Information Security Commons^™

Cyber Attack Surface Mapping For Offensive Security Testing, Douglas Everson

All Dissertations

Security testing consists of automated processes, like Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), as well as manual offensive security testing, like Penetration Testing and Red Teaming. This nonautomated testing is frequently time-constrained and difficult to scale. Previous literature suggests that most research is spent in support of improving fully automated processes or in finding specific vulnerabilities, with little time spent improving the interpretation of the scanned attack surface critical to nonautomated testing. In this work, agglomerative hierarchical clustering is used to compress the Internet-facing hosts of 13 representative companies as collected by the Shodan search …

Future Trends And Directions For Secure Infrastructure Architecture In The Education Sector: A Systematic Review Of Recent Evidence, Isaac Atta Senior Ampofo, Isaac Atta Junior Ampofo

Journal of Research Initiatives

The most efficient approach to giving large numbers of students’ access to computational resources is through a data center. A contemporary method for building the data center's computer infrastructure is the software-defined model, which enables user tasks to be processed in a reasonable amount of time and at a reasonable cost. The researcher examines potential directions and trends for a secured infrastructure design in this article. Additionally, interoperable, highly reusable modules that can include the newest trends in the education industry are made possible by cloud-based educational software. The Reference Architecture for University Education System Using AWS Services is presented …

A Systematic Mapping Study On Gamification Applications For Undergraduate Cybersecurity Education, Sherri Weitl-Harms, Adam Spanier, John Hastings, Matthew Rokusek

Journal of Cybersecurity Education, Research and Practice

Gamification in education presents a number of benefits that can theoretically facilitate higher engagement and motivation among students when learning complex, technical concepts. As an innovative, high-potential educational tool, many educators and researchers are attempting to implement more effective gamification into undergraduate coursework. Cyber Security Operations (CSO) education is no exception. CSO education traditionally requires comprehension of complex concepts requiring a high level of technical and abstract thinking. By properly applying gamification to complex CSO concepts, engagement in students should see an increase. While an increase is expected, no comprehensive study of CSO gamification applications (GA) has yet been undertaken …

Compete To Learn: Toward Cybersecurity As A Sport, Tj Oconnor, Dane Brown, Jasmine Jackson, Bryson Payne, Suzanna Schmeelk

Journal of Cybersecurity Education, Research and Practice

To support the workforce gap of skilled cybersecurity professionals, gamified pedagogical approaches for teaching cybersecurity have exponentially grown over the last two decades. During this same period, e-sports developed into a multi-billion dollar industry and became a staple on college campuses. In this work, we explore the opportunity to integrate e-sports and gamified cybersecurity approaches into the inaugural US Cyber Games Team. During this tenure, we learned many lessons about recruiting, assessing, and training cybersecurity teams. We share our approach, materials, and lessons learned to serve as a model for fielding amateur cybersecurity teams for future competition.

Anonymity And Gender Effects On Online Trolling And Cybervictimization, Gang Lee, Annalyssia Soonah

Journal of Cybersecurity Education, Research and Practice

The purpose of this study was to investigate the effects of the anonymity of the internet and gender differences in online trolling and cybervictimization. A sample of 151 college students attending a southeastern university completed a survey to assess their internet activities and online trolling and cybervictimization. Multivariate analyses of logistic regression and ordinary least squares regression were used to analyze online trolling and cybervictimization. The results indicated that the anonymity measure was not a significant predictor of online trolling and cybervictimization. Female students were less likely than male students to engage in online trolling, but there was no gender …

How Effective Are Seta Programs Anyway: Learning And Forgetting In Security Awareness Training, David Sikolia, David Biros, Tianjian Zhang

Journal of Cybersecurity Education, Research and Practice

Prevalent security threats caused by human errors necessitate security education, training, and awareness (SETA) programs in organizations. Despite strong theoretical foundations in behavioral cybersecurity, field evidence on the effectiveness of SETA programs in mitigating actual threats is scarce. Specifically, with a broad range of cybersecurity knowledge crammed into in a single SETA session, it is unclear how effective different types of knowledge are in mitigating human errors in a longitudinal setting. his study investigates how knowledge gained through SETA programs affects human errors in cybersecurity to fill the longitudinal void. In a baseline experiment, we establish that SETA programs reduce …

Case Study: The Impact Of Emerging Technologies On Cybersecurity Education And Workforces, Austin Cusak

