Physical Sciences and Mathematics Commons^™

Designing An Artificial Immune Inspired Intrusion Detection System, William Hosier Anderson

Theses and Dissertations

The domain of Intrusion Detection Systems (IDS) has witnessed growing interest in recent years due to the escalating threats posed by cyberattacks. As Internet of Things (IoT) becomes increasingly integrated into our every day lives, we widen our attack surface and expose more of our personal lives to risk. In the same way the Human Immune System (HIS) safeguards our physical self, a similar solution is needed to safeguard our digital self. This thesis presents the Artificial Immune inspired Intrusion Detection System (AIS-IDS), an IDS modeled after the HIS. This thesis proposes an architecture for AIS-IDS, instantiates an AIS-IDS model …

Docker Technology For Small Scenario-Based Excercises In Cybersecurity, Zeinab Ahmed

Theses and Dissertations

This study aims to better prepare students for cybersecurity roles by providing practical tools that bridge the gap between theory and real-world applications. We investigate the role of small scenario-based exercises for students’ understanding of cybersecurity concepts. In particular, we assess the use of Docker technology to deliver training that includes a simple small scenario on html code injection. The effectiveness of scenario-based learning has long been defined and by using SBL, we are going to create hands-on activity that involves the fundamental topics in cybersecurity using Docker technology, allowing students to see the exploitation of the vulnerabilities and defense …

The Effect Of Cybersecurity Training On Government Employee’S Knowledge Of Cybersecurity Issues And Practices, Juan Jaime Saldana Ii

Theses and Dissertations

There is an ever-pressing need for cybersecurity awareness and implementation of learning strategies in the workplace to mitigate the increased threat posed by cyber-attacks and exacerbated by an untrained workforce. The lack of cybersecurity knowledge amongst government employees has increased to critical levels due to the amount of sensitive information their agencies are responsible for. The digital compromise of a government entity often leads to a compromise of constituent data along with the disruption of public services (Axelrod, 2019; Yazdanpanahi, 2021). The need for awareness is further complicated by agencies looking to cater to a digital culture looking for a …

Development Of A Security-Focused Multi-Channel Communication Protocol And Associated Quality Of Secure Service (Qoss) Metrics, Paul M. Simon

Theses and Dissertations

The threat of eavesdropping, and the challenge of recognizing and correcting for corrupted or suppressed information in communication systems is a consistent challenge. Effectively managing protection mechanisms requires an ability to accurately gauge the likelihood or severity of a threat, and adapt the security features available in a system to mitigate the threat. This research focuses on the design and development of a security-focused communication protocol at the session-layer based on a re-prioritized communication architecture model and associated metrics. From a probabilistic model that considers data leakage and data corruption as surrogates for breaches of confidentiality and integrity, a set …

Securing Infiniband Networks With End-Point Encryption, Noah B. Diamond

Theses and Dissertations

The NVIDIA-Mellanox Bluefield-2 is a 100 Gbps high-performance network interface which offers hardware offload and acceleration features that can operate directly on network traffic without routine involvement from the ARM CPU. This allows the ARM multi-core CPU to orchestrate the hardware to perform operations on both Ethernet and RDMA traffic at high rates rather than processing all the traffic directly. A testbed called TNAP was created for performance testing and a MiTM verification process called MiTMVMP is used to ensure proper network configuration. The hardware accelerators of the Bluefield-2 support a throughput of nearly 86 Gbps when using IPsec to …

The Dns Bake Sale: Advertising Dns Cookie Support For Ddos Protection, Jacob Davis

Theses and Dissertations

The Domain Name System (DNS) has been frequently abused for Distributed Denial of Service (DDoS) attacks and cache poisoning because it relies on the User Datagram Protocol (UDP). Since UDP is connection-less, it is trivial for an attacker to spoof the source of a DNS query or response. DNS Cookies, a protocol standardized in 2016, add pseudo-random values to DNS packets to provide identity management and prevent spoofing attacks. This work finds that 30% of popular authoritative servers and open recursive resolvers fully support cookies and that 10% of recursive clients send cookies. Despite this, DNS cookie use is rarely …

Anomaly Detection And Encrypted Programming Forensics For Automation Controllers, Robert W. Mellish

Theses and Dissertations

Securing the critical infrastructure of the United States is of utmost importance in ensuring the security of the nation. To secure this complex system a structured approach such as the NIST Cybersecurity framework is used, but systems are only as secure as the sum of their parts. Understanding the capabilities of the individual devices, developing tools to help detect misoperations, and providing forensic evidence for incidence response are all essential to mitigating risk. This thesis examines the SEL-3505 RTAC to demonstrate the importance of existing security capabilities as well as creating new processes and tools to support the NIST Framework. …

Infiniband Network Monitoring: Challenges And Possibilities, Kyle D. Hintze

Theses and Dissertations

Within the realm of High Performance Computing, the InfiniBand Architecture is among the leading interconnects used today. Capable of providing high bandwidth and low latency, InfiniBand is finding applications outside the High Performance Computing domain. One of these is critical infrastructure, encompassing almost all essential sectors as the work force becomes more connected. InfiniBand is not immune to security risks, as prior research has shown that common traffic analyzing tools cannot effectively monitor InfiniBand traffic transmitted between hosts, due to the kernel bypass nature of the IBA in conjunction with Remote Direct Memory Access operations. If Remote Direct Memory Access …

Lorawan Device Security And Energy Optimization, John A. Stranahan Jr.

