-
Kernel-level Rootkit Detection, Prevention and Behavior Profiling: A Taxonomy and Survey
Authors:
Mohammad Nadim,
Wonjun Lee,
David Akopian
Abstract:
One of the most elusive types of malware in recent times that pose significant challenges in the computer security system is the kernel-level rootkits. The kernel-level rootkits can hide its presence and malicious activities by modifying the kernel control flow, by hooking in the kernel space, or by manipulating the kernel objects. As kernel-level rootkits change the kernel, it is difficult for us…
▽ More
One of the most elusive types of malware in recent times that pose significant challenges in the computer security system is the kernel-level rootkits. The kernel-level rootkits can hide its presence and malicious activities by modifying the kernel control flow, by hooking in the kernel space, or by manipulating the kernel objects. As kernel-level rootkits change the kernel, it is difficult for user-level security tools to detect the kernel-level rootkits. In the past few years, many approaches have been proposed to detect kernel-level rootkits. It is not much difficult for an attacker to evade the signature-based kernel-level rootkit detection system by slightly modifying the existing signature. To detect the evolving kernel-level rootkits, researchers have proposed and experimented with many detection systems. In this paper, we survey traditional kernel-level rootkit detection mechanisms in literature and propose a structured kernel-level rootkit detection taxonomy. We have discussed the strength and weaknesses or challenges of each detection approach. The prevention techniques and profiling kernel-level rootkit behavior affiliated literature are also included in this survey. The paper ends with future research directions for kernel-level rootkit detection.
△ Less
Submitted 2 April, 2023;
originally announced April 2023.
-
Indoor positioning system using WLAN channel estimates as fingerprints for mobile devices
Authors:
Erick Schmidt,
David Akopian
Abstract:
With the growing integration of location based services (LBS) such as GPS in mobile devices, indoor position systems (IPS) have become an important role for research. There are several IPS methods such as AOA, TOA, TDOA, which use trilateration for indoor location estimation but are generally based on line-of-sight. Other methods rely on classification such as fingerprinting which uses WLAN indoor…
▽ More
With the growing integration of location based services (LBS) such as GPS in mobile devices, indoor position systems (IPS) have become an important role for research. There are several IPS methods such as AOA, TOA, TDOA, which use trilateration for indoor location estimation but are generally based on line-of-sight. Other methods rely on classification such as fingerprinting which uses WLAN indoor signals. This paper re-examines the classical WLAN fingerprinting accuracy which uses received signal strength (RSS) measurements by introducing channel estimates for improvements in the classification of indoor locations. The purpose of this paper is to improve existing classification algorithms used in fingerprinting by introducing channel estimates when there are a low number of APs available. The channel impulse response, or in this case the channel estimation from the receiver, should characterize a complex indoor area which usually has multipath, thus providing a unique signature for each location which proves useful for better pattern recognition. In this experiment, channel estimates are extracted from a Software-Defined Radio (SDR) environment, thus exploiting the benefits of SDR from a NI-USRP model and LabVIEW software. Measurements are taken from a known building, and several scenarios with one and two access points (APs) are used in this experiment. Also, three granularities in distance between locations are analyzed. A Support Vector Machine (SVM) is used as the algorithm for pattern recognition of different locations based on the samples taken from RSS and channel estimation coefficients.
△ Less
Submitted 30 June, 2019;
originally announced July 2019.
