Open Access. Powered by Scholars. Published by Universities.®

Computer Engineering Commons

Open Access. Powered by Scholars. Published by Universities.®

Computer Sciences

Theses and Dissertations

Articles 61 - 90 of 109

Full-Text Articles in Computer Engineering

Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan Mar 2013

Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan

Theses and Dissertations

Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a …

Go to article

Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel Sep 2012

Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel

Theses and Dissertations

Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …

Go to article

A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube Sep 2011

A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube

Theses and Dissertations

The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. …

Go to article

Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji Mar 2011

Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji

Theses and Dissertations

This work presents a hybrid network-host monitoring strategy, which fuses data from both the network and the host to recognize malware infections. This work focuses on three categories: Normal, Scanning, and Infected. The network-host sensor fusion is accomplished by extracting 248 features from network traffic using the Fullstats Network Feature generator and from the host using text mining, looking at the frequency of the 500 most common strings and analyzing them as word vectors. Improvements to detection performance are made by synergistically fusing network features obtained from IP packet flows and host features, obtained from text mining port, processor, logon …

Go to article

Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy Mar 2011

Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy

Theses and Dissertations

There are many mechanisms that can cause inadequate or unreliable information in sensor networks. A user of the network might be interested in detecting and classifying specific sensors nodes causing these problems. Several network layer based trust methods have been developed in previous research to assess these issues; in contrast this work develops a trust protocol based on observations of physical layer data collected by the sensors. Observations of physical layer data are used for decisions and calculations, and are based on just the measurements collected by the sensors. Although this information is packaged and distributed on the network layer, …

Go to article

An Architecture For Improving Timeliness And Relevance Of Cyber Incident Notifications, James L. Miller Mar 2011

An Architecture For Improving Timeliness And Relevance Of Cyber Incident Notifications, James L. Miller

Theses and Dissertations

This research proposes a communications architecture to deliver timely and relevant cyber incident notifications to dependent mission stakeholders. This architecture, modeled in Unified Modeling Language (UML), eschews the traditional method of pushing notifications via message as dictated in Air Force Instruction 33-138. It instead shifts to a pull or publish and subscribe method of making notifications. Shifting this paradigm improves the notification process by empowering mission owners to identify those resources on which they depend for mission accomplishment, provides a direct conduit between providing and dependent mission owners for notifications when an incident occurs, and provides a shared representation for …

Go to article

Kernelized Locality-Sensitive Hashing For Fast Image Landmark Association, Mark A. Weems Mar 2011

Kernelized Locality-Sensitive Hashing For Fast Image Landmark Association, Mark A. Weems

Theses and Dissertations

As the concept of war has evolved, navigation in urban environments where GPS may be degraded is increasingly becoming more important. Two existing solutions are vision-aided navigation and vision-based Simultaneous Localization and Mapping (SLAM). The problem, however, is that vision-based navigation techniques can require excessive amounts of memory and increased computational complexity resulting in a decrease in speed. This research focuses on techniques to improve such issues by speeding up and optimizing the data association process in vision-based SLAM. Specifically, this work studies the current methods that algorithms use to associate a current robot pose to that of one previously …

Go to article

A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock Mar 2011

A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock

Theses and Dissertations

The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage …

Go to article

Spear Phishing Attack Detection, David T. Merritt Mar 2011

Spear Phishing Attack Detection, David T. Merritt

Theses and Dissertations

This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe Reader, …

Go to article

Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen Mar 2011

Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen

Theses and Dissertations

Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber …

Go to article

Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling, Ryan T. Ostler Mar 2011

Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling, Ryan T. Ostler

Theses and Dissertations

Due to the growing sophisticated capabilities of advanced persistent cyber threats, it is necessary to understand and accurately assess cyber attack damage to digital assets. This thesis proposes a Defensive Cyber Battle Damage Assessment (DCBDA) process which utilizes the comprehensive understanding of all possible cyber attack methodologies captured in a Cyber Attack Methodology Exhaustive List (CAMEL). This research proposes CAMEL to provide detailed knowledge of cyber attack actions, methods, capabilities, forensic evidence and evidence collection methods. This product is modeled as an attack tree called the Cyber Attack Methodology Attack Tree (CAMAT). The proposed DCBDA process uses CAMAT to analyze …

