Physical Sciences and Mathematics Commons^™

Generative Machine Learning For Cyber Security, James Halvorsen, Dr. Assefaw Gebremedhin

Military Cyber Affairs

Automated approaches to cyber security based on machine learning will be necessary to combat the next generation of cyber-attacks. Current machine learning tools, however, are difficult to develop and deploy due to issues such as data availability and high false positive rates. Generative models can help solve data-related issues by creating high quality synthetic data for training and testing. Furthermore, some generative architectures are multipurpose, and when used for tasks such as intrusion detection, can outperform existing classifier models. This paper demonstrates how the future of cyber security stands to benefit from continued research on generative models.

Understanding Student Experiences With Tls Client Authentication, Clay A. Shubert

Masters Theses

This thesis presents a comprehensive investigation into student experiences with TLS client authentication, highlighting the usability challenges and learning curves associated with this long term key managament system. We designed a study that required future innovators in technology and security to use modern-day implementations of this certificate-based authentication system. From this study, we analyzed server logs, project reports, and survey responses from students enrolled in the applied cryptography course. We revealed significant hurdles in the initial setup and long-term key management of credentials used in TLS client authentication, emphasizing the gap between theoretical knowledge and practical implementation skills. Through quantitative …

An Analysis And Ontology Of Teaching Methods In Cybersecurity Education, Sarah Buckley

LSU Master's Theses

The growing cybersecurity workforce gap underscores the urgent need to address deficiencies in cybersecurity education: the current education system is not producing competent cybersecurity professionals, and current efforts are not informing the non-technical general public of basic cybersecurity practices. We argue that this gap is compounded by a fundamental disconnect between cybersecurity education literature and established education theory. Our research addresses this issue by examining the alignment of cybersecurity education literature concerning educational methods and tools with education literature.

In our research, we endeavor to bridge this gap by critically analyzing the alignment of cybersecurity education literature with education theory. …

Developing Singapore As A Smart Nation, Josephine Teo

Asian Management Insights

Mrs Josephine Teo, Singapore’s Minister for Communications and Information, and Minister-in-charge of Smart Nation and Cybersecurity, speaks about leading the country’s Smart Nation drive.

Blockchain Applications In Higher Education Based On The Nist Cybersecurity Framework, Brady Lund Ph.D.

Journal of Cybersecurity Education, Research and Practice

This paper investigates the integration of blockchain technology into core systems within institutions of higher education, utilizing the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework as a guiding framework. It supplies definitions of key terminology including blockchain, consensus mechanisms, decentralized identity, and smart contracts, and examines the application of secure blockchain across various educational functions such as enrollment management, degree auditing, and award processing. Each facet of the NIST Framework is utilized to explore the integration of blockchain technology and address persistent security concerns. The paper contributes to the literature by defining blockchain technology applications and opportunities within …

Improving Belonging And Connectedness In The Cybersecurity Workforce: From College To The Profession, Mary Beth Klinger

Journal of Cybersecurity Education, Research and Practice

This article explores the results of a project aimed at supporting community college students in their academic pursuit of an Associate of Applied Science (AAS) degree in Cybersecurity through mentorship, collaboration, skill preparation, and other activities and touch points to increase students’ sense of belonging and connectedness in the cybersecurity profession. The goal of the project was focused on developing diverse, educated, and skilled cybersecurity personnel for employment within local industry and government to help curtail the current regional cybersecurity workforce gap that is emblematic of the lack of qualified cybersecurity personnel that presently exists nationwide. Emphasis throughout the project …

A Systematic Review Of K-12 Cybersecurity Education Around The World, Ahmed Ibrahim, Marnie Mckee, Leslie F. Sikos, Nicola F. Johnson

Research outputs 2022 to 2026

This paper presents a systematic review of K-12 cybersecurity education literature from around the world. 24 academic papers dated from 2013-2023 were eligible for inclusion in the literature established within the research protocol. An additional 19 gray literature sources comprised the total. A range of recurring common topics deemed as aspects of cybersecurity behavior or practice were identified. A variety of cybersecurity competencies and skills are needed for K-12 students to apply their knowledge. As may be expected to be the case with interdisciplinary fields, studies are inherently unclear in the use of their terminology, and this is compounded in …

Pdf Malware Detection: Toward Machine Learning Modeling With Explainability Analysis, G. M.Sakhawat Hossain, Kaushik Deb, Helge Janicke, Iqbal H. Sarker

Research outputs 2022 to 2026

The Portable Document Format (PDF) is one of the most widely used file types, thus fraudsters insert harmful code into victims' PDF documents to compromise their equipment. Conventional solutions and identification techniques are often insufficient and may only partially prevent PDF malware because of their versatile character and excessive dependence on a certain typical feature set. The primary goal of this work is to detect PDF malware efficiently in order to alleviate the current difficulties. To accomplish the goal, we first develop a comprehensive dataset of 15958 PDF samples taking into account the non-malevolent, malicious, and evasive behaviors of the …

