Defense Notices

With the rapid growth in artificial intelligence (AI), AI technologies have completely changed our lives. Especially in the sports field, AI starts to play the role in auxiliary training, data management, and systems that analyze training performance for athletes. Golf is one of the most popular sports in the world, which frequently utilize video analysis during training. Video analysis falls into the computer vision category. Computer vision is the field that benefited most during the AI revolution, especially the emerging of deep learning. 

This thesis focuses on the problem of real-time detection and tracking of a golf ball from video sequences. We introduce an efficient and effective solution by integrating object detection and a discrete Kalman model. For ball detection, five classical convolutional neural network based detection models are implemented, including Faster R-CNN, SSD, RefineDet, YOLOv3, and its lite version, YOLOv3 tiny. At the tracking stage, a discrete Kalman filter is employed to predict the location of the golf ball based on its previous observations. As a trade-off between the detection accuracy and detection time, we took advantage of image patches rather than the entire images for detection. In order to train the detection models and test the tracking algorithm, we collect and annotate a collection of golf ball dataset. Extensive experimental results are performed to demonstrate the effectiveness of the proposed technique and compare the performance of different neural network models.

Roughly 1 in 5 people in the United States have an intellectual or developmental disability (IDD), which is a substantial amount of the population. In the realm of human-robot interaction, there have been many attempts to help these individuals lead more productive and independent lives. However, many of these solutions focus on helping individuals with IDD develop social skills. For the solutions that do focus on helping people with IDD increase their work productivity, many of these involve giving the user control over a robot that augments the worker’s capabilities. In this thesis, it is posited that an autonomous agent could effectively assist workers with IDD, thereby increasing their productivity. The artificially intelligent disability assistant (AIDA) is an autonomous agent that uses social scaffolding techniques to assist workers with IDD. Before designing the system, data was gathered by observing workers with IDD perform tasks in a light manufacturing facility.
To test the hypothesis, an initial Wizard-of-Oz (WoZ) experiment was conducted where subjects had to assemble a box using only either their dominant or non-dominant hand. During the experiment, subjects could ask the robot for assistance, but a human operator controlled whether the robot provided a response. After the experiment, subjects were required to complete a feedback survey. Additionally, this feedback was used to refine and build the autonomous system for AIDA.
The autonomous system is composed of data collection and processing modules, a scaffolding algorithm module, and robot action output modules. This system was tested in a simulated experiment using video recordings from the initial experiment. The results of the simulated experiment provide support for the hypothesis that an autonomous agent using social scaffolding techniques can increase the productivity of workers with IDD. In the future, it is desired to test the current system in a real-time experiment before using it on workers with IDD.

The phenomenal growth of the Internet of Things (IoT) has highlighted the security and privacy concerns associated with these devices. The research literature on the security architectures of IoT makes evident that we need to define and formalize a framework to secure the communications among these devices. To do so, it is important to focus on a zero-trust framework that will work on the principle premise of "trust no one, verify everyone" for every request and response.

In this thesis, we emphasize the immediate need for such a framework and propose a zero-trust communication model for IoT that addresses security and privacy concerns. We employ the existing cryptographic techniques to implement the framework so that it can be easily integrated into the current network infrastructures. The framework provides an end-to-end security framework for users and devices to communicate with each other privately. It is often stated that it is difficult to implement high-end encryption algorithm within the limited resource of an IoT device. For our work, we built a temperature and humidity sensor using NodeMCU V3 and were able to implement the framework and successfully evaluate and document its efficient operation. We defined four areas for evaluation and validation, namely, security of communications, memory utilization of the device, response time of operations, and cost of its implementation. For every aspect we defined a threshold to evaluate and validate our findings. The results are satisfactory and are documented. Our framework provides an easy-to-use solution where the security infrastructure acts as a backbone for every communication to and from the IoT devices.

The IWR6843 mmWave radar device from Texas Instruments (TI) is a complete FMCW radar system-on-chip operating in the 60 to 64 GHz frequency range. The IWR6843ISK is an evaluation platform which includes the IWR6843 connected to patch antennas on a PCB. In this project, the viability of using the IWR6843 sensor for short-range detection of small, high-velocity targets is investigated. Some of the limitations of the device are explored and a specific radar configuration is proposed. To confirm the applicability of the proposed configuration, a similar configuration is used with the IWR6843ISK-ODS evaluation platform to observe the launch of a foil-wrapped dart. The evaluation platform is used to collect raw data, which is then post-processed in a Python program to generate a range-doppler heatmap visualization of the data.

