Your search keyword '"Computer Science (CS)"' showing total 3,029 results

1. ANALYSIS OF CLIENT-SIDE ATTACKS THROUGH DRIVE-BY HONEYPOTS

Author

Rowe, Neil C., Nguyen, Thuy D., Computer Science (CS), Foley, Brian A., Rowe, Neil C., Nguyen, Thuy D., Computer Science (CS), and Foley, Brian A.

Abstract

Client-side cyberattacks on Web browsers are becoming more common relative to server-side cyberattacks. This work tested the ability of the honeypot (decoy) client software Thug to detect malicious or compromised servers that secretly download malicious files to clients, and to classify what it downloaded. Prior to using Thug we did TCP/IP fingerprinting to assess Thug’s ability to impersonate different Web browsers, and we created our own malicious Web server with some drive-by exploits to verify Thug’s functions; Thug correctly identified 85 out of 86 exploits from this server. We then tested Thug’s analysis of delivered exploits from two sets of real Web servers; one set was obtained from random Internet addresses of Web servers, and the other came from a commercial blacklist. The rates of malicious activity on 37,415 random websites and 83,667 blacklisted websites were 5.6% and 1.15%, respectively. Thug’s interaction with the blacklisted Web servers found 163 unique malware files. We demonstrated the usefulness and efficiency of client-side honeypots in analyzing harmful data presented by malicious websites. These honeypots can help government and industry defenders to proactively identify suspicious Web servers and protect users., OUSD(R&E), Outstanding Thesis, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2023

2. VISUAL MODELING AND SIMULATION OF CRYPTOGRAPHIC PROTOCOLS UNDER CONTESTED ENVIRONMENTS

Author

Sadagic, Amela, Hale, Britta, Computer Science (CS), Lewis, Floyd E., III, Sadagic, Amela, Hale, Britta, Computer Science (CS), and Lewis, Floyd E., III

Abstract

With an ever-evolving battlefield in cyberspace, it is essential to stay abreast of current and developing security protocols that will maintain a state of authenticity, confidentiality, and integrity between communicating entities in information-contested environments. The Department of Defense is interested in transitioning its mission objective goals to establishing and maintaining a reliable security posture between communicating command-and-control platforms. However, the current security protocol visualizations need to cater more to military users and decision-makers to help decide which security protocols would best accommodate various operational environments. This research designed and developed a two-dimensional protocol visualization tool (ProVis) that simulates various security protocol interactions in non-contested and contested operational study environments that assist with understanding how security protocols work in the context of military-related usage. A user study was conducted to examine users’ understanding, accuracy, and overall benefit of ProVis concerning the visualization of the Transport Layer Security, Message Layer Security, and Pre-Shared Key protocols. The findings are highly satisfactory: the user subjects were able to easily interface with ProVis and complete the tasks given. The user subjects found ProVis to be a helpful tool in understanding security protocols quickly. This research provides an alternative to current visualization tools., NPS Naval Research Program, This project was funded in part by the NPS Naval Research Program., Outstanding Thesis, Lieutenant Commander, United States Navy, Approved for public release. Distribution is unlimited.

Published

2023

3. IDENTIFICATION AND ANALYSIS OF ATTACKS USING RECOVERED RADIO NETWORK TEMPORARY IDENTIFIERS ON 5G USER EQUIPMENT

Author

Bollmann, Chad A., Hale, Britta, Computer Science (CS), Schindler, Thomas M., Bollmann, Chad A., Hale, Britta, Computer Science (CS), and Schindler, Thomas M.

Abstract

The next cellular network, 5G, will drastically increase the number of devices on a network. The increase in devices will provide a bigger attack surface for potential intruders and offer a pivot point to get inside networks once exploited. Researchers have already discovered how to de-anonymize the messages in the physical downlink control channel to recover Radio Network Temporary Identifiers (RNTI). Analysis of the 5G protocols identified potential vulnerabilities when an RNTI is known. A potential attacker is now able to recover RNTIs, making attacks on 5G devices inevitable. Additional research conducted into protocol vulnerabilities was completed and found possible vulnerabilities in some of the 5G protocols. This thesis examined how the aggregated results of prior work can be utilized to attack individual pieces of user equipment. Cyber security professionals will benefit from this research by understanding how these attacks will be carried out in order to identify defenses against them., Major, United States Army, Approved for public release. Distribution is unlimited.

Published

2023

4. INTERPRETABILITY FOR ARTIFICIAL INTELLIGENCE IN SPEAKER RECOGNITION TASKS

Author

Kroll, Joshua A., Bassett, Robert L., Computer Science (CS), Gooch, Elizabeth F., Kroll, Joshua A., Bassett, Robert L., Computer Science (CS), and Gooch, Elizabeth F.

Abstract

In the future, the DOD will more frequently incorporate AI into tasks with high consequences and, in turn, be scrutinized for mistakes. So far, much AI development has occurred in the private sector for which the consequences of error are lower than in defense. The DOD faces different incentives for the interpretability of AI and needs AI to aid decision-makers instead of replacing them. My thesis project implements techniques to improve trust in a speaker recognition task by focusing on meaningful and theoretically sound feature extraction and model simplicity. My main result is expected and elicits action from DOD. I find that a convolutional neural network (CNN) model performs substantially better than a multilayer perceptron and that logistic regression cannot discern speaker identity. Thus, the DOD needs to focus on research to develop interpretable models for complex tasks. The other result I find is surprising and motivates interpretability: When I construct features using mel frequency cepstral coefficients (MFCCs) on a human speech signal with an improperly long window, my CNN achieves an accuracy of 92%. Ill-defined MFCCs are theoretically meaningless; however, I find that they help predict speaker identity. Further confounding this result, I find that when I construct the MFCCs using the suggested 30 ms window, the model's accuracy falls to 72%. Future research should explore disentangled CNN-based models and the concept of an MFCC as windowing time grows., Civilian, Department of the Navy, Approved for public release. Distribution is unlimited.

