Open Access. Powered by Scholars. Published by Universities.®

Digital Commons Network

Open Access. Powered by Scholars. Published by Universities.®

Information Security

Air Force Institute of Technology

Theses/Dissertations

2008

Articles 1 - 18 of 18

Full-Text Articles in Entire DC Network

Cyber Power In The 21st Century, Joseph M. Elbaum Dec 2008

Cyber Power In The 21st Century, Joseph M. Elbaum

Theses and Dissertations

Historically, the United States Congress has acknowledged that a separate branch of military service is required to exert supremacy over each of the recognized Domains of Operation. Throughout the evolution of modern warfare, leading minds in military theory have come to the conclusion that due to fundamental differences inherent in the theory and tactics that must be employed in order to successfully wage war within a domain’s associated environment, a specialized force was needed - until now. With the recent inclusion of Cyberspace as an operational domain by the Department of Defense, the case should be made that it, too, …

Go to article

Sub-Circuit Selection And Replacement Algorithms Modeled As Term Rewriting Systems, Eric D. Simonaire Dec 2008

Sub-Circuit Selection And Replacement Algorithms Modeled As Term Rewriting Systems, Eric D. Simonaire

Theses and Dissertations

Intent protection is a model of software obfuscation which, among other criteria, prevents an adversary from understanding the program’s function for use with contextual information. Relating this framework for obfuscation to malware detection, if a malware detector can perfectly normalize a program P and any obfuscation (variant) of the program O(P), the program is not intent protected. The problem of intent protection on programs can also be modeled as intent protection on combinational logic circuits. If a malware detector can perfectly normalize a circuit C and any obfuscation (variant) O(C) of the circuit, the circuit is not intent protected. In …

Go to article

Secureqemu: Emulation-Based Software Protection Providing Encrypted Code Execution And Page Granularity Code Signing, William B. Kimball Dec 2008

Secureqemu: Emulation-Based Software Protection Providing Encrypted Code Execution And Page Granularity Code Signing, William B. Kimball

Theses and Dissertations

This research presents an original emulation-based software protection scheme providing protection from reverse code engineering (RCE) and software exploitation using encrypted code execution and page-granularity code signing, respectively. Protection mechanisms execute in trusted emulators while remaining out-of-band of untrusted systems being emulated. This protection scheme is called SecureQEMU and is based on a modified version of Quick Emulator (QEMU) [5]. RCE is a process that uncovers the internal workings of a program. It is used during vulnerability and intellectual property (IP) discovery. To protect from RCE program code may have anti-disassembly, anti-debugging, and obfuscation techniques incorporated. These techniques slow the …

Go to article

Multi-Class Classification For Identifying Jpeg Steganography Embedding Methods, Benjamin M. Rodriguez Ii Aug 2008

Multi-Class Classification For Identifying Jpeg Steganography Embedding Methods, Benjamin M. Rodriguez Ii

Theses and Dissertations

Over 725 steganography tools are available over the Internet, each providing a method for covert transmission of secret messages. This research presents four steganalysis advancements that result in an algorithm that identifies the steganalysis tool used to embed a secret message in a JPEG image file. The algorithm includes feature generation, feature preprocessing, multi-class classification and classifier fusion. The first contribution is a new feature generation method which is based on the decomposition of discrete cosine transform (DCT) coefficients used in the JPEG image encoder. The generated features are better suited to identifying discrepancies in each area of the decomposed …

Go to article

Developing Network Situational Awareness Through Visualization Of Fused Intrusion Detection System Alerts, Serafin A. Avitia V Jun 2008

Developing Network Situational Awareness Through Visualization Of Fused Intrusion Detection System Alerts, Serafin A. Avitia V

Theses and Dissertations

With networks increasing in physical size, bandwidth, traffic volume, and malicious activity, network analysts are experiencing greater difficulty in developing network situational awareness. Traditionally, network analysts have used Intrusion Detection Systems to gain awareness but this method is outdated when analysts are unable to process the alerts at the rate they are being generated. Analysts are unwittingly placing the computer assets they are charged to protect at risk when they are unable to detect these network attacks. This research effort examines the theory, application, and results of using visualizations of fused alert data to develop network situational awareness. The fused …

Go to article

An Analysis Of Botnet Vulnerabilities, Sean W. Hudson Jun 2008

An Analysis Of Botnet Vulnerabilities, Sean W. Hudson

Theses and Dissertations

Botnets are a significant threat to computer networks and data stored on networked computers. The ability to inhibit communication between servers controlling the botnet and individual hosts would be an effective countermeasure. The objective of this research was to find vulnerabilities in Unreal IRCd that could be used to shut down the server. Analysis revealed that Unreal IRCd is a very mature and stable IRC server and no significant vulnerabilities were found. While this research does not eliminate the possibility that a critical vulnerability is present in the Unreal IRCd software, none were identified during this effort.

