-
Evaluating the Efficacy of Prompt-Engineered Large Multimodal Models Versus Fine-Tuned Vision Transformers in Image-Based Security Applications
Authors:
Fouad Trad,
Ali Chehab
Abstract:
The success of Large Language Models (LLMs) has led to a parallel rise in the development of Large Multimodal Models (LMMs), which have begun to transform a variety of applications. These sophisticated multimodal models are designed to interpret and analyze complex data by integrating multiple modalities such as text and images, thereby opening new avenues for a range of applications. This paper i…
▽ More
The success of Large Language Models (LLMs) has led to a parallel rise in the development of Large Multimodal Models (LMMs), which have begun to transform a variety of applications. These sophisticated multimodal models are designed to interpret and analyze complex data by integrating multiple modalities such as text and images, thereby opening new avenues for a range of applications. This paper investigates the applicability and effectiveness of prompt-engineered LMMs that process both images and text, including models such as LLaVA, BakLLaVA, Moondream, Gemini-pro-vision, and GPT-4o, compared to fine-tuned Vision Transformer (ViT) models in addressing critical security challenges. We focus on two distinct security tasks: 1) a visually evident task of detecting simple triggers, such as small pixel variations in images that could be exploited to access potential backdoors in the models, and 2) a visually non-evident task of malware classification through visual representations. In the visually evident task, some LMMs, such as Gemini-pro-vision and GPT-4o, have demonstrated the potential to achieve good performance with careful prompt engineering, with GPT-4o achieving the highest accuracy and F1-score of 91.9\% and 91\%, respectively. However, the fine-tuned ViT models exhibit perfect performance in this task due to its simplicity. For the visually non-evident task, the results highlight a significant divergence in performance, with ViT models achieving F1-scores of 97.11\% in predicting 25 malware classes and 97.61\% in predicting 5 malware families, whereas LMMs showed suboptimal performance despite iterative prompt improvements. This study not only showcases the strengths and limitations of prompt-engineered LMMs in cybersecurity applications but also emphasizes the unmatched efficacy of fine-tuned ViT models for precise and dependable tasks.
△ Less
Submitted 10 June, 2024; v1 submitted 26 March, 2024;
originally announced March 2024.
-
Digital Forensics vs. Anti-Digital Forensics: Techniques, Limitations and Recommendations
Authors:
Jean-Paul A. Yaacoub,
Hassan N. Noura,
Ola Salman,
Ali Chehab
Abstract:
The number of cyber attacks has increased tremendously in the last few years. This resulted into both human and financial losses at the individual and organization levels. Recently, cyber-criminals are leveraging new skills and capabilities by employing anti-forensics activities, techniques and tools to cover their tracks and evade any possible detection. Consequently, cyber-attacks are becoming m…
▽ More
The number of cyber attacks has increased tremendously in the last few years. This resulted into both human and financial losses at the individual and organization levels. Recently, cyber-criminals are leveraging new skills and capabilities by employing anti-forensics activities, techniques and tools to cover their tracks and evade any possible detection. Consequently, cyber-attacks are becoming more efficient and more sophisticated. Therefore, traditional cryptographic and non-cryptographic solutions and access control systems are no longer enough to prevent such cyber attacks, especially in terms of acquiring evidence for attack investigation. Hence, the need for well-defined, sophisticated, and advanced forensics investigation tools are highly required to track down cyber criminals and to reduce the number of cyber crimes. This paper reviews the different forensics and anti-forensics methods, tools, techniques, types, and challenges, while also discussing the rise of the anti-anti-forensics as a new forensics protection mechanism against anti-forensics activities. This would help forensics investigators to better understand the different anti-forensics tools, methods and techniques that cyber criminals employ while launching their attacks. Moreover, the limitations of the current forensics techniques are discussed, especially in terms of issues and challenges. Finally, this paper presents a holistic view from a literature point of view over the forensics domain and also helps other fellow colleagues in their quest to further understand the digital forensics domain.
△ Less
Submitted 31 March, 2021;
originally announced March 2021.
