Matching Items (196)
Description
As automation research into penetration testing has developed, several methods have been proposed as suitable control mechanisms for use in pentesting frameworks. These include Markov Decision Processes (MDPs), partially observable Markov Decision Processes (POMDPs), and POMDPs utilizing reinforcement learning. Since much work has been done automating other aspects of the pentesting process using exploit frameworks and scanning tools, this is the next focal point in this field. This paper shows a fully-integrated solution comprised of a POMDP-based planning algorithm, the Nessus scanning utility, and MITRE's CALDERA pentesting platform. These are linked in order to create an autonomous AI attack platform with scanning, planning, and attack capabilities.
ContributorsDejarnett, Eric Andrew (Author) / Huang, Dijiang (Thesis director) / Chowdhary, Ankur (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2020-05
Description
Vulnerability testing/evaluation is a regular task for cyber-security groups. Conducting tasks like this can take up a great amount of time and may not be perfect. Automating these tasks helps speed up the rate at which experts can test systems. However, script based or static programs that run automatically often do not have the versatility required to properly replace human analysis. With the advances in Artificial Intelligence and Machine Learning, a utility can be developed that would allow for the creation of penetration testing plans rather than manually testing vulnerabilities. A variety of existing cyber-security programs and utilities provide an API layer that commonly interacts with the Python environment. With the commonality of AI/ML tools within the Python ecosystem, a plugin like interface can be developed to feed any AI/ML program real world data and receive a response/report in return. Using Python 2.7+, Python 3.6+, pymdptoolbox, and POMDPy, a program was developed that ingests real-world data from scanning tools and returned a suggested course of action to be used by analysts in order to perform a practical validation of the algorithms in a real world setting. This program was able to successfully navigate a test network and produce results that were expected to be found on the target machines without needing human analysis of the network. Using POMDP based systems for more cyber-security type tasks may be a valuable use case for future developments and help ease the burden faced in a rapid paced world.
ContributorsBelanger, Connor Lawrence (Author) / Huang, Dijiang (Thesis director) / Chowdhary, Ankur (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2020-05
Description
This qualitative research utilized Skydive Arizona as a model to create a virtual duplicate site online in Second Life. Using both spaces, events and Happenings were conducted experimenting with art, social and philanthropic engagement simultaneously online and in the physical space. The researcher entered the study with questions concerning Web 5.0, the three-dimensional internet, and beyond, and emerged with interesting ideas concerning Virtual Tethering, Breaking the Fifth Wall, art Happenings, and virtual philanthropic events utilizing this technique. The intention was to educate the participants, musicians, virtual and physical exhibit attendees alike, on the idea of blending realities. This study is an example set forth of people inhabiting physical and virtual space at once without closing off to physical or virtual social engagement, instigating new ideas and possibilities in social augmented activities.
It was discovered that many struggle with the comprehension of connections between the virtual space and reality, once immersed in either the physical or virtual event. Few interacted in both spaces simultaneously, but once enlightened to the Happenings, most were excited about these possibilities indicating that seeds have been planted in the participants.
It was discovered that many struggle with the comprehension of connections between the virtual space and reality, once immersed in either the physical or virtual event. Few interacted in both spaces simultaneously, but once enlightened to the Happenings, most were excited about these possibilities indicating that seeds have been planted in the participants.