Go to article

Using Hierarchical Temporal Memory For Detecting Anomalous Network Activity, Gerod M. Bonhoff Mar 2008

Using Hierarchical Temporal Memory For Detecting Anomalous Network Activity, Gerod M. Bonhoff

Theses and Dissertations

This thesis explores the nature of cyberspace and forms an argument for it as an intangible world. This research is motivated by the notion of creating intelligently autonomous cybercraft to reside in that environment and maintain domain superiority. Specifically, this paper offers 7 challenges associated with development of intelligent, autonomous cybercraft. The primary focus is an analysis of the claims of a machine learning language called Hierarchical Temporal Memory (HTM). In particular, HTM theory claims to facilitate intelligence in machines via accurate predictions. It further claims to be able to make accurate predictions of unusual worlds, like cyberspace. The research …

Go to article

What Constitutes An Act Of War In Cyberspace, Kelli S. Kinley Mar 2008

What Constitutes An Act Of War In Cyberspace, Kelli S. Kinley

Theses and Dissertations

In December 2005 a new mission statement was released by the Air Force Leadership, "to deliver sovereign options for the defense of the United States of America and its global interests...to fly and fight in Air, Space and Cyberspace." (Wynne & Mosley, 2005) With the stand up of the AFCYBER command and the use of cyberspace to carry out our daily mission the U.S. needs to have a clear understanding of what war in cyberspace looks like and what the laws are governing war in cyberspace. This research and it's resulting data analysis is intended to provide a better understanding …

Go to article

Comparing Information Assurance Awareness Training For End-Users: A Content Analysis Examination Of Air Force And Defense Information Systems Agency User Training Modules, John W. Frugé Mar 2008

Comparing Information Assurance Awareness Training For End-Users: A Content Analysis Examination Of Air Force And Defense Information Systems Agency User Training Modules, John W. Frugé

Theses and Dissertations

Today, the threats to information security and assurance are great. While there are many avenues for IT professionals to safeguard against these threats, many times these defenses prove useless against typical system users. Mandated by laws and regulations, all government agencies and most private companies have established information assurance (IA) awareness programs, most of which include user training. Much has been given in the existing literature to laying out the guidance for the roles and responsibilities of IT professionals and higher level managers, but less is specified for "everyday" users of information systems. This thesis attempts to determine the content …

Go to article

A Delphi Study Assessing Long-Term Access To Electronic Medical Records (Emr), Byron D. Nicholson Mar 2008

A Delphi Study Assessing Long-Term Access To Electronic Medical Records (Emr), Byron D. Nicholson

Theses and Dissertations

This research effort addressed the issue of long-term access to electronic medical records as technological generations become obsolete, thereby preventing the access to patient health information. Using the Delphi methodology, experts with experience in electronic medical records and applicable systems provided insight based on their years of hands-on experience managing and/or using records and these systems. The end result of this research was a collection of ideas that medical institutions and medical informaticians must consider to ensure that patients and hospitals do not lose long-term access to electronic medical records as electronic medical records and technology continually evolves. Results of …

Go to article

Suspicion Modeling In Support Of Cyber-Influence Operations/Tactics, Henry G. Paguirigan Mar 2008

Suspicion Modeling In Support Of Cyber-Influence Operations/Tactics, Henry G. Paguirigan

Theses and Dissertations

Understanding the cognitive process of IT user suspicion may assist organizations in development of network protection plans, personnel training, and tools necessary to identify and mitigate nefarious intrusions of IT systems. Exploration of a conceptual common ground between psycho-social and technology-related concepts of suspicion are the heart of this investigation. The complexities involved in merging these perspectives led to the overall research question: What is the nature of user suspicion toward IT: The research problem/phenomenon was addressed via extensive literature review, and use of the Interactive Qualitative Analysis problem/phenomenon. Analysis of the system led to the development of a model …

Go to article

Software Assurance Best Practices For Air Force Weapon And Information Technology Systems - Are We Bleeding?, Ryan A. Maxon Mar 2008

Software Assurance Best Practices For Air Force Weapon And Information Technology Systems - Are We Bleeding?, Ryan A. Maxon

Theses and Dissertations

In the corporate world, "bits mean money," and as the Department of Defense (DoD) becomes more and more reliant on net-centric warfare, bits mean national security. Software security threats are very real, as demonstrated by the constant barrage of Internet viruses, worms, Trojans, and hackers seeking to exploit the latest vulnerability. Most organizations focus their resources on reactive defenses such as firewalls, antivirus software, and encryption, however as demonstrated by the numerous attacks that are successful, those post facto measures are not enough to stop the bleeding. The DoD defines software assurance (SwA) as the "level of confidence that software …

