Top Banner
Use of Generalized Hough Transform on interpretaon of memory dumps Paulo R. Nunes de Souza Pavel Gladyshev
21

Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Nov 08, 2018

Download

Documents

doanmien
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Use of Generalized Hough Transform on interpretation of memory dumps

Paulo R. Nunes de Souza

Pavel Gladyshev

Page 2: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

What is partial data?

• Incomplete data

• Partially corrupted data

• Data without required code/algorithm

• Data of unknown source

Page 3: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

What does it look like?

Page 4: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Word puzzle

Page 5: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Requirements

• Tolerance to noisy data;

• Tolerance to partial data corruption;

• Flexibility to define the structure being searched.

• Suitable candidate: Hough Transform

Page 6: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Hough Transform

Page 7: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Encoding

Page 8: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Model

Page 9: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Model

Page 10: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Data types

Page 11: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Probabilities Pse(k|w,b)

Page 12: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

R-table

Page 13: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

R-table

FFFF IIII IIII CCPP RRRR FFFF IIII IIII RRRR

Page 14: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Accumulation

If C > Ct , increment accumulation table at

position i+a.

Page 15: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Peak detection

• Local maxima above threshold H

• Positions of dump where structure was identified

Page 16: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Tests

• Randomly created 100 distinct dumps

• Each dump with 4 kb in size

• Randomly choose one of the types in T

• Then a random value of the chosen type was inserted in the dump

• Repeat this until a 4kb dump was created

• The last step was to insert instances of the structure of interest across the previously created dumps.

• The position and quantity of those structures were also randomly chosen

• Each dump and the positions of the structure of interest were saved to respective files

Page 17: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Tests

• For each of the 100 dumps, another 100 versions of them were created

• One file for each level of added noise. Starting at 0% for each 0.1% step until reaching 10%

• At the end, we have 101 versions of each of the 100 dumps

• Total of 10100 test dumps

Page 18: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Results

Page 19: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Conclusions

• Tolerance to noisy data

• Flexibility to identify structure of interest

• The structure of interest was correctly spotted in 99.8% of the tests with no noise

• The structure of interest was correctly spotted in 20% of the cases with 10% of noise.

• The downside is the high false positive rate.

• Applicable beyond memory realm

Page 20: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Follow ups

• Hough-Forensic DSI

• PNG filecarving

Page 21: Use of Generalized Hough Transform on interpretation of ... · Use of Generalized Hough Transform on interpretation of memory dumps Paulo R. Nunes de Souza ... FFFF IIII IIII CCPP

Thank you


Related Documents
Image Transforms - Hough Transformweb.ipac.caltech.edu/staff/fmasci/home/astro_refs/HoughTrans_review.pdfHough Transform Common Names: Hough transform Brief Description The Hough transform

Image Transforms - Hough...

Category: Documents
Angela hough

Angela hough

Category: Self Improvement
Volume 2 Issue 1 March 2009 PADDY HOUGH HOUGH PARADE! · Hough Principal, T. Sean McMillan, partnered with the Hough Foundation three years ago to bring a mental health professional

Volume 2 Issue 1 March 2009 PADDY HOUGH HOUGH PARADE! ·...

Category: Documents
GENERALIZED HOUGH TRANSFORM. Recap on classical Hough Transform 1.In detecting lines – The parameters and were found out relative to the origin (0,0)

GENERALIZED HOUGH TRANSFORM. Recap on classical Hough...

Category: Documents
Hough Transform

Hough Transform

Category: Documents
Understanding the Hough transform: Hough cell support and ...hjemmesider.diku.dk/~khan/pub/IVC15-1997-pre.pdf · Hough transform, Curvedetection, Hough space cell support, Bias, Parameter

Understanding the Hough transform: Hough cell support and...

Category: Documents
2011. 1009 Generalized Hough 1

2011. 1009 Generalized Hough 1

Category: Documents
Image and Vision Computing 25 (2007) 1802–1813 Deformation tolerant generalized Hough transform for sketch-based image retrieval in complex scenes M. Anelli,

Image and Vision Computing 25 (2007) 1802–1813 Deformation...

Category: Documents
A FAST RANDOMIZED GENERALIZED HOUGH TRANSFORM FOR ...

A FAST RANDOMIZED GENERALIZED HOUGH TRANSFORM FOR ...

Category: Documents
Universidad de Boyacá · Segunda Convocatoria Programa de Inmersión al Inglés liikiii iiii iiii 'ii iiii iiii iiii iiii t;niiersidad de Massachusetts. Boston. Estados Unidos La

Universidad de Boyacá · Segunda Convocatoria Programa de....

Category: Documents
SSSS TTTT OOOO RRRR IIII AAAA IIII NNNN FFFF OOOO RRRR MMMM AAAA TTTT IIII CCCC AAAA BBBB IIII OOOO LLLL OOOO GGGG IIII AAAA IIII NNNN GGGG LLLL EEEE SSSS.

SSSS TTTT OOOO RRRR IIII AAAA IIII NNNN FFFF OOOO RRRR MMMM....

Category: Documents
111M IIII III II II IIIIIIII IIII IIII11111111111111 IIII ...11111 iii ~ii 111m iiii iii ii ii iiiiiiii iiii iiii11111111111111 iiii ~iiii 11111 iiiiii bi iiiiiii iiiiiii ii iiii iiii

111M IIII III II II IIIIIIII IIII IIII11111111111111 IIII...

Category: Documents