Global ETD Search

1	Learning multi-agent pursuit of a moving target Lu, Jieshan Unknown Date No description available. moving target search features machine learning
2	Learning multi-agent pursuit of a moving target Lu, Jieshan 11 1900 (has links) In this thesis we consider the task of catching a moving target with multiple pursuers, also known as the “Pursuit Game”, in which coordination among the pursuers is critical. Our testbed is inspired by the pursuit problem in video games, which require fast planning to guarantee fluid frame rates. We apply supervised machine learning methods to automatically derive efficient multi-agent pursuit strategies on rectangular grids. Learning is achieved by computing training data off-line and exploring the game tree on small problems. We also generalize the data to previously unseen and larger problems by learning robust pursuit policies, and run empirical comparisons between several sets of state features using a simple learning architecture. The empirical results show that 1) the application of learning across different maps can help improve game-play performance, especially on non-trivial maps against intelligent targets, and 2) simple heuristic works effectively on simple maps or less intelligent targets. moving target search features machine learning
3	Optimizing a Network Layer Moving Target Defense by Translating Software from Python to C Hardman, Owen Russell 10 January 2016 (has links) The security of powerful systems and large networks is often addressed through complex defenses. While these types of defenses offer increased security, they are resource intensive and therefore impractical to implement on many new classes of networked systems, such as mobile phones and small, embedded network infrastructure devices. To provide security for these systems, new defenses must be created that provide highly efficient security. The Moving Target IPv6 Defense (MT6D) is a network layer moving target defense that dynamically changes Internet Protocol version 6 (IPv6) addresses mid-session while still maintaining continuous communication. MT6D was originally written in Python language, but this implementation suffers from severe performance limitations. By translating MT6D from Python to C and taking advantage of operating system specific application programming interfaces (APIs) and optimizations, MT6D can become a viable defense for resource constrained systems. The Python version of MT6D is analyzed initially to determine what functions might be performance bottlenecks that could be performed more efficiently using C. Based on this analysis, specific parts of the Python version are identified for improvement in the C version by either using functionality of the Linux kernel and network stack or by reworking the code in a more efficient way. After this analysis, the information gathered about the Python version is used to write the C version, using methods specific to a moving target defense to capture, analyze, modify, and tunnel packets. Finally, tests are designed and run to compare the performance of the Python and C versions. / Master of Science IPv6 Moving Target Defense Optimizing Python C
4	Evaluating and quantifying the feasibility and effectiveness of whole IT system moving target defenses Bardas, Alexandru Gavril January 1900 (has links) Doctor of Philosophy / Computing and Information Sciences / Scott A. DeLoach / Xinming (Simon) Ou / The Moving Target Defense (MTD) concept has been proposed as an approach to rebalance the security landscape by increasing uncertainty and apparent complexity for attackers, reducing their window of opportunity, and raising the costs of their reconnaissance and attack efforts. Intuitively, the idea of applying MTD techniques to a whole IT system should provide enhanced security; however, little research has been done to show that it is feasible or beneficial to the system’s security. This dissertation presents an MTD platform at the whole IT system level in which any component of the IT system can be automatically and reliably replaced with a fresh new one. A component is simply a virtual machine (VM) instance or a cluster of instances. There are a number of security benefits when leveraging such an MTD platform. Replacing a VM instance with a new one with the most up-to-date operating system and applications eliminates security problems caused by unpatched vulnerabilities and all the privileges the attacker has obtained on the old instance. Configuration parameters for the new instance, such as IP address, port numbers for services, and credentials, can be changed from the old ones, invalidating the knowledge the attackers already obtained and forcing them to redo the work to re-compromise the new instance. In spite of these obvious security benefits, building a system that supports live replacement with minimal to no disruption to the IT system’s normal operations is difficult. Modern enterprise IT systems have complex dependencies among services so that changing even a single instance will almost certainly disrupt the dependent services. Therefore, the replacement of instances must be carefully orchestrated with updating the settings of the dependent instances. This orchestration of changes is notoriously error-prone if done manually, however, limited tool support is available to automate this process. We designed and built a framework (ANCOR) that captures the requirements and needs of a whole IT system (in particular, dependencies among various services) and compiles them into a working IT system. ANCOR is at the core of the proposed MTD platform (ANCOR-MTD) and enables automated live instance replacements. In order to evaluate the platform’s practicality, this dissertation presents a series of experiments on multiple IT systems that show negligible (statistically non-significant) performance impacts. To evaluate the platform’s efficacy, this research analyzes costs versus security benefits by quantifying the outcome (sizes of potential attack windows) in terms of the number of adaptations, and demonstrates that an IT system deployed and managed using the proposed MTD platform will increase attack difficulty. Moving Target Defense System security Cloud Configuration management Deployment automation
5	New Approaches to Ground Moving Target Indicator Radar Riedl, Michael Richard 28 December 2016 (has links) No description available. Electrical Engineering Engineering
6	Achieving Security and Privacy in the Internet Protocol Version 6 Through the Use of Dynamically Obscured Addresses Dunlop, Matthew William 24 April 2012 (has links) Society's increased use of network applications, such as email, social networking, and web browsing, creates a massive amount of information floating around in cyber space. An attacker can collect this information to build a profile of where people go, what their interests are, and even what they are saying to each other. For certain government and corporate entities, the exposure of this information could risk national security or loss of capital. This work identifies vulnerabilities in the way the Internet Protocol version 6 (IPv6) forms addresses. These vulnerabilities provide attackers with the ability to track a node's physical location, correlate network traffic with specific users, and even launch attacks against users' systems. A Moving Target IPv6 Defense (MT6D) that rotates through dynamically obscured network addresses while maintaining existing connections was developed to prevent these addressing vulnerabilities.MT6D is resistant to the IPv6 addressing vulnerabilities since addresses are not tied to host identities and continuously change. MT6D leverages the immense address space of IPv6 to provide an environment that is infeasible to search efficiently. Address obscuration in MT6D occurs throughout ongoing sessions to provide continued anonymity, confidentiality, and security to communicating hosts. Rotating addresses mid-session prevents an attacker from determining that the same two hosts are communicating. The dynamic addresses also force an attacker to repeatedly reacquire the target node before he or she can launch a successful attack. A proof of concept was developed that demonstrates the feasibility of MT6D and its ability to seamlessly bind new IPv6 addresses. Also demonstrated is MT6D's ability to rotate addresses mid-session without dropping or renegotiating sessions.This work makes three contributions to the state-of-the-art IPv6 research. First, it fully explores the security vulnerabilities associated with IPv6 address formation and demonstrates them on a production IPv6 network. Second, it provides a method for dynamically rotating network addresses that defeats these vulnerabilities. Finally, a functioning prototype is presented that proves how network addresses can be dynamically rotated without losing established network connections. If IPv6 is to be globally deployed, it must not provide additional attack vectors that expose user information. / Ph. D. Dynamic Addressing Security Privacy Moving Target Defense IPv6
7	Improving the Security, Privacy, and Anonymity of a Client-Server Network through the Application of a Moving Target Defense Morrell, Christopher Frank 03 May 2016 (has links) The amount of data that is shared on the Internet is growing at an alarming rate. Current estimates state that approximately 2.5 exabytes of data were generated every day in 2012. This rate is only growing as people continue to increase their on-line presence. As the amount of data grows, so too do the number of people who are attempting to gain access to the data. Attackers try many methods to gain access to information, including a number of attacks that occur at the network layer. A network-based moving target defense is a technique that obfuscates the location of a machine on the Internet by arbitrarily changing its IP address periodically. MT6D is one of these techniques that leverages the size of the IPv6 address space to make it statistically impossible for an attacker to find a specific target machine. MT6D was designed with a number of limitations that include manually generated static configurations and support for only peer to peer networks. This work presents extensions to MT6D that provide dynamically generated configurations, a secure and dynamic means of exchanging configurations, and with these new features, an ability to function as a server supporting a large number of clients. This work makes three primary contributions to the field of network-based moving target defense systems. First, it provides a means to exchange arbitrary information in a way that provides network anonymity, authentication, and security. Second, it demonstrates a technique that gives MT6D the capability to exchange configuration information by only sharing public keys. Finally, it introduces a session establishment protocol that clients can use to establish concurrent connections with an MT6D server. / Ph. D. IPv6 Security Privacy Moving Target Defense Client Server Network
8	Strengthening MT6D Defenses with Darknet and Honeypot capabilities Basam, Dileep Kumar 09 December 2015 (has links) With the ever increasing adoption of IPv6, there has been a growing concern for security and privacy of IPv6 networks. Mechanisms like the Moving Target IPv6 Defense (MT6D) leverage the immense address space available with the new 128-bit addressing scheme to improve security and privacy of IPv6 networks. MT6D allows participating hosts to hop onto new addresses, that are cryptographically computed, without any disruption to ongoing conversations. However, there is no feedback mechanism in the current MT6D implementation to substantiate the core strength of the scheme i.e., to find an attacker attempting to discover and target any MT6D addresses. This thesis proposes a method to monitor the intruder activity targeting the relinquished addresses to extract information for reinforcing the defenses of the MT6D scheme. Our solution identifies and acquires IPv6 addresses that are being discarded by MT6D hosts on a local network, in addition to monitoring and visualizing the incoming traffic on these addresses. This is essentially equivalent to forming a darknet out of the discarded MT6D addresses. The solution's architecture also includes an ability to deploy a virtual (LXC-based) honeypot on-demand, based on any interesting traffic pattern observed on a discarded address. With this solution in place, we can become cognizant of an attacker trailing an MT6D-host along the address changes, as well as understanding the composition of attack traffic hitting the discarded MT6D addresses. With the honeypot deployment capabilities, the solution can take the conversation forward with the attacker to collect more information on attacker methods and delay further tracking attempts. The solution architecture also allows an MT6D host to query the solution database for network activity on its relinquished addresses as a JavaScript Object Notation (JSON) object. This feature allows the MT6D host to identify any suspicious activity on its discarded addresses and strengthen the MT6D scheme parameters accordingly. We have built a proof-of-concept for the proposed solution and analyzed the solution's feasibility and scalability. / Master of Science Moving Target Defense MT6D Darknet Honeypot Dionaea IPv6
9	Micro-Moving Target IPv6 Defense for 6LoWPAN and the Internet of Things Sherburne, Matthew Gilbert 07 May 2015 (has links) The Internet of Things (IoT) is composed of billions of sensors and actuators that have varying tasks aimed at making industry, healthcare, and home life more efficient. These sensors and actuators are mainly low-powered and resource-constrained embedded devices with little room for implementing IP security in addition to their main function. With the fact that more of these devices are using IPv6 addressing, we seek to adapt a moving-target defense measure called Moving Target IPv6 Defense for use with embedded devices in order to add an additional layer of security. This adaptation, which we call Micro-Moving Target IPv6 Defense, operates within IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) which is used in IEEE 802.15.4 wireless networks in order to establish IPv6 communications. The purpose of this defense is to obfuscate the communications between a sensor and a server in order to thwart a potential attacker from performing eavesdropping, denial-of-service, or man-in-the-middle attacks. We present our work in establishing this security mechanism and analyze the required control overhead on the wireless network. / Master of Science Internet of Things IPv6 Security 6LoWPAN Moving Target Defense
10	Multiagent Moving Target Search In Fully Visible Grid Environments With No Speed Difference Erogul, Can 01 December 2006 (has links) (PDF) In this thesis, a new real-time multi-agent moving target pursuit algorithm and a moving target algorithm are developed and implemented. The environment is a grid world, in which a coordinated team of agents cooperatively blocks the possible escape routes of an intelligent target in real-time. Most of the moving target search algorithms presume that the agents are faster than the targets, so the pursuit is sure to end in favor of the agents. In this work, we relax this assumption and assume that all the moving objects have the same speed. This means that the agents must find a new approach for success in the pursuit, other than just chasing the targets. When the search agents and the moving targets are moving with the same speed, we need more than one search agent which can coordinate with the other agents to capture the target. Agents are allowed to communicate with each other. We propose a multi-agent search algorithm for this problem. To our best knowledge, there is no alternative algorithm designed based on these assumptions. The proposed algorithm is compared to the modified versions of its counterparts (A*, MTS and its derivatives) experimentally.

Search results