Matching Items (13)

133698-Thumbnail Image.png

An Algorithm for Merging Identities

Description

In online social networks the identities of users are concealed, often by design. This anonymity makes it possible for a single person to have multiple accounts and to engage in

In online social networks the identities of users are concealed, often by design. This anonymity makes it possible for a single person to have multiple accounts and to engage in malicious activity such as defrauding a service providers, leveraging social influence, or hiding activities that would otherwise be detected. There are various methods for detecting whether two online users in a network are the same people in reality and the simplest way to utilize this information is to simply merge their identities and treat the two users as a single user. However, this then raises the issue of how we deal with these composite identities. To solve this problem, we introduce a mathematical abstraction for representing users and their identities as partitions on a set. We then define a similarity function, SIM, between two partitions, a set of properties that SIM must have, and a threshold that SIM must exceed for two users to be considered the same person. The main theoretical result of our work is a proof that for any given partition and similarity threshold, there is only a single unique way to merge the identities of similar users such that no two identities are similar. We also present two algorithms, COLLAPSE and SIM_MERGE, that merge the identities of users to find this unique set of identities. We prove that both algorithms execute in polynomial time and we also perform an experiment on dark web social network data from over 6000 users that demonstrates the runtime of SIM_MERGE.

Contributors

Agent

Created

Date Created
  • 2018-05

135242-Thumbnail Image.png

Data Driven Game Theoretic Cyber Threat Mitigation

Description

Penetration testing is regarded as the gold-standard for understanding how well an organization can withstand sophisticated cyber-attacks. However, the recent prevalence of markets specializing in zero-day exploits on the darknet

Penetration testing is regarded as the gold-standard for understanding how well an organization can withstand sophisticated cyber-attacks. However, the recent prevalence of markets specializing in zero-day exploits on the darknet make exploits widely available to potential attackers. The cost associated with these sophisticated kits generally precludes penetration testers from simply obtaining such exploits – so an alternative approach is needed to understand what exploits an attacker will most likely purchase and how to defend against them. In this paper, we introduce a data-driven security game framework to model an attacker and provide policy recommendations to the defender. In addition to providing a formal framework and algorithms to develop strategies, we present experimental results from applying our framework, for various system configurations, on real-world exploit market data actively mined from the darknet.

Contributors

Agent

Created

Date Created
  • 2016-05

133172-Thumbnail Image.png

Information is Power and Currency in the Virtual World We Inhabit: The Presence of Cybersecurity in Master's Programs

Description

This thesis explores cybersecurity as a profession and whether it belongs in academia. It also explores exactly how it should be implemented into universities. Whether in a bachelor's program or

This thesis explores cybersecurity as a profession and whether it belongs in academia. It also explores exactly how it should be implemented into universities. Whether in a bachelor's program or master's program, cybersecurity degree or cybersecurity concentration, engineering school or business school, cybersecurity has a place in higher education that plays an integral role in helping fix the issue of a lack of cybersecurity professionals. At Arizona State University, a cybersecurity concentration currently exists in the engineering school at both the bachelor's and master's level as well as the business school at the bachelor level. The one location it is missing from is the master's level of the business school. The goal of this report is to suggest a change to the specific curriculum in the Information Systems Department at the W.P. Carey School of Business. This thesis compares the curriculum of the Master of Science in Information Management (MSIM) program at Arizona State to eight other programs around the country that either offer a cybersecurity concentration option, offer cybersecurity degrees, or have highly ranked MSIM programs. A new curriculum is recommended that includes greater flexibility for students in customizing their education to specific career fields within information systems, offers multiple certificate options including cybersecurity, and better matches what the other highly ranked programs are offering to students. This curriculum is not only better for students attending or seeking Arizona State University but better for the University itself. It offers a more well-rounded scope of topics than the current program does while maintaining the identity and strengths of the current program.

Contributors

Agent

Created

Date Created
  • 2018-12

131421-Thumbnail Image.png

US Federal Policy Proposal for the Protection of Citizens’ Data

Description

This policy proposal paper is designed to address concerns about the protection of data
concerning citizens of the United States. The first step is to explore the need for federal

This policy proposal paper is designed to address concerns about the protection of data
concerning citizens of the United States. The first step is to explore the need for federal
legislation because of the problems of cyberattacks, data loss and leakage, and big data. The
proposal then analyses how other countries had already addressed these concerns for their
citizens through legislation by looking at their regulation and the results of implementation. The
paper adjacently discusses the importance of American values of privacy as a fundamental right,
the free market, and protection from the private sector within a cybersecurity paradigm. From
this combined research, the paper yields a proposal of how the U.S. government should address
the situation through federal policy. The policy outlines cybersecurity measures to protect
information from cyberattacks and data loss and leakage, rights of American citizens that
organizations need to uphold, and the creation of a commission that provides resources and
education to domestic and foreign organizations.

