Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Computer networks--Security measures (11)
- #antcenter (7)
- Center_CCR (3)
- Computer security (3)
- Internet (3)
-
- Software-Defined Networking (3)
- Blockchain (2)
- Bluetooth (2)
- Computer networks (2)
- Computerized simulation (2)
- Cybersecurity (2)
- Cyberterrorism--Prevention (2)
- Data protection (2)
- Decision confidence (2)
- Electronic data processing--Distributed processing (2)
- Laser communication systems (2)
- Machine learning (2)
- Mobile computing (2)
- Wireless LANs (2)
- Ad hoc networks (Computer networks) (1)
- Ad hoc networks (Computer networks)--Security measures (1)
- Adaptive control systems (1)
- Adaptive optics (1)
- Air Traffic Controller (1)
- Air Traffic Data (1)
- Algorithms (1)
- Anomaly detection (Computer networks) (1)
- Ant colony optimization (1)
- Autoassociative Neural Network Mapping (1)
- BLE (1)
- Publication Year
- Publication Type
Articles 1 - 30 of 58
Full-Text Articles in Physical Sciences and Mathematics
Passive Physical Layer Distinct Native Attribute Cyber Security Monitor, Christopher M. Rondeau, Michael A. Temple, Juan Lopez Jr, J. Addison Betances
Passive Physical Layer Distinct Native Attribute Cyber Security Monitor, Christopher M. Rondeau, Michael A. Temple, Juan Lopez Jr, J. Addison Betances
AFIT Patents
A method for cyber security monitor includes monitoring a network interface that is input-only configured to surreptitiously and covertly receive bit-level, physical layer communication between networked control and sensor field devices. During a training mode, a baseline distinct native attribute (DNA) fingerprint is generated for each networked field device. During a protection mode, a current DNA fingerprint is generated for each networked field device. The current DNA fingerprint is compared to the baseline DNA fingerprint for each networked field device. In response to detect at least one of RAA and PAA based on a change in the current DNA fingerprint …
Quantifying Dds-Cerberus Network Control Overhead, Andrew T. Park, Nathaniel R. Peck, Richard Dill, Douglas D. Hodson, Michael R. Grimaila, Wayne C. Henry
Quantifying Dds-Cerberus Network Control Overhead, Andrew T. Park, Nathaniel R. Peck, Richard Dill, Douglas D. Hodson, Michael R. Grimaila, Wayne C. Henry
Faculty Publications
Securing distributed device communication is critical because the private industry and the military depend on these resources. One area that adversaries target is the middleware, which is the medium that connects different systems. This paper evaluates a novel security layer, DDS-Cerberus (DDS-C), that protects in-transit data and improves communication efficiency on data-first distribution systems. This research contributes a distributed robotics operating system testbed and designs a multifactorial performance-based experiment to evaluate DDS-C efficiency and security by assessing total packet traffic generated in a robotics network. The performance experiment follows a 2:1 publisher to subscriber node ratio, varying the number of …
Exploiting The Iot Through Network-Based Covert Channels, Kyle S. Harris
Exploiting The Iot Through Network-Based Covert Channels, Kyle S. Harris
Theses and Dissertations
Information leaks are a top concern to industry and government leaders. The IoT is a technology capable of sensing real-world events. A method for exfiltrating data from these devices is by covert channel. This research designs a novel IoT CTC without the need for inter-packet delays to encode data. Instead, it encodes data within preexisting network information, namely ports or addresses. Additionally, the CTC can be implemented in two different modes: Stealth and Bandwidth. Performance is measured using throughput and detectability. The Stealth methods mimic legitimate traffic captures while the Bandwidth methods forgo this approach for maximum throughput. Detection results …
Effect Of Connection State & Transport/Application Protocol On The Machine Learning Outlier Detection Of Network Intrusions, George Yuchi [*], Torrey J. Wagner, Paul Auclair, Brent T. Langhals
Effect Of Connection State & Transport/Application Protocol On The Machine Learning Outlier Detection Of Network Intrusions, George Yuchi [*], Torrey J. Wagner, Paul Auclair, Brent T. Langhals
Faculty Publications
The majority of cyber infiltration & exfiltration intrusions leave a network footprint, and due to the multi-faceted nature of detecting network intrusions, it is often difficult to detect. In this work a Zeek-processed PCAP dataset containing the metadata of 36,667 network packets was modeled with several machine learning algorithms to classify normal vs. anomalous network activity. Principal component analysis with a 10% contamination factor was used to identify anomalous behavior. Models were created using recursive feature elimination on logistic regression and XGBClassifier algorithms, and also using Bayesian and bandit optimization of neural network hyperparameters. These models were trained on a …
