SACM - United States of America

Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9668

Browse

Subject: search.filters.subject.Cybersecurity

Search Results

Now showing 1 - 10 of 14
  • Thumbnail Image
    ItemRestricted
    Cybersecurity-Aware Distributed Optimization for Optimal Power Flow
    (Georgia Institute of Technology, 2024-07-17) Alkhraijah, Mohannad; Molzahn, Daniel
    Distributed optimization algorithms have many attractive features for coordinating systems with multiple agents, as they allow multiple agents to collaborate in solving large-scale optimization problems while maintaining their autonomy. However, distributed algorithms may be vulnerable to cyberattacks due to their dependency on communication. This dissertation proposes a general cybersecurity-aware distributed optimization implementation framework for solving optimal power flow problems. The proposed framework increases the resiliency of distributed optimization against cyberattacks and data manipulation. The main contributions of the dissertation are (1) development of an open-source framework to expedite the process of testing and experimenting with distributed optimization algorithms, (2) benchmarking multiple distributed algorithms with various optimal power flow models in the presence of nonideal communication via an extensive empirical analysis, (3) investigation of cyberattack threats on distributed optimization and proposition of cyberattack detection models, (4) development of a mitigation strategy for cyberattacks and communication failures via formulating and solving a robust optimization problem, and (5) development of a fault-tolerant distributed termination method that prevents faulty termination caused by cyberattacks or communication errors.
    26 0
  • Thumbnail Image
    ItemRestricted
    INTO THE DIGITAL ABYSS: EXPLORING THE DEPTHS OF DATA COLLECTED BY IOT DEVICES
    (Johns Hopkins University, 2024-02-22) Almogbil, Atheer; Rubin, Aviel
    The proliferation of interconnected smart devices, once ordinary household appliances, has led to an exponential increase in sensitive data collection and transmission. The security and privacy of IoT devices, however, have lagged behind their rapid deployment, creating vulnerabilities that can be exploited by malicious actors. While security attacks on IoT devices have garnered attention, privacy implications often go unnoticed, exposing users to potential risks without their awareness. Our research contributes to a deeper understanding of user privacy concerns and implications caused by data collection within the vast landscape of the Internet of Things (IoT). We uncover the true extent of data accessible to adversarial individuals and propose a solution to ensure data privacy in precarious situations. We provide valuable insights, paving the way for a more informed and comprehensive approach to studying, addressing, and raising awareness about privacy issues within the evolving landscape of smart home environments.
    13 0
  • Thumbnail Image
    ItemRestricted
    A Graph-Based Formal Access Control Model to Support Positive & Negative Permissions, Exceptions, Redundancy & Conflict Detection, Permission to Delegate, Delegation, Separation of Duties (SoD), and SoD Exceptions & Violation Detection
    (University of Idaho, 2024-12-30) Alkhorem, Azan Hamad; De Leon, Daniel Conte
    Access control policies models provide a better approach to control users actives regarding allowing or denying such action to user or group within the resources. This mechanism allowed us to verify the grant or the denial of access. Within the access control hierarchy structure, there are more features that must be supported with different permissions on non-hierarchy and hierarchy structure. In this study we developed a methodology that supports the enhancement of positive policy represented by (YES) and adds negative policy represented by (NO). Moreover, we include supporting both types of permission to delegate and both types of delegation. Although, we implement supporting an exception policies approach for both types of stander policies positive and negative. Furthermore, we developed a method to adopt two different types of Separation of Duties (SoD). This includes redundancy, conflict detection, valid polices request of SoD, violation, and non-violation polices request between each type itself and between the first type against the second concept of SoD rules as well as vice versa. In addition, we validate another technique that these two different types of SoD do not violate both types of stander policies concept. Finally, we examine both types of stander policies concept never violate both types of SoD rules in the hierarchy manner. These challenges have been successfully verified on the hierarchy policy model (HPol). These features give the HPol model more advantages supporting complex polices on non-hierarchy and hierarchy structure.
    25 0
  • Thumbnail Image
    ItemRestricted
    Adaptive Cyber Security for Smart Home Systems
    (Howard University, 2024-04-29) Alsabilah, Nasser; Rawat, Danda B.
