Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Computer security (6)
- Malware (Computer software) (5)
- #antcenter (4)
- Computer networks--Security measures (4)
- Intrusion detection systems (Computer security) (3)
-
- Quantum communication--Security measures (3)
- Cryptography (2)
- JDMS (2)
- Multiagent systems (2)
- #ccrcenter (1)
- 3D Scene Reconstruction (1)
- Ad hoc networks (1)
- Aerial Reconnaissance (1)
- Anomaly detection (1)
- Anomaly detection (Computer security) (1)
- Apple Mac OS X (1)
- Assembly languages (Electronic computers) (1)
- Client/server computing--Security measures (1)
- Cloud computing (1)
- Cloud computing--Security measures (1)
- Command and control systems--Security measures (1)
- Computer algorithms (1)
- Computer crimes (1)
- Computer crimes--Investigation (1)
- Computer network protocols (1)
- Computer networks (1)
- Computer networks--workload (1)
- Computer networks--Security measures (1)
- Controlled Atmospheres (1)
- Cyberinfrastructure--Security measures (1)
- Publication Type
Articles 1 - 30 of 36
Full-Text Articles in Physical Sciences and Mathematics
Emulation-Based Software Protection, William B. Kimball, Rusty O. Baldwin
Emulation-Based Software Protection, William B. Kimball, Rusty O. Baldwin
AFIT Patents
A method of emulation-based page granularity code signing comprising the steps of: copying guest operating system instructions and associated hash message authentication codes and/or digital signatures of each guest operating instruction from an untrusted guest operating system memory into a trusted host operating system memory; recomputing the hash message authentication codes using a secret key in the trusted host operating system memory; maintaining the secret key in the trusted host operating system memory and inaccessible by the untrusted guest operating system instructions; translating each guest operating system instruction that has a valid hash message authentication code to a set of …
Utilizing Graphics Processing Units For Network Anomaly Detection, Jonathan D. Hersack
Utilizing Graphics Processing Units For Network Anomaly Detection, Jonathan D. Hersack
Theses and Dissertations
This research explores the benefits of using commonly-available graphics processing units (GPUs) to perform classification of network traffic using supervised machine learning algorithms. Two full factorial experiments are conducted using a NVIDIA GeForce GTX 280 graphics card. The goal of the first experiment is to create a baseline for the relative performance of the CPU and GPU implementations of artificial neural network (ANN) and support vector machine (SVM) detection methods under varying loads. The goal of the second experiment is to determine the optimal ensemble configuration for classifying processed packet payloads using the GPU anomaly detector. The GPU ANN achieves …
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Theses and Dissertations
Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …
Creating Network Attack Priority Lists By Analyzing Email Traffic Using Predefined Profiles, Eric J. Merrit
Creating Network Attack Priority Lists By Analyzing Email Traffic Using Predefined Profiles, Eric J. Merrit
Theses and Dissertations
Networks can be vast and complicated entities consisting of both servers and workstations that contain information sought by attackers. Searching for specific data in a large network can be a time consuming process. Vast amounts of data either passes through or is stored by various servers on the network. However, intermediate work products are often kept solely on workstations. Potential high value targets can be passively identified by comparing user email traffic against predefined profiles. This method provides a potentially smaller footprint on target systems, less human interaction, and increased efficiency of attackers. Collecting user email traffic and comparing each …
Eliciting A Sensemaking Process From Verbal Protocols Of Reverse Engineers, Adam R. Bryant, Robert F. Mills, Gilbert L. Peterson, Michael R. Grimaila
Eliciting A Sensemaking Process From Verbal Protocols Of Reverse Engineers, Adam R. Bryant, Robert F. Mills, Gilbert L. Peterson, Michael R. Grimaila
Faculty Publications
A process of sensemaking in reverse engineering was elicited from verbal protocols of reverse engineers as they investigated the assembly code of executable programs. Four participants were observed during task performance and verbal protocols were collected and analyzed from two of the participants to determine their problem-solving states and characterize likely transitions between those states. From this analysis, a high-level process of sensemaking is described which represents hypothesis generation and information-seeking behaviors in reverse engineering within a framework of goal-directed planning. Future work in validation and application of the process is discussed.
