Matching Items (32)
Description
The current study examines the role that context plays in hackers' perceptions of the risks and payoffs characterizing a hacktivist attack. Hacktivism (i.e., hacking to convey a moral, ethical, or social justice message) is examined through a general game theoretic framework as a product of costs and benefits, as well as the contextual cues that may sway hackers' estimations of each. In two pilot studies, a bottom-up approach is utilized to identify the key motives underlying (1) past attacks affiliated with a major hacktivist group, Anonymous, and (2) popular slogans utilized by Anonymous in its communication with members, targets, and broader society. Three themes emerge from these analyses, namely: (1) the prevalence of first-person plural pronouns (i.e., we, our) in Anonymous slogans; (2) the prevalence of language inducing status or power; and (3) the importance of social injustice in triggering Anonymous activity. The present research therefore examines whether these three contextual factors activate participants' (1) sense of deindividuation, or the loss of an individual's personal self in the context of a group or collective; and (2) motive for self-serving power or society-serving social justice. Results suggest that participants' estimations of attack likelihood stemmed solely from expected payoffs, rather than their interplay with subjective risks. As expected, the use of we language led to a decrease in subjective risks, possibly due to primed effects of deindividuation. In line with game theory, the joint appearance of both power and justice motives resulted in (1) lower subjective risks, (2) higher payoffs, and (3) higher attack likelihood overall. Implications for policymakers and the understanding and prevention of hacktivism are discussed, as are the possible ramifications of deindividuation and power for the broader population of Internet users around the world.
ContributorsBodford, Jessica (Author) / Kwan, Virginia S. Y. (Thesis advisor) / Shakarian, Paulo (Committee member) / Adame, Bradley J. (Committee member) / Arizona State University (Publisher)
Created2015
Description
Beliefs about change reflect how we understand phenomena and what kind of predictions we make for the future. Cyclical beliefs about change state that events are in a constant flux, and change is inevitable. Linear beliefs about change state that events happen in a non-fluctuating pattern and change is not commonplace. Cultural differences in beliefs about change have been documented across various domains, but research has yet to investigate how these differences may affect health status predictions. The present study addresses this gap by inducing different beliefs about change in a European-American college sample. Health status predictions were measured in terms of predicted likelihood of exposure to the flu virus, of contraction of the flu, and of receiving a flu vaccine. Most differences were observed among those who have a recent history of suffering from the flu. Among them, cyclical thinkers tended to rate their likelihood for exposure and contraction to be higher than linear thinkers. However, linear thinkers indicated that they were more likely to receive a flu vaccine. The different patterns suggest the possibility that cyclical beliefs may activate concepts related to cautionary behaviors or pessimistic biases, while linear beliefs may activate concepts related to taking action and exercising control over the environment. Future studies should examine the interplay between beliefs about change and the nature of the predicted outcome.
ContributorsKim, Summer Hyo Yeon (Author) / Kwan, Virginia S. Y. (Thesis advisor) / Neuberg, Steven L. (Committee member) / Cohen, Adam B. (Committee member) / Arizona State University (Publisher)
Created2012
Description
The purpose of information source detection problem (or called rumor source detection) is to identify the source of information diffusion in networks based on available observations like the states of the nodes and the timestamps at which nodes adopted the information (or called infected). The solution of the problem can be used to answer a wide range of important questions in epidemiology, computer network security, etc. This dissertation studies the fundamental theory and the design of efficient and robust algorithms for the information source detection problem.
