Browsing by Subject "cybersecurity"
Now showing 1 - 20 of 24
Results Per Page
Sort Options
Item A QUANTUM ALGORITHM TO LOCATE UNKNOWN HASHES FOR KNOWN N-GRAMS WITHIN A LARGE MALWARE CORPUS(2020-01-01) Allgood, Nichola; Nicholas, Charles K; Computer Science and Electrical Engineering; Computer ScienceQuantum computing has evolved quickly in recent years and is showing significant benefits in many fields. Malware analysis is one of those fields that could also take advantage of quantum computing. Combining software used to locate the most frequent hashes and $n$-grams between benign and malicious software (KiloGram)\cite{Kilograms_2019} with a quantum search algorithm, this could prove to have an improvement by being able to load the table of hashes and $n$-grams into a quantum computer to look up an unknown hash for a known $n$-gram. The first phase will be to classically use KiloGram\cite{Kilograms_2019} to find the top-$k$ hashes and $n$-grams for a large malware corpus. The resulting table is loaded into a quantum machine. A quantum search algorithm is used to search among every permutation of the entangled key and value pairs to find the unknown hash. This prevents the re-computation of hashes for a set of $n$-grams which can take on average $O(MN)$ time where the quantum algorithm could take $O(\sqrt{N})$ number of table lookups to find the unknown hash.Item Applied Machine Learning for Information Security(ACM, 2024-03-11) Samtani, Sagar; Raff, Edward; Anderson, HyrumInformation security has undoubtedly become a critical aspect of modern cybersecurity practices. Over the last half-decade, numerous academic and industry groups have sought to develop machine learning, deep learning, and other areas of artificial intelligence-enabled analytics into information security practices. The Conference on Applied Machine Learning (CAMLIS) is an emerging venue that seeks to gather researchers and practitioners to discuss applied and fundamental research on machine learning for information security applications. In 2021, CAMLIS partnered with ACM Digital Threats: Research and Practice (DTRAP) to provide opportunities for authors of accepted CAMLIS papers to submit their research for consideration into ACM DTRAP via a Special Issue on Applied Machine Learning for Information Security. This editorial summarizes the results of this Special Issue.Item “Citizens Too”: Safety Setting Collaboration Among Older Adults with Memory Concerns(ACM SIGCHI, 2022-04-03) McDonald, Nora; Mentis, HelenaDesigning technologies that support the cybersecurity of older adults with memory concerns involves wrestling with an uncomfortable paradox between surveillance and independence and the close collaboration of couples. This research captures the interactions between older adult couples where one or both have memory concerns—a primary feature of cognitive decline—as they make decisions on how to safeguard their online activities using a Safety Setting probe we designed, and over the course of several informal interviews and a diary study. Throughout, couples demonstrated a collaborative mentality to which we apply a frame of citizenship in opensource collaboration, specifically (a) histories of participation, (b) lower barriers to participation, and (c) maintaining ongoing contribution. In this metaphor of collaborative enterprise, one partner (or member of the couple) may be the service provider and the other may be the participant, but at varying moments, they may switch roles while still maintaining a collaborative focus on preserving shared assets and freedom on the internet. We conclude with a discussion of what this service provider-contributor mentality means for empowerment through citizenship, and implications for vulnerable populations’ cybersecurity.Item A Collaborative Approach to Situational Awareness for CyberSecurity(IEEE, 2012-10-14) Mathews, M. Lisa; Halvorsen, Paul; Joshi, Anupam; Finin, TimTraditional intrusion detection and prevention systems have well known limitations that decrease their utility against many kinds of attacks. Creating a new system that collaboratively combines information from traditional and nontraditional sensors to produce new, relevant signatures is one way to deal with these limitations. In this paper, we present a framework that uses this collaborative approach, as well as the details for a network traffic based classifier that shows promise for detecting malicious traffic.Item Creating Cybersecurity Knowledge Graphs from Malware After Action Reports(2020-10-6) Piplai, Aritran; Mittal, Sudip; Joshi, Anupam; Finin, Tim; Holt, James; Zak, RichardAfter Action Reports provide incisive analysis of cyber-incidents. Extracting cyber-knowledge from these sources would provide security analysts with credible information, which they can use to detect, or find patterns indicative of, a future cyber-attack. It is not possible for a security analyst to read and garner relevant information from a large number of after action reports and similar textual documents that detail an attack. An automated pipeline