Published

2023

5. LAYING THE GROUNDWORK: FITNESS TRACKER SECURITY FOR USE BY DEPARTMENT OF THE NAVY PERSONNEL

Author

Irvine, Cynthia E., Singh, Gurminder, Computer Science (CS), Zick, Margaret, Irvine, Cynthia E., Singh, Gurminder, Computer Science (CS), and Zick, Margaret

Abstract

Bluetooth-capable Internet of Things devices have become prevalent within modern society and continuous connectivity has become an expectation. Recently, wearable fitness trackers have been authorized for use by service members while in uniform. The objective of this work was to determine if vulnerabilities persist in fitness trackers and if their ecosystems render them a security risk to the Department of Defense. The devices selected for this study were readily available, low-cost products, spanning several vendors. Five device models were selected from among the following vendors: Huawei, Amazfit, Garmin, and Fitbit. These devices use Bluetooth to transmit sensitive data to the paired central device. This Bluetooth traffic was captured from two separate perspectives, through passive eavesdropping and directly from the central device. This Bluetooth traffic was captured from two perspectives. The traffic was captured passively, using Project Ubertooth, and actively, logged on the central device, as the devices conducted pairing and various feature invocations. The resulting packet capture files were analyzed to determine vendor-specific security implementation and to determine susceptibility to attack. Three of the five devices studied, those from Huawei and Amazfit, utilized no Bluetooth security features. They did not conduct pairing and routinely operated in the most vulnerable stage of Bluetooth communication. This poses significant risk to the user., Lieutenant Commander, United States Navy, Approved for public release. Distribution is unlimited.

Published

2023

6. BEHAVIORAL COMPOSITION FOR HETEROGENEOUS SWARMS

Author

Davis, Duane T., Giles, Kathleen B., Computer Science (CS), Reimer, Beau, Davis, Duane T., Giles, Kathleen B., Computer Science (CS), and Reimer, Beau

Abstract

Research into swarm robotics has produced a robust library of swarm behaviors that excel at defined tasks such as flocking and area search, many of which have potential for application to a wide range of military problems. However, to be successfully applied to an operational environment, swarms must be flexible enough to achieve a wide array of specific objectives and usable enough to be configured and employed by lay operators. This research explored the use of the Mission-based Architecture for Swarm Composability (MASC) to develop mission-specific tactics as compositions of more general, reusable plays for use with the Advanced Robotic Systems Engineering Laboratory (ARSENL) swarm system. Three tactics were developed to conduct autonomous search of a geographic area and investigation of generated contacts of interest. The tactics were tested in live-flight and virtual environment experiments and compared to a preexisting monolithic behavior implementation completing the same task. Measures of performance were defined and observed that verified the effectiveness of solutions and confirmed the advantages that composition provides with respect to reusability and rapid development of increasingly complex behaviors., Lieutenant Commander, United States Navy, Approved for public release. Distribution is unlimited.

Published

2023

7. FORMING ADVERSARIAL EXAMPLE ATTACKS AGAINST DEEP NEURAL NETWORKS WITH REINFORCEMENT LEARNING

Author

Barton, Armon C., Orescanin, Marko, Computer Science (CS), Akers, Matthew D., Barton, Armon C., Orescanin, Marko, Computer Science (CS), and Akers, Matthew D.

Abstract

Deep neural networks (DNN) are producing groundbreaking results in virtually all academic and commercial domains and will serve as the workhorse of future human-machine teams that will modernize the Department of Defense (DOD). As such, leaders will need to trust and rely on these networks, which makes their security a paramount concern. Considerable research has demonstrated that DNNs remain vulnerable to adversarial examples. While many defense schemes have been proposed to counter the equally many attack vectors, none have been successful at securing a DNN from this vulnerability. Novel attacks expose blind spots unique to a network’s defense, indicating the need for a robust and adaptable attack, used to expose these vulnerabilities early in the development phase. We propose a novel reinforcement learning–based attack, Adversarial Reinforcement Learning Agent (ARLA), designed to learn the vulnerabilities of a DNN and generate adversarial examples to exploit them. ARLA was able to significantly degrade the accuracy of five CIFAR-10 DNNs, four of which used a state-of-the-art defense. We compared our method to other state-of-the-art attacks and found evidence that ARLA is an adaptive attack, making it a useful tool for testing the reliability of DNNs before they are deployed within the DOD., Lieutenant Commander, United States Navy, Approved for public release. Distribution is unlimited.

Published

2023

8. REMOVING THE MASK: VIDEO FINGERPRINTING ATTACKS OVER TOR

Author

Barton, Armon C., Singh, Gurminder, Computer Science (CS), Duhe', Paul H., III, Barton, Armon C., Singh, Gurminder, Computer Science (CS), and Duhe', Paul H., III

Abstract

The Onion Router (Tor) is used by adversaries and warfighters alike to encrypt session information and gain anonymity on the internet. Since its creation in 2002, Tor has gained popularity by terrorist organizations, human traffickers, and illegal drug distributors who wish to use Tor services to mask their identity while engaging in illegal activities. Fingerprinting attacks assist in thwarting these attempts. Website fingerprinting (WF) attacks have been proven successful at linking a user to the website they have viewed over an encrypted Tor connection. With consumer video streaming traffic making up a large majority of internet traffic and sites like YouTube remaining in the top visited sites in the world, it is just as likely that adversaries are using videos to spread misinformation, illegal content, and terrorist propaganda. Video fingerprinting (VF) attacks look to use encrypted network traffic to predict the content of encrypted video sessions in closed- and open-world scenarios. This research builds upon an existing dataset of encrypted video session data and use statistical analysis to train a machine-learning classifier, using deep fingerprinting (DF), to predict videos viewed over Tor. DF is a machine learning technique that relies on the use of convolutional neural networks (CNN) and can be used to conduct VF attacks against Tor. By analyzing the results of these experiments, we can more accurately identify malicious video streaming activity over Tor., Civilian, Approved for public release. Distribution is unlimited.

