Matching Items (18)
Filtering by

Clear all filters

133172-Thumbnail Image.png
Description
This thesis explores cybersecurity as a profession and whether it belongs in academia. It also explores exactly how it should be implemented into universities. Whether in a bachelor's program or master's program, cybersecurity degree or cybersecurity concentration, engineering school or business school, cybersecurity has a place in higher education that

This thesis explores cybersecurity as a profession and whether it belongs in academia. It also explores exactly how it should be implemented into universities. Whether in a bachelor's program or master's program, cybersecurity degree or cybersecurity concentration, engineering school or business school, cybersecurity has a place in higher education that plays an integral role in helping fix the issue of a lack of cybersecurity professionals. At Arizona State University, a cybersecurity concentration currently exists in the engineering school at both the bachelor's and master's level as well as the business school at the bachelor level. The one location it is missing from is the master's level of the business school. The goal of this report is to suggest a change to the specific curriculum in the Information Systems Department at the W.P. Carey School of Business. This thesis compares the curriculum of the Master of Science in Information Management (MSIM) program at Arizona State to eight other programs around the country that either offer a cybersecurity concentration option, offer cybersecurity degrees, or have highly ranked MSIM programs. A new curriculum is recommended that includes greater flexibility for students in customizing their education to specific career fields within information systems, offers multiple certificate options including cybersecurity, and better matches what the other highly ranked programs are offering to students. This curriculum is not only better for students attending or seeking Arizona State University but better for the University itself. It offers a more well-rounded scope of topics than the current program does while maintaining the identity and strengths of the current program.
ContributorsWelcome, Anthony (Author) / Sopha, Matthew (Thesis director) / Mazzola, Daniel (Committee member) / Department of Information Systems (Contributor) / Barrett, The Honors College (Contributor)
Created2018-12
135242-Thumbnail Image.png
Description
Penetration testing is regarded as the gold-standard for understanding how well an organization can withstand sophisticated cyber-attacks. However, the recent prevalence of markets specializing in zero-day exploits on the darknet make exploits widely available to potential attackers. The cost associated with these sophisticated kits generally precludes penetration testers from simply

Penetration testing is regarded as the gold-standard for understanding how well an organization can withstand sophisticated cyber-attacks. However, the recent prevalence of markets specializing in zero-day exploits on the darknet make exploits widely available to potential attackers. The cost associated with these sophisticated kits generally precludes penetration testers from simply obtaining such exploits – so an alternative approach is needed to understand what exploits an attacker will most likely purchase and how to defend against them. In this paper, we introduce a data-driven security game framework to model an attacker and provide policy recommendations to the defender. In addition to providing a formal framework and algorithms to develop strategies, we present experimental results from applying our framework, for various system configurations, on real-world exploit market data actively mined from the darknet.
ContributorsRobertson, John James (Author) / Shakarian, Paulo (Thesis director) / Doupe, Adam (Committee member) / Electrical Engineering Program (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-05
133698-Thumbnail Image.png
Description
In online social networks the identities of users are concealed, often by design. This anonymity makes it possible for a single person to have multiple accounts and to engage in malicious activity such as defrauding a service providers, leveraging social influence, or hiding activities that would otherwise be detected. There

In online social networks the identities of users are concealed, often by design. This anonymity makes it possible for a single person to have multiple accounts and to engage in malicious activity such as defrauding a service providers, leveraging social influence, or hiding activities that would otherwise be detected. There are various methods for detecting whether two online users in a network are the same people in reality and the simplest way to utilize this information is to simply merge their identities and treat the two users as a single user. However, this then raises the issue of how we deal with these composite identities. To solve this problem, we introduce a mathematical abstraction for representing users and their identities as partitions on a set. We then define a similarity function, SIM, between two partitions, a set of properties that SIM must have, and a threshold that SIM must exceed for two users to be considered the same person. The main theoretical result of our work is a proof that for any given partition and similarity threshold, there is only a single unique way to merge the identities of similar users such that no two identities are similar. We also present two algorithms, COLLAPSE and SIM_MERGE, that merge the identities of users to find this unique set of identities. We prove that both algorithms execute in polynomial time and we also perform an experiment on dark web social network data from over 6000 users that demonstrates the runtime of SIM_MERGE.
ContributorsPolican, Andrew Dominic (Author) / Shakarian, Paulo (Thesis director) / Sen, Arunabha (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2018-05
134946-Thumbnail Image.png
Description
This thesis project focused on malicious hacking community activities accessible through the I2P protocol. We visited 315 distinct I2P sites to identify those with malicious hacking content. We also wrote software to scrape and parse data from relevant I2P sites. The data was integrated into the CySIS databases for further

