Engineering Commons^™

Unveiling The Digital Shadows: Cybersecurity And The Art Of Digital Forensics, Derek Beardall

Cyber Operations and Resilience Program Graduate Projects

This paper navigates the symbiotic relationship between cybersecurity and digital forensics, exploring the profound role of digital forensic methodologies in addressing cyber incidents. Beginning with foundational definitions and historical evolution, this study delves into diverse types of methodologies and their applications across law enforcement and cybersecurity domains. The mechanics of cyber incident response illuminates the strategic orchestration of digital forensic methodologies. Amidst triumphs, challenges emerge from the shadows: swift threat evolution, digital ecosystem complexity, standardization gaps, resource limitations, and legal intricacies. Best practices guide experts through this intricate terrain, culminating in an enhanced understanding of the inseparable bond between cybersecurity …

The Rapid Increase Of Ransomware Attacks Over The 21st Century And Mitigation Strategies To Prevent Them From Arising, Sanjay Jacob

Senior Honors Theses

Cyber-attacks have continued to become more common throughout the past century as more people are exposed to the Internet. Every year, various studies, reports, and scholarly research is done to emphasis the rapid increase of attacks. In this honors thesis, the student sought to gather further information about the rise of ransomware attacks, various cyber threats, discuss the psychological manipulation that exist, and provided the reader with an ethical complement of cyber-attacks. Additionally, case studies from previous research have been analyzed and mitigation strategies have been explained to provide the reader with practical application. This research emphasizes in on key …

Perspectives On Design Considerations Inspired By Security And Quantum Technology In Cyberphysical Systems For Process Engineering, Helen Durand, Jihan Abou Halloun, Kip Nieman, Keshav Kasturi Rangan

Chemical Engineering and Materials Science Faculty Research Publications

Advances in computer science have been a driving force for change in process systems engineering for decades. Faster computers, expanded computing resources, simulation software, and improved optimization algorithms have all changed chemical engineers’ abilities to predict, control, and optimize process systems. Two newer areas relevant to computer science that are impacting process systems engineering are cybersecurity and quantum computing. This work reviews some of our group’s recent work in control-theoretic approaches to control system cybersecurity and touches upon the use of quantum computers, with perspectives on the relationships between process design and control when cybersecurity and quantum technologies are of …

An Empirical Study Of Pre-Trained Model Reuse In The Hugging Face Deep Learning Model Registry, Wenxin Jiang, Nicholas Synovic, Matt Hyatt, Taylor R. Schorlemmer, Rohan Sethi, Yung-Hsiang Lu, George K. Thiruvathukal, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Deep Neural Networks (DNNs) are being adopted as components in software systems. Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the-art architectures grow more complex. Following the path of traditional software engineering, machine learning engineers have begun to reuse large-scale pre-trained models (PTMs) and fine-tune these models for downstream tasks. Prior works have studied reuse practices for traditional software packages to guide software engineers towards better package maintenance and dependency management. We lack a similar foundation of knowledge to guide behaviors in pre-trained model ecosystems.

In this work, we present the first empirical investigation of PTM reuse. …

Robustness Of Image-Based Malware Classification Models Trained With Generative Adversarial Networks, Ciaran Reilly, Stephen O Shaughnessy, Christina Thorpe

Conference papers

As malware continues to evolve, deep learning models are increasingly used for malware detection and classification, including image based classification. However, adversarial attacks can be used to perturb images so as to evade detection by these models. This study investigates the effectiveness of training deep learning models with Generative Adversarial Network-generated data to improve their robustness against such attacks. Two image conversion methods, byte plot and space-filling curves, were used to represent the malware samples, and a ResNet-50 architecture was used to train models on the image datasets. The models were then tested against a projected gradient descent attack. It …

Robustembed: Robust Sentence Embeddings Using Self-Supervised Contrastive Pre-Training, Javad Asl, Eduardo Blanco, Daniel Takabi

