Cyber Operations, Defense, and Forensics
Permanent URI for this collectionhttps://hdl.handle.net/10125/107573
Browse
Recent Submissions
Item type: Item , Environmental Factors that Hinder an Organization’s Ability to Learn from Cyber Incidents: A Case Study on SolarWinds(2024-01-03) Bulgurcu, Burcu; Mashatan, Atefeh (Atty)This research focuses on identifying the environmental factors that impact an organization's ability, or lack thereof, to learn from cyber incidents: an organized and structural approach to address cybersecurity breaches with the aim of mitigating harm by minimizing the associated costs and the time required for recovery. The results of our research, based on an in-depth analysis of the data collected from interviews with 12 cybersecurity professionals on how their organization handled the massive SolarWinds attack, show that the practice of incident response often involves short-term and tactical steps as opposed to strategic initiatives, such as reframing of cyber policies, risk assessment processes, and proactive investment, which are more long-term in nature. We present the challenges that inhibit organizations’ capacity to strategically learn from cyber incidents related to internal environment, as well as micro- and macro-environment and provide a discussion on how organizations could overcome these challenges.Item type: Item , Identifying Subdomain Doppelganger Attacks against Companies(2024-01-03) Simpson, Geoffrey; Moore, TylerCybercriminals regularly impersonate organizations when carrying out attacks. This paper investigates a tactic that has not been studied previously. In so-called doppelganger attacks, miscreants register domains similar to legitimate subdomains used by organizations. Investigation of domain registration data from 2009-2022 uncovers 84,952 1st-party doppelganger attacks that mimic valid subdomains of organization websites, plus a further 5,448 3rd-party doppelgangers in which service providers used by organizations are impersonated. By analyzing patterns of the gathered data, the paper studies how victims are affected and attackers organize their activities. It is hoped that by raising awareness to this attack technique, future malicious activities may be curtailed.Item type: Item , CAVA: Cognitive Aid for Vulnerability Analysis(2024-01-03) Kim, Evelyn; Fugate, Sunny; Lebiere, Christian; Barbieux, Aidan; Buch, Jonathan; Cho, Jaehoon; Cranford, Edward; Divita, Joseph; Johnson, Jeremy; Levy, Mia; Maldonado, Froylan; Marsh, Brianna; Morrison, Donald; Rego, Jocelyn; Sayer, Mitchell; Waagen, Alex; Bhattacharyya, RajanBecoming a reverse engineer (RE) requires rigorous training and understanding of program structure and functionality, and experts develop heuristic strategies and intuitions from real-world experiences. This paper attempts to capture REs’ strategies and intuitions within a predictive cognitive model and demonstrate the feasibility of assisting novice REs using an intelligent recommender called CAVA (Cognitive Aid for Vulnerability Analysis). CAVA leverages physiological sensors to assess a novice’s cognitive states and provides real-time visual hints when the novice’s attention and engagement diminish. We instrumented Ghidra and conducted pilot experiments with REs. Open-loop experiments with 9 REs confirmed the feasibility of identifying novices from experts using physiological signals, and a pilot closed-loop experiment tested the feasibility of providing visual recommendations to a novice. Despite challenges in recruiting REs, our progress suggests that CAVA is a promising approach to improve novice performance and our understanding of experts’ behavior when performing complex real-world reverse engineering tasks.Item type: Item , Introduction to the Minitrack on Cyber Operations, Defense, and Forensics(2024-01-03) Mcdonald, Jeffrey; Menard, Philip; Glisson, William