Engineering Commons^™

Technology Assessment For Cybersecurity Organizational Readiness: Case Of Airlines Sector And Electronic Payment, Sultan Ayed Alghamdi, Tugrul Daim, Saeed Mohammed Alzahrani

Engineering and Technology Management Faculty Publications and Presentations

Payment processing systems have advanced significantly in the airline business. Because e-payments are easy, they have captured the attention of many companies in the aviation industry and are quickly becoming the dominant means of payment. However, as technology advances, fraud grows at a comparable rate. Over the years, there has been a surge in payment fraud incidents in the airline sector, reducing the platform's trustworthiness. Despite attempts to eliminate epayment fraud, decision-makers lack the technical expertise required to use the finest fraud detection and prevention assessments. This research recognizes the lack of an established decision model as a hurdle and …

Unveiling The Digital Shadows: Cybersecurity And The Art Of Digital Forensics, Derek Beardall

Cyber Operations and Resilience Program Graduate Projects

This paper navigates the symbiotic relationship between cybersecurity and digital forensics, exploring the profound role of digital forensic methodologies in addressing cyber incidents. Beginning with foundational definitions and historical evolution, this study delves into diverse types of methodologies and their applications across law enforcement and cybersecurity domains. The mechanics of cyber incident response illuminates the strategic orchestration of digital forensic methodologies. Amidst triumphs, challenges emerge from the shadows: swift threat evolution, digital ecosystem complexity, standardization gaps, resource limitations, and legal intricacies. Best practices guide experts through this intricate terrain, culminating in an enhanced understanding of the inseparable bond between cybersecurity …

The Rapid Increase Of Ransomware Attacks Over The 21st Century And Mitigation Strategies To Prevent Them From Arising, Sanjay Jacob

Senior Honors Theses

Cyber-attacks have continued to become more common throughout the past century as more people are exposed to the Internet. Every year, various studies, reports, and scholarly research is done to emphasis the rapid increase of attacks. In this honors thesis, the student sought to gather further information about the rise of ransomware attacks, various cyber threats, discuss the psychological manipulation that exist, and provided the reader with an ethical complement of cyber-attacks. Additionally, case studies from previous research have been analyzed and mitigation strategies have been explained to provide the reader with practical application. This research emphasizes in on key …

Perspectives On Design Considerations Inspired By Security And Quantum Technology In Cyberphysical Systems For Process Engineering, Helen Durand, Jihan Abou Halloun, Kip Nieman, Keshav Kasturi Rangan

Chemical Engineering and Materials Science Faculty Research Publications

Advances in computer science have been a driving force for change in process systems engineering for decades. Faster computers, expanded computing resources, simulation software, and improved optimization algorithms have all changed chemical engineers’ abilities to predict, control, and optimize process systems. Two newer areas relevant to computer science that are impacting process systems engineering are cybersecurity and quantum computing. This work reviews some of our group’s recent work in control-theoretic approaches to control system cybersecurity and touches upon the use of quantum computers, with perspectives on the relationships between process design and control when cybersecurity and quantum technologies are of …

An Empirical Study Of Pre-Trained Model Reuse In The Hugging Face Deep Learning Model Registry, Wenxin Jiang, Nicholas Synovic, Matt Hyatt, Taylor R. Schorlemmer, Rohan Sethi, Yung-Hsiang Lu, George K. Thiruvathukal, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Deep Neural Networks (DNNs) are being adopted as components in software systems. Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the-art architectures grow more complex. Following the path of traditional software engineering, machine learning engineers have begun to reuse large-scale pre-trained models (PTMs) and fine-tune these models for downstream tasks. Prior works have studied reuse practices for traditional software packages to guide software engineers towards better package maintenance and dependency management. We lack a similar foundation of knowledge to guide behaviors in pre-trained model ecosystems.

In this work, we present the first empirical investigation of PTM reuse. …

Robustness Of Image-Based Malware Classification Models Trained With Generative Adversarial Networks, Ciaran Reilly, Stephen O Shaughnessy, Christina Thorpe

Conference papers

As malware continues to evolve, deep learning models are increasingly used for malware detection and classification, including image based classification. However, adversarial attacks can be used to perturb images so as to evade detection by these models. This study investigates the effectiveness of training deep learning models with Generative Adversarial Network-generated data to improve their robustness against such attacks. Two image conversion methods, byte plot and space-filling curves, were used to represent the malware samples, and a ResNet-50 architecture was used to train models on the image datasets. The models were then tested against a projected gradient descent attack. It …

Ict Security Tools And Techniques Among Higher Education Institutions: A Critical Review, Miko Nuñez, Xavier-Lewis Palmer, Lucas Potter, Chris Jordan Aliac, Lemuel Clark Velasco

Electrical & Computer Engineering Faculty Publications

Higher education institutions (HEIs) are increasingly relying on digital technologies for classroom and organizational management, but this puts them at higher risk for information and communication (ICT security attacks. Recent studies show that HEIs have experienced more security breaches in ICT security composed of both cybersecurity an information security. A literature review was conducted to identify common ICT security practices in HEIs over the last decade. 11 journal articles were profiled and analyzed, revealing threats to HEIs’ security and protective measures in terms of organizational security, technological security, physical security, and standards and frameworks. Security tools and techniques were grouped …

Implications Of Cyberbiosecurity In Advanced Agriculture, Simone Stephen, Keitavius Alexander, Lucas Potter, Xavier-Lewis Palmer

Electrical & Computer Engineering Faculty Publications

The world is currently undergoing a rapid digital transformation sometimes referred to as the fourth industrial revolution. During this transformation, it is increasingly clear that many scientific fields are not prepared for this change. One specific area is agriculture. As the sector which creates global food supply, this critical infrastructure requires detailed assessment and research via newly developed technologies (Millett et al, 2019; Peccoud et al, 2018) . Despite its fundamental significance to modern civilization, many aspects of industrial agriculture have not yet adapted to the digital world. This is evident in the many vulnerabilities currently present within agricultural systems, …

Robustembed: Robust Sentence Embeddings Using Self-Supervised Contrastive Pre-Training, Javad Asl, Eduardo Blanco, Daniel Takabi

School of Cybersecurity Faculty Publications

Pre-trained language models (PLMs) have demonstrated their exceptional performance across a wide range of natural language processing tasks. The utilization of PLM-based sentence embeddings enables the generation of contextual representations that capture rich semantic information. However, despite their success with unseen samples, current PLM-based representations suffer from poor robustness in adversarial scenarios. In this paper, we propose RobustEmbed, a self-supervised sentence embedding framework that enhances both generalization and robustness in various text representation tasks and against diverse adversarial attacks. By generating high-risk adversarial perturbations to promote higher invariance in the embedding space and leveraging the perturbation within a novel contrastive …

Cybersecurity And Digital Privacy Aspects Of V2x In The Ev Charging Structure, Umit Cali, Murat Kuzlu, Onur Elma, Osman Gazi Gucluturk, Ahmet Kilic, Ferhat Ozgur Catak

Engineering Technology Faculty Publications

With the advancement of green energy technology and rising public and political acceptance, electric vehicles (EVs) have grown in popularity. Electric motors, batteries, and charging systems are considered major components of EVs. The electric power infrastructure has been designed to accommodate the needs of EVs, with an emphasis on bidirectional power flow to facilitate power exchange. Furthermore, the communication infrastructure has been enhanced to enable cars to communicate and exchange information with one another, also known as Vehicle-to-Everything (V2X) technology. V2X is positioned to become a bigger and smarter system in the future of transportation, thanks to upcoming digital technologies …

Commentary On Healthcare And Disruptive Innovation, Hilary Finch, Affia Abasi-Amefon, Woosub Jung, Lucas Potter, Xavier-Lewis Palmer

Electrical & Computer Engineering Faculty Publications

Exploits of technology have been an issue in healthcare for many years. Many hospital systems have a problem with “disruptive innovation” when introducing new technology. Disruptive innovation is “an innovation that creates a new market by applying a different set of values, which ultimately overtakes an existing market” (Sensmeier, 2012). Modern healthcare systems are historically slow to accept new technological advancements. This may be because patient-based, provider-based, or industry-wide decisions are tough to implement, giving way to dire consequences. One potential consequence is that healthcare providers may not be able to provide the best possible care to patients. For example, …

Biocybersecurity And Deterrence: Hypothetical Rwandan Considerations, Issah Samori, Gbadebo Odularu, Lucas Potter, Xavier-Lewis Palmer