-
A Survey on Ethical Hacking: Issues and Challenges
Authors:
Jean-Paul A. Yaacoub,
Hassan N. Noura,
Ola Salman,
Ali Chehab
Abstract:
Security attacks are growing in an exponential manner and their impact on existing systems is seriously high and can lead to dangerous consequences. However, in order to reduce the effect of these attacks, penetration tests are highly required, and can be considered as a suitable solution for this task. Therefore, the main focus of this paper is to explain the technical and non-technical steps of…
▽ More
Security attacks are growing in an exponential manner and their impact on existing systems is seriously high and can lead to dangerous consequences. However, in order to reduce the effect of these attacks, penetration tests are highly required, and can be considered as a suitable solution for this task. Therefore, the main focus of this paper is to explain the technical and non-technical steps of penetration tests. The objective of penetration tests is to make existing systems and their corresponding data more secure, efficient and resilient. In other terms, pen testing is a simulated attack with the goal of identifying any exploitable vulnerability or/and a security gap. In fact, any identified exploitable vulnerability will be used to conduct attacks on systems, devices, or personnel. This growing problem should be solved and mitigated to reach better resistance against these attacks. Moreover, the advantages and limitations of penetration tests are also listed. The main issue of penetration tests that it is efficient to detect known vulnerabilities. Therefore, in order to resist unknown vulnerabilities, a new kind of modern penetration tests is required, in addition to reinforcing the use of shadows honeypots. This can also be done by reinforcing the anomaly detection of intrusion detection/prevention system. In fact, security is increased by designing an efficient cooperation between the different security elements and penetration tests.
△ Less
Submitted 28 March, 2021;
originally announced March 2021.
-
Automatic Target Detection for Sparse Hyperspectral Images
Authors:
Ahmad W. Bitar,
Jean-Philippe Ovarlez,
Loong-Fah Cheong,
Ali Chehab
Abstract:
In this work, a novel target detector for hyperspectral imagery is developed. The detector is independent on the unknown covariance matrix, behaves well in large dimensions, distributional free, invariant to atmospheric effects, and does not require a background dictionary to be constructed. Based on a modification of the robust principal component analysis (RPCA), a given hyperspectral image (HSI…
▽ More
In this work, a novel target detector for hyperspectral imagery is developed. The detector is independent on the unknown covariance matrix, behaves well in large dimensions, distributional free, invariant to atmospheric effects, and does not require a background dictionary to be constructed. Based on a modification of the robust principal component analysis (RPCA), a given hyperspectral image (HSI) is regarded as being made up of the sum of a low-rank background HSI and a sparse target HSI that contains the targets based on a pre-learned target dictionary specified by the user. The sparse component is directly used for the detection, that is, the targets are simply detected at the non-zero entries of the sparse target HSI. Hence, a novel target detector is developed, which is simply a sparse HSI generated automatically from the original HSI, but containing only the targets with the background is suppressed. The detector is evaluated on real experiments, and the results of which demonstrate its effectiveness for hyperspectral target detection especially when the targets are well matched to the surroundings.
△ Less
Submitted 5 March, 2020; v1 submitted 14 April, 2019;
originally announced April 2019.
-
Power Control and Channel Allocation for D2D Underlaid Cellular Networks
Authors:
Asmaa Abdallah,
Mohammad M. Mansour,
Ali Chehab
Abstract:
Device-to-Device (D2D) communications underlaying cellular networks is a viable network technology that can potentially increase spectral utilization and improve power efficiency for proximitybased wireless applications and services. However, a major challenge in such deployment scenarios is the interference caused by D2D links when sharing the same resources with cellular users. In this work, we…
▽ More
Device-to-Device (D2D) communications underlaying cellular networks is a viable network technology that can potentially increase spectral utilization and improve power efficiency for proximitybased wireless applications and services. However, a major challenge in such deployment scenarios is the interference caused by D2D links when sharing the same resources with cellular users. In this work, we propose a channel allocation (CA) scheme together with a set of three power control (PC) schemes to mitigate interference in a D2D underlaid cellular system modeled as a random network using the mathematical tool of stochastic geometry. The novel aspect of the proposed CA scheme is that it enables D2D links to share resources with multiple cellular users as opposed to one as previously considered in the literature. Moreover, the accompanying distributed PC schemes further manage interference during link establishment and maintenance. The first two PC schemes compensate for large-scale path-loss effects and maximize the D2D sum rate by employing distance-dependent pathloss parameters of the D2D link and the base station, including an error estimation margin. The third scheme is an adaptive PC scheme based on a variable target signal-to-interference-plus-noise ratio, which limits the interference caused by D2D users and provides sufficient coverage probability for cellular users. Closed-form expressions for the coverage probability of cellular links, D2D links, and sum rate of D2D links are derived in terms of the allocated power, density of D2D links, and path-loss exponent. The impact of these key system parameters on network performance is analyzed and compared with previous work. Simulation results demonstrate an enhancement in cellular and D2D coverage probabilities, and an increase in spectral and power efficiency.
△ Less
Submitted 2 March, 2018;
originally announced March 2018.
