Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

3,831 Full-Text Articles 5,189 Authors 2,373,476 Downloads 161 Institutions

All Articles in Information Security

Faceted Search

3,831 full-text articles. Page 6 of 161.

Comparative Study Of Snort 3 And Suricata Intrusion Detection Systems, Cole Hoover 2022 University of Arkansas, Fayetteville

Comparative Study Of Snort 3 And Suricata Intrusion Detection Systems, Cole Hoover

Computer Science and Computer Engineering Undergraduate Honors Theses

Network Intrusion Detection Systems (NIDS) are one layer of defense that can be used to protect a network from cyber-attacks. They monitor a network for any malicious activity and send alerts if suspicious traffic is detected. Two of the most common open-source NIDS are Snort and Suricata. Snort was first released in 1999 and became the industry standard. The one major drawback of Snort has been its single-threaded architecture. Because of this, Suricata was released in 2009 and uses a multithreaded architecture. Snort released Snort 3 last year with major improvements from earlier versions, including implementing a new multithreaded architecture …


Using A Bert-Based Ensemble Network For Abusive Language Detection, Noah Ballinger 2022 University of Arkansas, Fayetteville

Using A Bert-Based Ensemble Network For Abusive Language Detection, Noah Ballinger

Computer Science and Computer Engineering Undergraduate Honors Theses

Over the past two decades, online discussion has skyrocketed in scope and scale. However, so has the amount of toxicity and offensive posts on social media and other discussion sites. Despite this rise in prevalence, the ability to automatically moderate online discussion platforms has seen minimal development. Recently, though, as the capabilities of artificial intelligence (AI) continue to improve, the potential of AI-based detection of harmful internet content has become a real possibility. In the past couple years, there has been a surge in performance on tasks in the field of natural language processing, mainly due to the development of …


Demonstration Of Cyberattacks And Mitigation Of Vulnerabilities In A Webserver Interface For A Cybersecure Power Router, Benjamin Allen 2022 University of Arkansas, Fayetteville

Demonstration Of Cyberattacks And Mitigation Of Vulnerabilities In A Webserver Interface For A Cybersecure Power Router, Benjamin Allen

Computer Science and Computer Engineering Undergraduate Honors Theses

Cyberattacks are a threat to critical infrastructure, which must be secured against them to ensure continued operation. A defense-in-depth approach is necessary to secure all layers of a smart-grid system and contain the impact of any exploited vulnerabilities. In this undergraduate thesis a webserver interface for smart-grid devices communicating over Modbus TCP was developed and exposed to SQL Injection attacks and Cross-Site Scripting attacks. Analysis was performed on Supply-Chain attacks and a mitigation developed for attacks stemming from compromised Content Delivery Networks. All attempted attacks were unable to exploit vulnerabilities in the webserver due to its use of input sanitization …


Analysis Of Gpu Memory Vulnerabilities, Jarrett Hoover 2022 University of Arkansas, Fayetteville

Analysis Of Gpu Memory Vulnerabilities, Jarrett Hoover

Computer Science and Computer Engineering Undergraduate Honors Theses

Graphics processing units (GPUs) have become a widely used technology for various purposes. While their intended use is accelerating graphics rendering, their parallel computing capabilities have expanded their use into other areas. They are used in computer gaming, deep learning for artificial intelligence and mining cryptocurrencies. Their rise in popularity led to research involving several security aspects, including this paper’s focus, memory vulnerabilities. Research documented many vulnerabilities, including GPUs not implementing address space layout randomization, not zeroing out memory after deallocation, and not initializing newly allocated memory. These vulnerabilities can lead to a victim’s sensitive data being leaked to an …


Optimized Damage Assessment And Recovery Through Data Categorization In Critical Infrastructure System., Shruthi Ramakrishnan 2022 University of Arkansas, Fayetteville

Optimized Damage Assessment And Recovery Through Data Categorization In Critical Infrastructure System., Shruthi Ramakrishnan

