Global ETD Search

441	Data-Driven Computing and Networking Solution for Securing Cyber-Physical Systems Yifu Wu (18498519) 03 May 2024 (has links) <p dir="ltr">In recent years, a surge in data-driven computation has significantly impacted security analysis in cyber-physical systems (CPSs), especially in decentralized environments. This transformation can be attributed to the remarkable computational power offered by high-performance computers (HPCs), coupled with advancements in distributed computing techniques and sophisticated learning algorithms like deep learning and reinforcement learning. Within this context, wireless communication systems and decentralized computing systems emerge as highly suitable environments for leveraging data-driven computation in security analysis. Our research endeavors have focused on exploring the vast potential of various deep learning algorithms within the CPS domains. We have not only delved into the intricacies of existing algorithms but also designed novel approaches tailored to the specific requirements of CPSs. A pivotal aspect of our work was the development of a comprehensive decentralized computing platform prototype, which served as the foundation for simulating complex networking scenarios typical of CPS environments. Within this framework, we harnessed deep learning techniques such as restricted Boltzmann machine (RBM) and deep convolutional neural network (DCNN) to address critical security concerns such as the detection of Quality of Service (QoS) degradation and Denial of Service (DoS) attacks in smart grids. Our experimental results showcased the superior performance of deep learning-based approaches compared to traditional pattern-based methods. Additionally, we devised a decentralized computing system that encompassed a novel decentralized learning algorithm, blockchain-based learning automation, distributed storage for data and models, and cryptography mechanisms to bolster the security and privacy of both data and models. Notably, our prototype demonstrated excellent efficacy, achieving a fine balance between model inference performance and confidentiality. Furthermore, we delved into the integration of domain knowledge from CPSs into our deep learning models. This integration shed light on the vulnerability of these models to dedicated adversarial attacks. Through these multifaceted endeavors, we aim to fortify the security posture of CPSs while unlocking the full potential of data-driven computation in safeguarding critical infrastructures.</p> System and network security Networking and communications Cyber-physical system security Deep Learning Network attack False Data detection Adversarial Attack Power System decentralized computation
442	AN ARTIFICIAL INTELLIGENCE APPROACH FOR RELIABLE AUTONOMOUS NAVIGATION IN GPS-DENIED ENVIRONMENTS WITH APPLICATIONS TO UNMMANED AERIAL VEHICLES Mustafa MOHAMMAD S Alkhatib Sr (18496281) 03 May 2024 (has links) <p dir="ltr">This Research focuses on developing artificial intelligence tools to detect and mitigate cyber-attacks targeting unmanned aerial vehicles. </p> Machine learning Artificial Intelliegence Unmanned arial Vehicle Long short-term memory (LTSM) Return-to-home Software Defined Radio (SDR) Global positioning system(GPS) Jamming Mitigation
443	Software Supply Chain Security: Attacks, Defenses, and the Adoption of Signatures Taylor R Schorlemmer (14674685) 27 April 2024 (has links) <p dir="ltr">Modern software relies heavily on third-party dependencies (often distributed via public package registries), making software supply chain attacks a growing threat. Prior work investigated attacks and defenses, but only taxonomized attacks or proposed defensive techniques, did not consistently define software supply chain attacks, and did not provide properties to assess the security of software supply chains. We do not have a unified definition of software supply chain attacks nor a set of properties that a secure software supply chain should follow.</p><p dir="ltr">Guaranteeing authorship in a software supply chain is also a challenge. Package maintainers can guarantee package authorship through software signing. However, it is unclear how common this practice is or if existing signatures are created properly. Prior work provided raw data on registry signing practices, but only measured single platforms, did not consider quality, did not consider time, and did not assess factors that may influence signing. We do not have up-to-date measurements of signing practices nor do we know the quality of existing signatures. Furthermore, we lack a comprehensive understanding of factors that influence signing adoption.</p><p dir="ltr">This thesis addresses these gaps. First, we systematize existing knowledge into: (1) a four-stage supply chain attack pattern; and (2) a set of properties for secure supply chains (transparency, validity, and separation). Next, we measure current signing quantity and quality across three kinds of package registries: traditional software (Maven Central, PyPI), container images (Docker Hub), and machine learning models (Hugging Face). Then, we examine longitudinal trends in signing practices. Finally, we use a quasi-experiment to estimate the effect that various factors had on software signing practices.