Master of Science, University of Toledo, 2020, Engineering (Computer Science)

This thesis titled "Practice-Oriented Cybersecurity Training Framework" offers training applications that will be used as a pedagogy improving tool in the field of cybersecurity education. We believe involving students in active learning by including hands-on intuitive activities to be highly effective in the field of cybersecurity education. The Practice-Oriented training framework contains three malicious android applications namely Email-Lite-Scare, Shop-Shock-Struck and Play- Read-Disrupt that have been developed. The malicious applications are pretend malware that portray the signature behaviors of scareware, ransomware and privacy extortion respectively. To involve students and also to establish an active-learning environment an android application is provided to students as self-exploratory cybersecurity exercise. Psychological learning is emphasized in this approach by exercising the application extensively. Through this we aim to make them cyber aware to recognize new threats and respond to mitigate them. The primary focus of this study is on finding innovative and productive ways to expose high school students to cybersecurity. With advances in technology and the growth in the use of the internet through mobile devices, cybercrime has led to greater exposure for organizations and individuals. Teenagers are easy targets of these cybercrimes, as educating students on current cyber-attacks is seen as a powerful tool to teach cybersecurity, there is a need to educate them on cybersecurity trends. Practice-Oriented cybersecurity training framework is a tool to bridge the skill-gap. The underlying goals also include to develop a security mindset, spread awareness on threats associated with smartphone/tablet usage, and to inculcate interest in cybersecurity careers among high school students. This work contributes to "InviteCyber" project for high school students.

Committee: Ahmad Y Javaid (Committee Chair); Devinder Kaur (Committee Member); Weiqing Sun (Committee Member) Subjects: Academic Guidance Counseling; Computer Engineering; Computer Science; Curriculum Development; Education

Master of Science, University of Akron, 2009, Computer Science

Reverse engineering malware has been an integral part of the world of security. At best it has been employed for signature logging malware until now. Since the evolution of new age technologies, this is now being researched as a robust methodology which can lead to more reactive and proactive solutions to the modern security threats that are growing stronger and more sophisticated. This research in its entirety has been an attempt to understand the in and outs of reverse engineering pertaining to malware analysis, with an eye to the future trends in security.Reverse engineering of malware was done with Nugache P2P malware as the target showing that signature based malware identification is ineffective. Developing a proactive approach to quickly identifying malware was the objective that guided this research work. Innovative malware analysis techniques with data mining and rough sets methodologies have been employed in this research work in the quest of a proactive and feasible security solution.

Committee: Kathy J. Liszka PhD (Advisor) Subjects: Computer Science; Engineering; Experiments; Systems Design

Master of Computer Science (M.C.S.), University of Dayton, 2023, Computer Science

In today's interconnected digital landscape, the surge in malicious websites has caused a significant number of cyber-attacks and data breaches. These malicious entities largely employ JavaScript to execute attacks on web browsers. It is becoming increasingly apparent that attackers can evade traditional mechanisms, such as lexical analysis, content examination, and blacklists, through code obfuscation, which disguises the true intent of the code, and polymorphic or metamorphic code that alters itself with each execution. These techniques make it difficult for traditional static analysis tools to detect dynamically generated or altered code characteristics of sophisticated, evolving threats. Considering these challenges, notable research has progressed, proposing dynamic approaches that monitor JavaScript behavior in real-time. These dynamic methods can identify malicious patterns and activities, offering a significant advancement over static analysis by detecting and mitigating threats as they occur. This thesis introduces an innovative runtime analysis method for JavaScript that encompasses all JavaScript executions, including traditionally on-the-fly generated code and advanced evasion techniques. Our approach centrally applies the security reference monitor technique, which mediates JavaScript's security-sensitive operations during execution. This includes closely monitoring function calls and property access, ensuring a thorough capture of runtime behaviors, and effectively mitigating the risk of attack, regardless of the code's structure or the obfuscation techniques employed. We have implemented this method as an extension in the Chromium browser to intercept and log about 59 security-sensitive JavaScript operations, demonstrating its applicability in a real-world web browsing environment. To evaluate the effectiveness of our framework, we have developed a toolset to automate the execution of the Chromium browser with our extension on a large-sc (open full item for complete abstract)

