the quality of solutions worsen as problem sizes grow. In an effort to increase performance, we added the variable step size off-policy hill-climbing algorithm called PDWoLF (Policy Dynamics Win or Learn Fast) to several ant colony algorithms: Ant System, Ant Colony System, Elitist-Ant System, Rank-based Ant System, and Max-Min Ant System. Easily integrated into each ACO algorithm, the PDWoLF component maintains a set of policies separate from the ant colony's pheromone. Similar to pheromone but with different update rules, the PDWoLF policies provide a second estimation of solution quality and guide the construction of solutions. Experiments on large traveling salesman problems (TSPs) show that incorporating PDWoLF with the aforementioned ACO algorithms that do not make use of local optimizations produces shorter tours than the ACO algorithms alone.

Improving occupancy grid FastSLAM by integrating navigation sensors

2011 IEEE/RSJ International Conference on Intelligent Robots and Systems, 2011

Proceedings of Spie the International Society For Optical Engineering, 2007

... against the embedded image and manipulates nearby DCT blocks to maintain DCT histogram. ... D... more ... against the embedded image and manipulates nearby DCT blocks to maintain DCT histogram. ... DCT as well as some commonly used wavelet decompositions used in image processing. ... The features are then generated by calculating the difference between a target coefficient in ...

Dynamic coalition formation under uncertainty

2009 Ieee Rsj International Conference on Intelligent Robots and Systems, Oct 1, 2009

Workload-Adaptive Human Interface to Aid Robust Decision Making in Human-System Interface. Year 1 Report

2007 40th Annual Hawaii International Conference on System Sciences, Jan 3, 2007

The Department of Electrical and Computer Engineering (AFIT/ENG) at the Air Force Institute of Te... more The Department of Electrical and Computer Engineering (AFIT/ENG) at the Air Force Institute of Technology (AFIT), currently offers a graduate-level introductory course in digital forensics. Students are introduced and exposed to several challenges and topics in the digital forensics course. The course addresses the ethical and legal procedures as well as basic forensic science principles in only the most general manner. A larger percentage of lecture and lab time is spent discussing the technical details of incident response and media analysis. The detail into the network forensics and digital device analysis topics start to breach technical details but not to the level of attempting mastery. This course provides our students with real world digital forensics experience to prepare them for the challenges they may face in postgraduate employment.

2014 Ieee Applied Imagery Pattern Recognition Workshop, Oct 1, 2014

During the 1950s and 1960s the United States conducted and filmed over 200 atmospheric nuclear te... more During the 1950s and 1960s the United States conducted and filmed over 200 atmospheric nuclear tests establishing the foundations of atmospheric nuclear detonation behavior. Each explosion was documented with about 20 videos from three or four points of view. Synthesizing the videos into a 3D video will improve yield estimates and reduce error factors. The videos were captured at a nominal 2500 frames per second, but range from 2300-3100 frames per second during operation. In order to combine them into one 3D video, individual video frames need to be correlated in time with each other. When the videos were captured a timing system was used that shined light in a video every 5 milliseconds creating a small circle exposed in the frame. This paper investigates several method of extracting the timing from images in the cases when the timing marks are occluded and washed out, as well as when the films are exposed as expected. Results show an improvement over past techniques. For normal videos, occluded videos, and washed out videos, timing is detected with 99.3%, 77.3%, and 88.6% probability with a 2.6%, 11.3%, 5.9% false alarm rate, respectively.

The Enhancement of Graduate Digital Forensics Education via the DC3 Digital Forensics Challenge

Hicss, 2009

... The last step was to read the optical image with WinHex [24]. When this step was performed, t... more ... The last step was to read the optical image with WinHex [24]. When this step was performed, the text “QDueling is legal in Paraguay as long as both parties are registered blood donors” was repeated for several hundred megabytes. ...

The Global Information Grid (GIG) is the military's computer and communications network which sup... more The Global Information Grid (GIG) is the military's computer and communications network which supports the myriad of military missions. Military missions are highly planned, passing through many hands in the strategy-to-task methodology to ensure completeness, accuracy, coordination, cohesion, and appropriateness. A benefit of this planning is the possibility to collect knowledge of future conditions that could be of use to network designers whose goals include optimizing and protecting the GIG. This advanced knowledge includes which networked military equipment will be involved, what their capabilities are, where they will be, when they will be there, and particulars on the required data flows. A Network Tasking Order process is proposed as a means of collecting this information, analyzing the information to generate network taskings, and disseminating those taskings. Tactical integration of assets in mobile networks is introduced as another planning variable in the battlefield; not unlike logistical considerations such as fuel, ammunition, water, and so on used currently in operation planning. Modeling and simulation is used to support the proposed benefits.