Community & Environmental Health Faculty Publications

Digitalization and sustainability are popular words within modern disciplines as practitioners each look toward the future of their respective fields. Specifically for the African continent, which is making great strides in developmental targets, those two terms are central to core aspects of policy initiatives that may foster cooperation across its varied lands and nations. One of the underlying challenges that confront Africa is a lack of strong regional integration across socioeconomic and political programs; there is value in African regions having more regional connectedness. We assess the rate of regional integration and development in Africa and discuss how to alleviate …

A Retrospective On 2022 Cyber Incidents In The Wind Energy Sector And Building Future Cyber Resilience, Megan Egan

Cyber Operations and Resilience Program Graduate Projects

Between February and June 2022, multiple wind energy sector companies were hit by cyber-attacks impacting their ability to monitor and control wind turbines. With projected growth in the United States of 110.66 GW from 2020 to 2030, wind energy will increasingly be a critical source of electricity for the United States and an increasingly valuable target for cyberattacks. This paper shows the importance of redundant remote communications, secure third-party providers, and improving response and recovery processes that would ensure this growth period fulfills its potential as a unique opportunity to build in cyber resilience from the outset of new installations …

Cybersecurity Of Agricultural Machinery: Exploring Cybersecurity Risks And Solutions For Secure Agricultural Machines, Mark Freyhof

Department of Agricultural and Biological Systems Engineering: Dissertations, Theses, and Student Research

Modern agriculture is reliant on agricultural machinery for the production of food, fuel, and other agricultural products. The need for producing large quantities of quality agricultural products while sustainably stewarding environmental resources has led to the integration of numerous digital technologies into modern agricultural machinery, such as the CAN bus and telematic control units (Liu et al., 2021). An unintended drawback of these integrated digital technologies is the opportunity for these components to become cyberattack vectors. Cyberattack instances have increasingly targeted critical infrastructures, with numerous reports from agencies such as the Federal Bureau of Investigation (FBI) and Department of Homeland …

A Novel Testbed For Evaluation Of Operational Technology Communications Protocols And Their On-Device Implementations, Matthew Boeding

Department of Electrical and Computer Engineering: Dissertations, Theses, and Student Research

Operational Technology (OT) and Infrastructure Technology (IT) systems are converging with the rapid addition of centralized remote management in OT systems. Previously air-gapped systems are now interconnected through the internet with application-specific protocols. This has led to systems that had limited access points being remotely accessible. In different OT sectors, legacy protocols previously transmitted over serial communication were updated to allow internet communication with legacy devices. New protocols such as IEC-61850 were also introduced for monitoring of different OT resources. The IEC-61850 standard’s Generic Object Oriented Substation Event (GOOSE) protocol outlines the representation and communication of a variety of different …

Actuator Cyberattack Handling Using Lyapunov-Based Economic Model Predictive Control, Keshav Kasturi Rangan, Henrique Oyama, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity has gained increasing interest as a consequence of the potential impacts of cyberattacks on profits and safety. While attacks can affect various components of a plant, prior work from our group has focused on the impact of cyberattacks on control components such as process sensors and actuators and the development of detection strategies for cybersecurity derived from control theory. In this work, we provide greater focus on actuator attacks; specifically, we extend a detection and control strategy previously applied for sensor attacks and based on an optimization-based control technique called Lyapunov-based economic model predictive control (LEMPC) to detect attacks …

Quantum Computing And Resilient Design Perspectives For Cybersecurity Of Feedback Systems, Keshav Kasturi Rangan, Jihan Abou Halloun, Henrique Oyama, Samantha Cherney, Ilham Azali Assoumani, Nazir Jairazbhoy, Helen Durand, Simon Ka Ng

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity of control systems is an important issue in next-generation manufac- turing that can impact both operational objectives (safety and performance) as well as process designs (via hazard analysis). Cyberattacks differ from faults in that they can be coordinated efforts to exploit system vulnerabilities to create otherwise unlikely hazard scenarios. Because coordination and targeted process manipulation can be characteristics of attacks, some of the tactics previously analyzed in our group from a control system cybersecurity perspective have incorporated randomness to attempt to thwart attacks. The underlying assumption for the generation of this randomness has been that it can be achieved …

Quantum Computing And Resilient Design Perspectives For Cybersecurity Of Feedback Systems, Keshav Kasturi Rangan, Jihan Abou Halloun, Henrique Oyama, Samantha Cherney, Ilham Azali Assoumani, Nazir Jairazbhoy, Helen Durand, Simon Ka Ng