ContributorsMontreuil, Jennifer L (Author) / Stokrocki, Mary (Thesis director) / Magenta, Murial (Committee member) / School of Art (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2019-12
Description
Fraud is defined as the utilization of deception for illegal gain by hiding the true nature of the activity. While organizations lose around $3.7 trillion in revenue due to financial crimes and fraud worldwide, they can affect all levels of society significantly. In this dissertation, I focus on credit card fraud in online transactions. Every online transaction comes with a fraud risk and it is the merchant's liability to detect and stop fraudulent transactions. Merchants utilize various mechanisms to prevent and manage fraud such as automated fraud detection systems and manual transaction reviews by expert fraud analysts. Many proposed solutions mostly focus on fraud detection accuracy and ignore financial considerations. Also, the highly effective manual review process is overlooked. First, I propose Profit Optimizing Neural Risk Manager (PONRM), a selective classifier that (a) constitutes optimal collaboration between machine learning models and human expertise under industrial constraints, (b) is cost and profit sensitive. I suggest directions on how to characterize fraudulent behavior and assess the risk of a transaction. I show that my framework outperforms cost-sensitive and cost-insensitive baselines on three real-world merchant datasets. While PONRM is able to work with many supervised learners and obtain convincing results, utilizing probability outputs directly from the trained model itself can pose problems, especially in deep learning as softmax output is not a true uncertainty measure. This phenomenon, and the wide and rapid adoption of deep learning by practitioners brought unintended consequences in many situations such as in the infamous case of Google Photos' racist image recognition algorithm; thus, necessitated the utilization of the quantified uncertainty for each prediction. There have been recent efforts towards quantifying uncertainty in conventional deep learning methods (e.g., dropout as Bayesian approximation); however, their optimal use in decision making is often overlooked and understudied. Thus, I present a mixed-integer programming framework for selective classification called MIPSC, that investigates and combines model uncertainty and predictive mean to identify optimal classification and rejection regions. I also extend this framework to cost-sensitive settings (MIPCSC) and focus on the critical real-world problem, online fraud management and show that my approach outperforms industry standard methods significantly for online fraud management in real-world settings.
ContributorsYildirim, Mehmet Yigit (Author) / Davulcu, Hasan (Thesis advisor) / Bakkaloglu, Bertan (Committee member) / Huang, Dijiang (Committee member) / Hsiao, Ihan (Committee member) / Arizona State University (Publisher)
Created2019
Description
Realizing the applications of Internet of Things (IoT) with the goal of achieving a more efficient and automated world requires billions of connected smart devices and the minimization of hardware cost in these devices. As a result, many IoT devices do not have sufficient resources to support various protocols required in many IoT applications. Because of this, new protocols have been introduced to support the integration of these devices. One of these protocols is the increasingly popular routing protocol for low-power and lossy networks (RPL). However, this protocol is well known to attract blackhole and sinkhole attacks and cause serious difficulties when using more computationally intensive techniques to protect against these attacks, such as intrusion detection systems and rank authentication schemes. In this paper, an effective approach is presented to protect RPL networks against blackhole attacks. The approach does not address sinkhole attacks because they cause low damage and are often used along blackhole attacks and can be detected when blackhole attaches are detected. This approach uses the feature of multiple parents per node and a parent evaluation system enabling nodes to select more reliable routes. Simulations have been conducted, compared to existing approaches this approach would provide better protection against blackhole attacks with much lower overheads for small RPL networks.
