Open Access. Powered by Scholars. Published by Universities.®
- Keyword
Articles 1 - 25 of 25
Full-Text Articles in Engineering
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
Theses and Dissertations
The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. …
Twitter Malware Collection System: An Automated Url Extraction And Examination Platform, Benjamin B. Kuhar
Twitter Malware Collection System: An Automated Url Extraction And Examination Platform, Benjamin B. Kuhar
Theses and Dissertations
As the world becomes more interconnected through various technological services and methods, the threat of malware is increasingly looming overhead. One avenue in particular that is examined in this research is the social networking service Twitter. This research develops the Twitter Malware Collection System (TMCS). This system gathers Uniform Resource Locators (URLs) posted on Twitter and scans them to determine if any are hosting malware. This scanning process is performed by a cluster of Virtual Machines (VMs) running a specified software configuration and the execution prevention system known as ESCAPE, which detects malicious code. When a URL is detected by …
Using Reputation Based Trust To Overcome Malfunctions And Malicious Failures In Electric Power Protection Systems, Jose E. Fadul
Using Reputation Based Trust To Overcome Malfunctions And Malicious Failures In Electric Power Protection Systems, Jose E. Fadul
Theses and Dissertations
This dissertation advocates the use of reputation-based trust in conjunction with a trust management framework based on network flow techniques to form a trust management toolkit (TMT) for the defense of future Smart Grid enabled electric power grid from both malicious and non-malicious malfunctions. Increases in energy demand have prompted the implementation of Smart Grid technologies within the power grid. Smart Grid technologies enable Internet based communication capabilities within the power grid, but also increase the grid's vulnerability to cyber attacks. The benefits of TMT augmented electric power protection systems include: improved response times, added resilience to malicious and non-malicious …
Critical Information Technology On Fpgas Through Unique Device Specific Keys, Miles E. Mcgee
Critical Information Technology On Fpgas Through Unique Device Specific Keys, Miles E. Mcgee
Theses and Dissertations
Field Programmable Gate Arrays (FPGAs) are being used for military and other sensitive applications, the threat of an adversary attacking these devices is an ever present danger. While having the ability to be reconfigured is helpful for development, it also poses the risk of its hardware design being cloned. Static random access memory (SRAM) FPGA's are the most common type of FPGA used in industry. Every time an SRAM-FPGA is powered up, its configuration must be downloaded. If an adversary is able to obtain that configuration, they can clone sensitive designs to other FPGAs. A technique that can be used …
Host-Based Systemic Network Obfuscation System For Windows, Kevin E. Huber
Host-Based Systemic Network Obfuscation System For Windows, Kevin E. Huber
Theses and Dissertations
Network traffic identifies the operating system and services of the host that created the traffic. Current obfuscation programs focus solely on the Transport and Internet layer protocols of the TCP/IP model. Few obfuscation programs were developed to run on a Windows operating system to provide host-based obfuscation. Systemic Network Obfuscation System (SNOS) was developed to provide a thorough obfuscation process for network traffic on the Windows operating system. SNOS modifies the protocols found at all layers of the TCP/IP model to effectively obfuscate the Windows operating system and services running on the host.