For tree networks, the maximum a posterior (MAP) estimator of the information source is derived under the independent cascades (IC) model with a complete snapshot and a Short-Fat Tree (SFT) algorithm is proposed for general networks based on the MAP estimator. Furthermore, the following possibility and impossibility results are established on the Erdos-Renyi (ER) random graph: $(i)$ when the infection duration $<\frac{2}{3}t_u,$ SFT identifies the source with probability one asymptotically, where $t_u=\left\lceil\frac{\log n}{\log \mu}\right\rceil+2$ and $\mu$ is the average node degree, $(ii)$ when the infection duration $>t_u,$ the probability of identifying the source approaches zero asymptotically under any algorithm; and $(iii)$ when infection duration $
In practice, other than the nodes' states, side information like partial timestamps may also be available. Such information provides important insights of the diffusion process. To utilize the partial timestamps, the information source detection problem is formulated as a ranking problem on graphs and two ranking algorithms, cost-based ranking (CR) and tree-based ranking (TR), are proposed. Extensive experimental evaluations of synthetic data of different diffusion models and real world data demonstrate the effectiveness and robustness of CR and TR compared with existing algorithms.
For tree networks, the maximum a posterior (MAP) estimator of the information source is derived under the independent cascades (IC) model with a complete snapshot and a Short-Fat Tree (SFT) algorithm is proposed for general networks based on the MAP estimator. Furthermore, the following possibility and impossibility results are established on the Erdos-Renyi (ER) random graph: $(i)$ when the infection duration $<\frac{2}{3}t_u,$ SFT identifies the source with probability one asymptotically, where $t_u=\left\lceil\frac{\log n}{\log \mu}\right\rceil+2$ and $\mu$ is the average node degree, $(ii)$ when the infection duration $>t_u,$ the probability of identifying the source approaches zero asymptotically under any algorithm; and $(iii)$ when infection duration $
In practice, other than the nodes' states, side information like partial timestamps may also be available. Such information provides important insights of the diffusion process. To utilize the partial timestamps, the information source detection problem is formulated as a ranking problem on graphs and two ranking algorithms, cost-based ranking (CR) and tree-based ranking (TR), are proposed. Extensive experimental evaluations of synthetic data of different diffusion models and real world data demonstrate the effectiveness and robustness of CR and TR compared with existing algorithms.
ContributorsZhu, Kai (Author) / Ying, Lei (Thesis advisor) / Lai, Ying-Cheng (Committee member) / Liu, Huan (Committee member) / Shakarian, Paulo (Committee member) / Arizona State University (Publisher)
Created2015
Description
Individuals differ in the extent to which they feel connected to their future selves, which predicts time preference (i.e., preference for immediate versus delayed utility), financial decision-making, delinquency, and academic performance. Future self-connectedness may also predict how individuals compare themselves with their past selves, future selves, and other people. Greater connectedness may lead to more self-affirming types of temporal self-comparison, less self-deflating types of temporal self-comparison, and less social comparison. Two studies examined the relation between future self-connectedness and comparison processes, as well as effects on emotion, psychological adjustment, and motivation. In the first study, as expected, future self-connectedness positively predicted self-affirming temporal self-comparison and negatively predicted self-deflating temporal self-comparison and social comparison. In addition, future self-connectedness had beneficial direct and indirect effects on adjustment, emotion regulation, and motivation. Unlike previous research, this study examined all three components of future self-connectedness, as opposed to only one. Exploratory analyses examined the items comprising the similarity-connectedness component and found that the relation of these items to the other variables in the model did not differ, though some of the relations in the model were moderated by college generation status. The second study tested whether increasing future self-connectedness would have similar effects on comparison, adjustment, emotion, and motivation. It implemented a pilot future self-connectedness manipulation, an established identity-stability manipulation, and a control condition. The pilot manipulation and identity-stability manipulation failed to affect future self-connectedness relative to control, and did not affect comparison, motivation, adjustment, or emotion. Future research should ascertain whether there is a causal link between connectedness and social comparison or temporal self-comparison processes. Overall, this research links future self-connectedness to social comparison and temporal self-comparison processes, as well as well-being, emotion, and motivation, which demonstrates the importance of connectedness in new, important areas.
