Computer Sciences Commons^™

Privacy Assessment Breakthrough: A Design Science Approach To Creating A Unified Methodology, Lisa Mckee

Masters Theses & Doctoral Dissertations

Recent changes have increased the need for and awareness of privacy assessments. Organizations focus primarily on Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) but rarely take a comprehensive approach to assessments or integrate the results into a privacy risk program. There are numerous industry standards and regulations for privacy assessments, but the industry lacks a simple unified methodology with steps to perform privacy assessments. The objectives of this research project are to create a new privacy assessment methodology model using the design science methodology, update industry standards and present training for conducting privacy assessments that can be …

Leaderboard Design Principles Influencing User Engagement In An Online Discussion, Brian S. Bovee

Masters Theses & Doctoral Dissertations

Along with the popularity of gamification, there has been increased interest in using leaderboards to promote engagement with online learning systems. The existing literature suggests that when leaderboards are designed well they have the potential to improve learning, but qualitative investigations are required in order to reveal design principles that will improve engagement. In order to address this gap, this qualitative study aims to explore students' overall perceptions of popular leaderboard designs in a gamified, online discussion. Using two leaderboards reflecting performance in an online discussion, this study evaluated multiple leaderboard designs from student interviews and other data sources regarding …

Improving Adversarial Attacks Against Malconv, Justin Burr

Masters Theses & Doctoral Dissertations

This dissertation proposes several improvements to existing adversarial attacks against MalConv, a raw-byte malware classifier for Windows PE files. The included contributions greatly improve the success rates and performance of gradient-based file overlay attacks. All improvements are included in a new open-source attack utility called BitCamo.

Several new payload initialization strategies for use with gradient-based attacks are proposed and evaluated as potential replacements for the randomized initialization method used by current attacks. An algorithm for determining the optimal payload size is also proposed. The resulting improvements achieve a 100% evasion rate against eligible target executables using an average payload size …

Analysis Of Theoretical And Applied Machine Learning Models For Network Intrusion Detection, Jonah Baron

Masters Theses & Doctoral Dissertations

Network Intrusion Detection System (IDS) devices play a crucial role in the realm of network security. These systems generate alerts for security analysts by performing signature-based and anomaly-based detection on malicious network traffic. However, there are several challenges when configuring and fine-tuning these IDS devices for high accuracy and precision. Machine learning utilizes a variety of algorithms and unique dataset input to generate models for effective classification. These machine learning techniques can be applied to IDS devices to classify and filter anomalous network traffic. This combination of machine learning and network security provides improved automated network defense by developing highly-optimized …

Non-Hazardous Industrial Solid Waste Tracking System, Justin Tank

Masters Theses & Doctoral Dissertations

The Olmsted Non-Hazardous Industrial Solid Waste Tracking System allows waste generators of certain materials to electronically have their waste assessments evaluated, approved, and tracked through a simple online process. The current process of manually requesting evaluations, prepopulating tracking forms, and filling them out on triplicate carbonless forms is out of sync with other processes in the department. Complying with audit requirements requires pulling physical copies and providing them physically to fulfill information requests.

Waste generators in Minnesota are required to track their waste disposals for certain types of industrial waste streams. This ensures waste is accounted for at the point …

Byod-Insure: A Security Assessment Model For Enterprise Byod, Melva Ratchford

Masters Theses & Doctoral Dissertations

As organizations continue allowing employees to use their personal mobile devices to access the organizations’ networks and the corporate data, a phenomenon called ‘Bring Your Own Device’ or BYOD, proper security controls need to be adopted not only to secure the corporate data but also to protect the organizations against possible litigation problems. Until recently, current literature and research have been focused on specific areas or solutions regarding BYOD. The information associated with BYOD security issues in the areas of Management, IT, Users and Mobile Device Solutions is fragmented. This research is based on a need to provide a holistic …

Iot-Hass: A Framework For Protecting Smart Home Environment, Tarig Mudawi

Masters Theses & Doctoral Dissertations

While many solutions have been proposed for smart home security, the problem that no single solution fully protects the smart home environment still exists. In this research we propose a security framework to protect the smart home environment. The proposed framework includes three engines that complement each other to protect the smart home IoT devices. The first engine is an IDS/IPS module that monitors all traffic in the home network and then detects, alerts users, and/or blocks packets using anomaly-based detection. The second engine works as a device management module that scans and verifies IoT devices in the home network, …

A Virtual Machine Introspection Based Multi-Service, Multi-Architecture, High-Interaction Honeypot For Iot Devices, Cory A. Nance