Go to article

Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard Sep 2010

Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard

Theses and Dissertations

As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged …

Go to article

Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey Sep 2010

Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey

Theses and Dissertations

This research effort examines the theory, application, and results for a Reputation-based Internet Protocol Security (RIPSec) framework that provides security for an ad-hoc network operating in a hostile environment. In RIPSec, protection from external threats is provided in the form of encrypted communication links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that assigns reputations to nodes based on their demonstrated participation in the routing process. Network availability is provided by behavior grading and round-robin multipath routing. If a node behaves faithfully, it earns a positive reputation over time. If a node misbehaves (for any number of …

Go to article

Deterministic, Efficient Variation Of Circuit Components To Improve Resistance To Reverse Engineering, Daniel F. Koranek Jun 2010

Deterministic, Efficient Variation Of Circuit Components To Improve Resistance To Reverse Engineering, Daniel F. Koranek

Theses and Dissertations

This research proposes two alternative methods for generating semantically equivalent circuit variants which leave the circuit's internal structure pseudo-randomly determined. Component fusion deterministically selects subcircuits using a component identification algorithm and replaces them using a deterministic algorithm that generates canonical logic forms. Component encryption seeks to alter the semantics of individual circuit components using an encoding function, but preserves the overall circuit semantics by decoding signal values later in the circuit. Experiments were conducted to examine the performance of component fusion and component encryption against representative trials of subcircuit selection-and-replacement and Boundary Blurring, two previously defined methods for circuit obfuscation. …

Go to article

Developing A Hybrid Virtualization Platform Design For Cyber Warfare And Simulation, Kyle E. Stewart Jun 2010

Developing A Hybrid Virtualization Platform Design For Cyber Warfare And Simulation, Kyle E. Stewart

Theses and Dissertations

Virtualization is a technique used to model and simulate the cyber domain, as well as train and educate. Different types of virtualization techniques exist that each support a unique set of benefits and requirements. This research proposes a novel design that incorporates host and network virtualization concepts for a cyber warfare training platform. At the host level, hybrid virtualization combines full and operating system virtualization techniques in order to leverage the benefits and minimize the drawbacks of each individual technique. Network virtualization allows virtual machines to connect in flexible topologies, but it also incurs additional processing overhead. Quantitative analysis falls …

Go to article

Handshaking Protocols And Jamming Mechanisms For Blind Rendezvous In A Dynamic Spectrum Access Environment, Aaron A. Gross Mar 2010

Handshaking Protocols And Jamming Mechanisms For Blind Rendezvous In A Dynamic Spectrum Access Environment, Aaron A. Gross

Theses and Dissertations

Blind frequency rendezvous is an important process for bootstrapping communications between radios without the use of pre-existing infrastructure or common control channel in a Dynamic Spectrum Access (DSA) environment. In this process, radios attempt to arrive in the same frequency channel and recognize each other’s presence in changing, under-utilized spectrum. This paper refines existing blind rendezvous techniques by introducing a handshaking algorithm for setting up communications once two radios have arrived in the same frequency channel. It then investigates the effect of different jamming techniques on blind rendezvous algorithms that utilize this handshake. The handshake performance is measured by determining …

Go to article

Visually Managing Ipsec, Peter J. Dell'accio Mar 2010

Visually Managing Ipsec, Peter J. Dell'accio

Theses and Dissertations

The United States Air Force relies heavily on computer networks to transmit vast amounts of information throughout its organizations and with agencies throughout the Department of Defense. The data take many forms, utilize different protocols, and originate from various platforms and applications. It is not practical to apply security measures specific to individual applications, platforms, and protocols. Internet Protocol Security (IPsec) is a set of protocols designed to secure data traveling over IP networks, including the Internet. By applying security at the network layer of communications, data packets can be secured regardless of what application generated the data or which …

Go to article

Developing An Effective And Efficient Real Time Strategy Agent For Use As A Computer Generated Force, Kurt Weissgerber Mar 2010

Developing An Effective And Efficient Real Time Strategy Agent For Use As A Computer Generated Force, Kurt Weissgerber

