Engineering Commons^™

Computer Security Lab Experiment, Orit D. Gruber, Herbert Schanker

Open Educational Resources

This is a basic experiment for all students of all majors to explore Computer Security. Each instruction included in this experiment is conducted online via a Web Browser; Firefox or Chrome is recommended. Software does not need to be downloaded nor installed. The step by step instructions in this experiment include interactive questions and observations which are then included in the (student's) final report.

Machine Learning Security For Tactical Operations, Dr. Denaria Fields, Shakiya A. Friend, Andrew Hermansen, Dr. Tugba Erpek, Dr. Yalin E. Sagduyu

Military Cyber Affairs

Deep learning finds rich applications in the tactical domain by learning from diverse data sources and performing difficult tasks to support mission-critical applications. However, deep learning models are susceptible to various attacks and exploits. In this paper, we first discuss application areas of deep learning in the tactical domain. Next, we present adversarial machine learning as an emerging attack vector and discuss the impact of adversarial attacks on the deep learning performance. Finally, we discuss potential defense methods that can be applied against these attacks.

Dp-Smote: Integrating Differential Privacy And Oversampling Technique To Preserve Privacy In Smart Homes, Amr Tarek Elsayed, Almohammady Sobhi Alsharkawy, Mohamed Sayed Farag, Shaban Ebrahim Abu Yusuf

Al-Azhar Bulletin of Science

Smart homes represent intelligent environments where interconnected devices gather information, enhancing users’ living experiences by ensuring comfort, safety, and efficient energy management. To enhance the quality of life, companies in the smart device industry collect user data, including activities, preferences, and power consumption. However, sharing such data necessitates privacy-preserving practices. This paper introduces a robust method for secure sharing of data to service providers, grounded in differential privacy (DP). This empowers smart home residents to contribute usage statistics while safeguarding their privacy. The approach incorporates the Synthetic Minority Oversampling technique (SMOTe) and seamlessly integrates Gaussian noise to generate synthetic data, …

Lsav: Lightweight Source Address Validation In Sdn To Counteract Ip Spoofing-Based Ddos Attacks, Ali̇ Karakoç, Fati̇h Alagöz

Turkish Journal of Electrical Engineering and Computer Sciences

In this paper, we propose a design to detect and prevent IP spoofing-based distributed denial of service (DDoS) attacks on software-defined networks (SDNs). DDoS attacks are still one of the significant problems for internet service providers (ISPs) and individual users. These attacks can disrupt customer services by targeting the availability of the system, and in some cases, they can completely shut down the target infrastructure. Protecting the system against DDoS attacks is therefore crucial for ensuring the reliability and availability of internet services. To address this problem, we propose a lightweight source address validation (LSAV) framework that leverages the flexibility …

Security Datasets For Network Research, Bruce Hartpence, Bill Stackpole, Daryl Johnson

Data

This document describes the content of the security traffic datasets included in this collection and the conditions under which the packets were collected. These datasets were assembled from 2023 onward. There will be periodic updates or additions to the dataset collection. The current collection includes a variety of nmap intense scans, an Address Resolution Protocol Man in the Middle (ARP MITM) attack, an Internet Control Message Protocol (ICMP) Redirect MITM and an active directory enumeration attack.

When referencing these datasets, please use the following DOI: 10.57673/gccis-qj60

Towards Reliable Multi-Path Routing : An Integrated Cooperation Model For Drones, Ibtihel Baddari, Abdelhak Mesbah, Maohamed Amine Riahla

Emirates Journal for Engineering Research

Ad-hoc networks have evolved into a vital wireless communication component by offering an adaptable infrastructure suitable for various scenarios in our increasingly interconnected and mobile world. However, this adaptability also exposes these networks to security challenges, given their dynamic nature, where nodes frequently join and leave. This dynamism is advantageous but presents resource constraints and vulnerability to malicious nodes, impacting data transmission reliability and security.

