Search Results (1 - 8 of 8 Results)

Sort By  
Sort Dir
 
Results per page  

Imbulgoda Liyangahawatte, Gihan Janith MendisHardware Implementation and Applications of Deep Belief Networks
Master of Science in Engineering, University of Akron, 2016, Electrical Engineering
Deep learning is a subset of machine learning that contributes widely to the contemporary success of artificial intelligence. The essential idea of deep learning is to process complex data by abstracting hierarchical features via deep neural network structure. As one type of deep learning technique, deep belief network (DBN) has been widely used in various application fields. This thesis proposes an approximation based hardware realization of DBNs that requires low hardware complexity. This thesis also explores a set of novel applications of the DBN-based classifier that will benefit from a fast implementation of DBN. In my work, I have explored the application of DBN in the fields of automatic modulation classification method for cognitive radio, Doppler radar sensor for detection and classification of micro unmanned aerial systems, cyber security applications to detect false data injection (FDI) attacks and localize flooding attacks, and applications in social networking for prediction of link properties. The work in this thesis paves the way for further investigation and realization of deep learning techniques to address critical issues in various novel application fields.

Committee:

Jin Wei (Advisor); Arjuna Madanayaka (Committee Co-Chair); Subramaniya Hariharan (Committee Member)

Subjects:

Artificial Intelligence; Computer Engineering; Electrical Engineering; Engineering; Experiments; Information Technology

Keywords:

deep belief networks; multiplierless digital architecture; Xilinx FPGA implementations; low-complexity; applications of deep belief networks; spectral correlation function; modulation classification; drone detection; doppler radar; cyber security

Garcia, Michael ErikThe Economics of Data Breach: Asymmetric Information and Policy Interventions
Doctor of Philosophy, The Ohio State University, 2013, Agricultural, Environmental and Developmental Economics
Large public and private costs result from attacks on firms’ information technology networks. Successful attacks result in data breaches with private damages from business interruption, reputation, and investigation forensics. Social losses result from exposing individuals’ personal information, leading to state, national, and international policymakers enacting legislation to manage these costs. Inadequate economic modeling exists to analyze this phenomenon, despite the large economic impact of cyberspace, e-commerce, and social networking. This research advances information security economics by deviating from a firm-level model to focus on the social welfare implications of firm and regulator decisions. I comprehensively review the economic and policy environment and develop the first rigorous economic model of regulatory approaches to data breach. I develop a one-period model of information security and analyze the efficacy of regulatory interventions in the face of asymmetric information. The model builds upon existing models of firm and firm-consumer information security investment and draws analogy between information security and managing asymmetric information in the biosecurity and livestock disease literature. I analyze firm and social planner incentives in a non-regulatory environment and three regulatory environments. Without regulation, the firm underinvests in network and data protection relative to the social optimum. In the first regime, the regulator must expend a fixed cost to observe social losses and overcome the firm’s moral hazard. The interaction between network and data protection permits the regulator to induce optimal behavior in two investment decisions with a single regulatory instrument. With sufficiently low regulatory costs, this result is socially preferred. In the second regulatory regime, the regulator must expend the same fixed cost for imperfect observation of social losses and administer a program requiring that the firm report breaches. The regulator can induce reporting with a sufficiently large fine for non-reporting, even with imperfect breach monitoring. In this regime, a disclosure investigation cost distorts the firm’s investment incentives in a manner inconsistent with social objectives, resulting in increased network protection at the expense of data protection. With a sufficiently high disclosure investigation cost, the firm will invest less in data protection than it would in lieu of regulation. The final regime introduces a data protection technology that mitigates social loss and some private damages. The regulator expends the same fixed cost for imperfect observation of social losses and requires disclosure only if the firm does not invest in the safe harbor technology. Except when very costly, this safe harbor technology allows the regulator to induce optimal investment and lower the firm’s regulatory burden. The safe harbor technology results in welfare gains except when the technology is very costly, at which point the firm may exit, or the safe harbor regime defaults to the distorted incentives of the disclosure policy. This research advances economic modeling in the relatively undeveloped field of information security economics. As policy aspects of information security become more developed, policymakers will require better tools to analyze policy impacts on both the firm’s wealth and on social welfare. This research provides a step toward those improved tools.

