Physical Sciences and Mathematics Commons^™

A Method For Revealing And Addressing Security Vulnerabilities In Cyber-Physical Systems By Modeling Malicious Agent Interactions With Formal Verification, Dean C. Wardell, Robert F. Mills, Gilbert L. Peterson, Mark E. Oxley

Faculty Publications

Several cyber-attacks on the cyber-physical systems (CPS) that monitor and control critical infrastructure were publically announced over the last few years. Almost without exception, the proposed security solutions focus on preventing unauthorized access to the industrial control systems (ICS) at various levels – the defense in depth approach. While useful, it does not address the problem of making the systems more capable of responding to the malicious actions of an attacker once they have gained access to the system. The first step in making an ICS more resilient to an attacker is identifying the cyber security vulnerabilities the attacker can …

Confidence Investigation Of Discovering Organizational Network Structures Using Transfer Entropy, Joshua V. Rodewald, John M. Colombi, Kyle F. Oyama, Alan W. Johnson

Faculty Publications

Transfer entropy has long been used to discover network structures and relationships based on the behavior of nodes in the system, especially for complex adaptive systems. Using the fact that organizations often behave as complex adaptive systems, transfer entropy can be applied to discover the relationships and structure within an organizational network. The organizational structures are built using a model developed by Dodd, Watts, et al, and a simulation method for complex adaptive supply networks is used to create node behavior data. The false positive rate and true positive rates are established for various organizational structures and compared to a …

A Temporal Framework For Hypergame Analysis Of Cyber Physical Systems In Contested Environments, Nicholas S. Kovach

Theses and Dissertations

Game theory is used to model conflicts between one or more players over resources. It offers players a way to reason, allowing rationale for selecting strategies that avoid the worst outcome. Game theory lacks the ability to incorporate advantages one player may have over another player. A meta-game, known as a hypergame, occurs when one player does not know or fully understand all the strategies of a game. Hypergame theory builds upon the utility of game theory by allowing a player to outmaneuver an opponent, thus obtaining a more preferred outcome with higher utility. Recent work in hypergame theory has …

A Novel Machine Learning Classifier Based On A Qualia Modeling Agent (Qma), Sandra L. Vaughan

Theses and Dissertations

This dissertation addresses a problem found in supervised machine learning (ML) classification, that the target variable, i.e., the variable a classifier predicts, has to be identified before training begins and cannot change during training and testing. This research develops a computational agent, which overcomes this problem. The Qualia Modeling Agent (QMA) is modeled after two cognitive theories: Stanovich's tripartite framework, which proposes learning results from interactions between conscious and unconscious processes; and, the Integrated Information Theory (IIT) of Consciousness, which proposes that the fundamental structural elements of consciousness are qualia. By modeling the informational relationships of qualia, the QMA allows …

Improving The Cybersecurity Of Cyber-Physical Systems Through Behavioral Game Theory And Model Checking In Practice And In Education, Seth T. Hamman

Theses and Dissertations

This dissertation presents automated methods based on behavioral game theory and model checking to improve the cybersecurity of cyber-physical systems (CPSs) and advocates teaching certain foundational principles of these methods to cybersecurity students. First, it encodes behavioral game theory's concept of level-k reasoning into an integer linear program that models a newly defined security Colonel Blotto game. This approach is designed to achieve an efficient allocation of scarce protection resources by anticipating attack allocations. A human subjects experiment based on a CPS infrastructure demonstrates its effectiveness. Next, it rigorously defines the term adversarial thinking, one of cybersecurity educations most important …

Data Driven Device Failure Prediction, Paul L. Jordan

Theses and Dissertations

As society becomes more dependent upon computer systems to perform increasingly critical tasks, ensuring those systems do not fail also becomes more important. Many organizations depend heavily on desktop computers for day to day operations. Unfortunately, the software that runs on these computers is still written by humans and as such, is still subject to human error and consequent failure. A natural solution is to use statistical machine learning to predict failure. However, since failure is still a relatively rare event, obtaining labeled training data to train these models is not trivial. This work presents new simulated fault loads with …

Physical Layer Defenses Against Primary User Emulation Attacks, Joan A. Betances

Theses and Dissertations

Cognitive Radio (CR) is a promising technology that works by detecting unused parts of the spectrum and automatically reconfiguring the communication system's parameters in order to operate in the available communication channels while minimizing interference. CR enables efficient use of the Radio Frequency (RF) spectrum by generating waveforms that can coexist with existing users in licensed spectrum bands. Spectrum sensing is one of the most important components of CR systems because it provides awareness of its operating environment, as well as detecting the presence of primary (licensed) users of the spectrum.