School of Cybersecurity Faculty Publications

Pre-trained language models (PLMs) have demonstrated their exceptional performance across a wide range of natural language processing tasks. The utilization of PLM-based sentence embeddings enables the generation of contextual representations that capture rich semantic information. However, despite their success with unseen samples, current PLM-based representations suffer from poor robustness in adversarial scenarios. In this paper, we propose RobustEmbed, a self-supervised sentence embedding framework that enhances both generalization and robustness in various text representation tasks and against diverse adversarial attacks. By generating high-risk adversarial perturbations to promote higher invariance in the embedding space and leveraging the perturbation within a novel contrastive …

A Novel Testbed For Evaluation Of Operational Technology Communications Protocols And Their On-Device Implementations, Matthew Boeding

Department of Electrical and Computer Engineering: Dissertations, Theses, and Student Research

Operational Technology (OT) and Infrastructure Technology (IT) systems are converging with the rapid addition of centralized remote management in OT systems. Previously air-gapped systems are now interconnected through the internet with application-specific protocols. This has led to systems that had limited access points being remotely accessible. In different OT sectors, legacy protocols previously transmitted over serial communication were updated to allow internet communication with legacy devices. New protocols such as IEC-61850 were also introduced for monitoring of different OT resources. The IEC-61850 standard’s Generic Object Oriented Substation Event (GOOSE) protocol outlines the representation and communication of a variety of different …

Quantum Computing And Resilient Design Perspectives For Cybersecurity Of Feedback Systems, Keshav Kasturi Rangan, Jihan Abou Halloun, Henrique Oyama, Samantha Cherney, Ilham Azali Assoumani, Nazir Jairazbhoy, Helen Durand, Simon Ka Ng

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity of control systems is an important issue in next-generation manufac- turing that can impact both operational objectives (safety and performance) as well as process designs (via hazard analysis). Cyberattacks differ from faults in that they can be coordinated efforts to exploit system vulnerabilities to create otherwise unlikely hazard scenarios. Because coordination and targeted process manipulation can be characteristics of attacks, some of the tactics previously analyzed in our group from a control system cybersecurity perspective have incorporated randomness to attempt to thwart attacks. The underlying assumption for the generation of this randomness has been that it can be achieved …

Ransomware Incident Preparations With Ethical Considerations And Command System Framework Proposal, Stanley Mierzwa, James Drylie, Dennis Bogdan

Center for Cybersecurity

Concerns with cyber-attacks in the form of ransomware are on the mind of many executives and leadership staff in all industries. Inaction is not an option, and approaching the topic with real, honest, and hard discussions will be valuable ahead of such a possible devastating experience. This research note aims to bring thoughtfulness to the topics of ethics in the role of cybersecurity when dealing with ransomware events. Additionally, a proposed set of non-technical recovery preparation tasks are outlined to help organizations bring about cohesiveness and planning for dealing with the real potential of a ransomware event. Constraints from many …

Assessing Security Risks With The Internet Of Things, Faith Mosemann

Senior Honors Theses

For my honors thesis I have decided to study the security risks associated with the Internet of Things (IoT) and possible ways to secure them. I will focus on how corporate, and individuals use IoT devices and the security risks that come with their implementation. In my research, I found out that IoT gadgets tend to go unnoticed as a checkpoint for vulnerability. For example, often personal IoT devices tend to have the default username and password issued from the factory that a hacker could easily find through Google. IoT devices need security just as much as computers or servers …

C2 Microservices Api: Ch4rl3sch4l3m4gn3, Thai H. Nguyễn

School of Computer Science & Engineering Undergraduate Publications

In the 21^st century, cyber-based attackers such as advance persistent threats are leveraging bots in the form of botnets to conduct a plethora of cyber-attacks. While there are several social engineering techniques used to get targets to unknowingly download these bots, it is the command-and-control techniques advance persistent threats use to control their bots that is of critical interest to the author. In this research paper, the author aims to develop a command-and-control microservice application programming interface infrastructure to facilitate botnet command-and-control attack simulations. To achieve this the author will develop a simple bot skeletal framework, utilize the latest …

Cybert: Cybersecurity Claim Classification By Fine-Tuning The Bert Language Model, Kimia Ameri, Michael Hempel, Hamid Sharif, Juan Lopez Jr., Kalyan Perumalla