Published

2023

9. TOWARD AUTOMATED THREAT MODELING BY ADVERSARY NETWORK INFRASTRUCTURE DISCOVERY

Author

Shaffer, Alan B., Singh, Gurminder, Computer Science (CS), Golovko, Oleksandr, Shaffer, Alan B., Singh, Gurminder, Computer Science (CS), and Golovko, Oleksandr

Abstract

Threat modeling can help defenders ascertain potential attacker capabilities and resources, allowing better protection of critical networks and systems from sophisticated cyber-attacks. One aspect of the adversary profile that is of interest to defenders is the means to conduct a cyber-attack, including malware capabilities and network infrastructure. Even though most defenders collect data on cyber incidents, extracting knowledge about adversaries to build and improve the threat model can be time-consuming. This thesis applies machine learning methods to historical cyber incident data to enable automated threat modeling of adversary network infrastructure. Using network data of attacker command and control servers based on real-world cyber incidents, specific adversary datasets can be created and enriched using the capabilities of internet-scanning search engines. Mixing these datasets with data from benign or non-associated hosts with similar port-service mappings allows for building an interpretable machine learning model of attackers. Additionally, creating internet-scanning search engine queries based on machine learning model predictions allows for automating threat modeling of adversary infrastructure. Automated threat modeling of adversary network infrastructure allows searching for unknown or emerging threat actor network infrastructure on the Internet., Major, Ukrainian Ground Forces, Approved for public release. Distribution is unlimited.

Published

2023

10. EXPLORING NEURAL NETWORK DEFENSES WITH ADVERSARIAL MIXUP

Author

Barton, Armon C., Berzins, Valdis A., Computer Science (CS), Andrianopoulos, Georgios, Barton, Armon C., Berzins, Valdis A., Computer Science (CS), and Andrianopoulos, Georgios

Abstract

Neural networks (NNs) are vulnerable to adversarial examples, and extensive research is aimed at detecting them. However, detecting adversarial examples is not easy, even with the construction of new loss functions in a network. In this study, we introduce the Adversarial Mix up (AdvMix) network, a neural network that adds a None of the Above (NOTA) class on top of the existing classes to isolate the space where adversarial examples exist. We investigate the effectiveness of AdvMix in improving the robustness of models trained on deep neural networks against adversarial attacks by detecting them. We experimented with various data augmentation techniques and trained nine different models. Our findings show that using an AdvMix network can significantly improve the performance of models against various attacks while achieving better accuracy on benign examples. We were able to increase the accuracy of the vanilla model from 91% to 95% and improve the model's robustness. In many cases, we were able to eliminate the vulnerability of models against some popular and efficient attacks., Captain, Hellenic Army, Approved for public release. Distribution is unlimited.

Published

2023

11. ON EUCLIDEAN NETWORKS FOR IMPROVING CLASSIFICATION ACCURACY

Author

Barton, Armon C., Orescanin, Marko, Computer Science (CS), Slaughter, Jacob W., Barton, Armon C., Orescanin, Marko, Computer Science (CS), and Slaughter, Jacob W.

Abstract

Machine learning is found in nearly every facet of daily life. Large amounts of data are required but not always available for specific problems, precluding the use of advanced methods such as deep learning and convolutional neural networks. The Euclidean Network (EN) can be used to mitigate these issues. The EN was thoroughly tested to prove its viability as a classification algorithm and that its methods may be used to augment data and transform the input data to increase its feature space dimensionality. Originally, it was hypothesized that the EN could be used to synthetically generate data to augment a data set, though this method was proven to be ineffective. The next area of research sought to expand the dimensionality of the input feature space to improve performance with additional classifiers. This area showed positive results, which supported the hypothesis that more complex, dense input would give algorithms more insight into the data and improve performance. The EN has been found to perform exceptionally well as an independent classifier, as it achieved the highest accuracy for 12 of the 21 data sets. For the remaining 9, though it did not have the highest accuracy, the EN performed comparably to more sophisticated algorithms. The EN also proved capable to expand a data set's feature space to further improve performance. This tactic provided a more robust classification technique and saw an average increase in accuracy of 3% between all data sets., Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2023

12. ANOMALY DETECTION ON FLOWS AND INCOMING PACKETS WITH GAUSSIAN MIXTURES

Author

Barton, Armon C., Singh, Gurminder, Computer Science (CS), Menon, Tarun, Barton, Armon C., Singh, Gurminder, Computer Science (CS), and Menon, Tarun

Abstract

Firewalls are key for maintaining a secure network, but it cannot be assumed that network traffic that manages to get through one is completely safe. Anomaly detection refers to methods that can be used to discover unique or uncommon occurrences within a particular dataset. Unsupervised machine learning techniques involve machine learning with unlabeled data, and can be utilized in order to perform anomaly detection by ingesting a given set of data and finding instances that diverge from the rest in meaningful ways that may not be obvious to the human eye. In this study we aim to analyze anomalies that are detected in incoming packet and flow network traffic data that successfully passed through a firewall and determine what significance there may be within such anomalies. Considering the vast amount of malicious traffic that exists and gets generated regularly, this study shows that Gaussian Mixtures can be used for discovery of anomalies within network traffic that passed through a firewall to discover potential undesirable or malicious traffic., Civilian, Approved for public release. Distribution is unlimited.

