Global ETD Search

21	TRACE DATA-DRIVEN DEFENSE AGAINST CYBER AND CYBER-PHYSICAL ATTACKS.pdf Abdulellah Abdulaziz M Alsaheel (17040543) 11 October 2023 (has links) <p dir="ltr">In the contemporary digital era, Advanced Persistent Threat (APT) attacks are evolving, becoming increasingly sophisticated, and now perilously targeting critical cyber-physical systems, notably Industrial Control Systems (ICS). The intersection of digital and physical realms in these systems enables APT attacks on ICSs to potentially inflict physical damage, disrupt critical infrastructure, and jeopardize human safety, thereby posing severe consequences for our interconnected world. Provenance tracing techniques are essential for investigating these attacks, yet existing APT attack forensics approaches grapple with scalability and maintainability issues. These approaches often hinge on system- or application-level logging, incurring high space and run-time overheads and potentially encountering difficulties in accessing source code. Their dependency on heuristics and manual rules necessitates perpetual updates by domain-knowledge experts to counteract newly developed attacks. Additionally, while there have been efforts to verify the safety of Programming Logic Controller (PLC) code as adversaries increasingly target industrial environments, these works either exclusively consider PLC program code without connecting to the underlying physical process or only address time-related physical safety issues neglecting other vital physical features.</p><p dir="ltr">This dissertation introduces two novel frameworks, ATLAS and ARCHPLC, to address the aforementioned challenges, offering a synergistic approach to fortifying cybersecurity in the face of evolving APT and ICS threats. ATLAS, an effective and efficient multi-host attack investigation framework, constructs end-to-end APT attack stories from audit logs by combining causality analysis, Natural Language Processing (NLP), and machine learning. Identifying key attack patterns, ATLAS proficiently analyzes and pinpoints attack events, minimizing alert fatigue for cyber analysts. During evaluations involving ten real-world APT attacks executed in a realistic virtual environment, ATLAS demonstrated an ability to recover attack steps and construct attack stories with an average precision of 91.06%, a recall of 97.29%, and an F1-score of 93.76%, providing a robust framework for understanding and mitigating cyber threats.</p><p dir="ltr">Concurrently, ARCHPLC, an advanced approach for enhancing ICS security, combines static analysis of PLC code and data mining from ICS data traces to derive accurate invariants, providing a comprehensive understanding of ICS behavior. ARCHPLC employs physical causality graph analysis techniques to identify cause-effect relationships among plant components (e.g., sensors and actuators), enabling efficient and quantitative discovery of physical causality invariants. Supporting patching and run-time monitoring modes, ARCHPLC inserts derived invariants into PLC code using program synthesis in patching mode and inserts invariants into a dedicated monitoring program for continuous safety checks in run-time monitoring mode. ARCHPLC adeptly detects and mitigates run-time anomalies, providing exceptional protection against cyber-physical attacks with minimal overhead. In evaluations against 11 cyber-physical attacks on a Fischertechnik manufacturing plant and a chemical plant simulator, ARCHPLC protected the plants without any false positives or negatives, with an average run-time overhead of 14.31% in patching mode and 0.4% in run-time monitoring mode.</p><p dir="ltr">In summary, this dissertation provides invaluable solutions that equip cybersecurity professionals to enhance APT attack investigation, enabling them to identify and comprehend complex attacks with heightened accuracy. Moreover, these solutions significantly bolster the safety and security of ICS infrastructure, effectively protecting critical systems and strengthening defenses against cyber-physical attacks, thereby contributing substantially to the field of cybersecurity.</p> Software and application security System and network security ICS Security forensics investigation attack detection
22	Securing resource constrained platforms with low-cost solutions. Arslan Khan (17592498) 11 December 2023 (has links) <p dir="ltr">This thesis focuses on securing different attack surfaces of embedded systems while meeting the stringent requirements imposed by these systems. Due to the specialized architecture of embedded systems, the security measures should be customized to match the unique requirements of each specific domain. To this end, this thesis identified novel security architectures using techniques such as anomaly detection, program analysis, compartmentalization, etc. This thesis synergizes work at the intersection of programming languages, compilers, computer architecture, operating systems, and embedded systems. </p> System and network security Operating systems embeded system systems security programming language correction compartmentalization concept Operating systems (Computers) firmware security inspection techno...