Program size and complexity have dramatically increased over time.  To reduce their work-load, developers began to utilize package managers.  These packages managers allow third-party functionality, contained in units called packages, to be quickly imported into a project.  Due to their utility, packages have become remarkably popular. The largest package repository, npm, has more than 1.2 million publicly available packages and serves more than 80 billion package downloads per month.  In recent years,  this popularity has attracted the attention of malicious users. Attackers have the ability to upload packages which contain malware. To increase the number of victims, attackers regularly leverage a tactic called typosquatting, which involves giving the malicious package a name that is very similar to the name of a popular package.  Users who make a typo when trying to install the popular package fall victim to the attack and are instead served the malicious payload. The consequences of typosquatting attacks can be catastrophic. Historical typosquatting attacks have exported passwords, stolen cryptocurrency, and opened reverse shells.This thesis focuses on typosquatting attacks in package repositories.  It explores the extent to which typosquatting exists in npm and PyPI (the de facto standard package repositories for Node.js and Python, respectively), proposes a practical defense against typosquatting attacks, and quantifies the efficacy of the proposed defense.  The presented solution incurs an acceptable temporal overhead of 2.5% on the standard package installation process and is expected to affect approximately 0.5% of all weekly package downloads. Furthermore, it has been used to discover a particularly high-profile typosquatting perpetrator, which was then reported and has since been deprecated by npm.  Typosquatting is an important yet preventable problem.  This thesis recommends pack-ages creators to protect their own packages with a technique called defensive typosquatting and repository maintainers to protect all users through augmentations to their package managers or automated monitoring of the package namespace.

Modern high-performance processors utilize techniques such as speculation and out-of-order execution to improve performance. Unfortunately, the recent Spectre and Meltdown exploits take advantage of these techniques to circumvent the security of the system. As speculation and out-of-order execution are complex features meant to enhance performance, full mitigation of these exploits often incurs high overhead and partial defenses need careful considerations to ensure attack surface is not left vulnerable.  In this work, we explore these attacks deeper,  both how they are executed and how to defend against them.   

We first propose a novel micro-architectural extension, SpectreGuard, that takes a data-centric approach to the problem. SpectreGuard attempts to reduce the performance penalty that is common with Spectre defenses by allowing software and hardware to work together. This collaborative approach allows software to tag secrets at the page granularity, then the underlying hardware can optimize secret data for security, while optimizing all other data for performance. Our research shows that such a combined approach allows for the creation of processors that can both achieve a high level of security while maintaining high performance.

We then propose SpectreRewind, a novel strategy for executing speculative execution attacks. SpectreRewind reverses the flow of traditional speculative execution attacks, creating new covert channels that transmit secret data to instructions that appear to execute logically before the attack even takes place. We find this attack vector can bypass some state-of-the-art proposed hardware defenses, as well as increase attack surface for certain Meltdown-type attacks on existing machines. Our research into this area helps towards completing the understanding of speculative execution attacks so that defenses can be designed with the knowledge of all attack vectors.

In data mining, rule induction is a process of extracting formal rules from decision

tables, where the later are the tabulated observations, which typically consist of few

attributes, i.e., independent variables and a decision, i.e., a dependent variable. Each

tuple in the table is considered as a case, and there could be n number of cases for a

table specifying each observation. The efficiency of the rule induction depends on how

many cases are successfully characterized by the generated set of rules, i.e., ruleset.

There are different rule induction algorithms, such as LEM1, LEM2, MLEM2. In the real

world, datasets will be imperfect, inconsistent, and incomplete. MLEM2 is an efficient

algorithm to deal with such sorts of data, but the quality of rule induction largely

depends on the chosen classification strategy. We tried to compare the 16 classification

strategies of rule induction using MLEM2 on incomplete data. For this, we

implemented MLEM2 for inducing rulesets based on the selection of the type of

approximation, i.e., singleton, subset or concept, and the value of alpha for calculating

probabilistic approximations. A program called rule checker is used to calculate the

error rate based on the classification strategy specified. To reduce the anomalies, we

used ten-fold cross-validation to measure the error rate for each classification. Error

rates for the above strategies are being calculated for different datasets, compared, and

presented.​

Recent advances in waveform generation and in computational power have enabled the design and implementation of new complex radar waveforms. Still, even with these advances in computation, in a pulse agile mode, where the radar transmits unique waveforms at every pulse, the requirement to design physically robust waveforms which achieve good autocorrelation sidelobes, are spectrally contained, and have a constant amplitude envelope for high power operation, can require expensive computation equipment and can impede real time operation. This work addresses this concern in the context of FM noise waveforms which have been demonstrated in recent years in both simulation and in experiments to achieve low autocorrelation sidelobes through the high dimensionality of coherent integration when operating in a pulse agile mode. However while they are effective, the approaches to design these waveforms requires the optimization of each individual waveform making them subject to the concern above.