-
A Fast-rate WLAN Measurement Tool for Improved Miss-rate in Indoor Navigation
Authors:
Erick Schmidt,
David Akopian
Abstract:
Recently, location-based services (LBS) have steered attention to indoor positioning systems (IPS). WLAN-based IPSs relying on received signal strength (RSS) measurements such as fingerprinting are gaining popularity due to proven high accuracy of their results. Typically, sets of RSS measurements at selected locations from several WLAN access points (APs) are used to calibrate the system. Retriev…
▽ More
Recently, location-based services (LBS) have steered attention to indoor positioning systems (IPS). WLAN-based IPSs relying on received signal strength (RSS) measurements such as fingerprinting are gaining popularity due to proven high accuracy of their results. Typically, sets of RSS measurements at selected locations from several WLAN access points (APs) are used to calibrate the system. Retrieval of such measurements from WLAN cards are commonly at one-Hz rate. Such measurement collection is needed for offline radio-map surveying stage which aligns fingerprints to locations, and for online navigation stage, when collected measurements are associated with the radio-map for user navigation. As WLAN network is not originally designed for positioning, an RSS measurement miss could have a high impact on the fingerprinting system. Additionally, measurement fluctuations require laborious signal processing, and surveying process can be very time consuming. This paper proposes a fast-rate measurement collection method that addresses previously mentioned problems by achieving a higher probability of RSS measurement collection during a given one-second window. This translates to more data for statistical processing and faster surveying. The fast-rate collection approach is analyzed against the conventional measurement rate in a proposed testing methodology that mimics real-life scenarios related to IPS surveying and online navigation.
△ Less
Submitted 30 June, 2019;
originally announced July 2019.
-
Fast prototyping of an SDR WLAN 802.11b receiver for an indoor positioning system
Authors:
Erick Schmidt,
David Akopian
Abstract:
Indoor positioning systems (IPS) are emerging technologies due to an increasing popularity and demand in location based service (LBS). Because traditional positioning systems such as GPS are limited to outdoor applications, many IPS have been proposed in literature. WLAN-based IPS are the most promising due to its proven accuracy and infrastructure deployment. Several WLAN-based IPS have been prop…
▽ More
Indoor positioning systems (IPS) are emerging technologies due to an increasing popularity and demand in location based service (LBS). Because traditional positioning systems such as GPS are limited to outdoor applications, many IPS have been proposed in literature. WLAN-based IPS are the most promising due to its proven accuracy and infrastructure deployment. Several WLAN-based IPS have been proposed in the past, from which the best results have been shown by so-called fingerprint-based systems. This paper proposes an indoor positioning system which extends traditional WLAN fingerprinting by using received signal strength (RSS) measurements along with channel estimates as an effort to improve classification accuracy for scenarios with a low number of Access Points (APs). The channel estimates aim to characterize complex indoor environments making it a unique signature for fingerprinting-based IPS and therefore improving pattern recognition in radio-maps. Since commercial WLAN cards offer limited measurement information, software-defined radio (SDR) as an emerging trend for fast prototyping and research integration is chosen as the best cost-effective option to extract channel estimates. Therefore, this paper first proposes an 802.11b WLAN SDR beacon receiver capable of measuring RSS and channel estimates. The SDR is designed using LabVIEW (LV) environment and leverages several inherent platform acceleration features that achieve real-time capturing. The receiver achieves a fast-rate measurement capture of 9 packets per second per AP. The classification of the propose IPS uses a support vector machine (SVM) for offline training and online navigation. Several tests are conducted in a cluttered indoor environment with a single AP in 802.11b legacy mode. Finally, navigation accuracy results are discussed.
△ Less
Submitted 30 June, 2019;
originally announced July 2019.
