Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Computer networks--Security measures (21)
- Computer security (11)
- #antcenter (7)
- Center_CCR (7)
- Cybersecurity (7)
-
- Cryptography (4)
- Data protection (4)
- Industrial control systems (3)
- SCADA (3)
- Cyberterrorism--Prevention (2)
- Data encryption (Computer science) (2)
- Decision confidence (2)
- Electronic alarm systems (2)
- Malware (Computer software) (2)
- Mobile computing (2)
- Network security (2)
- Privacy (2)
- Wireless LANs (2)
- Wireless communication systems (2)
- Abstract intrepretation (1)
- Ad hoc networks (Computer networks)--Security measures (1)
- Android (1)
- Anomaly detection (1)
- Anomaly detection (Computer networks) (1)
- Anti-Malware (1)
- Authentication (1)
- Automation (1)
- Automotive security (1)
- Behavior patterns (1)
- Blockchain (1)
- Publication Year
- Publication Type
Articles 1 - 30 of 87
Full-Text Articles in Engineering
Passive Physical Layer Distinct Native Attribute Cyber Security Monitor, Christopher M. Rondeau, Michael A. Temple, Juan Lopez Jr, J. Addison Betances
Passive Physical Layer Distinct Native Attribute Cyber Security Monitor, Christopher M. Rondeau, Michael A. Temple, Juan Lopez Jr, J. Addison Betances
AFIT Patents
A method for cyber security monitor includes monitoring a network interface that is input-only configured to surreptitiously and covertly receive bit-level, physical layer communication between networked control and sensor field devices. During a training mode, a baseline distinct native attribute (DNA) fingerprint is generated for each networked field device. During a protection mode, a current DNA fingerprint is generated for each networked field device. The current DNA fingerprint is compared to the baseline DNA fingerprint for each networked field device. In response to detect at least one of RAA and PAA based on a change in the current DNA fingerprint …
Malware Detection Using Electromagnetic Side-Channel Analysis, Matthew A. Bergstedt
Malware Detection Using Electromagnetic Side-Channel Analysis, Matthew A. Bergstedt
Theses and Dissertations
Many physical systems control or monitor important applications without the capacity to monitor for malware using on-device resources. Thus, it becomes valuable to explore malware detection methods for these systems utilizing external or off-device resources. This research investigates the viability of employing EM SCA to determine whether a performed operation is normal or malicious. A Raspberry Pi 3 was set up as a simulated motor controller with code paths for a normal or malicious operation. While the normal path only calculated the motor speed before updating the motor, the malicious path added a line of code to modify the calculated …
Securing Infiniband Networks With End-Point Encryption, Noah B. Diamond
Securing Infiniband Networks With End-Point Encryption, Noah B. Diamond
Theses and Dissertations
The NVIDIA-Mellanox Bluefield-2 is a 100 Gbps high-performance network interface which offers hardware offload and acceleration features that can operate directly on network traffic without routine involvement from the ARM CPU. This allows the ARM multi-core CPU to orchestrate the hardware to perform operations on both Ethernet and RDMA traffic at high rates rather than processing all the traffic directly. A testbed called TNAP was created for performance testing and a MiTM verification process called MiTMVMP is used to ensure proper network configuration. The hardware accelerators of the Bluefield-2 support a throughput of nearly 86 Gbps when using IPsec to …
Traffic Collision Avoidance System: False Injection Viability, John Hannah, Robert F. Mills, Richard A. Dill, Douglas D. Hodson
Traffic Collision Avoidance System: False Injection Viability, John Hannah, Robert F. Mills, Richard A. Dill, Douglas D. Hodson
Faculty Publications
