Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Computer networks--Security measures (12)
- #antcenter (8)
- Computer security (6)
- Center_CCR (4)
- Cybersecurity (4)
-
- Cryptography (3)
- Internet (3)
- Machine learning (3)
- Software-Defined Networking (3)
- Blockchain (2)
- Bluetooth (2)
- Computer networks (2)
- Computer viruses (2)
- Computerized simulation (2)
- Cyberterrorism--Prevention (2)
- Data encryption (Computer science) (2)
- Data protection (2)
- Decision confidence (2)
- Electronic data processing--Distributed processing (2)
- Internet telephony (2)
- Mobile computing (2)
- Pattern recognition systems (2)
- Wireless LANs (2)
- Wireless communication systems (2)
- AFSIM (1)
- AOC Pathfinder (1)
- Abstract intrepretation (1)
- Ad hoc networks (Computer networks) (1)
- Ad hoc networks (Computer networks)--Security measures (1)
- Air warfare--Simulation methods (1)
- Publication Year
- Publication
- Publication Type
Articles 1 - 30 of 92
Full-Text Articles in Computer Engineering
Passive Physical Layer Distinct Native Attribute Cyber Security Monitor, Christopher M. Rondeau, Michael A. Temple, Juan Lopez Jr, J. Addison Betances
Passive Physical Layer Distinct Native Attribute Cyber Security Monitor, Christopher M. Rondeau, Michael A. Temple, Juan Lopez Jr, J. Addison Betances
AFIT Patents
A method for cyber security monitor includes monitoring a network interface that is input-only configured to surreptitiously and covertly receive bit-level, physical layer communication between networked control and sensor field devices. During a training mode, a baseline distinct native attribute (DNA) fingerprint is generated for each networked field device. During a protection mode, a current DNA fingerprint is generated for each networked field device. The current DNA fingerprint is compared to the baseline DNA fingerprint for each networked field device. In response to detect at least one of RAA and PAA based on a change in the current DNA fingerprint …
Quantifying Dds-Cerberus Network Control Overhead, Andrew T. Park, Nathaniel R. Peck, Richard Dill, Douglas D. Hodson, Michael R. Grimaila, Wayne C. Henry
Quantifying Dds-Cerberus Network Control Overhead, Andrew T. Park, Nathaniel R. Peck, Richard Dill, Douglas D. Hodson, Michael R. Grimaila, Wayne C. Henry
Faculty Publications
Securing distributed device communication is critical because the private industry and the military depend on these resources. One area that adversaries target is the middleware, which is the medium that connects different systems. This paper evaluates a novel security layer, DDS-Cerberus (DDS-C), that protects in-transit data and improves communication efficiency on data-first distribution systems. This research contributes a distributed robotics operating system testbed and designs a multifactorial performance-based experiment to evaluate DDS-C efficiency and security by assessing total packet traffic generated in a robotics network. The performance experiment follows a 2:1 publisher to subscriber node ratio, varying the number of …
Exploiting The Iot Through Network-Based Covert Channels, Kyle S. Harris
Exploiting The Iot Through Network-Based Covert Channels, Kyle S. Harris
Theses and Dissertations
Information leaks are a top concern to industry and government leaders. The IoT is a technology capable of sensing real-world events. A method for exfiltrating data from these devices is by covert channel. This research designs a novel IoT CTC without the need for inter-packet delays to encode data. Instead, it encodes data within preexisting network information, namely ports or addresses. Additionally, the CTC can be implemented in two different modes: Stealth and Bandwidth. Performance is measured using throughput and detectability. The Stealth methods mimic legitimate traffic captures while the Bandwidth methods forgo this approach for maximum throughput. Detection results …
Securing Infiniband Networks With End-Point Encryption, Noah B. Diamond
Securing Infiniband Networks With End-Point Encryption, Noah B. Diamond
Theses and Dissertations
The NVIDIA-Mellanox Bluefield-2 is a 100 Gbps high-performance network interface which offers hardware offload and acceleration features that can operate directly on network traffic without routine involvement from the ARM CPU. This allows the ARM multi-core CPU to orchestrate the hardware to perform operations on both Ethernet and RDMA traffic at high rates rather than processing all the traffic directly. A testbed called TNAP was created for performance testing and a MiTM verification process called MiTMVMP is used to ensure proper network configuration. The hardware accelerators of the Bluefield-2 support a throughput of nearly 86 Gbps when using IPsec to …
Effect Of Connection State & Transport/Application Protocol On The Machine Learning Outlier Detection Of Network Intrusions, George Yuchi [*], Torrey J. Wagner, Paul Auclair, Brent T. Langhals
Effect Of Connection State & Transport/Application Protocol On The Machine Learning Outlier Detection Of Network Intrusions, George Yuchi [*], Torrey J. Wagner, Paul Auclair, Brent T. Langhals
Faculty Publications