Theses and Dissertations

Computer Generated Forces (CGF) are used to represent units or individuals in military training and constructive simulation. The use of CGF significantly reduces the time and money required for effective training. For CGF to be effective, they must behave as a human would in the same environment. Real Time Strategy (RTS) games place players in control of a large force whose goal is to defeat the opponent. The military setting of RTS games makes them an excellent platform for the development and testing of CGF. While there has been significant research in RTS agent development, most of the developed agents …

Go to article

A Distributed Network Logging Topology, Nicholas E. Fritts Mar 2010

A Distributed Network Logging Topology, Nicholas E. Fritts

Theses and Dissertations

Network logging is used to monitor computer systems for potential problems and threats by network administrators. Research has found that the more logging enabled, the more potential threats can be detected in the logs (Levoy, 2006). However, generally it is considered too costly to dedicate the manpower required to analyze the amount of logging data that it is possible to generate. Current research is working on different correlation and parsing techniques to help filter the data, but these methods function by having all of the data dumped in to a central repository. Central repositories are limited in the amount of …

Go to article

Codifying Information Assurance Controls For Department Of Defense (Dod) Supervisory Control And Data Acquisition (Scada) Systems (U), Eddie A. Mendezllovet Mar 2010

Codifying Information Assurance Controls For Department Of Defense (Dod) Supervisory Control And Data Acquisition (Scada) Systems (U), Eddie A. Mendezllovet

Theses and Dissertations

Protecting DoD critical infrastructure resources and Supervisory Control and Data Acquisition (SCADA) systems from cyber attacks is becoming an increasingly challenging task. DoD Information Assurance controls provide a sound framework to achieve an appropriate level of confidentiality, integrity, and availability. However, these controls have not been updated since 2003 and currently do not adequately address the security of DoD SCADA systems. This research sampled U.S. Air Force Civil Engineering subject matter experts representing eight Major Commands that manage and operate SCADA systems. They ranked 30 IA controls in three categories, and evaluated eight SCADA specific IA controls for inclusion into …

Go to article

Utilizing The Digital Fingerprint Method For Secure Key Generation, Jennifer C. Anilao Mar 2010

Utilizing The Digital Fingerprint Method For Secure Key Generation, Jennifer C. Anilao

Theses and Dissertations

This research examines a new way to generate an uncloneable secure key by taking advantage of the delay characteristics of individual transistors. The user profiles the circuit to deduce the glitch count of each output line for each number of selectable buffers added to the circuit. The user can then use this information to generate a specific glitch count on each output line, which is passed to an encryption algorithm as its key. The results detail tests of two configurations for adding a selectable amount of buffers into each glitch circuit in order to induce additional delay. One configuration adds …

Go to article

Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine Mar 2010

Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine

Theses and Dissertations

Current intrusion detection systems generate a large number of specific alerts, but do not provide actionable information. Many times, these alerts must be analyzed by a network defender, a time consuming and tedious task which can occur hours or days after an attack occurs. Improved understanding of the cyberspace domain can lead to great advancements in Cyberspace situational awareness research and development. This thesis applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding about a host system under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of …

Go to article

A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly Mar 2009

A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly

Theses and Dissertations

Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity …

Go to article

Using Covert Means To Establish Cybercraft Command And Control, Bradley D. Sevy Mar 2009

Using Covert Means To Establish Cybercraft Command And Control, Bradley D. Sevy

Theses and Dissertations

With the increase in speed and availability of computers, our nation's computer and information systems are being attacked with increased sophistication. The Air Force Research Laboratory (AFRL) Information Directorate (RI) is researching a next generation network defense architecture, called Cybercraft, that provides automated and trusted cyber defense capabilities for AF network assets. This research we consider the issues to protect or obfuscate command and control aspects of Cybercraft. In particular, we present a methodology to hide aspects of Cybercraft platform initialization in context to formation of hierarchical, peer-to-peer groups that collectively form the Cybercraft network. Because malicious code networks (known …

Go to article

Low Probability Of Intercept Waveforms Via Intersymbol Dither Performance Under Multipath Conditions, Jonathan K. Keen Mar 2009

Low Probability Of Intercept Waveforms Via Intersymbol Dither Performance Under Multipath Conditions, Jonathan K. Keen

