Digital Communications and Networking Commons^™

Unresolved Object Detection Using Synthetic Data Generation And Artificial Neural Networks, Yong U. Sinn

Theses and Dissertations

This research presents and solves constrained real-world problems of using synthetic data to train artificial neural networks (ANNs) to detect unresolved moving objects in wide field of view (WFOV) electro-optical/infrared (EO/IR) satellite motion imagery. Objectives include demonstrating the use of the Air Force Institute of Technology (AFIT) Sensor and Scene Emulation Tool (ASSET) as an effective tool for generating EO/IR motion imagery representative of real WFOV sensors and describing the ANN architectures, training, and testing results obtained. Deep learning using a 3-D convolutional neural network (3D ConvNet), long short term memory (LSTM) network, and U-Net are used to solve the …

Let’S Face It: The Effect Of Orthognathic Surgery On Facial Recognition Algorithm Analysis, Carolyn Bradford Dragon

Theses and Dissertations

Aim: To evaluate the ability of a publicly available facial recognition application program interface (API) to calculate similarity scores for pre- and post-surgical photographs of patients undergoing orthognathic surgeries. Our primary objective was to identify which surgical procedure(s) had the greatest effect(s) on similarity score.

Methods: Standard treatment progress photographs for 25 retrospectively identified, orthodontic-orthognathic patients were analyzed using the API to calculate similarity scores between the pre- and post-surgical photographs. Photographs from two pre-surgical timepoints were compared as controls. Both relaxed and smiling photographs were included in the study to assess for the added impact of facial pose on …

Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman

Theses and Dissertations

As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause …

Assessing The Competing Characteristics Of Privacy And Safety Within Vehicular Ad Hoc Networks, Jacob W. Connors

Theses and Dissertations

The introduction of Vehicle-to-Vehicle (V2V) communication has the promise of decreasing vehicle collisions, congestion, and emissions. However, this technology places safety and privacy at odds; an increase of safety applications will likely result in the decrease of consumer privacy. The National Highway Traffic Safety Administration (NHTSA) has proposed the Security Credential Management System (SCMS) as the back end infrastructure for maintaining, distributing, and revoking vehicle certificates attached to every Basic Safety Message (BSM). This Public Key Infrastructure (PKI) scheme is designed around the philosophy of maintaining user privacy through the separation of functions to prevent any one subcomponent from identifying …

Progressive Network Deployment, Performance, And Control With Software-Defined Networking, Daniel J. Casey

Theses and Dissertations

The inflexible nature of traditional computer networks has led to tightly-integrated systems that are inherently difficult to manage and secure. New designs move low-level network control into software creating software-defined networks (SDN). Augmenting an existing network with these enhancements can be expensive and complex. This research investigates solutions to these problems. It is hypothesized that an add-on device, or "shim" could be used to make a traditional switch behave as an OpenFlow SDN switch while maintaining reasonable performance. A design prototype is found to cause approximately 1.5% reduction in throughput for one ow and less than double increase in latency, …

Evaluation Of Resiliency In A Wide-Area Backup Protection System Via Model Checking, Kolby H. Elliot

Theses and Dissertations

Modern civilization relies heavily on having access to reliable power sources. Recent history has shown that present day protection systems are not adequate. Numerous backup protection (BP) systems have been proposed to mitigate the impact of primary protection system failures. Many of these novel BP systems rely on autonomous agents communicating via wide-area networks. These systems are highly complex and their control logic is based on distributed computing. Model checking has been shown to be a powerful tool in analyzing the behavior of distributed systems. In this research the model checker SPIN is used to evaluate the resiliency of an …

Bandwidth Analysis Of A Tightly-Packed Crossed-Dipole Array For Satellite Communications, Lawrence J. Lee

Theses and Dissertations

A bandwidth analysis of a tightly-packed crossed-dipole array antenna is presented in this thesis. A parametric study is described which varies the element spacing in the array and the resulting change in the terminal impedances is reported. The increased mutual coupling seen by the elements as a result of smaller element spacings is shown to minimize the variation in the value of the elements terminal currents across a 0.3 GHz to 3.0 GHz frequency range. This small variation in current translates into a minimal variation in the terminal impedances for a fixed excitation voltage. This is shown to be an …

Quality Of Service Impacts Of A Moving Target Defense With Software-Defined Networking, Samuel A. Mayer

