Gilbert Peterson | Air Force Institute of Technology (original) (raw)
Uploads
Papers by Gilbert Peterson
Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficul... more Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficult task. Code obfuscation is an anti-debugging technique makes detection even more challenging. The Rule Engine Detection by Intermediate Representation (REDIR) system for automated static detection of obfuscated anti-debugging techniques is a prototype designed to help the RCE analyst improve performance through this tedious task. Three tenets form the REDIR foundation. First, Intermediate Representation (IR) improves the analyzability of binary programs by reducing a large instruction set down to a handful of semantically equivalent statements. Next, an Expert System (ES) rule-engine searches the IR and initiates a sense-making process for anti-debugging technique detection. Finally, an IR analysis process confirms the presence of an anti-debug technique. The REDIR system is implemented as a debugger plug-in. Within the debugger, REDIR interacts with a program in the disassembly view. Debugger users can instantly highlight anti-debugging techniques and determine if the presence of a debugger will cause a program to take a conditional jump or fall through to the next instruction.
Bookmarks Related papers MentionsView impact
IET Computer Vision, 2016
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
2011 IEEE/RSJ International Conference on Intelligent Robots and Systems, 2011
Bookmarks Related papers MentionsView impact
Proceedings of Spie the International Society For Optical Engineering, 2007
... against the embedded image and manipulates nearby DCT blocks to maintain DCT histogram. ... D... more ... against the embedded image and manipulates nearby DCT blocks to maintain DCT histogram. ... DCT as well as some commonly used wavelet decompositions used in image processing. ... The features are then generated by calculating the difference between a target coefficient in ...
Bookmarks Related papers MentionsView impact
2009 Ieee Rsj International Conference on Intelligent Robots and Systems, Oct 1, 2009
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
2007 40th Annual Hawaii International Conference on System Sciences, Jan 3, 2007
Bookmarks Related papers MentionsView impact
2014 Ieee Applied Imagery Pattern Recognition Workshop, Oct 1, 2014
Bookmarks Related papers MentionsView impact
Hicss, 2009
... The last step was to read the optical image with WinHex [24]. When this step was performed, t... more ... The last step was to read the optical image with WinHex [24]. When this step was performed, the text QDueling is legal in Paraguay as long as both parties are registered blood donors was repeated for several hundred megabytes. ...
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Proceedings of the 9th Annual Conference on Genetic and Evolutionary Computation, 2007
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Twenty Third International Flairs Conference, 2010
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Flairs, 2009
Highly capable multiple robot architectures often resort to micromanagement to provide enhanced c... more Highly capable multiple robot architectures often resort to micromanagement to provide enhanced cooperative abilities, sacrificing individual autonomy. Conversely, multi-robot ar-chitectures that maintain individual autonomy are often lim-ited in their cooperative abilities. This ...
Bookmarks Related papers MentionsView impact
2009 42nd Hawaii International Conference on System Sciences, 2009
... The last step was to read the optical image with WinHex [24]. When this step was performed, t... more ... The last step was to read the optical image with WinHex [24]. When this step was performed, the text QDueling is legal in Paraguay as long as both parties are registered blood donors was repeated for several hundred megabytes. ...
Bookmarks Related papers MentionsView impact
... VM. CMAT-V provides situational awareness during simulated cyber attack scenarios. Using stat... more ... VM. CMAT-V provides situational awareness during simulated cyber attack scenarios. Using static forensic analysis techniques, CMAT-V derives semantically relevant information from an arbitrary Windows memory dump. This ...
Bookmarks Related papers MentionsView impact
Proceedings of Spie the International Society For Optical Engineering, 2007
ABSTRACT Images and data files provide an excellent opportunity for concealing illegal or clandes... more ABSTRACT Images and data files provide an excellent opportunity for concealing illegal or clandestine material. Currently, there are over 250 different tools which embed data into an image without causing noticeable changes to the image. From a forensics perspective, when a system is confiscated or an image of a system is generated the investigator needs a tool that can scan and accurately identify files suspected of containing malicious information. The identification process is termed the steganalysis problem which focuses on both blind identification, in which only normal images are available for training, and multi-class identification, in which both the clean and stego images at several embedding rates are available for training. In this paper an investigation of a clustering and classification technique (Expectation Maximization with mixture models) is used to determine if a digital image contains hidden information. The steganalysis problem is for both anomaly detection and multi-class detection. The various clusters represent clean images and stego images with between 1% and 10% embedding percentage. Based on the results it is concluded that the EM classification technique is highly suitable for both blind detection and the multi-class problem.
