Open Access. Powered by Scholars. Published by Universities.®
- Discipline
-
- Computer Engineering (21)
- Computer Sciences (21)
- Information Security (21)
- Physical Sciences and Mathematics (21)
- Digital Communications and Networking (17)
-
- Operations Research, Systems Engineering and Industrial Engineering (9)
- Other Operations Research, Systems Engineering and Industrial Engineering (5)
- Risk Analysis (4)
- Electrical and Computer Engineering (3)
- Hardware Systems (2)
- Operational Research (2)
- Systems Engineering (2)
- Computer and Systems Architecture (1)
- Data Storage Systems (1)
- Geographic Information Sciences (1)
- Geography (1)
- OS and Networks (1)
- Power and Energy (1)
- Signal Processing (1)
- Social and Behavioral Sciences (1)
- Systems and Communications (1)
Articles 1 - 30 of 35
Full-Text Articles in Engineering
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
Theses and Dissertations
Cooperative agent and robot systems are designed so that each is working toward the same common good. The problem is that the software systems are extremely complex and can be subverted by an adversary to either break the system or potentially worse, create sneaky agents who are willing to cooperate when the stakes are low and take selfish, greedy actions when the rewards rise. This research focuses on the ability of a group of agents to reason about the trustworthiness of each other and make decisions about whether to cooperate. A trust-based interactive partially observable Markov decision process (TI-POMDP) is …
Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard
Hijacking User Uploads To Online Persistent Data Repositories For Covert Data Exfiltration, Curtis P. Barnard
Theses and Dissertations
As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged …
Reputation-Based Trust For A Cooperative, Agent-Based Backup Protection Scheme For Power Networks, John F. Borowski
Reputation-Based Trust For A Cooperative, Agent-Based Backup Protection Scheme For Power Networks, John F. Borowski
Theses and Dissertations
This thesis research explores integrating a reputation-based trust mechanism with an agent-based backup protection system to improve the performance of traditional backup relay methods that are currently in use in power transmission systems. Integrating agent technology into relay protection schemes has been previously proposed to clear faults more rapidly and to add precision by enabling the use of adaptive protection methods. A distributed, cooperative trust system such as that used in peer-to-peer file sharing networks has the potential to add an additional layer of defense in a protection system designed to operate with greater autonomy. This trust component enables agents …
Component Hiding Using Identification And Boundary Blurring Techniques, James D. Parham Jr.
Component Hiding Using Identification And Boundary Blurring Techniques, James D. Parham Jr.
Theses and Dissertations
Protecting software from adversarial attacks is extremely important for DoD technologies. When systems are compromised, the possibility exists for recovery costing millions of dollars and countless labor hours. Circuits implemented on embedded systems utilizing FPGA technology are the result of downloading software for instantiating circuits with specific functions or components. We consider the problem of component hiding a form of software protection. Component identification is a well studied problem. However, we use component identification as a metric for driving the cost of reverse engineering to an unreasonable level. We contribute to protection of software and circuitry by implementing a Java …
Development Of A Methodology For Customizing Insider Threat Auditing On A Linux Operating System, William T. Bai
Development Of A Methodology For Customizing Insider Threat Auditing On A Linux Operating System, William T. Bai
Theses and Dissertations
Insider threats can pose a great risk to organizations and by their very nature are difficult to protect against. Auditing and system logging are capabilities present in most operating systems and can be used for detecting insider activity. However, current auditing methods are typically applied in a haphazard way, if at all, and are not conducive to contributing to an effective insider threat security policy. This research develops a methodology for designing a customized auditing and logging template for a Linux operating system. An intent-based insider threat risk assessment methodology is presented to create use case scenarios tailored to address …
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Developing Cyberspace Data Understanding: Using Crisp-Dm For Host-Based Ids Feature Mining, Joseph R. Erskine
Theses and Dissertations
Current intrusion detection systems generate a large number of specific alerts, but do not provide actionable information. Many times, these alerts must be analyzed by a network defender, a time consuming and tedious task which can occur hours or days after an attack occurs. Improved understanding of the cyberspace domain can lead to great advancements in Cyberspace situational awareness research and development. This thesis applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding about a host system under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of …