-
Exploiting Acceleration Features of LabVIEW platform for Real-Time GNSS Software Receiver Optimization
Authors:
Erick Schmidt,
David Akopian
Abstract:
This paper presents the new generation of LabVIEW-based GPS receiver testbed that is based on National Instruments' (NI) LabVIEW (LV) platform in conjunction to C/C++ dynamic link libraries (DLL) used inside the platform for performance execution. This GPS receiver has been optimized for real-time operation and has been developed for fast prototyping and easiness on future additions and implementa…
▽ More
This paper presents the new generation of LabVIEW-based GPS receiver testbed that is based on National Instruments' (NI) LabVIEW (LV) platform in conjunction to C/C++ dynamic link libraries (DLL) used inside the platform for performance execution. This GPS receiver has been optimized for real-time operation and has been developed for fast prototyping and easiness on future additions and implementations to the system. The receiver DLLs are divided into three baseband modules: acquisition, tracking, and navigation. The openness of received baseband modules allows for extensive research topics such as signal quality improvement on GPS-denied areas, signal spoofing, and signal interferences. The hardware used in the system was chosen with an effort to achieve portability and mobility in the SDR receiver. Several acceleration factors that accomplish real-time operation and that are inherent to LabVIEW mechanisms, such as multithreading, parallelization and dedicated loop-structures, are discussed. The proposed SDR also exploits C/C++ optimization techniques for single-instruction multiple-data (SIMD) capable processors in software correlators for real-time operation of GNSS tracking loops. It is demonstrated that LabVIEW-based solutions provide competitive real-time solutions for fast prototyping of receiver algorithms.
△ Less
Submitted 30 June, 2019;
originally announced July 2019.
-
Development of a Real-Time Software-Defined Radio GPS Receiver Exploiting a LabVIEW-based Instrumentation Environment
Authors:
Erick Schmidt,
David Akopian,
Daniel J. Pack
Abstract:
The ubiquitousness of location based services (LBS) has proven effective for many applications such as commercial, military, and emergency responders. Software-defined radio (SDR) has emerged as an adequate framework for development and testing of global navigational satellite systems (GNSS) such as the Global Position System (GPS). SDR receivers are constantly developing in terms of acceleration…
▽ More
The ubiquitousness of location based services (LBS) has proven effective for many applications such as commercial, military, and emergency responders. Software-defined radio (SDR) has emerged as an adequate framework for development and testing of global navigational satellite systems (GNSS) such as the Global Position System (GPS). SDR receivers are constantly developing in terms of acceleration factors and accurate algorithms for precise user navigation. However, many SDR options for GPS receivers currently lack real-time operation or could be costly. This paper presents a LabVIEW (LV) and C/C++ based GPS L1 receiver platform with real-time capabilities. The system relies on LV acceleration factors as well as other C/C++ techniques such as dynamic link library (DLL) integration into LV and parallelizable loop structures, and single input multiple data (SIMD) methods which leverage host PC multi-purpose processors. A hardware testbed is presented for compactness and mobility, as well as software functionality and data flow handling inherent in LV environment. Benchmarks and other real-time results are presented as well as compared against other state-of-the-art open-source GPS receivers.
△ Less
Submitted 14 February, 2019;
originally announced February 2019.
-
A Performance Study of a Fast-Rate WLAN Fingerprint Measurement Collection Method
Authors:
Erick Schmidt,
Misbahuddin A. Mohammed,
David Akopian
Abstract:
Indoor positioning systems exploiting WLAN signal measurements such as Received Signal Strength (RSS) are gaining popularity due to high accuracy of the results. Sets of RSS and other measurements at designated locations from available WLAN access points (APs) are conventionally called fingerprints and retrieved from network cards at typically one Hz rate. Such measurement collection is needed for…
▽ More
Indoor positioning systems exploiting WLAN signal measurements such as Received Signal Strength (RSS) are gaining popularity due to high accuracy of the results. Sets of RSS and other measurements at designated locations from available WLAN access points (APs) are conventionally called fingerprints and retrieved from network cards at typically one Hz rate. Such measurement collection is needed for offline radio-map surveying stage which assigns fingerprints to locations, and for online navigation stage, when collected measurements are associated with the radio-map for positioning. As WLAN network is not originally designed for localization, the network cards occasionally miss the fingerprints, measurement fluctuations necessitate statistical signal processing, and surveying process is very time consuming. This paper describes a fast measurement collection approach that addresses the mentioned problems: higher probability of measurement acquisition, more data for statistical processing and faster surveying. The approach is further analyzed for practical setting applications.
△ Less
Submitted 14 February, 2019;
originally announced February 2019.
