Information Security Commons^™

Divide-And-Conquer Distributed Learning: Privacy-Preserving Offloading Of Neural Network Computations, Lewis C.L. Brown

Graduate Theses and Dissertations

Machine learning has become a highly utilized technology to perform decision making on high dimensional data. As dataset sizes have become increasingly large so too have the neural networks to learn the complex patterns hidden within. This expansion has continued to the degree that it may be infeasible to train a model from a singular device due to computational or memory limitations of underlying hardware. Purpose built computing clusters for training large models are commonplace while access to networks of heterogeneous devices is still typically more accessible. In addition, with the rise of 5G networks, computation at the edge becoming …

Multivariate Fairness For Paper Selection, Reem Alsaffar

Graduate Theses and Dissertations

Peer review is the process by which publishers select the best publications for inclusion in a journal or a conference. Bias in the peer review process can impact which papers are selected for inclusion in conferences and journals. Although often implicit, race, gender and other demographics can prevent members of underrepresented groups from presenting at major conferences. To try to avoid bias, many conferences use a double-blind review process to increase fairness during reviewing. However, recent studies argue that the bias has not been removed completely. Our research focuses on developing fair algorithms that correct for these biases and select …

Effective Knowledge Graph Aggregation For Malware-Related Cybersecurity Text, Phillip Ryan Boudreau

Graduate Theses and Dissertations

With the rate at which malware spreads in the modern age, it is extremely important that cyber security analysts are able to extract relevant information pertaining to new and active threats in a timely and effective manner. Having to manually read through articles and blog posts on the internet is time consuming and usually involves sifting through much repeated information. Knowledge graphs, a structured representation of relationship information, are an effective way to visually condense information presented in large amounts of unstructured text for human readers. Thusly, they are useful for sifting through the abundance of cyber security information that …

Optimized Damage Assessment And Recovery Through Data Categorization In Critical Infrastructure System., Shruthi Ramakrishnan

Graduate Theses and Dissertations

Critical infrastructures (CI) play a vital role in majority of the fields and sectors worldwide. It contributes a lot towards the economy of nations and towards the wellbeing of the society. They are highly coupled, interconnected and their interdependencies make them more complex systems. Thus, when a damage occurs in a CI system, its complex interdependencies make it get subjected to cascading effects which propagates faster from one infrastructure to another resulting in wide service degradations which in turn causes economic and societal effects. The propagation of cascading effects of disruptive events could be handled efficiently if the assessment and …

Framework Of Hardware Trojan Detection Leveraging Structural Checking Tool, Rafael Dacanay Del Carmen

Graduate Theses and Dissertations

Since there is a significant demand for obtaining third-party soft Intellectual Property (IP) by first-party integrated circuit (IC) vendors, it is becoming easier for adversaries to insert malicious logic known as hardware Trojans into designs. Due to this, vendors need to find ways to screen the third-party IPs for possible security threats and then mitigate them. The development of the Structural Checking (SC) tool provides a solution to this issue. This tool analyzes the structure of an unknown soft IP design and creates a network of all the signals within the design and how they are connected to each other. …

Automated Privacy Protection For Mobile Device Users And Bystanders In Public Spaces, David Darling

Graduate Theses and Dissertations

As smartphones have gained popularity over recent years, they have provided usersconvenient access to services and integrated sensors that were previously only available through larger, stationary computing devices. This trend of ubiquitous, mobile devices provides unparalleled convenience and productivity for users who wish to perform everyday actions such as taking photos, participating in social media, reading emails, or checking online banking transactions. However, the increasing use of mobile devices in public spaces by users has negative implications for their own privacy and, in some cases, that of bystanders around them.

Specifically, digital photography trends in public have negative implications for …

Design And Development Of Techniques To Ensure Integrity In Fog Computing Based Databases, Abdulwahab Fahad S. Alazeb

Graduate Theses and Dissertations

The advancement of information technology in coming years will bring significant changes to the way sensitive data is processed. But the volume of generated data is rapidly growing worldwide. Technologies such as cloud computing, fog computing, and the Internet of things (IoT) will offer business service providers and consumers opportunities to obtain effective and efficient services as well as enhance their experiences and services; increased availability and higher-quality services via real-time data processing augment the potential for technology to add value to everyday experiences. This improves human life quality and easiness. As promising as these technological innovations, they are prone …

Privacy-Preserving Cloud-Assisted Data Analytics, Wei Bao

Graduate Theses and Dissertations

Nowadays industries are collecting a massive and exponentially growing amount of data that can be utilized to extract useful insights for improving various aspects of our life. Data analytics (e.g., via the use of machine learning) has been extensively applied to make important decisions in various real world applications. However, it is challenging for resource-limited clients to analyze their data in an efficient way when its scale is large. Additionally, the data resources are increasingly distributed among different owners. Nonetheless, users' data may contain private information that needs to be protected.

