Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Computer networks--Security measures (12)
- #antcenter (10)
- Computer security (7)
- Center_CCR (4)
- Cybersecurity (4)
-
- Machine learning (4)
- Internet (3)
- Pattern recognition systems (3)
- Software-Defined Networking (3)
- Wireless LANs (3)
- Algorithms (2)
- Blockchain (2)
- Bluetooth (2)
- Computer networks (2)
- Computer viruses (2)
- Computerized simulation (2)
- Cryptography (2)
- Cyberterrorism--Prevention (2)
- Data encryption (Computer science) (2)
- Data protection (2)
- Decision confidence (2)
- Electronic data processing--Distributed processing (2)
- Laser communication systems (2)
- Mobile computing (2)
- Wireless communication systems (2)
- AFSIM (1)
- AOC Pathfinder (1)
- Abstract intrepretation (1)
- Ad hoc networks (Computer networks) (1)
- Ad hoc networks (Computer networks)--Security measures (1)
Articles 31 - 60 of 92
Full-Text Articles in Computer Engineering
A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley
A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley
Theses and Dissertations
First responders and professionals in hazardous occupations undergo training and evaluations for the purpose of mitigating risk and damage. For example, helicopter pilots train with multiple categorized simulations that increase in complexity before flying a real aircraft. However in the industrial control cyber incident response domain, where incident response professionals help detect, respond and recover from cyber incidents, no official categorization of training environments exist. To address this gap, this thesis provides a categorization of industrial control training environments based on realism. Four levels of environments are proposed and mapped to Blooms Taxonomy. This categorization will help organizations determine which …
An Analysis Of Conus Based Deployment Of Pseudolites For Positioning, Navigation And Timing (Pnt) Systems, Justin H. Deifel, Albert J. Pena
An Analysis Of Conus Based Deployment Of Pseudolites For Positioning, Navigation And Timing (Pnt) Systems, Justin H. Deifel, Albert J. Pena
Theses and Dissertations
The Global Positioning System (GPS) developed and operated by the United States Air Force (USAF) provides a way for users to determine position, navigation and timing (PNT). GPS provides an extraordinary capability that has become instrumental in all aspects of our day to day lives. As new technologies such as automated vehicles and unmanned aircraft continue to be developed, a reliable back up to GPS is required to ensure the PNT data generated in these systems is accurate. This research studies a potential architecture for deploying a nationwide network of ground based pseudolites that would act to supplement and backup …
Applied Hypergame Theory For Network Defense, Alan S. Gibson
Applied Hypergame Theory For Network Defense, Alan S. Gibson
Theses and Dissertations
Cyber operations are the most important aspect of military conflicts in the 21st century, but unfortunately they are also among the least understood. The continual battle for network dominance between attackers and defenders is considered to be a complex game. Hypergame theory is an extension of game theory that addresses the kind of games where misperception exists, as is often the case in military engagements. Hypergame theory, like game theory, uses a game model to determine strategy selection, but goes beyond game theory by examining subgames that exist within the full game. The inclusion of misperception and misinformation in the …
Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley
Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley
Theses and Dissertations
In cyberspace, attackers commonly infect computer systems with malware to gain capabilities such as remote access, keylogging, and stealth. Many malware samples include rootkit functionality to hide attacker activities on the target system. After detection, users can remove the rootkit and associated malware from the system with commercial tools. This research describes, implements, and evaluates a clean boot method using two partitions to detect rootkits on a system. One partition is potentially infected with a rootkit while the other is clean. The method obtains directory listings of the potentially infected operating system from each partition and compares the lists to …
Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan
Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan
Theses and Dissertations
Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a …
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Theses and Dissertations
Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
Theses and Dissertations
The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. …
Spear Phishing Attack Detection, David T. Merritt
Spear Phishing Attack Detection, David T. Merritt
Theses and Dissertations
This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe Reader, …
Overcoming Pose Limitations Of A Skin-Cued Histograms Of Oriented Gradients Dismount Detector Through Contextual Use Of Skin Islands And Multiple Support Vector Machines, Jonathon R. Climer
Overcoming Pose Limitations Of A Skin-Cued Histograms Of Oriented Gradients Dismount Detector Through Contextual Use Of Skin Islands And Multiple Support Vector Machines, Jonathon R. Climer
Theses and Dissertations