Design And Analysis Of A Dynamically Configured Log-Based Distributed Security Event Detection Methodology, Michael R. Grimaila, Justin Myers, Robert F. Mills, Gilbert L. Peterson
Design And Analysis Of A Dynamically Configured Log-Based Distributed Security Event Detection Methodology, Michael R. Grimaila, Justin Myers, Robert F. Mills, Gilbert L. Peterson
Faculty Publications
Military and defense organizations rely upon the security of data stored in, and communicated through, their cyber infrastructure to fulfill their mission objectives. It is essential to identify threats to the cyber infrastructure in a timely manner, so that mission risks can be recognized and mitigated. Centralized event logging and correlation is a proven method for identifying threats to cyber resources. However, centralized event logging is inflexible and does not scale well, because it consumes excessive network bandwidth and imposes significant storage and processing requirements on the central event log server. In this paper, we present a flexible, distributed event …
Using Modeling And Simulation To Examine The Benefits Of A Network Tasking Order, Matthew D. Compton, Kenneth M. Hopkinson, Gilbert L. Peterson, James T. Moore
Using Modeling And Simulation To Examine The Benefits Of A Network Tasking Order, Matthew D. Compton, Kenneth M. Hopkinson, Gilbert L. Peterson, James T. Moore
Faculty Publications
The Global Information Grid (GIG) is the military’s computer and communications network which supports the myriad of military missions. Military missions are highly planned, passing through many hands in the strategy-to-task methodology to ensure completeness, accuracy, coordination, cohesion, and appropriateness. A benefit of this planning is the possibility to collect knowledge of future conditions that could be of use to network designers whose goals include optimizing and protecting the GIG. This advanced knowledge includes which networked military equipment will be involved, what their capabilities are, where they will be, when they will be there, and particulars on the required data …
Decentralized Riemannian Particle Filtering With Applications To Multi-Agent Localization, Martin J. Eilders
Decentralized Riemannian Particle Filtering With Applications To Multi-Agent Localization, Martin J. Eilders
Theses and Dissertations
The primary focus of this research is to develop consistent nonlinear decentralized particle filtering approaches to the problem of multiple agent localization. A key aspect in our development is the use of Riemannian geometry to exploit the inherently non-Euclidean characteristics that are typical when considering multiple agent localization scenarios. A decentralized formulation is considered due to the practical advantages it provides over centralized fusion architectures. Inspiration is taken from the relatively new field of information geometry and the more established research field of computer vision. Differential geometric tools such as manifolds, geodesics, tangent spaces, exponential, and logarithmic mappings are used …
The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler
The White-Hat Bot: A Novel Botnet Defense Strategy, Tyrone C. Gubler
Theses and Dissertations
Botnets are a threat to computer systems and users around the world. Botmasters can range from annoying spam email propagators to nefarious criminals. These criminals attempt to take down networks or web servers through distributed denial-of-service attacks, to steal corporate secrets, or to launder money from individuals or corporations. As the number and severity of successful botnet attacks rise, computer security experts need to develop better early-detection and removal techniques to protect computer networks and individual computer users from these very real threats. I will define botnets and describe some of their common purposes and current uses. Next, I will …
Vulnerability Analysis Of The Player Command And Control Protocol, John T. Hagen
Vulnerability Analysis Of The Player Command And Control Protocol, John T. Hagen
Theses and Dissertations
The Player project is an open-source effort providing a control interface specification and software framework for abstracting robot hardware. This research presents five exploits that compromise vulnerabilities in Player's command and control protocol. The attacks exploit weaknesses in the ARP, IP, TCP and Player protocols to compromise the confidentially, integrity, and availability of communication between a Player client and server. The attacks assume a laptop is connected in promiscuous mode to the same Ethernet hub as the client and server in order to sniff all network traffic between them. This work also demonstrates that Internet Protocol Security (IPsec) is capable …
Forensic Memory Analysis For Apple Os X, Andrew F. Hay
Forensic Memory Analysis For Apple Os X, Andrew F. Hay
Theses and Dissertations
Analysis of raw memory dumps has become a critical capability in digital forensics because it gives insight into the state of a system that cannot be fully represented through traditional disk analysis. Interest in memory forensics has grown steadily in recent years, with a focus on the Microsoft Windows operating systems. However, similar capabilities for Linux and Apple OS X have lagged by comparison. The volafox open source project has begun work on structured memory analysis for OS X. The tool currently supports a limited set of kernel structures to parse hardware information, system build number, process listing, loaded kernel …
Resource Provisioning In Large-Scale Self-Organizing Distributed Systems, M. Brent Reynolds
Resource Provisioning In Large-Scale Self-Organizing Distributed Systems, M. Brent Reynolds