Safety is a simple concept but an abstract task, specifically with aircraft. One critical safety system, the Traffic Collision Avoidance System II (TCAS), protects against mid-air collisions by predicting the course of other aircraft, determining the possibility of collision, and issuing a resolution advisory for avoidance. Previous research to identify vulnerabilities associated with TCAS’s communication processes discovered that a false injection attack presents the most comprehensive risk to veritable trust in TCAS, allowing for a mid-air collision. This research explores the viability of successfully executing a false injection attack against a target aircraft, triggering a resolution advisory. Monetary constraints precluded …
Enterprise Resource Allocation For Intruder Detection And Interception, Adam B. Haywood
Enterprise Resource Allocation For Intruder Detection And Interception, Adam B. Haywood
Theses and Dissertations
This research considers the problem of an intruder attempting to traverse a defender's territory in which the defender locates and employs disparate sets of resources to lower the probability of a successful intrusion. The research is conducted in the form of three related research components. The first component examines the problem in which the defender subdivides their territory into spatial stages and knows the plan of intrusion. Alternative resource-probability modeling techniques as well as variable bounding techniques are examined to improve the convergence of global solvers for this nonlinear, nonconvex optimization problem. The second component studies a similar problem but …
Infiniband Network Monitoring: Challenges And Possibilities, Kyle D. Hintze
Infiniband Network Monitoring: Challenges And Possibilities, Kyle D. Hintze
Theses and Dissertations
Within the realm of High Performance Computing, the InfiniBand Architecture is among the leading interconnects used today. Capable of providing high bandwidth and low latency, InfiniBand is finding applications outside the High Performance Computing domain. One of these is critical infrastructure, encompassing almost all essential sectors as the work force becomes more connected. InfiniBand is not immune to security risks, as prior research has shown that common traffic analyzing tools cannot effectively monitor InfiniBand traffic transmitted between hosts, due to the kernel bypass nature of the IBA in conjunction with Remote Direct Memory Access operations. If Remote Direct Memory Access …
Remote Monitoring Of Memory Data Structures For Malware Detection In A Talos Ii Architecture, Robert A. Willburn
Remote Monitoring Of Memory Data Structures For Malware Detection In A Talos Ii Architecture, Robert A. Willburn
Theses and Dissertations
New forms of malware, namely xC;leless malware and rootkits, pose a threat to traditional anti-malware. In particular, Rootkits have the capacity to obscure the present state of memory from the user space of a target machine. If thishappens, anti-malware running in the user space of an axB;ected machine cannot be trusted to operate properly. To combat this threat, this research proposes the remote monitoring of memory from a second, secure processor runningOpenBMC, serving as a baseboard management controller for a POWER9 processor, which is assumed vulnerable to exploitation. The baseboard management controller includes an application called pdbg, used for debugging …
Developing A Serious Game To Explore Joint All Domain Command And Control, Nathaniel W. Flack
Developing A Serious Game To Explore Joint All Domain Command And Control, Nathaniel W. Flack
Theses and Dissertations
Changes in the geopolitical landscape and increasing technological complexity have prompted the U.S. Military to coin Multi-Domain Operations (MDO) and Joint All-Domain Command and Control as terms to describe an over-arching strategy that frames the complexity of warfare across both traditional and emerging warfighting domains. Teaching new and advanced concepts associated with these terms requires both innovation as well as distinct education and training tools in order to realize the cultural change advocated by senior military leaders. BSN, a Collectible Card Game, was developed to teach concepts integral to MDO and initiate discussion on military strategy.