Synthesis, Interdiction, And Protection Of Layered Networks, Kevin T. Kennedy
Synthesis, Interdiction, And Protection Of Layered Networks, Kevin T. Kennedy
Theses and Dissertations
This research developed the foundation, theory, and framework for a set of analysis techniques to assist decision makers in analyzing questions regarding the synthesis, interdiction, and protection of infrastructure networks. This includes extension of traditional network interdiction to directly model nodal interdiction; new techniques to identify potential targets in social networks based on extensions of shortest path network interdiction; extension of traditional network interdiction to include layered network formulations; and develops models/techniques to design robust layered networks while considering trade-offs with cost. These approaches identify the maximum protection/disruption possible across layered networks with limited resources, find the most robust layered …
A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly
A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly
Theses and Dissertations
Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity …
Using Covert Means To Establish Cybercraft Command And Control, Bradley D. Sevy
Using Covert Means To Establish Cybercraft Command And Control, Bradley D. Sevy
Theses and Dissertations
With the increase in speed and availability of computers, our nation's computer and information systems are being attacked with increased sophistication. The Air Force Research Laboratory (AFRL) Information Directorate (RI) is researching a next generation network defense architecture, called Cybercraft, that provides automated and trusted cyber defense capabilities for AF network assets. This research we consider the issues to protect or obfuscate command and control aspects of Cybercraft. In particular, we present a methodology to hide aspects of Cybercraft platform initialization in context to formation of hierarchical, peer-to-peer groups that collectively form the Cybercraft network. Because malicious code networks (known …
Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland
Host-Based Multivariate Statistical Computer Operating Process Anomaly Intrusion Detection System (Paids), Glen R. Shilland
Theses and Dissertations
No abstract provided.
Low Probability Of Intercept Waveforms Via Intersymbol Dither Performance Under Multipath Conditions, Jonathan K. Keen
Low Probability Of Intercept Waveforms Via Intersymbol Dither Performance Under Multipath Conditions, Jonathan K. Keen
Theses and Dissertations
This thesis examines the effects of multipath interference on Low Probability of Intercept (LPI) waveforms generated using intersymbol dither. LPI waveforms are designed to be difficult for non-cooperative receivers to detect and manipulate, and have many uses in secure communications applications. In prior research, such a waveform was designed using a dither algorithm to vary the time between the transmission of data symbols in a communication system. This work showed that such a method can be used to frustrate attempts to use non-cooperative receiver algorithms to recover the data. This thesis expands on prior work by examining the effects of …
Numerical Analysis For Relevant Features In Intrusion Detection (Narfid), Jose Andres Gonzalez
Numerical Analysis For Relevant Features In Intrusion Detection (Narfid), Jose Andres Gonzalez
Theses and Dissertations
Identification of cyber attacks and network services is a robust field of study in the machine learning community. Less effort has been focused on understanding the domain space of real network data in identifying important features for cyber attack and network service classification. Motivations for such work allow for anomaly detection systems with less requirements on data “sniffed” off the network, extraction of features from the traffic, reduced learning time of algorithms, and ideally increased classification performance of anomalous behavior. This thesis evaluates the usefulness of a good feature subset for the general classification task of identifying cyber attacks and …
Dynamic Interactions For Network Visualization And Simulation, Cigdem Yetisti
Dynamic Interactions For Network Visualization And Simulation, Cigdem Yetisti
Theses and Dissertations
Most network visualization suites do not interact with a simulator, as it executes. Nor do they provide an effective user interface that includes multiple visualization functions. The subject of this research is to improve the network visualization presented in the previous research [5] adding these capabilities to the framework. The previous network visualization did not have the capability of altering specific visualization characteristics, especially when detailed observations needed to be made for a small part of a large network. Searching for a network event in this topology might cause large delays leading to lower quality user interface. In addition to …
Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel
Automated Virtual Machine Introspection For Host-Based Intrusion Detection, Brett A. Pagel
Theses and Dissertations
This thesis examines techniques to automate configuration of an intrusion detection system utilizing hardware-assisted virtualization. These techniques are used to detect the version of a running guest operating system, automatically configure version-specific operating system information needed by the introspection library, and to locate and monitor important operating system data structures. This research simplifies introspection library configuration and is a step toward operating system independent introspection. An operating system detection algorithm and Windows virtual machine system service dispatch table monitor are implemented using the Xen hypervisor and a modified version of the XenAccess library. All detection and monitoring is implemented from …
An Fpga-Based System For Tracking Digital Information Transmitted Via Peer-To-Peer Protocols, Karl R. Schrader
An Fpga-Based System For Tracking Digital Information Transmitted Via Peer-To-Peer Protocols, Karl R. Schrader
Theses and Dissertations
This thesis addresses the problem of identifying and tracking digital information that is shared using peer-to-peer file transfer and Voice over IP (VoIP) protocols. The goal of the research is to develop a system for detecting and tracking the illicit dissemination of sensitive government information using file sharing applications within a target network, and tracking terrorist cells or criminal organizations that are covertly communicating using VoIP applications. A digital forensic tool is developed using an FPGA-based embedded software application. The tool is designed to process file transfers using the BitTorrent peer-to-peer protocol and VoIP phone calls made using the Session …
An Analysis Of Botnet Vulnerabilities, Sean W. Hudson
An Analysis Of Botnet Vulnerabilities, Sean W. Hudson
Theses and Dissertations
Botnets are a significant threat to computer networks and data stored on networked computers. The ability to inhibit communication between servers controlling the botnet and individual hosts would be an effective countermeasure. The objective of this research was to find vulnerabilities in Unreal IRCd that could be used to shut down the server. Analysis revealed that Unreal IRCd is a very mature and stable IRC server and no significant vulnerabilities were found. While this research does not eliminate the possibility that a critical vulnerability is present in the Unreal IRCd software, none were identified during this effort.
Network Visualization Design Using Prefuse Visualization Framework, John Mark Belue
Network Visualization Design Using Prefuse Visualization Framework, John Mark Belue
Theses and Dissertations
Visualization of network simulation events or network visualization is an effective and low cost method to evaluate the health and status of a network and analyze network designs, protocols, and network algorithms. This research designed and developed a network event visualization framework using an open source general visualization toolkit. This research achieved three major milestones during the development of this framework: A robust network simulator trace file parser, multiple network visualization layouts {including user-defined layouts, and precise visualization timing controls and integrated display of network statistics. The parser architecture is extensible to allow customization of simulator trace formats that are …
Digital Signal Processing Leveraged For Intrusion Detection, Theodore J. Erickson
Digital Signal Processing Leveraged For Intrusion Detection, Theodore J. Erickson
Theses and Dissertations
This thesis describes the development and evaluation of a novel system called the Network Attack Characterization Tool (NACT). The NACT employs digital signal processing to detect network intrusions, by exploiting the Lomb-Scargle periodogram method to obtain a spectrum for sampled network traffic. The Lomb-Scargle method for generating a periodogram allows for the processing of unevenly sampled network data. This method for determining a periodogram has not yet been used for intrusion detection. The spectrum is examined to determine if features exist above a significance level chosen by the user. These features are considered an attack, triggering an alarm. Two traffic …
Internet Protocol Geolocation: Development Of A Delay-Based Hybrid Methodology For Locating The Geographic Location Of A Network Node, John M. Roehl
Internet Protocol Geolocation: Development Of A Delay-Based Hybrid Methodology For Locating The Geographic Location Of A Network Node, John M. Roehl
Theses and Dissertations