Performance Analysis And Optimization Of The Winnow Secret Key Reconciliation Protocol, Kevin C. Lustic
Performance Analysis And Optimization Of The Winnow Secret Key Reconciliation Protocol, Kevin C. Lustic
Theses and Dissertations
Currently, private communications in public and government sectors rely on methods of cryptographic key distribution that will likely be rendered obsolete the moment a full-scale quantum computer is realized, or efficient classical methods of factoring are discovered. There are alternative methods for distributing secret key material in a post-quantum era. One example of a system capable of securely distributing cryptographic key material, known as Quantum Key Distribution (QKD), is secure against quantum factorization techniques as its security rests on generally accepted laws of quantum physics. QKD protocols typically include a phase called Error Reconciliation, a clear-text classical-channel discussion between legitimate …
Simultaneous Range/Velocity Detection With An Ultra-Wideband Random Noise Radar Through Fully Digital Cross-Correlation In The Time Domain, James R. Lievsay
Simultaneous Range/Velocity Detection With An Ultra-Wideband Random Noise Radar Through Fully Digital Cross-Correlation In The Time Domain, James R. Lievsay
Theses and Dissertations
This research effort examines the theory, application, and results of applying two-dimensional cross-correlation in the time domain to ultra-wideband (UWB) random noise waveforms for simultaneous range and velocity estimation. When applying common Doppler processing techniques to random noise waveforms for the purpose of velocity estimation, the velocity resolution degrades as the signal bandwidth or the target speed increase. To mitigate the degradation, the Doppler approximation is not utilized, and instead, wideband signal processing theory is applied in the time domain. The results show that by accurately interpolating each sample in the digitized reference signal, a target's velocity and range can …
Adaptive Quality Of Service Engine With Dynamic Queue Control, James D. Haught
Adaptive Quality Of Service Engine With Dynamic Queue Control, James D. Haught
Theses and Dissertations
While the current routing and congestion control algorithms in use today are often sufficient for networks with relatively static topology, these algorithms may not be sufficient for military networks where a certain level of quality of service (QoS) needs to be achieved to complete a mission. Current networking technology limits a network's ability to adapt to changes and interactions in the network, often resulting in sub-optimal performance. This research investigates the use of queue size predictions to create a network controller to optimize computer networks. These queue size predictions are made possible through the use of Kalman filters to detect …
Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji
Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji
Theses and Dissertations
This work presents a hybrid network-host monitoring strategy, which fuses data from both the network and the host to recognize malware infections. This work focuses on three categories: Normal, Scanning, and Infected. The network-host sensor fusion is accomplished by extracting 248 features from network traffic using the Fullstats Network Feature generator and from the host using text mining, looking at the frequency of the 500 most common strings and analyzing them as word vectors. Improvements to detection performance are made by synergistically fusing network features obtained from IP packet flows and host features, obtained from text mining port, processor, logon …
Covert Channels Within Irc, Wayne C. Henry
Covert Channels Within Irc, Wayne C. Henry
Theses and Dissertations
The exploration of advanced information hiding techniques is important to understand and defend against illicit data extractions over networks. Many techniques have been developed to covertly transmit data over networks, each differing in their capabilities, methods, and levels of complexity. This research introduces a new class of information hiding techniques for use over Internet Relay Chat (IRC), called the Variable Advanced Network IRC Stealth Handler (VANISH) system. Three methods for concealing information are developed under this framework to suit the needs of an attacker. These methods are referred to as the Throughput, Stealth, and Baseline scenarios. Each is designed for …
Overcoming Pose Limitations Of A Skin-Cued Histograms Of Oriented Gradients Dismount Detector Through Contextual Use Of Skin Islands And Multiple Support Vector Machines, Jonathon R. Climer
Overcoming Pose Limitations Of A Skin-Cued Histograms Of Oriented Gradients Dismount Detector Through Contextual Use Of Skin Islands And Multiple Support Vector Machines, Jonathon R. Climer
Theses and Dissertations
This thesis provides a novel visualization method to analyze the impact that articulations in dismount pose and camera aspect angle have on histograms of oriented gradients (HOG) features and eventual detections. Insights from these relationships are used to identify limitations in a state of the art skin cued HOG dismount detector's ability to detect poses not in a standard upright stances. Improvements to detector performance are made by further leveraging available skin information, reducing false detections by an additional order of magnitude. In addition, a method is outlined for training supplemental support vector machines (SVMs) from computer generated data, for …
Routing Uavs To Co-Optimize Mission Effectiveness And Network Performance With Dynamic Programming, Spenser D. Lee
Routing Uavs To Co-Optimize Mission Effectiveness And Network Performance With Dynamic Programming, Spenser D. Lee
Theses and Dissertations