Published

2023

13. FEDERATED LEARNING OF BAYESIAN NEURAL NETWORKS

Author

Orescanin, Marko, Barton, Armon C., Computer Science (CS), Loomis, Justin M., Orescanin, Marko, Barton, Armon C., Computer Science (CS), and Loomis, Justin M.

Abstract

Although federated learning and Bayesian neural networks have been researched, there are few implementations of the federated learning of Bayesian networks. In this thesis, a federated learning training environment for Bayesian neural networks using a public code base, Flower, is developed. With it is the exploration of state-of-the-art architecture, residual networks, and Bayesian versions of it. These architectures are then tested with independently and identically distributed (IID) datasets and non-IID datasets derived from the Dirichlet distribution. Results show that the MC Dropout version of Bayesian neural networks can achieve state-of-the-art results—91% accuracy—for IID partitions of the CIFAR10 dataset through federated learning. When the partitions are non-IID, federated learning through inverse variance aggregation of probabilistic weights does as well as its deterministic counterpart, with roughly 83% accuracy. This shows that Bayesian neural networks can be federated and achieve state-of-the-art results as well., Outstanding Thesis, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2023

14. INCREASING UTILITY AND FIDELITY OF A UXV NETWORKED CONTROL SYSTEM SIMULATION VIA PYTHON ADAPTATION

Author

Xie, Geoffrey G., Davis, Duane T., Computer Science (CS), Faulk, Andrew J., Muiruri, Antony K., Xie, Geoffrey G., Davis, Duane T., Computer Science (CS), Faulk, Andrew J., and Muiruri, Antony K.

Abstract

While the use of unmanned vehicles (UxVs) within the Department of Defense (DOD) is prevalent, the ability of the DOD to operate these vehicles as a cooperative networked control system (NCS) is not fully developed. A MATLAB simulation modeling a UxV NCS that jointly optimizes sensing and data communications utilities currently exists. However, this implementation is of low fidelity and is not readily extensible. This thesis advances the NCS model by converting the MATLAB simulation into Python with an object-oriented design. We further extend the Python NCS simulation into a truly distributed system, where each node executes in an independent Docker container and communicates with other nodes via reliable message communications. Our implementation results demonstrated that the object-oriented Python simulation incurs a performance penalty with respect to execution times but provides for greater extensibility without changes to existing functionality. Furthermore, Docker containers offer a lightweight solution for modeling a more realistic version of UxV simulations, thus increasing the NCS simulation's fidelity., Outstanding Thesis, Lieutenant Commander, United States Navy, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2023

15. Update on Machine-Learned Correctness Properties

Author

Naval Postgraduate School, Computer Science (CS), Michael, James, Drusinsky, Doron, Litton, Matthew, Naval Postgraduate School, Computer Science (CS), Michael, James, Drusinsky, Doron, and Litton, Matthew

Abstract

This report details a novel method which has the potential for improving the U.S. Navy’s ability to perform continuous assurance on autonomous and other cyberphysical systems. Specifically, this report presents a novel technique for simulation-driven data generation of explainable machine-learned correctness properties, called ML-assertions, for the purpose of subsequent runtime verification. The method brings the task of providing formal guarantees about the dependability of autonomous systems from the realm of doctoral-level experts into the domain of system developers and engineers. Preliminary experimentation demonstrates that ML-assertions can be utilized for behavior prediction in complex multi-agent systems, serving as a state-of-the-art method for conducting verification and validation on autonomous cyberphysical systems.

Published

2023

16. THE ROLE OF DECEPTIVE DEFENSE IN CYBER STRATEGY

Author

Hale, Britta, Lindsay, Jon, Arquilla, John J., Defense Analysis (DA), Computer Science (CS), Couillard, Mathieu, Hale, Britta, Lindsay, Jon, Arquilla, John J., Defense Analysis (DA), Computer Science (CS), and Couillard, Mathieu

Abstract

This thesis examines the role of deceptive defense in cyber strategy and contributes a new practical concept to aid in its implementation. In The Art of War, Sun Tzu stated, “All warfare is based on deception.” Cyber conflict should pose no exception. The ability to operate anonymously in the cyber domain enables attackers to operate with some degree of impunity, as the attribution of their identities is a complex, costly, and imperfect process. However, defenders can utilize cyber deception to improve network security and enhance both forensic and potential retaliatory cyber operations. This work introduces Deceptive Resistance to Adversary Cyber Operations (DRACO), a concept that simulates active network resources while remaining outside of a secure network perimeter. In this respect it differs from traditional “honeypot” deployments that are either within the network or completely detached. DRACO offers a “deception as a service” architecture, requiring limited integration effort and offering cloud hosting potential. During experimentation on a live network, DRACO successfully redirected attacks that were intended for authentic endpoints and revealed insights pertaining to the attack patterns on active and inactive addresses within a network. Additionally, DRACO presents an opportunity to engage with the adversary, which in turn can enable the identification of an ongoing attack, adversary attribution, and assist in the preparation of retaliatory options., Outstanding Thesis, Lieutenant-Colonel, Canadian Army, Approved for public release. Distribution is unlimited.

