Open Access. Powered by Scholars. Published by Universities.®
Digital Communications and Networking Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 17 of 17
Full-Text Articles in Digital Communications and Networking
Passive Mimo Radar Detection, Daniel E. Hack
Passive Mimo Radar Detection, Daniel E. Hack
Theses and Dissertations
Passive multiple-input multiple-output (MIMO) radar is a sensor network comprised of multiple distributed receivers that detects and localizes targets using the emissions from multiple non-cooperative radio frequency transmitters. This dissertation advances the theory of centralized passive MIMO radar (PMR) detection by proposing two novel generalized likelihood ratio test (GLRT) detectors. The first addresses detection in PMR networks without direct-path signals. The second addresses detection in PMR networks with direct-path signals. The probability distributions of both test statistics are investigated using recent results from random matrix theory. Equivalence is established between PMR networks without direct-path signals and passive source localization (PSL) …
Dynamic Network Topologies, Heather A. Lingg
Dynamic Network Topologies, Heather A. Lingg
Theses and Dissertations
Demand for effective network defense capabilities continues to increase as cyber attacks occur more and more frequently and gain more and more prominence in the media. Current security practices stop after data encryption and network address filtering. Security at the lowest level of network infrastructure allows for greater control of how the network traffic flows around the network. This research details two methods for extending security practices to the physical layer of a network by modifying the network infrastructure. The first method adapts the Advanced Encryption Standard while the second method uses a Steiner tree. After the network connections are …
Classification Of Encrypted Web Traffic Using Machine Learning Algorithms, William C. Barto
Classification Of Encrypted Web Traffic Using Machine Learning Algorithms, William C. Barto
Theses and Dissertations
The increasing usage of web services and encrypted network communication makes the network analysis of encrypted web traffic of utmost importance. This research evaluates the feasibility of using ML algorithms to classify web services within encrypted TLS flows. The ML algorithms are compared primarily based on classification accuracy. The runtimes of the classifiers are also considered, as classifiers must be able determine labels quickly in order to be used in near realtime network protection devices. Five ML algorithms are initially considered when analyzing only the first 12 packets: Naive Bayes, NBTree, LibSVM, J4.8, and AdaBoost+J4.8. AdaBoost+J4.8 and J4.8 produce the …
Applied Hypergame Theory For Network Defense, Alan S. Gibson
Applied Hypergame Theory For Network Defense, Alan S. Gibson
Theses and Dissertations
Cyber operations are the most important aspect of military conflicts in the 21st century, but unfortunately they are also among the least understood. The continual battle for network dominance between attackers and defenders is considered to be a complex game. Hypergame theory is an extension of game theory that addresses the kind of games where misperception exists, as is often the case in military engagements. Hypergame theory, like game theory, uses a game model to determine strategy selection, but goes beyond game theory by examining subgames that exist within the full game. The inclusion of misperception and misinformation in the …
Using Rf-Dna Fingerprints To Discriminate Zigbee Devices In An Operational Environment, Clay K. Dubendorfer
Using Rf-Dna Fingerprints To Discriminate Zigbee Devices In An Operational Environment, Clay K. Dubendorfer
Theses and Dissertations
This research was performed to expand AFIT's Radio Frequency Distinct Native Attribute (RF-DNA) fingerprinting process to support IEEE 802.15.4 ZigBee communication network applications. Current ZigBee bit-level security measures include use of network keys and MAC lists which can be subverted through interception and spoofing using open-source hacking tools. This work addresses device discrimination using Physical (PHY) waveform alternatives to augment existing bit-level security mechanisms. ZigBee network vulnerability to outsider threats was assessed using Receiver Operating Characteristic (ROC) curves to characterize both Authorized Device ID Verification performance (granting network access to authorized users presenting true bit-level credentials) and Rogue Device Rejection …
Learning Enterprise Malware Triage From Automatic Dynamic Analysis, Jonathan S. Bristow
Learning Enterprise Malware Triage From Automatic Dynamic Analysis, Jonathan S. Bristow
Theses and Dissertations
Adversaries employ malware against victims of cyber espionage with the intent of gaining unauthorized access to information. To that end, malware authors intentionally attempt to evade defensive countermeasures based on static methods. This thesis analyzes a dynamic analysis methodology for malware triage that applies at the enterprise scale. This study captures behavior reports from 64,987 samples of malware randomly selected from a large collection and 25,591 clean executable files from operating system install media. Function call information in sequences of behavior generate feature vectors from behavior reports from the les. The results of 64 experiment combinations indicate that using more …
A Multi Agent System For Flow-Based Intrusion Detection, David A . Ryan
A Multi Agent System For Flow-Based Intrusion Detection, David A . Ryan
Theses and Dissertations
The detection and elimination of threats to cyber security is essential for system functionality, protection of valuable information, and preventing costly destruction of assets. This thesis presents a Mobile Multi-Agent Flow-Based IDS called MFIREv3 that provides network anomaly detection of intrusions and automated defense. This version of the MFIRE system includes the development and testing of a Multi-Objective Evolutionary Algorithm (MOEA) for feature selection that provides agents with the optimal set of features for classifying the state of the network. Feature selection provides separable data points for the selected attacks: Worm, Distributed Denial of Service, Man-in-the-Middle, Scan, and Trojan. This …
Network Intrusion Dataset Assessment, David J. Weller-Fahy
Network Intrusion Dataset Assessment, David J. Weller-Fahy
Theses and Dissertations
Research into classification using Anomaly Detection (AD) within the field of Network Intrusion Detection (NID), or Network Intrusion Anomaly Detection (NIAD), is common, but operational use of the classifiers discovered by research is not. One reason for the lack of operational use is most published testing of AD methods uses artificial datasets: making it difficult to determine how well published results apply to other datasets and the networks they represent. This research develops a method to predict the accuracy of an AD-based classifier when applied to a new dataset, based on the difference between an already classified dataset and the …
Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley
Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley
Theses and Dissertations
In cyberspace, attackers commonly infect computer systems with malware to gain capabilities such as remote access, keylogging, and stealth. Many malware samples include rootkit functionality to hide attacker activities on the target system. After detection, users can remove the rootkit and associated malware from the system with commercial tools. This research describes, implements, and evaluates a clean boot method using two partitions to detect rootkits on a system. One partition is potentially infected with a rootkit while the other is clean. The method obtains directory listings of the potentially infected operating system from each partition and compares the lists to …
Cognitive Augmentation For Network Defense, James E. Emge
Cognitive Augmentation For Network Defense, James E. Emge
Theses and Dissertations
Traditionally, when a task is considered for automation it is a binary decision, either the task was completely automated or it remains manual. LOA is a departure from the tradition use of automation in cyber defense. When a task is automated, it removes the human administrator from the performance of the task, compromising their SA of the state of the network. When the administrator loses SA of the network performance and its current state, failure recovery time becomes much longer. This is because the administrators must orient themselves to the current state of the network at the time of failure …
Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan
Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan
Theses and Dissertations
Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a …
Emulation Of Industrial Control Field Device Protocols, Robert M. Jaromin
Emulation Of Industrial Control Field Device Protocols, Robert M. Jaromin
Theses and Dissertations
It has been shown that thousands of industrial control devices are exposed to the Internet, however, the extent and nature of attacks on such devices remains unknown. The first step to understanding security problems that face modern supervisory control and data acquisition (SCADA) and industrial controls networks is to understand the various attacks launched on Internet-connected field devices. This thesis describes the design and implementation of an industrial control emulator on a Gumstix single-board computer as a solution. This emulator acts as a decoy field device, or honeypot, intended to be probed and attacked via an Internet connection. Evaluation techniques …
Development Of A Response Planner Using The Uct Algorithm For Cyber Defense, Michael P. Knight
Development Of A Response Planner Using The Uct Algorithm For Cyber Defense, Michael P. Knight
Theses and Dissertations
A need for a quick response to cyber attacks is a prevalent problem for computer network operators today. There is a small window to respond to a cyber attack when it occurs to prevent significant damage to a computer network. Automated response planners offer one solution to resolve this issue. This work presents Network Defense Planner System (NDPS), a planner dependent on the effectiveness of the detection of the cyber attack. This research first explores making classification of network attacks faster for real-time detection, the basic function Intrusion Detection System (IDS) provides. After identifying the type of attack, learning the …
Rf Emitter Tracking And Intent Assessment, Benjamin J. Kuhar
Rf Emitter Tracking And Intent Assessment, Benjamin J. Kuhar
Theses and Dissertations
Current research in employing pattern recognition techniques in a wireless sensor network (WSN) to detect anomalous or suspicious behavior is limited. The purpose of this research was to determine the feasibility of an accurate tracking and intent assessment system of unknown or foreign radio frequency (RF) emitters in close proximity to and within military installations as a method for physical security. 22 position tracks were collected using a hand-held Global Positioning System (GPS) unit and a training data set from five different features was generated for each position track. Each collected position track was individually classified as suspicious or non-suspicious …
Evaluating The Effectiveness Of Ip Hopping Via An Address Routing Gateway, Ryan A . Morehart
Evaluating The Effectiveness Of Ip Hopping Via An Address Routing Gateway, Ryan A . Morehart
Theses and Dissertations
This thesis explores the viability of using Internet Protocol (IP) address hopping in front of a network as a defensive measure. This research presents a custom gateway-based IP hopping solution called Address Routing Gateway (ARG) that acts as a transparent IP address hopping gateway. This thesis tests the overall stability of ARG, the accuracy of its classifications, the maximum throughput it can support, and the maximum rate at which it can change IPs and still communicate reliably. This research is accomplished on a physical test network with nodes representing the types of hosts found on a typical, corporate-style network. Direct …
Modeling Cyber Situational Awareness Through Data Fusion, Evan L. Raulerson
Modeling Cyber Situational Awareness Through Data Fusion, Evan L. Raulerson
Theses and Dissertations
Cyber attacks are compromising networks faster than administrators can respond. Network defenders are unable to become oriented with these attacks, determine the potential impacts, and assess the damages in a timely manner. Since the observations of network sensors are normally disjointed, analysis of the data is overwhelming and time is not spent efficiently. Automation in defending cyber networks requires a level of reasoning for adequate response. Current automated systems are mostly limited to scripted responses. Better defense tools are required. This research develops a framework that aggregates data from heterogeneous network sensors. The collected data is correlated into a single …
Airborne Network Data Availability Using Peer To Peer Database Replication On A Distributed Hash Table, Trevor J. Vranicar
Airborne Network Data Availability Using Peer To Peer Database Replication On A Distributed Hash Table, Trevor J. Vranicar
Theses and Dissertations
The concept of distributing one complex task to several smaller, simpler Unmanned Aerial Vehicles (UAVs) as opposed to one complex UAV is the way of the future for a vast number of surveillance and data collection tasks. One objective for this type of application is to be able to maintain an operational picture of the overall environment. Due to high bandwidth costs, centralizing all data may not be possible, necessitating a distributed storage system such as mobile Distributed Hash Table (DHT). A difficulty with this maintenance is that for an Airborne Network (AN), nodes are vehicles and travel at high …