Open Access. Powered by Scholars. Published by Universities.®

Computer Engineering Commons

Open Access. Powered by Scholars. Published by Universities.®

Articles 1 - 30 of 40

Full-Text Articles in Computer Engineering

Instantaneous Bandwidth Expansion Using Software Defined Radios, Nicholas D. Everett Mar 2019

Instantaneous Bandwidth Expansion Using Software Defined Radios, Nicholas D. Everett

Theses and Dissertations

The Stimulated Unintended Radiated Emissions (SURE) process has been proven capable of classifying a device (e.g. a loaded antenna) as either operational or defective. Currently, the SURE process utilizes a specialized noise radar which is bulky, expensive and not easily supported. With current technology advancements, Software Defined Radios (SDRs) have become more compact, more readily available and significantly cheaper. The research here examines whether multiple SDRs can be integrated to replace the current specialized ultra-wideband noise radar used with the SURE process. The research specifically targets whether or not multiple SDR sub-band collections can be combined to form a ...


Near Real-Time Rf-Dna Fingerprinting For Zigbee Devices Using Software Defined Radios, Frankie A. Cruz Mar 2019

Near Real-Time Rf-Dna Fingerprinting For Zigbee Devices Using Software Defined Radios, Frankie A. Cruz

Theses and Dissertations

Low-Rate Wireless Personal Area Network(s) (LR-WPAN) usage has increased as more consumers embrace Internet of Things (IoT) devices. ZigBee Physical Layer (PHY) is based on the Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 specification designed to provide a low-cost, low-power, and low-complexity solution for Wireless Sensor Network(s) (WSN). The standard’s extended battery life and reliability makes ZigBee WSN a popular choice for home automation, transportation, traffic management, Industrial Control Systems (ICS), and cyber-physical systems. As robust and versatile as the standard is, ZigBee remains vulnerable to a myriad of common network attacks. Previous research ...


Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano Mar 2019

Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano

Theses and Dissertations

Cyber defense analysts face the challenge of validating machine generated alerts regarding network-based security threats. Operations tempo and systematic manpower issues have increased the importance of these individual analyst decisions, since they typically are not reviewed or changed. Analysts may not always be confident in their decisions. If confidence can be accurately assessed, then analyst decisions made under low confidence can be independently reviewed and analysts can be offered decision assistance or additional training. This work investigates the utility of using neurophysiological and behavioral correlates of decision confidence to train machine learning models to infer confidence in analyst decisions. Electroencephalography ...


A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby Mar 2019

A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby

Theses and Dissertations

Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of ...


Progressive Network Deployment, Performance, And Control With Software-Defined Networking, Daniel J. Casey Mar 2018

Progressive Network Deployment, Performance, And Control With Software-Defined Networking, Daniel J. Casey

Theses and Dissertations

The inflexible nature of traditional computer networks has led to tightly-integrated systems that are inherently difficult to manage and secure. New designs move low-level network control into software creating software-defined networks (SDN). Augmenting an existing network with these enhancements can be expensive and complex. This research investigates solutions to these problems. It is hypothesized that an add-on device, or "shim" could be used to make a traditional switch behave as an OpenFlow SDN switch while maintaining reasonable performance. A design prototype is found to cause approximately 1.5% reduction in throughput for one ow and less than double increase in ...


Assured Android Execution Environments, Brandon P. Froberg Mar 2018

Assured Android Execution Environments, Brandon P. Froberg

Theses and Dissertations

Current cybersecurity best practices, techniques, tactics and procedures are insufficient to ensure the protection of Android systems. Software tools leveraging formal methods use mathematical means to assure both a design and implementation for a system and these methods can be used to provide security assurances. The goal of this research is to determine methods of assuring isolation when executing Android software in a contained environment. Specifically, this research demonstrates security properties relevant to Android software containers can be formally captured and validated, and that an implementation can be formally verified to satisfy a corresponding specification. A three-stage methodology called "The ...


Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman Mar 2018

Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman

Theses and Dissertations

As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause ...