Published

2023

17. DETECTING AND DEFENDING AGAINST DIFFERENT FAMILIES OF ADVERSARIAL EXAMPLE ATTACKS

Author

Barton, Armon C., Rowe, Neil C., Computer Science (CS), Kallis, Shaun, Barton, Armon C., Rowe, Neil C., Computer Science (CS), and Kallis, Shaun

Abstract

Adversarial example attacks alter an image so the image appears largely unaltered to human eyes, but image-recognition models will misclassify it. This is a common type of attack, against which there is currently no good general defense. Most state-of-the-art methods of detecting adversarial example attacks only consistently succeed in recognizing a few known attacks. These defenses do not generalize well to detecting other attacks, which means an adversary only needs to change their attack to leave us without robust abilities to detect attacks. Military intelligence increasingly relies on machine learning image recognition for analyzing satellite images. Finding defenses against these adversarial example attacks is important for ensuring our intelligence-gathering capabilities are not compromised. This thesis seeks to contribute models which will push the state of the art towards successful recognition of adversarial attacks regardless of which type of attack was used. Models we named 3-Mix were trained using combinations of different attacked images; other models were trained using SaliencyMix. These defenses were evaluated against ten attacks: PGD, auto-PGD, autoattack, square, Carlini L2 and L-inf, deepfool, elasticnet, JSMA, and boundary. On average the attack success rate against the best defense model was 0.12 for 3-Mix, 0.31 for SaliencyMix, and 0.77 for comparison model Mixup., Civilian, Copyright is reserved by the copyright owner.

Published

2023

18. Optimizing Naval Movement Using Deep Reinforcement Learning

Author

Naval Postgraduate School, Computer Science (CS), Barton, Armon, Darken, Chris, Coble, Joseph, Naval Postgraduate School, Computer Science (CS), Barton, Armon, Darken, Chris, and Coble, Joseph

Abstract

In a rapidly evolving maritime warfare landscape, the U.S. Navy and its allies require their crews to quickly identify optimal strategies for vessel engagements to ensure freedom of the seas. This necessity becomes more pronounced given the potential grave consequences of sub-optimal maneuvers, as illustrated by the cases of the USS John McCain and USS Fitzgerald. Recent advancements in Machine Learning (ML) and Artificial Intelligence (AI) offer a promising solution. There have been significant strides in implementing AI to outperform human experts in complex games such as Chess, Poker, and StarCraft, which now have the potential to also benefit real-time decision-making and wargaming in the naval domain. This study explores the potential for Reinforcement Learning (RL) techniques to be applied to naval contexts, which could provide valuable decision support tools to ship captains and their staff by suggesting optimal movement strategies in complex maritime scenarios. In this study, exemplar naval scenarios were designed and modeled within a combat simulation environment, AI agents (consisting of a mix of rule-based, method-based, and value-based approaches) were designed, and the performances of these agents were evaluated and compared. The aim was to assess the agents’ ability to identify optimal movements against a rule-based adversary, while also comparing these performances against human-level play. The insights drawn from this study contribute to ongoing research aimed at developing effective decision aids for ship captains in real-world operations.

Published

2023

19. GAUSSIAN PROCESSES FOR SATELLITE DATA

Author

Orescanin, Marko, Powell, Scott, Computer Science (CS), Martin, David W., Orescanin, Marko, Powell, Scott, Computer Science (CS), and Martin, David W.

Abstract

Using convolutional neural networks (CNNs) on satellite data sets outperforms previous meteorological methods for classifying weather events from space-based sensor data. However, CNNs alone lack the ability to quantify the uncertainty about their prediction given the input to the model. Gaussian processes (GPs) are a mathematical technique for making predictions while providing an estimate of the functional uncertainty about the underlying model; however, they are more computationally expensive to train than traditional CNNs. We train a ResNet50 CNN augmented with GPs against a large satellite dataset but test the model across not only held out data from the training dataset but also two other large datasets of a tropical cyclone and mesoscale convective system to test model performance across a variety of weather events. We compare the accuracy of a ResNet50 CNN augmented with GPs for the output layer of the neural network to the Goddard Profiling Algorithm, a differential equation-based approach that is not based on neural networks, a fully-deterministic neural network, as well as several Bayesian neural networks (BNNs) and find that Gaussian Processes outperform the GPROF and deterministic approaches but fall short of the top-end BNN results. Additionally, more work is needed to compare if the uncertainty estimates from the GPs are better calibrated than the uncertainty estimates from the BNNs., Major, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2023

20. ZERO TRUST ARCHITECTURE IMPLEMENTATION FOR THE MARINE CORPS TACTICAL CLOUD

Author

Shaffer, Alan B., Singh, Gurminder, Computer Science (CS), Oshiro, Dane M., Shaffer, Alan B., Singh, Gurminder, Computer Science (CS), and Oshiro, Dane M.

Abstract

A critical knowledge gap exists in the Department of Defense (DOD) zero trust architecture (ZTA) implementation strategy. The majority of published academic research and technical documentation focuses on maturing zero trust (ZT) capabilities for enterprise networks without any detailed analysis on identifying risks that commanders and troops at the tactical edge will face. Laminating enterprise ZTA solutions to the tactical edge without first adapting technologies, system models, and policies to operate in a denied, degraded, intermittent, or latent (DDIL) networking environment could lead to severe mission consequences. This thesis proposes a tactical ZTA (TZTA) framework that expands on existing DOD ZTA reference architecture. Additional components and features are defined to meet the dynamic network conditions at the tactical edge. These components integrate legacy devices into a TZTA and identify suitable interfaces for federation between ZTAs. Supplementary features of these components enable identity and application federation, device attestation, weapon systems employment, and comprehensive IDS coverage within the architecture. Future implementation and testing of the proposed framework will lead to identification of suitable technologies and models using quantitative analysis to form the technical basis for future acquisition strategies that guide the DOD's transition to ZTA in both enterprise and tactical environments., Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2023

21. CLASSIFYING TCP NETWORK TRAFFIC FLOWS VIA TRAFFIC INTERACTION GRAPHS AND MACHINE LEARNING

Author

Barton, Armon C., Singh, Gurminder, Computer Science (CS), Straughn, Matthew N., Barton, Armon C., Singh, Gurminder, Computer Science (CS), and Straughn, Matthew N.

