Engineering Commons^™

Enhancing Cyber Resilience: Development, Challenges, And Strategic Insights In Cyber Security Report Websites Using Artificial Inteligence, Pooja Sharma

Harrisburg University Dissertations and Theses

In an era marked by relentless cyber threats, the imperative of robust cyber security measures cannot be overstated. This thesis embarks on an in-depth exploration of the historical trajectory and contemporary relevance of penetration testing methodologies, elucidating their evolution from nascent origins to indispensable tools in the cyber security arsenal. Moreover, it undertakes the ambitious task of conceptualizing and implementing a cyber security report website, meticulously designed to fortify cyber resilience in the face of ever-evolving threats in the digital realm.

The research journey commences with an insightful examination of the historical antecedents of penetration testing, tracing its genesis in …

Cyber Attacks Against Industrial Control Systems, Adam Kardorff

LSU Master's Theses

Industrial Control Systems (ICS) are the foundation of our critical infrastructure, and allow for the manufacturing of the products we need. These systems monitor and control power plants, water treatment plants, manufacturing plants, and much more. The security of these systems is crucial to our everyday lives and to the safety of those working with ICS. In this thesis we examined how an attacker can take control of these systems using a power plant simulator in the Applied Cybersecurity Lab at LSU. Running experiments on a live environment can be costly and dangerous, so using a simulated environment is the …

Technology Assessment For Cybersecurity Organizational Readiness: Case Of Airlines Sector And Electronic Payment, Sultan Ayed Alghamdi, Tugrul Daim, Saeed Mohammed Alzahrani

Engineering and Technology Management Faculty Publications and Presentations

Payment processing systems have advanced significantly in the airline business. Because e-payments are easy, they have captured the attention of many companies in the aviation industry and are quickly becoming the dominant means of payment. However, as technology advances, fraud grows at a comparable rate. Over the years, there has been a surge in payment fraud incidents in the airline sector, reducing the platform's trustworthiness. Despite attempts to eliminate epayment fraud, decision-makers lack the technical expertise required to use the finest fraud detection and prevention assessments. This research recognizes the lack of an established decision model as a hurdle and …

Going Airborne: Kent State's Pioneering Leap Into Integrated Advanced Air Mobility, Jason T. Lorenzon

National Training Aircraft Symposium (NTAS)

This proposal centers on the development of a Concept of Operations in Advanced Air Mobility (AAM). Kent State University's College of Aeronautics and Engineering is poised to pioneer the integration of drones and electric Vertical Takeoff and Landing (eVTOL) systems, bridging the gap between its campus and airport by transporting students and faculty the 3NM distance from campus to the airport and back by a UAV. Beyond a standard research initiative, this proposal signifies a groundbreaking effort to reshape the landscape of educational aeronautics and Advanced Air Mobility and Urban Air Mobility. Our overarching goal is to transcend conventional boundaries …

Longitudinal Attacks Against Iterative Data Collection With Local Differential Privacy, Mehmet Emre Gürsoy

Turkish Journal of Electrical Engineering and Computer Sciences

Local differential privacy (LDP) has recently emerged as an accepted standard for privacy-preserving collection of users’ data from smartphones and IoT devices. In many practical scenarios, users’ data needs to be collected repeatedly across multiple iterations. In such cases, although each collection satisfies LDP individually by itself, a longitudinal collection of multiple responses from the same user degrades that user’s privacy. To demonstrate this claim, in this paper, we propose longitudinal attacks against iterative data collection with LDP. We formulate a general Bayesian adversary model, and then individually show the application of this adversary model on six popular LDP protocols: …

Utilizing Culturally Responsive Strategies To Inspire African American Female Participation In Cybersecurity, Deanna Bailey, Michel Kornegay, Ladawn Partlow, Charnee Bowens, Karen Gareis, Kevin Kornegay

Journal of Pre-College Engineering Education Research (J-PEER)