Committee:

Brian Roe, Ph.D. (Advisor); Sathya Gopalakrishnan, Ph.D. (Committee Member); Ian Sheldon, Ph.D. (Committee Member)

Subjects:

Economics; Information Technology

Keywords:

cybersecurity; cyber security; data breach; economics; data breach notification; information security; information security economics

Javaid, Ahmad YazdanCyber Security Threat Analysis and Attack Simulation for Unmanned Aerial Vehicle Network
Doctor of Philosophy, University of Toledo, 2015, Engineering
Use of unmanned systems in various tasks has increased exponentially in the recent past. These systems enable users to complete vital missions efficiently, without risking human lives. Nonetheless, these systems pose a threat to the general population if the operational cyber security is not handled. Especially, the armed unmanned aerial vehicle systems (UAVS), which can cause catastrophic damage to life and property. It is important to know the risk and understand the impact of various possible attacks on the overall UAVS. Clearly, the most economical way to achieve this is to simulate operational scenarios of UAVS before actual deployment. In this dissertation, we propose methods to assess various threats, develop threat models, evaluate risk and impact of attacks. We finally use these methods to develop a simulation testbed environment for Unmanned Aerial Vehicle Networks (UAVNet) cyber security analysis. The testbed was designed to be open source to enhance the usability and audience reach. We also demonstrated the use of this testbed in academia for any related research or student learning and consequently, a performance evaluation of the testbed for use in generic computing environment was carried out. Based on the experiments performed for various communication denied scenarios, we evaluate the impact of various attacks against UAVNet from the communication perspective and report the results to demonstrate the necessity and usefulness of the simulation testbed. Implemented attacks include Distributed Denial of Service (DDoS), Jamming, GPS Jamming and GPS Spoofing. Additional implementation of an anti-spoofing technique for GPS spoofing was further done to indicate the usefulness of testbed and flexibility to develop attacks as well as their detection and mitigation measures.

Committee:

Weiqing Sun, Ph.D. (Committee Chair); Mansoor Alam, Ph.D. (Committee Co-Chair); Vijay Devabhaktuni, Ph.D. (Committee Member); Robert Green, Ph.D. (Committee Member); Hong Wang, Ph.D. (Committee Member)

Subjects:

Computer Engineering

Keywords:

Cyber-Security; Attack simulation; Simulation testbed development; Unmanned aerial network

Hou, ChengjunDynamic Programming under Parametric Uncertainty with Applications in Cyber Security and Project Management
Doctor of Philosophy, The Ohio State University, 2015, Industrial and Systems Engineering
The trustworthiness of models and optimization is limited because the associated systems might be changing and data about them can be limited, i.e., there is "parametric" uncertainty. This dissertation provides applications and theory related to mitigating the effects of changing systems and data limitations in optimal decision-making. The primary application considered relates to reducing the maintenance costs associated with cyber security. By selecting optimal policies addressing data limitations, losses from stolen information and maintenance costs can be balanced. The approximated expected savings from implementing the suggested policies at a large Midwestern organization is over $14M with a discount factor of 0.95 monthly. The dissertation also integrates data and dynamic programming models for project management decision-making that accounts for coordination and planning costs. This facilitates more accurate schedules with significant cost savings. Insights are provided into the choice between traditional planning methods and agile project management methods that reduce planning complexity. In many situations, we find that the so-called optimal approaches are suboptimal because they fail to address sizable coordination and planning costs. Two types of parametric uncertainty are explored here, each of which results in fundamentally different formulations and solution schemes. The first type of uncertainty considered relates to system parameters fluctuating over time randomly. The related models differ from ordinary inhomogeneous approaches because the specific parameters are not known and are assumed to fluctuate with known distributions. Associated decision problems are referred to as "Markov decision processes with random inhomogeneity" and proposed optimal solutions methods. Proof is given that the solution produced by backward induction is optimal for the finite horizon problems, and that the value-iteration-based algorithm gives solutions converging to the infinite horizon solutions, together with results regarding monotonicity property and rate of the convergence. The second type of parametric uncertainty is caused by insufficient data for parameter estimation, i.e., "data-driven" uncertainty. Previous researchers studying data-driven Markov decision processes declare the problem is intractable. Therefore, they propose approximation methods. We prove that their methods can approximate suboptimal solutions by a numerical example. We also provide a dynamic programming algorithm to generate data-driven optimal policies with learning. We do this by demonstrating that the problem is equivalent to partially observable Markov decision processes. Further, by exploiting the structure of the problem and bounds assuming perfect information, we develop a bounding heuristic method for the infinite horizon problems.