Abstract

Detecting malicious traffic on networks is a critical problem facing the Department of Defense. In this thesis we utilize cutting edge machine learning techniques to detect malicious network traffic. We begin with two real-world datasets. First, real internet traffic collected on the NPS Enterprise Research Network, and second, the IoT23 dataset consisting of internet of things (IoT) devices that have been infected with malware. We convert raw packet captures into TCP streams using the 5-tuple definition from RFC6146. We then apply the traffic interaction graph (TIG) framework to these flows to capture burst patterns among signed packet lengths. Finally, we train these flows on a random forest classifier (RFC), a simple convolutional neural network (CNN), and a graph convolutional network (GCN). Additionally, we simulate various attack levels by combining the two datasets at various levels (99% NPS to 1% IoT, 99-5, 90-10, and IoT23 only). In each of these models we get exceptional results in accuracy, precision, and recall. This work specifically provides a proof of concept for using the TIG framework and graph neural networks to classify TCP flows. Future work should explore model enhancement, data enrichment, or stream-lining the entire process into a real-time software package., Outstanding Thesis, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2023

22. A COMPUTER-BASED SIMULATION TO ACCELERATE MILITARY DECISION-MAKING USING A PLATOON TACTICAL DECISION GAME (TDG)

Author

Darken, Rudolph P., McGuire, Mollie R., Computer Science (CS), Fisher, Alexander D., Darken, Rudolph P., McGuire, Mollie R., Computer Science (CS), and Fisher, Alexander D.

Abstract

The Marine Corps has long used tactical decision games (TDG) to train and evaluate leadership and decision-making abilities. The antiquated process of using pencil and paper or dry erase boards requires a subject-matter expert to be present to evaluate and assess each individual Marine’s scheme of maneuver and provide immediate feedback of their maneuver plan. This process is time-consuming and does not allow Marines to conduct the reps and sets necessary to build their intuitive decision-making and gain experience in various situations. Regardless of the mission, the Marine Corps requires leaders to succeed in combat by being prepared to act as if, even when they're in a situation for the first time. A computer-based TDG was designed to allow Marines the ability to gain experience in a platoon maneuver through successive repetitions in a time-constrained environment in unknown terrain with varying enemy situations. This system allows Marines to get the repetitions they need to build their decision-making skills and supplement instructor-led training. Using a repeated measures design, the data suggest that using a computer-based TDG shortens the decision-making cycle time for Marines and shows an increase in accuracy of selecting the correct maneuver path through rapid repetition.

Published

2022

23. DEVELOPING AN EXPANDABLE GUI TOOL TO ENHANCE NETWORKING EDUCATION: GRAPHICAL USER INTERFACE FOR SHELL ENTRY (GUISE)

Author

Sadagic, Amela, Fulp, John D., Computer Science (CS), Anderson, Clinton J., Sadagic, Amela, Fulp, John D., Computer Science (CS), and Anderson, Clinton J.

Abstract

The lack of systemic education dedicated to computer networks and the general inadequacy of students' comprehension of the structure and the dynamics of the networks are arguably issues in most public schools. In the situation where the internet is a commodity, the increase in the threat of global attacks on many computing resources is exceptionally high, and so is the consequential importance of the global cyber workforce. Most people achieve their basic understanding through their routine use of computers at home, and it is both pragmatic and more effective to consider using basic home tools because of their didactic benefits. We designed and developed GUISE (GUI for Shell Entry) as an intuitive interface that makes command entry and network analysis easier for masses of users. GUISE leverages the operating system's capabilities and allows inexperienced users with no expertise in the computer networking domain to acquire enhanced network situational awareness in a competent manner. The ultimate benefit of the GUISE tool is providing its users with an educational aspect focused on the networking elements of their home computer infrastructure. That approach has the potential to directly support the growth of their networking literacy and proficiency, and their navigation of the networking landscape with enhanced confidence and safety.

Published

2022

24. EMULATING PASSIVE MICROWAVE OBSERVATIONS WITH PATCH-TO-PIXEL CONVOLUTIONAL NEURAL NETWORKS

Author

Orescanin, Marko, Powell, Scott, Computer Science (CS), Hall, Micky S., Orescanin, Marko, Powell, Scott, Computer Science (CS), and Hall, Micky S.

Abstract

Geostationary (GEO) satellites such as the GOES constellation are equipped with Advanced Baseline Imager (ABI) sensors that have a very high temporal resolution with a very low spatial resolution and provide visible through infrared data every 15 minutes. In contrast, Low Earth Orbit (LEO) satellites with Global Precipitation Measurement Microwave Imager (GMI) sensors have very high spatial resolution with a low temporal resolution that provide data as infrequently as every 15 hours. The purpose of this research is to study the viability of using the ABI data to regress to a synthetic GMI dataset. Specifically, the focus is on improving the ability to make predictions on the under-represented data points within our dataset and being able to generalize well to future distributions of data. This thesis has created a sampling technique that combines over and under sampling in conjunction with a purpose-built Residual Neural Network to perform regression from multi-spectral ABI data to a single GMI channel. In doing so, we prove that it is possible to predict under-represented values more accurately in datasets when using our sampling method and to generalize well to future data. Using our approach, we predict within 5 Kelvin for 34.5% of the tail of the test data compared to only 24.4% when we used an unsampled dataset. We also are able to prevent our mean absolute error from rising by 1 Kelvin when measured across three test datasets that span a timeframe of five months.