The majority of cyber infiltration & exfiltration intrusions leave a network footprint, and due to the multi-faceted nature of detecting network intrusions, it is often difficult to detect. In this work a Zeek-processed PCAP dataset containing the metadata of 36,667 network packets was modeled with several machine learning algorithms to classify normal vs. anomalous network activity. Principal component analysis with a 10% contamination factor was used to identify anomalous behavior. Models were created using recursive feature elimination on logistic regression and XGBClassifier algorithms, and also using Bayesian and bandit optimization of neural network hyperparameters. These models were trained on a …
Traffic Collision Avoidance System: False Injection Viability, John Hannah, Robert F. Mills, Richard A. Dill, Douglas D. Hodson
Traffic Collision Avoidance System: False Injection Viability, John Hannah, Robert F. Mills, Richard A. Dill, Douglas D. Hodson
Faculty Publications
Safety is a simple concept but an abstract task, specifically with aircraft. One critical safety system, the Traffic Collision Avoidance System II (TCAS), protects against mid-air collisions by predicting the course of other aircraft, determining the possibility of collision, and issuing a resolution advisory for avoidance. Previous research to identify vulnerabilities associated with TCAS’s communication processes discovered that a false injection attack presents the most comprehensive risk to veritable trust in TCAS, allowing for a mid-air collision. This research explores the viability of successfully executing a false injection attack against a target aircraft, triggering a resolution advisory. Monetary constraints precluded …
Infiniband Network Monitoring: Challenges And Possibilities, Kyle D. Hintze
Infiniband Network Monitoring: Challenges And Possibilities, Kyle D. Hintze
Theses and Dissertations
Within the realm of High Performance Computing, the InfiniBand Architecture is among the leading interconnects used today. Capable of providing high bandwidth and low latency, InfiniBand is finding applications outside the High Performance Computing domain. One of these is critical infrastructure, encompassing almost all essential sectors as the work force becomes more connected. InfiniBand is not immune to security risks, as prior research has shown that common traffic analyzing tools cannot effectively monitor InfiniBand traffic transmitted between hosts, due to the kernel bypass nature of the IBA in conjunction with Remote Direct Memory Access operations. If Remote Direct Memory Access …
Automated Network Exploitation Utilizing Bayesian Decision Networks, Graeme M. Roberts
Automated Network Exploitation Utilizing Bayesian Decision Networks, Graeme M. Roberts
Theses and Dissertations
Computer Network Exploitation (CNE) is the process of using tactics and techniques to penetrate computer systems and networks in order to achieve desired effects. It is currently a manual process requiring significant experience and time that are in limited supply. This thesis presents the Automated Network Discovery and Exploitation System (ANDES) which demonstrates that it is feasible to automate the CNE process. The uniqueness of ANDES is the use of Bayesian decision networks to represent the CNE domain and subject matter expert knowledge. ANDES conducts multiple execution cycles, which build upon previous action results. Cycles begin by modeling the current …
Exploring Fog Of War Concepts In Wargame Scenarios, Dillon N. Tryhorn
Exploring Fog Of War Concepts In Wargame Scenarios, Dillon N. Tryhorn
Theses and Dissertations
This thesis explores fog of war concepts through three submitted journal articles. The Department of Defense and U.S. Air Force are attempting to analyze war scenarios to aid the decision-making process; fog modeling improves realism in these wargame scenarios. The first article "Navigating an Enemy Contested Area with a Parallel Search Algorithm" [1] investigates a parallel algorithm's speedup, compared to the sequential implementation, with varying map configurations in a tile-based wargame. The parallel speedup tends to exceed 50 but in certain situations. The sequential algorithm outperforms it depending on the configuration of enemy location and amount on the map. The …
Enumerating And Locating Bluetooth Devices For Casualty Recovery In A First-Responder Environment, Justin M. Durham
Enumerating And Locating Bluetooth Devices For Casualty Recovery In A First-Responder Environment, Justin M. Durham
Theses and Dissertations
It is difficult for first-responders to quickly locate casualties in an emergency environment such as an explosion or natural disaster. In order to provide another tool to locate individuals, this research attempts to identify and estimate the location of devices that would likely be located on or with a person. A variety of devices, such as phones, smartwatches, and Bluetooth-enabled locks, are tested in multiple environments and at various heights to determine the impact that placement and interference played in locating the devices. The hypothesis is that most Bluetooth devices can be successfully enumerated quickly, but cannot be accurately located …
Remote Monitoring Of Memory Data Structures For Malware Detection In A Talos Ii Architecture, Robert A. Willburn
Remote Monitoring Of Memory Data Structures For Malware Detection In A Talos Ii Architecture, Robert A. Willburn