Long Distance Bluetooth Low Energy Exploitation On A Wireless Attack Platform, Stephanie L. Long
Long Distance Bluetooth Low Energy Exploitation On A Wireless Attack Platform, Stephanie L. Long
Theses and Dissertations
In the past decade, embedded technology, known as the Internet of Things, has expanded for many uses. The smart home infrastructure has drastically grown to include networked refrigerators, lighting systems, speakers, watches, and more. This increase in the use of wireless protocols provides a larger attack surface for cyber actors than ever before. Wireless loT traffic is susceptible for sniffing by an attacker. The attack platform skypie is upgraded to incorporate Bluetooth Low Energy (BLE) beacon collection for pattern-of-life data, as well as device characteristic enumeration and potential characteristic modification. This platform allows an attacker to mount the skypie to …
Enumerating And Locating Bluetooth Devices For Casualty Recovery In A First-Responder Environment, Justin M. Durham
Enumerating And Locating Bluetooth Devices For Casualty Recovery In A First-Responder Environment, Justin M. Durham
Theses and Dissertations
It is difficult for first-responders to quickly locate casualties in an emergency environment such as an explosion or natural disaster. In order to provide another tool to locate individuals, this research attempts to identify and estimate the location of devices that would likely be located on or with a person. A variety of devices, such as phones, smartwatches, and Bluetooth-enabled locks, are tested in multiple environments and at various heights to determine the impact that placement and interference played in locating the devices. The hypothesis is that most Bluetooth devices can be successfully enumerated quickly, but cannot be accurately located …
Direct Digital Synthesis: A Flexible Architecture For Advanced Signals Research For Future Satellite Navigation Payloads, Pranav R. Patel
Direct Digital Synthesis: A Flexible Architecture For Advanced Signals Research For Future Satellite Navigation Payloads, Pranav R. Patel
Theses and Dissertations
In legacy Global Positioning System (GPS) Satellite Navigation (SatNav) payloads, the architecture does not provide the flexibility to adapt to changing circumstances and environments. GPS SatNav payloads have largely remained unchanged since the system became fully operational in April 1995. Since then, the use of GPS has become ubiquitous in our day-to-day lives. GPS availability is now a basic assumption for distributed infrastructure; it has become inextricably tied to our national power grids, cellular networks, and global financial systems. Emerging advancements of easy to use radio technologies, such as software-defined radios (SDRs), have greatly lowered the difficulty of discovery and …
Joint 1d And 2d Neural Networks For Automatic Modulation Recognition, Luis M. Rosario Morel
Joint 1d And 2d Neural Networks For Automatic Modulation Recognition, Luis M. Rosario Morel
Theses and Dissertations
The digital communication and radar community has recently manifested more interest in using data-driven approaches for tasks such as modulation recognition, channel estimation and distortion correction. In this research we seek to apply an object detector for parameter estimation to perform waveform separation in the time and frequency domain prior to classification. This enables the full automation of detecting and classifying simultaneously occurring waveforms. We leverage a lD ResNet implemented by O'Shea et al. in [1] and the YOLO v3 object detector designed by Redmon et al. in [2]. We conducted an in depth study of the performance of these …
Autoassociative-Heteroassociative Neural Network, Claudia V. Kropas-Hughes, Steven K. Rogers, Mark E. Oxley, Matthew Kabrisky
Autoassociative-Heteroassociative Neural Network, Claudia V. Kropas-Hughes, Steven K. Rogers, Mark E. Oxley, Matthew Kabrisky
AFIT Patents
An efficient neural network computing technique capable of synthesizing two sets of output signal data from a single input signal data set. The method and device of the invention involves a unique integration of autoassociative and heteroassociative neural network mappings, the autoassociative neural network mapping enabling a quality metric for assessing the generalization or prediction accuracy of the heteroassociative neural network mapping.