Committee: Phu Phung (Advisor); Zhongmei Yao (Committee Member); Tianming Zhao (Committee Member) Subjects: Computer Science

Master of Science in Cyber Security (M.S.C.S.), Wright State University, 2022, Computer Science

The increasing sophistication of malware has made detecting and defending against new strains a major challenge for cybersecurity. One promising approach to this problem is using machine learning techniques that extract representative features and train classification models to detect malware in an early stage. However, training such machine learning-based malware detection models represents a significant challenge that requires a large number of high-quality labeled data samples while it is very costly to obtain them in real-world scenarios. In other words, training machine learning models for malware detection requires the capability to learn from only a few labeled examples. To address this challenge, in this thesis, we propose a novel adversarial reprogramming model for few-shot malware detection. Our model is based on the idea to re-purpose high-performance ImageNet classification model to perform malware detection using the features of malicious and benign files. We first embed the features of software files and a small perturbation to a host image chosen randomly from ImageNet, and then create an image dataset to train and test the model; after that, the model transforms the output into malware and benign classes. We evaluate the effectiveness of our model on a dataset of real-world malware and show that it significantly outperforms baseline few-shot learning methods. Additionally, we evaluate the impact of different pre-trained models, different data sizes, and different parameter values. Overall, our results suggest that the proposed adversarial reprogramming model is a promising direction for improving few-shot malware detection.

Committee: Lingwei Chen Ph.D. (Advisor); Tanvi Banerjee Ph.D. (Committee Member); Junjie Zhang Ph.D. (Committee Member) Subjects: Computer Engineering; Computer Science; Information Technology

Master of Science (MS), Wright State University, 2018, Computer Science

Career opportunities for malware analysts are growing at a fast pace due to the evolving nature of cyber threats as well as the necessity to counter them. However, employers are often unable to hire analysts fast though due to a lack of the required skillset. Hence, the primary purpose of the thesis is to conduct a gap analysis between the binary analysis skills taught in universities with those that the recruiters are looking for. Malware can be analyzed using three main types of tools and techniques: high-level profiling, static analysis, and dynamic analysis. These methods provide detailed information about the functionality and behavior of the binary executable. To determine the relevant courses taught in universities, three different set of universities were used which consisted of the NSA accredited colleges, top universities in computer science, and top cybersecurity colleges across the world. Based on the analysis, it can be observed that there are few universities that offer cybersecurity programs, among which very few offer a course in malware analysis. To shortlist the skills necessary for career opportunities in the field of malware analysis, a list of job descriptions from three employment-related social networking sites: LinkedIn, Indeed, and Glassdoor was collected. From the inventory of job postings, it can be noticed that most of the openings require experience with malware and reverse engineering tools. The dataset of university courses was compared and paralleled with the dataset of job descriptions using three analysis methods: LDAviz tool, a word cloud generator, and a pie chart model. Based on the study, it can be concluded that though there are very few universities that teach cyber security analysis as part of their curriculum, they are exceptionally doing well in meeting the current needs of the industry. The only exception is a lack of coverage of topics like threat analysis, incident response, and computer forensics. However, it would be h (open full item for complete abstract)

Committee: Michelle Cheatham Ph.D. (Advisor); Mateen Rizki Ph.D. (Committee Member); Yong Pei Ph.D. (Committee Member) Subjects: Computer Engineering; Computer Science; Curriculum Development; Educational Evaluation

Master of Science in Cyber Security (M.S.C.S.), Wright State University, 2017, Computer Science

