Matching Items (7)
Filtering by

Clear all filters

171434-Thumbnail Image.png

Extracting Semantic Information from Online Conversations to Enhance Cyber Defense

Description
Recent advances in techniques allow the extraction of Cyber Threat Information (CTI) from online content, such as social media, blog articles, and posts in discussion forums. Most research work focuses on social media and blog posts since their content is often contributed by cybersecurity experts and is usually of cleaner

Recent advances in techniques allow the extraction of Cyber Threat Information (CTI) from online content, such as social media, blog articles, and posts in discussion forums. Most research work focuses on social media and blog posts since their content is often contributed by cybersecurity experts and is usually of cleaner formats. While posts in online forums are noisier and less structured, online forums attract more users than other sources and contain much valuable information that may help predict cyber threats. Therefore, effectively extracting CTI from online forum posts is an important task in today's data-driven cybersecurity defenses. Many Natural Language Processing (NLP) techniques are applied to the cybersecurity domains to extract the useful information, however, there is still space to improve. In this dissertation, a new Named Entity Recognition framework for cybersecurity domains and thread structure construction methods for unstructured forums are proposed to support the extraction of CTI. Then, extend them to filter the posts in the forums to eliminate non cybersecurity related topics with Cyber Attack Relevance Scale (CARS), extract the cybersecurity knowledgeable users to enhance more information for enhancing cybersecurity, and extract trending topic phrases related to cyber attacks in the hackers forums to find the clues for potential future attacks to predict them.
ContributorsKashihara, Kazuaki (Author) / Baral, Chitta (Thesis advisor) / Doupe, Adam (Committee member) / Blanco, Eduardo (Committee member) / Wang, Ruoyu (Committee member) / Arizona State University (Publisher)
Created2022
190728-Thumbnail Image.png

Modeling State to Improve Defensive Cyberattack Strategies

Description
Human civilization within the last two decades has largely transformed into an online one, with many of its associated activities taking place on computers and complex networked systems -- their analog and real-world equivalents having been rendered obsolete.These activities run the gamut from the ordinary and mundane, like ordering food,

Human civilization within the last two decades has largely transformed into an online one, with many of its associated activities taking place on computers and complex networked systems -- their analog and real-world equivalents having been rendered obsolete.These activities run the gamut from the ordinary and mundane, like ordering food, to complex and large-scale, such as those involving critical infrastructure or global trade and communications. Unfortunately, the activities of human civilization also involve criminal, adversarial, and malicious ones with the result that they also now have their digital equivalents. Ransomware, malware, and targeted cyberattacks are a fact of life today and are instigated not only by organized criminal gangs, but adversarial nation-states and organizations as well. Needless to say, such actions result in disastrous and harmful real-world consequences. As the complexity and variety of software has evolved, so too has the ingenuity of attacks that exploit them; for example modern cyberattacks typically involve sequential exploitation of multiple software vulnerabilities.Compared to a decade ago, modern software stacks on personal computers, laptops, servers, mobile phones, and even Internet of Things (IoT) devices involve a dizzying array of interdependent programs and software libraries, with each of these components presenting attractive attack-surfaces for adversarial actors. However, the responses to this still rely on paradigms that can neither react quickly enough nor scale to increasingly dynamic, ever-changing, and complex software environments. Better approaches are therefore needed, that can assess system readiness and vulnerabilities, identify potential attack vectors and strategies (including ways to counter them), and proactively detect vulnerabilities in complex software before they can be exploited. In this dissertation, I first present a mathematical model and associated algorithms to identify attacker strategies for sequential cyberattacks based on attacker state, attributes and publicly-available vulnerability information.Second, I extend the model and design algorithms to help identify defensive courses of action against attacker strategies. Finally, I present my work to enhance the ability of coverage-based fuzzers to identify software vulnerabilities by providing visibility into complex, internal program-states.
ContributorsPaliath, Vivin Suresh (Author) / Doupe, Adam (Thesis advisor) / Shoshitaishvili, Yan (Thesis advisor) / Wang, Ruoyu (Committee member) / Shakarian, Paulo (Committee member) / Arizona State University (Publisher)
Created2023
193476-Thumbnail Image.png