Journal of Cybersecurity Education, Research and Practice

A qualitative case study focused on understanding what steps are needed to prepare the cybersecurity workforces of 2026-2028 to work with and against emerging technologies such as Artificial Intelligence and Machine Learning. Conducted through a workshop held in two parts at a cybersecurity education conference, findings came both from a semi-structured interview with a panel of experts as well as small workgroups of professionals answering seven scenario-based questions. Data was thematically analyzed, with major findings emerging about the need to refocus cybersecurity STEM at the middle school level with problem-based learning, the disconnects between workforce operations and cybersecurity operators, the …

Sociocultural Barriers For Female Participation In Stem: A Case Of Saudi Women In Cybersecurity, Alanoud Aljuaid, Xiang Michelle Liu

Journal of Cybersecurity Education, Research and Practice

The participation of women in Science, Technology, Engineering, and Mathematics (STEM) workforces is overwhelmingly low as compared to their male counterparts. The low uptake of cybersecurity careers has been documented in the previous studies conducted in the contexts of the West and Eastern worlds. However, most of the past studies mainly covered the Western world leaving more knowledge gaps in the context of Middle Eastern countries such as Saudi Arabia. Thus, to fill the existing knowledge gaps, the current study focused on women in Saudi Arabia. The aim of the study was to investigate the factors behind the underrepresentation of …

Possible Attacks On Match-In-Database Fingerprint Authentication, Jadyn Sondrol

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

Biometrics are used to help keep users’ data private. There are many different biometric systems, all dealing with a unique attribute of a user, such as fingerprint, face, retina, iris and voice recognition. Fingerprint biometric systems, specifically match-in-database, have universally become the most implemented biometric system. To make these systems more secure, threat models are used to identify potential attacks and ways to mitigate them. This paper introduces a threat model for match-in-database fingerprint authentication systems. It also describes some of the most frequent attacks these systems come across and some possible mitigation efforts that can be adapted to keep …

Lidar Segmentation-Based Adversarial Attacks On Autonomous Vehicles, Blake Johnson

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

Autonomous vehicles utilizing LiDAR-based 3D perception systems are susceptible to adversarial attacks. This paper focuses on a specific attack scenario that relies on the creation of adversarial point clusters with the intention of fooling the segmentation model utilized by LiDAR into misclassifying point cloud data. This can be translated into the real world with the placement of objects (such as road signs or cardboard) at these adversarial point cluster locations. These locations are generated through an optimization algorithm performed on said adversarial point clusters that are introduced by the attacker.

Performance Analysis Of Deep-Learning Based Open Set Recognition Algorithms For Network Intrusion Detection Systems, Gaspard Baye, Priscila Silva, Alexandre Broggi, Lance Fiondella, Nathaniel D. Bastian, Gokhan Kul

ACI Journal Articles

Open Set Recognition (OSR) is the ability of a machine learning (ML) algorithm to classify the known and recognize the unknown. In other words, OSR enables novelty detection in classification algorithms. This broader approach is critical to detect new types of attacks, including zero-days, thereby improving the effectiveness and efficiency of various ML-enabled mission-critical systems, such as cyber-physical, facial recognition, spam filtering, and cyber defense systems such as intrusion detection systems (IDS). In ML algorithms, like deep learning (DL) classifiers, hyperparameters control the learning process; their values affect other model parameters, such as weights and biases, which affect the performance …

Cyber Creative Generative Adversarial Network For Novel Malicious Packets, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

Machine learning (ML) requires both quantity and variety of examples in order to learn generalizable patterns. In cybersecurity, labeling network packets is a tedious and difficult task. This leads to insufficient labeled datasets of network packets for training ML-based Network Intrusion Detection Systems (NIDS) to detect malicious intrusions. Furthermore, benign network traffic and malicious cyber attacks are always evolving and changing, meaning that the existing datasets quickly become obsolete. We investigate generative ML modeling for network packet synthetic data generation/augmentation to improve NIDS detection of novel, but similar, cyber attacks by generating well-labeled synthetic network traffic. We develop a Cyber …

Autonomous Cyber Warfare Agents: Dynamic Reinforcement Learning For Defensive Cyber Operations, David A. Bierbrauer, Rob Schabinger, Caleb Carlin, Jonathan Mullin, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

In this work, we aim to develop novel cybersecurity playbooks by exploiting dynamic reinforcement learning (RL) methods to close holes in the attack surface left open by the traditional signature-based approach to Defensive Cyber Operations (DCO). A useful first proof-of-concept is provided by the problem of training a scanning defense agent using RL; as a first line of defense, it is important to protect sensitive networks from network mapping tools. To address this challenge, we developed a hierarchical, Monte Carlo-based RL framework for the training of an autonomous agent which detects and reports the presence of Nmap scans in near …