Interoperable Ads-B Confidentiality, Brandon C. Burfeind
Interoperable Ads-B Confidentiality, Brandon C. Burfeind
Theses and Dissertations
The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour
Theses and Dissertations
Cooperative agent and robot systems are designed so that each is working toward the same common good. The problem is that the software systems are extremely complex and can be subverted by an adversary to either break the system or potentially worse, create sneaky agents who are willing to cooperate when the stakes are low and take selfish, greedy actions when the rewards rise. This research focuses on the ability of a group of agents to reason about the trustworthiness of each other and make decisions about whether to cooperate. A trust-based interactive partially observable Markov decision process (TI-POMDP) is …
A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby
A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby
Theses and Dissertations
Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …
Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano
Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano
Theses and Dissertations
Cyber defense analysts face the challenge of validating machine generated alerts regarding network-based security threats. Operations tempo and systematic manpower issues have increased the importance of these individual analyst decisions, since they typically are not reviewed or changed. Analysts may not always be confident in their decisions. If confidence can be accurately assessed, then analyst decisions made under low confidence can be independently reviewed and analysts can be offered decision assistance or additional training. This work investigates the utility of using neurophysiological and behavioral correlates of decision confidence to train machine learning models to infer confidence in analyst decisions. Electroencephalography …
Near Real-Time Rf-Dna Fingerprinting For Zigbee Devices Using Software Defined Radios, Frankie A. Cruz
Near Real-Time Rf-Dna Fingerprinting For Zigbee Devices Using Software Defined Radios, Frankie A. Cruz
Theses and Dissertations
Low-Rate Wireless Personal Area Network(s) (LR-WPAN) usage has increased as more consumers embrace Internet of Things (IoT) devices. ZigBee Physical Layer (PHY) is based on the Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 specification designed to provide a low-cost, low-power, and low-complexity solution for Wireless Sensor Network(s) (WSN). The standard’s extended battery life and reliability makes ZigBee WSN a popular choice for home automation, transportation, traffic management, Industrial Control Systems (ICS), and cyber-physical systems. As robust and versatile as the standard is, ZigBee remains vulnerable to a myriad of common network attacks. Previous research involving Radio Frequency-Distinct Native Attribute …
Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman
Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman
Theses and Dissertations
As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause …
Progressive Network Deployment, Performance, And Control With Software-Defined Networking, Daniel J. Casey
Progressive Network Deployment, Performance, And Control With Software-Defined Networking, Daniel J. Casey
Theses and Dissertations
The inflexible nature of traditional computer networks has led to tightly-integrated systems that are inherently difficult to manage and secure. New designs move low-level network control into software creating software-defined networks (SDN). Augmenting an existing network with these enhancements can be expensive and complex. This research investigates solutions to these problems. It is hypothesized that an add-on device, or "shim" could be used to make a traditional switch behave as an OpenFlow SDN switch while maintaining reasonable performance. A design prototype is found to cause approximately 1.5% reduction in throughput for one ow and less than double increase in latency, …
Quality Of Service Impacts Of A Moving Target Defense With Software-Defined Networking, Samuel A. Mayer
Quality Of Service Impacts Of A Moving Target Defense With Software-Defined Networking, Samuel A. Mayer
Theses and Dissertations
An analysis of the impact a defensive network technique implemented with software-defined networking has upon quality of service experienced by legitimate users. The research validates previous work conducted at AFIT to verify claims of defensive efficacy and then tests network protocols in common use (FTP, HTTP, IMAP, POP, RTP, SMTP, and SSH) on a network that uses this technique. Metrics that indicate the performance of the protocols under test are reported with respect to data gathered in a control network. The conclusions of these experiments enable network engineers to determine if this defensive technique is appropriate for the quality of …