Mitigating Cyber Espionage: A Network Security Strategy Using Notifications, Claire Headland

Williams Honors College, Honors Research Projects

Network security and its mitigation of cyber espionage is paramount to the confidentiality, integrity, and availability of data within the intelligence field. With the advancing efficacy of social engineering to execute cyber espionage attacks, further measures and fail-safe mechanisms have become necessary. If a malicious actor successfully penetrates the network, suspending confidential data transmissions over the compromised network becomes crucial. However, connected users need a platform to receive security notifications and, therefore, need to know that their continued network use compromises more data. This project eliminates this by achieving two primary objectives: designing a multi- layered, hardened, and segmented network …

Using Feature Selection Enhancement To Evaluate Attack Detection In The Internet Of Things Environment, Khawlah Harahsheh, Rami Al-Naimat, Chung-Hao Chen

Electrical & Computer Engineering Faculty Publications

The rapid evolution of technology has given rise to a connected world where billions of devices interact seamlessly, forming what is known as the Internet of Things (IoT). While the IoT offers incredible convenience and efficiency, it presents a significant challenge to cybersecurity and is characterized by various power, capacity, and computational process limitations. Machine learning techniques, particularly those encompassing supervised classification techniques, offer a systematic approach to training models using labeled datasets. These techniques enable intrusion detection systems (IDSs) to discern patterns indicative of potential attacks amidst the vast amounts of IoT data. Our investigation delves into various aspects …

Designing An Artificial Immune Inspired Intrusion Detection System, William Hosier Anderson

Theses and Dissertations

The domain of Intrusion Detection Systems (IDS) has witnessed growing interest in recent years due to the escalating threats posed by cyberattacks. As Internet of Things (IoT) becomes increasingly integrated into our every day lives, we widen our attack surface and expose more of our personal lives to risk. In the same way the Human Immune System (HIS) safeguards our physical self, a similar solution is needed to safeguard our digital self. This thesis presents the Artificial Immune inspired Intrusion Detection System (AIS-IDS), an IDS modeled after the HIS. This thesis proposes an architecture for AIS-IDS, instantiates an AIS-IDS model …

Building A Diverse Cybersecurity Workforce: A Study On Attracting Learners With Varied Educational Backgrounds, Mubashrah Saddiqa, Kristian Helmer Kjær Larsen1 Helmer Kjær Larsen, Robert Nedergaard Nielsen, Jens Myrup Pedersen

Journal of Cybersecurity Education, Research and Practice

Cybersecurity has traditionally been perceived as a highly technical field, centered around hacking, programming, and network defense. However, this article contends that the scope of cybersecurity must transcend its technical confines to embrace a more inclusive approach. By incorporating various concepts such as privacy, data sharing, and ethics, cybersecurity can foster diversity among audiences with varying educational backgrounds, thereby cultivating a richer and more resilient security landscape. A more diverse cybersecurity workforce can provide a broader range of perspectives, experiences, and skills to address the complex and ever-evolving threats of the digital age. The research focuses on enhancing cybersecurity education …

Evaluating Attack Surface Management In An Industrial Control System (Ics) Environment: Leveraging A Recon Ftw For Threat Classification And Incident Response, Nathalia De Sa Soares

LSU Master's Theses

Protecting Industrial Control Systems (ICS) from cyber threats is paramount to
ensure the reliability and security of critical infrastructure. Organizations must proactively identify vulnerabilities and strengthen their incident response capabilities as attack vectors evolve. This research explores implementing an Attack Surface Management (ASM) approach, utilizing Recon FTW, to assess an operating ICS environment’s security posture comprehensively.
The primary objective of this research is to develop a tool for performing recon-
naissance in an ICS environment with a non-intrusive approach, enabling the realistic simulation of potential threat scenarios and the identification of critical areas requiring immediate attention and remediation. We aim …

Link Tank

DePaul Magazine

A new JD certificate program in information technology, cybersecurity and data privacy provides DePaul University students with proficiency in both law and tech.

