This track includes academic research and industry focused best practices papers not directly related to pedagogy. Topics may address any subject of interest to the cybersecurity community of scholars.

Subscribe to RSS Feed (Opens in New Window)

Practice

“Not All FRIENDs are Equal”: Friendship Classification for Defending against Social Engineering Attacks

Munene W. Kanampiu, North Carolina A & T State University
Mohd Anwar, North Carolina A & T State University

Social engineering is a serious security threat to Online Social Networks (OSNs). Identity theft, impersonation, phishing, and deception are some of the social engineering-based attacks that exploit vulnerabilities of interpersonal relationships of online users. As a result, relationships in OSNs need to be thoroughly examined. In this vein, we propose a relationship categorization model to evaluate relationship strength based on graph-theoretic properties and social network analysis (SNA) methods. For example, in Facebook, users may be categorized into close-neighbors, distant-neighbors, celebrities (influential by admiration), authority (influential by power), and loners. Close-neighbors category will help identify a set of trustworthy actors while an actor of distant-neighbors category should not be trusted as much as the former. A celebrity category actor should be more accountable, while a loner category actor will probably be less accountable. This type of categorization will help users engage in proper cybersecurity behaviors to avoid social engineering-based attacks.

Semi-Supervised Deep Neural Network for Network Intrusion Detection

Mutahir Nadeem, Roanoke College
Ochaun Marshall, University of North Carolina at Greensboro
Sarbjit Singh, North Carolina A & T State University
Xing Fang, Illinois State University
Xiaohong Yuan, North Carolina A & T State University

Network security is of vital importance for corporations and institutions. In order to protect valuable computer systems, network data needs to be analyzed so that possible network intrusions can be detected. Supervised machine learning methods achieve high accuracy at classifying network data as normal or malicious, but they require the availability of fully labeled data. The recently developed ladder network, which combines neural networks with unsupervised learning, shows promise in achieving a high accuracy while only requiring a small number of labeled examples. We applied the ladder network to classifying network data using the Third International Knowledge Discovery and Data Mining Tools Competition dataset (KDD 1999). Our experiments, show the ladder network was able to achieve similar results compared to supervised classifiers while using a limited number of labeled samples.

Towards an In-depth Understanding of Deep Packet Inspection Using a Suite of Industrial Control Systems Protocol Packets

Guillermo A. Francia III, Jacksonville State University

Industrial control systems (ICS) are increasingly at risk and vulnerable to internal and external threats. These systems are integral part of our nation’s critical infrastructures. Consequently, a successful cyberattack on one of these could present disastrous consequences to human life and property as well. It is imperative that cybersecurity professionals gain a good understanding of these systems particularly in the area of communication protocols. Traditional Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are made to encapsulate some of these ICS protocols which may enable malicious payload to get through the network firewall and thus, gain entry into the network. This paper describes technical details on various ICS protocols and a suite of ICS protocol packets for the purpose of providing digital forensic materials for laboratory exercises toward a better understanding of the inner workings of ICS communications. Further, these artifacts can be useful in devising deep packet inspection (DPI) strategies that can be implemented in network firewalls, in expanding challenge materials for cyber competitions, and in attribution, vulnerability assessment, and penetration testing research in ICS security.