that extracts from text sources, represents this in a knowledge graph and reasons over it, could help them to analyze cyber-attacks of the future. In this paper, we describe a system to extract information from After Action Reports, which are published by established security corporations, and represent that in a Cybersecurity Knowledge Graph (CKG). We also show how these can also incorporate information from semi structured sources such as STIX. They can also help security analysts execute queries that involve inferences, and retrieve information required to detect a future attack. We extract entities by building a customized named entity recognizer called `Malware Entity Extractor' (MEE). We then build a neural network to predict how pairs of `malware entities' are related to each other. Once, we have predicted entity pairs and the relationship between them, we assert the `entity-relationship set' into a cybersecurity knowledge graph. In this process, each individual source of information (i.e. after action report) would lead to its own graph. Our next step in the process is to fuse the graph on common entities where possible, to create a single graph which represented knowledge in multiple documents. The cybersecurity knowledge graph can be populated from one After Action Report, and can also be fused with another knowledge graph about a similar cyber-attack, or an After Action Reports describing attributes of a similar malware. We show how this knowledge can be used to answer analyst queries that are not possible to be answered from a single source.Item Cyber-All-Intel: An AI for Security related Threat Intelligence(2019-05-07) Mittal, Sudip; Joshi, Anupam; Finin, TimKeeping up with threat intelligence is a must for a security analyst today. There is a volume of information present in `the wild' that affects an organization. We need to develop an artificial intelligence system that scours the intelligence sources, to keep the analyst updated about various threats that pose a risk to her organization. A security analyst who is better `tapped in' can be more effective. In this paper we present, Cyber-All-Intel an artificial intelligence system to aid a security analyst. It is a system for knowledge extraction, representation and analytics in an end-to-end pipeline grounded in the cybersecurity informatics domain. It uses multiple knowledge representations like, vector spaces and knowledge graphs in a 'VKG structure' to store incoming intelligence. The system also uses neural network models to pro-actively improve its knowledge. We have also created a query engine and an alert system that can be used by an analyst to find actionable cybersecurity insights.Item Cybersecurity 2016 Survey Summary Report of Survey Results(UMBC and International City/County Management Association (ICMA), 2017-04-17) Norris, Donald; Mateczun, Laura; Joshi, Anupam; Finin, TimIn 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local government cybersecurity practices. The results of this survey provide insights into the cybersecurity issues faced by U.S. local governments, including what their capacities are, what kind of barriers they face, and what type of support they have to implement cybersecurity programs.Item Cybersecurity Challenges to American State and Local Governments(2015-06-18) Norris, Donald; Joshi, Anupam; Finin, TimIn this paper, we examine cybersecurity challenges to American state and local governments. In particular, we address the extent and magnitude of cyberattacks against these governments, the problems these governments face in preventing attacks from being successful, the barriers internal to their organizations that make cybersecurity difficult to achieve, and actions that they believe should be taken to improve cybersecurity practice. Our research method consisted of a focus group of information technology (IT) and cybersecurity (CS) officials from one American state. Among other things we found that cyberattacks, mostly in the form of malicious emails, are constant, 24/7/365, and can number in the tens of thousands per day (at least among state government and larger local governments). The participants in our focus group noted that while they weren't perfect at it, they felt that for the most part they had the technical side of cybersecurity under good control. These governments’ biggest cyber challenge is human error; that is, end users who (mostly by mistake and without malice) open an attachment or click on a link in a phishing email that then allows an attacker into the government’s IT system. We also found that the probability of a successful phishing cyberattack is relatively high. These governments face several barriers when attempting to prevent cyberattacks and when endeavoring to mitigate successful ones, including: insufficient funding and staffing; problems of governance (namely, lack of control over all actors within a governmental unit due mainly to the federated nature of government); and insufficient or under-enforced cybersecurity policies. Our participants also noted that there are