-
Software-Defined Radio GNSS Instrumentation for Spoofing Mitigation: A Review and a Case Study
Authors:
Erick Schmidt,
Zach A. Ruble,
David Akopian,
Daniel J. Pack
Abstract:
Recently, several global navigation satellite systems (GNSS) emerged following the transformative technology impact of the first GNSS: US Global Positioning System (GPS). The power level of GNSS signals as measured at the earths surface is below the noise floor and is consequently vulnerable against interference. Spoofers are smart GNSS-like interferers, which mislead the receivers into generating…
▽ More
Recently, several global navigation satellite systems (GNSS) emerged following the transformative technology impact of the first GNSS: US Global Positioning System (GPS). The power level of GNSS signals as measured at the earths surface is below the noise floor and is consequently vulnerable against interference. Spoofers are smart GNSS-like interferers, which mislead the receivers into generating false position and time information. While many spoofing mitigation techniques exist, spoofers are continually evolving, producing a cycle of new spoofing attacks and counter-measures against them. Thus, upgradability of receivers becomes an important advantage for maintaining their immunity against spoofing. Software-defined radio (SDR) implementations of a GPS receiver address such flexibility but are challenged by demanding computational requirements of both GNSS signal processing and spoofing mitigation. Therefore, this paper reviews reported SDRs in the context of instrumentation capabilities for both conventional and spoofing mitigation modes. This separation is necessitated by significantly increased computational loads when in spoofing domain. This is demonstrated by a case study budget analysis.
△ Less
Submitted 10 January, 2019;
originally announced January 2019.
-
Real-Time Rejection and Mitigation of Time Synchronization Attacks on the Global Positioning System
Authors:
Ali Khalajmehrabadi,
Nikolaos Gatsis,
David Akopian,
Ahmad F. Taha
Abstract:
This paper introduces the Time Synchronization Attack Rejection and Mitigation (TSARM) technique for Time Synchronization Attacks (TSAs) over the Global Positioning System (GPS). The technique estimates the clock bias and drift of the GPS receiver along with the possible attack contrary to previous approaches. Having estimated the time instants of the attack, the clock bias and drift of the receiv…
▽ More
This paper introduces the Time Synchronization Attack Rejection and Mitigation (TSARM) technique for Time Synchronization Attacks (TSAs) over the Global Positioning System (GPS). The technique estimates the clock bias and drift of the GPS receiver along with the possible attack contrary to previous approaches. Having estimated the time instants of the attack, the clock bias and drift of the receiver are corrected. The proposed technique is computationally efficient and can be easily implemented in real time, in a fashion complementary to standard algorithms for position, velocity, and time estimation in off-the-shelf receivers. The performance of this technique is evaluated on a set of collected data from a real GPS receiver. Our method renders excellent time recovery consistent with the application requirements. The numerical results demonstrate that the TSARM technique outperforms competing approaches in the literature.
△ Less
Submitted 5 February, 2018;
originally announced February 2018.
-
Modern WLAN Fingerprinting Indoor Positioning Methods and Deployment Challenges
Authors:
Ali Khalajmehrabadi,
Nikolaos Gatsis,
David Akopian
Abstract:
Wireless Local Area Network (WLAN) has become a promising choice for indoor positioning as the only existing and established infrastructure, to localize the mobile and stationary users indoors. However, since WLAN has been initially designed for wireless networking and not positioning, the localization task based on WLAN signals has several challenges. Amongst the WLAN positioning methods, WLAN fi…
▽ More
Wireless Local Area Network (WLAN) has become a promising choice for indoor positioning as the only existing and established infrastructure, to localize the mobile and stationary users indoors. However, since WLAN has been initially designed for wireless networking and not positioning, the localization task based on WLAN signals has several challenges. Amongst the WLAN positioning methods, WLAN fingerprinting localization has recently achieved great attention due to its promising results. WLAN fingerprinting faces several challenges and hence, in this paper, our goal is to overview these challenges and the state-of-the-art solutions. This paper consists of three main parts: 1) Conventional localization schemes; 2) State-of-the-art approaches; 3) Practical deployment challenges. Since all the proposed methods in WLAN literature have been conducted and tested in different settings, the reported results are not equally comparable. So, we compare some of the main localization schemes in a single real environment and assess their localization accuracy, positioning error statistics, and complexity. Our results depict illustrative evaluation of WLAN localization systems and guide to future improvement opportunities.