The number of African American females participating in cyber fields is significantly low. Science, technology, engineering, and mathematics (STEM) education requires a new approach to student engagement to increase African American female participation in cybersecurity. The most common approach to engaging more African American females in STEM is to provide students access to professional images or role models active in STEM; however, more is needed. More race-centered strategies beyond role modeling are necessary to attract and retain African American females in STEM. Research studies show that integrating personal experiences and making cultural connections can help improve student participation in STEM …

Cybersecurity In Critical Infrastructure Systems: Emulated Protection Relay, Mitchell Bylak

Computer Science and Computer Engineering Undergraduate Honors Theses

Cyber-attacks on Critical Systems Infrastructure have been steadily increasing across the world as the capabilities of and reliance on technology have grown throughout the 21st century, and despite the influx of new cybersecurity practices and technologies, the industry faces challenges in its cooperation between the government that regulates law practices and the private sector that owns and operates critical infrastructure and security, which has directly led to an absence of eas- ily accessible information and learning resources on cybersecurity for use in public environments and educational settings. This honors research thesis addresses these challenges by submitting the development of an …

Malicious Game Client Detection Using Feature Extraction And Machine Learning, Spencer J. Austad

Theses and Dissertations

Minecraft, the world's best-selling video game, boasts a vast and vibrant community of users who actively develop third-party software for the game. However, it has also garnered notoriety as one of the most malware-infested gaming environments. This poses a unique challenge because Minecraft software has many community-specific nuances that make traditional malware analysis less effective. These differences include unique file types, differing code formats, and lack of standardization in user-generated content analysis. This research looks at Minecraft clients in the two most common formats: Portable Executable and Java Archive file formats. Feature correlation matrices showed that malware features are too …

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Adoption Of Cybersecurity Policies By Local Governments 2020, Donald F. Norris Phd, Laura K. Mateczun Jd

Journal of Cybersecurity Education, Research and Practice

This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are “general purpose” units (i.e., municipalities, counties, towns and townships). On average, these governments do not practice cybersecurity effectively (Norris, et al., 2019 and 2020). One possible reason is that they do not adopt and/or implement highly recommended cybersecurity policies. In this paper, we examine local government adoption or lack of adoption of cybersecurity policies using data from three surveys. …

Sel4 On Risc-V - Developing High Assurance Platforms With Modular Open-Source Architectures, Michael A. Doran Jr

Masters Theses

Virtualization is now becoming an industry standard for modern embedded systems. Modern embedded systems can now support multiple applications on a single hardware platform while meeting power and cost requirements. Virtualization on an embedded system is achieved through the design of the hardware-software interface. Instruction set architecture, ISA, defines the hardware-software interface for an embedded system. At the hardware level the ISA, provides extensions to support virtualization.

In addition to an ISA that supports hypervisor extensions it is equally important to provide a hypervisor completely capable of exploiting the benefits of virtualization for securing modern embedded systems. Currently there does …

Generative Neural Network-Based Defense Methods Against Cyberattacks For Connected And Autonomous Vehicles, M Sabbir Salek

All Dissertations

The rapid advancement of communication and artificial intelligence technologies is propelling the development of connected and autonomous vehicles (CAVs), revolutionizing the transportation landscape. However, increased connectivity and automation also present heightened potential for cyber threats. Recently, the emergence of generative neural networks (NNs) has unveiled a myriad of opportunities for complementing CAV applications, including generative NN-based cybersecurity measures to protect the CAVs in a transportation cyber-physical system (TCPS) from known and unknown cyberattacks. The goal of this dissertation is to explore the utility of the generative NNs for devising cyberattack detection and mitigation strategies for CAVs. To this end, the …

Resiliency Of Power Systems In The Cyber Layer: Application To Load Forecasting And Security Assessment, Mojtaba Dezvarei