Internet Protocol Geolocation (IP Geolocation), the process of determining the approximate geographic location of an IP addressable node, has proven useful in a wide variety of commercial applications. Commercial applications of IP Geolocation include market research, redirection for performance enhancement, restricting content, and combating fraud. The potential for military applications include securing remote access via geographic authentication, intelligence collection, and cyber attack attribution. IP Geolocation methods can be divided into three basic categories based upon what information is used to determine the geographic location of the given IP address: 1) Information contained in databases, 2) information that is leaked during …
Aphid: Anomaly Processor In Hardware For Intrusion Detection, Samuel A. Hart
Aphid: Anomaly Processor In Hardware For Intrusion Detection, Samuel A. Hart
Theses and Dissertations
The Anomaly Processor in Hardware for Intrusion Detection (APHID) is a step forward in the field of co-processing intrusion detection mechanism. By using small, fast hardware primitives APHID relieves the production CPU from the burden of security processing. These primitives are tightly coupled to the CPU giving them access to critical state information such as the current instruction(s) in execution, the next instruction, registers, and processor state information. By monitoring these hardware elements, APHID is able to determine when an anomalous action occurs within one clock cycle. Upon detection, APHID can force the processor into a corrective state, or a …
Developing A Framwork For Evaluating Organizational Information Assurance Metrics Programs, Adam R. Bryant
Developing A Framwork For Evaluating Organizational Information Assurance Metrics Programs, Adam R. Bryant
Theses and Dissertations
The push to secure organizational information has brought about the need to develop better metrics for understanding the state of the organization’s security capability. This thesis utilizes case studies of information security metrics programs within Department of Defense organizations, the United States Air Force (USAF), and the National Aeronautics and Space Administration’s (NASA’s) Jet Propulsion Lab to discover how these organizations make decisions about how the measurement program is designed, how information is collected and disseminated, and how the collected information supports decision making. This research finds that both the DOD and USAF have highly complex information security programs that …
Hardware Virtualization Applied To Rootkit Defense, Douglas P. Medley
Hardware Virtualization Applied To Rootkit Defense, Douglas P. Medley
Theses and Dissertations
This research effort examines the idea of applying virtualization hardware to enhance operating system security against rootkits. Rootkits are sets of tools used to hide code and/or functionality from the user and operating system. Rootkits can accomplish this feat through using access to one part of an operating system to change another part that resides at the same privilege level. Hardware assisted virtualization (HAV) provides an opportunity to defeat this tactic through the introduction of a new operating mode. Created to aid operating system virtualization, HAV provides hardware support for managing and saving multiple states of the processor. This hardware …
Beyond Passswords: Usage And Policy Transformation, Alan S. Alsop
Beyond Passswords: Usage And Policy Transformation, Alan S. Alsop
Theses and Dissertations
The purpose of this research is to determine whether the transition to a two-factor authentication system is more secure than a system that relied only on what users “know” for authentication. While we found that factors that made passwords inherently vulnerable did not transfer to the PIN portion of a two-factor authentication system, we did find significant problems relating to usability, worker productivity, and the loss and theft of smart cards. The new authentication method has disrupted our ability to stay connected to ongoing mission issues, forced some installations to cut off remote access for their users and in one …
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Mitigating Insider Threat Using Human Behavior Influence Models, Anthony J. Puleo
Theses and Dissertations
Insider threat is rapidly becoming the largest information security problem that organizations face. With large numbers of personnel having access to internal systems, it is becoming increasingly difficult to protect organizations from malicious insiders. The typical methods of mitigating insider threat are simply not working, primarily because this threat is a people problem, and most mitigation strategies are geared towards profiling and anomaly detection, which are problematic at best. As a result, a new type of model is proposed in this thesis, one that incorporates risk management with human behavioral science. The new risk-based model focuses on observable influences that …
Formal Mitigation Strategies For The Insider Threat: A Security Model And Risk Analysis Framework, Jonathan W. Butts
Formal Mitigation Strategies For The Insider Threat: A Security Model And Risk Analysis Framework, Jonathan W. Butts
Theses and Dissertations