Committee:

Theodore Allen (Advisor); Nicholas Hall (Committee Member); Gagan Agrawal (Committee Member)

Subjects:

Industrial Engineering; Operations Research

Keywords:

Cyber security; Dynamic programming; Markov decision processes; Parametric uncertainty; Project management

Roychowdhury, SayakData-Driven Policies for Manufacturing Systems and Cyber Vulnerability Maintenance
Doctor of Philosophy, The Ohio State University, 2017, Industrial and Systems Engineering
This research explores deterministic and stochastic policies to help organizations make data-driven optimal decisions. The two major application areas identified in this research are manufacturing and cyber security. In a recent report published by McKinsey Analytics, the manufacturing industry uses only 20%-30% of the potential of data analytics. This suggests that there are still plenty of opportunities to use analytics in manufacturing processes. In the first part of my research, I formulate an Integer Programming model for the “stamping” process in automotive manufacturing. I develop a production scheduling method for automotive stamping to maintain optimal inventory positions. In stamping, different types of parts are scheduled for processing in the press, which requires different die-sets to be mounted on the press. This has all the elements of conventional scheduling problems with tardiness objectives and setup costs. Yet, it also has capacity constraints and part production constraints. We show that these constraints make solution with branch and bound difficult for problem sizes of interest. In this research, I use the structure of the scheduling problem and implemented heuristic methods like Genetic Algorithm alongside Earliest Due-date (EDD) rules to prioritize production of parts with low inventory as well as minimize the number of die-set changeovers. I call this new method Genetic Algorithm with Generalized Earliest Due-date (GAGEDD). I illustrate the computational advantages compared with alternatives and show its benefits using data from a real life automotive stamping press scheduling problem to build a decision support tool for the schedulers. The second part of this research is motivated towards improving cyber vulnerability maintenance policies under uncertainty. A conservative estimate by McAfee in 2014 puts annual cost of cybercrime at US$375B. This is an important contemporary issue where role of data analytics and optimization have a lot to offer. Here I implement stochastic optimization procedures for cybersecurity applications, where learning is incorporated to account for future rewards. First, I formulate a Partially Observable Markov Decision Process (POMDP) model to derive policies for cases when the state of compromise of a host is uncertain. This method assumes there is no parametric uncertainty. Next, I implement Bayes Adaptive Markov Decision Process model (BAMDP) on a dataset obtained from the cyber logs of an organization using finite numbers of model scenarios. Earlier BAMDP formulations use infinite model scenarios. I also describe the benefits of using finite scenarios including the ability to solve the problem optimally as a POMDP. The resulting BAMDP formulation accounts for the parametric uncertainty caused by the lack of data for certain events. I use a point based value iteration method known as PERSEUS to solve both of these problems to generate a-vectors, that can be used to design optimal policies based on the belief-state of the system. Another benefit of using finite numbers of model scenarios relates to decision making for multiple identical systems, e.g., a “fleet” of identical Linux computer hosts. The issue of identical systems in machine learning has apparently received little attention despite the widespread relevance in data analytics. I propose a method for solving multiple identical system policy problems. The proposed method is based on a relatively large POMDP formulation with methods to compute the relevant transition, expected reward, and observation methods being provided. Then, I explore additional advantages of finite model scenario BAMDPs relating to the ability to incorporate reward-based or other learning in intuitive ways. Also, the speed of learning and the concept of “fast learning” and average learning time are proposed and explored computationally. In concluding, I offer suggestions about how this research can be extended to build more powerful models with faster learning capabilities to help decision makers.

Committee:

Theodore T. Allen, PhD (Advisor); Cathy H. Xia, PhD (Committee Member); Gagan Agrawal, PhD (Committee Member)

Subjects:

Industrial Engineering; Operations Research

Keywords:

Operations Research; Scheduling ; Automotive Manufacturing; Stamping; Genetic Algorithm ; Partially Observable Markov Decision Process ; Bayesian Adaptive Markov Decision Process; Cyber security; Cyber vulnerability maintenance;

Rubin, WillaWaging Wars in Cyberspace: How International Law On Aggression And Self-Defense Falls Short Of Addressing Cyber Warfare. Could Iran Legally Retaliate For The Stuxnet Attack?
BA, Oberlin College, 2016, Politics
The technical capabilities of the Stuxnet worms-launched by the US and Israel against Iran's nuclear facility-prove that the operation could be considered an act of aggression, as defined in the Rome Statute. Further, this paper asserts that Article 51 of the UN Charter is insufficient to addressing malignant cyber operations. The paper is organized as following: 1) Introduction, 2) Research Limitations, 3) Context: International Relations Theory and Types of International Law, 4) Understanding “Cyber” Within The Scope Of This Paper, 5) The Stuxnet Operation, 6) Historical and Legal Roots of “Aggression” and “Self-Defense”, 7) Stuxnet as an act of aggression, 8) Why Iran Cannot Legally Retaliate, 9) Conclusion, 10) Bibliography. I draw my analysis from ICJ cases, the UN Charter and other foundational documents, technical analyses of the Stuxnet operation, and other historical and political books and articles.