Theses and Dissertations
New forms of malware, namely xC;leless malware and rootkits, pose a threat to traditional anti-malware. In particular, Rootkits have the capacity to obscure the present state of memory from the user space of a target machine. If thishappens, anti-malware running in the user space of an axB;ected machine cannot be trusted to operate properly. To combat this threat, this research proposes the remote monitoring of memory from a second, secure processor runningOpenBMC, serving as a baseboard management controller for a POWER9 processor, which is assumed vulnerable to exploitation. The baseboard management controller includes an application called pdbg, used for debugging …
Long Distance Bluetooth Low Energy Exploitation On A Wireless Attack Platform, Stephanie L. Long
Long Distance Bluetooth Low Energy Exploitation On A Wireless Attack Platform, Stephanie L. Long
Theses and Dissertations
In the past decade, embedded technology, known as the Internet of Things, has expanded for many uses. The smart home infrastructure has drastically grown to include networked refrigerators, lighting systems, speakers, watches, and more. This increase in the use of wireless protocols provides a larger attack surface for cyber actors than ever before. Wireless loT traffic is susceptible for sniffing by an attacker. The attack platform skypie is upgraded to incorporate Bluetooth Low Energy (BLE) beacon collection for pattern-of-life data, as well as device characteristic enumeration and potential characteristic modification. This platform allows an attacker to mount the skypie to …
Direct Digital Synthesis: A Flexible Architecture For Advanced Signals Research For Future Satellite Navigation Payloads, Pranav R. Patel
Direct Digital Synthesis: A Flexible Architecture For Advanced Signals Research For Future Satellite Navigation Payloads, Pranav R. Patel
Theses and Dissertations
In legacy Global Positioning System (GPS) Satellite Navigation (SatNav) payloads, the architecture does not provide the flexibility to adapt to changing circumstances and environments. GPS SatNav payloads have largely remained unchanged since the system became fully operational in April 1995. Since then, the use of GPS has become ubiquitous in our day-to-day lives. GPS availability is now a basic assumption for distributed infrastructure; it has become inextricably tied to our national power grids, cellular networks, and global financial systems. Emerging advancements of easy to use radio technologies, such as software-defined radios (SDRs), have greatly lowered the difficulty of discovery and …
Joint 1d And 2d Neural Networks For Automatic Modulation Recognition, Luis M. Rosario Morel
Joint 1d And 2d Neural Networks For Automatic Modulation Recognition, Luis M. Rosario Morel
Theses and Dissertations
The digital communication and radar community has recently manifested more interest in using data-driven approaches for tasks such as modulation recognition, channel estimation and distortion correction. In this research we seek to apply an object detector for parameter estimation to perform waveform separation in the time and frequency domain prior to classification. This enables the full automation of detecting and classifying simultaneously occurring waveforms. We leverage a lD ResNet implemented by O'Shea et al. in [1] and the YOLO v3 object detector designed by Redmon et al. in [2]. We conducted an in depth study of the performance of these …
Sliver: Simulation-Based Logic Bomb Identification/Verification For Unmanned Aerial Vehicles, Jake M. Magness
Sliver: Simulation-Based Logic Bomb Identification/Verification For Unmanned Aerial Vehicles, Jake M. Magness
Theses and Dissertations
This research introduces SLIVer, a Simulation-based Logic Bomb Identification/Verification methodology, for finding logic bombs hidden within Unmanned Aerial Vehicle (UAV) autopilot code without having access to the device source code. Effectiveness is demonstrated by executing a series of test missions within a high-fidelity software-in-the-loop (SITL) simulator. In the event that a logic bomb is not detected, this methodology defines safe operating areas for UAVs to ensure to a high degree of confidence the UAV operates normally on the defined flight plan. SLIVer uses preplanned flight paths as the baseline input space, greatly reducing the input space that must be searched …
Developing A Serious Game To Explore Joint All Domain Command And Control, Nathaniel W. Flack
Developing A Serious Game To Explore Joint All Domain Command And Control, Nathaniel W. Flack
Theses and Dissertations
Changes in the geopolitical landscape and increasing technological complexity have prompted the U.S. Military to coin Multi-Domain Operations (MDO) and Joint All-Domain Command and Control as terms to describe an over-arching strategy that frames the complexity of warfare across both traditional and emerging warfighting domains. Teaching new and advanced concepts associated with these terms requires both innovation as well as distinct education and training tools in order to realize the cultural change advocated by senior military leaders. BSN, a Collectible Card Game, was developed to teach concepts integral to MDO and initiate discussion on military strategy.