Not This Exit: Analyzing the Impact of VPN Exit IPs on Network Alchemy

Description
Virtual Private Networks (VPNs) are used in a wide range of applications, rangingfrom commercial applications like accessing resources remotely to security and pri- vacy for targeted users like journalists, Non-governmental organizations (NGOs), etc. However, VPNs were not inherently designed with security in mind. The interaction between the kernel processes and the connection tracking

Virtual Private Networks (VPNs) are used in a wide range of applications, rangingfrom commercial applications like accessing resources remotely to security and pri- vacy for targeted users like journalists, Non-governmental organizations (NGOs), etc. However, VPNs were not inherently designed with security in mind. The interaction between the kernel processes and the connection tracking framework is uncoordi- nated. This leaves VPNs vulnerable to certain attacks due to their implementation. This work explores the extent to which these attacks are possible on certain imple- mentations of VPN servers which have a separate exit IP and entry IP on the VPN server. Further, this work also formally models the VPN connection tracking behavior between servers and clients. The formal models enables a deeper analysis to identify exactly at what point of the VPN process the vulnerabilities are introduced and if the instances of VPN which have separate entry and exit IPs are still vulnerable to the same attacks. Through simulations done in a virtual lab environment and testing on formal models, it is observed that having a separate exit and entry IP leaves may affect the practicality of certain attacks.
ContributorsAyyagari, Tarun (Author) / Crandall, Jedidiah (Thesis advisor) / Wang, Ruoyu (Committee member) / Gary, Kevin (Committee member) / Arizona State University (Publisher)
Created2024
187772-Thumbnail Image.png

Attacking Computer Security from the Perspective of Educators, Users, and Analysts

Description
As computers and the Internet have become integral to daily life, the potential gains from exploiting these resources have increased significantly. The global landscape is now rife with highly skilled wrongdoers seeking to steal from and disrupt society. In order to safeguard society and its infrastructure, a comprehensive approach to

As computers and the Internet have become integral to daily life, the potential gains from exploiting these resources have increased significantly. The global landscape is now rife with highly skilled wrongdoers seeking to steal from and disrupt society. In order to safeguard society and its infrastructure, a comprehensive approach to research is essential. This work aims to enhance security from three unique viewpoints by expanding the resources available to educators, users, and analysts. For educators, a capture the flag as-a-service was developed to support cybersecurity education. This service minimizes the skill and time needed to establish the infrastructure for hands-on hacking experiences for cybersecurity students. For users, a tool called CloakX was created to improve online anonymity. CloakX prevents the identification of browser extensions by employing both static and dynamic rewriting techniques, thwarting contemporary methods of detecting installed extensions and thus protecting user identity. Lastly, for cybersecurity analysts, a tool named Witcher was developed to automate the process of crawling and exercising web applications while identifying web injection vulnerabilities. Overall, these contributions serve to strengthen security education, bolster privacy protection for users, and facilitate vulnerability discovery for cybersecurity analysts.
ContributorsTrickel, Erik (Author) / Doupe, Adam (Thesis advisor) / Shoshitaishvili, Yan (Thesis advisor) / Bao, Tiffany (Committee member) / Wang, Ruoyu (Committee member) / Arizona State University (Publisher)
Created2023
156331-Thumbnail Image.png

Graph Search as a Feature in Imperative/Procedural Programming Languages

Description
Graph theory is a critical component of computer science and software engineering, with algorithms concerning graph traversal and comprehension powering much of the largest problems in both industry and research. Engineers and researchers often have an accurate view of their target graph, however they struggle to implement a correct, and

Graph theory is a critical component of computer science and software engineering, with algorithms concerning graph traversal and comprehension powering much of the largest problems in both industry and research. Engineers and researchers often have an accurate view of their target graph, however they struggle to implement a correct, and efficient, search over that graph.