Contributors

Agent

Created

Date Created
  • 2020-05

134946-Thumbnail Image.png

Darkweb Cyber Threat Intelligence Mining through the I2P Protocol

Description

This thesis project focused on malicious hacking community activities accessible through the I2P protocol. We visited 315 distinct I2P sites to identify those with malicious hacking content. We also wrote

This thesis project focused on malicious hacking community activities accessible through the I2P protocol. We visited 315 distinct I2P sites to identify those with malicious hacking content. We also wrote software to scrape and parse data from relevant I2P sites. The data was integrated into the CySIS databases for further analysis to contribute to the larger CySIS Lab Darkweb Cyber Threat Intelligence Mining research. We found that the I2P cryptonet was slow and had only a small amount of malicious hacking community activity. However, we also found evidence of a growing perception that Tor anonymity could be compromised. This work will contribute to understanding the malicious hacker community as some Tor users, seeking assured anonymity, transition to I2P.

Contributors

Agent

Created

Date Created
  • 2016-12

158434-Thumbnail Image.png

A Hacker-Centric Perspective to Empower Cyber Defense

Description

Malicious hackers utilize the World Wide Web to share knowledge. Previous work has demonstrated that information mined from online hacking communities can be used as precursors to cyber-attacks. In a

Malicious hackers utilize the World Wide Web to share knowledge. Previous work has demonstrated that information mined from online hacking communities can be used as precursors to cyber-attacks. In a threatening scenario, where security alert systems are facing high false positive rates, understanding the people behind cyber incidents can help reduce the risk of attacks. However, the rapidly evolving nature of those communities leads to limitations still largely unexplored, such as: who are the skilled and influential individuals forming those groups, how they self-organize along the lines of technical expertise, how ideas propagate within them, and which internal patterns can signal imminent cyber offensives? In this dissertation, I have studied four key parts of this complex problem set. Initially, I leverage content, social network, and seniority analysis to mine key-hackers on darkweb forums, identifying skilled and influential individuals who are likely to succeed in their cybercriminal goals. Next, as hackers often use Web platforms to advertise and recruit collaborators, I analyze how social influence contributes to user engagement online. On social media, two time constraints are proposed to extend standard influence measures, which increases their correlation with adoption probability and consequently improves hashtag adoption prediction. On darkweb forums, the prediction of where and when hackers will post a message in the near future is accomplished by analyzing their recurrent interactions with other hackers. After that, I demonstrate how vendors of malware and malicious exploits organically form hidden organizations on darkweb marketplaces, obtaining significant consistency across the vendors’ communities extracted using the similarity of their products in different networks. Finally, I predict imminent cyber-attacks correlating malicious hacking activity on darkweb forums with real-world cyber incidents, evidencing how social indicators are crucial for the performance of the proposed model. This research is a hybrid of social network analysis (SNA), machine learning (ML), evolutionary computation (EC), and temporal logic (TL), presenting expressive contributions to empower cyber defense.

Contributors

Agent

Created

Date Created
  • 2020

158251-Thumbnail Image.png

Everything You Ever Wanted to Know About Bitcoin Mixers (But Were Afraid to Ask)

Description

The lack of fungibility in Bitcoin has forced its userbase to seek out tools that can heighten their anonymity. Third-party Bitcoin mixers utilize obfuscation techniques to protect participants from blockchain

The lack of fungibility in Bitcoin has forced its userbase to seek out tools that can heighten their anonymity. Third-party Bitcoin mixers utilize obfuscation techniques to protect participants from blockchain analysis. In recent years, various centralized and decentralized Bitcoin mixing implementations have been proposed in academic literature. Although these methods depict a threat-free environment for users to preserve their anonymity, public Bitcoin mixers continue to be associated with theft and poor implementation.

This research explores the public Bitcoin mixer ecosystem to identify if today's mixing services have adopted academically proposed solutions. This is done through real-world interactions with publicly available mixers to analyze both implementation and resistance to common threats in the mixing landscape. First, proposed decentralized and centralized mixing protocols found in literature are outlined. Then, data is presented from 19 publicly announced mixing services available on the deep web and clearnet. The services are categorized based on popularity with the Bitcoin community and experiments are conducted on five public mixing services: ChipMixer, MixTum, Bitcoin Mixer, CryptoMixer, and Sudoku Wallet.

The results of the experiments highlight a clear gap between public and proposed Bitcoin mixers in both implementation and security. Today's mixing services focus on presenting users with a false sense of control to gain their trust rather then employing secure mixing techniques. As a result, the five selected services lack implementation of academically proposed techniques and display poor resistance to common mixer-related threats.

