Cyber Operations, Defence, and Forensics
Permanent URI for this collection
Browse
Recent Submissions
Item Tuning Hyperparameters for DNA-based Discrimination of Wireless Devices(2021-01-05) Bihl, Trevor; Schoenbeck , Joseph; Rondeau, Christopher; Jones, Aaron; Adams, YukiThe Internet of Things (IoT) and Industrial IoT (IIoT) is enabled by Wireless Personal Area Network (WPAN) devices. However, these devices increase vulnerability concerns of the IIoT and resultant Critical Infrastructure (CI) risks. Secure IIoT is enabled by both pre-attack security and post-attack forensic analysis. Radio Frequency (RF) Fingerprinting enables both pre- and post-attack security by providing serial-number level identification of devices through fingerprint characterization of their emissions. For classification and verification, research has shown high performance by employing the neural network-based Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifier. However, GRLVQI has numerous hyperparameters and tuning requires AI expertise, thus some researchers have abandoned GRLVQI for notionally simpler, but less accurate, methods. Herein, we develop a fool-proof approach for tuning AI algorithms. For demonstration, Z-Wave, an insecure low-power/cost WPAN technology, and the GRLVQI classifier are considered. Results show significant increases in accuracy (5% for classification, 50% verification) over baseline methods.Item Insight from a Containerized Kubernetes Workload Introspection(2021-01-05) Watts, Thomas; Benton, Ryan; Shropshire, Jordan; Bourrie, DavidDevelopments in virtual containers, especially in the cloud infrastructure, have led to diversification of jobs that containers are being used to support, particularly in the big data and machine learning spaces. The diversification has been powered by the adoption of orchestration systems that marshal fleets of containers to accomplish complex programming tasks. The additional components in the vertical technology stack, plus the continued horizontal scaling have led to questions regarding how to forensically analyze complicated technology stacks. This paper proposed a solution through the use of introspection. An exploratory case study has been conducted on a bare-metal cloud that utilizes Kubernetes, the introspection tool Prometheus, and Apache Spark. The contribution of this research is two-fold. First, it provides empirical support that introspection tools can acquire forensically viable data from different levels of a technology stack. Second, it provides the ground work for comparisons between different virtual container platforms.Item HoneyCode: Automating Deceptive Software Repositories with Deep Generative Models(2021-01-05) Nguyen, David; Liebowitz, David; Nepal, Surya; Kanhere, SalilWe propose HoneyCode, an architecture for the generation of synthetic software repositories for cyber deception. The synthetic repositories have the characteristics of real software, including language features, file names and extensions, but contain no real intellectual property. The fake software can be used as a honeypot or form part of a deceptive environment. Existing approaches to software repository generation lack scalability due to reliance on hand-crafted structures for specific languages. Our approach is language agnostic and learns the underlying representations of repository structures, filenames and file content through a novel Tree Recurrent Network (TRN) and two recurrent networks (RNN) respectively. Each stage of the sequential generation process utilises features from prior steps, which increases the honey repository’s authenticity and consistency. Experiments show TRN generates tree samples that reduce degree mean maximal distance (MMD) by 90-92% and depth MMD by 75-86% to a held out test data set in comparison to recent deep graph generators and a baseline random tree generator. In addition, our RNN models generate convincing filenames with authentic syntax and realistic file content.Item Cybersecurity Risk Assessment Framework for Externally Exposed Energy Delivery Systems(2021-01-05) Gourisetti, Sri Nikhil Gupta; Touhiduzzaman, Md; Ashley, Travis; Pal, Seemita; Mckenzie, PennySecuring the energy delivery system (EDS) from complex, nonlinear, and evolving cyber threats requires a complex set of changing and interwoven classes of technologies, policies, relationships, and personnel. One key area in this technological milieu is assessment methodologies to compare information, gathered by a variety of means, about networked devices with publicly known possible threat information about said devices. This information is used to generate risk-based characterizations that allow for the adjudication and proper corresponding management action chains to be assigned. \color{blue}To address the current cybersecurity needs in the operational technology (OT) domain, we developed a novel relative-risk assessment framework and a software application called MEEDS that can detect exposed OT systems. This paper presents the detailed architecture of relative-risk assessment framework methodology and its integral role in the MEEDS software. The efficacy of the presented framework is demonstrated by testing with the real-world systems and vulnerabilities pertaining to the industrial control systems (ICS) in critical infrastructures.Item Introduction to the Minitrack on Cyber Operations, Defence, and Forensics(2021-01-05) Choo, Kim-Kwang Raymond; Grispos, George; Glisson, William