    Throughout the recent decade, smart homes have made an enormous expansion around the world among residential customers; hence the most intimate place for people becomes connected to cyberspace. This environment attracts more hackers because of the amount and nature of data.Furthermore, most of the new technologies suffer from difficulties such as afford the proper level of security for their users.Therefore, the cybersecurity in smart homes is becoming increas- ingly a real concern for many reasons, and the conventional security methods are not effective in the smart home environment as well. The consequences of cyber attacks’ impact in this environment exceed direct users to society in some cases. Thus, from a historical perspective, many examples of cybersecurity breaches were reported within smart homes to either gain information from con- nected smart devices or exploit smart home devices within botnet networks to execute Distributed Denial of Service (DDoS) as well as others.Therefore, there is an insistent demand to detect these malicious attacks targeting smart homes to protect security and privacy.This dissertation presents a comprehensive approach to address these challenges, leveraging insights from energy consumption and network traffic analysis to enhance cybersecurity in smart home environments.The first objec- tive of this research focuses on estimating vulnerability indices of smart devices within smart home systems using energy consumption data. Through sophisticated methodology based on Kalman filter and Shapiro-Wilk test, this objective provides estimating for the vulnerability indices of smart devices in smart home system. Building upon the understanding that energy consumption is greatly affected by network traffic based on many empirical observations that have revealed alterations in the energy consumption and network behavior of compromised devices, the subsequent objectives as complementary endeavors to the first objective delve into the development of adaptive technique for cyber-attack detection and cyber-behavior prediction using Rough Set Theory combined with XGBoost. These objectives aim to detect and predict cyber threats, thus enhancing the overall security posture of smart home systems.
    13 0
  • Thumbnail Image
    ItemRestricted
    Real-time Intelligent Detection System Designs for Web Phishing Attacks
    (The University of Alabama, 2024-03-27) Asiri, Sultan; Xiao, Yang
    Phishing attacks are still a growing concern for many individuals and organizations worldwide. They steal user credentials and serve as a gateway for approximately 90\% of cybersecurity breaches. Therefore, it has become an important issue that needs to be solved. Most organizations worldwide train humans to avoid being a target of phishing attacks; however, even an expert can be a victim of this kind of attack due to the similarity between benign and phishing web pages. In this dissertation, we first study the current state-of-the-art methods for detecting phishing attacks and highlight the limitations of existing detection approaches. Second, we introduce PhishingRTDS, a system that protects users from different phishing attacks and defends them against accidentally opening malicious URLs. The system isolates the suspected webpage to protect users' local systems from downloading malicious software. Then, we collect all URLs embedded in the webpage and use a deep learning (DL) model to classify each URL independently. These classifications are used to determine whether a webpage is phishing or benign. Third, we introduce PhishTransformer, a deep-learning model that analyzes URLs and page content by detecting phishing attacks. We propose using only embedded URLs, such as hyperlinks and JFrames, to train PhishTransformer. This reduces the need to extract page content features, improving training efficiency. PhishTransformer combines convolutional neural networks and transformer encoders to extract features from website URLs and page content. These features train a classifier to differentiate phishing attacks from legitimate websites. Our findings suggest that PhishTransformer is a promising approach to phishing detection. Fourth, we introduce a method to enhance a detection system by integrating human feedback, which is necessary due to the rising complexity of phishing attacks. Attackers constantly evolve new methods, like hiding malicious links within seemingly legitimate web pages. Static detection systems are insufficient, leaving users vulnerable. Thus, we propose a human-in-the-loop deep learning active system. Initially employing PhishTransformer, we gather test data via a browser extension, continually updating the model and evaluating performance metrics. Our approach produces approximately a 5\% enhancement across all metrics compared to the base model by Version 3.
    35 0
  • Thumbnail Image
    ItemRestricted
    Improving Security in Web Browsing through WebCompass
    (Fairfield University, 2024-01-17) Alzhrany, Yasr; Almalki, Abdulaziz; Speretta, Mirco
    The world of online security is full of challenges. The greater the reliance on the Internet, the higher the risk. Every day, users fall prey to phishing attacks, caused by weak defense software, etc. Among these threats, one of the most successful ones is based on spam and phishing emails that lure users to click on links (i.e. URLs) that can capture or expose sensitive information. At the same time, the proliferation of Websites containing vulnerabilities is an open invitation for these cyber-attacks. This underscores the urgent need to address the complexity of phishing techniques and fortify Websites against potential threats to mitigate the risks users face in the digital landscape. This study aims to develop a Chrome extension that focuses on improving the security of users while browsing the Web. We have developed and studied the effectiveness of WebCompass, which is an extension for the Chrome browser that attempts to address the challenge of security on the Internet by, of the Web site currently browsed by the user analyzing in real time both the technology used on the page and the reputation of the page. This combination of indicators is a new and unique approach for detecting and mitigating cybersecurity risks.
