Physical Sciences and Mathematics Commons^™

The Minority In The Minority, Black Women In Computer Science Fields: A Phenomenological Study, Blanche' D. Anderson

Doctoral Dissertations and Projects

The purpose of this transcendental phenomenological study was to describe the lived experiences of Black women with a bachelor’s, master’s, or doctoral degree in computer science, currently employed in the United States. The theory guiding this study was Krumboltz’s social learning theory of career decision-making, as it provides a foundation for understanding how a combination of factors leads to an individual’s educational and occupational preferences and skills. This qualitative study answered the following central research question: What are the lived experiences of Black women with a bachelor’s, master’s, or doctoral degree in computer science, currently employed in the United States? …

Optimizing Cybersecurity Budgets With Attacksimulation, Alexander Master, George Hamilton, J. Eric Dietz

Faculty Publications

Modern organizations need effective ways to assess cybersecurity risk. Successful cyber attacks can result in data breaches, which may inflict significant loss of money, time, and public trust. Small businesses and non-profit organizations have limited resources to invest in cybersecurity controls and often do not have the in-house expertise to assess their risk. Cyber threat actors also vary in sophistication, motivation, and effectiveness. This paper builds on the previous work of Lerums et al., who presented an AnyLogic model for simulating aspects of a cyber attack and the efficacy of controls in a generic enterprise network. This paper argues that …

Anomaly Detection In Cybersecurity Datasets Via Cooperative Co-Evolution-Based Feature Selection, Bazlur A. N. M. Rashid, Mohiuddin Ahmed, Leslie F. Sikos, Paul Haskell-Dowland

Research outputs 2022 to 2026

Anomaly detection from Big Cybersecurity Datasets is very important; however, this is a very challenging and computationally expensive task. Feature selection (FS) is an approach to remove irrelevant and redundant features and select a subset of features, which can improve the machine learning algorithms’ performance. In fact, FS is an effective preprocessing step of anomaly detection techniques. This article’s main objective is to improve and quantify the accuracy and scalability of both supervised and unsupervised anomaly detection techniques. In this effort, a novel anomaly detection approach using FS, called Anomaly Detection Using Feature Selection (ADUFS), has been introduced. Experimental analysis …

A Novel Qkd Approach To Enhance Iiot Privacy And Computational Knacks, Kranthi Kumar Singamaneni, Gaurav Dhiman, Sapna Juneja, Ghulam Muhammad, Salman A Alqahtani, John Zaki

Journal Articles

The industry-based internet of things (IIoT) describes how IIoT devices enhance and extend their capabilities for production amenities, security, and efficacy. IIoT establishes an enterprise-to-enterprise setup that means industries have several factories and manufacturing units that are dependent on other sectors for their services and products. In this context, individual industries need to share their information with other external sectors in a shared environment which may not be secure. The capability to examine and inspect such large-scale information and perform analytical protection over the large volumes of personal and organizational information demands authentication and confidentiality so that the total data …

Zero Trust Architecture: Framework And Case Study, Cody Shepherd

Cyber Operations and Resilience Program Graduate Projects

The world and business are connected and a business does not exist today that does not have potentially thousands of connections to the Internet in addition to the thousands of connections to other various parts of its own infrastructure. That is the nature of the digital world we live in and there is no chance the number of those interconnections will reduce in the future. Protecting from the “outside” world with a perimeter solution might have been enough to reduce risk to an acceptable level in an organization 20 years ago, but today’s threats are sophisticated, persistent, abundant, and can …

Aligning The Transit Industry And Their Vendors In The Face Of Increasing Cyber Risk: Recommendations For Identifying And Addressing Cybersecurity Challenges, Scott Belcher, Terri Belcher, Kathryn Seckman, Brandon Thomas, Homayun Yaqub

Mineta Transportation Institute

Public transit agencies in the United States depend on external vendors to help deliver and maintain many essential services and to provide critical technologies, from ticket purchases to scheduling to email management. While the integration of new, advanced technologies into the public transit industry brings important advancements to U.S. critical transportation infrastructure, the application of digital technologies also brings with it a new assortment of digital risks. Transit agencies of all sizes are finding themselves subject to cyber incidents—most notably ransomware attacks—like those experienced by larger, more prominent companies and critical infrastructure providers. The findings in this report focus on …

Cybersecurity Of Critical Infrastructures: Challenges And Solutions, Leandros Maglaras, Helge Janicke, Mohamed Amine Ferrag

Research outputs 2022 to 2026

People’s lives are becoming more and more dependent on information and computer technology. This is accomplished by the enormous benefits that the ICT offers for everyday life. Digital technology creates an avenue for communication and networking, which is characterized by the exchange of data, some of which are considered sensitive or private. There have been many reports recently of data being hijacked or leaked, often for malicious purposes. Maintaining security and privacy of information and systems has become a herculean task. It is therefore imperative to understand how an individual’s or organization’s personal data can be protected. Moreover, critical infrastructures …