Theses and Dissertations

Resource-constrained devices are commonly connected to a network and become "things" that make up the Internet of Things (IoT). Many industries are interested in cost-effective, reliable, and cyber secure sensor networks due to the ever-increasing connectivity and benefits of IoT devices. The full advantages of IoT devices are seen in a long-range and remote context. However, current IoT platforms show many obstacles to achieve a balance between power efficiency and cybersecurity. Battery-powered sensor nodes can reliably send data over long distances with minimal power draw by adopting Long-Range (LoRa) wireless radio frequency technology. With LoRa, these devices can stay active …

Interoperable Ads-B Confidentiality, Brandon C. Burfeind

Theses and Dissertations

The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …

Development And Evaluation Of A Security Agent For Internet Of Things, Youngjun Park

Theses and Dissertations

The proposed security agent, Internet of Things Active Management Unit (IoTAMU), provides confidentiality of IoT networks via the following capabilities: (1) authentication, (2) firewall, (3) encryption, and (4) spoofing. To test the spoofer's effect, an Identical Device Model Classifier (IDMC) is developed, which measures the similarities of the observed network signatures of each pair of devices, and recognize identical model devices. The IDMC performs well in baseline network settings without the spoofer, achieving 100% precision, recall, and specificity at high threshold (SS>0.9). When the spoofer is enabled, none of the identical pairs are identified at high threshold, and up …

Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit

Theses and Dissertations

The commercial-off-the-shelf small Unmanned Aerial Vehicle (UAV) market is expanding rapidly in response to interest from hobbyists, commercial businesses, and military operators. The core commercial mission set directly relates to many current military requirements and strategies, with a priority on short range, low cost, real time aerial imaging, and limited modular payloads. These small vehicles present small radar cross sections, low heat signatures, and carry a variety of sensors and payloads. As with many new technologies, security seems secondary to the goal of reaching the market as soon as innovation is viable. Research indicates a growth in exploits and vulnerabilities …

Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan

Theses and Dissertations

Improving and defending our nation's critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT …

Cybersecurity Issues In The Context Of Cryptographic Shuffling Algorithms And Concept Drift: Challenges And Solutions, Hatim Alsuwat

Theses and Dissertations

In this dissertation, we investigate and address two kinds of data integrity threats. We first study the limitations of secure cryptographic shuffling algorithms regarding preservation of data dependencies. We then study the limitations of machine learning models regarding concept drift detection. We propose solutions to address these threats.

Shuffling Algorithms have been used to protect the confidentiality of sensitive data. However, these algorithms may not preserve data dependencies, such as functional de- pendencies and data-driven associations. We present two solutions for addressing these shortcomings: (1) Functional dependencies preserving shuffle, and (2) Data-driven asso- ciations preserving shuffle. For preserving functional dependencies, …

Cybersecurity Education In Utah High Schools: An Analysis And Strategy For Teacher Adoption, Cariana June Cornel

Theses and Dissertations

The IT Education Specialist for the USBE, Brandon Jacobson, stated:I feel there is a deficiency of and therefore a need to teach Cybersecurity.Cybersecurity is the “activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation” (NICE, 2018). Practicing cybersecurity can increase awareness of cybersecurity issues, such as theft of sensitive information. Current efforts, including but not limited to, cybersecurity camps, competitions, college courses, and conferences, have been created to better prepare cyber citizens nationwide for such cybersecurity occurrences. In …

A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby

Theses and Dissertations

Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …

Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin

Theses and Dissertations

The United States Air Force and Department of Defense continues to rely on its total workforce to provide the first layer of protection against cyber intrusion. Prior research has shown that the workforce is not adequately educated to perform this task. As a result, DoD cybersecurity strategy now includes attempting to improve education and training on cyber-related concepts and technical skills to all users of DoD networks. This paper describes an experiment designed to understand the broad methods that non-expert users may use to educate themselves on how to perform technical tasks. Preliminary results informed subsequent experiments that directly compared …

Explainable Neural Networks Based Anomaly Detection For Cyber-Physical Systems, Kasun Amarasinghe

Theses and Dissertations

Cyber-Physical Systems (CPSs) are the core of modern critical infrastructure (e.g. power-grids) and securing them is of paramount importance. Anomaly detection in data is crucial for CPS security. While Artificial Neural Networks (ANNs) are strong candidates for the task, they are seldom deployed in safety-critical domains due to the perception that ANNs are black-boxes. Therefore, to leverage ANNs in CPSs, cracking open the black box through explanation is essential.

The main objective of this dissertation is developing explainable ANN-based Anomaly Detection Systems for Cyber-Physical Systems (CP-ADS). The main objective was broken down into three sub-objectives: 1) Identifying key-requirements that an …

Evaluating An Educational Cybersecurity Playable Case Study, Tanner West Johnson

Theses and Dissertations

The realities of cyberattacks have become more and more prevalent in the world today. Due to the growing number of these attacks, the need for highly trained individuals has also increased. Because of a shortage of qualified candidates for these positions, there is an increasing need for cybersecurity education within high schools and universities. In this thesis, I discuss the development and evaluation of Cybermatics, an educational simulation, or playable case study, designed to help students learn and develop skills within the cybersecurity discipline.

This playable case study was designed to allow students to gain an understanding of the field …

Designing Cybersecurity Competitions In The Cloud: A Framework And Feasibility Study, Chandler Ryan Newby

Theses and Dissertations

Cybersecurity is an ever-expanding field. In order to stay current, training, development, and constant learning are necessary. One of these training methods has historically been competitions. Cybersecurity competitions provide a method for competitors to experience firsthand cybersecurity concepts and situations. These experiences can help build interest in, and improve skills in, cybersecurity.

While there are diverse types of cybersecurity competitions, most are run with on-premise hardware, often centralized at a specific location, and are usually limited in scope by available hardware. This research focuses on the possibility of running cybersecurity competitions, specifically CCDC style competitions, in a public cloud environment. …