This dissertation takes a different approach. Since these FM noise waveforms are meant to be noise like in the first place, the waveforms here are instantiated as the sample functions of a stochastic process which has been specially designed to produce spectrally contained, constant amplitude waveforms with noise like cancellation of sidelobes. This makes the waveform creation process little more computationally expensive than pulling numbers from a random number generator (RNG) since the optimization designs a waveform generating function (WGF) itself rather than each waveform themselves. This goal is achieved by leveraging gradient descent optimization methods to reduce the expected frequency template error (EFTE) cost function for both the pulsed stochastic waveform generation (StoWGe) waveform model and a new CW version of StoWGe denoted CW-StoWGe. The effectiveness of these approaches and their ability to generate useful radar waveforms is analyzed using several stochastic waveform generation metrics developed here. The EFTE optimization is shown through simulation to produce WGFs which generate FM noise waveforms in both pulsed and CW modes which achieve good spectral containment and autocorrelation sidelobes. The resulting waveforms will be demonstrated in both loopback and in open-air experiments to be robust to physical implementation.

High-order numerical methods for solving PDEs have the potential to deliver higher solution accuracy at a lower cost than their low-order counterparts.  To fully leverage these high-order computational methods, they must be paired with a discretization of the domain that accurately captures key geometric features.  In the presence of curved boundaries, this requires a high-order curvilinear mesh.  Consequently, there is a lot of interest in high-order mesh generation methods.  The majority of such methods warp a high-order straight-sided mesh through the following three step process.  First, they add additional nodes to a low-order mesh to create a high-order straight-sided mesh.  Second, they move the newly added boundary nodes onto the curved domain (i.e., apply a boundary deformation).  Finally, they compute the new locations of the interior nodes based on the boundary deformation.  We have developed a mesh warping framework based on optimal weighted combinations of nodal positions.  Within our framework, we develop methods for optimal affine and convex combinations of nodal positions, respectively.  We demonstrate the effectiveness of the methods within our framework on a variety of high-order mesh generation examples in two and three dimensions.  As with many other methods in this area, the methods within our framework do not guarantee the generation of a valid mesh.  To address this issue, we have also developed two high-order mesh untangling methods.  These optimization-based untangling methods formulate unconstrained optimization problems for which the objective functions are based on the unsigned and signed angles of the curvilinear elements.  We demonstrate the results of our untangling methods on a variety of two-dimensional triangular meshes.

With the emergence of autonomous systems such as self-driving cars and drones, the need for high-performance real-time embedded systems is increasing. On the other hand, the physics of the autonomous systems constraints size, weight, and power consumption (known as SWaP constraints) of the embedded systems. A solution to satisfy the need for high performance while meeting the SWaP constraints is to incorporate multicore processors in real-time embedded systems. However, unlike unicore processors, in multicore processors, the memory system is shared between the cores. As a result, the memory system performance varies widely due to inter-core memory interference. This can lead to over-estimating the worst-case execution time (WCET) of the real-time tasks running on these processors, and therefore, under-utilizing the computation resources. In fact, recent studies have shown that real-time tasks can be slowed down more than 300 times due to inter-core memory interference.

In this work, we propose novel software and hardware extensions to multicore processors to bound the inter-core memory interference in order to reduce the pessimism of WCET and to improve time predictability. We introduce a novel memory abstraction, which we call Deterministic Memory, that cuts across various layers of the system: the application, OS, and hardware. The key characteristic of Deterministic Memory is that the platform—the OS and hardware—guarantees small and tightly bounded worst-case memory access timing.  Additionally, we propose a drop-in hardware IP that enables bounding the memory interference by per-core regulation of the memory access bandwidth at fine-grained time intervals. This new IP, which we call the Bandwidth Regulation Unit (BRU), does not require significant changes to the processor microarchitecture and can be seamlessly integrated with the existing microprocessors. Moreover, BRU has the ability to regulate the memory access bandwidth of multiple cores collectively to improve bandwidth utilization. As for future work, we plan to further improve bandwidth utilization by extending BRU to recognize memory requests accessing different levels of the memory hierarchy (e.g. LLC and DRAM). We propose to fully evaluate these extensions on open-source software and hardware and measure their effectiveness with realistic case studies.