Physical Sciences and Mathematics Commons^™

A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube

Theses and Dissertations

The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. …

Using The Web Infrastructure For Real Time Recovery Of Missing Web Pages, Martin Klein

Computer Science Theses & Dissertations

Given the dynamic nature of the World Wide Web, missing web pages, or "404 Page not Found" responses, are part of our web browsing experience. It is our intuition that information on the web is rarely completely lost, it is just missing. In whole or in part, content often moves from one URI to another and hence it just needs to be (re-)discovered. We evaluate several methods for a \justin- time" approach to web page preservation. We investigate the suitability of lexical signatures and web page titles to rediscover missing content. It is understood that web pages change over time …

A Framework For Dynamic Traffic Monitoring Using Vehicular Ad-Hoc Networks, Mohammad Hadi Arbabi

Computer Science Theses & Dissertations

Traffic management centers (TMCs) need high-quality data regarding the status of roadways for monitoring and delivering up-to-date traffic conditions to the traveling public. Currently this data is measured at static points on the roadway using technologies that have significant maintenance requirements. To obtain an accurate picture of traffic on any road section at any time requires a real-time probe of vehicles traveling in that section. We envision a near-term future where network communication devices are commonly included in new vehicles. These devices will allow vehicles to form vehicular networks allowing communication among themselves, other vehicles, and roadside units (RSUs) to …

Solving The Vehicle Re-Identification Problem By Using Neural Networks, Tanweer Rashid

Computational Modeling & Simulation Engineering Theses & Dissertations

Vehicle re-identification is the process by which vehicle attributes measured at one point on a road network are compared to vehicle attributes measured at another point in an effort to match vehicles without using any unique identifiers such as license plate numbers. A match is made if the two measurements are estimated to belong to the same vehicle. Vehicle attributes can be sensor readings such as loop induction signatures, or they can also be actual vehicle characteristics such as length, weight, number of axles, etc. This research makes use of vehicle length, travel time, axle spacing and axle weights for …

Data Aggregation And Dissemination In Vehicular Ad-Hoc Networks, Khaled Ibrahim

Computer Science Theses & Dissertations

Vehicular Ad-Hoc Networks (VANETs) are a fast growing technology that many governments and automobile manufacturers are investing in to provide not only safer and more secure roads, but also informational and entertainment-based applications for drivers. The applications developed for VANETs can be classified into multiple categories (safety, informational, entertainment). Most VANET applications, regardless of their category, depend on having certain vehicular data(vehicular speed, X position and Y position) available. Although these applications appear to use the same vehicular data, the characteristics of this data (i.e., amount, accuracy, and update rate) will vary based on the application category. For …

Spear Phishing Attack Detection, David T. Merritt

Theses and Dissertations

This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe Reader, …

Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen

Theses and Dissertations

Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber …

A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock

Theses and Dissertations

The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage …

Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy

Theses and Dissertations

There are many mechanisms that can cause inadequate or unreliable information in sensor networks. A user of the network might be interested in detecting and classifying specific sensors nodes causing these problems. Several network layer based trust methods have been developed in previous research to assess these issues; in contrast this work develops a trust protocol based on observations of physical layer data collected by the sensors. Observations of physical layer data are used for decisions and calculations, and are based on just the measurements collected by the sensors. Although this information is packaged and distributed on the network layer, …

Holistic Network Defense: Fusing Host And Network Features For Attack Classification, Jenny W. Ji

Theses and Dissertations

This work presents a hybrid network-host monitoring strategy, which fuses data from both the network and the host to recognize malware infections. This work focuses on three categories: Normal, Scanning, and Infected. The network-host sensor fusion is accomplished by extracting 248 features from network traffic using the Fullstats Network Feature generator and from the host using text mining, looking at the frequency of the 500 most common strings and analyzing them as word vectors. Improvements to detection performance are made by synergistically fusing network features obtained from IP packet flows and host features, obtained from text mining port, processor, logon …

Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson

Theses and Dissertations

Navigation in indoor and urban environments by small unmanned systems is a topic of interest for the Air Force. The Advanced Navigation Technology Center at the Air Force Institute of Technology is continually looking for novel approaches to navigation in GPS deprived environments. Inertial sensors have been coupled with image aided concepts, such as feature tracking, with good results. However, feature density in areas with large, flat, smooth surfaces tends to be low. Polarimetric sensors have been used for surface reconstruction, surface characterization and outdoor navigation. This thesis combines aspects of some of these algorithms along with a realistic, micro-facet …

Reactive Routing In Hidra Networks, Scott Michael Marshall

Computer Engineering

In recent years, the Internet has grown so large that the future scalability of the Internet has become a major concern. The two primary scalability concerns are the size of the forwarding table and the ability for BGP to converge while distributing hundreds of thousands of routes.

HIDRA is a new Internet routing architecture that is backwards-compatible with existing routing technologies and protocols that focuses on feasibility-of-implementation. HIDRA remedies the first Internet scalability concern by proposing a means to reduce the number of entries in the default-free zone (DFZ) forwarding table.

This project extends HIDRA by designing a complete reactive …