ContributorsAdelman, Robert Mark (Author) / Kwan, Virginia S. Y. (Thesis advisor) / Grimm, Kevin (Committee member) / Aktipis, Athena (Committee member) / Neuberg, Steven (Committee member) / Arizona State University (Publisher)
Created2018
Description
Data breaches have been on a rise and financial sector is among the top targeted. It can take a few months and upto a few years to identify the occurrence of a data breach. A major motivation behind data breaches is financial gain, hence most of the data ends up being on sale on the darkweb websites. It is important to identify sale of such stolen information on a timely and relevant manner. In this research, we present a system for timely identification of sale of stolen data on darkweb websites. We frame identifying sale of stolen data as a multi-label classification problem and leverage several machine learning approaches based on the thread content (textual) and social network analysis of the user communication seen on darkweb websites. The system generates alerts about trends based on popularity amongst the users of such websites. We evaluate our system using the K-fold cross validation as well as manual evaluation of blind (unseen) data. The method of combining social network and textual features outperforms baseline method i.e only using textual features, by 15 to 20 % improved precision. The alerts provide a good insight and we illustrate our findings by cases studies of the results.
ContributorsDharaiya, Krishna Tushar (Author) / Shakarian, Paulo (Thesis advisor) / Doupe, Adam (Committee member) / Shoshitaishvili, Yan (Committee member) / Arizona State University (Publisher)
Created2018
Description
In this research, I try to solve multi-class multi-label classication problem, where
the goal is to automatically assign one or more labels(tags) to discussion topics seen
in deepweb. I observed natural hierarchy in our dataset, and I used dierent
techniques to ensure hierarchical integrity constraint on the predicted tag list. To
solve `class imbalance' and `scarcity of labeled data' problems, I developed semisupervised
model based on elastic search(ES) document relevance score. I evaluate
our models using standard K-fold cross-validation method. Ensuring hierarchical
integrity constraints improved F1 score by 11.9% over standard supervised learning,
while our ES based semi-supervised learning model out-performed other models in
terms of precision(78.4%) score while maintaining comparable recall(21%) score.
the goal is to automatically assign one or more labels(tags) to discussion topics seen
in deepweb. I observed natural hierarchy in our dataset, and I used dierent
techniques to ensure hierarchical integrity constraint on the predicted tag list. To
solve `class imbalance' and `scarcity of labeled data' problems, I developed semisupervised
model based on elastic search(ES) document relevance score. I evaluate
our models using standard K-fold cross-validation method. Ensuring hierarchical
integrity constraints improved F1 score by 11.9% over standard supervised learning,
while our ES based semi-supervised learning model out-performed other models in
terms of precision(78.4%) score while maintaining comparable recall(21%) score.
ContributorsPatil, Revanth (Author) / Shakarian, Paulo (Thesis advisor) / Doupe, Adam (Committee member) / Davulcu, Hasan (Committee member) / Arizona State University (Publisher)
Created2018
Description
Reasoning about the activities of cyber threat actors is critical to defend against cyber
attacks. However, this task is difficult for a variety of reasons. In simple terms, it is difficult
to determine who the attacker is, what the desired goals are of the attacker, and how they will
carry out their attacks. These three questions essentially entail understanding the attacker’s
use of deception, the capabilities available, and the intent of launching the attack. These
three issues are highly inter-related. If an adversary can hide their intent, they can better
deceive a defender. If an adversary’s capabilities are not well understood, then determining
what their goals are becomes difficult as the defender is uncertain if they have the necessary
tools to accomplish them. However, the understanding of these aspects are also mutually
supportive. If we have a clear picture of capabilities, intent can better be deciphered. If we
understand intent and capabilities, a defender may be able to see through deception schemes.
In this dissertation, I present three pieces of work to tackle these questions to obtain
a better understanding of cyber threats. First, we introduce a new reasoning framework
to address deception. We evaluate the framework by building a dataset from DEFCON
capture-the-flag exercise to identify the person or group responsible for a cyber attack.
We demonstrate that the framework not only handles cases of deception but also provides
transparent decision making in identifying the threat actor. The second task uses a cognitive
learning model to determine the intent – goals of the threat actor on the target system.
