Computer Sciences Commons^™

Enhanced Content-Based Fake News Detection Methods With Context-Labeled News Sources, Duncan Arnfield

Electronic Theses and Dissertations

This work examined the relative effectiveness of multilayer perceptron, random forest, and multinomial naïve Bayes classifiers, trained using bag of words and term frequency-inverse dense frequency transformations of documents in the Fake News Corpus and Fake and Real News Dataset. The goal of this work was to help meet the formidable challenges posed by proliferation of fake news to society, including the erosion of public trust, disruption of social harmony, and endangerment of lives. This training included the use of context-categorized fake news in an effort to enhance the tools’ effectiveness. It was found that term frequency-inverse dense frequency provided …

Blockchain Security: Double-Spending Attack And Prevention, William Henry Scott Iii

Electronic Theses and Dissertations

This thesis shows that distributed consensus systems based on proof of work are vulnerable to hashrate-based double-spending attacks due to abuse of majority rule. Through building a private fork of Litecoin and executing a double-spending attack this thesis examines the mechanics and principles behind the attack. This thesis also conducts a survey of preventative measures used to deter double-spending attacks, concluding that a decentralized peer-to-peer network using proof of work is best protected by the addition of an observer system whether internal or external.

Campus Safety Data Gathering, Classification, And Ranking Based On Clery-Act Reports, Walaa F. Abo Elenin

Electronic Theses and Dissertations

Most existing campus safety rankings are based on criminal incident history with minimal or no consideration of campus security conditions and standard safety measures. Campus safety information published by universities/colleges is usually conceptual/qualitative and not quantitative and are based-on criminal records of these campuses. Thus, no explicit and trusted ranking method for these campuses considers the level of compliance with the standard safety measures. A quantitative safety measure is important to compare different campuses easily and to learn about specific campus safety conditions.

In this thesis, we utilize Clery-Act reports of campuses to automatically analyze their safety conditions and generate …

Blockchain Securities Issues: Decentralized Identity System With Key Management Perspective, Olalekan O. Adaramola

Electronic Theses and Dissertations

Blockchain was created many years ago to solve the problems of data transfer Integrity, several years later the issues persist. Blockchain securities are one of the most important considerations to be investigated, and data integrity is about ensuring the accuracy and validity of messages such that when they are read, they are the same as when they were first written. It is of the opinion that passing information across from one person to another cannot be the same as it was first said at the onset. Our work investigated Blockchain security issues, studying Integrity emanating from transactions across the blocks …

Differentiate Metasploit Framework Attacks From Others, Gina Liu Ajero

Electronic Theses and Dissertations

Metasploit Framework is a very popular collection of penetration testing tools. From auxiliaries such as network scanners and mappers to exploits and payloads, Metasploit Framework offers a plethera of apparatuses to implement all the stages of a penetration test. There are two versions: both a free open-source community version and a commercial professional version called Metasploit Pro. The free version, Metasploit Framework, is heavily used by cyber crimininals to carry out illegal activities to gain unauthorized access to targets.

In this paper, I conduct experiments in a virtual environment to discover whether attacks originated from Metasploit Framework are marked with …

A Machine Learning Approach For Reconnaissance Detection To Enhance Network Security, Rachel Bakaletz

Electronic Theses and Dissertations

Before cyber-crime can happen, attackers must research the targeted organization to collect vital information about the target and pave the way for the subsequent attack phases. This cyber-attack phase is called reconnaissance or enumeration. This malicious phase allows attackers to discover information about a target to be leveraged and used in an exploit. Information such as the version of the operating system and installed applications, open ports can be detected using various tools during the reconnaissance phase. By knowing such information cyber attackers can exploit vulnerabilities that are often unique to a specific version.

In this work, we develop an …

Lightweight Mutual Authentication And Privacy Preservation Schemes For Iot Systems., Samah Mansour

Electronic Theses and Dissertations

Internet of Things (IoT) presents a holistic and transformative approach for providing services in different domains. IoT creates an atmosphere of interaction between humans and the surrounding physical world through various technologies such as sensors, actuators, and the cloud. Theoretically, when everything is connected, everything is at risk. The rapid growth of IoT with the heterogeneous devices that are connected to the Internet generates new challenges in protecting and preserving user’s privacy and ensuring the security of our lives. IoT systems face considerable challenges in deploying robust authentication protocols because some of the IoT devices are resource-constrained with limited computation …

Arnold Transformations As Applied To Data Encryption, Haley N. Anderson

Electronic Theses and Dissertations

As our world becomes increasingly digital, data security becomes key. Data must be encrypted such that it can be easily encrypted only by the intended recipient. Arnold Transformations are a useful tool in this because of its unpredictable periodicity. Our goal is to outline a method for choosing an Arnold Transformation that is both secure and easy to implement. We find the necessary and sufficient condition that a key matrix has periodicity. The chosen key matrix has a random structure, and it has a periodicity that is sufficiently high. We apply this method to several image and data string examples …

