Information Security Commons^™

Cyber Attack Surface Mapping For Offensive Security Testing, Douglas Everson

All Dissertations

Security testing consists of automated processes, like Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), as well as manual offensive security testing, like Penetration Testing and Red Teaming. This nonautomated testing is frequently time-constrained and difficult to scale. Previous literature suggests that most research is spent in support of improving fully automated processes or in finding specific vulnerabilities, with little time spent improving the interpretation of the scanned attack surface critical to nonautomated testing. In this work, agglomerative hierarchical clustering is used to compress the Internet-facing hosts of 13 representative companies as collected by the Shodan search …

Possible Attacks On Match-In-Database Fingerprint Authentication, Jadyn Sondrol

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

Biometrics are used to help keep users’ data private. There are many different biometric systems, all dealing with a unique attribute of a user, such as fingerprint, face, retina, iris and voice recognition. Fingerprint biometric systems, specifically match-in-database, have universally become the most implemented biometric system. To make these systems more secure, threat models are used to identify potential attacks and ways to mitigate them. This paper introduces a threat model for match-in-database fingerprint authentication systems. It also describes some of the most frequent attacks these systems come across and some possible mitigation efforts that can be adapted to keep …

Lidar Segmentation-Based Adversarial Attacks On Autonomous Vehicles, Blake Johnson

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

Autonomous vehicles utilizing LiDAR-based 3D perception systems are susceptible to adversarial attacks. This paper focuses on a specific attack scenario that relies on the creation of adversarial point clusters with the intention of fooling the segmentation model utilized by LiDAR into misclassifying point cloud data. This can be translated into the real world with the placement of objects (such as road signs or cardboard) at these adversarial point cluster locations. These locations are generated through an optimization algorithm performed on said adversarial point clusters that are introduced by the attacker.

Performance Analysis Of Deep-Learning Based Open Set Recognition Algorithms For Network Intrusion Detection Systems, Gaspard Baye, Priscila Silva, Alexandre Broggi, Lance Fiondella, Nathaniel D. Bastian, Gokhan Kul

ACI Journal Articles

Open Set Recognition (OSR) is the ability of a machine learning (ML) algorithm to classify the known and recognize the unknown. In other words, OSR enables novelty detection in classification algorithms. This broader approach is critical to detect new types of attacks, including zero-days, thereby improving the effectiveness and efficiency of various ML-enabled mission-critical systems, such as cyber-physical, facial recognition, spam filtering, and cyber defense systems such as intrusion detection systems (IDS). In ML algorithms, like deep learning (DL) classifiers, hyperparameters control the learning process; their values affect other model parameters, such as weights and biases, which affect the performance …

Cyber Creative Generative Adversarial Network For Novel Malicious Packets, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

Machine learning (ML) requires both quantity and variety of examples in order to learn generalizable patterns. In cybersecurity, labeling network packets is a tedious and difficult task. This leads to insufficient labeled datasets of network packets for training ML-based Network Intrusion Detection Systems (NIDS) to detect malicious intrusions. Furthermore, benign network traffic and malicious cyber attacks are always evolving and changing, meaning that the existing datasets quickly become obsolete. We investigate generative ML modeling for network packet synthetic data generation/augmentation to improve NIDS detection of novel, but similar, cyber attacks by generating well-labeled synthetic network traffic. We develop a Cyber …

Autonomous Cyber Warfare Agents: Dynamic Reinforcement Learning For Defensive Cyber Operations, David A. Bierbrauer, Rob Schabinger, Caleb Carlin, Jonathan Mullin, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

In this work, we aim to develop novel cybersecurity playbooks by exploiting dynamic reinforcement learning (RL) methods to close holes in the attack surface left open by the traditional signature-based approach to Defensive Cyber Operations (DCO). A useful first proof-of-concept is provided by the problem of training a scanning defense agent using RL; as a first line of defense, it is important to protect sensitive networks from network mapping tools. To address this challenge, we developed a hierarchical, Monte Carlo-based RL framework for the training of an autonomous agent which detects and reports the presence of Nmap scans in near …

Data-Efficient, Federated Learning For Raw Network Traffic Detection, Mikal Willeke, David A. Bierbrauer, Nathaniel D. Bastian