According to Google, Android now runs on 1.4 billion devices. The growing popularity has attracted attackers to use Android as a platform to conduct malicious activities. To achieve these malicious activities some attacker choose to develop malicious Apps to steal information from the Android users. As the modern day smartphones process, a lot of sensitive information, information security, and privacy becoming a potential target for the attacker. The malicious Apps steal information from the infected phone and send this information to the attacker-controlled URLs using various Android sink functions. Therefore, it necessary to protect data as it can prove detrimental if sensitive data of the user gets leaked to the attacker. In this thesis research, we first discuss our static taint analysis framework used to track sensitive information flow from source to sink. We then study the relationship between the leaked data and URLs involved in the information leakage. The framework was tested on more than 2000 malicious samples to determine whether the samples leak information and the external URLs participating in the information leakage. The result shows that 30 percent of malware samples leak 24 unique Android sensitive information to around 330 suspicious URLs. We try to derive relations between the leaked data and the suspicious URLs to gain more intelligence on information security and privacy threat from information leaking malware samples. Finally, we conclude our research by discussing some various information leakage scenarios other than suspicious URLs. Our study raises awareness in both network security and information security domains where programmers fail to follow secure coding practices.

Committee: Junjie Zhang Ph.D. (Advisor); Adam Bryant Ph.D. (Committee Member); Yong Pei Ph.D. (Committee Member) Subjects: Computer Engineering; Computer Science; Engineering

MS, University of Cincinnati, 2016, Engineering and Applied Science: Computer Science

Malicious Cyber Adversaries may compromise the security of a system by denying access to legitimate users. This is often coupled with immeasurable loss of confidential data, which leads to hefty losses in both financial and trustworthiness aspects of a corporation. Malware exploits key vulnerabilities in applications presenting problems such as identity theft, unapproved software installations, etc. Abundance in malware detection and removal techniques in the ever evolving field of computers, presently exhibit a lower level of efficiency in detecting malicious softwares. Techniques available currently enable detection of softwares that are embedded with known signatures. No doubt these methods are efficient. However, most malware writers, aware of signature-based detection methods are working towards bypassing them. Machine learning based systems for malware classification and detection have been tested and proved to be more efficient than standard signature-based systems. A vital reason and justification providing a strong foothold for using machine learning techniques is that even unseen malware can be detected, thus eliminating malware detection failures and providing very high success rates. Our method uses efficient machine learning techniques for classification and detection of portable executable (PE) files of various malware classes commonly found in computers running Windows operating systems. For malicious files, computation of the distance between two files should yield an indication of their similarity. Using this as a basis, this thesis analyses the different approaches which can be employed for classifying malicious files using a method known as rank distance. This distance measure has been combined with a feature extraction method known as mutual information which analyses the opcodes n-gram sequences extracted from the PE files and segregates the most relevant opcodes from these. The most relevant opcodes, thus obtained, are used as features (open full item for complete abstract)

Committee: Anca Ralescu Ph.D. (Committee Chair); Chia Han Ph.D. (Committee Member); Dan Ralescu Ph.D. (Committee Member) Subjects: Computer Science

PhD, University of Cincinnati, 2024, Engineering and Applied Science: Computer Science and Engineering

This work explores the explainability of features used for classification of malicious binaries in machine learning systems based on semantic representations of data dependency graphs. This work demonstrates that explainable features can be used with comparable classification accuracy in real-time through non-parametric learning. This work defines operational semantics in terms of data dependency isomorphism, and quantifies the network structure of the graphs present in static features of binaries. This work shows that a bottom-up analysis holds across levels in the architectural hierarchy, and can be performed across system architectures. This work shows that semantic representations can be used for search and retrieval of malicious binaries based on their behavior. This work shows that unknown vulnerabilities can be predicted through descriptions of structure and semantics.