Cloud computing has become more and more popular in …

Securing Fog Federation From Behavior Of Rogue Nodes, Mohammed Saleh H. Alshehri

Graduate Theses and Dissertations

As the technological revolution advanced information security evolved with an increased need for confidential data protection on the internet. Individuals and organizations typically prefer outsourcing their confidential data to the cloud for processing and storage. As promising as the cloud computing paradigm is, it creates challenges; everything from data security to time latency issues with data computation and delivery to end-users. In response to these challenges CISCO introduced the fog computing paradigm in 2012. The intent was to overcome issues such as time latency and communication overhead and to bring computing and storage resources close to the ground and the …

Achieving Differential Privacy And Fairness In Machine Learning, Depeng Xu

Graduate Theses and Dissertations

Machine learning algorithms are used to make decisions in various applications, such as recruiting, lending and policing. These algorithms rely on large amounts of sensitive individual information to work properly. Hence, there are sociological concerns about machine learning algorithms on matters like privacy and fairness. Currently, many studies only focus on protecting individual privacy or ensuring fairness of algorithms separately without taking consideration of their connection. However, there are new challenges arising in privacy preserving and fairness-aware machine learning. On one hand, there is fairness within the private model, i.e., how to meet both privacy and fairness requirements simultaneously in …

Characteristic Reassignment For Hardware Trojan Detection, Noah Waller

Graduate Theses and Dissertations

With the current business model and increasing complexity of hardware designs, third-party Intellectual Properties (IPs) are prevalently incorporated into first-party designs. However, the use of third-party IPs increases security concerns related to hardware Trojans inserted by attackers. A core threat posed by Hardware Trojans is the difficulty in detecting such malicious insertions/alternations in order to prevent the damage. This thesis work provides major improvements on a soft IP analysis methodology and tool known as the Structural Checking tool, which analyzes Register-Transfer Level (RTL) soft IPs for determining their functionalities and screening for hardware Trojans. This is done by breaking down …

Network-Based Detection And Prevention System Against Dns-Based Attacks, Yasir Faraj Mohammed

Graduate Theses and Dissertations

Individuals and organizations rely on the Internet as an essential environment for personal or business transactions. However, individuals and organizations have been primary targets for attacks that steal sensitive data. Adversaries can use different approaches to hide their activities inside the compromised network and communicate covertly between the malicious servers and the victims. The domain name system (DNS) protocol is one of these approaches that adversaries use to transfer stolen data outside the organization's network using various forms of DNS tunneling attacks. The main reason for targeting the DNS protocol is because DNS is available in almost every network, ignored, …

Development Of A Reference Design For Intrusion Detection Using Neural Networks For A Smart Inverter, Ammar Mohammad Khan

Graduate Theses and Dissertations

The purpose of this thesis is to develop a reference design for a base level implementation of an intrusion detection module using artificial neural networks that is deployed onto an inverter and runs on live data for cybersecurity purposes, leveraging the latest deep learning algorithms and tools. Cybersecurity in the smart grid industry focuses on maintaining optimal standards of security in the system and a key component of this is being able to detect cyberattacks. Although researchers and engineers aim to design such devices with embedded security, attacks can and do still occur. The foundation for eventually mitigating these attacks …

Secure And Efficient Models For Retrieving Data From Encrypted Databases In Cloud, Sultan Ahmed A Almakdi

Graduate Theses and Dissertations

Recently, database users have begun to use cloud database services to outsource their databases. The reason for this is the high computation speed and the huge storage capacity that cloud owners provide at low prices. However, despite the attractiveness of the cloud computing environment to database users, privacy issues remain a cause for concern for database owners since data access is out of their control. Encryption is the only way of assuaging users’ fears surrounding data privacy, but executing Structured Query Language (SQL) queries over encrypted data is a challenging task, especially if the data are encrypted by a randomized …

Data Breach Consequences And Responses: A Multi-Method Investigation Of Stakeholders, Hamid Reza Nikkhah

Graduate Theses and Dissertations

The role of information in today’s economy is essential as organizations that can effectively store and leverage information about their stakeholders can gain an advantage in their markets. The extensive digitization of business information can make organizations vulnerable to data breaches. A data breach is the unauthorized access to sensitive, protected, or confidential data resulting in the compromise of information security. Data breaches affect not only the breached organization but also various related stakeholders. After a data breach, stakeholders of the breached organizations show negative behaviors, which causes the breached organizations to face financial and non-financial costs. As such, the …