In this context, this article explores the development of a secure routing protocol for Ad-hoc networks based on a cooperation reinforcement model to reduce the degradation of routing performance. We leverage the reputation of nodes …

Secure State Estimation Of Distribution Network Based On Kalman Filter Decomposition, Xinghua Liu, Siwen Dong, Jiaqiang Tian

Journal of System Simulation

A new state estimation algorithm is proposed to improve the accuracy to obtain the optimal state estimation of distribution network against FDI attack. In the case of phasor measurement units being attacked and the measurement results being altered,the optimal Kalman estimate can be decomposed into a weighted sum of local state estimates. Focusing on the insecurity of the weighted sum method,a convex optimization based on local estimation is proposed to replace the method and combine the local estimation into a secure state estimation. The simulation results show that the proposed estimator is consistent with the Kalman …

Software-Defined Networking Security Techniques And The Digital Forensics Of The Sdn Control Plane, Abdullah Alshaya

LSU Doctoral Dissertations

Software-Defined Networking (SDN) is an efficient networking design that decouples the network's control plane from the data plane. When compared to the traditional network architecture, the SDN architecture shares many of the same security issues. The centralized SDN controller makes it easier to control, easier to program in real-time, and more flexible, but this comes at the cost of more security risks. An attack on the control plane layer of the SDN controller is a major security concern.

First, centralized design and the existence of a single point of failure in the control plane compromise the accessibility and availability of …

Secure And Efficient Federated Learning, Xingyu Li

Theses and Dissertations

In the past 10 years, the growth of machine learning technology has been significant, largely due to the availability of large datasets for training. However, gathering a sufficient amount of data on a central server can be challenging. Additionally, with the rise of mobile networking and the large amounts of data generated by IoT devices, privacy and security issues have become a concern, resulting in government regulations such as GDPR, HIPAA, CCPA, and ADPPA. Under these circumstances, traditional centralized machine learning methods face a problem in that sensitive data must be kept locally for privacy reasons, making it difficult to …

Adversarial Deep Learning And Security With A Hardware Perspective, Joseph Clements

All Dissertations

Adversarial deep learning is the field of study which analyzes deep learning in the presence of adversarial entities. This entails understanding the capabilities, objectives, and attack scenarios available to the adversary to develop defensive mechanisms and avenues of robustness available to the benign parties. Understanding this facet of deep learning helps us improve the safety of the deep learning systems against external threats from adversaries. However, of equal importance, this perspective also helps the industry understand and respond to critical failures in the technology. The expectation of future success has driven significant interest in developing this technology broadly. Adversarial deep …

Proposed Mitigation Framework For The Internet Of Insecure Things, Mahmoud M. Elgindy, Sally M. Elghamrawy, Ali I. El-Desouky

Mansoura Engineering Journal

Intrusion detection systems IDS are increasingly utilizing machine learning methods. IDSs are important tools for ensuring the security of network data and resources. The Internet of Things (IoT) is an expanding network of intelligent machines and sensors. However, they are vulnerable to attackers because of the ubiquitous and extensive IoT networks. Datasets from intrusion detection systems (IDS) have been analyzed deep learning methods such as Bidirectional long-short term memory (BiLSTM). This research presents an BiLSTM intrusion detection framework with Principal Component Analysis PCA (PCA-LSTM-IDS). The PCA-LSTM-IDS is comprised of two layers: extracting layer which using PCA, and the anomaly BiLSTM …

Blockchain-Enabled Authenticated Key Agreement Scheme For Mobile Vehicles-Assisted Precision Agricultural Iot Networks, Anusha Vangala, Ashok Kumar Das, Ankush Mitra, Sajal K. Das, Youngho Park