Committee: Anca Ralescu Ph.D. (Committee Chair); Kenneth Berman Ph.D. (Committee Member); Alina Campan Ph.D M.A B.A. (Committee Member); Boyang Wang Ph.D. (Committee Member); Dan Ralescu Ph.D. (Committee Member) Subjects: Artificial Intelligence

Doctor of Philosophy (Ph.D.), University of Dayton, 2024, Engineering

Anomaly detection is a common application of machine learning. Out-of-distribution (OOD) detection in particular is a semi-supervised anomaly detection technique where the detection method is trained only on the inlier (in-distribution) samples---unlike the fully supervised variant, the distribution of the outlier samples are never explicitly modeled in OOD detection tasks. In this work, we design a novel GAN-based OOD detection network specifically designed to protect a cyber-physical signal systems from novel Trojan malware called non-control data (NCD) attack that evades conventional malware detection techniques. Inspired in part by the classical locally most powerful (LMP) test in statistical inferences, the proposed LMP-GAN trains the OOD detector (discriminator) by generating OOD samples that are aimed at making maximal alteration to the inlier samples while evading detection. We experimentally compare the results to the state-of-the-art anomaly detection methods to demonstrate the benefits and the appropriateness of the LMP-GAN OOD detector.

Committee: Keigo Hirakawa (Committee Chair); Raul Ordóñez (Committee Member); Temesgen Kebede (Committee Member); David Kapp (Committee Member) Subjects: Computer Engineering; Electrical Engineering; Engineering

PhD, University of Cincinnati, 2024, Engineering and Applied Science: Computer Science and Engineering

The threat of malware is continuously evolving, with each newly designed system developed to detect and process new forms. Antivirus applications started with detecting malicious code via signatures, however, recently they started using Heuristics to detect and stop malware. The effectiveness of heuristics models depends on how representative are the used features, which are usually secondary features, that are sometimes not necessarily a reflection of a malicious code inside the program, thus, leaving a gap for false positives. Examples of such features are files accesses or system calls logs. Many examples can be listed of how successful bioinspired systems can be, given a well-studied biological system with principles that can be copied to solve a problem in a different field. With the discovery of CRISPR and the characterization of its proteins, this study takes inspiration from, specifically CRISPR, it to design a system to detect and process malware. In this work we built an analogy to map the different biological structural units to the matching structural units of a program. Based on it, we propose a model inspired by CRISPR targeting via PAMs, to target the promoters for the malicious functions of a malware. We used Triplet network, with CNN layers, to feed in the data in form of images. We believe that despite not having a fully functional model at this stage, due to the way we fed the data into the network and the current state of the feature extractor. The ideas presented in this work could be a starting point for a new way of looking at the problem of detection of malware and healing the infected files.

Committee: David Kapp PhD (Committee Member); Temesguen Messay Kebede Ph.D. (Committee Member); Boyang Wang Ph.D. (Committee Member); Kenneth Berman Ph.D. (Committee Member); Anca Ralescu Ph.D. (Committee Chair) Subjects: Computer Science

PhD, University of Cincinnati, 2023, Engineering and Applied Science: Computer Science and Engineering

The advent of sophisticated IT software tools has enabled attackers with the necessary capacity to develop dangerous metamorphic or polymorphic malware. And because of the mutability features of such malware, which is similar to a biological virus' mutation, they are capable of thwarting(or evading) the detection mechanism of conventional state-of-the-art detection methods and consequently infect system programs or files by injecting malicious code into them via a dynamic or static approach. The injected malicious code will cause the system to malfunction or crash while compromising invaluable vital data. Engineering techniques to curb malicious attacks have been an area of research interest in cybersecurity and malware analysis. After careful examination of the existing work in this domain, we observed that most of the state-of-the-art research work concentrates on the separate analysis of the behavior of benign and malware programs to obtain discriminating feature sets between them. We propose a novel approach, that is, to study the behaviors of non-malicious programs (.exe, .dll, etc.) when infected and not infected by malware and then compare those with the behavior of the malware itself. The overall goal of this dissertation is to represent our research work that aims at capturing those feature sets associated with these three distinct behavioral dynamics, analyzing and synthesizing them into DNA-like representations (data sets) akin to biological Deoxyribonucleic acid (DNA). Then engineer a detection and mitigation model that leverages the CRISPR defense concept to detect malicious behavior (especially those exploiting zero-day vulnerabilities via system PE files), mitigate these malicious activities, and finally recover (repair) files infected by malware via a brute-force(heuristic) and(or) machine learning approach(es).