Published

2022

25. UTILIZING THE MESSAGING LAYER SECURITY PROTOCOL IN A LOSSY COMMUNICATIONS AERIAL SWARM

Author

Davis, Duane T., Hale, Britta, Computer Science (CS), Dietz, Elyssa, Davis, Duane T., Hale, Britta, Computer Science (CS), and Dietz, Elyssa

Abstract

Recent advancements in unmanned aerial vehicle (UAV) capabilities have led to increasing research into swarming systems. Tactical employment of UAV swarms, however, will require secure communications. Unfortunately, efforts to date have not resulted in viable secure communications frameworks. Furthermore, the limited processing power and constrained networking environments that characterize these systems preclude the use of many existing secure group communications protocols. Recent research in secure group communications indicates that the Messaging Layer Security (MLS) protocol might provide an attractive option for these types of systems. This thesis documents the integration of MLS into the Advanced Robotic Systems Engineering Laboratory (ARSENL) UAV swarm system. The ARSENL implementation is intended as a proof-of-concept demonstration of the efficacy of MLS for secure swarm communications. Implementation test results are presented both for experiments conducted in a simulation environment and experiments with physical UAVs. These results indicate that MLS is suitable for a swarm, with the caveat that testing did not implement a delivery mechanism to ensure reliable packet delivery. For future work, mitigation of unreliable communications paths is required if a reliable MLS system is to be maintained.

Published

2022

26. IMPACT OF STOCHASTIC DEPTH ON DETERMINISTIC AND PROBABILISTIC RESNET MODELS FOR WEATHER MODELING

Author

Orescanin, Marko, Powell, Scott, Computer Science (CS), Woods, Cameron P., Orescanin, Marko, Powell, Scott, Computer Science (CS), and Woods, Cameron P.

Abstract

This thesis builds on the research that uses Bayesian neural networks to generate Global Precipitation Measurement Microwave Imager data collected by LEO satellites from Advanced Baseline Imager data collected by GEO satellites for the purposes of weather modeling. Specifically, this thesis investigates the efficacy of a stochastic depth (SD) implementation in residual networks (ResNet), both deterministic and probabilistic, to reduce long training times associated with Bayesian neural networks while maintaining model accuracy. We show that overall, ResNets fail to perform better with the implementation of SD with the exception of SD ResNet56 S25, utilizing a survivability probability of 0.25. This resulted in an RMSE of 2.863, a 6.83% increase in performance. In our evaluations, SD models did not train faster, with the fastest average time per epoch of 973.69 seconds compared to 960.42 seconds for the base ResNet56. We conclude that SD was unable to provide the expected performance benefits on realistic large-scale satellite data as found in research on smaller datasets.

Published

2022

27. SOFTWARE DEFINED NETWORKS: DIALECTING SECURITY

Author

Xie, Geoffrey G., Hale, Britta, Computer Science (CS), Patrozou, Nektaria, Xie, Geoffrey G., Hale, Britta, Computer Science (CS), and Patrozou, Nektaria

Abstract

OpenFlow is the standard used in Software Defined Networks. It handles the communication between the network devices. However, there are some weaknesses linked to OpenFlow. With the use of TLS as a security solution, it inherits the vulnerabilities of TLS in downgrade attacks. Furthermore, TLS is optional. To enhance the security in OpenFlow, previous research work provided a solution that comes with the notion of protocol dialects. Protocol dialects are variations of an existing implementation of an open-source protocol, such as OpenFlow. They are implemented either by adding proxies or directly modifying the protocol to the core. The protocol dialect we analyze in this research follows the first approach by manipulating the protocol in such a way that the actual devices continue to function as before, but additional security measures are put in place with the use of proxies. Desired additional functionality, additional security measures, and changes in fields of the actual protocol are performed within the proxies. The devices “think” that they are communicating with each other exactly as before, but in reality a proxy is standing in front of each device, and the actual communication takes place with the proxies' mediation. In this research, we aim to show the enhanced security of the dialected OpenFlow protocol. We follow the computational analysis model to conduct a security proof for the dialect, and we also analyze some difficulties in conducting such a proof.

Published

2022

28. MODELING AND SIMULATIONS FOR OPTIMIZATION OF MICROFLUIDIC MICROCAPACITOR ARRAYS OF BIOMIMETIC ARTIFICIAL MUSCLES FOR QUIET PROPULSION AND EXOSKELETAL LOCOMOTION

Author

Sadagic, Amela, Kartalov, Emil P., Kennedy, Quinn, Computer Science (CS), Keeven, Joshua M., Leckie, Jacob M., Sadagic, Amela, Kartalov, Emil P., Kennedy, Quinn, Computer Science (CS), Keeven, Joshua M., and Leckie, Jacob M.

Abstract

The technology that we focused on was the biomimetic actuation of microfluidic microcapacitors, which are electrostatically actuated structures that contract and function like biological muscles. Our thesis aims to find the optimal muscle-to-tendon ratio while expanding both the standard and gap design arrays and to find the respective force-density saturation values so predicted force output can be calculated for muscle fibers of a practical size. We also studied if a 3D virtual object can be a suitable model for the human operators’ examination of the artificial muscle and the optimization of its structure. Our results showed a maximum force density saturation of 8800 Pa and 6700 Pa when simulating the standard and gap array respectively with planar polarity wired artificial muscles. The optimal muscle-to-tendon ratio from the data gathered on the standard array simulations is approximately 9 to 1, meaning 90 percent of the surface area of the XY plane represents microfluidic capacitors and 10 percent is dielectric tendon material. The optimal muscle to tendon ratio from the data gathered on the gap array simulations is approximately 75 to 25, meaning 75 percent of the surface area of the XY plane are microfluidic capacitors, and 25 percent is both the dielectric material and gaps.