23	<strong>Deep Learning-Based Anomaly Detection in TLS Encrypted Traffic</strong> Kehinde Ayano (16650471) 03 August 2023 (has links) <p> The growing trend of encrypted network traffic is changing the cybersecurity threat scene. Most critical infrastructures and organizations enhance service delivery by embracing digital platforms and applications that use encryption to ensure that data and Information are moved across networks in an encrypted form to improve security. While this protects data confidentiality, hackers are also taking advantage of encrypted network traffic to hide malicious software known as malware that will easily bypass the conventional detection mechanisms on the system because the traffic is not transparent for the monitoring mechanism on the system to analyze. Cybercriminals leverage encryption using cryptographic protocols such as SSL/TLS to launch malicious attacks. This hidden threat exists because of the SSL encryption of benign traffic. Hence, there is a need for visibility in encrypted traffic. This research was conducted to detect malware in encrypted network traffic without decryption. The existing solution involves bulk decryption, analysis, and re-encryption. However, this method is prone to privacy issues, is not cost-efficient, and is time-consuming, creating huge overhead on the network. In addition, limited research exists on detecting malware in encrypted traffic without decryption. There is a need to strike a balance between security and privacy by building an intelligent framework that can detect malicious activity in encrypted network traffic without decrypting the traffic prior to inspection. With the payload still encrypted, the study focuses on extracting metadata from flow features to train the machine-learning model. It further deployed this set of features as input to an autoencoder, leveraging the construction error of the autoencoder for anomaly detection. </p> Data and information privacy Data security and protection System and network security Cybersecurity Privacy Encrypted Traffic Network Security Machine Learning Deep Learning
24	Defeating Critical Threats to Cloud User Data in Trusted Execution Environments Adil Ahmad (13150140) 26 July 2022 (has links) <p>In today’s world, cloud machines store an ever-increasing amount of sensitive user data, but it remains challenging to guarantee the security of our data. This is because a cloud machine’s system software—critical components like the operating system and hypervisor that can access and thus leak user data—is subject to attacks by numerous other tenants and cloud administrators. Trusted execution environments (TEEs) like Intel SGX promise to alter this landscape by leveraging a trusted CPU to create execution contexts (or enclaves) where data cannot be directly accessed by system software. Unfortunately, the protection provided by TEEs cannot guarantee complete data security. In particular, our data remains unprotected if a third-party service (e.g., Yelp) running inside an enclave is adversarial. Moreover, data can be indirectly leaked from the enclave using traditional memory side-channels.</p> <p><br></p> <p>This dissertation takes a significant stride towards strong user data protection in cloud machines using TEEs by defeating the critical threats of adversarial cloud services and memory side-channels. To defeat these threats, we systematically explore both software and hardware designs. In general, we designed software solutions to avoid costly hardware changes and present faster hardware alternatives.</p> <p><br></p> <p>We designed 4 solutions for this dissertation. Our Chancel system prevents data leaks from adversarial services by restricting data access capabilities through robust and efficient compiler-enforced software sandboxing. Moreover, our Obliviate and Obfuscuro systems leverage strong cryptographic randomization and prevent information leakage through memory side-channels. We also propose minimal CPU extensions to Intel SGX called Reparo that directly close the threat of memory side-channels efficiently. Importantly, each designed solution provides principled protection by addressing the underlying root-cause of a problem, instead of enabling partial mitigation.</p> <p><br></p> <p>Finally, in addition to the stride made by our work, future research thrust is required to make TEEs ubiquitous for cloud usage. We propose several such research directions to pursue the essential goal of strong user data protection in cloud machines.</p> Data security and protection Hardware security System and network security Cloud data protection Trusted Execution Environments (TEEs) Intel Software Guard eXtensions (SGX) Oblivious RAM (ORAM) Hardware extensions Compiler-aided protection
25	TOWARDS SECURE AND RELIABLE ROBOTIC VEHICLES WITH HOLISTIC MODELING AND PROGRAM ANALYSIS Hong Jun Choi (13045434) 08 August 2022 (has links) <p>Cyber-Physical Systems (CPS) are integrated systems that consist of the computational and physical components with network communication to support operation in the physical world. My PhD dissertation focuses on the security and reliability of autonomous cyber-physical systems, such as self-driving cars, drones, and underwater robots, that are safety-critical systems based on the seamless integration of cyber and physical components. Autonomous CPS are becoming an integral part of our life. The market for autonomous driving systems is expected to be more than $65 billion by 2026. The security of such CPS is hence critical. Beyond traditional cyber-only computing systems, these complex and integrated CPS have unique characteristics. From the security perspective, they open unique research opportunities since they introduce additional attack vectors and post new challenges that existing cyber-oriented approaches cannot address well. <em>The goal of my research is to build secure and reliable autonomous CPS by bridging the gap between the cyber and physical domains.</em> To this end, my work focuses on fundamental research questions associated with cyber-physical attack and defense, vulnerability discovery and elimination, and post-attack investigation. My approach to solving the problems involves various techniques and interdis- ciplinary knowledge, including program analysis, search-based software engineering, control theory, robotics, and AI/machine learning.</p> System and network security Cyber-Physical Systems CPS Robotic Vehicle Security Reliability Software Testing Software Engineering Attack Detection Attack Resilience Vulnerability Analysis Attack Investigation Forensics
26	Privacy and Security Enhancements for Tor Arushi Arora (18414417) 21 April 2024 (has links) <p dir="ltr">Privacy serves as a crucial safeguard for personal autonomy and information, enabling control over personal data and space, fostering trust and security in society, and standing as a cornerstone of democracy by protecting against unwarranted interference. This work aims to enhance Tor, a volunteer-operated network providing privacy to over two million users, by improving its programmability, security, and user-friendliness to support wider adoption and underscore the importance of privacy in protecting individual rights in the digital age.</p><p dir="ltr">Addressing Tor's limitations in adapting to new services and threats, this thesis introduces programmable middleboxes, enabling users to execute complex functions on Tor routers to enhance anonymity, security, and performance. This architecture, called Bento, is designed to secure middleboxes from harmful functions and vice versa, making Tor more flexible and efficient.</p><p dir="ltr">Many of the attacks on Tor's anonymity occur when an adversary can intercept a user’s traffic; it is thus useful to limit how much of a user's traffic can enter potentially adversarial networks. We tackle the vulnerabilities of onion services to surveillance and censorship by proposing DeTor<sub>OS</sub>, a Bento function enabling geographic avoidance for onion services- which is challenging since no one entity knows the full circuit between user and onion service, providing a method to circumvent adversarial regions and enhance user privacy.</p><p dir="ltr">The final part focuses on improving onion services' usability and security. Despite their importance, these services face high latency, Denial of Service (DoS) and deanonymization attacks due to their content. We introduce CenTor, a Content Delivery Network (CDN) for onion services using Bento, offering replication, load balancing, and content proximity benefits. Additionally, we enhance performance with multipath routing strategies through uTor, balancing performance and anonymity. We quantitatively analyze how geographical-awareness for an onion service CDN and its clients could impact a user’s anonymity- performance versus security tradeoff. Further, we evaluate CenTor on the live Tor network as well as large-scale Shadow simulations.</p><p dir="ltr">These contributions, requiring no changes to the Tor protocol, represent significant advancements in Tor's capabilities, performance, and defenses, demonstrating potential for immediate benefits to the Tor community.</p> System and network security Networking and communications Privacy and data rights tor anonymity networks privacy usability and security programmable networks onion services CDN censorship anonymity NFV
27	EXPLAINABLE AI METHODS FOR ENHANCING AI-BASED NETWORK INTRUSION DETECTION SYSTEMS Osvaldo Guilherme Arreche (18569509) 03 September 2024 (has links) <p dir="ltr">In network security, the exponential growth of intrusions stimulates research toward developing advanced artificial intelligence (AI) techniques for intrusion detection systems (IDS). However, the reliance on AI for IDS presents challenges, including the performance variability of different AI models and the lack of explainability of their decisions, hindering the comprehension of outputs by human security analysts. Hence, this thesis proposes end-to-end explainable AI (XAI) frameworks tailored to enhance the understandability and performance of AI models in this context.</p><p><br></p><p dir="ltr">The first chapter benchmarks seven black-box AI models across one real-world and two benchmark network intrusion datasets, laying the foundation for subsequent analyses. Subsequent chapters delve into feature selection methods, recognizing their crucial role in enhancing IDS performance by extracting the most significant features for identifying anomalies in network security. Leveraging XAI techniques, novel feature selection methods are proposed, showcasing superior performance compared to traditional approaches.</p><p><br></p><p dir="ltr">Also, this thesis introduces an in-depth evaluation framework for black-box XAI-IDS, encompassing global and local scopes. Six evaluation metrics are analyzed, including descrip tive accuracy, sparsity, stability, efficiency, robustness, and completeness, providing insights into the limitations and strengths of current XAI methods.</p><p><br></p><p dir="ltr">Finally, the thesis addresses the potential of ensemble learning techniques in improving AI-based network intrusion detection by proposing a two-level ensemble learning framework comprising base learners and ensemble methods trained on input datasets to generate evalua tion metrics and new datasets for subsequent analysis. Feature selection is integrated into both levels, leveraging XAI-based and Information Gain-based techniques.</p><p><br></p><p dir="ltr">Holistically, this thesis offers a comprehensive approach to enhancing network intrusion detection through the synergy of AI, XAI, and ensemble learning techniques by providing open-source codes and insights into model performances. Therefore, it contributes to the security advancement of interpretable AI models for network security, empowering security analysts to make informed decisions in safeguarding networked systems.<br></p> System and network security artificial intelligence - AI Intrusion Detection Systems (IDS) explainable ai system ensemble learner feature selection applied
28	Achieving Compositional Security and Privacy in IoT Environments Muslum Ozgur Ozmen (18870154) 11 September 2024 (has links) <p dir="ltr">The Internet of Things (IoT) systems include sensors that measure the physical world, actuators that influence it, and IoT apps that automate these sensors and actuators. Although IoT environments have revolutionized our lives by integrating digital connectivity into physical processes, they also introduce unique security and privacy concerns. Particularly, these systems include multiple components that are unified through the cyber and physical domains. For instance, smart homes include various devices and multiple IoT apps that control these devices. Thus, attacks against any single component can have rippling effects, amplifying due to the composite behavior of sensors, actuators, apps, and the physical environment.</p><p dir="ltr">In this dissertation, I explore the emerging security and privacy issues that arise from the complex physical interactions in IoT environments. To discover and mitigate these emerging issues, there is a need for composite reasoning techniques that consider the interplay between digital and physical domains. This dissertation addresses these challenges to build secure IoT environments and enhance user privacy with new formal techniques and systems.</p><p dir="ltr">To this end, I first describe my efforts in ensuring the safety and security of IoT en- vironments. Particularly, I introduced IoTSeer, a security service that discovers physical interaction vulnerabilities among IoT apps. I then proposed attacks that evade prior event verification systems by exploiting the complex physical interactions between IoT sensors and actuators. To address them, I developed two defenses, software patching and sensor placement, to make event verification systems robust against evasion attacks. These works provide a suite of tools to achieve compositional safety and security in IoT environments. </p><p dir="ltr">Second, I discuss my work that identifies the privacy risks of emerging IoT devices. I designed DMC-Xplorer to find vulnerabilities in voice assistant platforms and showed that an adversary can eavesdrop on privacy-sensitive device states and prevent users from controlling devices. I then developed a remote side-channel attack against intermittent devices to infer privacy-sensitive information about the environment in which they are deployed. These works highlight new privacy issues in emerging commodity devices used in IoT environments.</p> Data and information privacy System and network security IoT Security Cyber-physical systems security Internet of Things Privacy Formal Methods
29	Analyzing Secure and Attested Communication in Mobile Devices Muhammad Ibrahim (19761798) 01 October 2024 (has links) <p dir="ltr">To assess the security of mobile devices, I begin by identifying the key entities involved in their operation: the user, the mobile device, and the service or device being accessed. Users rely on mobile devices to interact with services and perform essential tasks. These devices act as gateways, enabling communication between the user and the back-end services. For example, a user may access their bank account via a banking app on their mobile device, which communicates with the bank’s back-end server. In such scenarios, the server must authenticate the user to ensure only authorized individuals can access sensitive information. However, beyond user authentication, it is crucial for connected services and devices to verify the integrity of the mobile device itself. A compromised mobile device can have severe consequences for both the user and the services involved.</p><p dir="ltr">My research focuses on examining the methods used by various entities to attest and verify the integrity of mobile devices. I conduct a comprehensive analysis of mobile device attestation from multiple perspectives. Specifically, I investigate how attestation is carried out by back-end servers of mobile apps, IoT devices controlled by mobile companion apps, and large language models (LLMs) accessed via mobile apps.</p><p dir="ltr">In the first case, back-end servers of mobile apps must attest to the integrity of the device to protect against tampered apps and devices, which could lead to financial loss, data breaches, or intellectual property theft. For instance, a music streaming service must implement strong security measures to verify the device’s integrity before transmitting sensitive content to prevent data leakage or unauthorized access.</p><p dir="ltr">In the second case, IoT devices must ensure they are communicating with legitimate companion apps running on attested mobile devices. Failure to enforce proper attestation for IoT companion apps can expose these devices to malicious attacks. An attacker could inject malicious code into an IoT device, potentially causing physical damage to the device or its surroundings, or even seizing control of the device, leading to critical safety risks, property damage, or harm to human lives.</p><p dir="ltr">Finally, in the third case, malicious apps can exploit prompt injection attacks against LLMs, leading to data leaks or unauthorized access to APIs and services offered by the LLM. These scenarios underscore the importance of secure and attested communication between mobile devices and the services they interact with.</p> Software and application security System and network security Mobile computing Android app interface Android Forensics Mobile Security & Privacy IOT SECURITY AI Security
30	DEEP LEARNING FOR SECURING CRITICAL INFRASTRUCTURE WITH THE EMPHASIS ON POWER SYSTEMS AND WIRELESS COMMUNICATION Gihan janith mendis Imbulgoda liyangahawatte (10488467) 27 April 2023 (has links) <p><em>Imbulgoda Liyangahawatte, Gihan Janith Mendis Ph.D., Purdue University, May</em></p> <p><em>2023. Deep learning for securing critical infrastructure with the emphasis on power</em></p> <p><em>systems and wireless communication. Major Professor: Dr. Jin Kocsis.</em></p> <p><br></p> <p><em>Critical infrastructures, such as power systems and communication</em></p> <p><em>infrastructures, are of paramount importance to the welfare and prosperity of</em></p> <p><em>modern societies. Therefore, critical infrastructures have a high vulnerability to</em></p> <p><em>attacks from adverse parties. Subsequent to the advancement of cyber technologies,</em></p> <p><em>such as information technology, embedded systems, high-speed connectivity, and</em></p> <p><em>real-time data processing, the physical processes of critical infrastructures are often</em></p> <p><em>monitored and controlled through cyber systems. Therefore, modern critical</em></p> <p><em>infrastructures are often viewed as cyber-physical systems (CPSs). Incorporating</em></p> <p><em>cyber elements into physical processes increases efficiency and control. However, it</em></p> <p><em>also increases the vulnerability of the systems to potential cybersecurity threats. In</em></p> <p><em>addition to cyber-level attacks, attacks on the cyber-physical interface, such as the</em></p> <p><em>corruption of sensing data to manipulate physical operations, can exploit</em></p> <p><em>vulnerabilities in CPSs. Research on data-driven security methods for such attacks,</em></p> <p><em>focusing on applications related to electrical power and wireless communication</em></p> <p><em>critical infrastructure CPSs, are presented in this dissertation. As security methods</em></p> <p><em>for electrical power systems, deep learning approaches were proposed to detect</em></p> <p><em>adversarial sensor signals targeting smart grids and more electric aircraft.</em></p> <p><em>Considering the security of wireless communication systems, deep learning solutions</em></p> <p><em>were proposed as an intelligent spectrum sensing approach and as a primary user</em></p> <p><em>emulation (PUE) attacks detection method on the wideband spectrum. The recent</em></p> <p><em>abundance of micro-UASs can enable the use of weaponized micro-UASs to conduct</em></p> <p><em>physical attacks on critical infrastructures. As a solution for this, the radio</em></p> <p><em>frequency (RF) signal-analyzing deep learning method developed for spectrum</em></p> <p><em>sensing was adopted to realize an intelligent radar system for micro-UAS detection.</em></p> <p><em>This intelligent radar can be used to provide protection against micro-UAS-based</em></p> <p><em>physical attacks on critical infrastructures.</em></p> System and network security Deep learning Deep Learning Cyber-physical system security Wireless Communication System Drone detection radar Power system cybersecurity

Search results