This thesis provides a novel visualization method to analyze the impact that articulations in dismount pose and camera aspect angle have on histograms of oriented gradients (HOG) features and eventual detections. Insights from these relationships are used to identify limitations in a state of the art skin cued HOG dismount detector's ability to detect poses not in a standard upright stances. Improvements to detector performance are made by further leveraging available skin information, reducing false detections by an additional order of magnitude. In addition, a method is outlined for training supplemental support vector machines (SVMs) from computer generated data, for …
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
Theses and Dissertations
The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage …
Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy
Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy
Theses and Dissertations
There are many mechanisms that can cause inadequate or unreliable information in sensor networks. A user of the network might be interested in detecting and classifying specific sensors nodes causing these problems. Several network layer based trust methods have been developed in previous research to assess these issues; in contrast this work develops a trust protocol based on observations of physical layer data collected by the sensors. Observations of physical layer data are used for decisions and calculations, and are based on just the measurements collected by the sensors. Although this information is packaged and distributed on the network layer, …
Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji
Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji
Theses and Dissertations
This work presents a hybrid network-host monitoring strategy, which fuses data from both the network and the host to recognize malware infections. This work focuses on three categories: Normal, Scanning, and Infected. The network-host sensor fusion is accomplished by extracting 248 features from network traffic using the Fullstats Network Feature generator and from the host using text mining, looking at the frequency of the 500 most common strings and analyzing them as word vectors. Improvements to detection performance are made by synergistically fusing network features obtained from IP packet flows and host features, obtained from text mining port, processor, logon …
Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson
Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson
Theses and Dissertations
Navigation in indoor and urban environments by small unmanned systems is a topic of interest for the Air Force. The Advanced Navigation Technology Center at the Air Force Institute of Technology is continually looking for novel approaches to navigation in GPS deprived environments. Inertial sensors have been coupled with image aided concepts, such as feature tracking, with good results. However, feature density in areas with large, flat, smooth surfaces tends to be low. Polarimetric sensors have been used for surface reconstruction, surface characterization and outdoor navigation. This thesis combines aspects of some of these algorithms along with a realistic, micro-facet …
An Architecture For Improving Timeliness And Relevance Of Cyber Incident Notifications, James L. Miller
An Architecture For Improving Timeliness And Relevance Of Cyber Incident Notifications, James L. Miller
Theses and Dissertations
This research proposes a communications architecture to deliver timely and relevant cyber incident notifications to dependent mission stakeholders. This architecture, modeled in Unified Modeling Language (UML), eschews the traditional method of pushing notifications via message as dictated in Air Force Instruction 33-138. It instead shifts to a pull or publish and subscribe method of making notifications. Shifting this paradigm improves the notification process by empowering mission owners to identify those resources on which they depend for mission accomplishment, provides a direct conduit between providing and dependent mission owners for notifications when an incident occurs, and provides a shared representation for …
Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen
Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen
Theses and Dissertations
Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber …
Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling, Ryan T. Ostler
Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling, Ryan T. Ostler
Theses and Dissertations
Due to the growing sophisticated capabilities of advanced persistent cyber threats, it is necessary to understand and accurately assess cyber attack damage to digital assets. This thesis proposes a Defensive Cyber Battle Damage Assessment (DCBDA) process which utilizes the comprehensive understanding of all possible cyber attack methodologies captured in a Cyber Attack Methodology Exhaustive List (CAMEL). This research proposes CAMEL to provide detailed knowledge of cyber attack actions, methods, capabilities, forensic evidence and evidence collection methods. This product is modeled as an attack tree called the Cyber Attack Methodology Attack Tree (CAMAT). The proposed DCBDA process uses CAMAT to analyze …
Kernelized Locality-Sensitive Hashing For Fast Image Landmark Association, Mark A. Weems
Kernelized Locality-Sensitive Hashing For Fast Image Landmark Association, Mark A. Weems
Theses and Dissertations