Computer Science Faculty Research & Creative Works

Precision Farming Has a Positive Potential in the Agricultural Industry Regarding Water Conservation, Increased Productivity, Better Development of Rural Areas, and Increased Income. Blockchain Technology is a Better Alternative for Storing and Sharing Farm Data as It is Reliable, Transparent, Immutable, and Decentralized. Remote Monitoring of an Agricultural Field Requires Security Systems to Ensure that Any Sensitive Information is Exchanged Only among Authenticated Entities in the Network. to This End, We Design an Efficient Blockchain-Enabled Authenticated Key Agreement Scheme for Mobile Vehicles-Assisted Precision Agricultural Internet of Things (IoT) Networks Called AgroMobiBlock. the Limited Existing Work on Authentication in Agricultural Networks …

Multifaceted Cybersecurity Analysis: Reconnaissance, Exploitation And Mitigation In A Controlled Network Environment, Austin Coontz

Williams Honors College, Honors Research Projects

This report details a network penetration test in a simulated environment using GNS3, focusing on the configuration of routers, switches, and hosts. The project successfully identified and exploited network vulnerabilities, including FTP access, misconfigured sudo permissions, and SMB protocol weaknesses. The penetration testing process utilized tools like fping and nmap for reconnaissance and vulnerability scanning, revealing the importance of device configurations in network security. The project concluded with mitigation strategies, emphasizing the need for secure access, robust password policies, and security controls. The experience underscored the significance of continuous learning and adaptation in the ever-evolving field of cybersecurity. The project …

Security Of Internet Of Things (Iot) Using Federated Learning And Deep Learning — Recent Advancements, Issues And Prospects, Vinay Gugueoth, Sunitha Safavat, Sachin Shetty

Electrical & Computer Engineering Faculty Publications

There is a great demand for an efficient security framework which can secure IoT systems from potential adversarial attacks. However, it is challenging to design a suitable security model for IoT considering the dynamic and distributed nature of IoT. This motivates the researchers to focus more on investigating the role of machine learning (ML) in the designing of security models. A brief analysis of different ML algorithms for IoT security is discussed along with the advantages and limitations of ML algorithms. Existing studies state that ML algorithms suffer from the problem of high computational overhead and risk of privacy leakage. …

Fuzzing Php Interpreters By Automatically Generating Samples, Jacob S. Baumgarte

Browse all Theses and Dissertations

Modern web development has grown increasingly reliant on scripting languages such as PHP. The complexities of an interpreted language means it is very difficult to account for every use case as unusual interactions can cause unintended side effects. Automatically generating test input to detect bugs or fuzzing, has proven to be an effective technique for JavaScript engines. By extending this concept to PHP, existing vulnerabilities that have since gone undetected can be brought to light. While PHP fuzzers exist, they are limited to testing a small quantity of test seeds per second. In this thesis, we propose a solution for …

Enhancing Graph Convolutional Network With Label Propagation And Residual For Malware Detection, Aravinda Sai Gundubogula

Browse all Theses and Dissertations

Malware detection is a critical task in ensuring the security of computer systems. Due to a surge in malware and the malware program sophistication, machine learning methods have been developed to perform such a task with great success. To further learn structural semantics, Graph Neural Networks abbreviated as GNNs have emerged as a recent practice for malware detection by modeling the relationships between various components of a program as a graph, which deliver promising detection performance improvement. However, this line of research attends to individual programs while overlooking program interactions; also, these GNNs tend to perform feature aggregation from neighbors …

Contributors To Pathologic Depolarization In Myotonia Congenita, Jessica Hope Myers

Browse all Theses and Dissertations

Myotonia congenita is an inherited skeletal muscle disorder caused by loss-of-function mutation in the CLCN1 gene. This gene encodes the ClC-1 chloride channel, which is almost exclusively expressed in skeletal muscle where it acts to stabilize the resting membrane potential. Loss of this chloride channel leads to skeletal muscle hyperexcitability, resulting in involuntary muscle action potentials (myotonic discharges) seen clinically as muscle stiffness (myotonia). Stiffness affects the limb and facial muscles, though specific muscle involvement can vary between patients. Interestingly, respiratory distress is not part of this disease despite muscles of respiration such as the diaphragm muscle also carrying this …

Solidity Compiler Version Identification On Smart Contract Bytecode, Lakshmi Prasanna Katyayani Devasani