The advancement of technology and reliance on information systems have fostered an environment of sharing and trust. The rapid growth and dependence on these systems, however, creates an increased risk associated with the insider threat. The insider threat is one of the most challenging problems facing the security of information systems because the insider already has capabilities within the system. Despite research efforts to prevent and detect insiders, organizations remain susceptible to this threat because of inadequate security policies and a willingness of some individuals to betray their organization. To investigate these issues, a formal security model and risk analysis …
A Study To Determine Damage Assessment Methods Or Models On Air Force Networks, Lisa S. Thiem
A Study To Determine Damage Assessment Methods Or Models On Air Force Networks, Lisa S. Thiem
Theses and Dissertations
Damage assessment for computer networks is a new area of interest for the Air Force. Previously, there has not been a concerted effort to codify damage assessment or develop a model that can be applied in assessing damage done by criminals, natural disasters, or other methods of damaging a computer network. The research undertaken attempts to identify if the Air Force MAJCOM Network Operations Support Centers (NOSC) use damage assessment models or methods. If the Air Force does use a model or method, an additional question of how the model was attained or decided upon is asked. All information comes …
An Historical Analysis Of Factors Contributing To The Emergence Of The Intrusion Detection Discipline And Its Role In Information Assurance, James L.M. Hart
An Historical Analysis Of Factors Contributing To The Emergence Of The Intrusion Detection Discipline And Its Role In Information Assurance, James L.M. Hart
Theses and Dissertations
In 2003, Gartner, Inc., predicted the inevitable demise of the intrusion detection (ID) market, a major player in the computer security technology industry. In light of this prediction, IT executives need to know if intrusion detection technologies serve a strategic purpose within the framework of information assurance (IA). This research investigated the historical background and circumstances that led to the birth of the intrusion detection field and explored the evolution of the discipline through current research in order to identify appropriate roles for IDS technology within an information assurance framework. The research identified factors contributing to the birth of ID …
Passwords: A Survey On Usage And Policy, Kurt W. Martinson
Passwords: A Survey On Usage And Policy, Kurt W. Martinson
Theses and Dissertations
Computer password use is on the rise. Passwords have become one of the primary authentication methods used today. It is because of their high use that organizations have started to place parameters on passwords. Are password restrictions a nuisance? What are some of the consequences that result as organizations place the burden of their computer security on passwords? This thesis analyzes the results of a survey instrument that was used to determine if individuals are using similar techniques or patterns when choosing or remembering their passwords. It also looks at how individuals feel about using passwords. In addition, the authors …
Medical Devices, Support Networks, And Their Vulnerabilities: A Case Study Of The Integration Of Medical Networks Into The Air Force Information Network, Paul G. Oleksiak
Medical Devices, Support Networks, And Their Vulnerabilities: A Case Study Of The Integration Of Medical Networks Into The Air Force Information Network, Paul G. Oleksiak
Theses and Dissertations
With the implementation of "one Air Force, one network" under way it is important to look at how the Air Force plans to incorporate the medical field and its unique systems, networks, and mission. The medical field presents distinctive problems not seen in other areas. Open network vulnerabilities in the medical information systems not only pose a problem for the individual, but to the military service also. Possible security holes provide both access to vital military & personal information (end strength numbers, current status of personnel, social security), and a door way into the "network". Intruders now can possibly access …
Enabling Intrusion Detection In Ipsec Protected Ipv6 Networks Through Secret-Key Sharing, Patrick J. Sweeney
Enabling Intrusion Detection In Ipsec Protected Ipv6 Networks Through Secret-Key Sharing, Patrick J. Sweeney
Theses and Dissertations
As the Internet Protocol version 6 (IPv6) implementation becomes more widespread, the IP Security (IPSec) features embedded into the next-generation protocol will become more accessible than ever. Though the network-layer encryption provided by IPSec is a boon to data security, its use renders standard network intrusion detection systems (NIDS) useless. The problem of performing intrusion detection on encrypted traffic has been addressed by differing means with each technique requiring one or more static secret keys to be shared with the NIDS beforehand. The problem with this approach is static keying is much less secure than dynamic key generation through the …