Systems Architecture Commons^™

Privacy Assessment Breakthrough: A Design Science Approach To Creating A Unified Methodology, Lisa Mckee

Masters Theses & Doctoral Dissertations

Recent changes have increased the need for and awareness of privacy assessments. Organizations focus primarily on Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) but rarely take a comprehensive approach to assessments or integrate the results into a privacy risk program. There are numerous industry standards and regulations for privacy assessments, but the industry lacks a simple unified methodology with steps to perform privacy assessments. The objectives of this research project are to create a new privacy assessment methodology model using the design science methodology, update industry standards and present training for conducting privacy assessments that can be …

A False Sense Of Security - Organizations Need A Paradigm Shift On Protecting Themselves Against Apts, Srinivasulu R. Vuggumudi

Masters Theses & Doctoral Dissertations

Organizations Advanced persistent threats (APTs) are the most complex cyberattacks and are generally executed by cyber attackers linked to nation-states. The motivation behind APT attacks is political intelligence and cyber espionage. Despite all the awareness, technological advancements, and massive investment, the fight against APTs is a losing battle for organizations. An organization may implement a security strategy to prevent APTs. However, the benefits to the security posture might be negligible if the measurement of the strategy’s effectiveness is not part of the plan. A false sense of security exists when the focus is on implementing a security strategy but not …

Improving Adversarial Attacks Against Malconv, Justin Burr

Masters Theses & Doctoral Dissertations

This dissertation proposes several improvements to existing adversarial attacks against MalConv, a raw-byte malware classifier for Windows PE files. The included contributions greatly improve the success rates and performance of gradient-based file overlay attacks. All improvements are included in a new open-source attack utility called BitCamo.

Several new payload initialization strategies for use with gradient-based attacks are proposed and evaluated as potential replacements for the randomized initialization method used by current attacks. An algorithm for determining the optimal payload size is also proposed. The resulting improvements achieve a 100% evasion rate against eligible target executables using an average payload size …

Aligning Recovery Objectives With Organizational Capabilities, Jude C. Ejiobi

Masters Theses & Doctoral Dissertations

To reduce or eliminate the impact of a cyber-attack on an organization, preparations to recover a failed system and/or data are usually made in anticipation of such an attack. To avoid a false sense of security, these preparations should, as closely as possible, reflect the organization’s capabilities, in order to inform future improvement and avoid unattainable goals. There is an absence of a strong basis for the selection of the metrics that are used to measure preparation. Informal and unreliable processes are widely used, and they often result in metrics that conflict with the organization’s capabilities and interests. The goal …

A Metric For Machine Learning Vulnerability To Adversarial Examples, Matt Bradley

Masters Theses & Doctoral Dissertations

Machine learning is used in myriad aspects, both in academic research and in everyday life, including safety-critical applications such as robust robotics, cybersecurity products, medial testing and diagnosis where a false positive or negative could have catastrophic results. Despite the increasing prevalence of machine learning applications and their role in critical systems we rely on daily, the security and robustness of machine learning models is still a relatively young field of research with many open questions, particularly on the defensive side of adversarial machine learning. Chief among these open questions is how best to quantify a model’s attack surface against …