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity of control systems is an important issue in next-generation manufac- turing that can impact both operational objectives (safety and performance) as well as process designs (via hazard analysis). Cyberattacks differ from faults in that they can be coordinated efforts to exploit system vulnerabilities to create otherwise unlikely hazard scenarios. Because coordination and targeted process manipulation can be characteristics of attacks, some of the tactics previously analyzed in our group from a control system cybersecurity perspective have incorporated randomness to attempt to thwart attacks. The underlying assumption for the generation of this randomness has been that it can be achieved …

Towards A Cybersecurity Testbed For Agricultural Vehicles And Environments, Mark Freyhof, George Grispos, Santosh Pitla, Cody Stolle

Biological Systems Engineering: Papers and Publications

In today’s modern farm, an increasing number of agricultural systems and vehicles are connected to the Internet. While the benefits of networked agricultural machinery are attractive, this technological shift is also creating an environment that is conducive to cyberattacks. While previous research has focused on general cybersecurity concerns in the farming and agricultural industries, minimal research has focused on techniques for identifying security vulnerabilities within actual agricultural systems that could be exploited by cybercriminals. Hence, this paper presents STAVE – a Security Testbed for Agricultural Vehicles and Environments – as a potential solution to assist with the identification of cybersecurity …

Ransomware Incident Preparations With Ethical Considerations And Command System Framework Proposal, Stanley Mierzwa, James Drylie, Dennis Bogdan

Center for Cybersecurity

Concerns with cyber-attacks in the form of ransomware are on the mind of many executives and leadership staff in all industries. Inaction is not an option, and approaching the topic with real, honest, and hard discussions will be valuable ahead of such a possible devastating experience. This research note aims to bring thoughtfulness to the topics of ethics in the role of cybersecurity when dealing with ransomware events. Additionally, a proposed set of non-technical recovery preparation tasks are outlined to help organizations bring about cohesiveness and planning for dealing with the real potential of a ransomware event. Constraints from many …

Assessing Security Risks With The Internet Of Things, Faith Mosemann

Senior Honors Theses

For my honors thesis I have decided to study the security risks associated with the Internet of Things (IoT) and possible ways to secure them. I will focus on how corporate, and individuals use IoT devices and the security risks that come with their implementation. In my research, I found out that IoT gadgets tend to go unnoticed as a checkpoint for vulnerability. For example, often personal IoT devices tend to have the default username and password issued from the factory that a hacker could easily find through Google. IoT devices need security just as much as computers or servers …

Detecting Iot Attacks Using An Ensemble Machine Learning Model, Vikas Tomar, Sachin Sharma

Articles

Malicious attacks are becoming more prevalent due to the growing use of Internet of Things (IoT) devices in homes, offices, transportation, healthcare, and other locations. By incorporating fog computing into IoT, attacks can be detected in a short amount of time, as the distance between IoT devices and fog devices is smaller than the distance between IoT devices and the cloud. Machine learning is frequently used for the detection of attacks due to the huge amount of data available from IoT devices. However, the problem is that fog devices may not have enough resources, such as processing power and memory, …

C2 Microservices Api: Ch4rl3sch4l3m4gn3, Thai H. Nguyễn

School of Computer Science & Engineering Undergraduate Publications

In the 21^st century, cyber-based attackers such as advance persistent threats are leveraging bots in the form of botnets to conduct a plethora of cyber-attacks. While there are several social engineering techniques used to get targets to unknowingly download these bots, it is the command-and-control techniques advance persistent threats use to control their bots that is of critical interest to the author. In this research paper, the author aims to develop a command-and-control microservice application programming interface infrastructure to facilitate botnet command-and-control attack simulations. To achieve this the author will develop a simple bot skeletal framework, utilize the latest …

Digital Educational Modules Development For The Career And Technical Cybersecurity Pathways During The Covid-19 Pandemic, Vukica Jovanović, Murat Kuzlu, Otilia Popescu, Petros Katsioloudis, Linda Vahala, Michael Wu, Deborah Marshall, Michael Crespo, Mary Addison

Engineering Technology Faculty Publications

Virtual learning has been used now for several decades, but it has never had a bigger impact on student learning than in the era of the COVID-19 pandemic. Universities and schools faced shutdowns all around the world, and teachers had to adapt rapidly to online mode of instruction. Many educators were faced with a triage approach with no previous experience in distance learning, a lack of resources for professional development, and already existing shortages of current educational modules that could assist them in their day-to-day jobs. This gap was especially evident in areas such as career and technical education (CTE) …