Theses and Dissertations

This thesis examines the effects of multipath interference on Low Probability of Intercept (LPI) waveforms generated using intersymbol dither. LPI waveforms are designed to be difficult for non-cooperative receivers to detect and manipulate, and have many uses in secure communications applications. In prior research, such a waveform was designed using a dither algorithm to vary the time between the transmission of data symbols in a communication system. This work showed that such a method can be used to frustrate attempts to use non-cooperative receiver algorithms to recover the data. This thesis expands on prior work by examining the effects of …

Go to article

Image Processing For Multiple-Target Tracking On A Graphics Processing Unit, Michael A. Tanner Mar 2009

Image Processing For Multiple-Target Tracking On A Graphics Processing Unit, Michael A. Tanner

Theses and Dissertations

Multiple-target tracking (MTT) systems have been implemented on many different platforms, however these solutions are often expensive and have long development times. Such MTT implementations require custom hardware, yet offer very little flexibility with ever changing data sets and target tracking requirements. This research explores how to supplement and enhance MTT performance with an existing graphics processing unit (GPU) on a general computing platform. Typical computers are already equipped with powerful GPUs to support various games and multimedia applications. However, such GPUs are not currently being used in desktop MTT applications. This research explores if and how a GPU can …

Go to article

The Modular Clock Algorithm For Blind Rendezvous, Nicholas C. Theis Mar 2009

The Modular Clock Algorithm For Blind Rendezvous, Nicholas C. Theis

Theses and Dissertations

This thesis examines the problem in initializing communications whereby cognitive radios need to find common spectrum with other cognitive radios, a process known as frequency rendezvous. It examines the rendezvous problem as it exists in a dynamic spectrum access cognitive network. Specifically, it addresses the problem of rendezvous in an infrastructureless environment. A new algorithm, the modular clock algorithm, is developed and analyzed as a solution for the simple rendezvous environment model, coupled with a modified version for environment models with less information. The thesis includes a taxonomy of commonly used environment models, and analysis of previous efforts to solve …

Go to article

Numerical Analysis For Relevant Features In Intrusion Detection (Narfid), Jose Andres Gonzalez Mar 2009

Numerical Analysis For Relevant Features In Intrusion Detection (Narfid), Jose Andres Gonzalez

Theses and Dissertations

Identification of cyber attacks and network services is a robust field of study in the machine learning community. Less effort has been focused on understanding the domain space of real network data in identifying important features for cyber attack and network service classification. Motivations for such work allow for anomaly detection systems with less requirements on data “sniffed” off the network, extraction of features from the traffic, reduced learning time of algorithms, and ideally increased classification performance of anomalous behavior. This thesis evaluates the usefulness of a good feature subset for the general classification task of identifying cyber attacks and …

Go to article

Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel Feb 2009

Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel

Theses and Dissertations

This thesis examines techniques to automate configuration of an intrusion detection system utilizing hardware-assisted virtualization. These techniques are used to detect the version of a running guest operating system, automatically configure version-specific operating system information needed by the introspection library, and to locate and monitor important operating system data structures. This research simplifies introspection library configuration and is a step toward operating system independent introspection. An operating system detection algorithm and Windows virtual machine system service dispatch table monitor are implemented using the Xen hypervisor and a modified version of the XenAccess library. All detection and monitoring is implemented from …

Go to article

An Fpga-Based System For Tracking Digital Information Transmitted Via Peer-To-Peer Protocols, Karl R. Schrader Feb 2009

An Fpga-Based System For Tracking Digital Information Transmitted Via Peer-To-Peer Protocols, Karl R. Schrader

Theses and Dissertations

This thesis addresses the problem of identifying and tracking digital information that is shared using peer-to-peer file transfer and Voice over IP (VoIP) protocols. The goal of the research is to develop a system for detecting and tracking the illicit dissemination of sensitive government information using file sharing applications within a target network, and tracking terrorist cells or criminal organizations that are covertly communicating using VoIP applications. A digital forensic tool is developed using an FPGA-based embedded software application. The tool is designed to process file transfers using the BitTorrent peer-to-peer protocol and VoIP phone calls made using the Session …

Go to article

First Prev Next Last