Interoperable Ads-B Confidentiality, Brandon C. Burfeind
Interoperable Ads-B Confidentiality, Brandon C. Burfeind
Theses and Dissertations
The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
Theses and Dissertations
Cooperative agent and robot systems are designed so that each is working toward the same common good. The problem is that the software systems are extremely complex and can be subverted by an adversary to either break the system or potentially worse, create sneaky agents who are willing to cooperate when the stakes are low and take selfish, greedy actions when the rewards rise. This research focuses on the ability of a group of agents to reason about the trustworthiness of each other and make decisions about whether to cooperate. A trust-based interactive partially observable Markov decision process (TI-POMDP) is …
Instantaneous Bandwidth Expansion Using Software Defined Radios, Nicholas D. Everett
Instantaneous Bandwidth Expansion Using Software Defined Radios, Nicholas D. Everett
Theses and Dissertations
The Stimulated Unintended Radiated Emissions (SURE) process has been proven capable of classifying a device (e.g. a loaded antenna) as either operational or defective. Currently, the SURE process utilizes a specialized noise radar which is bulky, expensive and not easily supported. With current technology advancements, Software Defined Radios (SDRs) have become more compact, more readily available and significantly cheaper. The research here examines whether multiple SDRs can be integrated to replace the current specialized ultra-wideband noise radar used with the SURE process. The research specifically targets whether or not multiple SDR sub-band collections can be combined to form a wider …
Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano
Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano
Theses and Dissertations
Cyber defense analysts face the challenge of validating machine generated alerts regarding network-based security threats. Operations tempo and systematic manpower issues have increased the importance of these individual analyst decisions, since they typically are not reviewed or changed. Analysts may not always be confident in their decisions. If confidence can be accurately assessed, then analyst decisions made under low confidence can be independently reviewed and analysts can be offered decision assistance or additional training. This work investigates the utility of using neurophysiological and behavioral correlates of decision confidence to train machine learning models to infer confidence in analyst decisions. Electroencephalography …
Near Real-Time Rf-Dna Fingerprinting For Zigbee Devices Using Software Defined Radios, Frankie A. Cruz
Near Real-Time Rf-Dna Fingerprinting For Zigbee Devices Using Software Defined Radios, Frankie A. Cruz
Theses and Dissertations
Low-Rate Wireless Personal Area Network(s) (LR-WPAN) usage has increased as more consumers embrace Internet of Things (IoT) devices. ZigBee Physical Layer (PHY) is based on the Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 specification designed to provide a low-cost, low-power, and low-complexity solution for Wireless Sensor Network(s) (WSN). The standard’s extended battery life and reliability makes ZigBee WSN a popular choice for home automation, transportation, traffic management, Industrial Control Systems (ICS), and cyber-physical systems. As robust and versatile as the standard is, ZigBee remains vulnerable to a myriad of common network attacks. Previous research involving Radio Frequency-Distinct Native Attribute …
A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby
A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby
Theses and Dissertations
Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …
Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman
Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman
Theses and Dissertations
As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause …
Progressive Network Deployment, Performance, And Control With Software-Defined Networking, Daniel J. Casey
Progressive Network Deployment, Performance, And Control With Software-Defined Networking, Daniel J. Casey
Theses and Dissertations
The inflexible nature of traditional computer networks has led to tightly-integrated systems that are inherently difficult to manage and secure. New designs move low-level network control into software creating software-defined networks (SDN). Augmenting an existing network with these enhancements can be expensive and complex. This research investigates solutions to these problems. It is hypothesized that an add-on device, or "shim" could be used to make a traditional switch behave as an OpenFlow SDN switch while maintaining reasonable performance. A design prototype is found to cause approximately 1.5% reduction in throughput for one ow and less than double increase in latency, …
Assured Android Execution Environments, Brandon P. Froberg
Assured Android Execution Environments, Brandon P. Froberg
Theses and Dissertations