Near Real-Time Zigbee Device Discrimination Using Cb-Dna Features, Yousuke Z. Matsui
Near Real-Time Zigbee Device Discrimination Using Cb-Dna Features, Yousuke Z. Matsui
Theses and Dissertations
Currently, Low-Rate Wireless Personal Area Networks (LR-WPAN) based on the Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 standard are at risk due to open-source tools which allow bad actors to exploit unauthorized network access through various cyberattacks by falsifying bit-level credentials. This research investigates implementing a Radio Frequency (RF) air monitor to perform Near RealTime (NRT) discrimination of Zigbee devices using the IEEE 802.15.4 standard. The air monitor employed a Multiple Discriminant Analysis/Euclidean Distance classifier to discriminate Zigbee devices based upon Constellation-Based Distinct Native Attribute (CB-DNA) fingerprints. Through the use of CB-DNA fingerprints, Physical Layer (PHY) characteristics unique to …
Interoperable Ads-B Confidentiality, Brandon C. Burfeind
Interoperable Ads-B Confidentiality, Brandon C. Burfeind
Theses and Dissertations
The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …
Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit
Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit
Theses and Dissertations
The commercial-off-the-shelf small Unmanned Aerial Vehicle (UAV) market is expanding rapidly in response to interest from hobbyists, commercial businesses, and military operators. The core commercial mission set directly relates to many current military requirements and strategies, with a priority on short range, low cost, real time aerial imaging, and limited modular payloads. These small vehicles present small radar cross sections, low heat signatures, and carry a variety of sensors and payloads. As with many new technologies, security seems secondary to the goal of reaching the market as soon as innovation is viable. Research indicates a growth in exploits and vulnerabilities …
Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan
Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan
Theses and Dissertations
Improving and defending our nation's critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT …
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
Theses and Dissertations
Cooperative agent and robot systems are designed so that each is working toward the same common good. The problem is that the software systems are extremely complex and can be subverted by an adversary to either break the system or potentially worse, create sneaky agents who are willing to cooperate when the stakes are low and take selfish, greedy actions when the rewards rise. This research focuses on the ability of a group of agents to reason about the trustworthiness of each other and make decisions about whether to cooperate. A trust-based interactive partially observable Markov decision process (TI-POMDP) is …
Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano
Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano
Theses and Dissertations
Cyber defense analysts face the challenge of validating machine generated alerts regarding network-based security threats. Operations tempo and systematic manpower issues have increased the importance of these individual analyst decisions, since they typically are not reviewed or changed. Analysts may not always be confident in their decisions. If confidence can be accurately assessed, then analyst decisions made under low confidence can be independently reviewed and analysts can be offered decision assistance or additional training. This work investigates the utility of using neurophysiological and behavioral correlates of decision confidence to train machine learning models to infer confidence in analyst decisions. Electroencephalography …
Cyber-Attack Drone Payload Development And Geolocation Via Directional Antennae, Clint M. Bramlette
Cyber-Attack Drone Payload Development And Geolocation Via Directional Antennae, Clint M. Bramlette
Theses and Dissertations
The increasing capabilities of commercial drones have led to blossoming drone usage in private sector industries ranging from agriculture to mining to cinema. Commercial drones have made amazing improvements in flight time, flight distance, and payload weight. These same features also offer a unique and unprecedented commodity for wireless hackers -- the ability to gain ‘physical’ proximity to a target without personally having to be anywhere near it. This capability is called Remote Physical Proximity (RPP). By their nature, wireless devices are largely susceptible to sniffing and injection attacks, but only if the attacker can interact with the device via …
Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin
Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin
Theses and Dissertations
The United States Air Force and Department of Defense continues to rely on its total workforce to provide the first layer of protection against cyber intrusion. Prior research has shown that the workforce is not adequately educated to perform this task. As a result, DoD cybersecurity strategy now includes attempting to improve education and training on cyber-related concepts and technical skills to all users of DoD networks. This paper describes an experiment designed to understand the broad methods that non-expert users may use to educate themselves on how to perform technical tasks. Preliminary results informed subsequent experiments that directly compared …
