1 - 4 of 4
ItemCollaborative Intrusion Detection leveraging Blockchain and Pluggable Authentication Modules( 2020-01-07)As the threat of cyber attack grows ever larger, new approaches to security are required. While there are several different types of intrusion detection systems (IDS), collaborative IDS (CIDS) offers particular promise in identifying distributed, coordinated attacks that might otherwise elude detection. Even for CIDS, there are unresolved issues associated with trusting participants and aggregating data. Blockchain technology appears capable of addressing those issues if practical implementation strategies can be developed. To that end, we implement an Ethereum blockchain-based CIDS leveraging pluggable authentication modules. Our system is specifically crafted to detect doorknob rattling attacks by immutably recording login activity in a blockchain-protected ledger.
ItemToward a Mathematical Understanding of the Malware Problem( 2020-01-07)Malware plays a significant role in breaching computer systems. Previous research has focused on malware detection even though detection is up against theoretical limits in computer science and current methods are inadequate in practice. We explain the susceptibility of computation to malware as a consequence of the instability of Turing and register machine computation. The behavior of a register machine program can be sabotaged, by making a very small change to the original, uninfected program. Stability has been studied extensively in dynamical systems and in engineering fields such as aerospace. Our primary contribution introduces mathematical tools from topology and dynamical systems to explain why register machine computation is susceptible to malware sabotage. A correspondence is constructed such that one computational step of a Turing machine maps to one iteration of a dynamical system in the x-y plane and vice versa. Using this correspondence, another contribution defines and demonstrates a structural instability in a Universal Turing machine encoding. One research direction proposes to better understand instability in conventional computation by studying non-isolated metrics on the space of Turing machines; another suggests searching for stable computation in unconventional machines.
ItemCARTT: Cyber Automated Red Team Tool( 2020-01-07)Military weapon systems are often built using embedded, non-IP (Internet Protocol) based computer systems that are not regularly updated and patched due to their isolation. As adversaries expand their capability to exploit and penetrate these systems, we must be able to verify they are not susceptible to cyber-attack. Currently, cyber red teams are employed to assess the security of systems and networks in isolated environments, however, this method can be costly and time-consuming, and the availability of red teams is limited. To address this need and resource shortfall, we have developed the Cyber Automated Red Team Tool (CARTT) that leverages open source software and methods to discover, identify, and conduct a vulnerability scan on a computer system’s software. The results of the vulnerability scan offer possible mitigation strategies to lower the risk from potential cyber-attacks without the need for a dedicated cyber red team operating on the target host or network.