As the concept of war has evolved, navigation in urban environments where GPS may be degraded is increasingly becoming more important. Two existing solutions are vision-aided navigation and vision-based Simultaneous Localization and Mapping (SLAM). The problem, however, is that vision-based navigation techniques can require excessive amounts of memory and increased computational complexity resulting in a decrease in speed. This research focuses on techniques to improve such issues by speeding up and optimizing the data association process in vision-based SLAM. Specifically, this work studies the current methods that algorithms use to associate a current robot pose to that of one previously …
Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey
Reputation-Based Internet Protocol Security: A Multilayer Security Framework For Mobil Ad Hoc Networks, Timothy H. Lacey
Theses and Dissertations
This research effort examines the theory, application, and results for a Reputation-based Internet Protocol Security (RIPSec) framework that provides security for an ad-hoc network operating in a hostile environment. In RIPSec, protection from external threats is provided in the form of encrypted communication links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that assigns reputations to nodes based on their demonstrated participation in the routing process. Network availability is provided by behavior grading and round-robin multipath routing. If a node behaves faithfully, it earns a positive reputation over time. If a node misbehaves (for any number of …
Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard
Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard
Theses and Dissertations
As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged …
Deterministic, Efficient Variation Of Circuit Components To Improve Resistance To Reverse Engineering, Daniel F. Koranek
Deterministic, Efficient Variation Of Circuit Components To Improve Resistance To Reverse Engineering, Daniel F. Koranek
Theses and Dissertations
This research proposes two alternative methods for generating semantically equivalent circuit variants which leave the circuit's internal structure pseudo-randomly determined. Component fusion deterministically selects subcircuits using a component identification algorithm and replaces them using a deterministic algorithm that generates canonical logic forms. Component encryption seeks to alter the semantics of individual circuit components using an encoding function, but preserves the overall circuit semantics by decoding signal values later in the circuit. Experiments were conducted to examine the performance of component fusion and component encryption against representative trials of subcircuit selection-and-replacement and Boundary Blurring, two previously defined methods for circuit obfuscation. …
Developing A Hybrid Virtualization Platform Design For Cyber Warfare And Simulation, Kyle E. Stewart
Developing A Hybrid Virtualization Platform Design For Cyber Warfare And Simulation, Kyle E. Stewart
Theses and Dissertations
Virtualization is a technique used to model and simulate the cyber domain, as well as train and educate. Different types of virtualization techniques exist that each support a unique set of benefits and requirements. This research proposes a novel design that incorporates host and network virtualization concepts for a cyber warfare training platform. At the host level, hybrid virtualization combines full and operating system virtualization techniques in order to leverage the benefits and minimize the drawbacks of each individual technique. Network virtualization allows virtual machines to connect in flexible topologies, but it also incurs additional processing overhead. Quantitative analysis falls …
Utilizing The Digital Fingerprint Method For Secure Key Generation, Jennifer C. Anilao
Utilizing The Digital Fingerprint Method For Secure Key Generation, Jennifer C. Anilao
Theses and Dissertations
This research examines a new way to generate an uncloneable secure key by taking advantage of the delay characteristics of individual transistors. The user profiles the circuit to deduce the glitch count of each output line for each number of selectable buffers added to the circuit. The user can then use this information to generate a specific glitch count on each output line, which is passed to an encryption algorithm as its key. The results detail tests of two configurations for adding a selectable amount of buffers into each glitch circuit in order to induce additional delay. One configuration adds …
Augmenting Latent Dirichlet Allocation And Rank Threshold Detection With Ontologies, Laura A. Isaly
Augmenting Latent Dirichlet Allocation And Rank Threshold Detection With Ontologies, Laura A. Isaly
Theses and Dissertations
In an ever-increasing data rich environment, actionable information must be extracted, filtered, and correlated from massive amounts of disparate often free text sources. The usefulness of the retrieved information depends on how we accomplish these steps and present the most relevant information to the analyst. One method for extracting information from free text is Latent Dirichlet Allocation (LDA), a document categorization technique to classify documents into cohesive topics. Although LDA accounts for some implicit relationships such as synonymy (same meaning) it often ignores other semantic relationships such as polysemy (different meanings), hyponym (subordinate), meronym (part of), and troponomys (manner). To …
