Filtering by
- All Subjects: Cybersecurity
- Creators: Computer Science and Engineering Program
- Resource Type: Text
Fuzzing is currently a thriving research area in the cybersecurity field. This work begins by introducing code that brings partial replayability capabilities to AFL++ in an attempt to solve the challenge of the highly random nature of fuzzing that comes from the large amount of random mutations on input seeds. The code addresses two of the three sources of nondeterminism described in this work. Furthermore, this work introduces Fuzzing Debugger (FDB), a highly configurable framework to facilitate the debugging of fuzzing by interfacing with GDB. Three debugging modes are described which attempt to tackle two use cases of FDB: (1) pinpointing nondeterminism in fuzz runs, therefore paving the way for replayable fuzz runs and (2) systematically finding preferable stopping points seed analysis.
Machine learning has a near infinite number of applications, of which the potential has yet to have been fully harnessed and realized. This thesis will outline two departments that machine learning can be utilized in, and demonstrate the execution of one methodology in each department. The first department that will be described is self-play in video games, where a neural model will be researched and described that will teach a computer to complete a level of Super Mario World (1990) on its own. The neural model in question was inspired by the academic paper “Evolving Neural Networks through Augmenting Topologies”, which was written by Kenneth O. Stanley and Risto Miikkulainen of University of Texas at Austin. The model that will actually be described is from YouTuber SethBling of the California Institute of Technology. The second department that will be described is cybersecurity, where an algorithm is described from the academic paper “Process Based Volatile Memory Forensics for Ransomware Detection”, written by Asad Arfeen, Muhammad Asim Khan, Obad Zafar, and Usama Ahsan. This algorithm utilizes Python and the Volatility framework to detect malicious software in an infected system.
During October 2022, I contributed to the annual Cybersecurity Awareness Month (CSAM) program at Arizona State University (ASU). 4 cybersecurity domains were explored during the month: phishing, password hygiene, physical security, and social media security. The scope of my work involved designing and developing activities related to phishing and social media security. The deliverables included 8 emails for the ‘Spot the Phish’ activity, an educational flier on phishing indicators, discussion questions for The Tinder Swindler documentary, and a password security question guessing game. I also collected feedback from students and faculty who participated in ‘Spot the Phish’ and the security question game. Participants answered questions about the difficulty of the activities and how their cybersecurity knowledge improved. The security question game didn’t have much participation, so there wasn’t much information to gather from the feedback. The ‘Spot the Phish’ activity had over 50 feedback submissions. That data suggested that the ‘Spot the Phish’ activity improved participants’ confidence in identifying phishing emails. After reviewing the feedback and my own anecdotal experience conducting the activities, I looked into research regarding tools for cybersecurity education. Based on that research, I designed new activities to better inform students and faculty about phishing and social media security for 2023 CSAM.
This thesis explores how large scale cyber exercises work in the 21st century, going in-depth on Exercise Cyber Shield, the Department of Defense’s largest unclassified cyber defense exercise run by the Army National Guard. It highlights why these cyber exercises are so relevant, going over several large scale cyber attacks that have occurred in the past year and the impact they caused. This research aims to illuminate the intricacies around cyber exercise assessment involving manual vs automated scoring systems; this is brought back to work on creating an automated scoring engine for Exercise Cyber Shield. This thesis provides an inside look behind the scenes of the operations of the largest unclassified cyber defense exercise in the United States, including conversations with the Exercise Officer-In-Charge of Cyber Shield as well as a cyber exercise expert working on assessment of Exercise Cyber Shield, and the research also includes information from past final reports for Cyber Shield. Issues that these large scale cyber exercises have faced over the years are brought to light, and attempts at solutions are discussed.