Scholarly Works, Electrical and Computer Engineering

Permanent URI for this collection

Research articles, presentations, and other scholarship


Recent Submissions

Now showing 1 - 20 of 835
  • Dynamics of mid-latitude sporadic-E and its impact on HF propagation in the North American sector
    Kunduri, Bharat Simha Reddy; Erickson, Philip; Baker, Joseph; Ruohoniemi, John (American Geophysical Union, 2023-09-16)
    Sporadic-E (Es) are thin layers of enhanced ionization observed in the E-region, typically between 95 and 120 km altitude. Es plays an important role in controlling the dynamics of the upper atmosphere and it is necessary to understand the geophysical factors influencing Es from both the scientific and operational perspectives. While the wind-shear theory is widely accepted as an important mechanism responsible for the generation of Es, there are still gaps in the current state of our knowledge. For example, we are yet to determine precisely how changes in the dynamics of horizontal winds impact the formation, altitude, and destruction of Es layers. In this study, we report results from a coordinated experimental campaign between the Millstone Hill Incoherent Scatter Radar, the SuperDARN radar at Blackstone, and the Millstone Hill Digisonde to monitor the dynamics of mid-latitude Es layers. We report observations during a 15-hr window between 13 UT on 3 June 2022 and 4 UT on 4 June 2022, which was marked by the presence of a strong Es layer. We find that the height of the Es layer is collocated with strong vertical shears in atmospheric tides and that the zonal wind shears play a more important role than meridional wind shears in generating Es, especially at lower altitudes. Finally, we show that in the presence of Es, SuperDARN ground backscatter moves to closer ranges, and the height and critical frequency of the Es layer have a significant impact on the location and intensity of HF ground scatter.
  • Building a Statewide Experiential Learning Portfolio in Cybersecurity
    DaSilva, Luiz A.; Durant, Liza Wilson; Mason, Jordan; Hayes, Sarah (2023-06-25)
    The growing workforce gap in cybersecurity, with an estimated 770 thousand job openings across the country, poses economic and national security risks. Meanwhile, women, African Americans, Native Americans, and Latinos are significantly underrepresented in the cyber workforce. With these two challenges in mind, and informed by research findings that experiential learning opportunities correlate with multiple positive job outcomes, we have built a statewide experiential learning portfolio open to students in more than 40 two-year and four-year colleges and universities across Virginia. Programs in our experiential learning portfolio generally fall under one of five categories: transdisciplinary experiential learning; internships; traineeships; cybersecurity competitions; and intensive training coupled with professional development activities. In this paper, we describe the structure of these programs and associated metrics. Early results indicate very high interest by students and employers, high retention rates in cybersecurity careers, and gains in participation by underrepresented groups.
  • STAMINA: Implementation and Evaluation of Software-Defined Millimeter Wave Initial Access
    Santos, Joao F.; Fathalla, Efat; Da Silva, Aloizio P.; Da Silva, Luiz A.; Kibilda, Jacek (IEEE, 2023-01-01)
    In this paper, we present a framework for experimentation in next-generation Initial Access (IA) procedures for Millimeter Wave (mmWave) and Terahertz (THz) communications called SofTwAre-defined Mmwave INitial Access (STAMINA). The IA procedure is one of the essential components for communication systems in high frequencies, enabling directional transmitters and receivers to acquire each other's relative orientation before data transmission. While effective in establishing communication, the existing IA procedure standardized by 3GPP consumes a significant amount of radio resources. Many research efforts have proposed enhancements over the current-generation IA procedure, e.g., leveraging non-uniform beam sweep sequences or adaptive codebooks. However, no existing experimental mmWave platforms support modifications in their standard-compliant IA procedures, preventing their utilization for conducting experimental research on next-generation IA procedures. Our software-defined mmWave framework addresses this gap by combining the flexibility of Software-defined Radios (SDRs) with the directionality of mmWave front-ends to perform customizable IA procedures. We demonstrate STAMINA's ability to control mmWave frontends correctly, its increased performance over traditional static experiments, and its flexibility to customize the IA parameters to achieve different objectives. Our results show that STAMINA provides experimenters with a flexible platform for performing experiments on next-generation IA procedures.