</p><p dir="ltr">To summarize the findings of our quasi-experiment: (1) mandating signature adoption improves the quantity of signatures; (2) providing dedicated tooling improves the quality of signing; (3) getting started is the hard part — once a maintainer begins to sign, they tend to continue doing so; and (4) although many supply chain attacks are mitigable via signing, signing adoption is primarily affected by registry policy rather than by public knowledge of attacks, new engineering standards, etc. These findings highlight the importance of software package registry managers and signing infrastructure.</p> System and network security Empirical software engineering software supply chain signing software signing digital signature cybersecurity software supply chain attack cryptography quasi experiment empirical software engineering provenance package registry software reuse
444	GARBLED COMPUTATION: HIDING SOFTWARE, DATAAND COMPUTED VALUES Shoaib Amjad Khan (19199497) 27 July 2024 (has links) <p dir="ltr">This thesis presents an in depth study and evaluation of a class of secure multiparty protocols that enable execution of a confidential software program $\mathcal{P}$ owned by Alice, on confidential data $\mathcal{D}$ owned by Bob, without revealing anything about $\mathcal{P}$ or $\mathcal{D}$ in the process. Our initial adverserial model is an honest-but-curious adversary, which we later extend to a malicious adverarial setting. Depending on the requirements, our protocols can be set up such that the output $\mathcal{P(D)}$ may only be learned by Alice, Bob, both, or neither (in which case an agreed upon third party would learn it). Most of our protocols are run by only two online parties which can be Alice and Bob, or alternatively they could be two commodity cloud servers (in which case neither Alice nor Bob participate in the protocols' execution - they merely initialize the two cloud servers, then go offline). We implemented and evaluated some of these protocols as prototypes that we made available to the open source community via Github. We report our experimental findings that compare and contrast the viability of our various approaches and those that already exist. All our protocols achieve the said goals without revealing anything other than upper bounds on the sizes of program and data.</p><p><br></p> Data and information privacy Data security and protection Software and application security Garbled computing Confidential computing Cryptographic construction security protocols. Security Protocol Analysis
445	Investigating cybersecurity response strategies : Measures to responding to successful spear phishing attacks Alaaraj, Aiham, Yassin, Ali January 2024 (has links) Spear phishing attacks pose an ongoing threat to organizational cybersecurity, requiring effective response measures. This study examines measures that can be implemented by Swedish organizations to respond to successful spear phishing attacks, focusing on technical solutions and cybersecurity frameworks. Through 14 semi-structured interviews with incident response teams and cybersecurity professionals, insights were gathered on the effectiveness of these measures as well as the challenges that may be faced in complying with them. The results indicate the presence of two primary response measures: technical solutions used during and after the successful attack. In addition, cybersecurity frameworks play a critical role in guiding organizations in countering successful spear phishing attacks. While the results provide valuable insight, their effectiveness varies depending on the challenges the organization may face in complying with measures. This study underscores the importance of comprehensive and effective measures to respond to successful spear phishing attacks and improve organizational resilience to evolving cyber threats. Spear phishing organizations cybersecurity incident response measures for spear phishing spear phishing incident response to spear phishing cyber threats Information Systems, Social aspects
446	The Role of Hiring Managers in regard to Inclusion in the Workplace : A Case Study of an SMB Multinational Organization in the Cybersecurity Sector Stokic, Tamara, Strelschenko Cuevas, Jules January 2024 (has links) This thesis examines how hiring managers promote inclusion in the cybersecurity sector. Conducted as a case study in a small to medium-sized multinational cybersecurity company, the research involved qualitative methods and semi-structured interviews. Findings reveal that hiring managers use strategies like unbiased recruitment, customized onboarding, team collaboration, trainings, and regular one-on-one meetings to foster inclusion. However, they face challenges such as a limited talent pool, budget constraints, cultural and language barriers, resistance to inclusion efforts, the impact of remote work, and a lack of formal tools and metrics. The study highlights the complex role of hiring managers in achieving workplace inclusion and suggests integrating sustainability and sustainable human resources practices to enhance inclusion efforts. Further research is recommended on the long-term effects of these initiatives, the intersectionality of identity groups, and the impact of emerging technologies and remote work on inclusion. Inclusion Initiatives Hiring Managers Workplace Inclusion Cybersecurity Sector Inclusive Hiring Practices Organizational Culture Leadership Sustainable Human Resources Management Övrig annan samhällsvetenskap Work Sciences Arbetslivsstudier