To facilitate rapid, correct, efficient, and intuitive development of graph based solutions we propose a new programming language construct - the search statement. Given a supra-root node, a procedure which determines the children of a given parent node, and optional definitions of the fail-fast acceptance or rejection of a solution, the search statement can conduct a search over any graph or network. Structurally, this statement is modelled after the common switch statement and is put into a largely imperative/procedural context to allow for immediate and intuitive development by most programmers. The Go programming language has been used as a foundation and proof-of-concept of the search statement. A Go compiler is provided which implements this construct.
ContributorsHenderson, Christopher (Author) / Bansal, Ajay (Thesis advisor) / Lindquist, Timothy (Committee member) / Acuna, Ruben (Committee member) / Arizona State University (Publisher)
Created2018
158251-Thumbnail Image.png

Everything You Ever Wanted to Know About Bitcoin Mixers (But Were Afraid to Ask)

Description
The lack of fungibility in Bitcoin has forced its userbase to seek out tools that can heighten their anonymity. Third-party Bitcoin mixers utilize obfuscation techniques to protect participants from blockchain analysis. In recent years, various centralized and decentralized Bitcoin mixing implementations have been proposed in academic literature. Although these methods

The lack of fungibility in Bitcoin has forced its userbase to seek out tools that can heighten their anonymity. Third-party Bitcoin mixers utilize obfuscation techniques to protect participants from blockchain analysis. In recent years, various centralized and decentralized Bitcoin mixing implementations have been proposed in academic literature. Although these methods depict a threat-free environment for users to preserve their anonymity, public Bitcoin mixers continue to be associated with theft and poor implementation.

This research explores the public Bitcoin mixer ecosystem to identify if today's mixing services have adopted academically proposed solutions. This is done through real-world interactions with publicly available mixers to analyze both implementation and resistance to common threats in the mixing landscape. First, proposed decentralized and centralized mixing protocols found in literature are outlined. Then, data is presented from 19 publicly announced mixing services available on the deep web and clearnet. The services are categorized based on popularity with the Bitcoin community and experiments are conducted on five public mixing services: ChipMixer, MixTum, Bitcoin Mixer, CryptoMixer, and Sudoku Wallet.

The results of the experiments highlight a clear gap between public and proposed Bitcoin mixers in both implementation and security. Today's mixing services focus on presenting users with a false sense of control to gain their trust rather then employing secure mixing techniques. As a result, the five selected services lack implementation of academically proposed techniques and display poor resistance to common mixer-related threats.
ContributorsPakki, Jaswant (Author) / Doupe, Adam (Thesis advisor) / Shoshitaishvili, Yan (Committee member) / Wang, Ruoyu (Committee member) / Arizona State University (Publisher)
Created2020
161544-Thumbnail Image.png

Assessing the Impact of a Source Level Optimization Utility for Embedded Systems

Description
Embedded software is different in many aspects to traditional software; as such, a software developer may face issues when attempting to transition from traditional to embedded software development. This thesis explores providing feedback and applying optimizations at the source code level of embedded software. The aim is to measure the

Embedded software is different in many aspects to traditional software; as such, a software developer may face issues when attempting to transition from traditional to embedded software development. This thesis explores providing feedback and applying optimizations at the source code level of embedded software. The aim is to measure the impact of these optimizations on teaching embedded software design principles, as well as assessing the relative success of each optimization in terms of a variety of metrics. There are many considerations when altering code and is a known limitation imposed by most software optimization schemes. By applying optimizations at the source level, the aim is to demonstrate what the optimizations do and how they provide value to the resulting software. In order to fulfill these goals, the Embedded C Source Optimizer has been developed, which is used to import and export code, select which optimizations are applied, and provide feedback to the end user. This utility abstracts away the lower level operations performed by each optimization, while conveying the resulting changes to the end user. Since embedded systems are generally quite limited compared to modern computers, someone transitioning from traditional software design to embedded software may find it challenging to understand how to overcome these limitations. Clearly conveying means to improve a naive implementation of an embedded program aids through demonstrating what changes need to be made to satisfy embedded design rules. The optimizations which the utility can apply range from simple replacement operations to more complex applications of implicit utilization of built-in hardware peripherals on supported microcontrollers. Each optimization comes with its own set of considerations, risks, and potential level of improvement to the resulting code. These optimization options are evaluated by comparing embedded software before and after each option is applied through a variety of metrics, allowing the relative success of each to be determined as effectively as possible. The end goal for this utility is to aid in crossing the hurdle from traditional software to embedded software in a comprehensive and educational manner, with the provided optimization options acting as an avenue for teaching embedded concepts.
ContributorsLisonbee, Tanner Boyd (Author) / Heinrichs, Robert (Thesis advisor) / Acuna, Ruben (Committee member) / Jordan, Shawn (Committee member) / Arizona State University (Publisher)
Created2021