  • Reservoir based spiking models for univariate Time Series Classification
    Gaurav, Ramashish; Stewart, Terrence C.; Yi, Yang (Frontiers, 2023-06-08)
    A variety of advanced machine learning and deep learning algorithms achieve state-of-the-art performance on various temporal processing tasks. However, these methods are heavily energy inefficient—they run mainly on the power hungry CPUs and GPUs. Computing with Spiking Networks, on the other hand, has shown to be energy efficient on specialized neuromorphic hardware, e.g., Loihi, TrueNorth, SpiNNaker, etc. In this work, we present two architectures of spiking models, inspired from the theory of Reservoir Computing and Legendre Memory Units, for the Time Series Classification (TSC) task. Our first spiking architecture is closer to the general Reservoir Computing architecture and we successfully deploy it on Loihi; the second spiking architecture differs from the first by the inclusion of non-linearity in the readout layer. Our second model (trained with Surrogate Gradient Descent method) shows that non-linear decoding of the linearly extracted temporal features through spiking neurons not only achieves promising results, but also offers low computation-overhead by significantly reducing the number of neurons compared to the popular LSM based models—more than 40x reduction with respect to the recent spiking model we compare with. We experiment on five TSC datasets and achieve new SoTA spiking results (—as much as 28.607% accuracy improvement on one of the datasets), thereby showing the potential of our models to address the TSC tasks in a green energy-efficient manner. In addition, we also do energy profiling and comparison on Loihi and CPU to support our claims.
  • Properties of a Random Bipartite Geometric Associator Graph Inspired by Vehicular Networks
    Pandey, Kaushlendra; Gupta, Abhishek K.; Dhillon, Harpreet S.; Perumalla, Kanaka Raju (MDPI, 2023-12-04)
    We consider a point process (PP) generated by superimposing an independent Poisson point process (PPP) on each line of a 2D Poisson line process (PLP). Termed PLP-PPP, this PP is suitable for modeling networks formed on an irregular collection of lines, such as vehicles on a network of roads and sensors deployed along trails in a forest. Inspired by vehicular networks in which vehicles connect with their nearest wireless base stations (BSs), we consider a random bipartite associator graph in which each point of the PLP-PPP is associated with the nearest point of an independent PPP through an edge. This graph is equivalent to the partitioning of PLP-PPP by a Poisson Voronoi tessellation (PVT) formed by an independent PPP. We first characterize the exact distribution of the number of points of PLP-PPP falling inside the ball centered at an arbitrary location in R2 as well as the typical point of PLP-PPP. Using these distributions, we derive cumulative distribution functions (CDFs) and probability density functions (PDFs) of kth contact distance (CD) and the nearest neighbor distance (NND) of PLP-PPP. As intermediate results, we present the empirical distribution of the perimeter and approximate distribution of the length of the typical chord of the zero-cell of this PVT. Using these results, we present two close approximations of the distribution of node degree of the random bipartite associator graph. In a vehicular network setting, this result characterizes the number of vehicles connected to each BS, which models its load. Since each BS has to distribute its limited resources across all the vehicles connected to it, a good statistical understanding of load is important for an efficient system design. Several applications of these new results to different wireless network settings are also discussed.
  • Exact and Paraxial Broadband Airy Wave Packets in Free Space and a Temporally Dispersive Medium
    Besieris, Ioannis M.; Saari, Peeter (MDPI, 2024-01-21)
    A question of physical importance is whether finite-energy spatiotemporally localized (i.e., pulsed) generalizations of monochromatic accelerating Airy beams are feasible. For luminal solutions, this question has been answered within the framework of paraxial geometry. The time-diffraction technique that has been motivated by the Lorentz invariance of the equation governing the narrow angular spectrum and narrowband temporal spectrum paraxial approximation has been used to derive finite-energy spatiotemporally confined subluminal, luminal, and superluminal Airy wave packets. The goal in this article is to provide novel exact finite-energy broadband spatio-temporally localized Airy solutions (a) to the scalar wave equation in free space; (b) in a dielectric medium moving at its phase velocity; and (c) in a lossless second-order temporally dispersive medium. Such solutions can be useful in practical applications involving broadband (few-cycle) wave packets.