-
Large MIMO Detection Schemes Based on Channel Puncturing: Performance and Complexity Analysis
Authors:
H. Sarieddeen,
M. M. Mansour,
A. Chehab
Abstract:
A family of low-complexity detection schemes based on channel matrix puncturing targeted for large multiple-input multiple-output (MIMO) systems is proposed. It is well-known that the computational cost of MIMO detection based on QR decomposition is directly proportional to the number of non-zero entries involved in back-substitution and slicing operations in the triangularized channel matrix, whi…
▽ More
A family of low-complexity detection schemes based on channel matrix puncturing targeted for large multiple-input multiple-output (MIMO) systems is proposed. It is well-known that the computational cost of MIMO detection based on QR decomposition is directly proportional to the number of non-zero entries involved in back-substitution and slicing operations in the triangularized channel matrix, which can be too high for low-latency applications involving large MIMO dimensions. By systematically puncturing the channel to have a specific structure, it is demonstrated that the detection process can be accelerated by employing standard schemes such as chase detection, list detection, nulling-and-cancellation detection, and sub-space detection on the transformed matrix. The performance of these schemes is characterized and analyzed mathematically, and bounds on the achievable diversity gain and probability of bit error are derived. Surprisingly, it is shown that puncturing does not negatively impact the receive diversity gain in hard-output detectors. The analysis is extended to soft-output detection when computing per-layer bit log-likelihood ratios; it is shown that significant performance gains are attainable by ordering the layer of interest to be at the root when puncturing the channel. Simulations of coded and uncoded scenarios certify that the proposed schemes scale up efficiently both in the number of antennas and constellation size, as well as in the presence of correlated channels. In particular, soft-output per-layer sub-space detection is shown to achieve a 2.5dB SNR gain at $10^{-4}$ bit error rate in $256$-QAM $16\!\times\!16$ MIMO, while saving $77\%$ of nulling-and-cancellation computations.
△ Less
Submitted 5 December, 2017;
originally announced December 2017.
-
Efficient Implementation of a Recognition System Using the Cortex Ventral Stream Model
Authors:
Ahmad W. Bitar,
Mohammad M. Mansour,
Ali Chehab
Abstract:
In this paper, an efficient implementation for a recognition system based on the original HMAX model of the visual cortex is proposed. Various optimizations targeted to increase accuracy at the so-called layers S1, C1, and S2 of the HMAX model are proposed. At layer S1, all unimportant information such as illumination and expression variations are eliminated from the images. Each image is then con…
▽ More
In this paper, an efficient implementation for a recognition system based on the original HMAX model of the visual cortex is proposed. Various optimizations targeted to increase accuracy at the so-called layers S1, C1, and S2 of the HMAX model are proposed. At layer S1, all unimportant information such as illumination and expression variations are eliminated from the images. Each image is then convolved with 64 separable Gabor filters in the spatial domain. At layer C1, the minimum scales values are exploited to be embedded into the maximum ones using the additive embedding space. At layer S2, the prototypes are generated in a more efficient way using Partitioning Around Medoid (PAM) clustering algorithm. The impact of these optimizations in terms of accuracy and computational complexity was evaluated on the Caltech101 database, and compared with the baseline performance using support vector machine (SVM) and nearest neighbor (NN) classifiers. The results show that our model provides significant improvement in accuracy at the S1 layer by more than 10% where the computational complexity is also reduced. The accuracy is slightly increased for both approximations at the C1 and S2 layers.
△ Less
Submitted 21 November, 2017;
originally announced November 2017.
-
Modulation Classification via Subspace Detection in MIMO Systems
Authors:
Hadi Sarieddeen,
Mohammad M. Mansour,
Ali Chehab
Abstract:
The problem of efficient modulation classification (MC) in multiple-input multiple-output (MIMO) systems is considered. Per-layer likelihood-based MC is proposed by employing subspace decomposition to partially decouple the transmitted streams. When detecting the modulation type of the stream of interest, a dense constellation is assumed on all remaining streams. The proposed classifier outperform…
▽ More
The problem of efficient modulation classification (MC) in multiple-input multiple-output (MIMO) systems is considered. Per-layer likelihood-based MC is proposed by employing subspace decomposition to partially decouple the transmitted streams. When detecting the modulation type of the stream of interest, a dense constellation is assumed on all remaining streams. The proposed classifier outperforms existing MC schemes at a lower complexity cost, and can be efficiently implemented in the context of joint MC and subspace data detection.
△ Less
Submitted 11 October, 2016;
originally announced October 2016.