Actuator Cyberattack Handling Using Lyapunov-Based Economic Model Predictive Control, Keshav Kasturi Rangan, Henrique Oyama, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity has gained increasing interest as a consequence of the potential impacts of cyberattacks on profits and safety. While attacks can affect various components of a plant, prior work from our group has focused on the impact of cyberattacks on control components such as process sensors and actuators and the development of detection strategies for cybersecurity derived from control theory. In this work, we provide greater focus on actuator attacks; specifically, we extend a detection and control strategy previously applied for sensor attacks and based on an optimization-based control technique called Lyapunov-based economic model predictive control (LEMPC) to detect attacks …

Quantum Computing And Resilient Design Perspectives For Cybersecurity Of Feedback Systems, Keshav Kasturi Rangan, Jihan Abou Halloun, Henrique Oyama, Samantha Cherney, Ilham Azali Assoumani, Nazir Jairazbhoy, Helen Durand, Simon Ka Ng

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity of control systems is an important issue in next-generation manufac- turing that can impact both operational objectives (safety and performance) as well as process designs (via hazard analysis). Cyberattacks differ from faults in that they can be coordinated efforts to exploit system vulnerabilities to create otherwise unlikely hazard scenarios. Because coordination and targeted process manipulation can be characteristics of attacks, some of the tactics previously analyzed in our group from a control system cybersecurity perspective have incorporated randomness to attempt to thwart attacks. The underlying assumption for the generation of this randomness has been that it can be achieved …

Active Learning With Cybersecurity, Carole Shook

TFSC Publications and Presentations

A global campus grant was obtained in Spring 2020 to develop modules for Cybersecurity. This presentation encompasses the use of Cyberciege and case studies that require active learning of students.

Automated Computer Network Exploitation With Bayesian Decision Networks, Graeme Roberts, Gilbert L. Peterson

Faculty Publications

Penetration Testing (pentesting) is the process of using tactics and techniques to penetrate computer systems and networks to expose any issues in their cybersecurity \cite{rsa}. It is currently a manual process requiring significant experience and time that are in limited supply. One way to supplement the shortage is through automation. This paper presents the Automated Network Discovery and Exploitation System (ANDES) which demonstrates that it is feasible to automate the pentesting process. The uniqueness of ANDES is the use of Bayesian decision networks to represent the pentesting domain and subject matter expert knowledge. ANDES conducts multiple execution cycles, which build …

Canary: An Automated Approach To Security Scanning And Remediation, David Wiles

Masters Theses & Specialist Projects

Modern software has a smaller attack surface today than in the past. Memory-safe languages, container runtimes, virtual machines, and a mature web stack all contribute to the relative safety of the web and software in general compared to years ago. Despite this, we still see high-profile bugs, hacks, and outages which affect major companies and widely-used technologies. The extensive work that has gone into hardening virtualization, containerization, and commonly used applications such as Nginx still depends on the end-user to configure correctly to prevent a compromised machine.

In this paper, I introduce a tool, which I call Canary, which can …

Security Posture: A Systematic Review Of Cyber Threats And Proactive Security, Amanda Jones

Senior Honors Theses

In the last decade, several high-profile cyber threats have occurred with global impact and devastating consequences. The tools, techniques, and procedures used to prevent cyber threats from occurring fall under the category of proactive security. Proactive security methodologies, however, vary among professionals where differing tactics have proved situationally effective. To determine the most effective tactics for preventing exploitation of vulnerabilities, the author examines the attack vector of three incidents from the last five years in a systematic review format: the WannaCry incident, the 2020 SolarWinds SUNBURST exploit, and the recently discovered Log4j vulnerability. From the three cases and existing literature, …

Assessing Security Risks With The Internet Of Things, Faith Mosemann

Senior Honors Theses

For my honors thesis I have decided to study the security risks associated with the Internet of Things (IoT) and possible ways to secure them. I will focus on how corporate, and individuals use IoT devices and the security risks that come with their implementation. In my research, I found out that IoT gadgets tend to go unnoticed as a checkpoint for vulnerability. For example, often personal IoT devices tend to have the default username and password issued from the factory that a hacker could easily find through Google. IoT devices need security just as much as computers or servers …

Understanding Student Perspective Of Undergraduate Cybersecurity Programs And Experiences Across Christian Colleges And Universities, Brandon P. Grech