Proceedings of the 9th Annual Conference on Genetic and Evolutionary Computation, 2007

The development of coherent and dynamic behaviors for mobile robots is an exceedingly complex end... more The development of coherent and dynamic behaviors for mobile robots is an exceedingly complex endeavor ruled by task objectives, environmental dynamics and the interactions within the behavior structure. This paper discusses the use of genetic programming techniques and the unified behavior framework to develop effective control hierarchies using interchangeable behaviors and arbitration components. Given the number of possible variations provided by the framework, evolutionary programming is used to evolve the overall behavior design. Competitive evolution of the behavior population incrementally develops feasible solutions for the domain through competitive ranking. By developing and implementing many simple behaviors independently and then evolving a complex behavior structure suited to the domain, this approach allows for the reuse of elemental behaviors and eases the complexity of development for a given domain. Additionally, this approach has the ability to locate a behavior structure which a developer may not have previously considered, and whose ability exceeds expectations. The evolution of the behavior structure is demonstrated using agents in the Robocode environment, with the evolved structures performing up to 122 percent better than one crafted by an expert.

The latest generation Whegs

Twenty Third International Flairs Conference, 2010

Real Time Strategy (RTS) games present a challenge for the field of artificial intelligence. The ... more Real Time Strategy (RTS) games present a challenge for the field of artificial intelligence. The size of the state space often makes machine learning solutions intractable and as a result, developers turn towards hand-tailored solutions such as scripts. In this work, we present the Killer Bee Artificial Intelligence (KBAI) agent which uses a predictive nearest neighbor classifier to make decisions in real time. KBAI has a no-loss record against four hand tailored scripts in the RTS game Spring.

An Abstract Behavior Representation for Robust, Dynamic Sequencing in a Hybrid Architecture

HAMR: A Hybrid Multi-Robot Control Architecture

Flairs, 2009

Highly capable multiple robot architectures often resort to micromanagement to provide enhanced c... more Highly capable multiple robot architectures often resort to micromanagement to provide enhanced cooperative abilities, sacrificing individual autonomy. Conversely, multi-robot ar-chitectures that maintain individual autonomy are often lim-ited in their cooperative abilities. This ...

The Enhancement of Graduate Digital Forensics Education via the DC3 Digital Forensics Challenge

2009 42nd Hawaii International Conference on System Sciences, 2009

... The last step was to read the optical image with WinHex [24]. When this step was performed, t... more ... The last step was to read the optical image with WinHex [24]. When this step was performed, the text “QDueling is legal in Paraguay as long as both parties are registered blood donors” was repeated for several hundred megabytes. ...

Simulating windows-based cyber attacks using live virtual machine introspection

... VM. CMAT-V provides situational awareness during simulated cyber attack scenarios. Using stat... more ... VM. CMAT-V provides situational awareness during simulated cyber attack scenarios. Using static forensic analysis techniques, CMAT-V derives semantically relevant information from an arbitrary Windows memory dump. This ...

Proceedings of Spie the International Society For Optical Engineering, 2007

ABSTRACT Images and data files provide an excellent opportunity for concealing illegal or clandes... more ABSTRACT Images and data files provide an excellent opportunity for concealing illegal or clandestine material. Currently, there are over 250 different tools which embed data into an image without causing noticeable changes to the image. From a forensics perspective, when a system is confiscated or an image of a system is generated the investigator needs a tool that can scan and accurately identify files suspected of containing malicious information. The identification process is termed the steganalysis problem which focuses on both blind identification, in which only normal images are available for training, and multi-class identification, in which both the clean and stego images at several embedding rates are available for training. In this paper an investigation of a clustering and classification technique (Expectation Maximization with mixture models) is used to determine if a digital image contains hidden information. The steganalysis problem is for both anomaly detection and multi-class detection. The various clusters represent clean images and stego images with between 1% and 10% embedding percentage. Based on the results it is concluded that the EM classification technique is highly suitable for both blind detection and the multi-class problem.