447	Skyddsåtgärder på sociala medier : En kvalitativ studie om hur individer kan skydda sig mot cyberattacker och varför de inte tillämpar skyddsåtgärder på sociala medier Shi, Amy, Sellman, Hanna January 2024 (has links) Digitala plattformars integration i samhället har omformat hur vi människor kommunicerar, arbetar och lever på. Sociala medier har bidragit till en central del i denna omvandling, samtidigt som det även har ökat risken för individers sårbarheter för cyberattacker. Individer lämnar digitala fotavtryck genom aktiviteter online som kan hota deras integritet och säkerhet. Trots detta saknar många medvetenhet om riskerna och kunskap om hur de kan skydda sig. Syftet med studien är att utforska vilka skyddsåtgärder som kan minska individers sårbarheter för cyberattacker på sociala medier. Dessutom syftar studien till att utforska varför de avstår från att använda dessa skyddsåtgärder. Genom att granska tidigare forskning och analysera de mänskliga faktorer som påverkar säkerhetsmedvetenhet, strävar studien efter att undersöka dessa beteenden. En kvalitativ forskningsansats antogs och datainsamlingen gemfördes med hjälp av semistrukturerade intervjuer. Analysen utfördes med en tematisk analysmetod där tre teman identifierades som är: skyddsåtgärder, sociala medier och attityder och användarbeteende. Slutsatsen är att individer kan tillämpa skyddsåtgärder som starka lösenord, undvika delning av lösenord, tvåfaktorsautentisering och att vara misstänksam mot okända meddelanden för att skydda sig mot cyberattacker. Individer använder inte dessa åtgärder på grund av en naiv attityd kring cyberattacker och upplevd omständighet med att implementera skyddsåtgärder. Trots att vissa blivit offer för cyberattacker fortsätter de att inte tillämpa skyddsåtgärder på grund av bristande förståelse för risker och konsekvenser. / The integration of digital platforms into society has transformed how we communicate, work, and live. Social media has played a central role in this transformation, while also increasing individuals' vulnerabilities to cyberattacks. People leave digital footprints through online activities that can threaten their privacy and security. Despite this, many lack awareness of the risks and knowledge of how to protect themselves. The aim of this study is to explore protective measures that can reduce individuals' vulnerabilities to cyberattacks on social media. Additionally, the study seeks to understand why individuals refrain from using these protective measures. By reviewing previous research and analyzing the human factors affecting security awareness, the study aims to investigate these behaviors. A qualitative research approach was adopted, and data was collected through semi-structured interviews. The analysis was conducted using a thematic analysis method, identifying three themes: protective measures, social media, and attitudes and user behavior. The conclusion is that individuals can apply protective measures such as strong passwords, avoiding password sharing, two-factor authentication, and being suspicious of unknown messages to protect themselves against cyberattacks. Individuals do not use these measures due to a naive attitude towards cyberattacks and the perceived inconvenience of implementing protective measures. Despite some having been victims of cyberattacks, they continue not to apply protective measures due to a lack of understanding of risks and consequences. Protective measures cybersecurity awareness social media online security phishing cyberattacks user behavior Skyddsåtgärder cybersäkerhetsmedvetenhet sociala medier säkerhet online nätfiske cyberattacker användarbeteende Information Systems, Social aspects
448	Разработка антивирусного решения на основе нейронных сетей : магистерская диссертация / Development of an antivirus solution based on neural networks Калиберда, А. А., Kaliberda, A. A. January 2024 (has links) The object of the study is malware and methods for its detection. The subject of the study is machine learning algorithms and neural networks for classifying files into malicious and safe. The purpose of the work is to develop an antivirus solution based on neural networks. Relevance of the work: the acceleration of the digitalization process makes the issue of protecting confidential data critically important. Traditional methods of antivirus protection are ineffective against zero-day attacks; more intelligent solutions are needed. Research methods: literature review, comparative analysis of machine learning algorithms and models, experimental studies, supervised learning, model validation and testing, software development, iterative testing. Results of the work: the antivirus software "Arbiter v2.5" has been created, surpassing existing neural network solutions. High accuracy of threat detection, including zero-day attacks, has been experimentally proven. Scientific novelty lies in the application of neural network language models for anti-virus file analysis. The proposed approach demonstrates significant potential for improving the issue of cybersecurity and has prospects for further research. / Объект исследования – вредоносное ПО и методы