several common sense ways that state and local governments can improve cybersecurity. Among others, these include: frequent vulnerability assessment, continual scanning and testing, securing cybersecurity insurance, improving end user authentication and authorization, end user training and control, control over the use of external devices (flash drives, etc.), improved governance methods, sharing information about cyberattacks and cybersecurity policies and practices among governments, and, finally, creating a culture for cybersecurity in governmental organizations. Areas for further research into state and local government cybersecurity include: the types of cyberattacks that state and local governments typically face; the types of actions that these governments should take to prevent the attacks from being successful and to mitigate the results of successful attacks; gaps between these governments’ need to prevent and mitigate cyberattacks and their ability to do so, including barriers to effective state and local government cybersecurity and best cybersecurity practices; and recommendations for improving state and local government cybersecurity.Item Deep learning approaches in semantic triple generation for knowledge graph population(2019-01-01) Pingle, Aditya; Joshi, Anupam; Computer Science and Electrical Engineering; Computer ScienceSecurity Analysts that work in a `Security Operations Center' (SoC) play a major role in ensuring the security of the organization. The amount of background knowledge they have about the evolving and new attacks makes a significant difference in their ability to detect attacks. Open source threat intelligence sources, like text descriptions about cyber-attacks, can be stored in a structured fashion in a cybersecurity knowledge graph. A cybersecurity knowledge graph can be paramount in aiding a security analyst to detect cyber threats because it stores a vast range of cyber threat information in the form of semantic triples which can be queried. A semantic triple contains two cybersecurity entities with a relationship between them. In this work, we propose a system to create semantic triples over cybersecurity text, using deep learning approaches to extract possible relationships. We use the set of semantic triples generated through our system to assert in a cybersecurity knowledge graph. Security Analysts can retrieve this data from the knowledge graph, and use this information to form a decision about a cyber-attack.Item Enhancing Interest in Cybersecurity Careers: A Peer Mentoring Perspective(Association for Computing Machinery, 2018-02-21) Janeja, Vandana P.; Faridee, Abu Zaher Md; Gangopadhyay, Aryya; Seaman, Carolyn; Everhart, AmyThe focus of this paper is an evaluation of our peer mentoring framework designed to encourage more students to seek cybersecurity career pathways through providing peer interactions. We present and compare results from two years (Spring 2016 and 2017) of interaction between students in an introductory Information Systems class (IS 300: Management of Information Systems) and an upper-level elective Cybersecurity course (IS 471: Data Analytics for Cybersecurity). Our results show a continuation of the general trend observed in the 2016 study. The students who receive peer mentoring show more interest in cybersecurity issues and careers and gain more overall knowledge throughout the semester, than those who don’t. This is reflected by the results of an anonymous survey and overall grade improvements. These students show more variations regarding their choice of cybersecurity as a career compared to students who did not receive any mentoring, demonstrating that they are able to make more informed decisions. Female students exhibit more pronounced responses to peer mentoring in contrast to their male counterparts.Item Extending Signature-based Intrusion Detection Systems With Bayesian Abductive Reasoning(2019-03-28) Ganesan, Ashwinkumar; Parameshwarappa, Pooja; Peshave, Akshay; Chen, Zhiyuan; Oates, TimEvolving cybersecurity threats are a persistent challenge for system administrators and security experts as new malwares are continually released. Attackers may look for vulnerabilities in commercial products or execute sophisticated reconnaissance campaigns to understand a target’s network and gather information on security products like firewalls and intrusion detection / prevention systems (network or host-based). Many new attacks tend to be modifications of existing ones. In such a scenario, rule-based systems fail to detect the attack, even though there are minor differences in conditions / attributes between rules to identify the new and existing attack. To detect these differences the IDS must be able to isolate the subset of conditions that are true and predict the likely conditions (different from the original) that must be observed. In this paper, we propose a probabilistic abductive reasoning approach that augments an existing rule-based IDS (snort [29]) to detect these evolved attacks by (a) Predicting rule conditions that are likely to