Doctoral Dissertations

Integrating sensors, actuators, and communication infrastructure in the electrical grid creates a smart grid, known as a cyber-physical system (CPS), which combines the physical framework with a cyber layer. The cyber layer is crucial as it houses the decision-making responsible for reliable operation. However, the complexity of the physical layers, due partly to the deployment of integrated battery resources (IBRs), and the cyber layer itself, introduces challenges such as reliance on measurement quality and vulnerability to data corruption from cyber threats. These challenges result in uncertainties in the CPS framework, emphasizing the need for accurate and robust responses from the …

Unveiling The Digital Shadows: Cybersecurity And The Art Of Digital Forensics, Derek Beardall

Cyber Operations and Resilience Program Graduate Projects

This paper navigates the symbiotic relationship between cybersecurity and digital forensics, exploring the profound role of digital forensic methodologies in addressing cyber incidents. Beginning with foundational definitions and historical evolution, this study delves into diverse types of methodologies and their applications across law enforcement and cybersecurity domains. The mechanics of cyber incident response illuminates the strategic orchestration of digital forensic methodologies. Amidst triumphs, challenges emerge from the shadows: swift threat evolution, digital ecosystem complexity, standardization gaps, resource limitations, and legal intricacies. Best practices guide experts through this intricate terrain, culminating in an enhanced understanding of the inseparable bond between cybersecurity …

Cybersecurity In Industrial Automation Lab Design For Ee 435, Jules Khalil Emile Hajjar, Emily Zhou

Electrical Engineering

This project involves the creation of an instructional laboratory aimed at teaching cybersecurity for industrial automation applications. Specifically tailored for Electrical Engineering students at Cal Poly, the experiment focuses on configuring the Modicon M580, a PLC from Schneider Electric, and serves to introduce students to relevant cybersecurity protocols and techniques. This project will be implemented into the EE435 (Industrial Power Control and Automation) course curriculum upon Cal Poly’s transition to the semester system.

Security-Enhanced Serial Communications, John White, Alexander Beall, Joseph Maurio, Dane Fichter, Dr. Matthew Davis, Dr. Zachary Birnbaum

Military Cyber Affairs

Industrial Control Systems (ICS) are widely used by critical infrastructure and are ubiquitous in numerous industries including telecommunications, petrochemical, and manufacturing. ICS are at a high risk of cyber attack given their internet accessibility, inherent lack of security, deployment timelines, and criticality. A unique challenge in ICS security is the prevalence of serial communication buses and other non-TCP/IP communications protocols. The communication protocols used within serial buses often lack authentication and integrity protections, leaving them vulnerable to spoofing and replay attacks. The bandwidth constraints and prevalence of legacy hardware in these systems prevent the use of modern message authentication and …

Detection Of Crypto-Ransomware Attack Using Deep Learning, Muna Jemal

Master of Science in Computer Science Theses

The number one threat to the digital world is the exponential increase in ransomware attacks. Ransomware is malware that prevents victims from accessing their resources by locking or encrypting the data until a ransom is paid. With individuals and businesses growing dependencies on technology and the Internet, researchers in the cyber security field are looking for different measures to prevent malicious attackers from having a successful campaign. A new ransomware variant is being introduced daily, thus behavior-based analysis of detecting ransomware attacks is more effective than the traditional static analysis. This paper proposes a multi-variant classification to detect ransomware I/O …

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Protecting The Infrastructure Of Michigan: Analyzing And Understanding Internet Infrastructure, Samuel Blaser, Travis Munyer, Damian Ramirez, Lester Juarez, Jackson Servant

Theses/Capstones/Creative Projects

The Michigan Army National Guard DCOE is hoping to increase their understanding of the physical, electrical, protocol, and logical topography of internet service. In order to understand the infrastructure of the internet, information must be collected on its pieces. By studying, describing, and illustrating the infrastructure of the global internet we can develop hardening tactics, improve user training, and develop contingency plans in the case of an attack. The research is focused on where data lives, locating data centers in the region, identifying global infrastructure and who owns it, and potential for hardening. An interactive map has been created in …

Bridging The Gap Between Public Organizaions And Cybersecurity, Christopher Boutros