Theses and Dissertations

An analysis of the impact a defensive network technique implemented with software-defined networking has upon quality of service experienced by legitimate users. The research validates previous work conducted at AFIT to verify claims of defensive efficacy and then tests network protocols in common use (FTP, HTTP, IMAP, POP, RTP, SMTP, and SSH) on a network that uses this technique. Metrics that indicate the performance of the protocols under test are reported with respect to data gathered in a control network. The conclusions of these experiments enable network engineers to determine if this defensive technique is appropriate for the quality of …

Efficient Information Dissemination In Vehicular Networks With Privacy Protection, Xiaolu Cheng

Theses and Dissertations

Vehicular ad hoc network (VANET) is a key component of intelligent transportation System (ITS). In VANETs, vehicles and roadside units exchange information for the purpose of navigation, safe driving, entertainment and so on. The high mobility of vehicles makes efficient and private communications in VANETs a big challenge.

Improving the performance of information dissemination while protecting data privacy is studied in this research. Meet-Table based information dissemination method is first proposed, so as to improve the information dissemination, and to efficiently distribute information via utilizing roadside units, Cloud Computing, and Fog Computing. A clustering algorithm is proposed as well, to …

Consuming Digital Debris In The Plasticene, Stephen R. Parks

Theses and Dissertations

Claims of customization and control by socio-technical industries are altering the role of consumer and producer. These narratives are often misleading attempts to engage consumers with new forms of technology. By addressing capitalist intent, material, and the reproduction limits of 3-D printed objects’, I observe the aspirational promise of becoming a producer of my own belongings through new networks of production. I am interested in gaining a better understanding of the data consumed that perpetuates hyper-consumptive tendencies for new technological apparatuses. My role as a designer focuses on the resolution of not only the surface of the object through 3-D …

A Location-Aware Middleware Framework For Collaborative Visual Information Discovery And Retrieval, Andrew J.M. Compton

Theses and Dissertations

This work addresses the problem of scalable location-aware distributed indexing to enable the leveraging of collaborative effort for the construction and maintenance of world-scale visual maps and models which could support numerous activities including navigation, visual localization, persistent surveillance, structure from motion, and hazard or disaster detection. Current distributed approaches to mapping and modeling fail to incorporate global geospatial addressing and are limited in their functionality to customize search. Our solution is a peer-to-peer middleware framework based on XOR distance routing which employs a Hilbert Space curve addressing scheme in a novel distributed geographic index. This allows for a universal …

Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion

Theses and Dissertations

This research proposes AHNSR: Active Host-based Network Security Response by utilizing Host-based Intrusion Detection Systems (HIDS) with Software-Defined Networking (SDN) to enhance system security by allowing dynamic active response and reconstruction from a global network topology perspective. Responses include traffic redirection, host quarantining, filtering, and more. A testable SDN-controlled network is constructed with multiple hosts, OpenFlow enabled switches, and a Floodlight controller, all linked to a custom, novel interface for the Open-Source SECurity (OSSEC) HIDS framework. OSSEC is implemented in a server-agent architecture, allowing scalability and OS independence. System effectiveness is evaluated against the following factors: alert density and a …

Framework For Industrial Control System Honeypot Network Traffic Generation, Htein A. Lin

Theses and Dissertations

Defending critical infrastructure assets is an important but extremely difficult and expensive task. Historically, decoys have been used very effectively to distract attackers and in some cases convince an attacker to reveal their attack strategy. Several researchers have proposed the use of honeypots to protect programmable logic controllers, specifically those used to support critical infrastructure. However, most of these honeypot designs are static systems that wait for a would-be attacker. To be effective, honeypot decoys need to be as realistic as possible. This paper introduces a proof-of-concept honeypot network traffic generator that mimics genuine control systems. Experiments are conducted using …

A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley

Theses and Dissertations

First responders and professionals in hazardous occupations undergo training and evaluations for the purpose of mitigating risk and damage. For example, helicopter pilots train with multiple categorized simulations that increase in complexity before flying a real aircraft. However in the industrial control cyber incident response domain, where incident response professionals help detect, respond and recover from cyber incidents, no official categorization of training environments exist. To address this gap, this thesis provides a categorization of industrial control training environments based on realism. Four levels of environments are proposed and mapped to Blooms Taxonomy. This categorization will help organizations determine which …

Applying Cyber Threat Intelligence To Industrial Control Systems, Matthew P. Sibiga