In support of the Air Force Research Laboratory's (AFRL) vision of the layered sensing operations center, command and control intelligence surveillance and reconnaissance (C2ISR) more focus must be placed on architectures that support information systems, rather than just the information systems themselves. By extending the role of UAVs beyond simply intelligence, surveillance, and reconnaissance (ISR) operations and into a dual-role with networking operations we can better utilize our information assets. To achieve the goal of dual-role UAVs, a concrete approach to planning must be taken. This research defines a mathematical model and a non-trivial deterministic algorithmic approach to determining UAV …
Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy
Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy
Theses and Dissertations
There are many mechanisms that can cause inadequate or unreliable information in sensor networks. A user of the network might be interested in detecting and classifying specific sensors nodes causing these problems. Several network layer based trust methods have been developed in previous research to assess these issues; in contrast this work develops a trust protocol based on observations of physical layer data collected by the sensors. Observations of physical layer data are used for decisions and calculations, and are based on just the measurements collected by the sensors. Although this information is packaged and distributed on the network layer, …
An Architecture For Improving Timeliness And Relevance Of Cyber Incident Notifications, James L. Miller
An Architecture For Improving Timeliness And Relevance Of Cyber Incident Notifications, James L. Miller
Theses and Dissertations
This research proposes a communications architecture to deliver timely and relevant cyber incident notifications to dependent mission stakeholders. This architecture, modeled in Unified Modeling Language (UML), eschews the traditional method of pushing notifications via message as dictated in Air Force Instruction 33-138. It instead shifts to a pull or publish and subscribe method of making notifications. Shifting this paradigm improves the notification process by empowering mission owners to identify those resources on which they depend for mission accomplishment, provides a direct conduit between providing and dependent mission owners for notifications when an incident occurs, and provides a shared representation for …
Kernelized Locality-Sensitive Hashing For Fast Image Landmark Association, Mark A. Weems
Kernelized Locality-Sensitive Hashing For Fast Image Landmark Association, Mark A. Weems
Theses and Dissertations
As the concept of war has evolved, navigation in urban environments where GPS may be degraded is increasingly becoming more important. Two existing solutions are vision-aided navigation and vision-based Simultaneous Localization and Mapping (SLAM). The problem, however, is that vision-based navigation techniques can require excessive amounts of memory and increased computational complexity resulting in a decrease in speed. This research focuses on techniques to improve such issues by speeding up and optimizing the data association process in vision-based SLAM. Specifically, this work studies the current methods that algorithms use to associate a current robot pose to that of one previously …
Automated Analysis Of Arm Binaries Using The Low-Level Virtual Machine Compiler Framework, Jeffrey B. Scott
Automated Analysis Of Arm Binaries Using The Low-Level Virtual Machine Compiler Framework, Jeffrey B. Scott
Theses and Dissertations
Binary program analysis is a critical capability for offensive and defensive operations in Cyberspace. However, many current techniques are ineffective or time-consuming and few tools can analyze code compiled for embedded processors such as those used in network interface cards, control systems and mobile phones. This research designs and implements a binary analysis system, called the Architecture-independent Binary Abstracting Code Analysis System (ABACAS), which reverses the normal program compilation process, lifting binary machine code to the Low-Level Virtual Machine (LLVM) compiler's intermediate representation, thereby enabling existing security-related analyses to be applied to binary programs. The prototype targets ARM binaries but …
Creating A Network Model For The Integration Of Dynamic And Static Supervisory Control And Data Acquisition (Scada) Test Environment, Marlon Coerbell
Creating A Network Model For The Integration Of Dynamic And Static Supervisory Control And Data Acquisition (Scada) Test Environment, Marlon Coerbell
Theses and Dissertations
Since 9/11 protecting our critical infrastructure has become a national priority. Presidential Decision Directive 63 mandates and lays a foundation for ensuring all aspects of our nation's critical infrastructure remain secure. Key in this debate is the fact that much of our electrical power grid fails to meet the spirit of this requirement. My research leverages the power afforded by Electric Power and Communication Synchronizing Simulator (EPOCHS) developed with the assistance of Dr. Hopkinson, et al. The power environment is modeled in an electrical simulation environment called PowerWorld©. The network is modeled in OPNET® and populated with self-similar network and …
Trust Management And Security In Satellite Telecommand Processing, Mark C. Duncan
Trust Management And Security In Satellite Telecommand Processing, Mark C. Duncan
Theses and Dissertations
New standards and initiatives in satellite system architecture are moving the space industry to more open and efficient mission operations. Primarily, these standards allow multiple missions to share standard ground and space based resources to reduce mission development and sustainment costs. With the benefits of these new concepts comes added risk associated with threats to the security of our critical space assets in a contested space and cyberspace domain. As one method to mitigate threats to space missions, this research develops, implements, and tests the Consolidated Trust Management System (CTMS) for satellite flight software. The CTMS architecture was developed using …
Virtual Battlespace Behavior Generation Through Class Imitation, Bryon K. Fryer Jr.