This thesis project focused on malicious hacking community activities accessible through the I2P protocol. We visited 315 distinct I2P sites to identify those with malicious hacking content. We also wrote software to scrape and parse data from relevant I2P sites. The data was integrated into the CySIS databases for further analysis to contribute to the larger CySIS Lab Darkweb Cyber Threat Intelligence Mining research. We found that the I2P cryptonet was slow and had only a small amount of malicious hacking community activity. However, we also found evidence of a growing perception that Tor anonymity could be compromised. This work will contribute to understanding the malicious hacker community as some Tor users, seeking assured anonymity, transition to I2P.
ContributorsHutchins, James Keith (Author) / Shakarian, Paulo (Thesis director) / Ahn, Gail-Joon (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12
Description

Machine learning has a near infinite number of applications, of which the potential has yet to have been fully harnessed and realized. This thesis will outline two departments that machine learning can be utilized in, and demonstrate the execution of one methodology in each department. The first department that will

Machine learning has a near infinite number of applications, of which the potential has yet to have been fully harnessed and realized. This thesis will outline two departments that machine learning can be utilized in, and demonstrate the execution of one methodology in each department. The first department that will be described is self-play in video games, where a neural model will be researched and described that will teach a computer to complete a level of Super Mario World (1990) on its own. The neural model in question was inspired by the academic paper “Evolving Neural Networks through Augmenting Topologies”, which was written by Kenneth O. Stanley and Risto Miikkulainen of University of Texas at Austin. The model that will actually be described is from YouTuber SethBling of the California Institute of Technology. The second department that will be described is cybersecurity, where an algorithm is described from the academic paper “Process Based Volatile Memory Forensics for Ransomware Detection”, written by Asad Arfeen, Muhammad Asim Khan, Obad Zafar, and Usama Ahsan. This algorithm utilizes Python and the Volatility framework to detect malicious software in an infected system.

ContributorsBallecer, Joshua (Author) / Yang, Yezhou (Thesis director) / Luo, Yiran (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2023-05
Description

During October 2022, I contributed to the annual Cybersecurity Awareness Month (CSAM) program at Arizona State University (ASU). 4 cybersecurity domains were explored during the month: phishing, password hygiene, physical security, and social media security. The scope of my work involved designing and developing activities related to phishing and social

During October 2022, I contributed to the annual Cybersecurity Awareness Month (CSAM) program at Arizona State University (ASU). 4 cybersecurity domains were explored during the month: phishing, password hygiene, physical security, and social media security. The scope of my work involved designing and developing activities related to phishing and social media security. The deliverables included 8 emails for the ‘Spot the Phish’ activity, an educational flier on phishing indicators, discussion questions for The Tinder Swindler documentary, and a password security question guessing game. I also collected feedback from students and faculty who participated in ‘Spot the Phish’ and the security question game. Participants answered questions about the difficulty of the activities and how their cybersecurity knowledge improved. The security question game didn’t have much participation, so there wasn’t much information to gather from the feedback. The ‘Spot the Phish’ activity had over 50 feedback submissions. That data suggested that the ‘Spot the Phish’ activity improved participants’ confidence in identifying phishing emails. After reviewing the feedback and my own anecdotal experience conducting the activities, I looked into research regarding tools for cybersecurity education. Based on that research, I designed new activities to better inform students and faculty about phishing and social media security for 2023 CSAM.

ContributorsVenkatesh, Ramana (Author) / Meuth, Ryan (Thesis director) / Menees, Jodi (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2023-05
Description

Fuzzing is currently a thriving research area in the cybersecurity field. This work begins by introducing code that brings partial replayability capabilities to AFL++ in an attempt to solve the challenge of the highly random nature of fuzzing that comes from the large amount of random mutations on input seeds.

Fuzzing is currently a thriving research area in the cybersecurity field. This work begins by introducing code that brings partial replayability capabilities to AFL++ in an attempt to solve the challenge of the highly random nature of fuzzing that comes from the large amount of random mutations on input seeds. The code addresses two of the three sources of nondeterminism described in this work. Furthermore, this work introduces Fuzzing Debugger (FDB), a highly configurable framework to facilitate the debugging of fuzzing by interfacing with GDB. Three debugging modes are described which attempt to tackle two use cases of FDB: (1) pinpointing nondeterminism in fuzz runs, therefore paving the way for replayable fuzz runs and (2) systematically finding preferable stopping points seed analysis.

