Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 7 of 7
Full-Text Articles in Engineering
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
Theses and Dissertations
Cooperative agent and robot systems are designed so that each is working toward the same common good. The problem is that the software systems are extremely complex and can be subverted by an adversary to either break the system or potentially worse, create sneaky agents who are willing to cooperate when the stakes are low and take selfish, greedy actions when the rewards rise. This research focuses on the ability of a group of agents to reason about the trustworthiness of each other and make decisions about whether to cooperate. A trust-based interactive partially observable Markov decision process (TI-POMDP) is …
Physical Layer Defenses Against Primary User Emulation Attacks, Joan A. Betances
Physical Layer Defenses Against Primary User Emulation Attacks, Joan A. Betances
Theses and Dissertations
Cognitive Radio (CR) is a promising technology that works by detecting unused parts of the spectrum and automatically reconfiguring the communication system's parameters in order to operate in the available communication channels while minimizing interference. CR enables efficient use of the Radio Frequency (RF) spectrum by generating waveforms that can coexist with existing users in licensed spectrum bands. Spectrum sensing is one of the most important components of CR systems because it provides awareness of its operating environment, as well as detecting the presence of primary (licensed) users of the spectrum.
Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan
Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan
Theses and Dissertations
Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a …
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
Theses and Dissertations
The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage …
Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji
Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji
Theses and Dissertations
This work presents a hybrid network-host monitoring strategy, which fuses data from both the network and the host to recognize malware infections. This work focuses on three categories: Normal, Scanning, and Infected. The network-host sensor fusion is accomplished by extracting 248 features from network traffic using the Fullstats Network Feature generator and from the host using text mining, looking at the frequency of the 500 most common strings and analyzing them as word vectors. Improvements to detection performance are made by synergistically fusing network features obtained from IP packet flows and host features, obtained from text mining port, processor, logon …
Multi-Objective Constraint Satisfaction For Mobile Robot Area Defense, Kenneth W. Mayo
Multi-Objective Constraint Satisfaction For Mobile Robot Area Defense, Kenneth W. Mayo
Theses and Dissertations
In developing multi-robot cooperative systems, there are often competing objectives that need to be met. For example in automating area defense systems, multiple robots must work together to explore the entire area, and maintain consistent communications to alert the other agents and ensure trust in the system. This research presents an algorithm that tasks robots to meet the two specific goals of exploration and communication maintenance in an uncoordinated environment reducing the need for a user to pre-balance the objectives. This multi-objective problem is defined as a constraint satisfaction problem solved using the Non-dominated Sorting Genetic Algorithm II (NSGA-II). Both …
Digital Signal Processing Leveraged For Intrusion Detection, Theodore J. Erickson
Digital Signal Processing Leveraged For Intrusion Detection, Theodore J. Erickson
Theses and Dissertations
This thesis describes the development and evaluation of a novel system called the Network Attack Characterization Tool (NACT). The NACT employs digital signal processing to detect network intrusions, by exploiting the Lomb-Scargle periodogram method to obtain a spectrum for sampled network traffic. The Lomb-Scargle method for generating a periodogram allows for the processing of unevenly sampled network data. This method for determining a periodogram has not yet been used for intrusion detection. The spectrum is examined to determine if features exist above a significance level chosen by the user. These features are considered an attack, triggering an alarm. Two traffic …