Global ETD Search

31	DEEP LEARNING FOR SECURING CRITICAL INFRASTRUCTURE WITH THE EMPHASIS ON POWER SYSTEMS AND WIRELESS COMMUNICATION Gihan janith mendis Imbulgoda liyangahawatte (10488467) 27 April 2023 (has links) <p><em>Imbulgoda Liyangahawatte, Gihan Janith Mendis Ph.D., Purdue University, May</em></p> <p><em>2023. Deep learning for securing critical infrastructure with the emphasis on power</em></p> <p><em>systems and wireless communication. Major Professor: Dr. Jin Kocsis.</em></p> <p><br></p> <p><em>Critical infrastructures, such as power systems and communication</em></p> <p><em>infrastructures, are of paramount importance to the welfare and prosperity of</em></p> <p><em>modern societies. Therefore, critical infrastructures have a high vulnerability to</em></p> <p><em>attacks from adverse parties. Subsequent to the advancement of cyber technologies,</em></p> <p><em>such as information technology, embedded systems, high-speed connectivity, and</em></p> <p><em>real-time data processing, the physical processes of critical infrastructures are often</em></p> <p><em>monitored and controlled through cyber systems. Therefore, modern critical</em></p> <p><em>infrastructures are often viewed as cyber-physical systems (CPSs). Incorporating</em></p> <p><em>cyber elements into physical processes increases efficiency and control. However, it</em></p> <p><em>also increases the vulnerability of the systems to potential cybersecurity threats. In</em></p> <p><em>addition to cyber-level attacks, attacks on the cyber-physical interface, such as the</em></p> <p><em>corruption of sensing data to manipulate physical operations, can exploit</em></p> <p><em>vulnerabilities in CPSs. Research on data-driven security methods for such attacks,</em></p> <p><em>focusing on applications related to electrical power and wireless communication</em></p> <p><em>critical infrastructure CPSs, are presented in this dissertation. As security methods</em></p> <p><em>for electrical power systems, deep learning approaches were proposed to detect</em></p> <p><em>adversarial sensor signals targeting smart grids and more electric aircraft.</em></p> <p><em>Considering the security of wireless communication systems, deep learning solutions</em></p> <p><em>were proposed as an intelligent spectrum sensing approach and as a primary user</em></p> <p><em>emulation (PUE) attacks detection method on the wideband spectrum. The recent</em></p> <p><em>abundance of micro-UASs can enable the use of weaponized micro-UASs to conduct</em></p> <p><em>physical attacks on critical infrastructures. As a solution for this, the radio</em></p> <p><em>frequency (RF) signal-analyzing deep learning method developed for spectrum</em></p> <p><em>sensing was adopted to realize an intelligent radar system for micro-UAS detection.</em></p> <p><em>This intelligent radar can be used to provide protection against micro-UAS-based</em></p> <p><em>physical attacks on critical infrastructures.</em></p> System and network security Deep learning Deep Learning Cyber-physical system security Wireless Communication System Drone detection radar Power system cybersecurity
32	ASSESSING COMMON CONTROL DEFICIENCIES IN CMMC NON-COMPLIANT DOD CONTRACTORS Vijayaraghavan Sundararajan (12980984) 05 July 2022 (has links) <p> As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model has been developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. These partners or contractors are obligated by the Defense Federal Acquisition Regulations (DFARS) to be compliant with the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC), and it is built upon existing DFARS 252.204-7012 and the NIST SP 800-171 controls. As of 2020, the DoD has incorporated DFARS and the National Institute of Standards and Technology (NIST) recommended security practices into what is now the CMMC. This thesis examines the most commonly identified security control deficiencies faced, the attacks mitigated by addressing these deficiencies, and suggested remediations, to 127 DoD contractors in order to bring them into compliance with the CMMC guidelines. By working with a compliance service provider, an analysis is done on how companies are undergoing and implementing important changes in their processes, to protect crucial information from ever-growing and looming cyber threats. </p> Data security and protection Hardware security Software and application security System and network security Information security management Security Control Deficiency Mitigation CMMC NIST SP 800-171 Assessment Control Family Cybersecurity Remediation Cyber-attacks Vulnerabilities
33	thesis.pdf Jianliang Wu (15926933) 30 May 2023 (has links) <p>Bluetooth is the de facto standard for short-range wireless communications. Besides Bluetooth Classic (BC), Bluetooth also consists of Bluetooth Low Energy (BLE) and Bluetooth Mesh (Mesh), two relatively new protocols, paving the way for its domination in the era of IoT and 5G. Meanwhile, attacks against Bluetooth, such as BlueBorne, BleedingBit, KNOB, BIAS, and BThack, have been booming in the past few years, impacting the security and privacy of billions of devices. These attacks exploit both design issues in the Bluetooth specification and vulnerabilities of its implementations, allowing for privilege escalation, remote code execution, breaking cryptography, spoofing, device tracking, etc.</p> <p><br></p> <p>To secure Bluetooth, researchers have proposed different approaches for both Bluetooth specification (e.g., formal analysis) and implementation (e.g., fuzzing). However, existing analyses of the Bluetooth specification and implementations are either done manually, or the automatic approaches only cover a small part of the targets. As a consequence, current research is far from complete in securing Bluetooth.</p> <p><br></p> <p>Therefore, in this dissertation, we propose the following research to provide missing pieces in prior research toward completing Bluetooth security research in terms of both Bluetooth specification and implementations. (i) For Bluetooth security at the specification level, we start from one protocol in Bluetooth, BLE, and focus on the previously unexplored reconnection procedure of two paired BLE devices. We conduct a formal analysis of this procedure defined in the BLE specification to provide security guarantees and identify new vulnerabilities that allow spoofing attacks. (ii) Besides BLE, we then formally verify other security-critical protocols in all Bluetooth protocols (BC, BLE, and Mesh). We provide a comprehensive formal analysis by covering the aspects that prior research fails to include (i.e., all possible combinations of protocols and protocol configurations) and considering a more realistic attacker model (i.e., semi-compromised device). With this model, we are able to rediscover five known vulnerabilities and reveal two new issues that affect BC/BLE dual-stack devices and Mesh devices, respectively. (iii) In addition to the formal analysis of specification security, we propose and build a comprehensive formal model to analyze Bluetooth privacy (i.e., device untraceability) at the specification level. In this model, we convert device untraceability into a reachability problem so that it can be verified using existing tools without introducing false results. We discover four new issues allowed in the specification that can lead to eight device tracking attacks. We also evaluate these attacks on 13 Bluetooth implementations and find that all of them are affected by at least two issues. (iv) At the implementation level, we improve Bluetooth security by debloating (i.e., removing code) Bluetooth stack implementations, which differs from prior automatic approaches, such as fuzzing. We keep only the code of needed functionality by a user and minimize their Bluetooth attack surface by removing unneeded Bluetooth features in both the host stack code and the firmware. Through debloating, we can remove 20 known CVEs and prevent a wide range of attacks again Bluetooth. With the research presented in this thesis, we improve Bluetooth security and privacy at both the specification and implementation levels.</p> System and network security Mobile computing Bluetooth low-energy Security & privacy factors Bluetooth Classic Bluetooth Mesh Man-in-the-middle (MITM) attacks Device tracking Formal Analysis Program Analysis Debloating Spoofing attacks Reflection attacks
34	Effects of Behavioral Decision-Making in Game-theoretic Frameworks for Security Resource Allocation in Networked Systems Mustafa Abdallah (13150149) 26 July 2022 (has links) <p>Facing increasingly sophisticated attacks from external adversaries, interdependent systems owners have to judiciously allocate their (often limited) security budget in order to reduce their cyber risks. However, when modeling human decision-making, behavioral economics has shown that humans consistently deviate from classical models of decision-making. Most notably, prospect theory, for which Kahneman won the 2002 Nobel memorial prize in economics, argues that humans perceive gains, losses and probabilities in a skewed manner. While there is a rich literature on prospect theory in economics and psychology, most of the existing work studying the security of interdependent systems does not take into account the aforementioned biases.</p> <p><br></p> <p>In this thesis, we propose novel mathematical behavioral security game models for the study of human decision-making in interdependent systems modeled by directed attack graphs. We show that behavioral biases lead to suboptimal resource allocation patterns. We also analyze the outcomes of protecting multiple isolated assets with heterogeneous valuations via decision- and game-theoretic frameworks, including simultaneous and sequential games. We show that behavioral defenders over-invest in higher-valued assets compared to rational defenders. We then propose different learning-based techniques and adapt two different tax-based mechanisms for guiding behavioral decision-makers towards optimal security investment decisions. In particular, we show the outcomes of such learning and mechanisms on four realistic interdependent systems. In total, our research establishes rigorous frameworks to analyze the security of both large-scale interdependent systems and heterogeneous isolated assets managed by human decision makers, and provides new and important insights into security vulnerabilities that arise in such settings. </p> System and network security Complex systems game theory approach behavioral decision-making security Analysis Attack Graphs resource allocation. prospect theory application Objectives
35	Data-Driven Computing and Networking Solution for Securing Cyber-Physical Systems Yifu Wu (18498519) 03 May 2024 (has links) <p dir="ltr">In recent years, a surge in data-driven computation has significantly impacted security analysis in cyber-physical systems (CPSs), especially in decentralized environments. This transformation can be attributed to the remarkable computational power offered by high-performance computers (HPCs), coupled with advancements in distributed computing techniques and sophisticated learning algorithms like deep learning and reinforcement learning. Within this context, wireless communication systems and decentralized computing systems emerge as highly suitable environments for leveraging data-driven computation in security analysis. Our research endeavors have focused on exploring the vast potential of various deep learning algorithms within the CPS domains. We have not only delved into the intricacies of existing algorithms but also designed novel approaches tailored to the specific requirements of CPSs. A pivotal aspect of our work was the development of a comprehensive decentralized computing platform prototype, which served as the foundation for simulating complex networking scenarios typical of CPS environments. Within this framework, we harnessed deep learning techniques such as restricted Boltzmann machine (RBM) and deep convolutional neural network (DCNN) to address critical security concerns such as the detection of Quality of Service (QoS) degradation and Denial of Service (DoS) attacks in smart grids. Our experimental results showcased the superior performance of deep learning-based approaches compared to traditional pattern-based methods. Additionally, we devised a decentralized computing system that encompassed a novel decentralized learning algorithm, blockchain-based learning automation, distributed storage for data and models, and cryptography mechanisms to bolster the security and privacy of both data and models. Notably, our prototype demonstrated excellent efficacy, achieving a fine balance between model inference performance and confidentiality. Furthermore, we delved into the integration of domain knowledge from CPSs into our deep learning models. This integration shed light on the vulnerability of these models to dedicated adversarial attacks. Through these multifaceted endeavors, we aim to fortify the security posture of CPSs while unlocking the full potential of data-driven computation in safeguarding critical infrastructures.</p> System and network security Networking and communications Cyber-physical system security Deep Learning Network attack False Data detection Adversarial Attack Power System decentralized computation
36	Software Supply Chain Security: Attacks, Defenses, and the Adoption of Signatures Taylor R Schorlemmer (14674685) 27 April 2024 (has links) <p dir="ltr">Modern software relies heavily on third-party dependencies (often distributed via public package registries), making software supply chain attacks a growing threat. Prior work investigated attacks and defenses, but only taxonomized attacks or proposed defensive techniques, did not consistently define software supply chain attacks, and did not provide properties to assess the security of software supply chains. We do not have a unified definition of software supply chain attacks nor a set of properties that a secure software supply chain should follow.</p><p dir="ltr">Guaranteeing authorship in a software supply chain is also a challenge. Package maintainers can guarantee package authorship through software signing. However, it is unclear how common this practice is or if existing signatures are created properly. Prior work provided raw data on registry signing practices, but only measured single platforms, did not consider quality, did not consider time, and did not assess factors that may influence signing. We do not have up-to-date measurements of signing practices nor do we know the quality of existing signatures. Furthermore, we lack a comprehensive understanding of factors that influence signing adoption.</p><p dir="ltr">This thesis addresses these gaps. First, we systematize existing knowledge into: (1) a four-stage supply chain attack pattern; and (2) a set of properties for secure supply chains (transparency, validity, and separation). Next, we measure current signing quantity and quality across three kinds of package registries: traditional software (Maven Central, PyPI), container images (Docker Hub), and machine learning models (Hugging Face). Then, we examine longitudinal trends in signing practices. Finally, we use a quasi-experiment to estimate the effect that various factors had on software signing practices.</p><p dir="ltr">To summarize the findings of our quasi-experiment: (1) mandating signature adoption improves the quantity of signatures; (2) providing dedicated tooling improves the quality of signing; (3) getting started is the hard part — once a maintainer begins to sign, they tend to continue doing so; and (4) although many supply chain attacks are mitigable via signing, signing adoption is primarily affected by registry policy rather than by public knowledge of attacks, new engineering standards, etc. These findings highlight the importance of software package registry managers and signing infrastructure.</p> System and network security Empirical software engineering software supply chain signing software signing digital signature cybersecurity software supply chain attack cryptography quasi experiment empirical software engineering provenance package registry software reuse
37	Towards Representation Learning for Robust Network Intrusion Detection Systems Ryan John Hosler (18369510) 03 June 2024 (has links) <p dir="ltr">This research involves numerous network intrusion techniques through novel applications of graph representation learning and image representation learning. The methods are tested on multiple publicly available network flow datasets.</p> System and network security Deep learning Neural networks Graph Representation Model image embedding Network intrusion detection framework Android malware analysis and detection autoencoder neural networks Wasserstein Generative Adversarial ... deep graph convolutional neural networks network flow modelling
38	Anomaly Detection in Hard Real-Time Embedded Systems Boakye Dankwa (19752255) 30 September 2024 (has links) <p dir="ltr">Lessons learned in protecting desktop computers, servers, and cloud systems from cyberattacks have not translated to embedded systems easily. Yet, embedded systems impact our lives in many ways and are subject to similar risks. In particular, real-time embedded systems are computer systems controlling critical physical processes in industrial controllers, avionics, engine control systems, etc. Attacks have been reported on real-time embedded systems, some with devastating outcomes on the physical processes. Detecting intrusions in real-time is a prerequisite to an effective response to ensure resilience to damaging attacks. In anomaly detection methods, researchers typically model expected program behavior and detect deviations. This approach has the advantage of detecting zero-day attacks compared to signature-based intrusion detection methods; however, existing anomaly detection approaches suffer high false-positive rates and incur significant performance overhead caused by code instrumentation, making them impractical for hard real-time embedded systems, which must meet strict temporal constraints.</p><p dir="ltr">This thesis presents a hardware-assisted anomaly detection approach that uses an automaton to model valid control-flow transfers in hard real-time systems without code instrumentation. The approach relies on existing hardware mechanisms to capture and export runtime control-flow data for runtime verification without the need for code instrumentation, thereby preserving the temporal properties of the target program. We implement a prototype of the mechanism on the Xilinx Zynq Ultrascale+ platform and empirically demonstrate precise detection of control-flow hijacking attacks with negligible (0.18%) performance overhead without false alarms using a real-time variant of the well-known RIPE benchmark we developed for this work. We further empirically demonstrate via schedulability analysis that protecting a real-time program with the proposed anomaly detection mechanism preserves the program’s temporal constraints.</p> Software and application security System and network security Anomaly Detection Intrusion Detection Control-Flow Integrity Embedded Systems Hard Real-Time Systems Hard Real-Time Schedulability Security Evaluation Tool Baremetal Embedded Systems Hardware Assisted ARM CoreSight
39	Design Techniques for Secure IoT Devices and Networks Malin Priyamal Prematilake (12201746) 25 July 2023 (has links) <p>The rapid expansion of consumer Internet-of-Things (IoT) technology across various application domains has made it one of the most sought-after and swiftly evolving technologies. IoT devices offer numerous benefits, such as enhanced security, convenience, and cost reduction. However, as these devices need access to sensitive aspects of human life to function effectively, their abuse can lead to significant financial, psychological, and physical harm. While previous studies have examined the vulnerabilities of IoT devices, insufficient research has delved into the impact and mitigation of threats to users' privacy and safety. This dissertation addresses the challenge of protecting user safety and privacy against threats posed by IoT device vulnerabilities. We first introduce a novel IWMD architecture, which serves as the last line of defense against unsafe operations of Implantable and Wearable Medical Devices (IWMDs). We demonstrate the architecture's effectiveness through a prototype artificial pancreas. Subsequent chapters emphasize the safety and privacy of smart home device users. First, we propose a unique device activity-based categorization and learning approach for network traffic analysis. Utilizing this technology, we present a new smart home security framework and a device type identification mechanism to enhance transparency and access control in smart home device communication. Lastly, we propose a novel traffic shaping technique that hinders adversaries from discerning user activities through traffic analysis. Experiments conducted on commercially available IoT devices confirm that our solutions effectively address these issues with minimal overhead.</p> Digital health System and network security Networking and communications Embedded Systems Security Implantable Medical Device internet of things sensors Internet of Things (loT) Internet of Things Healthcare Market Security Health device identification activity identification Security Framework Privacy Safety Network security. Computer engineering. Smart Home Privacy IMD security IMD IWMD IWMD Security
40	PROGRAM ANOMALY DETECTION FOR INTERNET OF THINGS Akash Agarwal (13114362) 01 September 2022 (has links) <p>Program anomaly detection — modeling normal program executions to detect deviations at runtime as cues for possible exploits — has become a popular approach for software security. To leverage high performance modeling and complete tracing, existing techniques however focus on subsets of applications, e.g., on system calls or calls to predefined libraries. Due to limited scope, it is insufficient to detect subtle control-oriented and data-oriented attacks that introduces new illegal call relationships at the application level. Also such techniques are hard to apply on devices that lack a clear separation between OS and the application layer. This dissertation advances the design and implementation of program anomaly detection techniques by providing application context for library and system calls making it powerful for detecting advanced attacks targeted at manipulating intra- and inter-procedural control-flow and decision variables. </p> <p><br></p> <p>This dissertation has two main parts. The first part describes a statically initialized generic calling context program anomaly detection technique LANCET based on Hidden Markov Modeling to provide security against control-oriented attacks at program runtime. It also establishes an efficient execution tracing mechanism facilitated through source code instrumentation of applications. The second part describes a program anomaly detection framework EDISON to provide security against data-oriented attacks using graph representation learning and language models for intra and inter-procedural behavioral modeling respectively.</p> <p><br> This dissertation makes three high-level contributions. First, the concise descriptions demonstrates the design, implementation and extensive evaluation of an aggregation-based anomaly detection technique using fine-grained generic calling context-sensitive modeling that allows for scaling the detection over entire applications. Second, the precise descriptions show the design, implementation, and extensive evaluation of a detection technique that maps runtime traces to the program’s control-flow graph and leverages graphical feature representation to learn dynamic program behavior. Finally, this dissertation provides details and experience for designing program anomaly detection frameworks from high-level concepts, design, to low-level implementation techniques.</p> Software and application security System and network security Deep learning Neural networks Semi- and unsupervised learning Application Security Software security Anomaly detection (Computer security) Software instrumentation Cyber-physical systems (CPS) Deep Learning Applications IoT Security data-oriented attacks control-oriented attacks Memory Corruption Hidden Markov model, HMM

Search results