ContributorsLiu, Denis (Author) / Bao, Tiffany (Thesis director) / Shoshitaishvili, Yan (Committee member) / Barrett, The Honors College (Contributor) / School of Mathematical and Statistical Sciences (Contributor) / Computer Science and Engineering Program (Contributor)
Created2023-05
Description

When one pursues a Bachelor's degree they are generally under the impression that the degree they are after will provide them with the necessary skills and knowledge to enter their career at entry-level. This is not the case for all students in every degree program. Many times Bachelor's degree holders

When one pursues a Bachelor's degree they are generally under the impression that the degree they are after will provide them with the necessary skills and knowledge to enter their career at entry-level. This is not the case for all students in every degree program. Many times Bachelor's degree holders find it difficult to enter the field. The goal of this paper is to identify gaps or discrepancies between Arizona State University's (ASU’s) Applied Computing (ACO) - Cybersecurity program's learning objectives and industry requirements for entry-level positions in the cybersecurity industry. The data used in this textual analysis were gathered from several popular employment websites and ACO course syllabi. Using this relatively small data pool several gaps were identified between the cybersecurity industry; the private and public sectors job listing requirements; and ASU's ACO course objectives. By analyzing the gaps found in the data, I have been able to provide many suggestions for ASU and some for the cybersecurity industry to implement to better prepare ACO students for entry-level cybersecurity industry positions.

ContributorsRodriquez, Maria (Author) / Nadesan, Majia (Thesis director) / Jones, Kim (Committee member) / Barrett, The Honors College (Contributor) / School of Mathematical and Natural Sciences (Contributor)
Created2022-12
131421-Thumbnail Image.png
Description
This policy proposal paper is designed to address concerns about the protection of data
concerning citizens of the United States. The first step is to explore the need for federal
legislation because of the problems of cyberattacks, data loss and leakage, and big data. The
proposal then analyses how other countries had already

This policy proposal paper is designed to address concerns about the protection of data
concerning citizens of the United States. The first step is to explore the need for federal
legislation because of the problems of cyberattacks, data loss and leakage, and big data. The
proposal then analyses how other countries had already addressed these concerns for their
citizens through legislation by looking at their regulation and the results of implementation. The
paper adjacently discusses the importance of American values of privacy as a fundamental right,
the free market, and protection from the private sector within a cybersecurity paradigm. From
this combined research, the paper yields a proposal of how the U.S. government should address
the situation through federal policy. The policy outlines cybersecurity measures to protect
information from cyberattacks and data loss and leakage, rights of American citizens that
organizations need to uphold, and the creation of a commission that provides resources and
education to domestic and foreign organizations.
ContributorsBrockman, Emily M. (Author) / Hollinger, Keith (Thesis director) / Walsh, Tatiana (Committee member) / Martin, Thomas (Committee member) / College of Integrative Sciences and Arts (Contributor) / Information Technology (Contributor) / Barrett, The Honors College (Contributor)
Created2020-05
165085-Thumbnail Image.png
Description
Wardriving is when prospective malicious hackers drive with a portable computer to sniff out and map potentially vulnerable networks. With the advent of smart homes and other Internet of Things devices, this poses the possibility of more unsecure targets. The hardware available to the public has also miniaturized and gotten

Wardriving is when prospective malicious hackers drive with a portable computer to sniff out and map potentially vulnerable networks. With the advent of smart homes and other Internet of Things devices, this poses the possibility of more unsecure targets. The hardware available to the public has also miniaturized and gotten more powerful. One no longer needs to carry a complete laptop to carry out network mapping. With this miniaturization and greater popularity of quadcopter technology, the two can be combined to create a more efficient wardriving setup in a potentially more target-rich environment. Thus, we set out to create a prototype as a proof of concept of this combination. By creating a bracket for a Raspberry Pi to be mounted to a drone with other wireless sniffing equipment, we demonstrate that one can use various off the shelf components to create a powerful network detection device. In this write up, we also outline some of the challenges encountered by combining these two technologies, as well as the solutions to those challenges. Adding payload weight to drones that are not initially designed for it causes detrimental effects to various characteristics such as flight behavior and power consumption. Less computing power is available due to the miniaturization that must take place for a drone-mounted solution. Communication between the miniature computer and a ground control computer is also essential in overall system operation. Below, we highlight solutions to these various problems as well as improvements that can be implemented for maximum system effectiveness.
ContributorsHer, Zachary (Author) / Walker, Elizabeth (Co-author) / Gupta, Sandeep (Thesis director) / Wang, Ruoyu (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2022-05