Browse all Theses and Dissertations

Identifying the version of the Solidity compiler used to create an Ethereum contract is a challenging task, especially when the contract bytecode is obfuscated and lacks explicit metadata. Ethereum bytecode is highly complex, as it is generated by the Solidity compiler, which translates high-level programming constructs into low-level, stack-based code. Additionally, the Solidity compiler undergoes frequent updates and modifications, resulting in continuous evolution of bytecode patterns. To address this challenge, we propose using deep learning models to analyze Ethereum bytecodes and infer the compiler version that produced them. A large number of Ethereum contracts and the corresponding compiler versions is …

Path-Safe :Enabling Dynamic Mandatory Access Controls Using Security Tokens, James P. Maclennan

Browse all Theses and Dissertations

Deploying Mandatory Access Controls (MAC) is a popular way to provide host protection against malware. Unfortunately, current implementations lack the flexibility to adapt to emergent malware threats and are known for being difficult to configure. A core tenet of MAC security systems is that the policies they are deployed with are immutable from the host while they are active. This work looks at deploying a MAC system that leverages using encrypted security tokens to allow for redeploying policy configurations in real-time without the need to stop a running process. This is instrumental in developing an adaptive framework for security systems …

The Open Charge Point Protocol (Ocpp) Version 1.6 Cyber Range A Training And Testing Platform, David Elmo Ii

Browse all Theses and Dissertations

The widespread expansion of Electric Vehicles (EV) throughout the world creates a requirement for charging stations. While Cybersecurity research is rapidly expanding in the field of Electric Vehicle Infrastructure, efforts are impacted by the availability of testing platforms. This paper presents a solution called the “Open Charge Point Protocol (OCPP) Cyber Range.” Its purpose is to conduct Cybersecurity research against vulnerabilities in the OCPP v1.6 protocol. The OCPP Cyber Range can be used to enable current or future research and to train operators and system managers of Electric Charge Vehicle Supply Equipment (EVSE). This paper demonstrates this solution using three …

Software Protection And Secure Authentication For Autonomous Vehicular Cloud Computing, Muhammad Hataba

Dissertations

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.

In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our …

Presenting A Method To Detect Intrusion In Iot Through Private Blockchain, Rezvan Mahmoudie, Saeed Parsa, Amir Masoud Rahmani

Turkish Journal of Electrical Engineering and Computer Sciences

Blockchain (BC) has been used as a new solution to overcome security and privacy challenges in the Internet of Things (IoT). However, recent studies have indicated that the BC has a limited scalability and is computationally costly. Also, it has significant overhead and delay in the network, which is not suitable to the nature of IoT. This article aims at implementing BC in the IoT context for smart home management, as the integration of these two technologies ensures the IoT's security and privacy. Therefore, we proposed an overlay network in private BC to optimize its compatibility with IoT by increasing …

A New Implementation Of Federated Learning For Privacy And Security Enhancement, Xiang Ma, Haijian Sun, Rose Qingyang Hu, Yi Qian

Department of Electrical and Computer Engineering: Faculty Publications

Motivated by the ever-increasing concerns on personal data privacy and the rapidly growing data volume at local clients, federated learning (FL) has emerged as a new machine learning setting. An FL system is comprised of a central parameter server and multiple local clients. It keeps data at local clients and learns a centralized model by sharing the model parameters learned locally. No local data needs to be shared, and privacy can be well protected. Nevertheless, since it is the model instead of the raw data that is shared, the system can be exposed to the poisoning model attacks launched by …

Splicecube Architecture: An Extensible Wi-Fi Monitoring Architecture For Smart-Home Networks, Namya Malik

Dartmouth College Master’s Theses

The vision of smart homes is rapidly becoming a reality, as the Internet of Things and other smart devices are deployed widely. Although smart devices offer convenience, they also create a significant management problem for home residents. With a large number and variety of devices in the home, residents may find it difficult to monitor, or even locate, devices. A central controller that brings all the home’s smart devices under secure management and a unified interface would help homeowners and residents track and manage their devices.