ContributorsSanders, Kent (Author) / Yau, Stephen S (Thesis advisor) / Huang, Dijiang (Committee member) / Sen, Arunabha (Committee member) / Arizona State University (Publisher)
Created2021
Description本文对中国制药企业并购溢价影响因素进行了研究,提出了对制药企业并购非常重要的两个新的影响因素:可生产药品批文和在研新药批文。本文以2011年1月—2019年12月间我国制药行业上市公司并购事件为样本,对在研新药和可生产药品批文的价值从四个维度度量:是否有在研新药和可生产药品批文;在研新药数量及可生产药品批文数量;根据创新药和仿制药两个类别进行细分;标的企业所拥有的在研新药和可生产药品批文的市场价值。论文发现药品批文对企业并购溢价的影响不是很显著。进一步的,本文探究了药品批文对主并企业的对被并购公司的估值的影响。实证结果表明,我国制药企业在并购估值时确实会考虑到在研新药和可生产药品批文的价值。本文还发现对于可生产药品来说,相对创新药,被并购公司持有的仿制药批文影响更显著。而对于在研新药来说,主并企业更看重在研的创新药,在研仿制药对并购估值的影响不大。最后,本文选取了两个代表性案例进一步分析和探讨药品批文对企业并购的影响。
ContributorsYe, Tao (Author) / Shen, Wei (Thesis advisor) / Chang, Chun (Thesis advisor) / Jiang, Zhan (Committee member) / Gu, Bin (Committee member) / Arizona State University (Publisher)
Created2022
Description汽车行业属于国家支柱型产业,创造了高额的产值,增加了就业岗位。随着汽车生产行业竞争日趋激烈的趋势影响,汽车经销商在未来会出现明显的分化,并且逐步向头部集中。基于这样的行业背景,本项研究开展汽车经销商整体经营和盈利能力等方面的详细深入分析,即系统整合汽车经销商业务运营层面和财务层面数据,结合统计研究方法,对经销商盈利能力进行系统且详实归因分析,从而试别驱动盈利能力的关键业务要素。其研究成果能够完善对行业发展规律和经营模式系统性理解,从而进一步指导该领域的相关业务实践,提高经销商整体经营业绩。本课题通过四个阶段来开展经销商整体经营与盈利归因的相关研究。首先,本课题梳理了中国汽车消费行业发展的历史,同时阐述样本期内(2018-2020年)国内宏观经济和汽车消费市场的特征进行,并介绍X品牌汽车经销商的地理分布、资质和业绩评级体系、自身经营特征以及汽车生产商对经销商扶持政策等方面。在第二阶段,本课题聚焦研究假设、模型与方法,通过对X品牌汽车经销商的业务结构和运营管理开展分析,并逐步识别影响经销商盈利的关键指标变量,并提出研究假设和相关模型(即时间序列模型和面板回归模型)。在第三阶段,本课题首先开展经销商相关信息整体性统计分析,获得关键业务指标在样本期内动态特征,并结合时间序列回归模型探讨各项业务指标对经销商整体盈利能力的影响程度。在第四阶段,本课题采用(个体)固定效应的面板回归模型来研究不同组别(控制)条件下经销商盈利能力的影响因素以及其盈利能力对这些因素的敏感程度,从而更深入和全面地揭示影响经销商盈利能力的潜在因素。
基于上述四阶段的研究结果,本研究进一步就提升经销商盈利能力展开讨论,并提出相应对策。本课题相关结论仅从X品牌汽车经销商经营和财务数据进行定性和定量分析获得,但衷心希望本研究的成果能够对汽车经销商改善经营业务方面能起到实践上的借鉴和指导意义。
ContributorsPan, Guangxiong (Author) / Shen, Wei (Thesis advisor) / Wu, Fei (Thesis advisor) / Zhu, Qigui (Committee member) / Arizona State University (Publisher)
Created2022
Description
School safety is a wicked problem due to shifting needs and available information, the diverse actors affected and involved, fluctuating budgetary demands and ramifications, and relations to broader social and political issues. School safety challenges encompass a range of factors, including threats of violence and fears related to school shootings, the effects of the COVID-19 pandemic on student mental health and well-being, and research and rhetoric on punitive discipline practices and the school-to-prison nexus, especially regarding the use of School Resource Officers (SROs). Following the murder of George Floyd by police in the Summer of 2020 and the subsequent civil unrest, several school districts across the United States began to reconsider the use of police on campuses, with some choosing not to renew contracts with police departments for SROs. In most cases, school district leaders (e.g., governing boards or superintendency) unilaterally made this decision without authentic school community input or participation in inclusive processes and shared decision-making opportunities. Phoenix Union High School District (PXU), a diverse, urban high school-only district that serves 25,000 students, was one of those districts that did not renew its contract with the local police department for SROs. Instead, PXU undertook efforts to reimagine school safety through two parallel participatory processes: School Participatory Budgeting (PB) and a Safety Committee. Drawing from the literature on school safety, participatory governance, and student voice, I explore school safety's historical and current landscape, specifically the use of SROs and punitive discipline measures, alongside methods of participatory governance within K-12 educational institutions and the benefits, challenges, and implications of student voice in shared decision-making processes. I then chronicle the two processes implemented in PXU using the Empowered Deliberative Democracy (EDD) conceptual framework and a case study methodology. I analyze and discuss the tensions and the transformative potential of participatory processes that include student and school community voices in finding solutions to difficult challenges. In conclusion, I summarize the case study and raise recommendations for using participatory processes to address wicked problems in K-12 educational institutions.