  • Room-Temperature Intrinsic and Extrinsic Damping in Polycrystalline Fe Thin Films
    Wu, Shuang; Smith, David A.; Nakarmi, Prabandha; Rai, Anish; Clavel, Michael; Hudait, Mantu K.; Zhao, Jing; Michel, F. Marc; Mewes, Claudia; Mewes, Tim; Emori, Satoru (2021-09-08)
    We examine room-temperature magnetic relaxation in polycrystalline Fe films. Out-of-plane ferromagnetic resonance (FMR) measurements reveal Gilbert damping parameters of $\approx$ 0.0024 for Fe films with thicknesses of 4-25 nm, regardless of their microstructural properties. The remarkable invariance with film microstructure strongly suggests that intrinsic Gilbert damping in polycrystalline metals at room temperature is a local property of nanoscale crystal grains, with limited impact from grain boundaries and film roughness. By contrast, the in-plane FMR linewidths of the Fe films exhibit distinct nonlinear frequency dependences, indicating the presence of strong extrinsic damping. To fit our in-plane FMR data, we have used a grain-to-grain two-magnon scattering model with two types of correlation functions aimed at describing the spatial distribution of inhomogeneities in the film. However, neither of the two correlation functions is able to reproduce the experimental data quantitatively with physically reasonable parameters. Our findings advance the fundamental understanding of intrinsic Gilbert damping in structurally disordered films, while demonstrating the need for a deeper examination of how microstructural disorder governs extrinsic damping.
  • Multi-tier dynamic sampling weak RF signal estimation theory
    Smith, Brett; Lanzerotti, Mary (2024-01-06)
    This paper presents a theoretical analysis in discrete time for a multi-tier weak radiofrequency (RF) signal estimation process with N simultaneous signals. Discrete time dynamic sampling is introduced and is shown to provide the capability to extract signal parameter values with increased accuracy compared with accuracy of estimates obtained in prior work. This paper advances phase measurement approaches by proposing discrete time dynamic sampling which our paper shows offers the desirable capability for more accurate weak signal parameter estimates. For N = 2 simultaneous signals with a strong signal at 850 MHz and a weak signal at 855 MHz, the results show that dynamically sampling the instantaneous frequency at 24 times the Nyquist rate provides weak signal frequency estimates that are within 1.7 x 10 -5 of the actual weak signal frequency and weak signal amplitude estimates that are within 428 PPM of the actual weak signal amplitude. Results are also presented for situations with N = 2 simultaneous 5G signals. In one case, the strong signal is 3950 MHz, and the weak signal is 3955 MHz; in the other case the strong case is 5950 MHz, and the weak signal is 5955 MHz. The results for these cases show that estimates obtained with dynamic sampling are more accurate than estimates provided using a single sample rate of 65 MSPS. This work has promising applications for weak signal parameters estimation using instantaneous frequency measurements.
  • A Multi-Sensor Stochastic Energy-Based Vibro-Localization Technique with Byzantine Sensor Elimination
    Ambarkutuk, Murat; Alajlouni, Sa’ed; Tarazaga, Pablo A.; Plassmann, Paul E. (MDPI, 2023-11-21)
    This paper presents an occupant localization technique that determines the location of individuals in indoor environments by analyzing the structural vibrations of the floor caused by their footsteps. Structural vibration waves are difficult to measure as they are influenced by various factors, including the complex nature of wave propagation in heterogeneous and dispersive media (such as the floor) as well as the inherent noise characteristics of sensors observing the vibration wavefronts. The proposed vibration-based occupant localization technique minimizes the errors that occur during the signal acquisition time. In this process, the likelihood function of each sensor—representing where the occupant likely resides in the environment—is fused to obtain a consensual localization result in a collective manner. In this work, it becomes evident that the above sources of uncertainties can render certain sensors deceptive, commonly referred to as “Byzantines.” Because the ratio of Byzantines among the set sensors defines the success of the collective localization results, this paper introduces a Byzantine sensor elimination (BSE) algorithm to prevent the unreliable information of Byzantine sensors from affecting the location estimations. This algorithm identifies and eliminates sensors that generate erroneous estimates, preventing the influence of these sensors on the overall consensus. To validate and benchmark the proposed technique, a set of previously conducted controlled experiments was employed. The empirical results demonstrate the proposed technique’s significant improvement (3~0%) over the baseline approach in terms of both accuracy and precision.
  • Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information
    Zeng, Yi; Pan, Minzhou; Just, Hoang Anh; Lyu, Lingjuan; Qiu, Meikang; Jia, Ruoxi (ACM, 2023-11-15)
    Backdoor attacks introduce manipulated data into a machine learning model's training set, causing the model to misclassify inputs with a trigger during testing to achieve a desired outcome by the attacker. For backdoor attacks to bypass human inspection, it is essential that the injected data appear to be correctly labeled. The attacks with such property are often referred to as "clean-label attacks." The success of current clean-label backdoor methods largely depends on access to the complete training set. Yet, accessing the complete dataset is often challenging or unfeasible since it frequently comes from varied, independent sources, like images from distinct users. It remains a question of whether backdoor attacks still present real threats. In this paper, we provide an affirmative answer to this question by designing an algorithm to launch clean-label backdoor attacks using only samples from the target class and public out-of-distribution data. By inserting carefully crafted malicious examples totaling less than 0.5% of the target class size and 0.05% of the full training set size, we can manipulate the model to misclassify arbitrary inputs into the target class when they contain the backdoor trigger. Importantly, the trained poisoned model retains high accuracy for regular test samples without the trigger, as if the model is trained on untainted data. Our technique is consistently effective across various datasets, models, and even when the trigger is injected into the physical world. We explore the space of defenses and find that Narcissus can evade the latest state-of-the-art defenses in their vanilla form or after a simple adaptation. We analyze the effectiveness of our attack - the synthesized Narcissus trigger contains durable features as persistent as the original target class features. Attempts to remove the trigger inevitably hurt model accuracy first.
  • SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution
    Wang, Yuanpeng; Zhang, Ziqi; He, Ningyu; Zhong, Zhineng; Guo, Shengjian; Bao, Qinkun; Li, Ding; Guo, Yao; Chen, Xiangqun (ACM, 2023-11-15)
    Intel Security Guard Extensions (SGX) have shown effectiveness in critical data protection. Recent symbolic execution-based techniques reveal that SGX applications are susceptible to memory corruption vulnerabilities. While existing approaches focus on conventional memory corruption in ECalls of SGX applications, they overlook an important type of SGX dedicated vulnerability: cross-boundary pointer vulnerabilities. This vulnerability is critical for SGX applications since they heavily utilize pointers to exchange data between secure enclaves and untrusted environments. Unfortunately, none of the existing symbolic execution approaches can effectively detect cross-boundary pointer vulnerabilities due to the lack of an SGX-specific analysis model that properly handles three unique features of SGX applications: Multi-entry Arbitrary-order Execution, Stateful Execution, and Context-aware Pointers. To address such problems, we propose a new analysis model named Global State Transition Graph with Context Aware Pointers (GSTG-CAP) that simulates properties-preserving execution behaviors for SGX applications and drives symbolic execution for vulnerability detection. Based on GSTG-CAP, we build a novel symbolic execution-based vulnerability detector named SYMGX to detect cross-boundary pointer vulnerabilities. According to our evaluation, SYMGX can find 30 0-DAY vulnerabilities in 14 open-source projects, three of which have been confirmed by developers. SYMGX also outperforms two state-of-the-art tools, COIN and TeeRex, in terms of effectiveness, efficiency, and accuracy.
  • DynaCut: A Framework for Dynamic and Adaptive Program Customization
    Mahurkar, Abhijit; Wang, Xiaoguang; Zhang, Hang; Ravindran, Binoy (ACM, 2023-11-27)
    Software is becoming increasingly complex and feature-rich, yet only part of any given codebase is frequently used. Existing software customization and debloating approaches target static binaries, focusing on feature discovery, control-flow analysis, and binary rewriting. As a result, the customized program binary has a smaller attack surface as well as less available functionality. This means that once a software’s use scenario changes, the customized binary may not be usable. This paper presents DynaCut, for dynamic software code customization. DynaCut can disable “not being used” code features during software runtime and re-enable them when required again. DynaCut works at the binary level; no source code is needed. To achieve its goal, DynaCut includes a dynamic process rewriting technique that seamlessly and transparently updates the image of a running process, with specific code features blocked or re-enabled. To help identify potentially unused code, DynaCut employs an execution trace-based differential analysis to pinpoint the code related to specific software features, which can be dynamically turned on/off based on user configuration. We also develop automatic methods to locate code that is only temporally used (e.g., initialization code), which can be dropped in a timely manner (e.g., after the initialization phase). We prototype DynaCut and evaluate it using 3 widely used server applications and the SPECint2017_speed benchmark suite. The result shows that, compared to existing static binary customization approaches, DynaCut removes an additional 10% of code on average and up to 56% of temporally executed code due to the dynamic code customization.