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Building The Operational Technology (Ot) Cybersecurity Workforce: What Are Employers Looking For?, Christopher A. Ramezan, Paul M. Coffy, Jared Lemons

Journal of Cybersecurity Education, Research and Practice

A trained workforce is needed to protect operational technology (OT) and industrial control systems (ICS) within national critical infrastructure and critical industries. However, what knowledge, skills, and credentials are employers looking for in OT cybersecurity professionals? To best train the next generation of OT cybersecurity professionals, an understanding of current OT cybersecurity position requirements is needed. Thus, this work analyzes 100 OT cybersecurity positions to provide insights on key prerequisite requirements such as prior professional experience, education, industry certifications, security clearances, programming expertise, soft verbal and written communication skills, knowledge of OT frameworks, standards, and network communication protocols, and position …

Infrastructure As Code For Cybersecurity Training, Rui Pinto, Rolando Martins, Carlos Novo

Journal of Cybersecurity Education, Research and Practice

An organization's infrastructure rests upon the premise that cybersecurity professionals have specific knowledge in administrating and protecting it against outside threats. Without this expertise, sensitive information could be leaked to malicious actors and cause damage to critical systems. These attacks tend to become increasingly specialized, meaning cybersecurity professionals must ensure proficiency in specific areas. Naturally, recommendations include creating advanced practical training scenarios considering realistic situations to help trainees gain detailed knowledge. However, the caveats of high-cost infrastructure and difficulties in the deployment process of this kind of system, primarily due to the manual process of pre-configuring software needed for the …

Integrating Certifications Into The Cybersecurity College Curriculum: The Efficacy Of Education With Certifications To Increase The Cybersecurity Workforce, Binh Tran, Karen C. Benson, Lorraine Jonassen

Journal of Cybersecurity Education, Research and Practice

One only needs to listen to the news reports to recognize that the gap between securing the enterprise and cybersecurity threats, breaches, and vulnerabilities appears to be widening at an alarming rate. An un-tapped resource to combat these attacks lies in the students of the secondary educational system. Necessary in the cybersecurity education is a 3-tiered approach to quickly escalate the student into a workplace-ready graduate. The analogy used is a three-legged-stool, where curriculum content, hands-on skills, and certifications are equal instruments in the edification of the cybersecurity student. This paper endeavors to delve into the 3^rd leg of …

Cybersecurity Challenges And Awareness Of The Multi-Generational Learners In Nepal, Raj Kumar Dhungana, Lina Gurung Dr, Hem Poudyal

Journal of Cybersecurity Education, Research and Practice

Increased exposure to technologies has lately emerged as one of the everyday realities of digital natives, especially K-12 students, and teachers, the digital immigrants. Protection from cybersecurity risks in digital learning spaces is a human right, but students are increasingly exposed to high-risk cyberspace without time to cope with cybersecurity risks. This study, using a survey (N-891 students and 157 teachers) and in-depth interviews (27 students and 14 teachers), described the students' cybersecurity-related experiences and challenges in Nepal. This study revealed that the school’s cybersecurity support system is poor and teachers has very low awareness and competencies to protect students …

Like Treating The Symptom Rather Than The Cause - The Omission Of Courses Over Terrorism In Nsa Designated Institutions, Ida L. Oesteraas

Journal of Cybersecurity Education, Research and Practice

The National Security Agency (NSA) awards Center of Academic Excellence (CAE) designations to institutions that commit to producing cybersecurity professionals who will work in careers that reduce vulnerabilities in our national infrastructure. A review of the curricula in the 327 institutions and their degree programs reveal that only two programs offer a required course about terrorism. Given the fluid nature of terrorism and its threat to national infrastructure, the omission is concerning. It is recommended that NSA-certified cybersecurity programs begin implementing educational content that aim to teach about this emerging crime and justice issue. One suggestion is to embrace the …

Cybersecurity Safeguards: What Cybersecurity Safeguards Could Have Prevented The Intelligence/Data Breach By A Member Of The Air National Guard, Christopher Curtis Royal

Cyber Operations and Resilience Program Graduate Projects

Jack Teixeira, a 21-year-old IT specialist Air National Guard found himself on the wrong side of the US law after sharing what is considered classified and extremely sensitive information about USA's operations and role in Ukraine and Russia war. Like other previous cases of leakage of classified intelligence, the case of Teixeira raises concerns about the weaknesses and vulnerability of federal agencies' IT systems and security protocols governing accessibility to classified documents. Internal leakages of such classified documents hurt national security and can harm the country, especially when such secretive intelligence finds its way into the hands of enemies. Unauthorized …

Cyber Attack Surface Mapping For Offensive Security Testing, Douglas Everson

All Dissertations

Security testing consists of automated processes, like Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), as well as manual offensive security testing, like Penetration Testing and Red Teaming. This nonautomated testing is frequently time-constrained and difficult to scale. Previous literature suggests that most research is spent in support of improving fully automated processes or in finding specific vulnerabilities, with little time spent improving the interpretation of the scanned attack surface critical to nonautomated testing. In this work, agglomerative hierarchical clustering is used to compress the Internet-facing hosts of 13 representative companies as collected by the Shodan search …