  • Thumbnail Image
    ItemRestricted
    SOCIAL EXCHANGE THEORY IN THE CONTEXT OF X (TWITTER) AND FACEBOOK SOCIAL MEDIA PLATFORMS WITH A FOCUS ON PRIVCAY CONCERNS AMONG SAUDI STUDENTS
    (Saudi Digital Library, 2023-12-16) Alqahtani, Sameer Mohammed; Prybutok, Victor R
    Examining rewards, costs, and comparison levels, the Social Exchange Theory (SET) in sociology underpins our comprehension of self-interest-driven social relationships. Trust, authority, and reciprocity have a substantial impact on these interactions. The Social Exchange Theory (SET) is a valuable lens for understanding human relationships, including online interactions. Social media platforms, such as X (Twitter) and Facebook, have become indispensable communication tools in our daily lives. Nevertheless, due to their user base, they also attract cybercriminals. X (Twitter) offers a variety of security features, such as password protection, two-factor authentication, privacy settings, and app controls, but users must remain vigilant against fraud attempts. Facebook collects vast amounts of private information, which increases the importance of comprehending and implementing security settings. Security awareness is essential for data protection, risk reduction, and conformance with privacy laws. Awareness allows users to manage interactions with security in mind and results in a more secure digital environment, mitigating risks such as identity fraud. Various methodological approaches have allowed the investigation of these two digital phenomena, and the current research contributes to the literature by examining the use of social media and its security settings using a SET lens within a Saudi student environment. This research followed a traditional format for a dissertation, which includes an introduction, literature review, methodology, results, and conclusion with the results section presented the findings from the three essays. The first essay employs the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) methodology of SET. PRISMA's systematic and exhaustive approach to literature evaluation increases the likelihood of obtaining high-quality, reproducible findings. In the second essay, which focuses on awareness of X’s (Twitter) security settings, a quantitative research approach was utilized. A sample of former and current Saudi students (graduate and undergraduate) at the University of North Texas participated in the investigation. This research provides an empirical examination of the use of X (Twitter) and its security features within this community by employing statistical analysis of the data from respondents. Likewise, the same sample of Saudi students from the University of North Texas was used for the third essay in which the use of Facebook's security settings was examined. Having a consistent sample across both studies enables a comparison and a greater understanding of the security awareness and practices of this group across various social media platforms. The findings across the different studies extend our understanding of the role of culture in privacy and security concerns related to social media.
    56 0
  • Thumbnail Image
    ItemRestricted
    DETECTING MANIPULATED AND ADVERSARIAL IMAGES: A COMPREHENSIVE STUDY OF REAL-WORLD APPLICATIONS
    (UCF STARS, 2023-11-06) Alkhowaiter, Mohammed; Zou, Cliff
    The great advance of communication technology comes with a rapid increase of disinformation in many kinds and shapes; manipulated images are one of the primary examples of disinformation that can affect many users. Such activity can severely impact public behavior, attitude, and be- lief or sway the viewers’ perception in any malicious or benign direction. Additionally, adversarial attacks targeting deep learning models pose a severe risk to computer vision applications. This dissertation explores ways of detecting and resisting manipulated or adversarial attack images. The first contribution evaluates perceptual hashing (pHash) algorithms for detecting image manipulation on social media platforms like Facebook and Twitter. The study demonstrates the differences in image processing between the two platforms and proposes a new approach to find the optimal detection threshold for each algorithm. The next contribution develops a new pHash authentication to detect fake imagery on social media networks, using a self-supervised learning framework and contrastive loss. In addition, a fake image sample generator is developed to cover three major image manipulating operations (copy-move, splicing, removal). The proposed authentication technique outperforms the state-of-the-art pHash methods. The third contribution addresses the challenges of adversarial attacks to deep learning models. A new adversarial-aware deep learning system is proposed using a classical machine learning model as the secondary verification system to complement the primary deep learning model in image classification. The proposed approach outperforms current state-of-the-art adversarial defense systems. Finally, the fourth contribution fuses big data from Extra-Military resources to support military decision-making. The study pro- poses a workflow, reviews data availability, security, privacy, and integrity challenges, and suggests solutions. A demonstration of the proposed image authentication is introduced to prevent wrong decisions and increase integrity. Overall, the dissertation provides practical solutions for detect- ing manipulated and adversarial attack images and integrates our proposed solutions in supporting military decision-making workflow.