Stereoscopic 3-D Presentation For Air Traffic Control Digital Radar Displays, Jason G. Russi, Brent T. Langhals, Michael E. Miller, Eric L. Heft
Stereoscopic 3-D Presentation For Air Traffic Control Digital Radar Displays, Jason G. Russi, Brent T. Langhals, Michael E. Miller, Eric L. Heft
AFIT Patents
An apparatus and method of presenting air traffic data to an air traffic controller are provided. Air traffic data including a two dimensional spatial location and altitude for a plurality of aircraft is received. A disparity value is determined based on the altitude for each aircraft of the plurality of aircraft. Left and right eye images are generated of the plurality of aircraft where at least one of the left and right eye images is based on the determined disparity value. The left and right eye images are simultaneously displayed to the air traffic controller on a display. The simultaneously …
Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion
Active Response Using Host-Based Intrusion Detection System And Software-Defined Networking, Jonathon S. Goodgion
Theses and Dissertations
This research proposes AHNSR: Active Host-based Network Security Response by utilizing Host-based Intrusion Detection Systems (HIDS) with Software-Defined Networking (SDN) to enhance system security by allowing dynamic active response and reconstruction from a global network topology perspective. Responses include traffic redirection, host quarantining, filtering, and more. A testable SDN-controlled network is constructed with multiple hosts, OpenFlow enabled switches, and a Floodlight controller, all linked to a custom, novel interface for the Open-Source SECurity (OSSEC) HIDS framework. OSSEC is implemented in a server-agent architecture, allowing scalability and OS independence. System effectiveness is evaluated against the following factors: alert density and a …
Applying Cyber Threat Intelligence To Industrial Control Systems, Matthew P. Sibiga
Applying Cyber Threat Intelligence To Industrial Control Systems, Matthew P. Sibiga
Theses and Dissertations
A cybersecurity initiative known as cyber threat intelligence (CTI) has recently been developed and deployed. The overall goal of this new technology is to help protect network infrastructures. Threat intelligence platforms (TIPs) have also been created to help facilitate CTI effectiveness within organizations. There are many benefits that both can achieve within the information technology (IT) sector. The industrial control system (ICS) sector can also benefit from these technologies as most ICS networks are connected to IT networks. CTI and TIPs become resourceful when using indicators of compromise (IOCs) from known ICS malware attacks and an open source intrusion detection …
A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley
A Framework For Categorization Of Industrial Control System Cyber Training Environments, Evan G. Plumley
Theses and Dissertations
First responders and professionals in hazardous occupations undergo training and evaluations for the purpose of mitigating risk and damage. For example, helicopter pilots train with multiple categorized simulations that increase in complexity before flying a real aircraft. However in the industrial control cyber incident response domain, where incident response professionals help detect, respond and recover from cyber incidents, no official categorization of training environments exist. To address this gap, this thesis provides a categorization of industrial control training environments based on realism. Four levels of environments are proposed and mapped to Blooms Taxonomy. This categorization will help organizations determine which …
Applied Hypergame Theory For Network Defense, Alan S. Gibson
Applied Hypergame Theory For Network Defense, Alan S. Gibson
Theses and Dissertations
Cyber operations are the most important aspect of military conflicts in the 21st century, but unfortunately they are also among the least understood. The continual battle for network dominance between attackers and defenders is considered to be a complex game. Hypergame theory is an extension of game theory that addresses the kind of games where misperception exists, as is often the case in military engagements. Hypergame theory, like game theory, uses a game model to determine strategy selection, but goes beyond game theory by examining subgames that exist within the full game. The inclusion of misperception and misinformation in the …
Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan
Mobile Network Defense Interface For Cyber Defense And Situational Awareness, James C. Hannan
Theses and Dissertations
Today's computer networks are under constant attack. In order to deal with this constant threat, network administrators rely on intrusion detection and prevention services (IDS) (IPS). Most IDS and IPS implement static rule sets to automatically alert administrators and resolve intrusions. Network administrators face a difficult challenge, identifying attacks against a vast number of benign network transactions. Also after a threat is identified making even the smallest policy change to the security software potentially has far-reaching and unanticipated consequences. Finally, because the administrator is primarily responding to alerts they may lose situational awareness of the network. During this research a …
Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley
Rootkit Detection Using A Cross-View Clean Boot Method, Bridget N. Flatley
Theses and Dissertations
In cyberspace, attackers commonly infect computer systems with malware to gain capabilities such as remote access, keylogging, and stealth. Many malware samples include rootkit functionality to hide attacker activities on the target system. After detection, users can remove the rootkit and associated malware from the system with commercial tools. This research describes, implements, and evaluates a clean boot method using two partitions to detect rootkits on a system. One partition is potentially infected with a rootkit while the other is clean. The method obtains directory listings of the potentially infected operating system from each partition and compares the lists to …
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
Theses and Dissertations
The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. …
Spear Phishing Attack Detection, David T. Merritt
Spear Phishing Attack Detection, David T. Merritt
Theses and Dissertations
This thesis addresses the problem of identifying email spear phishing attacks, which are indicative of cyber espionage. Spear phishing consists of targeted emails sent to entice a victim to open a malicious file attachment or click on a malicious link that leads to a compromise of their computer. Current detection methods fail to detect emails of this kind consistently. The SPEar phishing Attack Detection system (SPEAD) is developed to analyze all incoming emails on a network for the presence of spear phishing attacks. SPEAD analyzes the following file types: Windows Portable Executable and Common Object File Format (PE/COFF), Adobe Reader, …
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
A Multi Agent System For Flow-Based Intrusion Detection Using Reputation And Evolutionary Computation, David Hancock
Theses and Dissertations
The rising sophistication of cyber threats as well as the improvement of physical computer network properties present increasing challenges to contemporary Intrusion Detection (ID) techniques. To respond to these challenges, a multi agent system (MAS) coupled with flow-based ID techniques may effectively complement traditional ID systems. This paper develops: 1) a scalable software architecture for a new, self-organized, multi agent, flow-based ID system; and 2) a network simulation environment suitable for evaluating implementations of this MAS architecture and for other research purposes. Self-organization is achieved via 1) a reputation system that influences agent mobility in the search for effective vantage …
Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen
Evaluating Information Assurance Control Effectiveness On An Air Force Supervisory Control And Data Acquisition (Scada) System, Jason R. Nielsen
Theses and Dissertations
Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber …
Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson
Polarimetric Enhancements To Electro-Optical Aided Navigation Techniques, Jeremiah D. Johnson
Theses and Dissertations
Navigation in indoor and urban environments by small unmanned systems is a topic of interest for the Air Force. The Advanced Navigation Technology Center at the Air Force Institute of Technology is continually looking for novel approaches to navigation in GPS deprived environments. Inertial sensors have been coupled with image aided concepts, such as feature tracking, with good results. However, feature density in areas with large, flat, smooth surfaces tends to be low. Polarimetric sensors have been used for surface reconstruction, surface characterization and outdoor navigation. This thesis combines aspects of some of these algorithms along with a realistic, micro-facet …
Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy
Malicious And Malfunctioning Node Detection Via Observed Physical Layer Data, Tyler J. Hardy
Theses and Dissertations
There are many mechanisms that can cause inadequate or unreliable information in sensor networks. A user of the network might be interested in detecting and classifying specific sensors nodes causing these problems. Several network layer based trust methods have been developed in previous research to assess these issues; in contrast this work develops a trust protocol based on observations of physical layer data collected by the sensors. Observations of physical layer data are used for decisions and calculations, and are based on just the measurements collected by the sensors. Although this information is packaged and distributed on the network layer, …