Theses and Dissertations

A cybersecurity initiative known as cyber threat intelligence (CTI) has recently been developed and deployed. The overall goal of this new technology is to help protect network infrastructures. Threat intelligence platforms (TIPs) have also been created to help facilitate CTI effectiveness within organizations. There are many benefits that both can achieve within the information technology (IT) sector. The industrial control system (ICS) sector can also benefit from these technologies as most ICS networks are connected to IT networks. CTI and TIPs become resourceful when using indicators of compromise (IOCs) from known ICS malware attacks and an open source intrusion detection …

Dynamic Network Security Control Using Software Defined Networking, Michael C. Todd

Theses and Dissertations

This thesis develops and implements a process to rapidly respond to host level security events using a host agent, Software Defined Networking and OpenFlow updates, role based flow classes, and Advanced Messaging Queuing Protocol to automatically update configuration of switching devices and block malicious traffic. Results show flow table updates are made for all tested levels in less than 5.27 milliseconds and event completion time increased with treatment level as expected. As the number of events increases from 1,000 to 50,000, the design scales logarithmically caused mainly by message delivery time. Event processing throughput is limited primarily by the message …

Novel Techniques For Secure Use Of Public Cloud Computing Resources, Kyle E. Stewart

Theses and Dissertations

The federal government has an expressed interest in moving data and services to third party service providers in order to take advantage of the flexibility, scalability, and potential cost savings. This approach is called cloud computing. The thesis for this research is that efficient techniques exist to support the secure use of public cloud computing resources by a large, federated enterprise. The primary contributions of this research are the novel cryptographic system MA-AHASBE (Multi-Authority Anonymous Hierarchical Attribute-Set Based Encryption), and the techniques used to incorporate MA-AHASBE in a real world application. Performance results indicate that while there is a cost …

Scalable System Design For Covert Mimo Communications, Jason R. Pennington

Theses and Dissertations

In modern communication systems, bandwidth is a limited commodity. Bandwidth efficient systems are needed to meet the demands of the ever-increasing amount of data that users share. Of particular interest is the U.S. Military, where high-resolution pictures and video are used and shared. In these environments, covert communications are necessary while still providing high data rates. The promise of multi-antenna systems providing higher data rates has been shown on a small scale, but limitations in hardware prevent large systems from being implemented.

Passive Mimo Radar Detection, Daniel E. Hack

Theses and Dissertations

Passive multiple-input multiple-output (MIMO) radar is a sensor network comprised of multiple distributed receivers that detects and localizes targets using the emissions from multiple non-cooperative radio frequency transmitters. This dissertation advances the theory of centralized passive MIMO radar (PMR) detection by proposing two novel generalized likelihood ratio test (GLRT) detectors. The first addresses detection in PMR networks without direct-path signals. The second addresses detection in PMR networks with direct-path signals. The probability distributions of both test statistics are investigated using recent results from random matrix theory. Equivalence is established between PMR networks without direct-path signals and passive source localization (PSL) …

Dynamic Network Topologies, Heather A. Lingg

Theses and Dissertations

Demand for effective network defense capabilities continues to increase as cyber attacks occur more and more frequently and gain more and more prominence in the media. Current security practices stop after data encryption and network address filtering. Security at the lowest level of network infrastructure allows for greater control of how the network traffic flows around the network. This research details two methods for extending security practices to the physical layer of a network by modifying the network infrastructure. The first method adapts the Advanced Encryption Standard while the second method uses a Steiner tree. After the network connections are …

Classification Of Encrypted Web Traffic Using Machine Learning Algorithms, William C. Barto

Theses and Dissertations

The increasing usage of web services and encrypted network communication makes the network analysis of encrypted web traffic of utmost importance. This research evaluates the feasibility of using ML algorithms to classify web services within encrypted TLS flows. The ML algorithms are compared primarily based on classification accuracy. The runtimes of the classifiers are also considered, as classifiers must be able determine labels quickly in order to be used in near realtime network protection devices. Five ML algorithms are initially considered when analyzing only the first 12 packets: Naive Bayes, NBTree, LibSVM, J4.8, and AdaBoost+J4.8. AdaBoost+J4.8 and J4.8 produce the …

Applied Hypergame Theory For Network Defense, Alan S. Gibson

Theses and Dissertations

Cyber operations are the most important aspect of military conflicts in the 21st century, but unfortunately they are also among the least understood. The continual battle for network dominance between attackers and defenders is considered to be a complex game. Hypergame theory is an extension of game theory that addresses the kind of games where misperception exists, as is often the case in military engagements. Hypergame theory, like game theory, uses a game model to determine strategy selection, but goes beyond game theory by examining subgames that exist within the full game. The inclusion of misperception and misinformation in the …