Electronic Theses, Projects, and Dissertations

Cyberattacks are a major problem for public organizations across the nation, and unfortunately for them, the frequency of these attacks is constantly growing. This project used a case study approach to explore the types of cybersecurity public organization agencies face and how those crimes can be mitigated. The goal of this paper is to understand how public organization agencies have prepared for cyberattacks and discuss additional suggestions to improve their current systems with the current research available This research provides an analysis of current cyber security systems, new technologies that can be implemented, roadblocks public agencies face before and during …

The Rapid Increase Of Ransomware Attacks Over The 21st Century And Mitigation Strategies To Prevent Them From Arising, Sanjay Jacob

Senior Honors Theses

Cyber-attacks have continued to become more common throughout the past century as more people are exposed to the Internet. Every year, various studies, reports, and scholarly research is done to emphasis the rapid increase of attacks. In this honors thesis, the student sought to gather further information about the rise of ransomware attacks, various cyber threats, discuss the psychological manipulation that exist, and provided the reader with an ethical complement of cyber-attacks. Additionally, case studies from previous research have been analyzed and mitigation strategies have been explained to provide the reader with practical application. This research emphasizes in on key …

Enhancing Cyberspace Monitoring In The United States Aviation Industry: A Multi-Layered Approach For Addressing Emerging Threats, Matthew Janson

Doctoral Dissertations and Master's Theses

This research project examined the cyberspace domain in the United States (U.S.) aviation industry from many different angles. The research involved learning about the U.S. aviation cyberspace environment, the landscape of cyber threats, new technologies like 5G and smart airports, cybersecurity frameworks and best practices, and the use of aviation cyberspace monitoring capabilities. The research looked at how vulnerable the aviation industry is from cyber-attacks, analyzed the possible effects of cyber-attacks on the industry, and suggests ways to improve the industry's cybersecurity posture. The project's main goal was to protect against possible cyber-attacks and make sure that the aviation industry …

Self-Learning Algorithms For Intrusion Detection And Prevention Systems (Idps), Juan E. Nunez, Roger W. Tchegui Donfack, Rohit Rohit, Hayley Horn

SMU Data Science Review

Today, there is an increased risk to data privacy and information security due to cyberattacks that compromise data reliability and accessibility. New machine learning models are needed to detect and prevent these cyberattacks. One application of these models is cybersecurity threat detection and prevention systems that can create a baseline of a network's traffic patterns to detect anomalies without needing pre-labeled data; thus, enabling the identification of abnormal network events as threats. This research explored algorithms that can help automate anomaly detection on an enterprise network using Canadian Institute for Cybersecurity data. This study demonstrates that Neural Networks with Bayesian …

The Security And Cyber Defence Realities And Difficulties In Algeria, Kada Aicha

Journal of Police and Legal Sciences

This research paper aims to shed light on the digital challenge faced by Algeria as it enters the world of the knowledge society, which qualifies it to achieve cybersecurity and cyber defense against various forms and types of security threats, including cyber threats. The researcher used an analytical approach to understand the phenomenon under study and trace its causes, in addition to a case study method to study all aspects of the studied phenomenon and identify the characteristics of the case study - Algeria was chosen as the analysis unit. The study concluded several important results, including:

The deficiency of …

Perspectives On Design Considerations Inspired By Security And Quantum Technology In Cyberphysical Systems For Process Engineering, Helen Durand, Jihan Abou Halloun, Kip Nieman, Keshav Kasturi Rangan

Chemical Engineering and Materials Science Faculty Research Publications

Advances in computer science have been a driving force for change in process systems engineering for decades. Faster computers, expanded computing resources, simulation software, and improved optimization algorithms have all changed chemical engineers’ abilities to predict, control, and optimize process systems. Two newer areas relevant to computer science that are impacting process systems engineering are cybersecurity and quantum computing. This work reviews some of our group’s recent work in control-theoretic approaches to control system cybersecurity and touches upon the use of quantum computers, with perspectives on the relationships between process design and control when cybersecurity and quantum technologies are of …