Graduate Theses and Dissertations

Critical infrastructures (CI) play a vital role in majority of the fields and sectors worldwide. It contributes a lot towards the economy of nations and towards the wellbeing of the society. They are highly coupled, interconnected and their interdependencies make them more complex systems. Thus, when a damage occurs in a CI system, its complex interdependencies make it get subjected to cascading effects which propagates faster from one infrastructure to another resulting in wide service degradations which in turn causes economic and societal effects. The propagation of cascading effects of disruptive events could be handled efficiently if the assessment and …


Secure Wearable Authentication: Generalization Through Self-Sovereign Identity And Iot Parallels, Jordan Hazelip 2022 California State University - San Bernardino

Secure Wearable Authentication: Generalization Through Self-Sovereign Identity And Iot Parallels, Jordan Hazelip

Electronic Theses, Projects, and Dissertations

This culminating experience project explored current and up-and-coming forms of authentication in association to secure wearable devices. The increase in scams and associated vulnerabilities cause additional stress on the ability to identify and authenticate devices and individuals. The research questions posed in this project are: “What are the limitations of a wearable device actively participating in a cryptographic exchange?” and “How can the relationship between Self-Sovereign Identity (SSI) and Internet of Things (IoT) influence the future of secure wearable authentication?” The limitations of a wearable device actively participating in a cryptographic exchange are the battery, computational mass, and overall wearable …


Cyber Frameworks Small Business Application, Sergio Gonzales 2022 California State University - San Bernardino

Cyber Frameworks Small Business Application, Sergio Gonzales

Electronic Theses, Projects, and Dissertations

This project is an analysis of two cyber-attack analysis frameworks and how they may relate to a small business environment. Small businesses suffer significantly from malware attacks like ransomware. This analysis looks at the Cyber Kill Chain framework and the MITRE ATT&CK framework by looking at how each compare when applied to a simple small network and a malware attack. Each framework broke down the cyber-attack differently and by looking at how the frameworks performed within the simplified network provided insights to when small businesses should focus on malware risk reduction. Each framework, despite having different methods of analysis, arrived …


A Machine Learning Approach For Reconnaissance Detection To Enhance Network Security, Rachel Bakaletz 2022 East Tennessee State University

A Machine Learning Approach For Reconnaissance Detection To Enhance Network Security, Rachel Bakaletz

Electronic Theses and Dissertations

Before cyber-crime can happen, attackers must research the targeted organization to collect vital information about the target and pave the way for the subsequent attack phases. This cyber-attack phase is called reconnaissance or enumeration. This malicious phase allows attackers to discover information about a target to be leveraged and used in an exploit. Information such as the version of the operating system and installed applications, open ports can be detected using various tools during the reconnaissance phase. By knowing such information cyber attackers can exploit vulnerabilities that are often unique to a specific version.

In this work, we develop an …


“Lasso The Moon? Is It Possible? What About Hack The Moon? Today’S International Framework For Activities On The Moon”, Diane M. Janosek, Armando Seay, Josa P. Natera 2022 Military Cyber Professional Association

“Lasso The Moon? Is It Possible? What About Hack The Moon? Today’S International Framework For Activities On The Moon”, Diane M. Janosek, Armando Seay, Josa P. Natera

Military Cyber Affairs

The global interest in the moon and outer space continues to skyrocket. The current U.S. commercial investment in space is $350 billion annually, and it is expected to grow to $1 Trillion or more by 2040. The U.S. military investment in space defense and research likewise continues to grow, with the total investment amount remaining classified. With the frequent activity in space, as well as concerns about attacks to US space assets to and from space, the U.S, created the United States Space Command and its Space Force. With private space travel, nanosatellites, lunar exploration, and the proliferation of space …


Identifying Text File Similarities In Forensic Disk Images Using Fuzzy Logic, Mindy M. Wongsa 2022 University of South Alabama

Identifying Text File Similarities In Forensic Disk Images Using Fuzzy Logic, Mindy M. Wongsa

Theses and Dissertations

Digital storage is evolving with the growth of technology. Individuals and corporations can access large amounts of digital storage, leaving digital forensics investigators with large amounts of data to collect and analyze in their forensic investigation cases. In addition, analyzing forensic disk images that contain hundreds of thousands of files can cause a problem with time since the investigators’ workloads can vary based on how many cases they are assigned. Fuzzy logic provides a pattern recognition system that could assist in identifying patterns in data. The purpose of this study was to determine if fuzzy logic could reliably aid in …