Dynamic Fraud Detection Via Sequential Modeling, Panpan Zheng

Graduate Theses and Dissertations

The impacts of information revolution are omnipresent from life to work. The web services have signicantly changed our living styles in daily life, such as Facebook for communication and Wikipedia for knowledge acquirement. Besides, varieties of information systems, such as data management system and management information system, make us work more eciently. However, it is usually a double-edged sword. With the popularity of web services, relevant security issues are arising, such as fake news on Facebook and vandalism on Wikipedia, which denitely impose severe security threats to OSNs and their legitimate participants. Likewise, oce automation incurs another challenging security issue, …

Countering Cybersecurity Vulnerabilities In The Power System, Fengli Zhang

Graduate Theses and Dissertations

Security vulnerabilities in software pose an important threat to power grid security, which can be exploited by attackers if not properly addressed. Every month, many vulnerabilities are discovered and all the vulnerabilities must be remediated in a timely manner to reduce the chance of being exploited by attackers. In current practice, security operators have to manually analyze each vulnerability present in their assets and determine the remediation actions in a short time period, which involves a tremendous amount of human resources for electric utilities. To solve this problem, we propose a machine learning-based automation framework to automate vulnerability analysis and …

Hardware Ip Classification Through Weighted Characteristics, Brendan Mcgeehan

Graduate Theses and Dissertations

Today’s business model for hardware designs frequently incorporates third-party Intellectual Property (IP) due to the many benefits it can bring to a company. For instance, outsourcing certain components of an overall design can reduce time-to-market by allowing each party to specialize and perfect a specific part of the overall design. However, allowing third-party involvement also increases the possibility of malicious attacks, such as hardware Trojan insertion. Trojan insertion is a particularly dangerous security threat because testing the functionality of an IP can often leave the Trojan undetected. Therefore, this thesis work provides an improvement on a Trojan detection method known …

The Role Of Information Communication Technologies (Icts) In Shaping Identity Threats And Responses, Mary Macharia

Graduate Theses and Dissertations

With the rising use of social media, people are increasingly experiencing, and responding to, identity threats online. This sometimes leads to online backlash via “cybermobs” or the creation of online social movements that traverse offline. Prior information systems (IS) research on identity threats and responses largely focuses on information communication technology (ICT) implementations within organizations in an offline context. Therefore, we lack understanding of ICT-mediated identity threats and responses and ways to promote healthier and productive interactions online. This two-essay dissertation seeks to fill this gap. Essay 1 combines a review of ICT-mediated identity threats with a qualitative study (based …

Privacy-Preserving Photo Taking And Accessing For Mobile Phones, Ang Li

Graduate Theses and Dissertations

Today, we are living in environments that are full of cameras embedded in devices such as smart phones and wearables. These mobile devices and as well as apps installed on them are designed to be extremely convenient for users to take, store and share photos. In spite of the convenience brought by ubiquitous cameras, users' privacy may be breached through photos that are taken and stored with mobile devices. For example, when users take a photo of a scenery, a building or a target person, a stranger may also be unintentionally captured in the photo. Such photos expose the location …

A Home Security System Based On Smartphone Sensors, Michael Mahler

Graduate Theses and Dissertations

Several new smartphones are released every year. Many people upgrade to new phones, and their old phones are not put to any further use. In this paper, we explore the feasibility of using such retired smartphones and their on-board sensors to build a home security system. We observe that door-related events such as opening and closing have unique vibration signatures when compared to many types of environmental vibrational noise. These events can be captured by the accelerometer of a smartphone when the phone is mounted on a wall near a door. The rotation of a door can also be captured …

Low Latency Intrusion Detection In Smart Grids, Israel Zairi Akingeneye

Graduate Theses and Dissertations

The transformation of traditional power grids into smart grids has seen more new technologies such as communication networks and smart meters (sensors) being integrated into the physical infrastructure of the power grids. However, these technologies pose new vulnerabilities to the cybersecurity of power grids as malicious attacks can be launched by adversaries to attack the smart meters and modify the measurement data collected by these meters. If not timely detected and removed, these attacks may lead to inaccurate system state estimation, which is critical to the system operators for control decisions such as economic dispatch and other related functions.