An Empirical Study Of Pre-Trained Model Reuse In The Hugging Face Deep Learning Model Registry, Wenxin Jiang, Nicholas Synovic, Matt Hyatt, Taylor R. Schorlemmer, Rohan Sethi, Yung-Hsiang Lu, George K. Thiruvathukal, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Deep Neural Networks (DNNs) are being adopted as components in software systems. Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the-art architectures grow more complex. Following the path of traditional software engineering, machine learning engineers have begun to reuse large-scale pre-trained models (PTMs) and fine-tune these models for downstream tasks. Prior works have studied reuse practices for traditional software packages to guide software engineers towards better package maintenance and dependency management. We lack a similar foundation of knowledge to guide behaviors in pre-trained model ecosystems.

In this work, we present the first empirical investigation of PTM reuse. …

Robustness Of Image-Based Malware Classification Models Trained With Generative Adversarial Networks, Ciaran Reilly, Stephen O Shaughnessy, Christina Thorpe

Conference papers

As malware continues to evolve, deep learning models are increasingly used for malware detection and classification, including image based classification. However, adversarial attacks can be used to perturb images so as to evade detection by these models. This study investigates the effectiveness of training deep learning models with Generative Adversarial Network-generated data to improve their robustness against such attacks. Two image conversion methods, byte plot and space-filling curves, were used to represent the malware samples, and a ResNet-50 architecture was used to train models on the image datasets. The models were then tested against a projected gradient descent attack. It …

Ict Security Tools And Techniques Among Higher Education Institutions: A Critical Review, Miko Nuñez, Xavier-Lewis Palmer, Lucas Potter, Chris Jordan Aliac, Lemuel Clark Velasco

Electrical & Computer Engineering Faculty Publications

Higher education institutions (HEIs) are increasingly relying on digital technologies for classroom and organizational management, but this puts them at higher risk for information and communication (ICT security attacks. Recent studies show that HEIs have experienced more security breaches in ICT security composed of both cybersecurity an information security. A literature review was conducted to identify common ICT security practices in HEIs over the last decade. 11 journal articles were profiled and analyzed, revealing threats to HEIs’ security and protective measures in terms of organizational security, technological security, physical security, and standards and frameworks. Security tools and techniques were grouped …

Cybersecurity And Digital Privacy Aspects Of V2x In The Ev Charging Structure, Umit Cali, Murat Kuzlu, Onur Elma, Osman Gazi Gucluturk, Ahmet Kilic, Ferhat Ozgur Catak

Engineering Technology Faculty Publications

With the advancement of green energy technology and rising public and political acceptance, electric vehicles (EVs) have grown in popularity. Electric motors, batteries, and charging systems are considered major components of EVs. The electric power infrastructure has been designed to accommodate the needs of EVs, with an emphasis on bidirectional power flow to facilitate power exchange. Furthermore, the communication infrastructure has been enhanced to enable cars to communicate and exchange information with one another, also known as Vehicle-to-Everything (V2X) technology. V2X is positioned to become a bigger and smarter system in the future of transportation, thanks to upcoming digital technologies …

Robustembed: Robust Sentence Embeddings Using Self-Supervised Contrastive Pre-Training, Javad Asl, Eduardo Blanco, Daniel Takabi

School of Cybersecurity Faculty Publications

Pre-trained language models (PLMs) have demonstrated their exceptional performance across a wide range of natural language processing tasks. The utilization of PLM-based sentence embeddings enables the generation of contextual representations that capture rich semantic information. However, despite their success with unseen samples, current PLM-based representations suffer from poor robustness in adversarial scenarios. In this paper, we propose RobustEmbed, a self-supervised sentence embedding framework that enhances both generalization and robustness in various text representation tasks and against diverse adversarial attacks. By generating high-risk adversarial perturbations to promote higher invariance in the embedding space and leveraging the perturbation within a novel contrastive …