его обнаружения. Предметом исследования являются алгоритмы машинного обучения и нейронные сети для классификации файлов на вредоносные и безопасные. Цель работы – разработка антивирусного решения на основе нейронных сетей. Актуальность работы: ускорение процесса цифровизации делает вопрос защиты конфиденциальных данных критически важным. Традиционные методы антивирусной защиты малоэффективны против атак «нулевого дня», необходимы более интеллектуальные решения. Методы исследования: литературный обзор, сравнительный анализ алгоритмов и моделей машинного обучения, экспериментальные исследования, обучение с учителем, валидация и тестирование модели, разработка ПО, итерационное тестирование. Результаты работы: создано антивирусное ПО «Arbiter v2.5», превосходящее существующие нейросетевые решения. Экспериментально доказана высокая точность обнаружения угроз, включая атаки «нулевого дня». Научная новизна заключается в применении нейросетевых языковых моделей для антивирусного анализа файлов. Предложенный подход демонстрирует значительный потенциал для улучшения вопроса кибербезопасности и имеет перспективы для дальнейших исследований. MASTER'S THESIS ANTI-VIRUS SOFTWARE NEURAL NETWORKS MACHINE LEARNING FILE CLASSIFICATION CYBERSECURITY ZERO-DAY ATTACK DEEP LEARNING АНТИВИРУСНОЕ ПО НЕЙРОННЫЕ СЕТИ МАШИННОЕ ОБУЧЕНИЕ КЛАССИФИКАЦИЯ ФАЙЛОВ КИБЕРБЕЗОПАСНОСТЬ АТАКА НУЛЕВОГО ДНЯ ГЛУБОКОЕ ОБУЧЕНИЕ
449	<strong>TOWARDS A TRANSDISCIPLINARY CYBER FORENSICS GEO-CONTEXTUALIZATION FRAMEWORK</strong> Mohammad Meraj Mirza (16635918) 04 August 2023 (has links) <p>Technological advances have a profound impact on people and the world in which they live. People use a wide range of smart devices, such as the Internet of Things (IoT), smartphones, and wearable devices, on a regular basis, all of which store and use location data. With this explosion of technology, these devices have been playing an essential role in digital forensics and crime investigations. Digital forensic professionals have become more able to acquire and assess various types of data and locations; therefore, location data has become essential for responders, practitioners, and digital investigators dealing with digital forensic cases that rely heavily on digital devices that collect data about their users. It is very beneficial and critical when performing any digital/cyber forensic investigation to consider answering the six Ws questions (i.e., who, what, when, where, why, and how) by using location data recovered from digital devices, such as where the suspect was at the time of the crime or the deviant act. Therefore, they could convict a suspect or help prove their innocence. However, many digital forensic standards, guidelines, tools, and even the National Institute of Standards and Technology (NIST) Cyber Security Personnel Framework (NICE) lack full coverage of what location data can be, how to use such data effectively, and how to perform spatial analysis. Although current digital forensic frameworks recognize the importance of location data, only a limited number of data sources (e.g., GPS) are considered sources of location in these digital forensic frameworks. Moreover, most digital forensic frameworks and tools have yet to introduce geo-contextualization techniques and spatial analysis into the digital forensic process, which may aid digital forensic investigations and provide more information for decision-making. As a result, significant gaps in the digital forensics community are still influenced by a lack of understanding of how to properly curate geodata. Therefore, this research was conducted to develop a transdisciplinary framework to deal with the limitations of previous work and explore opportunities to deal with geodata recovered from digital evidence by improving the way of maintaining geodata and getting the best value from them using an iPhone case study. The findings of this study demonstrated the potential value of geodata in digital disciplinary investigations when using the created transdisciplinary framework. Moreover, the findings discuss the implications for digital spatial analytical techniques and multi-intelligence domains, including location intelligence and open-source intelligence, that aid investigators and generate an exceptional understanding of device users' spatial, temporal, and spatial-temporal patterns.</p> Spatial data and applications Knowledge representation and reasoning Digital forensics Data engineering and data science Knowledge and information management Digital curation and preservation Cyber Crime Cybersecurity Cyber Forensics DFIR Digital Forensics Incident Response Threat Intelligence Networking Mobile Forensics iOS Forensics Intelligence Open-source Intelligence (OSINT) Location Intelligence GIS Spatial Analysis Spatiotemporal Analysis UAV Forensics GeoDatabase Geodata
450	Faculty Senate Minutes February 6, 2017 University of Arizona Faculty Senate 07 March 2017 (has links) This item contains the agenda, minutes, and attachments for the Faculty Senate meeting on this date. There may be additional materials from the meeting available at the Faculty Center. defining NTE faculty Nontenure-eligible faculty BS in Applied Biomedical Industries MS in Genetic Counseling dean searches Spring Calendar Changes MS in Cybersecurity BS In Architectural Engineering

Search results