Department of Electrical and Computer Engineering: Faculty Publications

We introduce CyBERT, a cybersecurity feature claims classifier based on bidirectional encoder representations from transformers and a key component in our semi-automated cybersecurity vetting for industrial control systems (ICS). To train CyBERT, we created a corpus of labeled sequences from ICS device documentation collected across a wide range of vendors and devices. This corpus provides the foundation for fine-tuning BERT’s language model, including a prediction-guided relabeling process. We propose an approach to obtain optimal hyperparameters, including the learning rate, the number of dense layers, and their configuration, to increase the accuracy of our classifier. Fine-tuning all hyperparameters of the resulting …

Another Brick In The Wall: An Exploratory Analysis Of Digital Forensics Programs In The United States, Syria Mccullough, Stella Abudu, Ebere Onwubuariri, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

We present a comprehensive review of digital forensics programs offered by universities across the United States (U.S.). While numerous studies on digital forensics standards and curriculum exist, few, if any, have examined digital forensics courses offered across the nation. Since digital forensics courses vary from university to university, online course catalogs for academic institutions were evaluated to curate a dataset. Universities were selected based on online searches, similar to those that would be made by prospective students. Ninety-seven (n = 97) degree programs in the U.S. were evaluated. Overall, results showed that advanced technical courses are missing from curricula. We …

Digital Twin-Based Cooperative Control Techniques For Secure And Intelligent Operation Of Distributed Microgrids, Ahmed Aly Saad Ahmed

FIU Electronic Theses and Dissertations

Networked microgrids play a key role in constructing future active distribution networks for providing the power system with resiliency and reliability against catastrophic physical and cyber incidents. Motivated by the increasing penetration of renewable resources and energy storage systems in the distribution grids, utility companies are encouraged to unleash the capabilities of the distributed microgrid to work as virtual power plants that can support the power systems. The microgrids nature is transforming the grid and their control systems from centralized architecture into distributed architectures. The distributed networked microgrids introduced many benefits to the future smart grids, it created many challenges …

Role Of Artificial Intelligence In The Internet Of Things (Iot) Cybersecurity, Murat Kuzlu, Corinne Fair, Ozgur Guler

Engineering Technology Faculty Publications

In recent years, the use of the Internet of Things (IoT) has increased exponentially, and cybersecurity concerns have increased along with it. On the cutting edge of cybersecurity is Artificial Intelligence (AI), which is used for the development of complex algorithms to protect networks and systems, including IoT systems. However, cyber-attackers have figured out how to exploit AI and have even begun to use adversarial AI in order to carry out cybersecurity attacks. This review paper compiles information from several other surveys and research papers regarding IoT, AI, and attacks with and against AI and explores the relationship between these …

Bibliometric Survey On Zero-Knowledge Proof For Authentication, Adwait Pathak, Tejas Patil, Shubham Pawar, Piyush Raut, Smita Khairnar, Dr. Shilpa Gite

Library Philosophy and Practice (e-journal)

Background: Zero Knowledge Proof is a persuasive cryptographic protocol employed to provide data security by keeping the user's identity, using the services anonymously. Zero Knowledge Proof can be the preferred option to use in multiple circumstances. Instead of using the public key cryptographic protocols, the zero-knowledge proof usage does not expose or leak confidential data or information during the transmission. Zero Knowledge Proof protocols are comparatively lightweight; this results in making it efficient in terms of memory. Zero Knowledge Proof applications can reside in authentication, identity management, cryptocurrency transactions, and many more. Traditional authentication schemes are vulnerable to attacks …

Transdisciplinary Ai Observatory—Retrospective Analyses And Future-Oriented Contradistinctions, Nadisha Marie Aliman, Leon Kester, Roman Yampolskiy