Quantum Key Distribution: Boon Or Bust, Logan O. Mailloux, Douglas D. Hodson, Michael R. Grimaila, Colin V. Mclaughlin, Gerald B. Baumgartner

Faculty Publications

Quantum Key Distribution (QKD) is an emerging cybersecurity technology which provides the means for two geographically separated parties to grow “unconditionally secure” symmetric cryptographic keying material. Unlike traditional key distribution techniques, the security of QKD rests on the laws of quantum mechanics and not computational complexity. This unique aspect of QKD is due to the fact that any unauthorized eavesdropping on the key distribution channel necessarily introduces detectable errors (Gisin, Ribordy, Tittel, & Zbinden, 2002). This attribute makes QKD desirable for high-security environments such as banking, government, and military applications. However, QKD is a nascent technology where implementation non-idealities can …

A Multi-Objective Approach To Tactical Maneuvering Within Real Time Strategy Games, Christopher D. Ball

Theses and Dissertations

The real time strategy (RTS) environment is a strong platform for simulating complex tactical problems. The overall research goal is to develop artificial intelligence (AI) RTS planning agents for military critical decision making education. These agents should have the ability to perform at an expert level as well as to assess a players critical decision-making ability or skill-level. The nature of the time sensitivity within the RTS environment creates very complex situations. Each situation must be analyzed and orders must be given to each tactical unit before the scenario on the battlefield changes and makes the decisions no longer relevant. …

Synaptic Annealing: Anisotropic Simulated Annealing And Its Application To Neural Network Synaptic Weight Selection, Justin R. Fletcher

Theses and Dissertations

Machine learning algorithms have become a ubiquitous, indispensable part of modern life. Neural networks are one of the most successful classes of machine learning algorithms, and have been applied to solve problems previously considered to be the exclusive domain of human intellect. Several methods for selecting neural network configurations exist. The most common such method is error back-propagation. Backpropagation often produces neural networks that perform well, but do not achieve an optimal solution. This research explores the effectiveness of an alternative feed-forward neural network weight selection procedure called synaptic annealing. Synaptic annealing is the application of the simulated annealing algorithm …

Activity Pattern Discovery From Network Captures, Alan C. Lin, Gilbert L. Peterson

Faculty Publications

Investigating insider threat cases is challenging because activities are conducted with legitimate access that makes distinguishing malicious activities from normal activities difficult. To assist with identifying non-normal activities, we propose using two types of pattern discovery to identify a person's behavioral patterns in network data. The behavioral patterns serve to deemphasize normal behavior so that insider threat investigations can focus attention on potentially more relevant. Results from a controlled experiment demonstrate the highlighting of a suspicious event through the reduction of events belonging to discovered patterns. Abstract © 2016 IEEE.

Method For Determining Time-Resolved Heat Transfer Coefficient And Adiabatic Effectiveness Waveforms With Unsteady Film Cooling, James L. Rutledge, Jonathan F. Mccall

AFIT Patents

A new method for determining heat transfer coefficient (h) and adiabatic effectiveness (η) waveforms h(t) and η(t) from a single test uses a novel inverse heat transfer methodology to use surface temperature histories obtained using prior art approaches to approximate the h(t) and η(t) waveforms. The method best curve fits the data to a pair of truncated Fourier series.

Position And Volume Estimation Of Atmospheric Nuclear Detonations From Video Reconstruction, Daniel T. Schmitt

Theses and Dissertations

Recent work in digitizing films of foundational atmospheric nuclear detonations from the 1950s provides an opportunity to perform deeper analysis on these historical tests. This work leverages multi-view geometry and computer vision techniques to provide an automated means to perform three-dimensional analysis of the blasts for several points in time. The accomplishment of this requires careful alignment of the films in time, detection of features in the images, matching of features, and multi-view reconstruction. Sub-explosion features can be detected with a 67% hit rate and 22% false alarm rate. Hotspot features can be detected with a 71.95% hit rate, 86.03% …

A Misuse-Based Intrusion Detection System For Itu-T G.9959 Wireless Networks, Jonathan D. Fuller

Theses and Dissertations

Wireless Sensor Networks (WSNs) provide low-cost, low-power, and low-complexity systems tightly integrating control and communication. Protocols based on the ITU-T G.9959 recommendation specifying narrow-band sub-GHz communications have significant growth potential. The Z-Wave protocol is the most common implementation. Z-Wave developers are required to sign nondisclosure and confidentiality agreements, limiting the availability of tools to perform open source research. This work discovers vulnerabilities allowing the injection of rogue devices or hiding information in Z-Wave packets as a type of covert channel attack. Given existing vulnerabilities and exploitations, defensive countermeasures are needed. A Misuse-Based Intrusion Detection System (MBIDS) is engineered, capable of …

Cross-Subject Continuous Analytic Workload Profiling Using Stochastic Discrete Event Simulation, Joseph J. Giametta

Theses and Dissertations

Operator functional state (OFS) in remotely piloted aircraft (RPA) simulations is modeled using electroencephalograph (EEG) physiological data and continuous analytic workload profiles (CAWPs). A framework is proposed that provides solutions to the limitations that stem from lengthy training data collection and labeling techniques associated with generating CAWPs for multiple operators/trials. The framework focuses on the creation of scalable machine learning models using two generalization methods: 1) the stochastic generation of CAWPs and 2) the use of cross-subject physiological training data to calibrate machine learning models. Cross-subject workload models are used to infer OFS on new subjects, reducing the need to …

A Framework For Incorporating Insurance Into Critical Infrastructure Cyber Risk Strategies, Derek R. Young

Theses and Dissertations

Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity. The insurance industry has been quantitatively assessing risk for hundreds of years in order to minimize risk and maximize profits. To achieve these goals, insurers continuously gather statistical data to improve their predictions, incentivize their clients' investment in self-protection and periodically refine their models to improve the accuracy of risk estimates. This paper presents a framework which incorporates the operating principles of the insurance industry in order to provide quantitative estimates of cyber risk. The framework implements optimization techniques to suggest levels of investment for …

Deception In Game Theory: A Survey And Multiobjective Model, Austin L. Davis

Theses and Dissertations

Game theory is the study of mathematical models of conflict. It provides tools for analyzing dynamic interactions between multiple agents and (in some cases) across multiple interactions. This thesis contains two scholarly articles. The first article is a survey of game-theoretic models of deception. The survey describes the ways researchers use game theory to measure the practicality of deception, model the mechanisms for performing deception, analyze the outcomes of deception, and respond to, or mitigate the effects of deception. The survey highlights several gaps in the literature. One important gap concerns the benefit-cost-risk trade-off made during deception planning. To address …

Framework For Evaluating The Readiness Of Cyber First Responders Responsible For Critical Infrastructure Protection, Jungsang Yoon

Theses and Dissertations

First responders go through rigorous training and evaluation to ensure they are adequately prepared for an emergency. As an example, firefighters continually evaluate the readiness of their personnel using a defined set of criteria to measure performance for fire suppression and rescue procedures. From a cyber security standpoint, however, this same set of criteria and rigor is severely lacking for the professionals that must detect, respond to and recover from a cyber-based attack against the nation's critical infrastructure. This research provides a framework for evaluating the readiness of cyber first responders responsible for critical infrastructure protection. The framework demonstrates the …

Cyberspace And Organizational Structure: An Analysis Of The Critical Infrastructure Environment, Michael D. Quigg Ii

Theses and Dissertations

Now more than ever, organizations are being created to protect the cyberspace environment. The capability of cyber organizations tasked to defend critical infrastructure has been called into question by numerous cybersecurity experts. Organizational theory states that organizations should be constructed to fit their operating environment properly. Little research in this area links existing organizational theory to cyber organizational structure. Because of the cyberspace connection to critical infrastructure assets, the factors that influence the structure of cyber organizations designed to protect these assets warrant analysis to identify opportunities for improvement.