The third task looks at understanding the capabilities of threat actors to target systems by
identifying at-risk systems from hacker discussions on darkweb websites. To achieve this
task we gather discussions from more than 300 darkweb websites relating to malicious
hacking.
attacks. However, this task is difficult for a variety of reasons. In simple terms, it is difficult
to determine who the attacker is, what the desired goals are of the attacker, and how they will
carry out their attacks. These three questions essentially entail understanding the attacker’s
use of deception, the capabilities available, and the intent of launching the attack. These
three issues are highly inter-related. If an adversary can hide their intent, they can better
deceive a defender. If an adversary’s capabilities are not well understood, then determining
what their goals are becomes difficult as the defender is uncertain if they have the necessary
tools to accomplish them. However, the understanding of these aspects are also mutually
supportive. If we have a clear picture of capabilities, intent can better be deciphered. If we
understand intent and capabilities, a defender may be able to see through deception schemes.
In this dissertation, I present three pieces of work to tackle these questions to obtain
a better understanding of cyber threats. First, we introduce a new reasoning framework
to address deception. We evaluate the framework by building a dataset from DEFCON
capture-the-flag exercise to identify the person or group responsible for a cyber attack.
We demonstrate that the framework not only handles cases of deception but also provides
transparent decision making in identifying the threat actor. The second task uses a cognitive
learning model to determine the intent – goals of the threat actor on the target system.
The third task looks at understanding the capabilities of threat actors to target systems by
identifying at-risk systems from hacker discussions on darkweb websites. To achieve this
task we gather discussions from more than 300 darkweb websites relating to malicious
hacking.
ContributorsNunes, Eric (Author) / Shakarian, Paulo (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Baral, Chitta (Committee member) / Cooke, Nancy J. (Committee member) / Arizona State University (Publisher)
Created2018
Description
An examination of 12 darkweb sites involved in selling hacking services - often referred to as ”Hacking-as-a-Service” (HaaS) sites is performed. Data is gathered and analyzed for 7 months via weekly site crawling and parsing. In this empirical study, after examining over 200 forum threads, common categories of services available on HaaS sites are identified as well as their associated topics of conversation. Some of the most common hacking service categories in the HaaS market include Social Media, Database, and Phone hacking. These types of services are the most commonly advertised; found on over 50\% of all HaaS sites, while services related to Malware and Ransomware are advertised on less than 30\% of these sites. Additionally, an analysis is performed on prices of these services along with their volume of demand and comparisons made between the prices listed in posts seeking services with those sites selling services. It is observed that individuals looking to hire hackers for these services are offering to pay premium prices, on average, 73\% more than what the individual hackers are requesting on their own sites. Overall, this study provides insights into illicit markets for contact based hacking especially with regards to services such as social media hacking, email breaches, and website defacement.
ContributorsVincent, Brian W (Author) / Shakarian, Paulo (Thesis advisor) / Candan, Selcuk (Committee member) / Ahn, Gail-Joon (Committee member) / Arizona State University (Publisher)
Created2018
Description
With the increasing complexity of computing systems and the rise in the number of risks and vulnerabilities, it is necessary to provide a scalable security situation awareness tool to assist the system administrator in protecting the critical assets, as well as managing the security state of the system. There are many methods to provide security states' analysis and management. For instance, by using a Firewall to manage the security state, and/or a graphical analysis tools such as attack graphs for analysis.
Attack Graphs are powerful graphical security analysis tools as they provide a visual representation of all possible attack scenarios that an attacker may take to exploit system vulnerabilities. The attack graph's scalability, however, is a major concern for enumerating all possible attack scenarios as it is considered an NP-complete problem. There have been many research work trying to come up with a scalable solution for the attack graph. Nevertheless, non-practical attack graph based solutions have been used in practice for realtime security analysis.