Sanitizable Access Control System For Secure Cloud Storage Against Malicious Data Publishers, Willy SUSILO, Peng JIANG, Jianchang LAI, Fuchun GUO, Guomin YANG, Robert H. DENG 2022 Singapore Management University

Sanitizable Access Control System For Secure Cloud Storage Against Malicious Data Publishers, Willy Susilo, Peng Jiang, Jianchang Lai, Fuchun Guo, Guomin Yang, Robert H. Deng

Research Collection School Of Computing and Information Systems

Cloud computing is considered as one of the most prominent paradigms in the information technology industry, since it can significantly reduce the costs of hardware and software resources in computing infrastructure. This convenience has enabled corporations to efficiently use the cloud storage as a mechanism to share data among their employees. At the first sight, by merely storing the shared data as plaintext in the cloud storage and protect them using an appropriate access control would be a nice solution. This is assuming that the cloud is fully trusted for not leaking any information, which is impractical as the cloud …


Structure-Aware Visualization Retrieval, Haotian LI, Yong WANG, Aoyu WU, Huan WEI, Huamin. QU 2022 Singapore Management University

Structure-Aware Visualization Retrieval, Haotian Li, Yong Wang, Aoyu Wu, Huan Wei, Huamin. Qu

Research Collection School Of Computing and Information Systems

With the wide usage of data visualizations, a huge number of Scalable Vector Graphic (SVG)-based visualizations have been created and shared online. Accordingly, there has been an increasing interest in exploring how to retrieve perceptually similar visualizations from a large corpus, since it can benefit various downstream applications such as visualization recommendation. Existing methods mainly focus on the visual appearance of visualizations by regarding them as bitmap images. However, the structural information intrinsically existing in SVG-based visualizations is ignored. Such structural information can delineate the spatial and hierarchical relationship among visual elements, and characterize visualizations thoroughly from a new perspective. …


Natural Attack For Pre-Trained Models Of Code, Zhou YANG, Jieke SHI, Junda HE, David LO 2022 Singapore Management University

Natural Attack For Pre-Trained Models Of Code, Zhou Yang, Jieke Shi, Junda He, David Lo

Research Collection School Of Computing and Information Systems

Pre-trained models of code have achieved success in many important software engineering tasks. However, these powerful models are vulnerable to adversarial attacks that slightly perturb model inputs to make a victim model produce wrong outputs. Current works mainly attack models of code with examples that preserve operational program semantics but ignore a fundamental requirement for adversarial example generation: perturbations should be natural to human judges, which we refer to as naturalness requirement. In this paper, we propose ALERT (Naturalness Aware Attack), a black-box attack that adversarially transforms inputs to make victim models produce wrong outputs. Different from prior works, this …


College Of Education Filemaker Extraction And End-User Database Development, Andrew Tran 2022 California State University, San Bernardino

College Of Education Filemaker Extraction And End-User Database Development, Andrew Tran

Electronic Theses, Projects, and Dissertations

The College of Education (CoE) at the California State University San Bernardino (CSUSB) developed a system to keep track of both state and national accreditation requirements using FileMaker 5, a database system. This accreditation data is crucial for reporting and record-keeping for the CSU Chancellor’s Office as well as the State of California. However, the database system was developed several decades ago, and software support has long since been dropped, causing the CoE’s legacy accreditation data to be at risk of being lost should the software or hardware suffer permanent failure. The purpose of this project was to perform extraction …


Canary: An Automated Approach To Security Scanning And Remediation, David Wiles 2022 Western Kentucky University

Canary: An Automated Approach To Security Scanning And Remediation, David Wiles

Masters Theses & Specialist Projects

Modern software has a smaller attack surface today than in the past. Memory-safe languages, container runtimes, virtual machines, and a mature web stack all contribute to the relative safety of the web and software in general compared to years ago. Despite this, we still see high-profile bugs, hacks, and outages which affect major companies and widely-used technologies. The extensive work that has gone into hardening virtualization, containerization, and commonly used applications such as Nginx still depends on the end-user to configure correctly to prevent a compromised machine.