Committee: Kenneth Berman Ph.D. (Committee Chair); Anca Ralescu Ph.D. (Committee Chair); Boyang Wang Ph.D. (Committee Member); Temesguen Messay Kebede Ph.D. (Committee Member); Dan Ralescu Ph.D. (Committee Member); David Kapp PhD (Committee Member) Subjects: Computer Science

Master of Science in Cyber Security (M.S.C.S.), Wright State University, 2023, Computer Science

Deploying Mandatory Access Controls (MAC) is a popular way to provide host protection against malware. Unfortunately, current implementations lack the flexibility to adapt to emergent malware threats and are known for being difficult to configure. A core tenet of MAC security systems is that the policies they are deployed with are immutable from the host while they are active. This work looks at deploying a MAC system that leverages using encrypted security tokens to allow for redeploying policy configurations in real-time without the need to stop a running process. This is instrumental in developing an adaptive framework for security systems with a Zero Trust based approach to process authentication. This work also develops Path-Safe, a MAC security system that focuses on protecting filesystem access from unauthorized processes and malware. We show that our security system can mitigate real-world malware threats with low overhead and high accuracy.

Committee: Junjie Zhang Ph.D. (Committee Chair); Lingwei Chen Ph.D. (Committee Member); Krishnaprasad Thirunarayan Ph.D. (Committee Member) Subjects: Computer Engineering; Computer Science; Information Systems; Information Technology

Master of Science in Electrical Engineering, Cleveland State University, 2023, Washkewicz College of Engineering

With cyberattacks becoming more frequent and targeted, small-medium businesses (SMBs) are forced to adopt a cybersecurity framework to help secure their cyberspace. While these frameworks are a good starting point for businesses and offer critical information on identifying, preventing, and responding to cyber incidents, they can be hard to navigate and implement. To help with this issue, we propose a comprehensive model of Knowledge, Skills, Ability, and Tasks (TKSA) from the National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity (NICE Framework) for three of the most frequent attack vectors: Phishing/Social Engineering, Malware, and Web-Based Attacks. SMBs can use the model as a guideline to assess, equip their existing workforce, or aid in hiring new employees. Additionally, educational institutions can use the model to develop scenario-based learning modules to equip the emerging cybersecurity workforce.

Committee: Chansu Yu (Advisor); Satish Kumar (Committee Member); Wenbing Zhao (Committee Member) Subjects: Computer Engineering; Computer Science; Electrical Engineering

Master of Science in Cyber Security (M.S.C.S.), Wright State University, 2023, Computer Science

Malware detection is a critical task in ensuring the security of computer systems. Due to a surge in malware and the malware program sophistication, machine learning methods have been developed to perform such a task with great success. To further learn structural semantics, Graph Neural Networks abbreviated as GNNs have emerged as a recent practice for malware detection by modeling the relationships between various components of a program as a graph, which deliver promising detection performance improvement. However, this line of research attends to individual programs while overlooking program interactions; also, these GNNs tend to perform feature aggregation from neighbors without considering any label information and significantly suffer from over-smoothing on node presentations. To address these issues, this thesis constructs a graph over program collection to capture the program relations and designs two enhanced graph convolutional network (GCN)architectures for malware detection. More specifically, the first proposed GCN model in-corporates label propagation into GCN to take advantage of label information for facilitating neighborhood aggregation, which is used to propagate labels from the labeled nodes to the unlabeled nodes; the second proposed GCN model introduces residual connections between the original node features and the node representations produced by GCN layer to enhance the flow of information through the network and address over-smoothing is-sue. The experimental results after substantial experiments show that the proposed models outperform the baseline GCN and classic machine learning methods for malware detection, which confirm their effectiveness in program representation learning using either label propagation or residual connections and malware detection using program graph. Furthermore, these models can be used for other graph-based tasks other than malware detection, demonstrating their versatility and promise.

Committee: Lingwei Chen Ph.D. (Advisor); Meilin Liu Ph.D. (Committee Member); Junjie Zhang Ph.D. (Committee Member) Subjects: Computer Science; Information Science

Master of Science, Miami University, 2023, Computer Science and Software Engineering

A botnet is an army of zombified computers infected with malware and controlled by malicious actors to carry out tasks such as Distributed Denial of Service (DDoS) attacks. Billions of Internet of Things (IoT) devices are primarily targeted to be infected as bots since they are configured with weak credentials or contain common vulnerabilities. Detecting botnet propagation by monitoring the network traffic is difficult as they easily blend in with regular network traffic. The traditional machine learning (ML) based Intrusion Detection System (IDS) requires the raw data to be captured and sent to the ML processor to detect intrusion. In this research, we examine the viability of a cross-device federated intrusion detection mechanism where each device runs the ML model on its data and updates the model weights to the central coordinator. This mechanism ensures the client's data is not shared with any third party, terminating privacy leakage. The model examines each data packet separately and predicts anomalies. We evaluate our proposed mechanism on a real botnet propagation dataset called MedBIoT. In addition, we also examined whether any device taking part in federated learning can employ a poisoning attack on the overall system.

Committee: Suman Bhunia (Advisor); Khodakhast Bibak (Committee Member); Daniela Inclezan (Committee Member) Subjects: Computer Science

Doctor of Philosophy, University of Toledo, 2022, Engineering

The rapid growth of Android and its worldwide popularity in the smartphone market has made it an easy and accessible target for malware. In the past years, the Android operating system (AOS) has been updated several times to fix various vulnerabilities and to provide new and improved features to its users. Unfortunately, malware apps are also upgraded and made to adapt to this evolution. The ever-increasing number of native AOS permissions and developers' ability to create custom permissions provide plenty of options to gain control over devices and private data. Popular previous works on malware detection used apps collected during 2010-2012 to propose malware detection and classification methods. A majority of permissions in the datasets used in said works are not as widely used or do not exist anymore in modern apps. Therefore, newly created permissions could be of great importance in detecting current malware. Moreover, several novice smartphone users can easily be tricked into downloading apps from third-party app stores or websites. Several users visit such app stores to download paid apps for free. This poses a threat to them, as some of these apps could be laced with malicious code, capable of harming the device, or the user's privacy. Attackers target small websites by posting links to their malicious apps, or target their users through ads where they find a decent number of daily visitors. One of the key reasons as to why attackers are successful in stealing data and infecting devices with malware is the lack of knowledge about the presence of malicious apps all over the internet. People cannot be prevented from accessing such websites, but they can be educated and informed about the use of apps, what permissions do certain apps request for, and how those permissions can prove crucial in preventing loss of privacy or even a malware attack. Users interact with apps to accomplish a certain task. To provide the correct response to the user, the app int (open full item for complete abstract)

Committee: Ahmad Javaid (Committee Chair); Mohammad Niamat (Committee Member); Quamar Niyaz (Committee Member); Weiqing Sun (Committee Member); Vijay Devabhaktuni (Committee Member); Junghwan Kim (Committee Member) Subjects: Computer Science; Technology

MS, University of Cincinnati, 2022, Engineering and Applied Science: Computer Engineering

Neural Network architectures, especially CNN is being increasing used to detect malwares. Some architectures use the characteristics found in a binary file to classify whether it is a malware, whereas other architectures can identify malicious features by reading the PE file. The advantage of architectures that use the raw bytes of the PE file is that feature engineering process is skipped. Despite the robust nature of their models against attacks, they are not being thoroughly studied. This could allow attackers to take advantage of their classification model weaknesses. Due to the nature of the input semantics, most of the attacks that are commonly used to cause misidentification in test-time instances are not applicable to image classification software. This Thesis aims to explore different ways to creating adversarial examples for malware detection. An existing model will be trained to detect malware using the raw bytes, and adversarial examples will be created using different algorithms to highlight the architectural weaknesses that may facilitate new attack and compare different attack strategies. Also, defenses against these attacks will be created, which will detect all the adversarial examples created using the algorithms used in this paper, to make the model more robust

Committee: Boyang Wang Ph.D. (Committee Member); Tingting Yu Ph.D. (Committee Member); Seokki Lee Ph.D. (Committee Member) Subjects: Computer Engineering