ACI Journal Articles

Traditional machine learning (ML) models used for enterprise network intrusion detection systems (NIDS) typically rely on vast amounts of centralized data with expertly engineered features. Previous work, however, has shown the feasibility of using deep learning (DL) to detect malicious activity on raw network traffic payloads rather than engineered features at the edge, which is necessary for tactical military environments. In the future Internet of Battlefield Things (IoBT), the military will find itself in multiple environments with disconnected networks spread across the battlefield. These resource-constrained, data-limited networks require distributed and collaborative ML/DL models for inference that are continually trained both …

Graph Representation Learning For Context-Aware Network Intrusion Detection, Augustine Premkumar, Madeline Schneider, Carlton Spivey, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

Detecting malicious activity using a network intrusion detection system (NIDS) is an ongoing battle for the cyber defender. Increasingly, cyber-attacks are sophisticated and occur rapidly, necessitating the use of machine/deep learning (ML/DL) techniques for network intrusion detection. Traditional ML/DL techniques for NIDS classifiers, however, are often unable to sufficiently find context-driven similarities between the various network flows and/or packet captures. In this work, we leverage graph representation learning (GRL) techniques to successfully detect adversarial intrusions by exploiting the graph structure of NIDS data to derive context awareness, as graphs are a universal language for describing entities and their relationships. We …

What Effects Do Large Language Models Have On Cybersecurity, Josiah Marshall

Cybersecurity Undergraduate Research Showcase

Large Language Models (LLMs) are artificial intelligence (AI) tools that can process, summarize, and translate texts and predict future words in a sentence, letting the LLM generate sentences similar to how humans talk and write. One concern that needs to be flagged is that, often, the content generated by different LLMs is inaccurate. LLMs are trained on code that can be used to detect data breaches, detect ransomware, and even pinpoint organizational vulnerabilities in advance of a cyberattack. LLMs are new but have unbelievable potential with their ability to generate code that brings awareness to cyber analysts and IT professionals. …

Hacker, Influencer, Counter-Culture Spy: Cyberspace Actors’ Models Of Misinformation And Counter-Operations, Benjamin Kessell

College of Computing and Digital Media Dissertations

As misinformation continues to spread on social media, its residents have begun to fight back, independent of any platform. This organic resistance to the diffusion of misinformation is a clearly observable phenomenon with roots in Anonymous’ distributed campaigns from the 2010s outwards. Hacker and information security communities are acting in defense of some of their favorite spaces, most notably, Twitter. Security researchers of all stripes use it for sharing indicators of compromise but, as the diffusion of misinformation becomes more problematic it becomes more difficult to find signals in the noise.

These actors’ response to the issues at hand is …

Constrained Optimization Based Adversarial Example Generation For Transfer Attacks In Network Intrusion Detection Systems, Marc Chale, Bruce Cox, Jeffery Weir, Nathaniel D. Bastian

ACI Journal Articles

Deep learning has enabled network intrusion detection rates as high as 99.9% for malicious network packets without requiring feature engineering. Adversarial machine learning methods have been used to evade classifiers in the computer vision domain; however, existing methods do not translate well into the constrained cyber domain as they tend to produce non-functional network packets. This research views the payload of network packets as code with many functional units. A meta-heuristic based generative model is developed to maximize classification loss of packet payloads with respect to a surrogate model by repeatedly substituting units of code with functionally equivalent counterparts. The …

Making The Transition To Post-Quantum Cryptography, J. Simon Richard

The Downtown Review

Without intervention, quantum computing could threaten the security of a large portion of our internet in the near future. However, solutions exist. This paper, which is intended for a general audience, provides a wider context for our current state of quantum-preparedness amid the transition from classical cryptosystems to post-quantum cryptosystems—cryptographic algorithms that can resist the attacks of quantum computers. It will also submit a possible way forward inspired by the actions taken around the globe to prevent the millennium (or Y2K) bug.