Contributors

Agent

Created

Date Created
  • 2020

155132-Thumbnail Image.png

Network defense and team cognition: a team-based cybersecurity simulation

Description

This research evaluates a cyber test-bed, DEXTAR (Defense Exercises for Team Awareness Research), and examines the relationship between good and bad team performance in increasingly difficult scenarios. Twenty-one computer science

This research evaluates a cyber test-bed, DEXTAR (Defense Exercises for Team Awareness Research), and examines the relationship between good and bad team performance in increasingly difficult scenarios. Twenty-one computer science graduate students (seven three-person teams), with experience in cybersecurity, participated in a team-based cyber defense exercise in the context of DEXTAR, a high fidelity cybersecurity testbed. Performance measures were analyzed in addition to team process, team behavior, and workload to examine the relationship between good and bad teams. Lessons learned are reported that will inform the next generation of DEXTAR.

Contributors

Agent

Created

Date Created
  • 2016

157857-Thumbnail Image.png

Proactive Identification of Cybersecurity Threats Using Online Sources

Description

Many existing applications of machine learning (ML) to cybersecurity are focused on detecting malicious activity already present in an enterprise. However, recent high-profile cyberattacks proved that certain threats could have

Many existing applications of machine learning (ML) to cybersecurity are focused on detecting malicious activity already present in an enterprise. However, recent high-profile cyberattacks proved that certain threats could have been avoided. The speed of contemporary attacks along with the high costs of remediation incentivizes avoidance over response. Yet, avoidance implies the ability to predict - a notoriously difficult task due to high rates of false positives, difficulty in finding data that is indicative of future events, and the unexplainable results from machine learning algorithms.

In this dissertation, these challenges are addressed by presenting three artificial intelligence (AI) approaches to support prioritizing defense measures. The first two approaches leverage ML on cyberthreat intelligence data to predict if exploits are going to be used in the wild. The first work focuses on what data feeds are generated after vulnerability disclosures. The developed ML models outperform the current industry-standard method with F1 score more than doubled. Then, an approach to derive features about who generated the said data feeds is developed. The addition of these features increase recall by over 19% while maintaining precision. Finally, frequent itemset mining is combined with a variant of a probabilistic temporal logic framework to predict when attacks are likely to occur. In this approach, rules correlating malicious activity in the hacking community platforms with real-world cyberattacks are mined. They are then used in a deductive reasoning approach to generate predictions. The developed approach predicted unseen real-world attacks with an average increase in the value of F1 score by over 45%, compared to a baseline approach.

Contributors

Agent

Created

Date Created
  • 2019

156681-Thumbnail Image.png

CacheLight: A Lightweight Approach for Preventing Malicious Use of Cache Locking Mechanisms

Description

With the rise of the Internet of Things, embedded systems have become an integral part of life and can be found almost anywhere. Their prevalence and increased interconnectivity has made

With the rise of the Internet of Things, embedded systems have become an integral part of life and can be found almost anywhere. Their prevalence and increased interconnectivity has made them a prime target for malicious attacks. Today, the vast majority of embedded devices are powered by ARM processors. To protect their processors from attacks, ARM introduced a hardware security extension known as TrustZone. It provides an isolated execution environment within the embedded device in which to deploy various memory integrity and malware detection tools.

Even though Secure World can monitor the Normal World, attackers can attempt to bypass the security measures to retain control of a compromised system. CacheKit is a new type of rootkit that exploits such a vulnerability in the ARM architecture to hide in Normal World cache from memory introspection tools running in Secure World by exploiting cache locking mechanisms. If left unchecked, ARM processors that provide hardware assisted cache locking for performance and time-critical applications in real-time and embedded systems would be completely vulnerable to this undetectable and untraceable attack. Therefore, a new approach is needed to ensure the correct use of such mechanisms and prevent malicious code from being hidden in the cache.

CacheLight is a lightweight approach that leverages the TrustZone and Virtualization extensions of the ARM architecture to allow the system to continue to securely provide these hardware facilities to users while preventing attackers from exploiting them. CacheLight restricts the ability to lock the cache to the Secure World of the processor such that the Normal World can still request certain memory to be locked into the cache by the secure operating system (OS) through a Secure Monitor Call (SMC). This grants the secure OS the power to verify and validate the information that will be locked in the requested cache way thereby ensuring that any data that remains in the cache will not be inconsistent with what exists in main memory for inspection. Malicious attempts to hide data can be prevented and recovered for analysis while legitimate requests can still generate valid entries in the cache.

Contributors

Agent

Created

Date Created
  • 2018