Faculty Scholarship

In the last years, artificial intelligence (AI) safety gained international recognition in the light of heterogeneous safety-critical and ethical issues that risk overshadowing the broad beneficial impacts of AI. In this context, the implementation of AI observatory endeavors represents one key research direction. This paper motivates the need for an inherently transdisciplinary AI observatory approach integrating diverse retrospective and counterfactual views. We delineate aims and limitations while providing hands-on-advice utilizing concrete practical examples. Distinguishing between unintentionally and intentionally triggered AI risks with diverse socio-psycho-technological impacts, we exemplify a retrospective descriptive analysis followed by a retrospective counterfactual risk analysis. Building on …

Research Framework Of Human Factors Interactions With Technical And Security Factors In Cloud Computing, Hongjiang Xu, Sakthi Mahenthiran

Scholarship and Professional Work - Business

There are many advantages to adopt cloud computing, however, some important issues need to be addressed, such as cybersecurity, cost-saving, trust, implementation complexity, and cloud provider’s reliability. This study developed a research framework to study the human factors that interact with technical and cybersecurity factors to affect the cloud-computing provider’s performance from the user’s perspective. Research hypotheses were developed and a survey was conducted to test the hypotheses and validate the research framework.

Zero-Bias Deep Learning For Accurate Identification Of Internet Of Things (Iot) Devices, Yongxin Liu, Houbing Song, Thomas Yang, Jian Wang, Jianqiang Li, Shuteng Niu, Zhong Ming

Publications

The Internet of Things (IoT) provides applications and services that would otherwise not be possible. However, the open nature of IoT makes it vulnerable to cybersecurity threats. Especially, identity spoofing attacks, where an adversary passively listens to the existing radio communications and then mimic the identity of legitimate devices to conduct malicious activities. Existing solutions employ cryptographic signatures to verify the trustworthiness of received information. In prevalent IoT, secret keys for cryptography can potentially be disclosed and disable the verification mechanism. Noncryptographic device verification is needed to ensure trustworthy IoT. In this article, we propose an enhanced deep learning framework …

First Year Students' Experience In A Cyber World Course - An Evaluation, Frank Breitinger, Ryan Tully-Doyle, Kristen Przyborski, Lauren Beck, Ronald S. Harichandran

Electrical & Computer Engineering and Computer Science Faculty Publications

Although cybersecurity is a major present concern, it is not a required subject in University. In response, we developed Cyber World which introduces students to eight highly important cybersecurity topics (primarily taught by none cybersecurity experts). We embedded it into our critical thinking Common Course (core curriculum) which is a team-taught first-year experience required for all students. Cyber World was first taught in Fall 2018 to a cohort of over 150 students from various majors at the University of New Haven. This article presents the evaluation of our Fall taught course. In detail, we compare the performance of Cyber World …

Learning From Digital Failures? The Effectiveness Of Firms’ Divestiture And Management Turnover Responses To Data Breaches, Gui-Deng Say, Gurneeta Vasudeva

Research Collection Lee Kong Chian School Of Business

We examine whether firms learn from digital technology failures in the form of data breach events, based on the effectiveness of their failure responses. We argue that firms experiencing such technological failures interpret them broadly as organizational problems, and undertake unrelated divestitures and top management turnover to achieve better standardization and to remove dysfunctional routines. We test our hypotheses on unrelated subsidiary divestitures and chief technology officer (CTO) turnovers undertaken by 8,760 publicly traded U.S. firms that were at risk of experiencing data breaches in- volving the loss of personally identifiable information during the period 2005–2016. We find that data …

Hardware Security Of The Controller Area Network (Can Bus), David Satagaj

Senior Honors Theses

The CAN bus is a multi-master network messaging protocol that is a standard across the vehicular industry to provide intra-vehicular communications. Electronics Control Units within vehicles use this network to exchange critical information to operate the car. With the advent of the internet nearly three decades ago, and an increasingly inter-connected world, it is vital that the security of the CAN bus be addressed and built up to withstand physical and non-physical intrusions with malicious intent. Specifically, this paper looks at the concept of node identifiers and how they allow the strengths of the CAN bus to shine while also …

Technological Challenges And Innovations In Cybersecurity And Networking Technology Program, Syed R. Zaidi, Ajaz Sana, Aparicio Carranza