Blockchain Security: Double-Spending Attack And Prevention, William Henry Scott Iii

Electronic Theses and Dissertations

This thesis shows that distributed consensus systems based on proof of work are vulnerable to hashrate-based double-spending attacks due to abuse of majority rule. Through building a private fork of Litecoin and executing a double-spending attack this thesis examines the mechanics and principles behind the attack. This thesis also conducts a survey of preventative measures used to deter double-spending attacks, concluding that a decentralized peer-to-peer network using proof of work is best protected by the addition of an observer system whether internal or external.

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Combining Frameworks To Improve Military Health System Quality And Cybersecurity, Dr. Maureen L. Schafer, Dr. Joseph H. Schafer

Military Cyber Affairs

Existing conceptual frameworks and commercially available technology could be considered to rapidly operationalize the use of Quality Measures (QM) within military health systems (Costantino et al. 2020). Purchased healthcare as well as digital healthcare services have paved the way for data collection from multiple information systems thus offering stakeholders actionable intelligence to both guide and measure healthcare outcomes. However, the collection of data secondary to Smart Devices, disparate information systems, cloud services, and the Internet of Medical Things (IOMT) is a complication for security experts that also affect clients, stakeholders, organizations, and businesses delivering patient care. We have combined three …

An Application Risk Assessment Of Werner Enterprises, Nathan Andres

Theses/Capstones/Creative Projects

Risk assessments provide a systematic approach to identifying potential risks that could negatively impact an organization’s operations, financial performance, and reputation. Using a risk assessment, companies can evaluate potential risks and vulnerabilities, prioritize them based on their potential impact, and develop strategies to manage and address these risks effectively.

Werner Enterprises Inc. is a nationally known trucking company headquartered in Omaha, Nebraska. Our cybersecurity capstone project motivation was to partner with Werner to produce an assessment of known application risks in a functional way that can be repeated for all of Werner’s applications. To achieve this, we created a risk …

Design, Modeling, And Simulation Of Secure X.509 Certificate Revocation, Sai Medury

Masters Theses and Doctoral Dissertations

TLS communication over the internet has risen rapidly in the last seven years (2015--2022), and there were over 156M active SSL certificates in 2022. The state-of-the-art Public Key Infrastructure (PKI), encompassing protocols, computational resources, and digital certificates, has evolved for 24 years to become the de-facto choice for encrypted communication over the Internet even on newer platforms such as mobile devices and Internet-of-Things (IoT) (despite being low powered with computational constraints). However, certificate revocation is one sub-protocol in TLS communication that fails to meet the rising scalability demands and remains open to exploitation. In this dissertation, the standard for X.509 …

A Framework For Identifying Malware Threat Distribution On The Dark Web, Shelby Caldwell

Theses and Dissertations

The Dark Web is an ever-growing phenomenon that has not been deeply explored. It is no secret that in recent years, malware has become a powerful threat to technology users. The Dark Web is known for supporting anonymity and secure connections for private interactions. Over the years, it has become a rich environment for displaying trends, details, and indicators of emerging malware threats. Through the application of data science and open-source intelligence techniques, trends in malware distribution can be studied. In this research, we create a framework for helping identify malware threat distribution patterns. We examine this type of Dark …

Hidden Stratagem - Microtargeting: The Future Of Conflict, Jessica Dawson

ACI Books & Book Chapters

In September 2020, General Paul Nakasone, NSA Director and Commander of U.S. Cyber Command, called foreign influence operations “the next great disruptor.”[1] Nearly every intelligence agency in the United States government has been sounding the alarm over targeted influence operations enabled by social media companies since at least 2016, even though some of these operations started earlier. What often goes unstated and even less understood is the digital surveillance economy underlying these platforms and how this economic structure of trading free access for data collection about individuals’ lives poses a national security threat. Harvard sociologist Shoshana Zuboff calls this phenomenon …

Linux Malware Obfuscation, Brian Roden

Computer Science and Computer Engineering Undergraduate Honors Theses

Many forms of malicious software use techniques and tools that make it harder for their functionality to be parsed, both by antivirus software and reverse-engineering methods. Historically, the vast majority of malware has been written for the Windows operating system due to its large user base. As such, most efforts made for malware detection and analysis have been performed on that platform. However, in recent years, we have seen an increase in malware targeting servers running Linux and other Unix-like operating systems resulting in more emphasis of malware research on these platforms. In this work, several obfuscation techniques for Linux …