Cyber Security, Operations, Defense, and Forensics

Permanent URI for this collectionhttps://hdl.handle.net/10125/112557

Browse

Recent Submissions

Now showing 1 - 6 of 6
  • Thumbnail Image
    Item type: Item ,
    Evading Detection or Triggering False Alarms? A Character Level Adversarial Attack on LLM Detection of Arabic Social Media Bots
    (2026-01-06) Melhem , Abdullah; Aleroud, Ahmed; Albert, Craig
    In conflict-affected regions, social media users often try to evade AI and Machine Learning (ML) moderation systems by making subtle visual alterations to text, such as modifying diacritic dots while keeping the content understandable to human readers. This poses a challenge to modern detection pipelines, as AI systems are increasingly employed for content filtering and the detection of toxic content such as hate speech. Such threats are sometimes facilitated through social bots or campaigns with strong emotional tones, specifically in Arabic. We demonstrate that these automated systems are vulnerable to a subtle, linguistically grounded adversarial attack that evades detection by automatically and objectively altering the placement of diacritic dots in Arabic characters. Our dot-level adversarial attack reduces the performance of traditional deep learning sentiment classifiers and modern open-source LLMs (e.g., Mistral via Ollama) used for bot detection and content moderation. Evaluations on Telegram messages and benchmark Arabic datasets demonstrate significant drops in classification accuracy and a satisfactory attack success rate, even with minimal perturbations. This work reveals how bot operators can evade LLM-based detection pipelines. The results highlight the need for robust defenses that account for orthographic manipulation in morphologically rich languages like Arabic, particularly in politically polarized regions where bot-driven campaigns often target public opinion.
  • Thumbnail Image
    Item type: Item ,
    Introduction of Gabor Transform Features for an Internet of Things Security Paradigm
    (2026-01-06) Hessman, Reid; Rondeau, Christopher; Temple, Michael
    As the proliferation of Internet of Things (IoT) devices spreads across critical infrastructure sectors, the threat likewise increases as attack vectors become proportionally more serious. It is necessary to balance protection complexity and operational disruption while providing resilient and effective security solutions. Distinct Native Attribute (DNA) fingerprinting using RF Signal Gabor transform (GTX) features has proven to be computationally inexpensive and robust in physical (PHY) layer applications. This work combines GTX discrimination gains with data dimensional reduction using GTX-derived images to achieve effective DNA fingerprinting—this is done using lower-dimensional images of Radio Frequency (RF) signal Gabor transform responses to perform Image Domain DNA (ID-DNA) Fingerprinting. ID-DNA Fingerprinting performance includes accurate device classification of %C = 90% and reliable detection of rogue devices at a Rogue Rejection Rate (RRR) of RRR = 90%.
  • Thumbnail Image
    Item type: Item ,
    Reinforcement Learning and Hidden Markov Models for Simulating and Analyzing Social Engineering Attacks
    (2026-01-06) Sachithanandam, Bharkavi; Abri, Faranak; Ishigaki, Genya; Webb, Jade
    The Internet has revolutionized communication and connectivity on a global scale. Although this technological advancement has made human life easier, it has also led to an increase in sophisticated online exploitation methods. Social engineering is a prominent threat, as attackers strive to manipulate their victims into divulging sensitive details. Understanding the dynamics of social engineering is crucial for developing measures to prevent individuals and companies from falling prey to deceptive tactics. Therefore, gaining insight into the attacker's strategy is imperative. This paper models a rational attacker’s behavior as a Markov Decision Process (MDP) and applies Reinforcement Learning (RL) algorithms to derive optimal policies on MDP. This study also proposes a method to infer hidden state sequences when direct state information is unavailable. By mapping each MDP state to a Hidden Markov Model (HMM) state and using optimal actions as observations, the HMM structure is leveraged to estimate underlying state sequences.
  • Thumbnail Image
    Item type: Item ,
    Virtual Private Networks over Satellite Communication Systems in Support of Secure Telemedical Communication in Expeditionary Environments
    (2026-01-06) Cohen, Joshua; Mceachen, John; Tummala, Murali
    While the U.S. Military continues to deploy around the world, the need for medical support in austere environments remains. The ability to effectively fulfill this need is augmented by the use of telemedical support. The ability to effectively provide telemedical assistance from afar requires the use of satellite communications and often resorts to civilian service providers. This paper evaluates the efficacy of using satellite networks with the added security and privacy of virtual private networks (VPNs). We evaluate the performance impact of internet protocol security (IPsec), OpenVPN, and Wireguard when applied over a geostationary satellite provider, Viasat, and a low Earth orbit satellite provider, Starlink. We find that the implementation of VPNs induces a small but consistent performance impact on latency and a negligible impact on Inter-Packet Delay Variation. The implementation of a VPN results in a reduction in throughput, especially in download throughput. We specifically find that OpenVPN has the largest impact on throughput with Wireguard providing the highest overall throughput. IPsec is the most consistently performing VPN and is our recommendation for enterprise applications.
  • Thumbnail Image
    Item type: Item ,
    Your Bulb Has Trust Issues
    (2026-01-06) Powell, Kaleigh; Glisson, William Bradley
    Your smart bulb might be lighting up your room, but it could also be lighting up vulnerabilities in your network. As smart homes are filled with IoT devices, security often takes a backseat to convenience, especially with popular open-source firmware like Tasmota. This research investigates how a malicious actor who has access to a vulnerable local network device could hijack a Tasmota-flashed smart bulb. By changing web console and WiFi credentials, the attacker could virtually block the owner's access to their device. Through a series of scripted payloads, the study considered credential persistence, exploit efficiency, and the impact of scaling up device counts. The results show that with minimal effort, attackers can persistently compromise smart bulbs, revealing a critical gap in home network security. These findings show a clear proof-of-concept for low-complexity lateral movement attacks on IoT devices, underscoring the need for stronger local network defenses and smarter firmware defaults.
  • Thumbnail Image
    Item type: Item ,
    Introduction to the Minitrack on Cyber Security, Operations, Defense, and Forensics
    (2026-01-06) Glisson, William Bradley; Grispos, George; Mcdonald, Jeffrey