ContributorsBartlett, Tara Lynn (Author) / Schugurensky, Daniel, 1958- (Thesis advisor) / Fischman, Gustavo (Committee member) / Pivovarova, Margarita (Committee member) / Arizona State University (Publisher)
Created2023
Description
This qualitative study examined how the scientific journal PLOS ONE assembled its editorial board, which is made up of more than 10,000 academic editors based in 131 countries. The study investigated how the board’s geographic diversity is enacted by the human and nonhuman actors of the assemblage. PLOS ONE is an open-access (OA) mega-journal launched in 2006 by the nonprofit organization Public Library of Science (PLOS). It publishes over 16,000 papers yearly, covering more than 200 scientific subjects of science and medicine. I drew on Actor-Network Theory (ANT), which proposes that processes, ideas, organizations, or objects are continuously generated within a network of relationships between human and nonhuman actors. I used the case study methodology and employed two qualitative research methods. First, I conducted semi-structured interviews with 26 academic editors from different fields, including biology and life sciences, chemistry, medicine and health sciences, physics, and social sciences. These editors are affiliated with research institutions across 14 countries. Additionally, I interviewed PLOS leaders, staff members, and a representative from an external contractor. Second, I employed documentary analysis of organizational documents and online secondary data. Findings showed that the human and nonhuman actors of the PLOS ONE editorial board reproduce biases in science based on authors’ and editors’ geographic origin, the journal’s size and the low diversity of PLOS staff members. I also identified that APCs (Article Processing Charges) act as mediators that trigger betrayals among the actors, which has consequences on the stability of the assemblage, especially in terms of trust between the publisher and the scientific community. Finally, this study also identified that publishing an OA mega-journal has contradictions and unexpected effects on the publishing landscape due to its large scale.
ContributorsLujano Vilchis, Ivonne (Author) / Fischman, Gustavo (Thesis advisor) / Kim, Jeongeun (Committee member) / Hailu, Meseret (Committee member) / Dussel, Inés (Committee member) / Arizona State University (Publisher)
Created2023
Description
This dissertation research explores the complexity of transformations of academic lives and academic identities along the multiple, non-linear, conflicting, and paradoxical trajectories of the pre-Soviet, Soviet, and post-Soviet times and spaces. Academic literature on the post-Soviet transformations of higher education has usually focused on structural reforms and policy changes, as well as their compatibility with the European and Western higher education policy agenda. Guided by the theoretical insights from the decolonial and post-Socialist transformation studies, this dissertation research intends to decenter the education policies and reforms from being a focal point of analysis; instead, it spotlights the transformation of Georgian academics through their memories, lived experiences, and imaginations about the future. The study offers insights into personal and collective experiences of being and becoming an academic in the process of navigating the evolving historical, political, cultural, and institutional contexts at three public universities in Georgia. Drawing on the narrative-ethnographic methodology, this study explores the complicated scenes and nuances of Georgian academic space by portraying how academics construct, reconstruct, adjust, resist, negotiate, and reinvent their academic selves during the post-Soviet transformations. Diffractive analysis of the narratives and ethnographic observations illustrates multiple intra-actions of academic identities through various temporal and spatial reconfigurations, revealing that the Soviet past is not left behind, and the European future is not that certain. Instead, the liminal academic space is haunted by the (re)awakened pasts and (re)imagined futures, and their inseparability enacts various co-existing scenarios of defuturing and refuturing of academic identities.
ContributorsTsotniashvili, Keti (Author) / Silova, Iveta (Thesis advisor) / Hailu, Meseret (Committee member) / Oleksiyenko, Anatoly (Committee member) / Fischman, Gustavo (Committee member) / Arizona State University (Publisher)
Created2023