Using Rf-Dna Fingerprints To Discriminate Zigbee Devices In An Operational Environment, Clay K. Dubendorfer

Theses and Dissertations

This research was performed to expand AFIT's Radio Frequency Distinct Native Attribute (RF-DNA) fingerprinting process to support IEEE 802.15.4 ZigBee communication network applications. Current ZigBee bit-level security measures include use of network keys and MAC lists which can be subverted through interception and spoofing using open-source hacking tools. This work addresses device discrimination using Physical (PHY) waveform alternatives to augment existing bit-level security mechanisms. ZigBee network vulnerability to outsider threats was assessed using Receiver Operating Characteristic (ROC) curves to characterize both Authorized Device ID Verification performance (granting network access to authorized users presenting true bit-level credentials) and Rogue Device Rejection …

Learning Enterprise Malware Triage From Automatic Dynamic Analysis, Jonathan S. Bristow

Theses and Dissertations

Adversaries employ malware against victims of cyber espionage with the intent of gaining unauthorized access to information. To that end, malware authors intentionally attempt to evade defensive countermeasures based on static methods. This thesis analyzes a dynamic analysis methodology for malware triage that applies at the enterprise scale. This study captures behavior reports from 64,987 samples of malware randomly selected from a large collection and 25,591 clean executable files from operating system install media. Function call information in sequences of behavior generate feature vectors from behavior reports from the les. The results of 64 experiment combinations indicate that using more …

A Multi Agent System For Flow-Based Intrusion Detection, David A . Ryan

Theses and Dissertations

The detection and elimination of threats to cyber security is essential for system functionality, protection of valuable information, and preventing costly destruction of assets. This thesis presents a Mobile Multi-Agent Flow-Based IDS called MFIREv3 that provides network anomaly detection of intrusions and automated defense. This version of the MFIRE system includes the development and testing of a Multi-Objective Evolutionary Algorithm (MOEA) for feature selection that provides agents with the optimal set of features for classifying the state of the network. Feature selection provides separable data points for the selected attacks: Worm, Distributed Denial of Service, Man-in-the-Middle, Scan, and Trojan. This …

Network Intrusion Dataset Assessment, David J. Weller-Fahy

Theses and Dissertations

Research into classification using Anomaly Detection (AD) within the field of Network Intrusion Detection (NID), or Network Intrusion Anomaly Detection (NIAD), is common, but operational use of the classifiers discovered by research is not. One reason for the lack of operational use is most published testing of AD methods uses artificial datasets: making it difficult to determine how well published results apply to other datasets and the networks they represent. This research develops a method to predict the accuracy of an AD-based classifier when applied to a new dataset, based on the difference between an already classified dataset and the …

Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley

Theses and Dissertations

In cyberspace, attackers commonly infect computer systems with malware to gain capabilities such as remote access, keylogging, and stealth. Many malware samples include rootkit functionality to hide attacker activities on the target system. After detection, users can remove the rootkit and associated malware from the system with commercial tools. This research describes, implements, and evaluates a clean boot method using two partitions to detect rootkits on a system. One partition is potentially infected with a rootkit while the other is clean. The method obtains directory listings of the potentially infected operating system from each partition and compares the lists to …

Cognitive Augmentation For Network Defense, James E. Emge

Theses and Dissertations

Traditionally, when a task is considered for automation it is a binary decision, either the task was completely automated or it remains manual. LOA is a departure from the tradition use of automation in cyber defense. When a task is automated, it removes the human administrator from the performance of the task, compromising their SA of the state of the network. When the administrator loses SA of the network performance and its current state, failure recovery time becomes much longer. This is because the administrators must orient themselves to the current state of the network at the time of failure …

Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan

Theses and Dissertations

Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a …

Emulation Of Industrial Control Field Device Protocols, Robert M. Jaromin

Theses and Dissertations

It has been shown that thousands of industrial control devices are exposed to the Internet, however, the extent and nature of attacks on such devices remains unknown. The first step to understanding security problems that face modern supervisory control and data acquisition (SCADA) and industrial controls networks is to understand the various attacks launched on Internet-connected field devices. This thesis describes the design and implementation of an industrial control emulator on a Gumstix single-board computer as a solution. This emulator acts as a decoy field device, or honeypot, intended to be probed and attacked via an Internet connection. Evaluation techniques …