Compete To Learn: Toward Cybersecurity As A Sport, Tj Oconnor, Dane Brown, Jasmine Jackson, Bryson Payne, Suzanna Schmeelk

Journal of Cybersecurity Education, Research and Practice

To support the workforce gap of skilled cybersecurity professionals, gamified pedagogical approaches for teaching cybersecurity have exponentially grown over the last two decades. During this same period, e-sports developed into a multi-billion dollar industry and became a staple on college campuses. In this work, we explore the opportunity to integrate e-sports and gamified cybersecurity approaches into the inaugural US Cyber Games Team. During this tenure, we learned many lessons about recruiting, assessing, and training cybersecurity teams. We share our approach, materials, and lessons learned to serve as a model for fielding amateur cybersecurity teams for future competition.

Sociocultural Barriers For Female Participation In Stem: A Case Of Saudi Women In Cybersecurity, Alanoud Aljuaid, Xiang Michelle Liu

Journal of Cybersecurity Education, Research and Practice

The participation of women in Science, Technology, Engineering, and Mathematics (STEM) workforces is overwhelmingly low as compared to their male counterparts. The low uptake of cybersecurity careers has been documented in the previous studies conducted in the contexts of the West and Eastern worlds. However, most of the past studies mainly covered the Western world leaving more knowledge gaps in the context of Middle Eastern countries such as Saudi Arabia. Thus, to fill the existing knowledge gaps, the current study focused on women in Saudi Arabia. The aim of the study was to investigate the factors behind the underrepresentation of …

Authenticated Public Key Elliptic Curve Based On Deep Convolutional Neural Network For Cybersecurity Image Encryption Application, Esam A. A. Hagras, Saad Aldosary, Haitham Khaled, Tarek M. Hassan

Research outputs 2022 to 2026

The demand for cybersecurity is growing to safeguard information flow and enhance data privacy. This essay suggests a novel authenticated public key elliptic curve based on a deep convolutional neural network (APK-EC-DCNN) for cybersecurity image encryption application. The public key elliptic curve discrete logarithmic problem (EC-DLP) is used for elliptic curve Diffie–Hellman key exchange (EC-DHKE) in order to generate a shared session key, which is used as the chaotic system’s beginning conditions and control parameters. In addition, the authenticity and confidentiality can be archived based on ECC to share the (Formula presented.) parameters between two parties by using the EC-DHKE …

An Analysis And Examination Of Consensus Attacks In Blockchain Networks, Thomas R. Clark

Senior Honors Projects, 2020-current

This paper examines consensus attacks as they relate to blockchain networks. Consensus attacks are a significant threat to the security and integrity of blockchain networks, and understanding these attacks is crucial for developers and stakeholders. The primary contribution of the paper is to present blockchain and consensus attacks in a clear and accessible manner, with the aim of making these complex concepts easily understandable for a general audience. Using literature review, the paper identifies various methods to prevent consensus attacks, including multi-chain networks, proof-of-work consensus algorithms, and network auditing and monitoring. An analysis revealed that these methods for preventing consensus …

Making The Transition To Post-Quantum Cryptography, J. Simon Richard

The Downtown Review

Without intervention, quantum computing could threaten the security of a large portion of our internet in the near future. However, solutions exist. This paper, which is intended for a general audience, provides a wider context for our current state of quantum-preparedness amid the transition from classical cryptosystems to post-quantum cryptosystems—cryptographic algorithms that can resist the attacks of quantum computers. It will also submit a possible way forward inspired by the actions taken around the globe to prevent the millennium (or Y2K) bug.

Combining Frameworks To Improve Military Health System Quality And Cybersecurity, Dr. Maureen L. Schafer, Dr. Joseph H. Schafer

Military Cyber Affairs

Existing conceptual frameworks and commercially available technology could be considered to rapidly operationalize the use of Quality Measures (QM) within military health systems (Costantino et al. 2020). Purchased healthcare as well as digital healthcare services have paved the way for data collection from multiple information systems thus offering stakeholders actionable intelligence to both guide and measure healthcare outcomes. However, the collection of data secondary to Smart Devices, disparate information systems, cloud services, and the Internet of Medical Things (IOMT) is a complication for security experts that also affect clients, stakeholders, organizations, and businesses delivering patient care. We have combined three …

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Survey Of Input Modalities In The Western World, John Ezat Sadik

Masters Theses

Having your account compromised can lead to serious complications in your life. One
way accounts become compromised is through the security risks associated with weak
passwords and reused passwords [22,23]. In this thesis, we seek to understand how
entering passwords on non-PC devices contributes to the problems of weak and reused
passwords. To do so, we conducted a survey that was distributed to people in the
the Western World. In our survey results, we found that users commented about
how the current password model was not created with a variety of device types in
mind, which created frustrations and complexity …