  • TUNEOPT: An Evolutionary Reinforcement Learning HVAC Controller For Energy-Comfort Optimization Tuning
    Meimand, Mostafa; Khattar, Vanshaj; Yazdani, Zahra; Jazizadeh, Farrokh; Jin, Ming (ACM, 2023-11-15)
    HVAC systems account for the majority of energy consumption in buildings. Efficient control of HVAC systems can reduce energy consumption and enhance occupants’ comfort. In the existing literature, energy-comfort or cost-comfort co-optimization frameworks commonly involve manual tuning of the balancing coefficient between energy and comfort through parameter tuning by an expert. Nevertheless, achieving the optimal balance between energy usage and occupant comfort remains challenging. This limitation restricts the generalizability of different formulations across various scenarios or testing on different environments. In this paper, we propose an implicit evolutionary Reinforcement Learning (RL) approach to learn and adapt the trade-off parameter of an energy-comfort optimization formulation. We have developed a predictive comfortenergy co-optimization formulation for controlling the setpoint of a building. The RL agent utilizes a novel guidance-induced random search method to learn the energy-comfort trade-off coefficient and guide the optimization formulation. The reward function of the RL model is energy productivity (comfort over energy consumption). To evaluate the feasibility of our proposed approach, we conducted experiments on a real-world testbed - i.e., an apartment unit. Our feasibility study shows that the proposed approach can learn an optimal control parameter and reduce energy consumption by 24.3% while decreasing comfort by only 1% compared to the baseline.
  • Better Side-Channel Attacks Through Measurements
    Singh, Alok K.; Gerdes, Ryan M. (ACM, 2023-11-30)
    In recent years, there has been a growing focus on improving the efficiency of the power side-channel analysis (SCA) attack by using machine learning or artificial intelligence methods, however, they can only be as good as the data they are trained on. Previous work has not given much attention to improving the accuracy of measurements by optimizing the measurement setup and the parameters, and most new researchers rely on heuristics to make measurements. This paper proposes an effective methodology to launch power SCA and increase the efficiency of the attack by improving the measurements. We examine the heuristics related to measurement parameters, investigate ways to optimize the parameters, determine their effects empirically, and provide a theoretical analysis to support the findings. To demonstrate the shortcomings of commercial measurement devices, we present a low-cost measurement board design and its hardware realization. In doing so, we are able to improve the power measurements, by optimizing the measurement setup, which in turn improves the efficiency of the attack.
  • Software and Behavior Diversification for Swarm Robotics Systems
    Li, Ao; Chang, Sinyin; Li, Guorui; Chang, Yuanhaur; Fisher, Nathan; Chantem, Thidapat (Tam) (ACM, 2023-11-26)
    Inspired by natural swarms, swarm robotics systems are used in safety-critical tasks due to their scalability, redundancy, and adaptability. However, their design exposes them to two primary vulnerabilities. First, their homogeneity makes them vulnerable to large-scale attacks. Second, logical flaws within swarm algorithms can be exploited, leading to mission failures or crashes. While existing studies can effectively identify these vulnerabilities using system testing and verification, they are often time-consuming and might require repetition following software updates. To this end, we propose a complementary, two-level diversification approach. The first level tackles system homogeneity through software diversification. The second level introduces algorithmic randomness to minimize the exploitability of logical flaws. By leveraging a social force model, we can ensure that the introduced randomized behaviors do not compromise safety. Our evaluations show that the performance overheads remain within acceptable limits, notably at 2% for missions characterized by self-organizing behaviors.