This …

Enforcing Database Security On Cloud Using A Trusted Third Party Based Model, Victor Fuentes Tello

Graduate Theses and Dissertations

Cloud computing offers a considerable number of advantages to clients and organizations that use several capabilities to store sensitive data, interact with applications, or use technology infrastructure to perform daily activities. The development of new models in cloud computing brings with it a series of elements that must be considered by companies, particularly when the sensitive data needs to be protected. There are some concerns related to security that need to be taken into consideration when a service provider manage and store the data in a location outside the company. In this research, a model that uses a trusted third …

Designing Secure Access Control Model In Cyber Social Networks, Katanosh Morovat

Graduate Theses and Dissertations

Nowadays, information security in online communication has become an indisputable topic. People prefer pursuing their connection and public relations due to the greater flexibility and affordability of online communication. Recently, organizations have established online networking sites concerned with sharing assets among their employees. As more people engage in social network, requirements for protecting information and resources becomes vital. Over the years, many access control methods have been proposed. Although these methods cover various information security aspects, they have not provided an appropriate approach for securing information within distributed online networking sites. Moreover, none of the previous research provides an access …

Dpweka: Achieving Differential Privacy In Weka, Srinidhi Katla

Graduate Theses and Dissertations

Organizations belonging to the government, commercial, and non-profit industries collect and store large amounts of sensitive data, which include medical, financial, and personal information. They use data mining methods to formulate business strategies that yield high long-term and short-term financial benefits. While analyzing such data, the private information of the individuals present in the data must be protected for moral and legal reasons. Current practices such as redacting sensitive attributes, releasing only the aggregate values, and query auditing do not provide sufficient protection against an adversary armed with auxiliary information. In the presence of additional background information, the privacy protection …

Hardware Trojan Detection Via Golden Reference Library Matching, Lucas Weaver

Graduate Theses and Dissertations

Due to the proliferation of hardware Trojans in third party Intellectual Property (IP) designs, the issue of hardware security has risen to the forefront of computer engineering. Because of the miniscule size yet devastating effects of hardware Trojans, few detection methods have been presented that adequately address this problem facing the hardware industry. One such method with the ability to detect hardware Trojans is Structural Checking. This methodology analyzes a soft IP at the register-transfer level to discover malicious inclusions. An extension of this methodology is presented that expands the list of signal functionalities, termed assets, in addition to introducing …

Exploring Privacy Leakage From The Resource Usage Patterns Of Mobile Apps, Amin Rois Sinung Nugroho

Graduate Theses and Dissertations

Due to the popularity of smart phones and mobile apps, a potential privacy risk with the usage of mobile apps is that, from the usage information of mobile apps (e.g., how many hours a user plays mobile games in each day), private information about a user’s living habits and personal activities can be inferred. To assess this risk, this thesis answers the following research question: can the type of a mobile app (e.g., email, web browsing, mobile game, music streaming, etc.) used by a user be inferred from the resource (e.g., CPU, memory, network, etc.) usage patterns of the mobile …

Mobile Banking Security Using Gps And Ldpc Codes, Matthew Francis Moccaro

Graduate Theses and Dissertations

Mobile Banking is becoming a major part of our world's financial system. Being able to manage one's finances on a mobile device can provide services that can make users more productive. It can also serve as a means of financial freedom to those who are unable to access physical banking facilities due to distance, or other problems. However, with such freedom also comes the need for security. A person's financial information is one of the most targeted groups of information by attackers. To secure these mobile freedoms, this paper presents a system to secure mobile banking procedures using global positioning …

A Secure And Fair Resource Sharing Model For Community Clouds, Santhosh S. Anand

Graduate Theses and Dissertations

Cloud computing has gained a lot of importance and has been one of the most discussed segment of today's IT industry. As enterprises explore the idea of using clouds, concerns have emerged related to cloud security and standardization. This thesis explores whether the Community Cloud Deployment Model can provide solutions to some of the concerns associated with cloud computing. A secure framework based on trust negotiations for resource sharing within the community is developed as a means to provide standardization and security while building trust during resource sharing within the community. Additionally, a model for fair sharing of resources is …

Locating And Protecting Facilities Subject To Random Disruptions And Attacks, Hugh Medal

Graduate Theses and Dissertations

Recent events such as the 2011 Tohoku earthquake and tsunami in Japan have revealed the vulnerability of networks such as supply chains to disruptive events. In particular, it has become apparent that the failure of a few elements of an infrastructure system can cause a system-wide disruption. Thus, it is important to learn more about which elements of infrastructure systems are most critical and how to protect an infrastructure system from the effects of a disruption. This dissertation seeks to enhance the understanding of how to design and protect networked infrastructure systems from disruptions by developing new mathematical models and …