Cybert: Cybersecurity Claim Classification By Fine-Tuning The Bert Language Model, Kimia Ameri, Michael Hempel, Hamid Sharif, Juan Lopez Jr., Kalyan Perumalla

Department of Electrical and Computer Engineering: Faculty Publications

We introduce CyBERT, a cybersecurity feature claims classifier based on bidirectional encoder representations from transformers and a key component in our semi-automated cybersecurity vetting for industrial control systems (ICS). To train CyBERT, we created a corpus of labeled sequences from ICS device documentation collected across a wide range of vendors and devices. This corpus provides the foundation for fine-tuning BERT’s language model, including a prediction-guided relabeling process. We propose an approach to obtain optimal hyperparameters, including the learning rate, the number of dense layers, and their configuration, to increase the accuracy of our classifier. Fine-tuning all hyperparameters of the resulting …

Third Party Risk Management And Cyber Supply Chain Risk Management, Jerald Garner

Operations Management Presentations

Today’s business environment continues to be a challenge. Businesses whether small, or large leverage third-party vendors to provide critical services like data handling (security, transmitting, and storage), cloud storage/applications, and systems security monitoring.

Each business must ask themselves a few simple questions about one of their most valuable assets “Data”. If or when it leaves your secure working environment:

• How secure is your customer data in transit and storage?
• Do your third-party vendors handle your “critical information”?
  • Provide a secure environment for processing?
  • Comply with a proven Cyber Security Framework?
  • Perform a “Due Diligence” on-boarding step for the Nth vendors …

Another Brick In The Wall: An Exploratory Analysis Of Digital Forensics Programs In The United States, Syria Mccullough, Stella Abudu, Ebere Onwubuariri, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

We present a comprehensive review of digital forensics programs offered by universities across the United States (U.S.). While numerous studies on digital forensics standards and curriculum exist, few, if any, have examined digital forensics courses offered across the nation. Since digital forensics courses vary from university to university, online course catalogs for academic institutions were evaluated to curate a dataset. Universities were selected based on online searches, similar to those that would be made by prospective students. Ninety-seven (n = 97) degree programs in the U.S. were evaluated. Overall, results showed that advanced technical courses are missing from curricula. We …

Implications Between Uav And Atm Systems In Commercial Airspace Incorporation, Linda Vee Weiland

Publications

The integration of sUAS in commercial airspace is complicated and faces many challenges to ensure a safe and secure incorporation into the National Airspace System (NAS). This research analyzes the interconnectedness between the air traffic controller and the sUAS through HF implications when sUAS enter the NAS. To mitigate negative consequences in the integration, it examined the human performance of the controllers, the sUAS operators, commercial pilots, and the equipment. This study used a quantitative research approach from both the Software Hardware Environment, Liveware, and Liveware (SHELL), and the Swiss Cheese models (SCM) for analysis of UAS sightings that are …

Network Intrusion Detection System Using Deep Learning, Lirim Ashiku, Cihan H. Dagli

Engineering Management and Systems Engineering Faculty Research & Creative Works

The widespread use of interconnectivity and interoperability of computing systems have become an indispensable necessity to enhance our daily activities. Simultaneously, it opens a path to exploitable vulnerabilities that go well beyond human control capability. The vulnerabilities deem cyber-security mechanisms essential to assume communication exchange. Secure communication requires security measures to combat the threats and needs advancements to security measures that counter evolving security threats. This paper proposes the use of deep learning architectures to develop an adaptive and resilient network intrusion detection system (IDS) to detect and classify network attacks. The emphasis is how deep learning or deep neural …

Class-Incremental Learning For Wireless Device Identification In Iot, Yongxin Liu, Jian Wang, Jianqiang Li, Shuteng Niu, Houbing Song

Publications

Deep Learning (DL) has been utilized pervasively in the Internet of Things (IoT). One typical application of DL in IoT is device identification from wireless signals, namely Noncryptographic Device Identification (NDI). However, learning components in NDI systems have to evolve to adapt to operational variations, such a paradigm is termed as Incremental Learning (IL). Various IL algorithms have been proposed and many of them require dedicated space to store the increasing amount of historical data, and therefore, they are not suitable for IoT or mobile applications. However, conventional IL schemes can not provide satisfying performance when historical data are not …