Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 21 of 21
Full-Text Articles in Engineering
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
Theses and Dissertations
Cooperative agent and robot systems are designed so that each is working toward the same common good. The problem is that the software systems are extremely complex and can be subverted by an adversary to either break the system or potentially worse, create sneaky agents who are willing to cooperate when the stakes are low and take selfish, greedy actions when the rewards rise. This research focuses on the ability of a group of agents to reason about the trustworthiness of each other and make decisions about whether to cooperate. A trust-based interactive partially observable Markov decision process (TI-POMDP) is …
Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard
Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard
Theses and Dissertations
As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged …
Development Of A Methodology For Customizing Insider Threat Auditing On A Linux Operating System, William T. Bai
Development Of A Methodology For Customizing Insider Threat Auditing On A Linux Operating System, William T. Bai
Theses and Dissertations
Insider threats can pose a great risk to organizations and by their very nature are difficult to protect against. Auditing and system logging are capabilities present in most operating systems and can be used for detecting insider activity. However, current auditing methods are typically applied in a haphazard way, if at all, and are not conducive to contributing to an effective insider threat security policy. This research develops a methodology for designing a customized auditing and logging template for a Linux operating system. An intent-based insider threat risk assessment methodology is presented to create use case scenarios tailored to address …
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Theses and Dissertations
Current intrusion detection systems generate a large number of specific alerts, but do not provide actionable information. Many times, these alerts must be analyzed by a network defender, a time consuming and tedious task which can occur hours or days after an attack occurs. Improved understanding of the cyberspace domain can lead to great advancements in Cyberspace situational awareness research and development. This thesis applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding about a host system under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of …
A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly
A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly
Theses and Dissertations
Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity …
Using Covert Means To Establish Cybercraft Command And Control, Bradley D. Sevy
Using Covert Means To Establish Cybercraft Command And Control, Bradley D. Sevy
Theses and Dissertations
With the increase in speed and availability of computers, our nation's computer and information systems are being attacked with increased sophistication. The Air Force Research Laboratory (AFRL) Information Directorate (RI) is researching a next generation network defense architecture, called Cybercraft, that provides automated and trusted cyber defense capabilities for AF network assets. This research we consider the issues to protect or obfuscate command and control aspects of Cybercraft. In particular, we present a methodology to hide aspects of Cybercraft platform initialization in context to formation of hierarchical, peer-to-peer groups that collectively form the Cybercraft network. Because malicious code networks (known …
Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland
Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland
Theses and Dissertations
No abstract provided.
Low Probability Of Intercept Waveforms Via Intersymbol Dither Performance Under Multipath Conditions, Jonathan K. Keen
Low Probability Of Intercept Waveforms Via Intersymbol Dither Performance Under Multipath Conditions, Jonathan K. Keen
Theses and Dissertations
This thesis examines the effects of multipath interference on Low Probability of Intercept (LPI) waveforms generated using intersymbol dither. LPI waveforms are designed to be difficult for non-cooperative receivers to detect and manipulate, and have many uses in secure communications applications. In prior research, such a waveform was designed using a dither algorithm to vary the time between the transmission of data symbols in a communication system. This work showed that such a method can be used to frustrate attempts to use non-cooperative receiver algorithms to recover the data. This thesis expands on prior work by examining the effects of …
Numerical Analysis For Relevant Features In Intrusion Detection (Narfid), Jose Andres Gonzalez
Numerical Analysis For Relevant Features In Intrusion Detection (Narfid), Jose Andres Gonzalez
Theses and Dissertations
Identification of cyber attacks and network services is a robust field of study in the machine learning community. Less effort has been focused on understanding the domain space of real network data in identifying important features for cyber attack and network service classification. Motivations for such work allow for anomaly detection systems with less requirements on data “sniffed” off the network, extraction of features from the traffic, reduced learning time of algorithms, and ideally increased classification performance of anomalous behavior. This thesis evaluates the usefulness of a good feature subset for the general classification task of identifying cyber attacks and …
Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel
Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel
Theses and Dissertations
This thesis examines techniques to automate configuration of an intrusion detection system utilizing hardware-assisted virtualization. These techniques are used to detect the version of a running guest operating system, automatically configure version-specific operating system information needed by the introspection library, and to locate and monitor important operating system data structures. This research simplifies introspection library configuration and is a step toward operating system independent introspection. An operating system detection algorithm and Windows virtual machine system service dispatch table monitor are implemented using the Xen hypervisor and a modified version of the XenAccess library. All detection and monitoring is implemented from …
An Fpga-Based System For Tracking Digital Information Transmitted Via Peer-To-Peer Protocols, Karl R. Schrader
An Fpga-Based System For Tracking Digital Information Transmitted Via Peer-To-Peer Protocols, Karl R. Schrader
Theses and Dissertations
This thesis addresses the problem of identifying and tracking digital information that is shared using peer-to-peer file transfer and Voice over IP (VoIP) protocols. The goal of the research is to develop a system for detecting and tracking the illicit dissemination of sensitive government information using file sharing applications within a target network, and tracking terrorist cells or criminal organizations that are covertly communicating using VoIP applications. A digital forensic tool is developed using an FPGA-based embedded software application. The tool is designed to process file transfers using the BitTorrent peer-to-peer protocol and VoIP phone calls made using the Session …
An Analysis Of Botnet Vulnerabilities, Sean W. Hudson
An Analysis Of Botnet Vulnerabilities, Sean W. Hudson
Theses and Dissertations
Botnets are a significant threat to computer networks and data stored on networked computers. The ability to inhibit communication between servers controlling the botnet and individual hosts would be an effective countermeasure. The objective of this research was to find vulnerabilities in Unreal IRCd that could be used to shut down the server. Analysis revealed that Unreal IRCd is a very mature and stable IRC server and no significant vulnerabilities were found. While this research does not eliminate the possibility that a critical vulnerability is present in the Unreal IRCd software, none were identified during this effort.
Digital Signal Processing Leveraged For Intrusion Detection, Theodore J. Erickson
Digital Signal Processing Leveraged For Intrusion Detection, Theodore J. Erickson
Theses and Dissertations
This thesis describes the development and evaluation of a novel system called the Network Attack Characterization Tool (NACT). The NACT employs digital signal processing to detect network intrusions, by exploiting the Lomb-Scargle periodogram method to obtain a spectrum for sampled network traffic. The Lomb-Scargle method for generating a periodogram allows for the processing of unevenly sampled network data. This method for determining a periodogram has not yet been used for intrusion detection. The spectrum is examined to determine if features exist above a significance level chosen by the user. These features are considered an attack, triggering an alarm. Two traffic …
Internet Protocol Geolocation: Development Of A Delay-Based Hybrid Methodology For Locating The Geographic Location Of A Network Node, John M. Roehl
Internet Protocol Geolocation: Development Of A Delay-Based Hybrid Methodology For Locating The Geographic Location Of A Network Node, John M. Roehl
Theses and Dissertations
Internet Protocol Geolocation (IP Geolocation), the process of determining the approximate geographic location of an IP addressable node, has proven useful in a wide variety of commercial applications. Commercial applications of IP Geolocation include market research, redirection for performance enhancement, restricting content, and combating fraud. The potential for military applications include securing remote access via geographic authentication, intelligence collection, and cyber attack attribution. IP Geolocation methods can be divided into three basic categories based upon what information is used to determine the geographic location of the given IP address: 1) Information contained in databases, 2) information that is leaked during …
Hardware Virtualization Applied To Rootkit Defense, Douglas P. Medley
Hardware Virtualization Applied To Rootkit Defense, Douglas P. Medley
Theses and Dissertations
This research effort examines the idea of applying virtualization hardware to enhance operating system security against rootkits. Rootkits are sets of tools used to hide code and/or functionality from the user and operating system. Rootkits can accomplish this feat through using access to one part of an operating system to change another part that resides at the same privilege level. Hardware assisted virtualization (HAV) provides an opportunity to defeat this tactic through the introduction of a new operating mode. Created to aid operating system virtualization, HAV provides hardware support for managing and saving multiple states of the processor. This hardware …