Knot Flow Classification And Its Applications In Vehicular Ad-Hoc Networks (Vanet), David Schmidt

Electronic Theses and Dissertations

Intrusion detection systems (IDSs) play a crucial role in the identification and mitigation for attacks on host systems. Of these systems, vehicular ad hoc networks (VANETs) are difficult to protect due to the dynamic nature of their clients and their necessity for constant interaction with their respective cyber-physical systems. Currently, there is a need for a VANET-specific IDS that meets this criterion. To this end, a spline-based intrusion detection system has been pioneered as a solution. By combining clustering with spline-based general linear model classification, this knot flow classification method (KFC) allows for robust intrusion detection to occur. Due its …

Formally Designing And Implementing Cyber Security Mechanisms In Industrial Control Networks., Mehdi Sabraoui

Electronic Theses and Dissertations

This dissertation describes progress in the state-of-the-art for developing and deploying formally verified cyber security devices in industrial control networks. It begins by detailing the unique struggles that are faced in industrial control networks and why concepts and technologies developed for securing traditional networks might not be appropriate. It uses these unique struggles and examples of contemporary cyber-attacks targeting control systems to argue that progress in securing control systems is best met with formal verification of systems, their specifications, and their security properties. This dissertation then presents a development process and identifies two technologies, TLA+ and seL4, that can be …

Federal, State And Local Law Enforcement Agency Interoperability Capabilities And Cyber Vulnerabilities, Tyrone Trapnell

Electronic Theses and Dissertations

The National Data Exchange (N-DEx) System is the central informational hub located at the Federal Bureau of Investigation (FBI). Its purpose is to provide network subscriptions to all Federal, state and local level law enforcement agencies while increasing information collaboration across all domains. The National Data Exchange users must satisfy the Advanced Permission Requirements, confirming the terms of N-DEx information use, and the Verification Requirement (verifying the completeness, timeliness, accuracy, and relevancy of N-DEx information) through coordination with the record-owning agency (Management, 2018). A network infection model is proposed to simulate the spread impact of various cyber-attacks within Federal, state …

Probabilistic Record Linkage With Elliptic Curve Operations, Shreya Dhiren Patel

Electronic Theses and Dissertations

Federated query processing for an electronic health record infrastructure enables large epidemiology studies using data integrated from geographically dispersed medical institutions. However, government imposed privacy regulations prohibit disclosure of patient's health record outside the context of clinical care, thereby making it difficult to determine which records correspond to the same entity in the process of query aggregation.

Privacy-preserving record linkage is an actively pursued research area to facilitate the linkage of database records under the constraints of regulations that do not allow the linkage agents to learn sensitive identities of record owners. In earlier works, scalability has been shown to …

A Study Of Perceptions On Incident Response Exercises, Information Sharing, Situational Awareness, And Incident Response Planning In Power Grid Utilities, Joseph Garmon

Electronic Theses and Dissertations

The power grid is facing increasing risks from a cybersecurity attack. Attacks that shut off electricity in Ukraine have already occurred, and successful compromises of the power grid that did not shut off electricity to customers have been privately disclosed in North America. The objective of this study is to identify how perceptions of various factors emphasized in the electric sector affect incident response planning. Methods used include a survey of 229 power grid personnel and the use of partial least squares structural equation modeling to identify causal relationships. This study reveals the relationships between perceptions by personnel responsible for …

Security Analysis Of The Internet Of Things Using Digital Forensic And Penetration Testing Tools, Olajide Ojagbule

Electronic Theses and Dissertations

We exist in a universe where everything is related to the internet or each other like smart TVs, smart telephones, smart thermostat, cars and more. Internet of Things has become one of the most talked about technologies across the world and its applications range from the control of home appliances in a smart home to the control of machines on the production floor of an industry that requires less human intervention in performing basic daily tasks. Internet of Things has rapidly developed without adequate attention given to the security and privacy goals involved in its design and implementation. This document …

An Analysis Of International Agreements Over Cybersecurity, Lucas Ashbaugh

Electronic Theses and Dissertations

Research into the international agreements that increase cooperation over cybersecurity challenges is severely lacking. This is a necessary next step for bridging diplomatic challenges over cybersecurity. This work aspires to be push the bounds of research into these agreements and offer a tool that future researchers can rely on. For this research I created, and made publicly available, the International Cybersecurity Cooperation Dataset (ICCD), which contains over 350 international cybersecurity agreements and pertinent metadata. Each agreement is marked per which subtopics within cybersecurity related agreements it covers. These typologies are:

• Discussion and Dialogue

• Research

• Confidence Building Measures

• Incident Response

• Crime …

  ---

  Go to article

Assessment Of Information Security Culture In Higher Education, Henry Glaspie

Electronic Theses and Dissertations

Information security programs are instituted by organizations to provide guidance to their users who handle their data and systems. The main goal of these programs is to protect the organization's information assets through the creation and cultivation of a positive information security culture within the organization. As the collection and use of data expands in all economic sectors, the threat of data breach due to human error increases. Employee's behavior towards information security is influenced by the organizations information security programs and the overall information security culture. This study examines the human factors of an information security program and their …