  • The Road to Ultra Reliability in Future Networks
    DaSilva, Luiz A.; Kibilda, Jacek; Gomes, Andre (2023-11-14)
  • SoK: Fault Injection Attacks on Cryptosystems
    Chiu, Tinghung; Xiong, Wenjie (ACM, 2023-10-29)
    Fault injection attacks are a powerful technique that intentionally induces faults during cryptographic computations to leak secret information. This paper provides a survey of fault attack techniques on different cryptosystems. The fault attack consists of two main components: fault modeling, which examines methods for injecting faults in a target device, and fault analysis, which analyzes the resulting faulty outputs to deduce secrets in each cryptosystem. We first categorize various fault attack methods by fault model and fault analysis.We then give examples of the various fault attacks on symmetric key cryptosystems and public key cryptosystems. This paper aims to provide a background on fault attack research and directions for further study on securing real-world cryptosystems against fault injection attacks.
  • Dial "N" for NXDomain: The Scale, Origin, and Security Implications of DNS Queries to Non-Existent Domains
    Liu, Guannan; Jin, Lin; Hao, Shuai; Zhang, Yubao; Liu, Daiping; Stavrou, Angelos; Wang, Haining (ACM, 2023-10-24)
    Non-Existent Domain (NXDomain) is one type of the Domain Name System (DNS) error responses, indicating that the queried domain name does not exist and cannot be resolved. Unfortunately, little research has focused on understanding why and how NXDomain responses are generated, utilized, and exploited. In this paper, we conduct the first comprehensive and systematic study on NXDomain by investigating its scale, origin, and security implications. Utilizing a large-scale passive DNS database, we identify 146,363,745,785 NXDomains queried by DNS users between 2014 and 2022. Within these 146 billion NXDomains, 91 million of them hold historic WHOIS records, of which 5.3 million are identified as malicious domains including about 2.4 million blocklisted domains, 2.8 million DGA (Domain Generation Algorithms) based domains, and 90 thousand squatting domains targeting popular domains. To gain more insights into the usage patterns and security risks of NXDomains, we register 19 carefully selected NXDomains in the DNS database, each of which received more than ten thousand DNS queries per month. We then deploy a honeypot for our registered domains and collect 5,925,311 incoming queries for 6 months, from which we discover that 5,186,858 and 505,238 queries are generated from automated processes and web crawlers, respectively. Finally, we perform extensive traffic analysis on our collected data and reveal that NXDomains can be misused for various purposes, including botnet takeover, malicious file injection, and residue trust exploitation.
  • PrivMon: A Stream-Based System for Real-Time Privacy Attack Detection for Machine Learning Models
    Ko, Myeongseob; Yang, Xinyu; Ji, Zhengjie; Just, Hoang Anh; Gao, Peng; Kumar, Anoop; Jia, Ruoxi (ACM, 2023-10-16)
    Machine learning (ML) models can expose the private information of training data when confronted with privacy attacks. Specifically, a malicious user with black-box access to a ML-as-a-service platform can reconstruct the training data (i.e., model inversion attacks) or infer the membership information (i.e., membership inference attacks) simply by querying the ML model. Despite the pressing need for effective defenses against privacy attacks with black-box access, existing approaches have mostly focused on enhancing the robustness of the ML model via modifying the model training process or the model prediction process. These defenses can compromise model utility and require the cooperation of the underlying AI platform (i.e., platform-dependent). These constraints largely limit the real-world applicability of existing defenses. Despite the prevalent focus on improving the model’s robustness, none of the existing works have focused on the continuous protection of already deployed ML models from privacy attacks by detecting privacy leakage in real-time. This defensive task becomes increasingly important given the vast deployment of MLas- a-service platforms these days. To bridge the gap, we propose PrivMon, a new stream-based system for real-time privacy attack detection for ML models. To facilitate wide applicability and practicality, PrivMon defends black-box ML models against a wide range of privacy attacks in a platform-agnostic fashion: PrivMon only passively monitors model queries without requiring the cooperation of the model owner or the AI platform. Specifically, PrivMon takes as input a stream of ML model queries and provides an efficient attack detection engine that continuously monitors the stream to detect the privacy attack in real-time, by identifying self-similar malicious queries. We show empirically and theoretically that PrivMon can detect a wide range of realistic privacy attacks within a practical time frame and successfully mitigate the attack success rate. Code is available at