Assessment Of Structure From Motion For Reconnaissance Augmentation And Bandwidth Usage Reduction, Jonathan B. Roeber Mar 2018

Assessment Of Structure From Motion For Reconnaissance Augmentation And Bandwidth Usage Reduction, Jonathan B. Roeber

Theses and Dissertations

Modern militaries rely upon remote image sensors for real-time intelligence. A typical remote system consists of an unmanned aerial vehicle, or UAV, with an attached camera. A video stream is sent from the UAV, through a bandwidth-constrained satellite connection, to an intelligence processing unit. In this research, an upgrade to this method of collection is proposed. A set of synthetic images of a scene captured by a UAV in a virtual environment is sent to a pipeline of computer vision algorithms, collectively known as Structure from Motion. The output of Structure from Motion, a three-dimensional model, is then assessed in ...


Quality Of Service Impacts Of A Moving Target Defense With Software-Defined Networking, Samuel A. Mayer Mar 2018

Quality Of Service Impacts Of A Moving Target Defense With Software-Defined Networking, Samuel A. Mayer

Theses and Dissertations

An analysis of the impact a defensive network technique implemented with software-defined networking has upon quality of service experienced by legitimate users. The research validates previous work conducted at AFIT to verify claims of defensive efficacy and then tests network protocols in common use (FTP, HTTP, IMAP, POP, RTP, SMTP, and SSH) on a network that uses this technique. Metrics that indicate the performance of the protocols under test are reported with respect to data gathered in a control network. The conclusions of these experiments enable network engineers to determine if this defensive technique is appropriate for the quality of ...


An Analysis Of Multi-Domain Command And Control And The Development Of Software Solutions Through Devops Toolsets And Practices, Mason R. Bruza Mar 2018

An Analysis Of Multi-Domain Command And Control And The Development Of Software Solutions Through Devops Toolsets And Practices, Mason R. Bruza

Theses and Dissertations

Multi-Domain Command and Control (MDC2) is the exercise of command and control over forces in multiple operational domains (namely air, land, sea, space, and cyberspace) in order to produce synergistic effects in the battlespace, and enhancing this capability has become a major focus area for the United States Air Force (USAF). In order to meet demands for MDC2 software, solutions need to be acquired and/or developed in a timely manner, information technology infrastructure needs to be adaptable to new software requirements, and user feedback needs to drive iterative updates to fielded software. In commercial organizations, agile software development methodologies ...


Autoprov: An Automated File Provenance Collection Tool, Ryan A. Good Mar 2017

Autoprov: An Automated File Provenance Collection Tool, Ryan A. Good

Theses and Dissertations

A file's provenance is a detailing of its origins and activities. There are tools available that are useful in maintaining the provenance of a file. Unfortunately for digital forensics, these tools require prior installation on the computer of interest while provenance generating events happen. The presented tool addresses this by reconstructing a file's provenance from several temporal artifacts. It identifies relevant temporal and user correlations between these artifacts, and presents them to the user. A variety of predefined use cases and real world data are tested against to demonstrate that this software allows examiners to draw useful conclusions ...


Applying Cyber Threat Intelligence To Industrial Control Systems, Matthew P. Sibiga Mar 2017

Applying Cyber Threat Intelligence To Industrial Control Systems, Matthew P. Sibiga

Theses and Dissertations

A cybersecurity initiative known as cyber threat intelligence (CTI) has recently been developed and deployed. The overall goal of this new technology is to help protect network infrastructures. Threat intelligence platforms (TIPs) have also been created to help facilitate CTI effectiveness within organizations. There are many benefits that both can achieve within the information technology (IT) sector. The industrial control system (ICS) sector can also benefit from these technologies as most ICS networks are connected to IT networks. CTI and TIPs become resourceful when using indicators of compromise (IOCs) from known ICS malware attacks and an open source intrusion detection ...


Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion Mar 2017

Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion

Theses and Dissertations

This research proposes AHNSR: Active Host-based Network Security Response by utilizing Host-based Intrusion Detection Systems (HIDS) with Software-Defined Networking (SDN) to enhance system security by allowing dynamic active response and reconstruction from a global network topology perspective. Responses include traffic redirection, host quarantining, filtering, and more. A testable SDN-controlled network is constructed with multiple hosts, OpenFlow enabled switches, and a Floodlight controller, all linked to a custom, novel interface for the Open-Source SECurity (OSSEC) HIDS framework. OSSEC is implemented in a server-agent architecture, allowing scalability and OS independence. System effectiveness is evaluated against the following factors: alert density and a ...


A Framework For Understanding, Prioritizing, And Applying Systems Security Engineering Processes, Activities, And Tasks, Stephen Khou Mar 2017

A Framework For Understanding, Prioritizing, And Applying Systems Security Engineering Processes, Activities, And Tasks, Stephen Khou

Theses and Dissertations

Current systems security practices lack an effective approach to prioritize and tailor systems security efforts to develop and field secure systems in challenging operational environments, which results in business and mission stakeholders becoming more susceptible to an array of disruptive events. This work informs Systems Engineers on recent developments in the field of system security engineering and provides a framework for more fully understanding the application of Systems Security Engineering (SSE) processes, activities, and tasks as described in the recently released National Institute of Standards and Technology (NIST) Special Publication 800-160. This SSE framework uniquely offers a repeatable and tailorable ...


A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley Mar 2017

A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley

Theses and Dissertations

First responders and professionals in hazardous occupations undergo training and evaluations for the purpose of mitigating risk and damage. For example, helicopter pilots train with multiple categorized simulations that increase in complexity before flying a real aircraft. However in the industrial control cyber incident response domain, where incident response professionals help detect, respond and recover from cyber incidents, no official categorization of training environments exist. To address this gap, this thesis provides a categorization of industrial control training environments based on realism. Four levels of environments are proposed and mapped to Blooms Taxonomy. This categorization will help organizations determine which ...


An Analysis Of Conus Based Deployment Of Pseudolites For Positioning, Navigation And Timing (Pnt) Systems, Justin H. Deifel, Albert J. Pena Sep 2015

An Analysis Of Conus Based Deployment Of Pseudolites For Positioning, Navigation And Timing (Pnt) Systems, Justin H. Deifel, Albert J. Pena

Theses and Dissertations

The Global Positioning System (GPS) developed and operated by the United States Air Force (USAF) provides a way for users to determine position, navigation and timing (PNT). GPS provides an extraordinary capability that has become instrumental in all aspects of our day to day lives. As new technologies such as automated vehicles and unmanned aircraft continue to be developed, a reliable back up to GPS is required to ensure the PNT data generated in these systems is accurate. This research studies a potential architecture for deploying a nationwide network of ground based pseudolites that would act to supplement and backup ...


Applied Hypergame Theory For Network Defense, Alan S. Gibson Jun 2013

Applied Hypergame Theory For Network Defense, Alan S. Gibson

Theses and Dissertations

Cyber operations are the most important aspect of military conflicts in the 21st century, but unfortunately they are also among the least understood. The continual battle for network dominance between attackers and defenders is considered to be a complex game. Hypergame theory is an extension of game theory that addresses the kind of games where misperception exists, as is often the case in military engagements. Hypergame theory, like game theory, uses a game model to determine strategy selection, but goes beyond game theory by examining subgames that exist within the full game. The inclusion of misperception and misinformation in the ...


Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan Mar 2013

Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan

Theses and Dissertations

Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research ...


Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley Mar 2013

Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley

Theses and Dissertations

In cyberspace, attackers commonly infect computer systems with malware to gain capabilities such as remote access, keylogging, and stealth. Many malware samples include rootkit functionality to hide attacker activities on the target system. After detection, users can remove the rootkit and associated malware from the system with commercial tools. This research describes, implements, and evaluates a clean boot method using two partitions to detect rootkits on a system. One partition is potentially infected with a rootkit while the other is clean. The method obtains directory listings of the potentially infected operating system from each partition and compares the lists to ...


Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel Sep 2012

Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel

Theses and Dissertations

Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are ...


A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube Sep 2011

A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube

Theses and Dissertations

The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and ...


Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji Mar 2011

Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji

Theses and Dissertations

This work presents a hybrid network-host monitoring strategy, which fuses data from both the network and the host to recognize malware infections. This work focuses on three categories: Normal, Scanning, and Infected. The network-host sensor fusion is accomplished by extracting 248 features from network traffic using the Fullstats Network Feature generator and from the host using text mining, looking at the frequency of the 500 most common strings and analyzing them as word vectors. Improvements to detection performance are made by synergistically fusing network features obtained from IP packet flows and host features, obtained from text mining port, processor, logon ...


Kernelized Locality-Sensitive Hashing For Fast Image Landmark Association, Mark A. Weems Mar 2011

Kernelized Locality-Sensitive Hashing For Fast Image Landmark Association, Mark A. Weems

Theses and Dissertations

As the concept of war has evolved, navigation in urban environments where GPS may be degraded is increasingly becoming more important. Two existing solutions are vision-aided navigation and vision-based Simultaneous Localization and Mapping (SLAM). The problem, however, is that vision-based navigation techniques can require excessive amounts of memory and increased computational complexity resulting in a decrease in speed. This research focuses on techniques to improve such issues by speeding up and optimizing the data association process in vision-based SLAM. Specifically, this work studies the current methods that algorithms use to associate a current robot pose to that of one previously ...


Spear Phishing Attack Detection, David T. Merritt Mar 2011

Spear Phishing Attack Detection, David T. Merritt

Theses and Dissertations

This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe ...


An Architecture For Improving Timeliness And Relevance Of Cyber Incident Notifications, James L. Miller Mar 2011

An Architecture For Improving Timeliness And Relevance Of Cyber Incident Notifications, James L. Miller

Theses and Dissertations

This research proposes a communications architecture to deliver timely and relevant cyber incident notifications to dependent mission stakeholders. This architecture, modeled in Unified Modeling Language (UML), eschews the traditional method of pushing notifications via message as dictated in Air Force Instruction 33-138. It instead shifts to a pull or publish and subscribe method of making notifications. Shifting this paradigm improves the notification process by empowering mission owners to identify those resources on which they depend for mission accomplishment, provides a direct conduit between providing and dependent mission owners for notifications when an incident occurs, and provides a shared representation for ...


Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen Mar 2011

Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen

Theses and Dissertations

Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like ...


Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling, Ryan T. Ostler Mar 2011

Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling, Ryan T. Ostler

Theses and Dissertations

Due to the growing sophisticated capabilities of advanced persistent cyber threats, it is necessary to understand and accurately assess cyber attack damage to digital assets. This thesis proposes a Defensive Cyber Battle Damage Assessment (DCBDA) process which utilizes the comprehensive understanding of all possible cyber attack methodologies captured in a Cyber Attack Methodology Exhaustive List (CAMEL). This research proposes CAMEL to provide detailed knowledge of cyber attack actions, methods, capabilities, forensic evidence and evidence collection methods. This product is modeled as an attack tree called the Cyber Attack Methodology Attack Tree (CAMAT). The proposed DCBDA process uses CAMAT to analyze ...


A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock Mar 2011

A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock

Theses and Dissertations

The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage ...


Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy Mar 2011

Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy

Theses and Dissertations

There are many mechanisms that can cause inadequate or unreliable information in sensor networks. A user of the network might be interested in detecting and classifying specific sensors nodes causing these problems. Several network layer based trust methods have been developed in previous research to assess these issues; in contrast this work develops a trust protocol based on observations of physical layer data collected by the sensors. Observations of physical layer data are used for decisions and calculations, and are based on just the measurements collected by the sensors. Although this information is packaged and distributed on the network layer ...


Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey Sep 2010

Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey

Theses and Dissertations

This research effort examines the theory, application, and results for a Reputation-based Internet Protocol Security (RIPSec) framework that provides security for an ad-hoc network operating in a hostile environment. In RIPSec, protection from external threats is provided in the form of encrypted communication links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that assigns reputations to nodes based on their demonstrated participation in the routing process. Network availability is provided by behavior grading and round-robin multipath routing. If a node behaves faithfully, it earns a positive reputation over time. If a node misbehaves (for any number of ...