Current cybersecurity best practices, techniques, tactics and procedures are insufficient to ensure the protection of Android systems. Software tools leveraging formal methods use mathematical means to assure both a design and implementation for a system and these methods can be used to provide security assurances. The goal of this research is to determine methods of assuring isolation when executing Android software in a contained environment. Specifically, this research demonstrates security properties relevant to Android software containers can be formally captured and validated, and that an implementation can be formally verified to satisfy a corresponding specification. A three-stage methodology called "The …
An Analysis Of Multi-Domain Command And Control And The Development Of Software Solutions Through Devops Toolsets And Practices, Mason R. Bruza
An Analysis Of Multi-Domain Command And Control And The Development Of Software Solutions Through Devops Toolsets And Practices, Mason R. Bruza
Theses and Dissertations
Multi-Domain Command and Control (MDC2) is the exercise of command and control over forces in multiple operational domains (namely air, land, sea, space, and cyberspace) in order to produce synergistic effects in the battlespace, and enhancing this capability has become a major focus area for the United States Air Force (USAF). In order to meet demands for MDC2 software, solutions need to be acquired and/or developed in a timely manner, information technology infrastructure needs to be adaptable to new software requirements, and user feedback needs to drive iterative updates to fielded software. In commercial organizations, agile software development methodologies and …
Quality Of Service Impacts Of A Moving Target Defense With Software-Defined Networking, Samuel A. Mayer
Quality Of Service Impacts Of A Moving Target Defense With Software-Defined Networking, Samuel A. Mayer
Theses and Dissertations
An analysis of the impact a defensive network technique implemented with software-defined networking has upon quality of service experienced by legitimate users. The research validates previous work conducted at AFIT to verify claims of defensive efficacy and then tests network protocols in common use (FTP, HTTP, IMAP, POP, RTP, SMTP, and SSH) on a network that uses this technique. Metrics that indicate the performance of the protocols under test are reported with respect to data gathered in a control network. The conclusions of these experiments enable network engineers to determine if this defensive technique is appropriate for the quality of …
Assessment Of Structure From Motion For Reconnaissance Augmentation And Bandwidth Usage Reduction, Jonathan B. Roeber
Assessment Of Structure From Motion For Reconnaissance Augmentation And Bandwidth Usage Reduction, Jonathan B. Roeber
Theses and Dissertations
Modern militaries rely upon remote image sensors for real-time intelligence. A typical remote system consists of an unmanned aerial vehicle, or UAV, with an attached camera. A video stream is sent from the UAV, through a bandwidth-constrained satellite connection, to an intelligence processing unit. In this research, an upgrade to this method of collection is proposed. A set of synthetic images of a scene captured by a UAV in a virtual environment is sent to a pipeline of computer vision algorithms, collectively known as Structure from Motion. The output of Structure from Motion, a three-dimensional model, is then assessed in …
Transferable Multiparty Computation, Michael R. Clark, Kenneth M. Hopkinson
Transferable Multiparty Computation, Michael R. Clark, Kenneth M. Hopkinson
AFIT Patents
A method and apparatus are provided for secure multiparty computation. A set of first parties is selected from a plurality of first parties for computation. Inputs for computation associated with each party in the set of first parties are divided into shares to be sent to other parties in the set of first parties. The computation on the shares is performed by the set of first parties using multiparty computation functions. In response to a trigger event, shares of the set of first parties are transferred to a set of second parties selected from a plurality of second parties. The …
Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion
Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion
Theses and Dissertations
This research proposes AHNSR: Active Host-based Network Security Response by utilizing Host-based Intrusion Detection Systems (HIDS) with Software-Defined Networking (SDN) to enhance system security by allowing dynamic active response and reconstruction from a global network topology perspective. Responses include traffic redirection, host quarantining, filtering, and more. A testable SDN-controlled network is constructed with multiple hosts, OpenFlow enabled switches, and a Floodlight controller, all linked to a custom, novel interface for the Open-Source SECurity (OSSEC) HIDS framework. OSSEC is implemented in a server-agent architecture, allowing scalability and OS independence. System effectiveness is evaluated against the following factors: alert density and a …