Theses and Dissertations
This dissertation researches the mathematical translation of resource provisioning policy into mathematical terms and parameters to solve the on-line service placement problem. A norm called the Provisioning Norm is introduced. Theorems presented in the work show the Provisioning Norm utility function and greedy, random, local search effectively and efficiently solve the on-line problem. Caching of placements is shown to reduce the cost of change but does not improve response time performance. The use of feedback control theory is shown to be effective at significantly improving performance but increases the cost of change. The theoretical results are verified using a decentralized, …
Enhancing Trust In The Smart Grid By Applying A Modified Exponentially Weighted Averages Algorithm, Andrew T. Kasperek
Enhancing Trust In The Smart Grid By Applying A Modified Exponentially Weighted Averages Algorithm, Andrew T. Kasperek
Theses and Dissertations
The main contribution of this thesis is the development and application of a modified Exponentially Weighted Moving Algorithm (EWMA) algorithm, and its ability to robustly function in the face varying numbers of bad (malicious or malfunctioning) Special Protection System (SPS) nodes. Simulation results support the use of the proposed modified EWMA reputation based trust module in SPSs within a smart grid environment. This modification results in the ability to easily maintain the system above the minimum acceptable frequency of 58.8 Hz at the 95% confidence interval, when challenged with test cases containing 5, 10 and 15 bad node test cases …
Process Flow Features As A Host-Based Event Knowledge Representation, Benhur E. Pacer
Process Flow Features As A Host-Based Event Knowledge Representation, Benhur E. Pacer
Theses and Dissertations
The detection of malware is of great importance but even non-malicious software can be used for malicious purposes. Monitoring processes and their associated information can characterize normal behavior and help identify malicious processes or malicious use of normal process by measuring deviations from the learned baseline. This exploratory research describes a novel host feature generation process that calculates statistics of an executing process during a window of time called a process flow. Process flows are calculated from key process data structures extracted from computer memory using virtual machine introspection. Each flow cluster generated using k-means of the flow features represents …
Short Message Service (Sms) Command And Control (C2) Awareness In Android-Based Smartphones Using Kernel-Level Auditing, Robert J. Olipane
Short Message Service (Sms) Command And Control (C2) Awareness In Android-Based Smartphones Using Kernel-Level Auditing, Robert J. Olipane
Theses and Dissertations
This thesis addresses the emerging threat of botnets in the smartphone domain and focuses on the Android platform and botnets using short message service (SMS) as the command and control (C2) channel. With any botnet, C2 is the most important component contributing to its overall resilience, stealthiness, and effectiveness. This thesis develops a passive host-based approach for identifying covert SMS traffic and providing awareness to the user. Modifying the kernel and implementing this awareness mechanism is achieved by developing and inserting a loadable kernel module that logs all inbound SMS messages as they are sent from the baseband radio to …
Quest Hierarchy For Hyperspectral Face Recognition, David M. Ryer, Trevor J. Bihl, Kenneth W. Bauer Jr., Steven K. Rogers
Quest Hierarchy For Hyperspectral Face Recognition, David M. Ryer, Trevor J. Bihl, Kenneth W. Bauer Jr., Steven K. Rogers
Faculty Publications
A qualia exploitation of sensor technology (QUEST) motivated architecture using algorithm fusion and adaptive feedback loops for face recognition for hyperspectral imagery (HSI) is presented. QUEST seeks to develop a general purpose computational intelligence system that captures the beneficial engineering aspects of qualia-based solutions. Qualia-based approaches are constructed from subjective representations and have the ability to detect, distinguish, and characterize entities in the environment Adaptive feedback loops are implemented that enhance performance by reducing candidate subjects in the gallery and by injecting additional probe images during the matching process. The architecture presented provides a framework for exploring more advanced integration …
Security Verification Of Secure Manet Routing Protocols, Matthew F. Steele
Security Verification Of Secure Manet Routing Protocols, Matthew F. Steele
Theses and Dissertations
Secure mobile ad hoc network (MANET) routing protocols are not tested thoroughly against their security properties. Previous research focuses on verifying secure, reactive, accumulation-based routing protocols. An improved methodology and framework for secure MANET routing protocol verification is proposed which includes table-based and proactive protocols. The model checker, SPIN, is selected as the core of the secure MANET verification framework. Security is defined by both accuracy and availability: a protocol forms accurate routes and these routes are always accurate. The framework enables exhaustive verification of protocols and results in a counter-example if the protocol is deemed insecure. The framework is …
Context Aware Routing Management Architecture For Airborne Networks, Joan A. Betances
Context Aware Routing Management Architecture For Airborne Networks, Joan A. Betances
Theses and Dissertations