occur (based on existing rules) and (b) able to generate new snort rules when provided with seed rule (i.e. a starting rule) to reduce the burden on experts to constantly update them. We demonstrate the effectiveness of the approach by generating new rules from the snort 2012 rules set and testing it on the MACCDC 2012 dataset.Item Extracting cybersecurity related linked data from text(IEEE Computer Society Press, 2013-09-16) Joshi, Arnav; Lal, Ravendar; Finin, Tim; Joshi, AnupamThe Web is typically our first source of information about new software vulnerabilities, exploits and cyber-attacks. Information is found in semi-structured vulnerability databases as well as in text from security bulletins, news reports, cybersecurity blogs and Internet chat rooms. It can be useful to cybersecurity systems if there is a way to recognize and extract relevant information and represent it as easily shared and integrated semantic data. We describe such an automatic framework that generates and publishes a RDF linked data representation of cybersecurity concepts and vulnerability descriptions extracted from the National Vulnerability Database and from text sources. A CRF-based system is used to identify cybersecurity-related entities, concepts and relations in text, which are then represented using custom ontologies for the cybersecurity domain and also mapped to objects in the DBpedia knowledge base. The resulting cybersecurity linked data collection can be used for many purposes, including automating early vulnerability identification, mitigation and prevention efforts.Item How to Actually Promote Diversity in STEM(The Atlantic, 2019-11-29) Hrabowski III, Freeman A.; Henderson, Peter H.Item IP REPUTATION SCORING � A PERSPECTIVE ON CLUSTERING WITH META-FEATURES AUGMENTATION(2018-01-01) Sainani, Henanksha; Janeja, Vandana; Information Systems; Information SystemsWe propose a novel approach to assess the reputation of an IP address in network usage data by augmenting the network features with meta-features such as geospatial knowledge. While there is abundant literature on geospatial data mining, limited attention is given to geolocation in the realm of cybersecurity applications. We present experimental results that highlight the importance of geospatial knowledge in augmenting network anomalies and compare several traditional clustering methods with a clustering technique called unified clustering that overcomes the problems of using both continuous and categorical attributes in clustering. Thus, the contributions in this paper are three folds. First, we show that the approach of combining traditional network observables with geospatial observables presents a more robust and unique IP reputation scoring model; Second, this study provides an empirical validation of applying unified clustering approach for data with heterogeneous attributes in the cybersecurity domain to have better well-formed clusters. Third, we have devised a reputation scoring model for an IP address by applying unified clustering on a combined dataset that encompasses network & geospatial information; This research study has implications for anomaly detection for cyber security applications, especially when there is limited information about the network session or there is a lack of historical data for the network observables.Item Ontology driven AI and Access Control Systems for Smart Fisheries(Association for Computing Machinery, 2021-04-28) Chukkapalli, Sai Sree Laya; Aziz, Shaik; Alotaibi, Nouran; Mittal, Sudip; Gupta, Maanak; Abdelsalam, MahmoudIncreasing number of internet connected devices has paved a path for smarter ecosystems in various sectors such as agriculture, aquaculture, manufacturing, healthcare, etc. Especially, integrating technologies like big data, artificial intelligence (AI), blockchain, etc. with internet connected devices has increased efficiency and productivity. Therefore, fishery farmers have started adopting smart fisheries technologies to better manage their fish farms. Despite their technological advancements smart fisheries are exposed and vulnerable to cyber-attacks that would cause negative impact on the ecosystem both physically and economically. Therefore in this paper, we present a smart fisheries ecosystem where the architecture describes various interactions that happen between internet connected devices. We develop a smart fisheries ontology based on the architecture and implement Attribute Based Access Control System (ABAC) where access to resources of smart fisheries is granted by evaluating the requests. We also discuss how access control decisions are made in multiple use case scenarios of a smart fisheries ecosystem. Furthermore, we elaborate some AI applications that would enhance the smart fisheries ecosystem.Item Phishing in an Academic Community: A Study of User Susceptibility and Behavior(2018-01-01) Diaz, Alejandra; Nicholas, Charles; Computer Science and Electrical Engineering; Computer ScienceWe present an observational study on the relationship between demographic factors and phishing susceptibility. In