Go to article

An Examination Into How Group Performance Is Influenced By Various Communication Channels, Jason C. Norgaard Mar 2008

An Examination Into How Group Performance Is Influenced By Various Communication Channels, Jason C. Norgaard

Theses and Dissertations

This purpose of this research was to look at the how group performance is influenced by various communication channels. Specifically, this research sought to determine what communication factors are affected when groups are forced to use different communications channels. The three communications channels tested were face-to-face communications, audio conferencing, and computer-mediated communications through an Internet chat program. Each channel was measured on accuracy, efficiency, and total number of ideas generated. The research found that the groups using computer-mediated communications had a difficult time completing the exercises in the allotted time. Additionally, the computer-mediated produced significantly fewer total words and total …

Go to article

Composable Distributed Access Control And Integrity Policies For Query-Based Wireless Sensor Networks, David W. Marsh Mar 2008

Composable Distributed Access Control And Integrity Policies For Query-Based Wireless Sensor Networks, David W. Marsh

Theses and Dissertations

An expected requirement of wireless sensor networks (WSN) is the support of a vast number of users while permitting limited access privileges. While WSN nodes have severe resource constraints, WSNs will need to restrict access to data, enforcing security policies to protect data within WSNs. To date, WSN security has largely been based on encryption and authentication schemes. WSN Authorization Specification Language (WASL) is specified and implemented using tools coded in JavaTM. WASL is a mechanism{independent policy language that can specify arbitrary, composable security policies. The construction, hybridization, and composition of well{known security models is demonstrated and shown to preserve …

Go to article

Establishing The Human Firewall: Reducing An Individual's Vulnerability To Social Engineering Attacks, Jamison W. Scheeres Mar 2008

Establishing The Human Firewall: Reducing An Individual's Vulnerability To Social Engineering Attacks, Jamison W. Scheeres

Theses and Dissertations

Hackers frequently use social engineering attacks to gain a foothold into a target network. This type of attack is a tremendous challenge to defend against, as the weakness lies in the human users, not in the technology. Thus far, methods for dealing with this threat have included establishing better security policies and educating users on the threat that exists. Existing techniques aren’t working as evidenced by the fact that auditing agencies consider it a given that will be able to gain access via social engineering. The purpose of this research is to propose a better method of reducing an individual’s …

Go to article

Digital Signal Processing Leveraged For Intrusion Detection, Theodore J. Erickson Mar 2008

Digital Signal Processing Leveraged For Intrusion Detection, Theodore J. Erickson

Theses and Dissertations

This thesis describes the development and evaluation of a novel system called the Network Attack Characterization Tool (NACT). The NACT employs digital signal processing to detect network intrusions, by exploiting the Lomb-Scargle periodogram method to obtain a spectrum for sampled network traffic. The Lomb-Scargle method for generating a periodogram allows for the processing of unevenly sampled network data. This method for determining a periodogram has not yet been used for intrusion detection. The spectrum is examined to determine if features exist above a significance level chosen by the user. These features are considered an attack, triggering an alarm. Two traffic …

Go to article

Dod Role For Securing United States Cyberspace, Jane J. Griffin Mar 2008

Dod Role For Securing United States Cyberspace, Jane J. Griffin

Theses and Dissertations

The cyber attacks on Estonia in late April and the early weeks of May 2007 significantly crippled the country, preventing it from performing banking, communications, news reporting, government transactions and command and control activities. Estonia is considered a “Wired Society”, much like the United States. Both countries rely on the cyberspace infrastructure economically and politically. Estonia sought assistance outside the country to recover from and to address the attacks. The cyber attacks on Estonia focused world-wide attention on the effects that cyberspace attacks could have on countries. If a cyber attack of national significance occurred against the United States, what …

Go to article

An Analysis Of Information Asset Valuation (Iav) Quantification Methodology For Application With Cyber Information Mission Impact Assessment (Cimia), Denzil L. Hellesen Mar 2008

An Analysis Of Information Asset Valuation (Iav) Quantification Methodology For Application With Cyber Information Mission Impact Assessment (Cimia), Denzil L. Hellesen

Theses and Dissertations

The purpose of this research is to develop a standardized Information Asset Valuation (IAV) methodology. The IAV methodology proposes that accurate valuation for an Information Asset (InfoA) is the convergence of information tangible, intangible, and flow attributes to form a functional entity that enhances mission capability. The IAV model attempts to quantify an InfoA to a single value through the summation of weighted criteria. Standardizing the InfoA value criteria will enable decision makers to comparatively analyze dissimilar InfoAs across the tactical, operational, and strategic domains. This research develops the IAV methodology through a review of existing military and non-military valuation …

Go to article