A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby
A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby
Theses and Dissertations
Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …
Preserving Privacy In Automotive Tire Pressure Monitoring Systems, Kenneth L. Hacker
Preserving Privacy In Automotive Tire Pressure Monitoring Systems, Kenneth L. Hacker
Theses and Dissertations
The automotive industry is moving towards a more connected ecosystem, with connectivity achieved through multiple wireless systems. However, in the pursuit of these technological advances and to quickly satisfy requirements imposed on manufacturers, the security of these systems is often an afterthought. It has been shown that systems in a standard new automobile that one would not expect to be vulnerable can be exploited for a variety of harmful effects. This thesis considers a seemingly benign, but government mandated, safety feature of modern vehicles; the Tire Pressure Monitoring System (TPMS). Typical implementations have no security-oriented features, leaking data that can …
Passive Radiolocation Of Ieee 802.11 Emitters Using Directional Antennae, Bradford E. Law
Passive Radiolocation Of Ieee 802.11 Emitters Using Directional Antennae, Bradford E. Law
Theses and Dissertations
Low-cost commodity hardware and cheaper, more capable consumer-grade drones make the threat of home-made, inexpensive drone-mounted wireless attack platforms (DWAPs) greater than ever. Fences and physical security do little to impede a drone from approaching private, commercial, or government wireless access points (WAPs) and conducting wireless attacks. At the same time, unmanned aerial vehicles (UAVs) present a valuable tool for network defenders conducting site surveys and emulating threats. These platforms present near-term dangers and opportunities for corporations and governments. Despite the vast leaps in technology these capabilities represent, UAVs are noisy and consequently difficult to conceal as they approach a …
Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman
Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman
Theses and Dissertations
As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause …
Assured Android Execution Environments, Brandon P. Froberg
Assured Android Execution Environments, Brandon P. Froberg
Theses and Dissertations
Current cybersecurity best practices, techniques, tactics and procedures are insufficient to ensure the protection of Android systems. Software tools leveraging formal methods use mathematical means to assure both a design and implementation for a system and these methods can be used to provide security assurances. The goal of this research is to determine methods of assuring isolation when executing Android software in a contained environment. Specifically, this research demonstrates security properties relevant to Android software containers can be formally captured and validated, and that an implementation can be formally verified to satisfy a corresponding specification. A three-stage methodology called "The …
Securing Critical Infrastructure: A Ransomware Study, Blaine M. Jeffries
Securing Critical Infrastructure: A Ransomware Study, Blaine M. Jeffries
Theses and Dissertations
This thesis reviews traditional ransomware attack trends in order to present a taxonomy for ransomware targeting industrial control systems. After reviewing a critical infrastructure ransomware attack methodology, a corresponding response and recovery plan is described. The plan emphasizes security through redundancy, specifically the incorporation of standby programmable logic controllers. This thesis goes on to describe a set of experiments conducted to test the viability of defending against a specialized ransomware attack with a redundant controller network. Results support that specific redundancy schemes are effective in recovering from a successful attack. Further experimentation is conducted to test the feasibility of industrial …
Variable Speed Simulation For Accelerated Industrial Control System Cyber Training, Luke M. Bradford
Variable Speed Simulation For Accelerated Industrial Control System Cyber Training, Luke M. Bradford
Theses and Dissertations
It is important for industrial control system operators to receive quality training to defend against cyber attacks. Hands-on training exercises with real-world control systems allow operators to learn various defensive techniques and see the real-world impact of changes made to a control system. Cyber attacks and operator actions can have unforeseen effects that take a significant amount of time to manifest and potentially cause physical harm to the system, making high-fidelity training exercises time-consuming and costly. This thesis presents a method for accelerating training exercises by simulating and predicting the effects of a cyber event on a partially-simulated control system. …
Securing Data In Transit Using Two Channel Communication, Clark L. Wolfe
Securing Data In Transit Using Two Channel Communication, Clark L. Wolfe
Theses and Dissertations
Securing data in transit is critically important to the Department of Defense in todays contested environments. While encryption is often the preferred method to provide security, there exist applications for which encryption is too resource intensive, not cost-effective or simply not available. In this thesis, a two-channel communication system is proposed in which the message being sent can be intelligently and dynamically split over two or more channels to provide a measure of data security either when encryption is not available, or perhaps in addition to encryption. This data spiting technique employs multiple wireless channels operating at the physical layer, …