In this thesis, a new framework, namely 3S (Scalable Security Sates) analysis framework is proposed, which present a new approach of utilizing Software-Defined Networking (SDN)-based distributed firewall capabilities and the concept of stateful data plane to construct scalable attack graphs in near-realtime, which is a practical approach to use attack graph for realtime security decisions. The goal of the proposed work is to control reachability information between different datacenter segments to reduce the dependencies among vulnerabilities and restrict the attack graph analysis in a relative small scope. The proposed framework is based on SDN's programmable capabilities to adjust the distributed firewall policies dynamically according to security situations during the running time. It apply white-list-based security policies to limit the attacker's capability from moving or exploiting different segments by only allowing uni-directional vulnerability dependency links between segments. Specifically, several test cases will be presented with various attack scenarios and analyze how distributed firewall and stateful SDN data plan can significantly reduce the security states construction and analysis. The proposed approach proved to achieve a percentage of improvement over 61% in comparison with prior modules were SDN and distributed firewall are not in use.
Attack Graphs are powerful graphical security analysis tools as they provide a visual representation of all possible attack scenarios that an attacker may take to exploit system vulnerabilities. The attack graph's scalability, however, is a major concern for enumerating all possible attack scenarios as it is considered an NP-complete problem. There have been many research work trying to come up with a scalable solution for the attack graph. Nevertheless, non-practical attack graph based solutions have been used in practice for realtime security analysis.
In this thesis, a new framework, namely 3S (Scalable Security Sates) analysis framework is proposed, which present a new approach of utilizing Software-Defined Networking (SDN)-based distributed firewall capabilities and the concept of stateful data plane to construct scalable attack graphs in near-realtime, which is a practical approach to use attack graph for realtime security decisions. The goal of the proposed work is to control reachability information between different datacenter segments to reduce the dependencies among vulnerabilities and restrict the attack graph analysis in a relative small scope. The proposed framework is based on SDN's programmable capabilities to adjust the distributed firewall policies dynamically according to security situations during the running time. It apply white-list-based security policies to limit the attacker's capability from moving or exploiting different segments by only allowing uni-directional vulnerability dependency links between segments. Specifically, several test cases will be presented with various attack scenarios and analyze how distributed firewall and stateful SDN data plan can significantly reduce the security states construction and analysis. The proposed approach proved to achieve a percentage of improvement over 61% in comparison with prior modules were SDN and distributed firewall are not in use.
ContributorsSabur, Abdulhakim (Author) / Huang, Dijiang (Thesis advisor) / Zhang, Yancho (Committee member) / Shakarian, Paulo (Committee member) / Arizona State University (Publisher)
Created2018
Description
In the artificial intelligence literature, three forms of reasoning are commonly employed to understand agent behavior: inductive, deductive, and abductive. More recently, data-driven approaches leveraging ideas such as machine learning, data mining, and social network analysis have gained popularity. While data-driven variants of the aforementioned forms of reasoning have been applied separately, there is little work on how data-driven approaches across all three forms relate and lend themselves to practical applications. Given an agent behavior and the percept sequence, how one can identify a specific outcome such as the likeliest explanation? To address real-world problems, it is vital to understand the different types of reasonings which can lead to better data-driven inference.
This dissertation has laid the groundwork for studying these relationships and applying them to three real-world problems. In criminal modeling, inductive and deductive reasonings are applied to early prediction of violent criminal gang members. To address this problem the features derived from the co-arrestee social network as well as geographical and temporal features are leveraged. Then, a data-driven variant of geospatial abductive inference is studied in missing person problem to locate the missing person. Finally, induction and abduction reasonings are studied for identifying pathogenic accounts of a cascade in social networks.
This dissertation has laid the groundwork for studying these relationships and applying them to three real-world problems. In criminal modeling, inductive and deductive reasonings are applied to early prediction of violent criminal gang members. To address this problem the features derived from the co-arrestee social network as well as geographical and temporal features are leveraged. Then, a data-driven variant of geospatial abductive inference is studied in missing person problem to locate the missing person. Finally, induction and abduction reasonings are studied for identifying pathogenic accounts of a cascade in social networks.
ContributorsShaabani, Elham (Author) / Shakarian, Paulo (Thesis advisor) / Davulcu, Hasan (Committee member) / Maciejewski, Ross (Committee member) / Decker, Scott (Committee member) / Arizona State University (Publisher)
Created2019