We envision a solution called the SPLICEcube whose goal is to detect smart devices, …

Optimized Damage Assessment And Recovery Through Data Categorization In Critical Infrastructure System., Shruthi Ramakrishnan

Graduate Theses and Dissertations

Critical infrastructures (CI) play a vital role in majority of the fields and sectors worldwide. It contributes a lot towards the economy of nations and towards the wellbeing of the society. They are highly coupled, interconnected and their interdependencies make them more complex systems. Thus, when a damage occurs in a CI system, its complex interdependencies make it get subjected to cascading effects which propagates faster from one infrastructure to another resulting in wide service degradations which in turn causes economic and societal effects. The propagation of cascading effects of disruptive events could be handled efficiently if the assessment and …

Machine Learning-Based Device Type Classification For Iot Device Re- And Continuous Authentication, Kaustubh Gupta

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Today, the use of Internet of Things (IoT) devices is higher than ever and it is growing rapidly. Many IoT devices are usually manufactured by home appliance manufacturers where security and privacy are not the foremost concern. When an IoT device is connected to a network, currently there does not exist a strict authentication method that verifies the identity of the device, allowing any rogue IoT device to authenticate to an access point. This thesis addresses the issue by introducing methods for continuous and re-authentication of static and dynamic IoT devices, respectively. We introduce mechanisms and protocols for authenticating a …

Society Dilemma Of Computer Technology Management In Today's World, Iwasan D. Kejawa Ed.D

School of Computing: Faculty Publications

Abstract - Is it true that some of the inhabitants of the world’s today are still hesitant in using computers? Research has shown that today many people are still against the use of computers. Computer technology management can be said to be obliterated by security problems. Research shows that some people in society feel reluctant or afraid to use computers because of errors and exposure of their privacy and their sophistication, which sometimes are caused by computer hackers and malfunction of the computers. The dilemma of not utilizing computer technology at all or, to its utmost, by certain people in …

Assessing Security Risks With The Internet Of Things, Faith Mosemann

Senior Honors Theses

For my honors thesis I have decided to study the security risks associated with the Internet of Things (IoT) and possible ways to secure them. I will focus on how corporate, and individuals use IoT devices and the security risks that come with their implementation. In my research, I found out that IoT gadgets tend to go unnoticed as a checkpoint for vulnerability. For example, often personal IoT devices tend to have the default username and password issued from the factory that a hacker could easily find through Google. IoT devices need security just as much as computers or servers …

Permissioned Blockchain Based Remote Electronic Examination, Öznur Kalkar, İsa Sertkaya

Turkish Journal of Electrical Engineering and Computer Sciences

Recent coronavirus pandemic transformed almost all aspects of daily life including educational institutions and learning environments. As a result, this transformation brought remote electronic examination (shortly e-exam) concepts back into consideration. In this study, we revisit secure and privacy preserving e-exam protocol proposals and propose an e-exam protocol that utilizes decentralized identity-based verifiable credentials for proof of authentication and public-permissioned blockchain for immutably storing records. In regard to the previously proposed e-exam schemes, our scheme offers both privacy enhancement and better efficiency. More concretely, the proposed solution satisfies test answer authentication, examiner authentication, anonymous marking, anonymous examiner, question secrecy, question …

Lapnitor: A Web Service That Protects Your Laptop From Theft., Michael Ameteku

Williams Honors College, Honors Research Projects

Laptop theft is an issue worldwide. According to an article from 2018, Security Boulevard stated that a laptop is stolen every 53 seconds. Using a laptop's camera, we can monitor the surroundings of the laptop and reduce a laptop's probability of being stolen. According to the University of Pittsburgh, a laptop has a 1-in- 10 chance of being stolen and nearly half of these thefts occur in offices or classrooms. These thefts mostly occur when a laptop owner leaves their device unattended for a certain period of time to maybe go visit the restroom or attend to a call when …