Master of Science, University of Toledo, 2020, Engineering (Computer Science)

This thesis titled "Practice-Oriented Cybersecurity Training Framework" offers training applications that will be used as a pedagogy improving tool in the field of cybersecurity education. We believe involving students in active learning by including hands-on intuitive activities to be highly effective in the field of cybersecurity education. The Practice-Oriented training framework contains three malicious android applications namely Email-Lite-Scare, Shop-Shock-Struck and Play- Read-Disrupt that have been developed. The malicious applications are pretend malware that portray the signature behaviors of scareware, ransomware and privacy extortion respectively. To involve students and also to establish an active-learning environment an android application is provided to students as self-exploratory cybersecurity exercise. Psychological learning is emphasized in this approach by exercising the application extensively. Through this we aim to make them cyber aware to recognize new threats and respond to mitigate them. The primary focus of this study is on finding innovative and productive ways to expose high school students to cybersecurity. With advances in technology and the growth in the use of the internet through mobile devices, cybercrime has led to greater exposure for organizations and individuals. Teenagers are easy targets of these cybercrimes, as educating students on current cyber-attacks is seen as a powerful tool to teach cybersecurity, there is a need to educate them on cybersecurity trends. Practice-Oriented cybersecurity training framework is a tool to bridge the skill-gap. The underlying goals also include to develop a security mindset, spread awareness on threats associated with smartphone/tablet usage, and to inculcate interest in cybersecurity careers among high school students. This work contributes to "InviteCyber" project for high school students.

Committee: Ahmad Y Javaid (Committee Chair); Devinder Kaur (Committee Member); Weiqing Sun (Committee Member) Subjects: Academic Guidance Counseling; Computer Engineering; Computer Science; Curriculum Development; Education

Master of Science, University of Toledo, 2020, Engineering (Computer Science)

Technology developments and the growth in the use of the Internet through mobile devices have contributed to greater visibility of cybercrime by organizations and individuals. As teens are easy targets of these cybercrimes, they need to be trained on developments in cybersecurity as educating students on current cyber attacks is seen as a powerful tool to teach cybersecurity. This work presents a pedagogical strategy to train students to recognise and respond to potential attacks to alleviate them. This is achieved by cybersecurity activities based on observational, experiential, and real-life practice. Two malicious phishing android applications have been developed, namely Social-Phish, Chat-Phish, and one focusing on cyber-secure practices, namely Quiz Your Permissions. By thoroughly exercising the application, psychological learning is emphasized in this approach. The underlying objectives of this research are to establish a security mindset, to raise awareness of threats associated with the use of smartphones and tablets, and to instill interest among high school students in cybersecurity careers.

Committee: Ahmad Y Javaid (Committee Chair); Devinder Kaur (Committee Member); Weiqing Sun (Committee Member) Subjects: Computer Engineering; Curriculum Development; Education

PhD, University of Cincinnati, 2024, Engineering and Applied Science: Computer Science and Engineering

The meteoric rise in software and technology has altered the paradigm of information security and privacy. Classified information, stored earlier behind locked doors, is now stored on the internet on servers that can be accessed from anywhere on the globe. As a result of these advancements, we are now vulnerable to cyber-attacks. Cyber-attacks are defined as unwelcome attempts to steal, expose, alter, disable, or destroy information through unauthorized access to computer systems. Cyber-attacks are becoming more common and there is a cyber-attack on businesses once every 11 seconds. The rate of detection (or prosecution) is also extremely low and in the US only 0.05% of cyber-attacks get detected. These attacks are carried out by highly skilled professionals, and they result in severe financial losses to individuals and organizations. So, to protect ourselves from these attacks, we need a cybersecurity workforce. The Department of Defense (DoD) defines the cybersecurity workforce as the personnel who secure, defend, and preserve data, networks, net-centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place. Currently, there is a rising demand for a cybersecurity workforce, but not enough skilled people to fulfill it. There is also a need to create awareness among the general population to mitigate the risks of cyber-attacks. To address these problems, we have developed a gaming application that can create awareness about the importance of cybersecurity and motivate more people to pursue careers in cybersecurity. Additionally, we analyze the usefulness of this application in various use cases.

Committee: John Franco Ph.D. (Committee Chair); Albert Klein, Jr. Ph.D. L.L.M. J.D. (Committee Member); Jeffrey Kastner Ph.D. (Committee Member); FNU NITIN Ph.D. (Committee Member); William Hawkins Ph.D. (Committee Member) Subjects: Computer Science

Master of Science, University of Toledo, 2021, Engineering (Computer Science)

With the advancement in technology and the rapid increase in the use of the internet through smart devices, users are increasingly exposed to cyber-crimes. Due to the limited training on cybersecurity and cyber-safe practices, young adults are especially an easy target for these cybercrimes. It is also well-known that there is a need to enhance organizations' cybersecurity capabilities while spreading cybersecurity awareness among the masses. To the former cause, degree programs have been established throughout the US to train the workforce; however, it has proved to be not enough. Therefore, we propose developing and integrating plug-and-play modules for CS/CSE undergraduate courses at various levels to develop a security mindset among these students and inculcate interest in a cybersecurity career. Irrespective of what domain of CS/CSE the students decide to pursue as a career, these modules would attempt to teach cybersecurity throughout an existing CS/CSE program. This paper presents one such module in the form of a visualization tool that describes cryptography and its basics for a sophomore discrete mathematics course. Specifically, the tool demonstrates the mathematical foundations of cryptography, the implementation of the RSA algorithm, and a real-world scenario to showcase the utility of encryption. Related results demonstrating the efficacy of the tool are presented.

Committee: Ahmad Y Javaid Dr (Committee Chair); Devinder Kaur Dr (Committee Member); Weiqing Sun Dr (Committee Member); Niyaz Quamar Dr (Committee Member); Xiaoli Yang Dr (Committee Member) Subjects: Computer Engineering; Computer Science; Curricula; Curriculum Development