A Value Sensitive Design Approach To Adolescent Mobile Online Safety, Arup Kumar Ghosh

Electronic Theses and Dissertations

With the rise of adolescent smartphone use, concerns about teen online safety are also on the rise. A number of parental control apps are available for mobile devices, but adoption of these apps has been markedly low. To better understand these apps, their users, and design opportunities in the space of mobile online safety for adolescents, we have conducted four studies informed by the principles of Value Sensitive Design (VSD). In Study 1 (Chapter 2), we conducted a web-based survey of 215 parents and their teens (ages 13-17) using two separate logistic regression models (parent and teen) to examine the …

Isolated Mobile Malware Observation, Augustine Paul

Electronic Theses and Dissertations

The idea behind Bring Your Own Device (BYOD) it that personal mobile devices can be used in the workplace to enhance convenience and flexibility. This development encourages organizations to allow access of personal mobile devices to business information and systems for businesses operation. However, BYOD opens a firm to various security risks such as data contamination and the exposure of user interest to criminal activities. Mobile devices were not designed to handle intense data security and advanced security features are frequently turned off. Using personal mobile devices can also expose a system to various forms of security threats like malware. …

Authorship Identification Of Translation Algorithms., Keishin Nishiyama

Electronic Theses and Dissertations

Authorship analysis is a process of identifying a true writer of a given document and has been studied for decades. However, only a handful of studies of authorship analysis of translators are available despite the fact that online translations are widely available and also popularly employed in automatic translations of posts in social networking services. The identification of translation algorithms has potential to contribute to the investigation of cybercrimes, involving translation of scam messages by algorithmic translations to reach speakers of foreign languages. This study tested bag of words (BOW) approach in authorship attribution and the existing approaches to translator …

Dynamic Adversarial Mining - Effectively Applying Machine Learning In Adversarial Non-Stationary Environments., Tegjyot Singh Sethi

Electronic Theses and Dissertations

While understanding of machine learning and data mining is still in its budding stages, the engineering applications of the same has found immense acceptance and success. Cybersecurity applications such as intrusion detection systems, spam filtering, and CAPTCHA authentication, have all begun adopting machine learning as a viable technique to deal with large scale adversarial activity. However, the naive usage of machine learning in an adversarial setting is prone to reverse engineering and evasion attacks, as most of these techniques were designed primarily for a static setting. The security domain is a dynamic landscape, with an ongoing never ending arms race …

Examining And Exposing The Darknet, Ton H. Don

Electronic Theses and Dissertations

This thesis consists of two studies; the first study is “Diving into the Darknet” and the second is “Exposing the Darknet on Mobile Devices”. The Darknet is a network of hidden sites and services which are built based on anonymity. In “Diving into the Darknet”, we applied different data science methods to establish the relationships between the data in the data set. This data set has information related to seller, drug types, and transactions. Additionally, we used Tableau to visualize the data set. For the second study, we took a digital forensics perspective of the Darknet. Orfox and Orbot, a …

Leveraging Client Processing For Location Privacy In Mobile Local Search, Wisam Mohamed Eltarjaman

Electronic Theses and Dissertations

Usage of mobile services is growing rapidly. Most Internet-based services targeted for PC based browsers now have mobile counterparts. These mobile counterparts often are enhanced when they use user's location as one of the inputs. Even some PC-based services such as point of interest Search, Mapping, Airline tickets, and software download mirrors now use user's location in order to enhance their services. Location-based services are exactly these, that take the user's location as an input and enhance the experience based on that. With increased use of these services comes the increased risk to location privacy. The location is considered an …

Assessing The Physical Security Of Idfs With Psatool: A Case Study, Sulabh Bista

Electronic Theses and Dissertations

PSATool is a checklist-based, web-based application for assessing the physical security of Intermediate Distribution Frameworks. IDFs, or wiring closets, are an integral if often neglected component of information security. Earlier work by Timbs (2013) identified 52 IDF-related security requirements based on federal and international standards for physical security. PSATool refines Timbs’ prototype application for IDF assessment, extending it with support for mobile-device-based data entry.

PSATool was used to assess 25 IDFs at a regional university, a college and a manufacturing corporation, with an average of 9 minutes per assessment. Network managers and assessors involved in the assessments characterized PSATool as …

Heuristics For Improved Enterprise Intrusion Detection, James J. Treinen

Electronic Theses and Dissertations

One of the greatest challenges facing network operators today is the identification of malicious activity on their networks. The current approach is to deploy a set of intrusion detection sensors (IDSs) in various locations throughout the network and on strategic hosts. Unfortunately, the available intrusion detection technologies generate an overwhelming volume of false alarms, making the task of identifying genuine attacks nearly impossible. This problem is very difficult to solve even in networks of nominal size. The task of uncovering attacks in enterprise class networks quickly becomes unmanageable.

Research on improving intrusion detection sensors is ongoing, but given the nature …