This thesis analyzes the cyber‐connected critical infrastructure environment using the dominant …

Pointing Analysis And Design Drivers For Low Earth Orbit Satellite Quantum Key Distribution, Jeremiah A. Specht

Theses and Dissertations

The world relies on encryption to perform critical and sensitive tasks every day. If quantum computing matures, the capability to decode keys and decrypt messages becomes possible. Quantum key distribution (QKD) is a method of distributing secure cryptographic keys which relies on the laws of quantum mechanics. Current implementations of QKD use fiber-based channels which limit the number of users and the distance between users. Satellite-based QKD using free-space channels is proposed as a feasible secure global communication solution. Since a free-space link does not use a waveguide, pointing a transmitter to receiver is required to ensure signal arrival. In …

Statistic Whitelisting For Enterprise Network Incident Response, Nathan E. Grunzweig

Theses and Dissertations

This research seeks to satisfy the need for the rapid evaluation of enterprise network hosts in order to identify items of significance through the introduction of a statistic whitelist based on the behavior of the processes on each host. By taking advantage of the repetition of processes and the resources they access, a whitelist can be generated using large quantities of host machines. For each process, the Modules and the TCP & UDP Connections are compared to identify which resources are most commonly accessed by each process. Results show 47% of processes receiving a whitelist score of 75% or greater …

Poco-Moea: Using Evolutionary Algorithms To Solve The Controller Placement Problem, Scott I. Harned

Theses and Dissertations

One of the central tenets of a Software Defined Network (SDN) is the use of controllers, which are responsible for managing how traffic flows through switches, routers, and other data-passing devices on a computer network. Most modern SDNs use multiple controllers to divide responsibility for network switches while keeping communication latency low. A problem that has emerged since approximately 2011 is the decision of where to place these controllers to create the most 'optimum' network. This is known as the Controller Placement Problem (CPP). Such a decision is subject to multiple and sometimes con_icting goals, making the CPP a type …

Whitelisting System State In Windows Forensic Memory Visualizations, Joshua A. Lapso

Theses and Dissertations

Examiners in the field of digital forensics regularly encounter enormous amounts of data and must identify the few artifacts of evidentiary value. The most pressing challenge these examiners face is manual reconstruction of complex datasets with both hierarchical and associative relationships. The complexity of this data requires significant knowledge, training, and experience to correctly and efficiently examine. Current methods provide primarily text-based representations or low-level visualizations, but levee the task of maintaining global context of system state on the examiner. This research presents a visualization tool that improves analysis methods through simultaneous representation of the hierarchical and associative relationships and …

Analysis Of Software Design Patterns In Human Cognitive Performance Experiments, Alexander C. Roosma

Theses and Dissertations

As Air Force operations continue to move toward the use of more autonomous systems and more human-machine teaming in general, there is a corresponding need to swiftly evaluate systems with these capabilities. We support this development through software design improvements of the execution of human cognitive performance experiments. This thesis sought to answer the following two research questions addressing the core functionality that these experiments rely on for execution and analysis: 1) What data infrastructure software requirements are necessary to execute the experimental design of human cognitive performance experiments? 2) How effectively does a central data mediator design pattern meet …

Understanding Effects Of Autonomous Agent Timing On Human-Agent Teams Using Iterative Modeling, Simulation And Human-In-The-Loop Experimentation, Tyler J. Goodman

Theses and Dissertations

Recent U.S. Air Force Research Laboratory strategy documents have suggested the need for research in human-agent teaming. Teaming supports a dynamic shift in roles between the human and the agent, depending upon human performance and mission needs. Further, because the performance of these agents will be highly dependent upon the state of the human and the mission, this strategy suggests the need for increased use of modeling to provide a broader understanding of the automated agent’s behavior. This thesis applies a combination of static modeling in SysML activity diagrams, dynamic modeling of human and agent behavior in IMPRINT, and human …