This thesis advocates the use of Kalman filters in conjunction with network topology information derived from the Air Tasking Order (ATO) during the planning phase for military missions. This approach is the basis for an algorithm that implements network controls that optimize network performance for Mobile Ad hoc Networks (MANET). The trajectories of relevant nodes (airborne platforms) participating in the MANET can be forecasted by parsing key information contained in the ATO. This information is used to develop optimum network routes that can significantly improve MANET performance. Improved MANET performance in the battlefield enables decision makers to access information from …
Towards Quantifying Programmable Logic Controller Resilience Against Intentional Exploits, Henry W. Bushey
Towards Quantifying Programmable Logic Controller Resilience Against Intentional Exploits, Henry W. Bushey
Theses and Dissertations
Supervisory Control and Data Acquisition (SCADA) systems control and monitor services for the nation's critical infrastructure. Recent cyber induced events (e.g., Stuxnet) provide an example of a targeted, covert cyber attack against a SCADA system that resulted in physical effects. Of particular note is how Stuxnet exploited the trust relationship between the human machine interface (HMI) and programmable logic controllers (PLCs). Current methods for validating system operating parameters rely on message exchange and network communications protocols, generally observed at the HMI. Although sufficient at the macro level, this method does not provide detection of malware that exhibits physical effects via …
Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques For Aes, Austin W. Fritzke
Obfuscating Against Side-Channel Power Analysis Using Hiding Techniques For Aes, Austin W. Fritzke
Theses and Dissertations
The transfer of information has always been an integral part of military and civilian operations, and remains so today. Because not all information we share is public, it is important to secure our data from unwanted parties. Message encryption serves to prevent all but the sender and recipient from viewing any encrypted information as long as the key stays hidden. The Advanced Encryption Standard (AES) is the current industry and military standard for symmetric-key encryption. While AES remains computationally infeasible to break the encrypted message stream, it is susceptible to side-channel attacks if an adversary has access to the appropriate …
Magnesium Object Manager Sandbox, A More Effective Sandbox Method For Windows 7, Martin A. Gilligan
Magnesium Object Manager Sandbox, A More Effective Sandbox Method For Windows 7, Martin A. Gilligan
Theses and Dissertations
A major issue in computer security is limiting the affects a program can have on a computer. One way is to place the program into a sandbox, a limited environment. Many attempts have been made to create a sandbox that maintains the usability of a program and effectively limits the effects of the program. Sandboxes that limit the resources programs can access, have succeeded. To test the effectiveness of a sandbox that limits the resources a program can access on Windows 7, the Magnesium Object Manager Sandbox (MOMS) is created. MOMS uses a kernel mode Windows component to monitor and …
Evaluation Of Malware Target Recognition Deployed In A Cloud-Based Fileserver Environment, G. Parks Masters
Evaluation Of Malware Target Recognition Deployed In A Cloud-Based Fileserver Environment, G. Parks Masters
Theses and Dissertations
Cloud computing, or the migration of computing resources from the end user to remotely managed locations where they can be purchased on-demand, presents several new and unique security challenges. One of these challenges is how to efficiently detect malware amongst files that are possibly spread across multiple locations in the Internet over congested network connections. This research studies how such an environment will impact the performance of malware detection. A simplified cloud environment is created in which network conditions are fully controlled. This environment includes a fileserver, a detection server, the detection mechanism, and clean and malicious file sample sets. …
Analysis Of The Impact Of Data Normalization On Cyber Event Correlation Query Performance, Smile T. Ludovice
Analysis Of The Impact Of Data Normalization On Cyber Event Correlation Query Performance, Smile T. Ludovice
Theses and Dissertations
A critical capability required in the operation of cyberspace is the ability to maintain situational awareness of the status of the infrastructure elements that constitute cyberspace. Event logs from cyber devices can yield significant information, and when properly utilized they can provide timely situational awareness about the state of the cyber infrastructure. In addition, proper Information Assurance requires the validation and verification of the integrity of results generated by a commercial log analysis tool. Event log analysis can be performed using relational databases. To enhance database query performance, previous literatures affirm denormalization of databases. Yet database normalization can also increase …
A Black Hole Attack Model For Reactive Ad-Hoc Protocols, Christopher W. Badenhop
A Black Hole Attack Model For Reactive Ad-Hoc Protocols, Christopher W. Badenhop
Theses and Dissertations
Net-Centric Warfare places the network in the center of all operations, making it a critical resource to attack and defend during wartime. This thesis examines one particular network attack, the Black Hole attack, to determine if an analytical model can be used to predict the impact of this attack on ad-hoc networks. An analytical Black Hole attack model is developed for reactive ad-hoc network protocols DSR and AODV. To simplify topology analysis, a hypercube topology is used to approximate ad-hoc topologies that have the same average node degree. An experiment is conducted to compare the predicted results of the analytical …
