Systems Architecture Commons^™

Privacy Assessment Breakthrough: A Design Science Approach To Creating A Unified Methodology, Lisa Mckee

Masters Theses & Doctoral Dissertations

Recent changes have increased the need for and awareness of privacy assessments. Organizations focus primarily on Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) but rarely take a comprehensive approach to assessments or integrate the results into a privacy risk program. There are numerous industry standards and regulations for privacy assessments, but the industry lacks a simple unified methodology with steps to perform privacy assessments. The objectives of this research project are to create a new privacy assessment methodology model using the design science methodology, update industry standards and present training for conducting privacy assessments that can be …

Leaderboard Design Principles Influencing User Engagement In An Online Discussion, Brian S. Bovee

Masters Theses & Doctoral Dissertations

Along with the popularity of gamification, there has been increased interest in using leaderboards to promote engagement with online learning systems. The existing literature suggests that when leaderboards are designed well they have the potential to improve learning, but qualitative investigations are required in order to reveal design principles that will improve engagement. In order to address this gap, this qualitative study aims to explore students' overall perceptions of popular leaderboard designs in a gamified, online discussion. Using two leaderboards reflecting performance in an online discussion, this study evaluated multiple leaderboard designs from student interviews and other data sources regarding …

Improving Adversarial Attacks Against Malconv, Justin Burr

Masters Theses & Doctoral Dissertations

This dissertation proposes several improvements to existing adversarial attacks against MalConv, a raw-byte malware classifier for Windows PE files. The included contributions greatly improve the success rates and performance of gradient-based file overlay attacks. All improvements are included in a new open-source attack utility called BitCamo.

Several new payload initialization strategies for use with gradient-based attacks are proposed and evaluated as potential replacements for the randomized initialization method used by current attacks. An algorithm for determining the optimal payload size is also proposed. The resulting improvements achieve a 100% evasion rate against eligible target executables using an average payload size …

Analysis Of Theoretical And Applied Machine Learning Models For Network Intrusion Detection, Jonah Baron

Masters Theses & Doctoral Dissertations

Network Intrusion Detection System (IDS) devices play a crucial role in the realm of network security. These systems generate alerts for security analysts by performing signature-based and anomaly-based detection on malicious network traffic. However, there are several challenges when configuring and fine-tuning these IDS devices for high accuracy and precision. Machine learning utilizes a variety of algorithms and unique dataset input to generate models for effective classification. These machine learning techniques can be applied to IDS devices to classify and filter anomalous network traffic. This combination of machine learning and network security provides improved automated network defense by developing highly-optimized …

Non-Hazardous Industrial Solid Waste Tracking System, Justin Tank

Masters Theses & Doctoral Dissertations

The Olmsted Non-Hazardous Industrial Solid Waste Tracking System allows waste generators of certain materials to electronically have their waste assessments evaluated, approved, and tracked through a simple online process. The current process of manually requesting evaluations, prepopulating tracking forms, and filling them out on triplicate carbonless forms is out of sync with other processes in the department. Complying with audit requirements requires pulling physical copies and providing them physically to fulfill information requests.

Waste generators in Minnesota are required to track their waste disposals for certain types of industrial waste streams. This ensures waste is accounted for at the point …

Iot-Hass: A Framework For Protecting Smart Home Environment, Tarig Mudawi

Masters Theses & Doctoral Dissertations

While many solutions have been proposed for smart home security, the problem that no single solution fully protects the smart home environment still exists. In this research we propose a security framework to protect the smart home environment. The proposed framework includes three engines that complement each other to protect the smart home IoT devices. The first engine is an IDS/IPS module that monitors all traffic in the home network and then detects, alerts users, and/or blocks packets using anomaly-based detection. The second engine works as a device management module that scans and verifies IoT devices in the home network, …

Evaluating The Impacts Of Detecting X.509 Covert Channels, Cody Welu

Masters Theses & Doctoral Dissertations

This quasi-experimental before-and-after study examined the performance impacts of detecting X.509 covert channels in the Suricata intrusion detection system. Relevant literature and previous studies surrounding covert channels and covert channel detection, X.509 certificates, and intrusion detection system performance were evaluated. This study used Jason Reaves’ X.509 covert channel proof of concept code to generate malicious network traffic for detection (2018). Various detection rules for intrusion detection systems were created to aid in the detection of the X.509 covert channel. The central processing unit (CPU) and memory utilization impacts that each rule had on the intrusion detection system was studied and …

Flashlight In A Dark Room: A Grounded Theory Study On Information Security Management At Small Healthcare Provider Organizations, Gerald Auger

Masters Theses & Doctoral Dissertations

Healthcare providers have a responsibility to protect patient’s privacy and a business motivation to properly secure their assets. These providers encounter barriers to achieving these objectives and limited academic research has been conducted to examine the causes and strategies to overcome them. A subset of this demographic, businesses with less than 10 providers, compose a majority 57% of provider organizations in the United States. This grounded theory study provides exploratory findings, discovering these small healthcare provider organizations (SHPO) have limited knowledge on information technology (IT) and information security that results in assumptions and misappropriations of information security implementation, who is …