Beyond Passswords: Usage And Policy Transformation, Alan S. Alsop
Beyond Passswords: Usage And Policy Transformation, Alan S. Alsop
Theses and Dissertations
The purpose of this research is to determine whether the transition to a two-factor authentication system is more secure than a system that relied only on what users “know” for authentication. While we found that factors that made passwords inherently vulnerable did not transfer to the PIN portion of a two-factor authentication system, we did find significant problems relating to usability, worker productivity, and the loss and theft of smart cards. The new authentication method has disrupted our ability to stay connected to ongoing mission issues, forced some installations to cut off remote access for their users and in one …
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Theses and Dissertations
Insider threat is rapidly becoming the largest information security problem that organizations face. With large numbers of personnel having access to internal systems, it is becoming increasingly difficult to protect organizations from malicious insiders. The typical methods of mitigating insider threat are simply not working, primarily because this threat is a people problem, and most mitigation strategies are geared towards profiling and anomaly detection, which are problematic at best. As a result, a new type of model is proposed in this thesis, one that incorporates risk management with human behavioral science. The new risk-based model focuses on observable influences that …
Formal Mitigation Strategies For The Insider Threat: A Security Model And Risk Analysis Framework, Jonathan W. Butts
Formal Mitigation Strategies For The Insider Threat: A Security Model And Risk Analysis Framework, Jonathan W. Butts
Theses and Dissertations
The advancement of technology and reliance on information systems have fostered an environment of sharing and trust. The rapid growth and dependence on these systems, however, creates an increased risk associated with the insider threat. The insider threat is one of the most challenging problems facing the security of information systems because the insider already has capabilities within the system. Despite research efforts to prevent and detect insiders, organizations remain susceptible to this threat because of inadequate security policies and a willingness of some individuals to betray their organization. To investigate these issues, a formal security model and risk analysis …
Passwords: A Survey On Usage And Policy, Kurt W. Martinson
Passwords: A Survey On Usage And Policy, Kurt W. Martinson
Theses and Dissertations
Computer password use is on the rise. Passwords have become one of the primary authentication methods used today. It is because of their high use that organizations have started to place parameters on passwords. Are password restrictions a nuisance? What are some of the consequences that result as organizations place the burden of their computer security on passwords? This thesis analyzes the results of a survey instrument that was used to determine if individuals are using similar techniques or patterns when choosing or remembering their passwords. It also looks at how individuals feel about using passwords. In addition, the authors …
Network Security Versus Network Connectivity: A Framework For Addressing The Issues Facing The Air Force Medical Community, Franklin E. Cunningham Jr.
Network Security Versus Network Connectivity: A Framework For Addressing The Issues Facing The Air Force Medical Community, Franklin E. Cunningham Jr.
Theses and Dissertations
The Air Force has instituted Barrier Reef to protect its networks. The Air Force medical community operates network connections that are incompatible with Barrier Reef. To overcome this problem, OASD(HA) directed the Tri-Service Management Program Office (TIMPO) to develop an architecture that protects all military health systems and allows them to link with all three services and outside partners. This research studied the underlying networking issues and formed a framework based on data from network experts from the Air Force's medical centers and their base network organizations. The findings were compared TIMPO and a composite framework was developed that more …
Analyzing And Improving Stochastic Network Security: A Multicriteria Prescriptive Risk Analysis Model, David L. Lyle
Analyzing And Improving Stochastic Network Security: A Multicriteria Prescriptive Risk Analysis Model, David L. Lyle
Theses and Dissertations
This research optimized two measures of network security by hardening components and improving their reliability. A common measure of effectiveness (MOE) for networks is statistical reliability, which ignores the effects of hostile actions. A new MOE which includes hostile actions was developed. Both measures require component reliability functions, derived using fault trees. Fuzzy Logic and Monte Carlo simulation were used to quantify uncertainty. Results from the model are compared to traditional Risk Assessment results.