Doctoral Dissertations and Projects

The number of Christian colleges and universities that are offering cybersecurity four-year degrees is rising. The workforce is in dire need of cybersecurity professionals; however, has anybody asked the new cybersecurity professionals in the workforce how their recent academic experience prepared them for such a global need? Research is well-documented about what industry currently needs in cybersecurity professionals; however, this research focused on asking graduates what students need for the workforce. The purpose of this explorative qualitative study was to gain an understanding of the phenomena of the holistic experience (technical, nontechnical, and whole-person) strengths and shortcomings (if any) recent …

Jamming Detection And Classification In Ofdm-Based Uavs Via Feature- And Spectrogram-Tailored Machine Learning, Y. Li, J. Pawlak, J. Price, K. Al Shamaileh, Q. Niyaz, S. Paheding, V. Devabhaktuni

Michigan Tech Publications

In this paper, a machine learning (ML) approach is proposed to detect and classify jamming attacks against orthogonal frequency division multiplexing (OFDM) receivers with applications to unmanned aerial vehicles (UAVs). Using software-defined radio (SDR), four types of jamming attacks; namely, barrage, protocol-aware, single-tone, and successive-pulse are launched and investigated. Each type is qualitatively evaluated considering jamming range, launch complexity, and attack severity. Then, a systematic testing procedure is established by placing an SDR in the vicinity of a UAV (i.e., drone) to extract radiometric features before and after a jamming attack is launched. Numeric features that include signal-to-noise ratio (SNR), …

Password Managers: Secure Passwords The Easy Way, Alexander Master

CERIAS Technical Reports

Poor passwords are often the central problem identified when data breaches, ransomware attacks, and identity fraud cases occur. This Purdue Extension publication provides everyday users of Internet websites and computer systems with tools and strategies to protect their online accounts. Securing information access with password managers can be convenient and often free of cost, on a variety of devices and platforms. “Do’s and Don’ts” of password practices are highlighted, as well as the benefits of multi-factor authentication. The content is especially applicable for small businesses or non-profits, where employees often share access to systems or accounts.

An Exploration On Apts In Biocybersecurity And Cyberbiosecurity, Xavier-Lewis Palmer, Lucas Potter, Saltuk Karahan

School of Cybersecurity Faculty Publications

Novel and complex digital threats that are increasingly interwoven with means and products of biology that can affect society. Much work in Biocybersecurity/Cyberbiosecurity (BCS/CBS) discuss vulnerabilities, but few deeply address malicious actor varieties as attacks at this intersection are new. The path to those attacks remains mostly theoretical, presenting considerable difficulty to accomplish in practical scenarios. In terms of advanced persistent threats (APTs) this of course needs to change as biomanufacturing facilities are at risk, considering Covid-19 and other potential pandemics. Further attacks are not out of reach and thus we must start to imagine how BCS APTs may appear. …

Cybersecurity Logging & Monitoring Security Program, Thai H. Nguyễn

School of Computer Science & Engineering Undergraduate Publications

With ubiquitous computing becoming pervasive in every aspect of societies around the world and the exponential rise in cyber-based attacks, cybersecurity teams within global organizations are spending a massive amount of human and financial capital on their logging and monitoring security programs. As a critical part of global organizational security risk management processes, it is important that log information is aggregated in a timely, accurate, and relevant manner. It is also important that global organizational security operations centers are properly monitoring and investigating the security use-case alerting based on their log data. In this paper, the author proposes a model …

C2 Microservices Api: Ch4rl3sch4l3m4gn3, Thai H. Nguyễn

School of Computer Science & Engineering Undergraduate Publications

In the 21^st century, cyber-based attackers such as advance persistent threats are leveraging bots in the form of botnets to conduct a plethora of cyber-attacks. While there are several social engineering techniques used to get targets to unknowingly download these bots, it is the command-and-control techniques advance persistent threats use to control their bots that is of critical interest to the author. In this research paper, the author aims to develop a command-and-control microservice application programming interface infrastructure to facilitate botnet command-and-control attack simulations. To achieve this the author will develop a simple bot skeletal framework, utilize the latest …

Lessons Learnt Conducting Capture The Flag Cybersecurity Competition During Covid-19, Kee Hock Tan, Eng Lieh Ouh

Research Collection School Of Computing and Information Systems

This innovative practice full paper describes our experiences conducting cybersecurity capture the flag (CTF) competition for cybersecurity enthusiast participants (inclusive of both tertiary students and working professionals) local and abroad during the COVID-19 pandemic. Learning and appreciation of cybersecurity concepts for our participants with little to no technical background can be challenging. Gamification methods such as capture the flag competition style is a popular form of cybersecurity education to help participants overcome this challenge and identify talents. Participants get to apply theoretical concepts in a controlled environment, solve hands-on tasks in an informal, game-like setting and gain hands-on active learning …