Committee:

Benjamin N. Schiff (Committee Member); Eve Nan Sandberg (Committee Member)

Subjects:

International Law; International Relations; Law; Legal Studies; Political Science

Keywords:

cyber;cyber security;cyber warfare;cyber crime;cyber;cyber attack;cyber operation;stuxnet;article 51;un;un charter;jus ad bellum;jus in bello;international law;rome statute;aggression;self-defense;international court of justice;icj;

Jahan, FarhaImplementation of GNSS/GPS Navigation and its Attacks in UAVSim Testbed
Master of Science, University of Toledo, 2015, Engineering (Computer Science)
Unmanned systems or remotely piloted vehicles can easily accomplish tasks where human lives would be at risk. These systems are being deployed in areas which would be time-consuming, expensive and inconclusive if done by human intervention. Air, ground and underwater vehicles are three major classes of unmanned systems based on their operational environment. Clearly, in terms of causing damage, unmanned aerial vehicles (UAVs) are most efficient and have been known to change the course of several recent wars. If security of these systems is compromised, it will pose a serious threat to human lives as well as the nation. Therefore, it is important to analyze various possible attacks that can be attempted on these systems. Federal Aviation Administration (FAA) has limited the use of UAVs to 400 feet or below in the US National Airspace (NAS), primarily, due to the threat to the general population. This makes real world testing difficult in an academic setup. The best solution to this problem is to have a simulation based environment where different operational scenarios, related cyber-attacks, and their impacts on UAVs can be easily studied. Software based simulators are very economical to test different features of a UAV in terms of various defense mechanisms against cyber-attacks. In this thesis, we enhance UAVSim, a simulation test-bed for UAV Network cyber-security analysis, to include the Global Navigation Satellite System (GNSS), or more specifically, the Global Positioning System (GPS). The testbed allows users to perform security experiments by adjusting different parameters of the satellites and UAVs. It also allows implementation of different attacks in attack hosts. In addition, each UAV host works on well-defined mobility framework, radio propagation models, etc., resembling real-world operational scenarios.

Committee:

Weiqing Sun, Dr. (Advisor); Mansoor Alam, Dr. (Committee Co-Chair); Hong Wang, Dr. (Committee Member)

Subjects:

Computer Engineering

Keywords:

UAVs; UAVSim; GPS-GNSS Implementation; cyber-security; OMNET; CNIOS3; GPS Spoofing

Branlat, MatthieuChallenges to Adversarial Interplay Under High Uncertainty: Staged-World Study of a Cyber Security Event
Doctor of Philosophy, The Ohio State University, 2011, Industrial and Systems Engineering
The vulnerability of critical and valued digital infrastructures and the difficulty of defending networks against attacks are a growing concern throughout domains. While numerous efforts exist to improve cyber defense through technological advances, human-centered research to uncover and address the difficulties experienced by network defenders is recent and still limited. Moreover, understanding cyber security, a fundamentally adversarial domain, requires investigations of the interrelated defense and attack processes, but such studies are rare. The dissertation presents results from a staged-world study of an adversarial cyber security exercise. This daylong exercise involved forty participants divided into an outside attacking team and a defending team operating in a simulated production environment. The first objective is to identify critical skills and forms of expertise of cyber security as a domain of practice. Designed by cyber security experts, the exercise allowed for the investigation of core dimensions of cyber events, which have seen limited empirical study in past work on cyber defense: (1) decision-making in cyber defense; (2) network security within larger production structures and processes; (3) decision-making in cyber attack; and (4) interplay of attack and defense. The second objective of the research is to discuss the approach designed and implemented in order to capture and analyze the cyber event observed. Challenges result especially from the scale of the processes to be tracked (attack and defense; number of participants; distribution of participants in teams, roles and space; duration of the exercise). The study we conducted aimed at exploring the domain of cyber security with an emphasis on the methodological dimensions of such investigation. Given the partially novel character of the research, a critical account of choices made, successes and pitfalls experienced aims at informing future advancements in the domain. The third objective is to connect this study of the particular domain of cyber security to other studies of work in real-world situations. Relevant theoretical frameworks include: decision-making under uncertainty, distributed anomaly response, joint activity, perception of intent, and more generally Resilience Engineering. Making this link allows for the discussion of potential directions to improve cyber defense, as well as to further develop these theoretical frameworks. Cyber security, because of its nature and the typical challenges associated, constitutes a rich environment for such purposes.

Committee:

David D. Woods, PhD (Advisor); Philip J. Smith, PhD (Committee Member); Anish Arora, PhD (Committee Member)

Keywords:

cognitive systems engineering; resilience engineering; cyber security; adversarial event; staged-world study; decision-making; cyber defense; cyber attack; observational study