Virtual Battlespace Behavior Generation Through Class Imitation, Bryon K. Fryer Jr.
Theses and Dissertations
Military organizations need realistic training scenarios to ensure mission readiness. Developing the skills required to differentiate combatants from non-combatants is very important for ensuring the international law of armed conflict is upheld. In Simulated Training Environments, one of the open challenges is to correctly simulate the appearance and behavior of combatant and non-combatant agents in a realistic manner. This thesis outlines the construction of a data driven agent that is capable of imitating the behaviors of the Virtual BattleSpace 2 behavior classes while our agent is configured to advance to a geographically specific goal. The approach and the resulting agent …
Dynamic Polymorphic Reconfiguration To Effectively “Cloak” A Circuit’S Function, Jeffrey L. Falkinburg
Dynamic Polymorphic Reconfiguration To Effectively “Cloak” A Circuit’S Function, Jeffrey L. Falkinburg
Theses and Dissertations
Today's society has become more dependent on the integrity and protection of digital information used in daily transactions resulting in an ever increasing need for information security. Additionally, the need for faster and more secure cryptographic algorithms to provide this information security has become paramount. Hardware implementations of cryptographic algorithms provide the necessary increase in throughput, but at a cost of leaking critical information. Side Channel Analysis (SCA) attacks allow an attacker to exploit the regular and predictable power signatures leaked by cryptographic functions used in algorithms such as RSA. In this research the focus on a means to counteract …
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
Theses and Dissertations
The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage …
Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson
Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson
Theses and Dissertations
Navigation in indoor and urban environments by small unmanned systems is a topic of interest for the Air Force. The Advanced Navigation Technology Center at the Air Force Institute of Technology is continually looking for novel approaches to navigation in GPS deprived environments. Inertial sensors have been coupled with image aided concepts, such as feature tracking, with good results. However, feature density in areas with large, flat, smooth surfaces tends to be low. Polarimetric sensors have been used for surface reconstruction, surface characterization and outdoor navigation. This thesis combines aspects of some of these algorithms along with a realistic, micro-facet …
Spear Phishing Attack Detection, David T. Merritt
Spear Phishing Attack Detection, David T. Merritt
Theses and Dissertations
This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe Reader, …
Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen
Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen
Theses and Dissertations
Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber …
Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling, Ryan T. Ostler
Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling, Ryan T. Ostler
Theses and Dissertations
Due to the growing sophisticated capabilities of advanced persistent cyber threats, it is necessary to understand and accurately assess cyber attack damage to digital assets. This thesis proposes a Defensive Cyber Battle Damage Assessment (DCBDA) process which utilizes the comprehensive understanding of all possible cyber attack methodologies captured in a Cyber Attack Methodology Exhaustive List (CAMEL). This research proposes CAMEL to provide detailed knowledge of cyber attack actions, methods, capabilities, forensic evidence and evidence collection methods. This product is modeled as an attack tree called the Cyber Attack Methodology Attack Tree (CAMAT). The proposed DCBDA process uses CAMAT to analyze …