    30 0
  • Thumbnail Image
    ItemRestricted
    Artificial Intelligence Applied To Cybersecurity And Health Care
    (NDSU, 2023-09-21) Alenezi, Rafa; Ludwig, Simone
    Nowadays, artificial intelligence is being considered a potential solution for various problems, including classification and regression optimization, in different fields such as science, technology, and humanities. It can also be applied in areas such as cybersecurity and healthcare. With the increasing complexity and impact of cybersecurity threats, it is essential to develop mechanisms for detecting new types of attacks. Hackers often target the Domain Name Server (DNS) component of a network architecture, which stores information about IP addresses and associated domain names, to gain access to a server or compromise network connectivity. Machine learning techniques can be used not only for cyber threat detection but also for other applications in various fields. In this dissertation, the first research investigates the use of classification models, including Random Forest classifiers, Keras Sequential algorithms, and XGBoost classification, for detecting attacks. Additionally, Tree, Deep, and Kernel of Shapley Additive Explanations (SHAP) can be used to interpret the results of these models. The second research focuses on detecting DNS attacks using appropriate classifiers to enable quick and effective responses. In the medical field, there is a growing trend of using algorithms to identify diseases, particularly in medical imaging. Deep learning models have been developed to detect pneumonia, but their accuracy is not always optimal and they require large data sets for training. Two studies were conducted to develop more accurate detection models for pneumonia in chest X-ray images. The third study developed a model based on Reinforcement Learning (RL) with Convolutional Neural Network (CNN) and showed improved accuracy values. The fourth study used Teaching Learning Based Optimization (TLBO) with Convolutional Neural Network (CNN) to improve pneumonia detection accuracy, which resulted in high-level accuracy rates. Overall, all these studies provide insights into the potential of artificial intelligence in improving disease detection and cyber treat detection.
    33 0
  • Thumbnail Image
    ItemRestricted
    Physics and AI-Driven Anomaly Detection in Cyber-Physical Systems
    (Saudi Digital Library, 2023) Alotibi, Faris; Tipper, David
    Organizations across various sectors are moving rapidly to digitization. Multiple applications in cyber-physical systems (CPSs) emerged from interconnectivity such as smart cities, autonomous vehicles, and smart grids, utilizing advanced capabilities of the Internet of Things (IoTs), cloud computing, and machine learning. Interconnectivity also becomes a critical component in industrial systems such as smart manufacturing, smart oil, and gas distribution grid, smart electric power grid, etc. These critical infrastructures and systems rely on industrial IoT and learning-enabled components to handle the uncertainty and variability of the environment and increase autonomy in making effective operational decisions. The prosperity and benefits of systems interconnectivity demand the fulfillment of functional requirements such as interoperability of communication and technology, efficiency and reliability, and real-time communication. Systems need to integrate with various communication technologies and standards, process and analyze shared data efficiently, ensure the integrity and accuracy of exchanged data, and execute their processes with tolerable delay. This creates new attack vectors targeting both physical and cyber components. Protection of systems interconnection and validation of communicated data against cyber and physical attacks become critical due to the consequences of disruption attacks pose to critical systems. In this dissertation, we tackle one of the prominent attacks in the CPS space, namely the false data injection attack (FDIA). FDIA is an attack executed to maliciously influence decisions, that is CPSs operational decisions such as opening a valve, changing wind turbine configurations, charging/discharging energy storage system batteries, or coordinating autonomous vehicles driving. We focus on the development of anomaly detection techniques to protect CPSs from this emerging threat. The anomaly detection mechanisms leverage both physics of CPSs and AI to improve their detection capability as well as the CPSs' ability to mitigate the impact of FDIA on their operations.
    40 0

Copyright owned by the Saudi Digital Library (SDL) © 2024