Publications and Research

This era is posing a unique challenge to the Cybersecurity and related Engineering Technology areas, stimulated by the multifaceted technological boom expressed in accelerated globalization, digital transformation, the cloud, mobile access apps, and the Internet of Things (IoT)—where more and more devices are connected to the Internet every day. As the use of new Internet-based technologies increase; so does the risk of theft and misuse of sensitive information. This demands the awareness of cyber-criminality and the need for cyber hygiene in corporations, small businesses, and the government. As the need for experienced cybersecurity specialists has skyrocketed in recent years and …

Internet Of Things For Sustainability: Perspectives In Privacy, Cybersecurity, And Future Trends, Abdul Salam

Faculty Publications

In the sustainability IoT, the cybersecurity risks to things, sensors, and monitoring systems are distinct from the conventional networking systems in many aspects. The interaction of sustainability IoT with the physical world phenomena (e.g., weather, climate, water, and oceans) is mostly not found in the modern information technology systems. Accordingly, actuation, the ability of these devices to make changes in real world based on sensing and monitoring, requires special consideration in terms of privacy and security. Moreover, the energy efficiency, safety, power, performance requirements of these device distinguish them from conventional computers systems. In this chapter, the cybersecurity approaches towards …

On The Potential, Feasibility, And Effectiveness Of Chat Bots In Public Health Research Going Forward, Stanley Mierzwa, Samir Souidi, Tammy Allen

Center for Cybersecurity

This paper will discuss whether bots, particularly chat bots, can be useful in public health research and health or pharmacy systems operations. Bots have been discussed for many years; particularly when coupled with artificial intelligence, they offer the opportunity of automating mundane or error-ridden processes and tasks by replacing human involvement. This paper will discuss areas where there are greater advances in the use of bots, as well as areas that may benefit from the use of bots, and will offer practical ways to get started with bot technology. Several popular bot applications and bot development tools along with practical …

Guest Editorial Special Issue On Toward Securing Internet Of Connected Vehicles (Iov) From Virtual Vehicle Hijacking, Yue Cao, Houbing Song, Omprakash Kaiwartya, Sinem Coleri Ergen, Jaime Lloret, Naveed Ahmad

Publications

Today’s vehicles are no longer stand-alone transportation means, due to the advancements on vehicle-tovehicle (V2V) and vehicle-to-infrastructure (V2I) communications enabled to access the Internet via recent technologies in mobile communications, including WiFi, Bluetooth, 4G, and even 5G networks. The Internet of vehicles was aimed toward sustainable developments in transportation by enhancing safety and efficiency. The sensor-enabled intelligent automation of vehicles’ mechanical operations enhances safety in on-road traveling, and cooperative traffic information sharing in vehicular networks improves traveling efficiency.

Survey Results On Adults And Cybersecurity Education, Frank Breitinger, Joseph Ricci, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Cyberattacks and identity theft are common problems nowadays where researchers often say that humans are the weakest link in the security chain. Therefore, this survey focused on analyzing the interest for adults for ‘cyber threat education seminars’, e.g., how to project themselves and their loved ones. Specifically, we asked questions to understand a possible audience, willingness for paying / time commitment, or fields of interest as well as background and previous training experience. The survey was conducted in late 2016 and taken by 233 participants. The results show that many are worried about cyber threats and about their children exploring …

Data Defenders, Madison Claire Cannon

Alumni Publications

No abstract provided.

Cyber Security And Risk Society: Estonian Discourse On Cyber Risk And Security Strategy, Lauren Kook

Copyright, Fair Use, Scholarly Communication, etc.

The main aim of this thesis is to call for a new analysis of cyber security which departs from the traditional security theory. I argue that the cyber domain is inherently different in nature, in that it is lacking in traditional boundaries and is reflexive in nature. Policy-makers are aware of these characteristics, and in turn this awareness changes the way that national cyber security strategy is handled and understood. These changes cannot be adequately understood through traditional understanding of security, as they often are, without missing significant details. Rather, examining these changes through the lens of Ulrich Beck’s risk …

Cybersecurity Curriculum Development Initiatives, Seth Hamman, Kenneth M. Hopkinson

Engineering and Computer Science Faculty Presentations

No abstract provided.