△ Less
Submitted 17 October, 2016;
originally announced October 2016.
-
Structured Group Sparsity: A Novel Indoor WLAN Localization, Outlier Detection, and Radio Map Interpolation Scheme
Authors:
Ali Khalajmehrabadi,
Nikolaos Gatsis,
David Akopian
Abstract:
This paper introduces novel schemes for indoor localization, outlier detection, and radio map interpolation using Wireless Local Area Networks (WLANs). The localization method consists of a novel multicomponent optimization technique that minimizes the squared $\ell_{2}$-norm of the residuals between the radio map and the online Received Signal Strength (RSS) measurements, the $\ell_{1}$-norm of t…
▽ More
This paper introduces novel schemes for indoor localization, outlier detection, and radio map interpolation using Wireless Local Area Networks (WLANs). The localization method consists of a novel multicomponent optimization technique that minimizes the squared $\ell_{2}$-norm of the residuals between the radio map and the online Received Signal Strength (RSS) measurements, the $\ell_{1}$-norm of the user's location vector, and weighted $\ell_{2}$-norms of layered groups of Reference Points (RPs). RPs are grouped using a new criterion based on the similarity between the so-called Access Point (AP) coverage vectors. In addition, since AP readings are prone to containing inordinate readings, called outliers, an augmented optimization problem is proposed to detect the outliers and localize the user with cleaned online measurements. Moreover, a novel scheme to record fingerprints from a smaller number of RPs and estimate the radio map at RPs without recorded fingerprints is developed using sparse recovery techniques. All localization schemes are tested on RSS fingerprints collected from a real environment. The overall scheme has comparable complexity with competing approaches, while it performs with high accuracy under a small number of APs and finer granularity of RPs.
△ Less
Submitted 17 October, 2016;
originally announced October 2016.
-
A Joint Indoor WLAN Localization and Outlier Detection Scheme Using LASSO and Elastic-Net Optimization Techniques
Authors:
Ali Khalajmehrabadi,
Nikolaos Gatsis,
Daniel Pack,
David Akopian
Abstract:
In this paper, we introduce two indoor Wireless Local Area Network (WLAN) positioning methods using augmented sparse recovery algorithms. These schemes render a sparse user's position vector, and in parallel, minimize the distance between the online measurement and radio map. The overall localization scheme for both methods consists of three steps: 1) coarse localization, obtained from comparing t…
▽ More
In this paper, we introduce two indoor Wireless Local Area Network (WLAN) positioning methods using augmented sparse recovery algorithms. These schemes render a sparse user's position vector, and in parallel, minimize the distance between the online measurement and radio map. The overall localization scheme for both methods consists of three steps: 1) coarse localization, obtained from comparing the online measurements with clustered radio map. A novel graph-based method is proposed to cluster the offline fingerprints. In the online phase, a Region Of Interest (ROI) is selected within which we search for the user's location; 2) Access Point (AP) selection; and 3) fine localization through the novel sparse recovery algorithms. Since the online measurements are subject to inordinate measurement readings, called outliers, the sparse recovery methods are modified in order to jointly estimate the outliers and user's position vector. The outlier detection procedure identifies the APs whose readings are either not available or erroneous. The proposed localization methods have been tested with Received Signal Strength (RSS) measurements in a typical office environment and the results show that they can localize the user with significantly high accuracy and resolution which is superior to the results from competing WLAN fingerprinting localization methods.
△ Less
Submitted 17 October, 2016;
originally announced October 2016.
