Improving Model Performance with Robust PCA

Bennett, Marissa A.

15 May 2020

As machine learning becomes an increasingly relevant field being incorporated into everyday life, so does the need for consistently high performing models. With these high expectations, along with potentially restrictive data sets, it is crucial to be able to use techniques for machine learning that increase the likelihood of success. Robust Principal Component Analysis (RPCA) not only extracts anomalous data, but also finds correlations among the given features in a data set, in which these correlations can themselves be used as features. By taking a novel approach to utilizing the output from RPCA, we address how our method effects the performance of such models. We take into account the efficiency of our approach, and use projectors to enable our method to have a 99.79% faster run time. We apply our method primarily to cyber security data sets, though we also investigate the effects on data sets from other fields (e.g. medical).

Machine Learning

Robust PCA

Feature Engineering

Cyber Security

Projectors

PCA

Towards Advanced Malware Classification: A Reused Code Analysis of Mirai Bonnet and Ransomware

January 2020

abstract: Due to the increase in computer and database dependency, the damage caused by malicious codes increases. Moreover, gravity and the magnitude of malicious attacks by hackers grow at an unprecedented rate. A key challenge lies on detecting such malicious attacks and codes in real-time by the use of existing methods, such as a signature-based detection approach. To this end, computer scientists have attempted to classify heterogeneous types of malware on the basis of their observable characteristics. Existing literature focuses on classifying binary codes, due to the greater accessibility of malware binary than source code. Also, for the improved speed and scalability, machine learning-based approaches are widely used. Despite such merits, the machine learning-based approach critically lacks the interpretability of its outcome, thus restricts understandings of why a given code belongs to a particular type of malicious malware and, importantly, why some portions of a code are reused very often by hackers. In this light, this study aims to enhance understanding of malware by directly investigating reused codes and uncovering their characteristics. To examine reused codes in malware, both malware with source code and malware with binary code are considered in this thesis. For malware with source code, reused code chunks in the Mirai botnet. This study lists frequently reused code chunks and analyzes the characteristics and location of the code. For malware with binary code, this study performs reverse engineering on the binary code for human readers to comprehend, visually inspects reused codes in binary ransomware code, and illustrates the functionality of the reused codes on the basis of similar behaviors and tactics. This study makes a novel contribution to the literature by directly investigating the characteristics of reused code in malware. The findings of the study can help cybersecurity practitioners and scholars increase the performance of malware classification. / Dissertation/Thesis / Masters Thesis Computer Science 2020

Computer science

Cyber-security

Mirai Botnet

Ransomware

Reused-code

Návrh, tvorba a implementace softwarové aplikace ve firemním prostředí / Design, Creation and Implementation of Software Application in the Corporate Environment

Zavadilová, Patrícia

January 2021

The master’s thesis is focused on the design and creation of a solution for converting company’s software application into the mobile and web form. The main goal is make business processes more efficient and maintain information and cyber security. The result should be a system that brings an innovative and convenient solution, time and financial savings.

Použitelnost Deepfakes v oblasti kybernetické bezpečnosti / Applicability of Deepfakes in the Field of Cyber Security

Firc, Anton

January 2021

Deepfake technológia je v poslednej dobe na vzostupe. Vzniká mnoho techník a nástrojov pre tvorbu deepfake médií a začínajú sa používať ako pre nezákonné tak aj pre prospešné činnosti. Nezákonné použitie vedie k výskumu techník pre detekciu deepfake médií a ich neustálemu zlepšovaniu, takisto ako k potrebe vzdelávať širokú verejnosť o nástrahách, ktoré táto technológia prináša. Jedna z málo preskúmaných oblastí škodlivého použitia je používanie deepfake pre oklamanie systémov hlasovej autentifikácie. Názory spoločnosti na vykonateľnosť takýchto útokov sa líšia, no existuje len málo vedeckých dôkazov. Cieľom tejto práce je preskúmať aktuálnu pripravenosť systémov hlasovej biometrie čeliť deepfake nahrávkam. Vykonané experimenty ukazujú, že systémy hlasovej biometrie sú zraniteľné pomocou deepfake nahrávok. Napriek tomu, že skoro všetky verejne dostupné nástroje a modely sú určené pre syntézu anglického jazyka, v tejto práci ukazujem, že syntéza hlasu v akomkoľvek jazyku nie je veľmi náročná. Nakoniec navrhujem riešenie pre zníženie rizika ktoré deepfake nahrávky predstavujú pre systémy hlasovej biometrie, a to používať overenie hlasu závislé na texte, nakoľko som ukázal, že je odolnejšie proti deepfake nahrávkam.

Analysis of cyber security in smart grid systems

Masonganye, James

January 2017

Cyber security is a major concern due to global incidents of intrusion. The impact of the attacks on the electricity grid can be significant, resulting in the collapsing of the national economy. Electricity network is needed by banks, government security agencies, hospitals and telecommunication operators. The purpose of this research is to investigate the various types of cyber security threats, including ICT technologies required for safe operation of the smart grid to protect and mitigate the impact of cyber security. The modelling of cyber security using the Matlab/SimPowerSystem simulates the City of Tshwane power system. Eskom components used to produce energy, interconnect to the City of Tshwane power distribution substations and simulated using Simulink SimPowerSystem. / Dissertation (MEng)--University of Pretoria, 2017. / Electrical, Electronic and Computer Engineering / MEng / Unrestricted

UCTD

Cyber Security

Smart grid

SCADA

National Institute of Standard (NIST)

Smart Home Security Using Intrusion Detection and Prevention Systems

Nalubowa, Vivian Gloria

January 2019

As the connectivity of home devices elevates so does the volume and sophistication of cyber attacks consistently grow. Therefore, the need for network security and availability becomes more significant. Numerous sorts of countermeasures like firewalls and router-based packet filtering have been put in place, although these alone are not enough to brace the network from unauthorised access. One of the most efficient methods of stopping network adversaries is using Intrusion Detection and Prevention Systems (IDPS). The goal of an IDPS is to stop security attacks before they can be successfully carried out. In this paper, I looked at four network attacks namely; probing, denial of service, remote to user and user to root and improved their respective Snort rules to optimize processing time and capturing capacity using regular expressions and fast pattern. Snort with improved rules captured 100% of the attacks launched to the network while without the improved rules, Snort captured between 0% to 60% of the attacks launched to the network making an improvement of 40%.

Digital Forensics

cyber security

Intrusion Detection

Engineering and Technology

Teknik och teknologier

NETWORK FEATURE ENGINEERING AND DATA SCIENCE ANALYTICS FOR CYBER THREAT INTELLIGENCE

Unknown Date

While it is evident that network services continue to play an ever-increasing role in our daily lives, it is less evident that our information infrastructure requires a concerted, well-conceived, and fastidiously executed strategy to remain viable. Government agencies, Non-Governmental Organizations (\NGOs"), and private organizations are all targets for malicious online activity. Security has deservedly become a serious focus for organizations that seek to assume a more proactive posture; in order to deal with the many facets of securing their infrastructure. At the same time, the discipline of data science has rapidly grown into a prominent role, as once purely theoretical machine learning algorithms have become practical for implementation. This is especially noteworthy, as principles that now fall neatly into the field of data science has been contemplated for quite some time, and as much as over two hundred years ago. Visionaries like Thomas Bayes [18], Andrey Andreyevich Markov [65], Frank Rosenblatt [88], and so many others made incredible contributions to the field long before the impact of Moore's law [92] would make such theoretical work commonplace for practical use; giving rise to what has come to be known as "Data Science". / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2020. / FAU Electronic Theses and Dissertations Collection

Cyber security

Computer security

Information infrastructure

Predictive analytics

Autonomic Zero Trust Framework for Network Protection

Durflinger, James

05 1900

With the technological improvements, the number of Internet connected devices is increasing tremendously. We also observe an increase in cyberattacks since the attackers want to use all these interconnected devices for malicious intention. Even though there exist many proactive security solutions, it is not practical to run all the security solutions on them as they have limited computational resources and even battery operated. As an alternative, Zero Trust Architecture (ZTA) has become popular is because it defines boundaries and requires to monitor all events, configurations, and connections and evaluate them to enforce rejecting by default and accepting only if they are known and accepted as well as applies a continuous trust evaluation. In addition, we need to be able to respond as quickly as possible, which cannot be managed by human interaction but through autonomous computing paradigm. Therefore, in this work, we propose a framework that would implement ZTA using autonomous computing paradigm. The proposed solution, Autonomic ZTA Management Engine (AZME) framework, focusing on enforcing ZTA on network, uses a set of sensors to monitor a network, a set of user-defined policies to define which actions to be taken (through controller). We have implemented a Python prototype as a proof-of-concept that checks network packets and enforce ZTA by checking the individual source and destination based on the given policies and continuously evaluate the trust of connections. If an unaccepted connection is made, it can block the connection by creating firewall rule at runtime.

Zero Trust

Autonomous Computing

IoT

Network Security

Cyber Security

Cyber-Security Policy Decisions in Small Businesses

Patterson, Joanna

01 January 2017

Cyber-attacks against small businesses are on the rise yet small business owners often lack effective strategies to avoid these attacks. The purpose of this qualitative multiple case study was to explore the strategies small business owners use to make cyber-security decisions. Bertalanffy's general systems theory provided the conceptual framework for this study. A purposive sample of 10 small business owners participated in the interview process and shared their decision-making methodologies and influencers. The small business owners were vetted to ensure their strategies were effective through a series of qualification questions. The intent of the research question and corresponding interview questions was to identify strategies that successful small business owners use to make cyber-security decisions. Data analysis consisted of coding keywords, phrases, and sentences from semi structured interviews as well as document analysis. The following themes emerged: government requirements, peer influence, budgetary constraints, commercial standards, and lack of employee involvement. According to the participants, budgetary constraints and peer influence were the most influential factors when making decisions regarding cyber-security strategies. Through exposing small business owners to proven strategies, the implications for social change include a reduction of their small business operating costs and assistance with compliance activities.

cyber security

policy

small business

Business

Databases and Information Systems

The Training Deficiency in Corporate America: Training Security Professionals to Protect Sensitive Information

Johnson, Kenneth Tyrone

01 January 2017

Increased internal and external training approaches are elements senior leaders need to know before creating a training plan for security professionals to protect sensitive information. The purpose of this qualitative case study was to explore training strategies telecommunication industry leaders use to ensure security professionals can protect sensitive information. The population consisted of 3 senior leaders in a large telecommunication company located in Dallas, Texas that has a large footprint of securing sensitive information. The conceptual framework on which this study was based was the security risk planning model. Semistructured interviews and document reviews helped to support the findings of this study. Using the thematic approach, 3 major themes emerged. The 3 themes included security training is required for all professionals, different approaches to training are beneficial, and using internal and external training's to complement each other. The findings revealed senior leaders used different variations of training programs to train security professionals on how to protect sensitive information. The senior leaders' highest priority was the ability to ensure all personnel accessing the network received the proper training. The findings may contribute to social change by enhancing area schools' technology programs with evolving cyber security technology, helping kids detect and eradicate threats before any loss of sensitive information occurs.

Cyber security

Security professionals

Sensitive Information

Training

Databases and Information Systems