spring 2018, we sent three phishing emails and a survey to examine user click rates and demographics within UMBC's undergraduate student population. This study, the first to investigate several demographic factors without prior user knowledge in a university setting, shows correlations between user susceptibility and college affiliation, age, cyber training levels, academic year progression, phishing awareness, cyber club or scholarship involvement, and amount of time spent on a computer. We observe no such relationship for gender. We used the Billing Problem, Contest Winner, and Expiration Date phishing tactics. From March through May 2018, we performed three experiments that delivered phishing attacks to 450 randomly-selected students on three different days (1,350 students total). Unlike other studies, to simulate real phishing scenarios the participants were initially unaware of the study. Experiment 1 impersonated banking authorities; Experiment 2 enticed users with monetary rewards; and Experiment 3 threatened users with account cancellation. We then sent a survey that collected students college affiliation, age, cyber training levels, academic year progression, phishing awareness, cyber club or scholarship involvement, and amount of time spent on a computer. We conclude that gender does not indicate student risk level (?2 =0.43,p =0.51,? = 0.05). Students within a technical field are less likely to click a link (39% students clicked), followed by Natural and Mathematical Sciences students (63% students clicked) second and Arts, Humanities and Social Sciences students most susceptible (78% students clicked) (?2 = 136.35,p < 0.0001,? = 0.05). Age (?2 = 16.25,p = 0.001,? = 0.05) and academic year progression (?2 =15.67,p =0.0013,? =0.05) influenced susceptibility as well, with younger and less educated students having higher click rates to phishing schemes than did their older and more educated counterparts. There exists a correlation in level of cyber training and decreasing click rate (?2 =19.47,p < 0.0001,? =0.05), similar to the relationship of low click rates and cyber scholarship program involvement (28% students clicked), followed by cyber club membership (53% students clicked) and no involvement at all (73% students clicked) (?2 = 19.29,p < 0.0001,? = 0.05). Time spent on the computer is a significant factor in click rates as well (Fisher0sp < 0.0001,? = 0.05). Students that spend more time on the computer after 4 hours are documented to not click the phishing links as often (4-8 88% students clicked, 8-12 70% students, 12+ 52% students clicked). Contrary to our expectations, there exists a negative relationship between phishing awareness and students' resistance to clicking a phish link (?2 = 77.46,p < 0.0001,? = 0.05). Students who identified themselves as understanding the definition of phishing had a higher susceptibility rate (80% students clicked) than their peers who are merely aware of phishing attacks (43% students clicked) and those with no knowledge whatsoever (28% students clicked).Item RelExt: Relation Extraction using Deep Learning approaches for Cybersecurity Knowledge Graph Improvement(2019-05-16) Pingle, Aditya; Piplai, Aritran; Mittal, Sudip; Joshi, Anupam; Holt, James; Zak, RichardSecurity Analysts that work in a `Security Operations Center' (SoC) play a major role in ensuring the security of the organization. The amount of background knowledge they have about the evolving and new attacks makes a significant difference in their ability to detect attacks. Open source threat intelligence sources, like text descriptions about cyber-attacks, can be stored in a structured fashion in a cybersecurity knowledge graph. A cybersecurity knowledge graph can be paramount in aiding a security analyst to detect cyber threats because it stores a vast range of cyber threat information in the form of semantic triples which can be queried. A semantic triple contains two cybersecurity entities with a relationship between them. In this work, we propose a system to create semantic triples over cybersecurity text, using deep learning approaches to extract possible relationships. We use the set of semantic triples generated through our system to assert in a cybersecurity knowledge graph. Security Analysts can retrieve this data from the knowledge graph, and use this information to form a decision about a cyber-attack.Item A Semantic Approach to Situational Awareness for Intrusion Detection(National Coordination Office for Networking and Information Technology Research and Development, 2012-06-11) More, Sumit; Mathews, M. Lisa; Joshi, Anupam; Finin, TimWe describe a situation-aware intrusion detection system that integrates heterogeneous sources of information to build and maintain a semantically rich knowledge-base about cyber threats and vulnerabilities. Most current intrusion detection and prevention systems rely on signature-based approaches to detect attacks. When an attack signature is not available, such as for a new exploit or a significantly modified known one, such systems are much less