Expected Coverage (Excov): A Proposal To Compare Fuzz Test Coverage Within An Infinite Input Space, Evan V. Swihart
Expected Coverage (Excov): A Proposal To Compare Fuzz Test Coverage Within An Infinite Input Space, Evan V. Swihart
Theses and Dissertations
A Fuzz test is an approach used to discover vulnerabilities by intentionally sending invalid inputs to a system for the purpose of triggering some type of fault or unintended effect that renders the system vulnerable to an exploit. Fuzz testing is an important cyber-testing technique used to find and fix vulnerabilities before they are exploited. The fuzzing of military data links presents a particular challenge because existing fuzzing tools cannot be easily applied to these systems. As a result, the tools and techniques used to fuzz these links vary widely in sophistication and effectiveness. Because of the infinite, or nearly …
Transferable Multiparty Computation, Michael R. Clark, Kenneth M. Hopkinson
Transferable Multiparty Computation, Michael R. Clark, Kenneth M. Hopkinson
AFIT Patents
A method and apparatus are provided for secure multiparty computation. A set of first parties is selected from a plurality of first parties for computation. Inputs for computation associated with each party in the set of first parties are divided into shares to be sent to other parties in the set of first parties. The computation on the shares is performed by the set of first parties using multiparty computation functions. In response to a trigger event, shares of the set of first parties are transferred to a set of second parties selected from a plurality of second parties. The …
Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion
Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion
Theses and Dissertations
This research proposes AHNSR: Active Host-based Network Security Response by utilizing Host-based Intrusion Detection Systems (HIDS) with Software-Defined Networking (SDN) to enhance system security by allowing dynamic active response and reconstruction from a global network topology perspective. Responses include traffic redirection, host quarantining, filtering, and more. A testable SDN-controlled network is constructed with multiple hosts, OpenFlow enabled switches, and a Floodlight controller, all linked to a custom, novel interface for the Open-Source SECurity (OSSEC) HIDS framework. OSSEC is implemented in a server-agent architecture, allowing scalability and OS independence. System effectiveness is evaluated against the following factors: alert density and a …
Autoprov: An Automated File Provenance Collection Tool, Ryan A. Good
Autoprov: An Automated File Provenance Collection Tool, Ryan A. Good
Theses and Dissertations
A file's provenance is a detailing of its origins and activities. There are tools available that are useful in maintaining the provenance of a file. Unfortunately for digital forensics, these tools require prior installation on the computer of interest while provenance generating events happen. The presented tool addresses this by reconstructing a file's provenance from several temporal artifacts. It identifies relevant temporal and user correlations between these artifacts, and presents them to the user. A variety of predefined use cases and real world data are tested against to demonstrate that this software allows examiners to draw useful conclusions about the …
A Framework For Understanding, Prioritizing, And Applying Systems Security Engineering Processes, Activities, And Tasks, Stephen Khou
A Framework For Understanding, Prioritizing, And Applying Systems Security Engineering Processes, Activities, And Tasks, Stephen Khou
Theses and Dissertations
Current systems security practices lack an effective approach to prioritize and tailor systems security efforts to develop and field secure systems in challenging operational environments, which results in business and mission stakeholders becoming more susceptible to an array of disruptive events. This work informs Systems Engineers on recent developments in the field of system security engineering and provides a framework for more fully understanding the application of Systems Security Engineering (SSE) processes, activities, and tasks as described in the recently released National Institute of Standards and Technology (NIST) Special Publication 800-160. This SSE framework uniquely offers a repeatable and tailorable …
A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley
A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley
Theses and Dissertations
First responders and professionals in hazardous occupations undergo training and evaluations for the purpose of mitigating risk and damage. For example, helicopter pilots train with multiple categorized simulations that increase in complexity before flying a real aircraft. However in the industrial control cyber incident response domain, where incident response professionals help detect, respond and recover from cyber incidents, no official categorization of training environments exist. To address this gap, this thesis provides a categorization of industrial control training environments based on realism. Four levels of environments are proposed and mapped to Blooms Taxonomy. This categorization will help organizations determine which …