Open Access. Powered by Scholars. Published by Universities.®
- Keyword
Articles 1 - 14 of 14
Full-Text Articles in Engineering
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
Theses and Dissertations
The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. …
Twitter Malware Collection System: An Automated Url Extraction And Examination Platform, Benjamin B. Kuhar
Twitter Malware Collection System: An Automated Url Extraction And Examination Platform, Benjamin B. Kuhar
Theses and Dissertations
As the world becomes more interconnected through various technological services and methods, the threat of malware is increasingly looming overhead. One avenue in particular that is examined in this research is the social networking service Twitter. This research develops the Twitter Malware Collection System (TMCS). This system gathers Uniform Resource Locators (URLs) posted on Twitter and scans them to determine if any are hosting malware. This scanning process is performed by a cluster of Virtual Machines (VMs) running a specified software configuration and the execution prevention system known as ESCAPE, which detects malicious code. When a URL is detected by …
Using Reputation Based Trust To Overcome Malfunctions And Malicious Failures In Electric Power Protection Systems, Jose E. Fadul
Using Reputation Based Trust To Overcome Malfunctions And Malicious Failures In Electric Power Protection Systems, Jose E. Fadul
Theses and Dissertations
This dissertation advocates the use of reputation-based trust in conjunction with a trust management framework based on network flow techniques to form a trust management toolkit (TMT) for the defense of future Smart Grid enabled electric power grid from both malicious and non-malicious malfunctions. Increases in energy demand have prompted the implementation of Smart Grid technologies within the power grid. Smart Grid technologies enable Internet based communication capabilities within the power grid, but also increase the grid's vulnerability to cyber attacks. The benefits of TMT augmented electric power protection systems include: improved response times, added resilience to malicious and non-malicious …
Host-Based Systemic Network Obfuscation System For Windows, Kevin E. Huber
Host-Based Systemic Network Obfuscation System For Windows, Kevin E. Huber
Theses and Dissertations
Network traffic identifies the operating system and services of the host that created the traffic. Current obfuscation programs focus solely on the Transport and Internet layer protocols of the TCP/IP model. Few obfuscation programs were developed to run on a Windows operating system to provide host-based obfuscation. Systemic Network Obfuscation System (SNOS) was developed to provide a thorough obfuscation process for network traffic on the Windows operating system. SNOS modifies the protocols found at all layers of the TCP/IP model to effectively obfuscate the Windows operating system and services running on the host.
Adaptive Quality Of Service Engine With Dynamic Queue Control, James D. Haught
Adaptive Quality Of Service Engine With Dynamic Queue Control, James D. Haught
Theses and Dissertations
While the current routing and congestion control algorithms in use today are often sufficient for networks with relatively static topology, these algorithms may not be sufficient for military networks where a certain level of quality of service (QoS) needs to be achieved to complete a mission. Current networking technology limits a network's ability to adapt to changes and interactions in the network, often resulting in sub-optimal performance. This research investigates the use of queue size predictions to create a network controller to optimize computer networks. These queue size predictions are made possible through the use of Kalman filters to detect …
Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji
Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji
Theses and Dissertations
This work presents a hybrid network-host monitoring strategy, which fuses data from both the network and the host to recognize malware infections. This work focuses on three categories: Normal, Scanning, and Infected. The network-host sensor fusion is accomplished by extracting 248 features from network traffic using the Fullstats Network Feature generator and from the host using text mining, looking at the frequency of the 500 most common strings and analyzing them as word vectors. Improvements to detection performance are made by synergistically fusing network features obtained from IP packet flows and host features, obtained from text mining port, processor, logon …
Covert Channels Within Irc, Wayne C. Henry
Covert Channels Within Irc, Wayne C. Henry
Theses and Dissertations
The exploration of advanced information hiding techniques is important to understand and defend against illicit data extractions over networks. Many techniques have been developed to covertly transmit data over networks, each differing in their capabilities, methods, and levels of complexity. This research introduces a new class of information hiding techniques for use over Internet Relay Chat (IRC), called the Variable Advanced Network IRC Stealth Handler (VANISH) system. Three methods for concealing information are developed under this framework to suit the needs of an attacker. These methods are referred to as the Throughput, Stealth, and Baseline scenarios. Each is designed for …
Routing Uavs To Co-Optimize Mission Effectiveness And Network Performance With Dynamic Programming, Spenser D. Lee
Routing Uavs To Co-Optimize Mission Effectiveness And Network Performance With Dynamic Programming, Spenser D. Lee
Theses and Dissertations
In support of the Air Force Research Laboratory's (AFRL) vision of the layered sensing operations center, command and control intelligence surveillance and reconnaissance (C2ISR) more focus must be placed on architectures that support information systems, rather than just the information systems themselves. By extending the role of UAVs beyond simply intelligence, surveillance, and reconnaissance (ISR) operations and into a dual-role with networking operations we can better utilize our information assets. To achieve the goal of dual-role UAVs, a concrete approach to planning must be taken. This research defines a mathematical model and a non-trivial deterministic algorithmic approach to determining UAV …
Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy
Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy
Theses and Dissertations
There are many mechanisms that can cause inadequate or unreliable information in sensor networks. A user of the network might be interested in detecting and classifying specific sensors nodes causing these problems. Several network layer based trust methods have been developed in previous research to assess these issues; in contrast this work develops a trust protocol based on observations of physical layer data collected by the sensors. Observations of physical layer data are used for decisions and calculations, and are based on just the measurements collected by the sensors. Although this information is packaged and distributed on the network layer, …
Creating A Network Model For The Integration Of Dynamic And Static Supervisory Control And Data Acquisition (Scada) Test Environment, Marlon Coerbell
Creating A Network Model For The Integration Of Dynamic And Static Supervisory Control And Data Acquisition (Scada) Test Environment, Marlon Coerbell
Theses and Dissertations
Since 9/11 protecting our critical infrastructure has become a national priority. Presidential Decision Directive 63 mandates and lays a foundation for ensuring all aspects of our nation's critical infrastructure remain secure. Key in this debate is the fact that much of our electrical power grid fails to meet the spirit of this requirement. My research leverages the power afforded by Electric Power and Communication Synchronizing Simulator (EPOCHS) developed with the assistance of Dr. Hopkinson, et al. The power environment is modeled in an electrical simulation environment called PowerWorld©. The network is modeled in OPNET® and populated with self-similar network and …
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
Theses and Dissertations
The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage …
Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson
Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson
Theses and Dissertations
Navigation in indoor and urban environments by small unmanned systems is a topic of interest for the Air Force. The Advanced Navigation Technology Center at the Air Force Institute of Technology is continually looking for novel approaches to navigation in GPS deprived environments. Inertial sensors have been coupled with image aided concepts, such as feature tracking, with good results. However, feature density in areas with large, flat, smooth surfaces tends to be low. Polarimetric sensors have been used for surface reconstruction, surface characterization and outdoor navigation. This thesis combines aspects of some of these algorithms along with a realistic, micro-facet …
Spear Phishing Attack Detection, David T. Merritt
Spear Phishing Attack Detection, David T. Merritt
Theses and Dissertations
This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe Reader, …
Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen
Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen
Theses and Dissertations
Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber …