Information Security Commons^™

Side Channel Detection Of Pc Rootkits Using Nonlinear Phase Space, Rebecca Clark

Poster Presentations

Cyberattacks are increasing in size and scope yearly, and the most effective and common means of attack is through malicious software executed on target devices of interest. Malware threats vary widely in terms of behavior and impact and, thus, effective methods of detection are constantly being sought from the academic research community to offset both volume and complexity. Rootkits are malware that represent a highly feared threat because they can change operating system integrity and alter otherwise normally functioning software. Although normal methods of detection that are based on signatures of known malware code are the standard line of defense, …

Multi-Script Handwriting Identification By Fragmenting Strokes, Joshua Jude Thomas

<strong> Theses and Dissertations </strong>

This study tests the effectiveness of Multi-Script Handwriting Identification after simplifying character strokes, by segmenting them into sub-parts. Character simplification is performed through splitting the character by branching-points and end-points, a process called stroke fragmentation in this study. The resulting sub-parts of the character are called stroke fragments and are evaluated individually to identify the writer. This process shares similarities with the concept of stroke decomposition in Optical Character Recognition which attempts to recognize characters through the writing strokes that make them up. The main idea of this study is that the characters of different writing‑scripts (English, Chinese, etc.) may …

Side Channel Detection Of Pc Rootkits Using Nonlinear Phase Space, Rebecca Clark

Honors Theses

Cyberattacks are increasing in size and scope yearly, and the most effective and common means of attack is through malicious software executed on target devices of interest. Malware threats vary widely in terms of behavior and impact and, thus, effective methods of detection are constantly being sought from the academic research community to offset both volume and complexity. Rootkits are malware that represent a highly feared threat because they can change operating system integrity and alter otherwise normally functioning software. Although normal methods of detection that are based on signatures of known malware code are the standard line of defense, …

Data Profits Vs. Privacy Rights: Ethical Concerns In Data Commerce, Amiah Armstrong

Cybersecurity Undergraduate Research Showcase

In today’s digital age, the collection and sale of customer data for advertising is gaining a growing number of ethical concerns. The act of amassing extensive datasets encompassing customer preferences, behaviors, and personal information raises questions of its true purpose. It is widely acknowledged that companies track and store their customer’s digital activities under the pretext of benefiting the customer, but at what cost? Are users aware of how much of their data is being collected? Do they understand the trade-off between personalized services and the potential invasion of their privacy? This paper aims to show the advantages and disadvantages …

An Analysis And Ontology Of Teaching Methods In Cybersecurity Education, Sarah Buckley

LSU Master's Theses

The growing cybersecurity workforce gap underscores the urgent need to address deficiencies in cybersecurity education: the current education system is not producing competent cybersecurity professionals, and current efforts are not informing the non-technical general public of basic cybersecurity practices. We argue that this gap is compounded by a fundamental disconnect between cybersecurity education literature and established education theory. Our research addresses this issue by examining the alignment of cybersecurity education literature concerning educational methods and tools with education literature.

In our research, we endeavor to bridge this gap by critically analyzing the alignment of cybersecurity education literature with education theory. …

Rising Threat - Deepfakes And National Security In The Age Of Digital Deception, Dougo Kone-Sow

Cybersecurity Undergraduate Research Showcase

This paper delves into the intricate landscape of deepfakes, exploring their genesis, capabilities, and far-reaching implications. The rise of deepfake technology presents an unprecedented threat to American national security, propagating disinformation and manipulation across various media formats. Notably, deepfakes have evolved from a historical backdrop of disinformation campaigns, merging with the advancements of artificial intelligence (AI) and machine learning to craft convincing but false multimedia content.

Examining the capabilities of deepfakes reveals their potential for misuse, evidenced by instances targeting individuals, companies, and even influencing political events like the 2020 U.S. elections. The paper highlights the direct threats posed by …

Privacy Concerns And Proposed Solutions With Iot In Wearable Technology, Hyacinth Abad

Cybersecurity Undergraduate Research Showcase

This paper examines the dynamic relationship between IoT cybersecurity and privacy concerns associated with wearable devices. IoT, with its exponential growth, presents both opportunities and challenges in terms of accessibility, integrity, availability, scalability, confidentiality, and interoperability. Cybersecurity concerns arise as diverse attack surfaces exploit vulnerabilities in IoT systems, necessitating robust defenses. In the field of wearable technology, these devices offer benefits like health data tracking and real-time communication. However, the adoption of these devices raises privacy concerns. The paper explores proposed solutions, including mechanisms for user-controlled data collection, the implementation of Virtual Trip Line (VTL) and virtual wall approaches, and …

Ensuring Non-Repudiation In Long-Distance Constrained Devices, Ethan Blum

Honors Theses

Satellite communication is essential for the exploration and study of space. Satellites allow communications with many devices and systems residing in space and on the surface of celestial bodies from ground stations on Earth. However, with the rise of Ground Station as a Service (GsaaS), the ability to efficiently send action commands to distant satellites must ensure non-repudiation such that an attacker is unable to send malicious commands to distant satellites. Distant satellites are also constrained devices and rely on limited power, meaning security on these devices is minimal. Therefore, this study attempted to propose a novel algorithm to allow …

Enhanced Content-Based Fake News Detection Methods With Context-Labeled News Sources, Duncan Arnfield

Electronic Theses and Dissertations

This work examined the relative effectiveness of multilayer perceptron, random forest, and multinomial naïve Bayes classifiers, trained using bag of words and term frequency-inverse dense frequency transformations of documents in the Fake News Corpus and Fake and Real News Dataset. The goal of this work was to help meet the formidable challenges posed by proliferation of fake news to society, including the erosion of public trust, disruption of social harmony, and endangerment of lives. This training included the use of context-categorized fake news in an effort to enhance the tools’ effectiveness. It was found that term frequency-inverse dense frequency provided …

Closing The Gap: Leveraging Aes-Ni To Balance Adversarial Advantage And Honest User Performance In Argon2i, Nicholas Harrell, Nathaniel Krakauer

CERIAS Technical Reports

The challenge of providing data privacy and integrity while maintaining efficient performance for honest users is a persistent concern in cryptography. Attackers exploit advances in parallel hardware and custom circuit hardware to gain an advantage over regular users. One such method is the use of Application-Specific Integrated Circuits (ASICs) to optimize key derivation function (KDF) algorithms, giving adversaries a significant advantage in password guessing and recovery attacks. Other examples include using graphical processing units (GPUs) and field programmable gate arrays (FPGAs). We propose a focused approach to close the gap between adversarial advantage and honest user performance by leveraging the …

Framework For Assessing Information System Security Posture Risks, Syed Waqas Hamdani

Electronic Thesis and Dissertation Repository

In today’s data-driven world, Information Systems, particularly the ones operating in regulated industries, require comprehensive security frameworks to protect against loss of confidentiality, integrity, or availability of data, whether due to malice, accident or otherwise. Once such a security framework is in place, an organization must constantly monitor and assess the overall compliance of its systems to detect and rectify any issues found. This thesis presents a technique and a supporting toolkit to first model dependencies between security policies (referred to as controls) and, second, devise models that associate risk with policy violations. Third, devise algorithms that propagate risk when …

Lidar Segmentation-Based Adversarial Attacks On Autonomous Vehicles, Blake Johnson

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

Autonomous vehicles utilizing LiDAR-based 3D perception systems are susceptible to adversarial attacks. This paper focuses on a specific attack scenario that relies on the creation of adversarial point clusters with the intention of fooling the segmentation model utilized by LiDAR into misclassifying point cloud data. This can be translated into the real world with the placement of objects (such as road signs or cardboard) at these adversarial point cluster locations. These locations are generated through an optimization algorithm performed on said adversarial point clusters that are introduced by the attacker.

A Multimodal Immune System Inspired Defense Architecture For Detecting And Deterring Digital Pathogens In Container Hosted Web Services, Islam Khalil

Theses and Dissertations

With the increased use of web technologies, microservices, and Application Programming Interface (API) for integration between systems, and with the development of containerization of services on operating system level as a method of isolating system execution and for easing the deployment and scaling of systems, there is a growing need as well as opportunities for providing platforms that improve the security of such services. In our work, we propose an architecture for a containerization platform that utilizes various concepts derived from the human immune system. The goal of the proposed containerization platform is to introduce the concept of slowing down …

An Analysis And Examination Of Consensus Attacks In Blockchain Networks, Thomas R. Clark

Senior Honors Projects, 2020-current

This paper examines consensus attacks as they relate to blockchain networks. Consensus attacks are a significant threat to the security and integrity of blockchain networks, and understanding these attacks is crucial for developers and stakeholders. The primary contribution of the paper is to present blockchain and consensus attacks in a clear and accessible manner, with the aim of making these complex concepts easily understandable for a general audience. Using literature review, the paper identifies various methods to prevent consensus attacks, including multi-chain networks, proof-of-work consensus algorithms, and network auditing and monitoring. An analysis revealed that these methods for preventing consensus …

Du Undergraduate Showcase: Research, Scholarship, And Creative Works, Caitlyn Aldersea, Justin Bravo, Sam Allen, Anna Block, Connor Block, Emma Buechler, Maria De Los Angeles Bustillos, Arianna Carlson, William Christensen, Olivia Kachulis, Noah Craver, Kate Dillon, Muskan Fatima, Angel Fernandes, Emma Finch, Colleen Cassidy, Amy Fishman, Andrea Francis, Stacia Fritz, Simran Gill, Emma Gries, Rylie Hansen, Shannon Powers, Jacqueline Martinez, Zachary Harker, Ashley Hasty, Mykaela Tanino-Springsteen, Kathleen Hopps, Adelaide Kerenick, Colin Kleckner, Ci Koehring, Elijah Kruger, Braden Krumholz, Maddie Leake, Lyneé Alves, Seraphina Loukas, Yatzari Lozano Vazquez, Haley Maki, Emily Martinez, Sierra Mckinney, Mykaela Tanino-Springsteen, Audrey Mitchell, Kipling Newman, Audrey Ng, Megan Lucyshyn, Andrew Nguyen, Stevie Ostman, Casandra Pearson, Alexandra Penney, Julia Gielczynski, Tyler Ball, Anna Rini, Christina Rorres, Simon Ruland, Helayna Schafer, Emma Sellers, Sarah Schuller, Claire Shaver, Kevin Summers, Isabella Shaw, Madison Sinar, Claudia Pena, Apshara Siwakoti, Carter Sorensen, Madi Sousa, Anna Sparling, Alexandra Revier, Brandon Thierry, Dylan Tyree, Maggie Williams, Lauren Wols

DU Undergraduate Research Journal Archive

DU Undergraduate Showcase: Research, Scholarship, and Creative Works

Linux Malware Obfuscation, Brian Roden

Computer Science and Computer Engineering Undergraduate Honors Theses

Many forms of malicious software use techniques and tools that make it harder for their functionality to be parsed, both by antivirus software and reverse-engineering methods. Historically, the vast majority of malware has been written for the Windows operating system due to its large user base. As such, most efforts made for malware detection and analysis have been performed on that platform. However, in recent years, we have seen an increase in malware targeting servers running Linux and other Unix-like operating systems resulting in more emphasis of malware research on these platforms. In this work, several obfuscation techniques for Linux …

Rbac Attack Exposure Auditor. Tracking User Risk Exposure Per Role-Based Access Control Permissions, Adelaide Damrau

Undergraduate Honors Theses

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access …

A Survey And Comparative Study On Vulnerability Scanning Tools, Cassidy Khounborine

Computer Science and Computer Engineering Undergraduate Honors Theses

Vulnerability scanners are a tool used by many organizations and developers as part of their vulnerability management. These scanners aid in the security of applications, databases, networks, etc. There are many different options available for vulnerability scanners that vary in the analysis method they encompass or target for which they scan, among many other features. This thesis explores the different types of scanners available and aims to ease the burden of selecting the ideal vulnerability scanner for one’s needs by conducting a survey and comparative analysis of vulnerability scanners. Before diving into the vulnerability scanners available, background information is provided …

Survey Of Input Modalities In The Western World, John Ezat Sadik

Masters Theses

Having your account compromised can lead to serious complications in your life. One
way accounts become compromised is through the security risks associated with weak
passwords and reused passwords [22,23]. In this thesis, we seek to understand how
entering passwords on non-PC devices contributes to the problems of weak and reused
passwords. To do so, we conducted a survey that was distributed to people in the
the Western World. In our survey results, we found that users commented about
how the current password model was not created with a variety of device types in
mind, which created frustrations and complexity …

Chatgpt As Metamorphosis Designer For The Future Of Artificial Intelligence (Ai): A Conceptual Investigation, Amarjit Kumar Singh (Library Assistant), Dr. Pankaj Mathur (Deputy Librarian)

Library Philosophy and Practice (e-journal)

Abstract

Purpose: The purpose of this research paper is to explore ChatGPT’s potential as an innovative designer tool for the future development of artificial intelligence. Specifically, this conceptual investigation aims to analyze ChatGPT’s capabilities as a tool for designing and developing near about human intelligent systems for futuristic used and developed in the field of Artificial Intelligence (AI). Also with the helps of this paper, researchers are analyzed the strengths and weaknesses of ChatGPT as a tool, and identify possible areas for improvement in its development and implementation. This investigation focused on the various features and functions of ChatGPT that …

Enabling Dapps Data Exchange With Hardware-Assisted Secure Oracle Network, Yue Li

Theses and Dissertations--Computer Science

Decentralized applications (dApps), enabled by the blockchain and smart contract technology, are known for allowing distrustful parties to execute business logic without relying on a central authority. Compared to regular applications, dApps offer a wide range of benefits, including security by design, trustless transactions, and resistance to censorship. However, dApps need to access real-world data to achieve their full potential, relying on the data oracles. Oracles act as bridges between blockchains and the outside world, providing essential data to the smart contracts that power dApps. A significant challenge in integrating oracles into the dApp ecosystem is the Oracle Problem …

A Secure And Distributed Architecture For Vehicular Cloud And Protocols For Privacy-Preserving Message Dissemination In Vehicular Ad Hoc Networks, Hassan Mistareehi

Theses and Dissertations--Computer Science

Given the enormous interest in self-driving cars, Vehicular Ad hoc NETworks (VANETs) are likely to be widely deployed in the near future. Cloud computing is also gaining widespread deployment. Marriage between cloud computing and VANETs would help solve many of the needs of drivers, law enforcement agencies, traffic management, etc. The contributions of this dissertation are summarized as follows: A Secure and Distributed Architecture for Vehicular Cloud: Ensuring security and privacy is an important issue in the vehicular cloud; if information exchanged between entities is modified by a malicious vehicle, serious consequences such as traffic congestion and accidents can …

Nft Artifact Prediction Using Machine Learning, Rishabh Pandey

Master's Projects

NFT Prediction Systems are web applications that provide their users with valuable insights about the artifact. These insights are useful for investors and collectors to make better decisions about their purchases. This project builds upon the same concept of prediction by developing a web application to dynamically provide recommendations based on user input and training an ML model to predict their cost. Preliminary work for the prediction system involved data collection, pre-processing, analysis, and filtering of large datasets from diverse sources. The project focused on the development of a user- friendly UI to enable seamless categorization of search results generated …

Defense Of A Small Network, Isabella Adkins

Williams Honors College, Honors Research Projects

A sample network will be virtually created consisting of three routers, one switch, and three hosts. The network will be secured using various methods such as enabling passwords and encryption. After the network has been properly secured, various attacks will be attempted with the goal of breaking into the network. These attacks include reconnaissance (gathering information), penetrating the network using the tool Metasploit, and attempting to get a credential phishing email to end users. If successful in the attacks, the network will be revisited and analyzed for any weaknesses or oversights.

Small Business Office Network, Michael Gerome

Williams Honors College, Honors Research Projects

This project will emulate a small office network environment. The project will demonstrate the process of building and configuring the network to meet the requirements laid out in the project plan. This network includes four subnets with Windows 10 end devices and a Kali Linux device, it also includes five Cisco layer 2 switches and three Cisco routers. There are also three subnets connecting the routers to each other to enable routing between the subnets. After the network environment is set up, various penetration tests are performed from the Kali Linux device to gather information. The Nmap reconnaissance tool is …

A Different Way To Penetrate Nba Defenses, Trey Trucksis

Williams Honors College, Honors Research Projects

This project proposal will document the design, configuration, and penetration testing of a network consisting of three routers (labeled as Lakers, Celtics, Cavaliers), one switch (labeled as NBA), and three end devices (labeled as Kali, Windows 10, and Ubuntu) each connected to one of three routers present on the network. Each router will be attached to a different subnet on the network. The network will be secured using encrypted passwords on the router interfaces, OSPF MD5 authentication between the routers, port security on the switch, as well as Access Control Lists to to control the privileges of each subnetwork accordingly. …

Material Extrusion-Based Additive Manufacturing: G-Code And Firmware Attacks And Defense Frameworks, Haris Rais

Theses and Dissertations

Additive Manufacturing (AM) refers to a group of manufacturing processes that create physical objects by sequentially depositing thin layers. AM enables highly customized production with minimal material wastage, rapid and inexpensive prototyping, and the production of complex assemblies as single parts in smaller production facilities. These features make AM an essential component of Industry 4.0 or Smart Manufacturing. It is now used to print functional components for aircraft, rocket engines, automobiles, medical implants, and more. However, the increased popularity of AM also raises concerns about cybersecurity. Researchers have demonstrated strength degradation attacks on printed objects by injecting cavities in the …

Spartanscript: New Language Design For Smart Contracts, Ajinkya Lakade

Master's Projects

Smart contracts have become a crucial element for developing decentralized applications on blockchain, resulting in numerous innovative projects on blockchain networks. Ethereum has played a significant role in this space by providing a high-performance Ethereum virtual machine, enabling the creation of several high- level programming languages that can run on the Ethereum blockchain. Despite its usefulness, the Ethereum Virtual Machine has been prone to security vulnerabilities that can result in developers succumbing to common pitfalls which are otherwise safeguarded by modern virtual machines used in programming languages. The project aims to introduce a new interpreted scripting programming language that closely …

Proof-Of-Stake For Spartangold, Nimesh Ashok Doolani

Master's Projects

Consensus protocols are critical for any blockchain technology, and Proof-of- Stake (PoS) protocols have gained popularity due to their advantages over Proof-of- Work (PoW) protocols in terms of scalability and efficiency. However, existing PoS mechanisms, such as delegated and bonded PoS, suffer from security and usability issues. Pure PoS (PPoS) protocols provide a stronger decentralization and offer a potential solution to these problems. Algorand, a well-known cryptocurrency, employs a PPoS protocol that utilizes a new Byzantine Agreement (BA) mechanism for consensus and Verifiable Random Functions (VRFs) to securely scale the protocol to accommodate many participants, making it possible to handle …

Spartan Price Oracle: A Schelling-Point Based Decentralized Pirce Oracle, Sihan He

Master's Projects

Nakamoto’s Bitcoin is the first decentralized digital cash system that utilizes a blockchain to manage transactions in its peer-to-peer network. The newer generation of blockchain systems, including Ethereum, extend their capabilities to support deployment of smart contracts within their peer-to-peer networks. However, smart contracts cannot acquire data from sources outside the blockchain since the blockchain network is isolated from the outside world. To obtain data from external sources, smart contracts must rely on Oracles, which are agents that bring data from the outside world to a blockchain network. However, guaranteeing that the oracle’s off-chain nodes are trustworthy remains a challenge. …