Empirical Analysis Of Optical Attenuator Performance In Quantum Key Distribution Systems Using A Particle Model, Thomas C. Adams
Empirical Analysis Of Optical Attenuator Performance In Quantum Key Distribution Systems Using A Particle Model, Thomas C. Adams
Theses and Dissertations
Quantum key distribution networks currently represent an active area of development and software modeling to address the security of future communications. One of the components used in quantum key distribution implementations is an optical attenuator. Its role in the system is necessary to reach the single photon per bit necessary to maintain theoretically perfect secrecy. How the photon pulse is modeled has a significant impact on the accuracy and performance of quantum channel components like the optical attenuator. Classical physics describe light using Maxwell's wave equations for electromagnetism. Quantum physics has demonstrated light also behaves as discrete particles referred to …
Detector Design Considerations In High-Dimensional Artificial Immune Systems, Jason M. Bindewald
Detector Design Considerations In High-Dimensional Artificial Immune Systems, Jason M. Bindewald
Theses and Dissertations
This research lays the groundwork for a network intrusion detection system that can operate with only knowledge of normal network traffic, using a process known as anomaly detection. Real-valued negative selection (RNS) is a specific anomaly detection algorithm that can be used to perform two-class classification when only one class is available for training. Researchers have shown fundamental problems with the most common detector shape, hyperspheres, in high-dimensional space. The research contained herein shows that the second most common detector type, hypercubes, can also cause problems due to biasing certain features in high dimensions. To address these problems, a new …
Understanding How Reverse Engineers Make Sense Of Programs From Assembly Language Representations, Adam R. Bryant
Understanding How Reverse Engineers Make Sense Of Programs From Assembly Language Representations, Adam R. Bryant
Theses and Dissertations
This dissertation develops a theory of the conceptual and procedural aspects involved with how reverse engineers make sense of executable programs. Software reverse engineering is a complex set of tasks which require a person to understand the structure and functionality of a program from its assembly language representation, typically without having access to the program's source code. This dissertation describes the reverse engineering process as a type of sensemaking, in which a person combines reasoning and information foraging behaviors to develop a mental model of the program. The structure of knowledge elements used in making sense of executable programs are …
Scalable Wavelet-Based Active Network Stepping Stone Detection, Joseph I. Gilbert
Scalable Wavelet-Based Active Network Stepping Stone Detection, Joseph I. Gilbert
Theses and Dissertations
Network intrusions leverage vulnerable hosts as stepping stones to penetrate deeper into a network and mask malicious actions from detection. This research focuses on a novel active watermark technique using Discrete Wavelet Transformations to mark and detect interactive network sessions. This technique is scalable, nearly invisible and resilient to multi-flow attacks. The watermark is simulated using extracted timestamps from the CAIDA 2009 dataset and replicated in a live environment. The simulation results demonstrate that the technique accurately detects the presence of a watermark at a 5% False Positive and False Negative rate for both the extracted timestamps as well as …
An Analysis Of Error Reconciliation Protocols For Use In Quantum Key Distribution, James S. Johnson
An Analysis Of Error Reconciliation Protocols For Use In Quantum Key Distribution, James S. Johnson
Theses and Dissertations
Quantum Key Distribution (QKD) is a method for transmitting a cryptographic key between a sender and receiver in a theoretically unconditionally secure way. Unfortunately, the present state of technology prohibits the flawless quantum transmission required to make QKD a reality. For this reason, error reconciliation protocols have been developed which preserve security while allowing a sender and receiver to reconcile the errors in their respective keys. The most famous of these protocols is Brassard and Salvail's Cascade, which is effective, but suffers from a high communication complexity and therefore results in low throughput. Another popular option is Buttler's Winnow protocol, …
Evaluation Of Traditional Security Solutions In The Scada Environment, Robert D. Larkin
Evaluation Of Traditional Security Solutions In The Scada Environment, Robert D. Larkin
Theses and Dissertations
Supervisory Control and Data Acquisition (SCADA) systems control and monitor the electric power grid, water treatment facilities, oil and gas pipelines, railways, and other Critical Infrastructure (CI). In recent years, organizations that own and operate these systems have increasingly interconnected them with their enterprise network to take advantage of cost savings and operational benefits. This trend, however, has introduced myriad vulnerabilities associated with the networking environment. As a result, the once isolated systems are now susceptible to a wide range of threats that previously did not exist. To help address the associated risks, security professionals seek to incorporate mitigation solutions …