effective. Moreover, these intrusion detection systems are point-based solutions which do not make effective use of heterogeneous data sources, which can provide important information related to intrusions which are not yet available as signature patterns. This information can also help detect low-and-slow attacks in which small intrusions that are spatially and temporally apart combine to build a more elaborate attack.Item The SFS Summer Research Study at UMBC: Project-Based Learning Inspires Cybersecurity Students(2018-11-12) Sherman, Alan; Golaszewski, Enis; LaFemina, Edward; Goldschen, Ethan; Khan, Mohammed; Mundy, Lauren; Rather, Mykah; Solis, Bryan; Tete, Wubnyonga; Valdez, Edwin; Weber, Brian; Doyle, Damian; O’Brien, Casey; Oliva, Linda; Roundy, Joseph; Suess, JackMay 30-June 2, 2017, Scholarship for Service (SFS) scholars at the University of Maryland, Baltimore County (UMBC) analyzed the security of a targeted aspect of the UMBC computer systems. During this hands-on study, with complete access to source code, students identified vulnerabilities, devised and implemented exploits, and suggested mitigations. As part of a pioneering program at UMBC to extend SFS scholarships to community colleges, the study helped initiate six students from two nearby community colleges, who transferred to UMBC in fall 2017 to complete their four-year degrees in computer science and information systems. The study examined the security of a set of "NetAdmin" custom scripts that enable UMBC faculty and staff to open the UMBC firewall to allow external access to machines they control for research purposes. Students discovered vulnerabilities stemming from weak architectural design, record overflow, and failure to sanitize inputs properly. For example, they implemented a record-overflow and code-injection exploit that exfiltrated the vital API key of the UMBC firewall. This report summarizes student activities and findings, and reflects on lessons learned for students, educators, and system administrators. Our students found the collaborative experience inspirational, students and educators appreciated the authentic case study, and IT administrators gained access to future employees and received free recommendations for improving the security of their systems. We hope that other universities can benefit from our motivational and educational strategy of teaming educators and system administrators to engage students in active project-based learning centering on focused questions about their university computer systems.Item The Work of Cybersecurity Advocates(2020-01-20) Haney, Julie Marie; Lutters, Wayne G.; Information Systems; Human Centered ComputingCyber attacks are on the rise, with potentially devastating effects at the personal, business, and national levels. Despite real and evolving cyber threats, people often fail to implement and effectively use basic, well-known cybersecurity technologies and practices. Further contributing to the cybersecurity problem is the shortage of security personnel to address these challenges. A critical role and force-multiplier in security adoption is the cybersecurity advocate: a security professional who has the skills to effectively promote security and facilitate positive security behavior change. Cybersecurity advocates attempt to remedy implementation failures by promoting and facilitating the adoption of security best practices and technologies as an integral component of their jobs. Currently, there is no clear career track and few resources for educating professionals on how to be good cybersecurity advocates. Furthermore, it is unclear as to what advocacy techniques may be most effective. In addition to the bias towards technical skills, these gaps are likely due to the fact that we have little understanding of the work practices and competencies that lead to successful security advocacy. The purpose of my research is to gain a better understanding of these work practices. A first stage in my investigation involved interviews of professional security advocates. Since this interview data was one-sided from the perspective of advocates themselves, I validated the findings with a second stage exploring the effectiveness of advocates' approaches via a case study of a security awareness team at a U.S. government agency. This research uncovers definitional boundaries of cybersecurity advocates, including skills, characteristics, motivations, challenges, and tactics. Findings reveal that advocates employ technical and non-technical skills and a variety of techniques to overcome negative perceptions of security and other barriers to security adoption. A better understanding of the work of advocates can inform more effective security advocacy techniques and resources to aid in professional development of advocates. A promulgation of this understanding to practitioners and educators may result in an increase in cybersecurity advocates armed with the necessary tools to be successful. This growth of the advocate workforce might then lead to increased adoption of cybersecurity best practices.