Bookmarks Related papers MentionsView impact
Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficul... more Reverse Code Engineering (RCE) to detect anti-debugging techniques in software is a very difficult task. Code obfuscation is an anti-debugging technique makes detection even more challenging. The Rule Engine Detection by Intermediate Representation (REDIR) system for automated static detection of obfuscated anti-debugging techniques is a prototype designed to help the RCE analyst improve performance through this tedious task. Three tenets form the REDIR foundation. First, Intermediate Representation (IR) improves the analyzability of binary programs by reducing a large instruction set down to a handful of semantically equivalent statements. Next, an Expert System (ES) rule-engine searches the IR and initiates a sense-making process for anti-debugging technique detection. Finally, an IR analysis process confirms the presence of an anti-debug technique. The REDIR system is implemented as a debugger plug-in. Within the debugger, REDIR interacts with a program in the disassembly view. Debugger users can instantly highlight anti-debugging techniques and determine if the presence of a debugger will cause a program to take a conditional jump or fall through to the next instruction.
Bookmarks Related papers MentionsView impact
IET Computer Vision, 2016
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
2011 IEEE/RSJ International Conference on Intelligent Robots and Systems, 2011
Bookmarks Related papers MentionsView impact
Proceedings of Spie the International Society For Optical Engineering, 2007
... against the embedded image and manipulates nearby DCT blocks to maintain DCT histogram. ... D... more ... against the embedded image and manipulates nearby DCT blocks to maintain DCT histogram. ... DCT as well as some commonly used wavelet decompositions used in image processing. ... The features are then generated by calculating the difference between a target coefficient in ...
Bookmarks Related papers MentionsView impact
2009 Ieee Rsj International Conference on Intelligent Robots and Systems, Oct 1, 2009
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
2007 40th Annual Hawaii International Conference on System Sciences, Jan 3, 2007
Bookmarks Related papers MentionsView impact
2014 Ieee Applied Imagery Pattern Recognition Workshop, Oct 1, 2014
Bookmarks Related papers MentionsView impact
Hicss, 2009
... The last step was to read the optical image with WinHex [24]. When this step was performed, t... more ... The last step was to read the optical image with WinHex [24]. When this step was performed, the text QDueling is legal in Paraguay as long as both parties are registered blood donors was repeated for several hundred megabytes. ...
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Proceedings of the 9th Annual Conference on Genetic and Evolutionary Computation, 2007
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Twenty Third International Flairs Conference, 2010
Bookmarks Related papers MentionsView impact
Bookmarks Related papers MentionsView impact
Flairs, 2009
Highly capable multiple robot architectures often resort to micromanagement to provide enhanced c... more Highly capable multiple robot architectures often resort to micromanagement to provide enhanced cooperative abilities, sacrificing individual autonomy. Conversely, multi-robot ar-chitectures that maintain individual autonomy are often lim-ited in their cooperative abilities. This ...
Bookmarks Related papers MentionsView impact
2009 42nd Hawaii International Conference on System Sciences, 2009
... The last step was to read the optical image with WinHex [24]. When this step was performed, t... more ... The last step was to read the optical image with WinHex [24]. When this step was performed, the text QDueling is legal in Paraguay as long as both parties are registered blood donors was repeated for several hundred megabytes. ...
Bookmarks Related papers MentionsView impact
... VM. CMAT-V provides situational awareness during simulated cyber attack scenarios. Using stat... more ... VM. CMAT-V provides situational awareness during simulated cyber attack scenarios. Using static forensic analysis techniques, CMAT-V derives semantically relevant information from an arbitrary Windows memory dump. This ...
Bookmarks Related papers MentionsView impact
Proceedings of Spie the International Society For Optical Engineering, 2007
ABSTRACT Images and data files provide an excellent opportunity for concealing illegal or clandes... more ABSTRACT Images and data files provide an excellent opportunity for concealing illegal or clandestine material. Currently, there are over 250 different tools which embed data into an image without causing noticeable changes to the image. From a forensics perspective, when a system is confiscated or an image of a system is generated the investigator needs a tool that can scan and accurately identify files suspected of containing malicious information. The identification process is termed the steganalysis problem which focuses on both blind identification, in which only normal images are available for training, and multi-class identification, in which both the clean and stego images at several embedding rates are available for training. In this paper an investigation of a clustering and classification technique (Expectation Maximization with mixture models) is used to determine if a digital image contains hidden information. The steganalysis problem is for both anomaly detection and multi-class detection. The various clusters represent clean images and stego images with between 1% and 10% embedding percentage. Based on the results it is concluded that the EM classification technique is highly suitable for both blind detection and the multi-class problem.
Bookmarks Related papers MentionsView impact