Doctor of Philosophy (PhD), Wright State University, 2023, Computer Science and Engineering PhD

Insider threats to information security have become a burden for organizations. Understanding insider activities leads to an effective improvement in identifying insider attacks and limits their threats. This dissertation presents three systems to detect insider threats effectively. The aim is to reduce the false negative rate (FNR), provide better dataset use, and reduce dimensionality and zero padding effects. The systems developed utilize deep learning techniques and are evaluated using the CERT 4.2 dataset. The dataset is analyzed and reformed so that each row represents a variable length sample of user activities. Two data representations are implemented to model extracted features in gray encoding (GE) and kernel density estimator (KDE) with cumulative distribution function (CDF). Additionally, sentiment analysis and unique coding are assigned to each category of user activities so that the detection model can distinguish all activities, the correlation between activities, and the temporal characteristics of the activities. The first detection system is a Long-Short-Term Memory (LSTM) network. The first detection system reduced FNR, but the performance degraded as the dataset's size increased. The second detection system combines convolutional neural networks (CNN) and LSTM networks. Processing and modeling of the dataset created two problems that hindered the performance of the previous two detection systems (1) dimensionality and (2) vanishing short rows due to zero padding. The last detection system aims to reduce the curse of dimensionality and short rows vanishing. Two neural models are utilized, embedding layer and autoencoder. The embedding layer removes padded zeros and produces dense embedded output. The autoencoder compresses the input data samples to a shorter length and feeds the processed data samples to the detection model. All detection systems presented a high performance in classifying users' activities and detecting insider threats. The first (open full item for complete abstract)

Committee: Bin Wang Ph.D. (Advisor); Soon M. Chung Ph.D. (Committee Member); Meilin Liu Ph.D. (Committee Member); Zhiqiang Wu Ph.D. (Committee Member) Subjects: Artificial Intelligence; Computer Engineering; Computer Science; Engineering; Information Science; Information Technology

MS, University of Cincinnati, 2021, Education, Criminal Justice, and Human Services: Information Technology

The cyberspace is one of the most complex systems ever built by humans, the utilization of cybertechnology resources are used ubiquitously by many, but sparsely understood by the majority of the users. In the past, cyberattacks are usually orchestrated in a random pattern of attack to lure unsuspecting targets. More evidence has demonstrated that cyberattack knowledge is shared among individuals using social media and hacker forums in the virtual ecosystem. Previous research work focused on using machine learning algorithms (SVM) to identify threats [1]. Rodriguez et al. utilized sentiments and data mining techniques in classifying threats [2]. This research developed a novel framework for identifying threats and predicting vulnerability exposure. The methodology used in this research combined information extracted from the deep web and surface web containing technical indicators of threats. This thesis showcased that potential cyberthreat can be predicted from open-source data using a deep learning algorithm (LSTM). The developed model utilized open-source intelligence to identify existing threat in an input search and identify the severity level of the threat by crawling the National vulnerability Database(NVD) and Common Vulnerabilities and Exposures (CVE) Database for a list of published threats related to the search term with an accuracy of 91%, precision of 90% and recall of 91% on test data

Committee: Bilal Gonen Ph.D. (Committee Chair); Nelly Elsayed Ph.D. (Committee Member); M. Murat Ozer Ph.D. (Committee Member) Subjects: Information Technology

Master of Arts in Psychology, Cleveland State University, 2015, College of Sciences and Health Professions

This study examined age-related differences in processing emotionally valenced objects. Previous studies with younger adults have found that negatively valenced stimuli, such as threatening objects, attract attention involuntarily compared to positively valenced stimuli. The authors suggested that the rapid detection of threatening stimuli has potential adaptive value. The present study was therefore designed to provide the possibility of obtaining converging evidence for this claim using both behavioral and electrophysiological measures. In addition I examined in the present study whether or not the involuntary capture by emotionally valenced objects would be observed in older adults. The cuing paradigm used by Lien, Taylor, and Ruthruff (2013) was applied in the present study. Participants identified the gender of a fearful face in the display. Preceding the target, two cues were presented one emotional [threatening or positive] and one neutral) for 125 ms. The emotional cue was presented either in the same location as the target (25% of the trials; valid) or in a different location (75% of the trials; invalid). Thus, there was no incentive to allocate attention to the emotional cue. The event-related potential (ERP) component of N2pc was used to index spatial attention. The ERP and behavioral data using the Cue-Validity paradigm strongly support that the emotional cues captured attention.

Committee: Conor McLennan PhD (Committee Chair); Allen Philip PhD (Committee Member); Mei-Ching Lien PhD (Committee Member) Subjects: Physiology; Psychology

Doctor of Philosophy, Case Western Reserve University, 2014, EECS - Computer Engineering

Due to multiple untrusted components in integrated circuits (ICs) life cycle, malicious modifications of integrated circuits in design houses or foundries have emerged as a major security threat. Such modifications, popularly referred to as Hardware Trojan attacks, are extremely difficult to detect during manufacturing test. Effectiveness of traditional logic testing and side-channel analysis based detection approaches are limited by their capability in meeting complex Trojan trigger conditions and the masking effect due to large process variations, respectively. In this thesis, we analyze hardware Trojan attacks of various forms from both an attacker's and a defender's perspectives, with the final goal of developing effective defense mechanisms to thwart Trojan attacks and protect ICs security. From an attacker's point of view, we explore the design space of hardware Trojan by developing innovative and efficient Trojan design techniques at different stages of IC development. Hardware Trojans are designed and implemented to cause system malfunction and critical information leakage. Novel circuit level design techniques are investigated for minimizing Trojan side-channel fingerprint. A new class of hardware Trojans is proposed that can be mounted in Static-Random-Access Memories (SRAMs) to tamper data integrity in embedded memories (e.g. processor cache), which also validates the feasibility of mounting general hardware Trojan attacks in foundries by manipulating design layouts. As effective defense measures, we propose two robust side-channel analysis based Trojan detection approaches that do not require a golden IC instance thus eliminate process noises. Finally, as a Design-for-Security (DfS) technique, the concept of Infrastructure IP for Security (IIPS) is proposed and implemented to provide comprehensive protections against various forms of hardware attacks. Both circuit-level simulations and experimental results are provided demonstrate the effec (open full item for complete abstract)

Committee: Swarup Bhunia (Advisor); Christos Papachristou (Committee Member); Francis Merat (Committee Member); Andy Podgurski (Committee Member) Subjects: Computer Engineering