PhD, University of Cincinnati, 2022, Engineering and Applied Science: Computer Science and Engineering

Artificial intelligence (AI), such as deep learning (DL) models, has emerged as a powerful and effective technique that can be applied to a variety of complex learning problems that were previously challenging to address using conventional techniques. However, a deliberately crafted input, such as adversarial example (AE) that may imperceptible to the human eye, could compel AI-driven models to classify it into an incorrect class. By utilizing the weakness to undermine AI-driven models, various adversarial attacks have been proposed in recent years. Applying those models to cybersecurity-related applications comes with a number of critical risks, one of the major one is their vulnerability to adversarial examples. Therefore, it is crucial to carry out a comprehensive research to investigate the impact that AEs imposed on cybersecurity in different real-word scenarios, to defend real-world adversarial example attacks, and to improve the robustness of AI-driven models against these AEs. Firstly, I investigate real-world adversarial examples in website fingerprinting (WF) domain. The objective here is to build an effective defense can successfully mitigate the privacy leakage against website fingerprinting while introduce a relatively lower bandwidth overhead. The key idea of the defense is to obfuscate encrypted network traffic traces by leveraging AEs. To be more precise, I first develop a generic obfuscate framework that can easily scale with existing AEs generation algorithms given several constrains in obfuscating encrypted network traffic traces. Then, I propose an effective WF defense that obfuscates encrypted network traffic traces with minimum perturbations to mitigate WF attacks. In the end, I evaluate the performance of our proposed defense with comprehensive experiments in both closed-world and open-world settings. Moreover, I also compare our defense with other state-of-the-art defenses. Secondly, I investigate the impact of real-world adver (open full item for complete abstract)

Committee: Boyang Wang (Committee Member); Rui Dai Ph.D. (Committee Member); Wenhai Sun Ph.D. (Committee Member); Nan Niu Ph.D. (Committee Member); Seokki Lee Ph.D. (Committee Member) Subjects: Artificial Intelligence

MS, University of Cincinnati, 2022, Engineering and Applied Science: Computer Science

Google's BERT (Bidirectional Encoder Representations from Transformers) algorithm is a neural network based method for processing natural language. In this exploratory study we have used API call sequences to generate a language for use with BERT to perform malware classification with Support Vector Machines. Detecting malware using sequences of API calls has been shown to be a promising area for malware detection, especially when used in conjunction with other features such as opcodes and system calls. The increase in detection accuracy and efficiency achieved through the use of BERT is a desired outcome as malware authors develop more sophisticated techniques for obfuscating their behavior. We have used an open-source dataset that contains sequences of API calls from both known malware and from non-malware and have performed analysis using Support Vector Machines (SVM) for classification, a common method used in previous work on detecting malicious API-based attacks, while using BERT as a preprocessor.

Committee: Carla Purdy Ph.D. (Committee Member); Anca Ralescu Ph.D. (Committee Member); John Gallagher Ph.D. (Committee Member) Subjects: Computer Science

MS, University of Cincinnati, 2021, Education, Criminal Justice, and Human Services: Information Technology

Providing security to the data in Healthcare organizations is considered the topmost priority compared to any other field. After digitizing the patient's records in the medical field, the healthcare/medical field has become a victim of several internal and external cyber-attacks. Data breaches in the healthcare industry is rising exponentially. Despite having security standards such as Health Insurance Portability and Accountability Act (HIPAA), ISO 27001, NIST CSF, data breaches still happen regularly. Despite the fact that there are various types of data breaches happening, they appear to have the same negative impact on healthcare information, particularly on patients' privacy. The main objective of this research is to analyze why healthcare data breaches occur and the impact of these breaches. This research includes the best security standards/techniques to be followed to minimize the attacks and provide additional security to sensitive data.

Committee: Nelly Elsayed Ph.D. (Committee Chair); M. Murat Ozer (Committee Member); Zaghloul Elsayed Ph.D. (Committee Member) Subjects: Computer Science