A Distributed Network Logging Topology, Nicholas E. Fritts
A Distributed Network Logging Topology, Nicholas E. Fritts
Theses and Dissertations
Network logging is used to monitor computer systems for potential problems and threats by network administrators. Research has found that the more logging enabled, the more potential threats can be detected in the logs (Levoy, 2006). However, generally it is considered too costly to dedicate the manpower required to analyze the amount of logging data that it is possible to generate. Current research is working on different correlation and parsing techniques to help filter the data, but these methods function by having all of the data dumped in to a central repository. Central repositories are limited in the amount of …
Visually Managing Ipsec, Peter J. Dell'accio
Visually Managing Ipsec, Peter J. Dell'accio
Theses and Dissertations
The United States Air Force relies heavily on computer networks to transmit vast amounts of information throughout its organizations and with agencies throughout the Department of Defense. The data take many forms, utilize different protocols, and originate from various platforms and applications. It is not practical to apply security measures specific to individual applications, platforms, and protocols. Internet Protocol Security (IPsec) is a set of protocols designed to secure data traveling over IP networks, including the Internet. By applying security at the network layer of communications, data packets can be secured regardless of what application generated the data or which …
Handshaking Protocols And Jamming Mechanisms For Blind Rendezvous In A Dynamic Spectrum Access Environment, Aaron A. Gross
Handshaking Protocols And Jamming Mechanisms For Blind Rendezvous In A Dynamic Spectrum Access Environment, Aaron A. Gross
Theses and Dissertations
Blind frequency rendezvous is an important process for bootstrapping communications between radios without the use of pre-existing infrastructure or common control channel in a Dynamic Spectrum Access (DSA) environment. In this process, radios attempt to arrive in the same frequency channel and recognize each other’s presence in changing, under-utilized spectrum. This paper refines existing blind rendezvous techniques by introducing a handshaking algorithm for setting up communications once two radios have arrived in the same frequency channel. It then investigates the effect of different jamming techniques on blind rendezvous algorithms that utilize this handshake. The handshake performance is measured by determining …
Codifying Information Assurance Controls For Department Of Defense (Dod) Supervisory Control And Data Acquisition (Scada) Systems (U), Eddie A. Mendezllovet
Codifying Information Assurance Controls For Department Of Defense (Dod) Supervisory Control And Data Acquisition (Scada) Systems (U), Eddie A. Mendezllovet
Theses and Dissertations
Protecting DoD critical infrastructure resources and Supervisory Control and Data Acquisition (SCADA) systems from cyber attacks is becoming an increasingly challenging task. DoD Information Assurance controls provide a sound framework to achieve an appropriate level of confidentiality, integrity, and availability. However, these controls have not been updated since 2003 and currently do not adequately address the security of DoD SCADA systems. This research sampled U.S. Air Force Civil Engineering subject matter experts representing eight Major Commands that manage and operate SCADA systems. They ranked 30 IA controls in three categories, and evaluated eight SCADA specific IA controls for inclusion into …
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Theses and Dissertations
Current intrusion detection systems generate a large number of specific alerts, but do not provide actionable information. Many times, these alerts must be analyzed by a network defender, a time consuming and tedious task which can occur hours or days after an attack occurs. Improved understanding of the cyberspace domain can lead to great advancements in Cyberspace situational awareness research and development. This thesis applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding about a host system under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of …
Developing An Effective And Efficient Real Time Strategy Agent For Use As A Computer Generated Force, Kurt Weissgerber
Developing An Effective And Efficient Real Time Strategy Agent For Use As A Computer Generated Force, Kurt Weissgerber
Theses and Dissertations
Computer Generated Forces (CGF) are used to represent units or individuals in military training and constructive simulation. The use of CGF significantly reduces the time and money required for effective training. For CGF to be effective, they must behave as a human would in the same environment. Real Time Strategy (RTS) games place players in control of a large force whose goal is to defeat the opponent. The military setting of RTS games makes them an excellent platform for the development and testing of CGF. While there has been significant research in RTS agent development, most of the developed agents …
A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly
A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly
Theses and Dissertations
Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity …