ASU Electronic Theses and Dissertations
This collection includes most of the ASU Theses and Dissertations from 2011 to present. ASU Theses and Dissertations are available in downloadable PDF format; however, a small percentage of items are under embargo. Information about the dissertations/theses includes degree information, committee members, an abstract, supporting data or media.
In addition to the electronic theses found in the ASU Digital Repository, ASU Theses and Dissertations can be found in the ASU Library Catalog.
Dissertations and Theses granted by Arizona State University are archived and made available through a joint effort of the ASU Graduate College and the ASU Libraries. For more information or questions about this collection contact or visit the Digital Repository ETD Library Guide or contact the ASU Graduate College at gradformat@asu.edu.
Displaying 121 - 130 of 134
Filtering by
- Creators: Ahn, Gail-Joon
- Creators: Shen, Wei
Description
Emerging trends in cyber system security breaches in critical cloud infrastructures show that attackers have abundant resources (human and computing power), expertise and support of large organizations and possible foreign governments. In order to greatly improve the protection of critical cloud infrastructures, incorporation of human behavior is needed to predict potential security breaches in critical cloud infrastructures. To achieve such prediction, it is envisioned to develop a probabilistic modeling approach with the capability of accurately capturing system-wide causal relationship among the observed operational behaviors in the critical cloud infrastructure and accurately capturing probabilistic human (users’) behaviors on subsystems as the subsystems are directly interacting with humans. In our conceptual approach, the system-wide causal relationship can be captured by the Bayesian network, and the probabilistic human behavior in the subsystems can be captured by the Markov Decision Processes. The interactions between the dynamically changing state graphs of Markov Decision Processes and the dynamic causal relationships in Bayesian network are key components in such probabilistic modelling applications. In this thesis, two techniques are presented for supporting the above vision to prediction of potential security breaches in critical cloud infrastructures. The first technique is for evaluation of the conformance of the Bayesian network with the multiple MDPs. The second technique is to evaluate the dynamically changing Bayesian network structure for conformance with the rules of the Bayesian network using a graph checker algorithm. A case study and its simulation are presented to show how the two techniques support the specific parts in our conceptual approach to predicting system-wide security breaches in critical cloud infrastructures.
ContributorsNagaraja, Vinjith (Author) / Yau, Stephen S. (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Davulcu, Hasan (Committee member) / Arizona State University (Publisher)
Created2015
Description
Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of cyber defense. Human teamwork in cyber defense analysis has been overlooked even though it has been identified as an important predictor of cyber defense performance. Also, to detect advanced forms of threats effective information sharing and collaboration between the cyber defense analysts becomes imperative. Therefore, through this dissertation work, I took a cognitive engineering approach to investigate and improve cyber defense teamwork. The approach involved investigating a plausible team-level bias called the information pooling bias in cyber defense analyst teams conducting the detection task that is part of forensics analysis through human-in-the-loop experimentation. The approach also involved developing agent-based models based on the experimental results to explore the cognitive underpinnings of this bias in human analysts. A prototype collaborative visualization tool was developed by considering the plausible cognitive limitations contributing to the bias to investigate whether a cognitive engineering-driven visualization tool can help mitigate the bias in comparison to off-the-shelf tools. It was found that participant teams conducting the collaborative detection tasks as part of forensics analysis, experience the information pooling bias affecting their performance. Results indicate that cognitive friendly visualizations can help mitigate the effect of this bias in cyber defense analysts. Agent-based modeling produced insights on internal cognitive processes that might be contributing to this bias which could be leveraged in building future visualizations. This work has multiple implications including the development of new knowledge about the science of cyber defense teamwork, a demonstration of the advantage of developing tools using a cognitive engineering approach, a demonstration of the advantage of using a hybrid cognitive engineering methodology to study teams in general and finally, a demonstration of the effect of effective teamwork on cyber defense performance.
ContributorsRajivan, Prashanth (Author) / Cooke, Nancy J. (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Janssen, Marcus (Committee member) / Arizona State University (Publisher)
Created2014
Description
Mobile Augmented Reality (MAR) is a portable, powerful, and suitable technology that integrates 3D virtual content into the physical world in real-time. It has been implemented for multiple intents as it enhances people’s interaction, e.g., shopping, entertainment, gaming, etc. Thus, MAR is expected to grow at a tremendous rate in the upcoming years, as its popularity via mobile devices has increased. But, unfortunately, the applications that implement MAR, hereby referred to as MAR-Apps, bear security issues. Such are imaged in worldwide recorded incidents caused by MAR-Apps, e.g., robberies, authorities requesting banning MAR at specific locations, etc. To further explore these concerns, a case study analyzed several MAR-Apps available in the market to identify the security problems in MAR. As a result of this study, the threats found were classified into three categories. First, Space Invasion implies the intrusive modification through MAR of sensitive spaces, e.g., hospitals, memorials, etc. Then, Space Affectation means the degradation of users’ experience via interaction with undesirable MAR or malicious entities. Finally, MAR-Apps mishandling sensitive data leads to Privacy Leaks. SpaceMediator, a proof-of-concept MAR-App that imitates the well-known and successful MAR-App Pokémon GO, implements the solution approach of a Policy-Governed MAR-App, which assists in preventing the aforementioned mentioned security issues. Furthermore, its feasibility is evaluated through a user study with 40 participants. As a result, uncovering understandability over the security issues as participants recognized and prevented them with success rates as high as 92.50%. Furthermore, there is an enriched interest in Policy-Governed MAR-Apps as 87.50% of participants agreed with restricted MAR-Apps within sensitive spaces, and 82.50% would implement constraints in MAR-Apps. These promising results encourage adopting the Policy-Governed solution approach in future MAR-Apps.
ContributorsClaramunt, Luis Manuel (Author) / Ahn, Gail-Joon (Thesis advisor) / Rubio-Medrano, Carlos E (Committee member) / Baek, Jaejong (Committee member) / Arizona State University (Publisher)
Created2022
Description
Despite extensive research by the security community, cyberattacks such as phishing and Internet of Things (IoT) attacks remain profitable to criminals and continue to cause substantial damage not only to the victim users that they target, but also the organizations they impersonate. In recent years, phishing websites have taken the place of malware websites as the most prevalent web-based threat. Even though technical countermeasures effectively mitigate web-based malware, phishing websites continue to grow in sophistication and successfully slip past modern defenses. Phishing attack and its countermeasure have entered into a new era, where one side has upgraded their weapon, attempting to conquer the other. In addition, the amount and usage of IoT devices increases rapidly because of the development and deployment of 5G network. Although researchers have proposed secure execution environment, attacks targeting those devices can often succeed. Therefore, the security community desperately needs detection and prevention methodologies to fight against phishing and IoT attacks. In this dissertation, I design a framework, named CrawlPhish, to understand the prevalence and nature of such sophistications, including cloaking, in phishing attacks, which evade detections from the anti-phishing ecosystem by distinguishing the traffic between a crawler and a real Internet user and hence maximize the return-on-investment from phishing attacks. CrawlPhish also detects and categorizes client-side cloaking techniques in phishing with scalability and automation. Furthermore, I focus on the analysis redirection abuse in advanced phishing websites and hence propose mitigations to classify malicious redirection use via machine learning algorithms. Based on the observations from previous work, from the perspective of prevention, I design a novel anti-phishing system called Spartacus that can be deployed from the user end to completely neutralize phishing attacks.
Lastly, inspired by Spartacus, I propose iCore, which proactively monitors the operations in the trusted execution environment to identify any maliciousness.
ContributorsZhang, Penghui (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Oest, Adam (Committee member) / Kapravelos, Alexandros (Committee member) / Arizona State University (Publisher)
Created2022
Description
Studies on underground forums can significantly advance the understanding of cybercrime workflow and underground economies. However, research on underground forums has concentrated on public information with little attention paid to users’ private interactions. Since detailed information will be discussed privately, the failure to investigate private interactions may miss critical intelligence and even misunderstand the entire underground economy. Furthermore, underground forums have evolved into criminal freelance markets where criminals trade illicit products and cybercrime services, allowing unsophisticated people to launch sophisticated cyber attacks. However, current research rarely examines and explores how criminals interact with each other, which makes researchers miss the opportunities to detect new cybercrime patterns proactively. Moreover, in clearnet, criminals are active in exploiting human vulnerabilities to conduct various attacks, and the phishing attack is one of the most prevalent types of cybercrime. Phishing awareness training has been proven to decrease the rate of clicking phishing emails. However, the rate of reporting phishing attacks is unexpectedly low based on recent studies, leaving phishing websites with hours of additional active time before being detected. In this dissertation, I first present an analysis of private interactions in underground forums and introduce machine learning-based approaches to detect hidden connections between users. Secondly, I analyze how criminals collaborate with each other in an emerging scam service in underground forums that exploits the return policies of merchants to get a refund or a replacement without returning the purchased products. Finally, I conduct a comprehensive evaluation of the phishing reporting ecosystem to identify the critical challenges while reporting phishing attacks to enable people to fight against phishers proactively.
ContributorsSun, Zhibo (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Bao, Tiffany (Committee member) / Benjamin, Victor (Committee member) / Arizona State University (Publisher)
Created2022
Description
In this study I investigate the organizational mechanisms (pathways) through which strategic investors can help a firm improve performance. Many commercial banks in China have recently invited foreign banks as strategic investors since China’s entry into the World Trade Organization (WTO), hoping to gain managerial and technological knowhow from the foreign banks. Using Shanghai Pudong Development Bank as a representative example, I conduct an in-depth qualitative analysis about how the joining of Citi Bank as a strategic investor has helped the local Chinese bank improve its financial performance. On the basis of a comprehensive review of the relevant literature, I first develop a theoretical model that describes the organizational mechanisms (pathways) through which foreign strategic investors can influence the local bank’s performance. Specifically, by participation in corporate governance, the foreign strategic investor can have a positive influence over the local bank’s strategy development, operational targets, incentive systems, and organizational culture, which consequently lead to improvements in the local banks operations and financial performance. I then use a case study method to substantiate the logic and the pathways of the model with the detailed information collected from the Shanghai Pudong Development Bank and Citi Bank strategic alliance. The results are consistent with the model’s descriptive validity.
ContributorsLiu, Xinyi (Author) / Pei, Ker-Wei (Thesis advisor) / Chen, Hong (Committee member) / Shen, Wei (Committee member) / Arizona State University (Publisher)
Created2015
Description
This study investigates the performance effects of cross-industry mergers and acquisitions (M&A) using a sample of firms listed in China’s Growth Entrepreses Market (GEM). Compared to firms listed in the Shanghai and Shenzhen Stock Exchanges, firms listed in the GEM are much smaller and tend to derive the majority of their revenues from a single industry. I first analyze the motives for firms listed in the GEM to engage in M&As and propose a set of factors that may influence their likelihood of M&A activities. Using data on 55 cross-industry M&As between January 1, 2012 and December 31, 2016, I find that investor generally responded positively in short-term, as indicated by the positive accumulated abonormal returns over the first five trading days following the announcements. Meanwhile, I found no evidence that investors benefited from cross-industry M&As in long-term over three years after the event. Further analysis suggests that the short-term effects of cross-industry M&As by GEM listed firms were influenced by the target firm’s market valuation, whether the M&A was paid by cash, the amount of the payment, and the degree of difference between the acquiring firm’s and the target firm’s industries. These findings have important implications for the investors and senior executives of firms listed in the GEM.
ContributorsZhou, Wei (Author) / Shen, Wei (Thesis advisor) / Yu, Xiaoyun (Thesis advisor) / Jiang, Zhan (Committee member) / Arizona State University (Publisher)
Created2018
Description
This thesis aims to investigate the impacts of foreign banks’ management model on their degree of localization and operating efficiency. I decompose their management model into five major factors, including two formative factors and three reflective factors. The two formative factors are (1) strategic orientation and (2) target customers, and the three reflective factors are (1) top management team composition, (2) organizational structure, and (3) managerial authority and incentives. I propose that the formative factors influence foreign banks’ degree of localization, as demonstrated by the reflective factors, which subsequently influence foreign banks’ operating efficiency in China.
To test the above proposition, I conduct the empirical analysis in three steps. In the first step, I investigate foreign banks’ management model by surveying 13 major foreign banks locally incorporated in Mainland China. The results suggest that these 13 foreign banks can be categorized into three distinct groups based on their management model: intergrators, customer-followers, and parent-followers. The results also indicate that intergrators have the highest level of localization while parent-followers have the lowest level of localization.
In the second step, I conduct DEA (Data Envelope Analysis) and CAMEL (Capital Adequacy, Asset Quality, Management, Earnings, Liquidity Analysis) to assess the operating efficiency of these 13 foreign banks. The assessment is conducted in two ways: 1) the inter-group comparison between foreign banks and local Chinese banks; 2) the intra-group comparison between the three distinct groups of foreign banks identified in the first step. The results indicates that the principal factor driving the operating efficiency of both local Chinese banks and foreign banks is the comprehensive technical efficiency, which includes both the quality of management and the quality of technical elements. I also find the uptrend of technical efficiency of the integrators is more stable than that of the other two groups of foreign banks.
Finally, I integrate the results from step one and step two to assess the relevance between foreign banks’ localization level and operating efficiency. I find that foreign banks that score higher in localization tend to have a higher level of operating efficiency. Although this finding is not conclusive about the causal relationship between localization and operating efficiency, it nevertheless suggests that the management model of the higher performing integrators can serve as references for the other foreign banks attempting to enhance their localization and operating efficiency. I also discuss the future trends of development in the banking industry in China and what foreign banks can learn from local Chinese banks to improve their market positions.
To test the above proposition, I conduct the empirical analysis in three steps. In the first step, I investigate foreign banks’ management model by surveying 13 major foreign banks locally incorporated in Mainland China. The results suggest that these 13 foreign banks can be categorized into three distinct groups based on their management model: intergrators, customer-followers, and parent-followers. The results also indicate that intergrators have the highest level of localization while parent-followers have the lowest level of localization.
In the second step, I conduct DEA (Data Envelope Analysis) and CAMEL (Capital Adequacy, Asset Quality, Management, Earnings, Liquidity Analysis) to assess the operating efficiency of these 13 foreign banks. The assessment is conducted in two ways: 1) the inter-group comparison between foreign banks and local Chinese banks; 2) the intra-group comparison between the three distinct groups of foreign banks identified in the first step. The results indicates that the principal factor driving the operating efficiency of both local Chinese banks and foreign banks is the comprehensive technical efficiency, which includes both the quality of management and the quality of technical elements. I also find the uptrend of technical efficiency of the integrators is more stable than that of the other two groups of foreign banks.
Finally, I integrate the results from step one and step two to assess the relevance between foreign banks’ localization level and operating efficiency. I find that foreign banks that score higher in localization tend to have a higher level of operating efficiency. Although this finding is not conclusive about the causal relationship between localization and operating efficiency, it nevertheless suggests that the management model of the higher performing integrators can serve as references for the other foreign banks attempting to enhance their localization and operating efficiency. I also discuss the future trends of development in the banking industry in China and what foreign banks can learn from local Chinese banks to improve their market positions.
ContributorsSun, Minjie (Author) / Shen, Wei (Thesis advisor) / Qian, Jun (Thesis advisor) / Pei, Ker-Wei (Committee member) / Arizona State University (Publisher)
Created2016
Description
This study investigates the impact of a specific organizational form – partnership – on employees’ awareness of risk control and job engagement in securities companies. Given that their organizational performance relies heavily on the performance of individual employees, it is critical for securities companies in China to adopt appropriate organizational forms so that they can better captalize on their employees’ human capital to cope with the increasingly intense market competition. Partnership, as one of the few organizational forms, has been widely adopted in industries that rely on the performance of individuals, such as law, auditing, consulting, and investment banking, around the world. In the context of China’s emerging economy, it has also been adopted as an incentive system by market leaders across several industries, including Alibaba in online shopping, Vanke in real estate, and Fosun in investments. In contrast, partnership has not been adopted or implemented by securities companies in China as most of them are still state-owned enterprises.
Based on my review of the corporate governance literature and qualitative analysis of partnership adoption in China, I propose that partnership can help better alighn the interests of employees with owners in securities companies as well. Specifically, the prospect of becoming a partner in the future can improve employees’ awareness of risk control and increase their job engagement. Taking advantage of partnership adoption at a Chinese securities company as a natural field experienment, I surveyed its employees about their awareness of risk contrl and job dedication before and after the adoption. The results from 505 matched surveys showed an increase in the average scores of both awareness of risk control and job dedication after the company adopted partnership as a new organizational form. Findings of this study have important implications for organizational and incentive design for securities companies in China.
Based on my review of the corporate governance literature and qualitative analysis of partnership adoption in China, I propose that partnership can help better alighn the interests of employees with owners in securities companies as well. Specifically, the prospect of becoming a partner in the future can improve employees’ awareness of risk control and increase their job engagement. Taking advantage of partnership adoption at a Chinese securities company as a natural field experienment, I surveyed its employees about their awareness of risk contrl and job dedication before and after the adoption. The results from 505 matched surveys showed an increase in the average scores of both awareness of risk control and job dedication after the company adopted partnership as a new organizational form. Findings of this study have important implications for organizational and incentive design for securities companies in China.
ContributorsSha, Changming (Author) / Shen, Wei (Thesis advisor) / Li, Feng (Thesis advisor) / Gu, Bin (Committee member) / Arizona State University (Publisher)
Created2018
Description
China's city commercial banks were reorganized by the urban credit cooperatives in the same city in the 1990s. Although they are allowed to open branches outside the registered city, the location and the number of their branches have been strictly restricted. It is fatal to them to increase the competitiveness of their branches. Based on the diversity theory and its mechanism, in this study I examined the impact of source diversity of the senior management in the branches of the city commercial bank on the branches’ productivity and their asset yield. Invoking the resource-based theory and the social capital framework, the source diversity lead to the organization resources diversity and the organization knowledge diversity. The results demonstrate that the source diversity contribute to the branches’ competitiveness advantage. Both internal trained personnel and external introduction personnel are important for the branches’ top management team. But one of the two kinds of personnel is more suitable to their middle management team.
ContributorsZhang, Xiande (Author) / Gu, Bin (Thesis advisor) / Wang, Tan (Thesis advisor) / Shen, Wei (Committee member) / Arizona State University (Publisher)
Created2017