Data-Efficient, Federated Learning For Raw Network Traffic Detection, Mikal Willeke, David A. Bierbrauer, Nathaniel D. Bastian

ACI Journal Articles

Traditional machine learning (ML) models used for enterprise network intrusion detection systems (NIDS) typically rely on vast amounts of centralized data with expertly engineered features. Previous work, however, has shown the feasibility of using deep learning (DL) to detect malicious activity on raw network traffic payloads rather than engineered features at the edge, which is necessary for tactical military environments. In the future Internet of Battlefield Things (IoBT), the military will find itself in multiple environments with disconnected networks spread across the battlefield. These resource-constrained, data-limited networks require distributed and collaborative ML/DL models for inference that are continually trained both …

Graph Representation Learning For Context-Aware Network Intrusion Detection, Augustine Premkumar, Madeline Schneider, Carlton Spivey, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

Detecting malicious activity using a network intrusion detection system (NIDS) is an ongoing battle for the cyber defender. Increasingly, cyber-attacks are sophisticated and occur rapidly, necessitating the use of machine/deep learning (ML/DL) techniques for network intrusion detection. Traditional ML/DL techniques for NIDS classifiers, however, are often unable to sufficiently find context-driven similarities between the various network flows and/or packet captures. In this work, we leverage graph representation learning (GRL) techniques to successfully detect adversarial intrusions by exploiting the graph structure of NIDS data to derive context awareness, as graphs are a universal language for describing entities and their relationships. We …

What Effects Do Large Language Models Have On Cybersecurity, Josiah Marshall

Cybersecurity Undergraduate Research Showcase

Large Language Models (LLMs) are artificial intelligence (AI) tools that can process, summarize, and translate texts and predict future words in a sentence, letting the LLM generate sentences similar to how humans talk and write. One concern that needs to be flagged is that, often, the content generated by different LLMs is inaccurate. LLMs are trained on code that can be used to detect data breaches, detect ransomware, and even pinpoint organizational vulnerabilities in advance of a cyberattack. LLMs are new but have unbelievable potential with their ability to generate code that brings awareness to cyber analysts and IT professionals. …

Hacker, Influencer, Counter-Culture Spy: Cyberspace Actors’ Models Of Misinformation And Counter-Operations, Benjamin Kessell

College of Computing and Digital Media Dissertations

As misinformation continues to spread on social media, its residents have begun to fight back, independent of any platform. This organic resistance to the diffusion of misinformation is a clearly observable phenomenon with roots in Anonymous’ distributed campaigns from the 2010s outwards. Hacker and information security communities are acting in defense of some of their favorite spaces, most notably, Twitter. Security researchers of all stripes use it for sharing indicators of compromise but, as the diffusion of misinformation becomes more problematic it becomes more difficult to find signals in the noise.

These actors’ response to the issues at hand is …

Constrained Optimization Based Adversarial Example Generation For Transfer Attacks In Network Intrusion Detection Systems, Marc Chale, Bruce Cox, Jeffery Weir, Nathaniel D. Bastian

ACI Journal Articles

Deep learning has enabled network intrusion detection rates as high as 99.9% for malicious network packets without requiring feature engineering. Adversarial machine learning methods have been used to evade classifiers in the computer vision domain; however, existing methods do not translate well into the constrained cyber domain as they tend to produce non-functional network packets. This research views the payload of network packets as code with many functional units. A meta-heuristic based generative model is developed to maximize classification loss of packet payloads with respect to a surrogate model by repeatedly substituting units of code with functionally equivalent counterparts. The …

Making The Transition To Post-Quantum Cryptography, J. Simon Richard

The Downtown Review

Without intervention, quantum computing could threaten the security of a large portion of our internet in the near future. However, solutions exist. This paper, which is intended for a general audience, provides a wider context for our current state of quantum-preparedness amid the transition from classical cryptosystems to post-quantum cryptosystems—cryptographic algorithms that can resist the attacks of quantum computers. It will also submit a possible way forward inspired by the actions taken around the globe to prevent the millennium (or Y2K) bug.

Blockchain Security: Double-Spending Attack And Prevention, William Henry Scott Iii

Electronic Theses and Dissertations

This thesis shows that distributed consensus systems based on proof of work are vulnerable to hashrate-based double-spending attacks due to abuse of majority rule. Through building a private fork of Litecoin and executing a double-spending attack this thesis examines the mechanics and principles behind the attack. This thesis also conducts a survey of preventative measures used to deter double-spending attacks, concluding that a decentralized peer-to-peer network using proof of work is best protected by the addition of an observer system whether internal or external.