Recent Submissions

  • A Methodology For Intelligent Honeypot Deployment And Active Engagement Of Attackers

    Hecker, Christopher R.; Nance, Kara; Hay, Brian (2012)
    The internet has brought about tremendous changes in the way we see the world, allowing us to communicate at the speed of light, and dramatically changing the face of business forever. Organizations are able to share their business strategies and sensitive or proprietary information across the globe in order to create a sense of cohesiveness. This ability to share information across the vastness of the internet also allows attackers to exploit these different avenues to steal intellectual property or gather information vital to the national security of an entire nation. As technology advances to include more devices accessing an organization's network and as more business is handled via the internet, attackers' opportunities increase daily. Honeypots were created in response to this cyber warfare. Honeypots provide a technique to gather information about attackers performing reconnaissance on a network or device without the voluminous logs obtained by the majority of intrusion detection systems. This research effort provides a methodology to dynamically generate context-appropriate honeynets. Administrators are able to modify the system to conform to the target environment and gather the information passively or through increasing degrees of active scanning. The information obtained during the process of scanning the environment aids the administrator in creating a network topology and understanding the flux of devices in the network. This research continues the effort to defend an organization's networks against the onslaught of attackers.
  • TEST College of Engineering & Mines 9/25/17

    CHISUM (2017-09)
    TEST College of Engineering & Mines 9/25/17
  • On the detection of virtual machine introspection from inside a guest virtual machine

    Marken, Brandon Ashlee; Lawlor, Orion; Price, Channon; Barry, Ronald; Hartman, Christopher; Genetti, Jon (2015-12)
    With the increased prevalence of virtualization in the modern computing environment, the security of that technology becomes of paramount importance. Virtual Machine Introspection (VMI) is one of the technologies that has emerged to provide security for virtual environments by examining and then interpreting the state of an active Virtual Machine (VM). VMI has seen use in systems administration, digital forensics, intrusion detection, and honeypots. As with any technology, VMI has both productive uses as well as harmful uses. The research presented in this dissertation aims to enable a guest VM to determine if it is under examination by an external VMI agent. To determine if a VM is under examination a series of statistical analyses are performed on timing data generated by the guest itself.
  • A sensitivity analysis of a biological module discovery pipeline

    Long, James; Roth, Mitchell; Rhodes, John; Marr, Thomas; Hartman, Chris (2015-05)
    Gene expression is the term applied to the combination of transcription, the process of copying information stored in DNA (deoxyribonucleic acid) into a transcript, and translation, the process of reading a transcript in order to manufacture a cellular product. Cellular products are typically proteins, which can combine either structurally or in concert to accomplish one or more tasks. Cooperating protein combinations are called modules, and it is thought that groups of transcripts with high correlation between their respective concentrations may indicate such modules. An open-source version of the CODENSE algorithm was developed with improved correlation methods to computationally test this hypothesis on an artificial transcription network containing a known module motif. The artificial network was used as input to a biochemical simulator in order to obtain synthetic transcription data, which was then fed to the pipeline whose purpose it is to discover modules in such data. Any discovered modules are compared to the known modules in the original network during a sensitivity analysis, where the process is repeated thousands of times with slightly varied parameters for each run. This process quantifies the sensitivity of pipeline output to each parameter of the pipeline, the most sensitive of which suggest what parts of the pipeline may be candidates for further refinement. The sensitivity analysis was then extended to include variation of biological network parameters, and noisy data. Lessons learned were then extended to the case of two known modules.
  • An investigation of digital forensic concepts in an international environment: the U.S., South Africa, and Namibia

    Phillips, Amelia; Nance, Kara; Bhatt, Uma; Hay, Brian; Genetti, Jon; Blurton, David (2013-08)
    Digital forensic investigations are growing in number not only in the United States but in nations around the world. The activities of multinational corporations and cybercrime cross jurisdictional boundaries on a daily basis. This investigation sets out to perform a qualitative analysis of the requirements needed for acceptance of digital evidence in multiple jurisdictions and the qualifications of digital forensic examiners by focusing on three case studies. The countries chosen are the United States, South Africa and Namibia. The research lays the foundation by examining existing international laws and treaties, and then uses the three case studies to address constitutional issues, civil and criminal law as they pertain to digital evidence. By ascertaining where the similarities and differences lie, a grounded theory approach is used to provide digital forensic examiners, legal staff and investigators a basis that can be used to approach digital cases that come from or must be presented in foreign jurisdictions. As more countries struggle to establish their digital laws regarding investigations, the resulting approach will serve as a guide and reference.
  • Human social dynamics multi agent system

    Nudson, Oralee N.; Nance, Kara; Hay, Brian; Newman, David (2009-05)
    Current political and economic events are placing an emphasis on energy production and consumption more than ever before. This leads to the necessity for continued research with power distribution systems and factors influencing system operation. The Human Social Dynamics Multi Agent System (HSDMAS) is a project contributing to the study of power distribution networks. By examining power failures as a string of related events while incorporating intelligent learning agents representing human factors, the HSDMAS takes a unique approach towards the understanding and prevention of large scale power failures by coupling a probabilistic model of load-dependent cascading failure, CASCADE, with a dynamic power systems model, OPA. The HSDMAS project focuses on improving and optimizing the performance of the CASCADE and OPA models individually, then develops an interactive multi- layer, multi-agent system modeling power transmission and human factors represented by utility optimization.