Masters Theses & Doctoral Dissertations

Internet of Things (IoT) devices are quickly growing in adoption. The use case for IoT devices runs the gamut from household applications (such as toasters, lighting, and thermostats) to medical, battlefield, or Industrial Control System (ICS) applications used in life or death situations. A disturbing trend is that for IoT devices is that they are not developed with security in mind. This lack of security has led to the creation of massive botnets that conduct nefarious acts. A clear understanding of the threat landscape IoT devices face is needed to address these security issues. One technique used to understand threats …

Network Traffic Analysis Framework For Cyber Threat Detection, Meshesha K. Cherie

Masters Theses & Doctoral Dissertations

The growing sophistication of attacks and newly emerging cyber threats requires advanced cyber threat detection systems. Although there are several cyber threat detection tools in use, cyber threats and data breaches continue to rise. This research is intended to improve the cyber threat detection approach by developing a cyber threat detection framework using two complementary technologies, search engine and machine learning, combining artificial intelligence and classical technologies.

In this design science research, several artifacts such as a custom search engine library, a machine learning-based engine and different algorithms have been developed to build a new cyber threat detection framework based …

Evaluating The Impacts Of Detecting X.509 Covert Channels, Cody Welu

Masters Theses & Doctoral Dissertations

This quasi-experimental before-and-after study examined the performance impacts of detecting X.509 covert channels in the Suricata intrusion detection system. Relevant literature and previous studies surrounding covert channels and covert channel detection, X.509 certificates, and intrusion detection system performance were evaluated. This study used Jason Reaves’ X.509 covert channel proof of concept code to generate malicious network traffic for detection (2018). Various detection rules for intrusion detection systems were created to aid in the detection of the X.509 covert channel. The central processing unit (CPU) and memory utilization impacts that each rule had on the intrusion detection system was studied and …

Flashlight In A Dark Room: A Grounded Theory Study On Information Security Management At Small Healthcare Provider Organizations, Gerald Auger

Masters Theses & Doctoral Dissertations

Healthcare providers have a responsibility to protect patient’s privacy and a business motivation to properly secure their assets. These providers encounter barriers to achieving these objectives and limited academic research has been conducted to examine the causes and strategies to overcome them. A subset of this demographic, businesses with less than 10 providers, compose a majority 57% of provider organizations in the United States. This grounded theory study provides exploratory findings, discovering these small healthcare provider organizations (SHPO) have limited knowledge on information technology (IT) and information security that results in assumptions and misappropriations of information security implementation, who is …

A Malware Analysis And Artifact Capture Tool, Dallas Wright, Josh Stroschein

Research & Publications

Malware authors attempt to obfuscate and hide their code in its static and dynamic states. This paper provides a novel approach to aid analysis by intercepting and capturing malware artifacts and providing dynamic control of process flow. Capturing malware artifacts allows an analyst to more quickly and comprehensively understand malware behavior and obfuscation techniques and doing so interactively allows multiple code paths to be explored. The faster that malware can be analyzed the quicker the systems and data compromised by it can be determined and its infection stopped. This research proposes an instantiation of an interactive malware analysis and artifact …

Online Health Recommendation System: A Social Support Perspective, Tareq Nasralah, Cherie Noteboom, Abdullah Wahbeh, Mohammad Aref Al-Ramahi

Research & Publications

Online Health Communities (OHC) aim to support patients through offer them the opportunities to exchange support with others. However, patients have difficulties and problems locating expertise within the online health communities. In this regard, this study aims to create a patient recommender system to help users locate those with relevant experience and similar health status. Specifically, we aim to leverage the type of online social support users seek to determine the patient health status to build a patient status prediction model. Building the model will help create a peer recommendation system for online support group members to easily locate peers …

On Understanding Preference For Agile Methods Among Software Developers, David Brian Bishop, Amit V. Deokar, Surendra Sarnikar

Research & Publications

Agile methods are gaining widespread use in industry. Although management is keen on adopting agile, not all developers exhibit preference for agile methods. The literature is sparse in regard to why developers may show preference for agile. Understanding the factors informing the preference for agile can lead to more effective formation of teams, better training approaches, and optimizing software development efforts by focusing on key desirable components of agile. This study, using a grounded theory methodology, finds a variety of categories of factors that influence software developer preference for agile methods including self-efficacy, affective response, interpersonal response, external contingencies, and …

Users Acceptance Of Health Behavioral Change Support Systems, Mohammad Al-Ramahi, Insu Park, Jun Liu

Research & Publications

Behavioral Change Support Systems (BCSSs) is a socio-technical information systems with psychological and behavioral outcomes aim to change users’ behavior and lifestyle. The promising outcomes of BCSSs make them especially useful in certain areas such as healthcare, where these systems could be leveraged to motivate people toward healthy behavior and then help them to achieve their goals better. However, health BCSSs cannot help facilitate self-monitoring and self-management or even improve patients’ health outcomes when patients do not accept the technology first. In this article, we extend the existing literature of users’ acceptance of health BCSSs by introducing new variables that …