In this paper, I introduce a tool, which I call Canary, which can …


Message-Locked Searchable Encryption: A New Versatile Tool For Secure Cloud Storage, Xueqiao LIU, Guomin YANG, Willy SUSILO, Joseph TONIEN, Rongmao CHEN, Xixiang LV 2022 Singapore Management University

Message-Locked Searchable Encryption: A New Versatile Tool For Secure Cloud Storage, Xueqiao Liu, Guomin Yang, Willy Susilo, Joseph Tonien, Rongmao Chen, Xixiang Lv

Research Collection School Of Computing and Information Systems

Message-Locked Encryption (MLE) is a useful tool to enable deduplication over encrypted data in cloud storage. It can significantly improve the cloud service quality by eliminating redundancy to save storage resources, and hence user cost, and also providing defense against different types of attacks, such as duplicate faking attack and brute-force attack. A typical MLE scheme only focuses on deduplication. On the other hand, supporting search operations on stored content is another essential requirement for cloud storage. In this article, we present a message-locked searchable encryption (MLSE) scheme in a dual-server setting, which achieves simultaneously the desirable features of supporting …


Smile: Secure Memory Introspection For Live Enclave, Lei ZHOU, Xuhua DING, ZHANG Fengwei 2022 Singapore Management University

Smile: Secure Memory Introspection For Live Enclave, Lei Zhou, Xuhua Ding, Zhang Fengwei

Research Collection School Of Computing and Information Systems

SGX enclaves prevent external software from accessing their memory. This feature conflicts with legitimate needs for enclave memory introspection, e.g., runtime stack collection on an enclave under a return-oriented-programming attack. We propose SMILE for enclave owners to acquire live enclave contents with the assistance of a semi-trusted agent installed by the host platform’s vendor as a plug-in of the System Management Interrupt handler. SMILE authenticates the enclave under introspection without trusting the kernel nor depending on the SGX attestation facility. SMILE is enclave security preserving as breaking of SMILE does not undermine enclave security. It allows a cloud server to …


Benchmarking Library Recognition In Tweets, Ting ZHANG, Divya Prabha CHANDRASEKARAN, Ferdian THUNG, David LO 2022 Singapore Management University

Benchmarking Library Recognition In Tweets, Ting Zhang, Divya Prabha Chandrasekaran, Ferdian Thung, David Lo

Research Collection School Of Computing and Information Systems

Software developers often use social media (such as Twitter) to shareprogramming knowledge such as new tools, sample code snippets,and tips on programming. One of the topics they talk about is thesoftware library. The tweets may contain useful information abouta library. A good understanding of this information, e.g., on thedeveloper’s views regarding a library can be beneficial to weigh thepros and cons of using the library as well as the general sentimentstowards the library. However, it is not trivial to recognize whethera word actually refers to a library or other meanings. For example,a tweet mentioning the word “pandas" may refer to …


Performance Improvements In Inner Product Encryption, Serena Riback 2022 University of Connecticut

Performance Improvements In Inner Product Encryption, Serena Riback

Honors Scholar Theses

Consider a database that contains thousands of entries of the iris biometric. Each entry identifies an individual, so it is especially important that it remains secure. However, searching for entries among an encrypted database proves to be a security problem - how should one search encrypted data without leaking any information to a potential attacker? The proximity searchable encryption scheme, as discussed in the work by Cachet et al., uses the notions of inner product encryption developed by Kim et al.. In this paper, we will focus on the efficiency of these schemes. Specifically, how the symmetry of the bilinear …


Sandworms And Computer Worms: An Assessment Of American Critical Infrastructure Cyber Vulnerabilities And The Russian Federation's Growing Offensive Capabilities, Spencer Johns 2022 University of Mississippi

Sandworms And Computer Worms: An Assessment Of American Critical Infrastructure Cyber Vulnerabilities And The Russian Federation's Growing Offensive Capabilities, Spencer Johns

Honors Theses

Bottom Line Up Front: It is highly likely that the Russian GRU has the capability, resources, and intent to execute cyberweapon attacks against American critical infrastructure in times of heightened tensions, either as a warning or a first strike. I also assess that much of current American critical infrastructure is not secure enough to withstand a coordinated assault by the GRU, and very likely has numerous severe vulnerabilities known by the GRU.


Digital Commons powered by bepress