Published

2022

29. EXPLORING THE ABILITY TO EMPLOY VIRTUAL 3D ENTITIES OUTDOORS AT RANGES BEYOND 20 METERS

Author

McDowell, Perry L., Kennedy, Quinn, Greunke, Larry C., Computer Science (CS), Morris, John R., McDowell, Perry L., Kennedy, Quinn, Greunke, Larry C., Computer Science (CS), and Morris, John R.

Abstract

The Army is procuring the Integrated Visual Augmentation System (IVAS) system to enable enhanced night vision, planning, and training capability. One known limitation of the IVAS system is the limited ability to portray virtual entities at far ranges in the outdoors due to light wash out, accurate positioning, and dynamic occlusion. The primary goal of this research was to evaluate fixed three-dimensional (3D) visualizations to support outdoor training for fire teams through squads, requiring target visualizations for 3D non-player characters or vehicles at ranges up to 300 m. Tools employed to achieve outdoor visualizations included GPS locational data with virtual entity placement, and sensors to adjust device light levels. This study was conducted with 20 military test subjects in three scenarios at the Naval Postgraduate School using a HoloLens II. Outdoor location considerations included shadows, background clutter, cars blocking the field of view, and the sun’s positioning. Users provided feedback on identifying the type of object, and the difficulty in finding the object. The results indicate GPS only aided in identification for objects up to 100 m. Animation had a statistically insignificant effect on identification of objects. Employment of software to adjust the light levels of the virtual objects aided in identification of objects at 200 m. This research develops a clearer understanding of requirements to enable the employment of mixed reality in outdoor training.

Published

2022

30. AN AUTOMATED POST-EXPLOITATION MODEL FOR OFFENSIVE CYBERSPACE OPERATIONS

Author

Shaffer, Alan B., Singh, Gurminder, Computer Science (CS), Benito, Ryan, Shaffer, Alan B., Singh, Gurminder, Computer Science (CS), and Benito, Ryan

Abstract

The Department of Defense (DOD) uses vulnerability assessment tools to identify necessary patches for its many cyber systems to mitigate cyberspace threats and exploitation. If an organization misses a patch, or a patch cannot be applied in a timely manner, for instance, to minimize network downtime, then measuring and identifying the impact of such unmitigated vulnerabilities is offloaded to red teaming or penetration testing services. Most of these services concentrate on initial exploitation, which stops short of realizing the larger security impact of post-exploitation actions and are a scarce resource that cannot be applied to all systems in the DOD. This gap in post-exploitation services results in an increased susceptibility to offensive cyberspace operations (OCO). This thesis expands upon the automated initial exploitation model of the Cyber Automated Red Team Tool (CARTT), initially developed at the Naval Postgraduate School, by developing and implementing automated post-exploitation for OCO. Implementing post-exploitation automation reduces the workload on red teams and penetration testers by providing necessary insight into the impact of exploited vulnerabilities. Patching these weaknesses will result in increased availability, confidentiality, and integrity of DOD cyberspace systems.

Published

2022

31. TACHISTOSCOPE ON A VIRTUAL REALITY PLATFORM TO IMPROVE MEMORIZATION AND INCREASE RAPID RECOGNITION

Author

Kennedy, Quinn, Liston, Dorion, NPS, Computer Science (CS), Pugh, Brian T., Kennedy, Quinn, Liston, Dorion, NPS, Computer Science (CS), and Pugh, Brian T.

Abstract

This work investigates whether a tachistoscope on a virtual reality (VR) platform can increase one’s ability to memorize and rapidly recognize objects. Theses abilities are relevant to an array of military requirements. Current procedures mostly utilize flash cards and PowerPoint slides. A tachistoscope (ta-kiss-stow-scope) is an image-flashing device with precise control of the image presentation time. Since the early 1900s they were used to assist with memorization and recognition. One famous example is work done by Renshaw in the 1940s to improve pilots’ ability to recognize tanks, aircraft, and ships (Renshaw, 1945). Our study utilized this technique on modern-day VR and computer platforms. It simplified the use of a tachistoscope and will enable units to customize training packages. This study trained individuals to recognize 40 aircraft over eight training sessions. Training session one began with ten aircraft, and five aircraft were added in each subsequent session. Questions captured three variables: correct/incorrect answer, reaction time, and confidence. Participants were in one of three groups: tachistoscope on a VR platform, tachistoscope on laptop, or computer-based flashcard (control). Results indicate a significant increase in memorization from pretest to posttest for all groups. Furthermore, there was a nonsignificant improvement in reaction time from pretest to posttest across all groups.

Published

2022

32. X-RAY VISION: APPLICATION OF AUGMENTED REALITY IN AVIATION MAINTENANCE TO SIMPLIFY TASKS INHIBITED BY OCCLUSION

Author

McDowell, Perry L., Fan, James J., Computer Science (CS), Mcneely, Justin R., McDowell, Perry L., Fan, James J., Computer Science (CS), and Mcneely, Justin R.

Abstract

This thesis examined the potential applications of augmented or mixed reality (AR/MR) technology and leveraging them in the context of the aviation maintenance community. Specifically, we examined whether using the 3D mapping and real-time space tracking technology of devices like the Microsoft HoloLens 2 can be used to make maintenance tasks easier in environments where the maintainer is not able to see into their workspace. With the complexities of aircraft construction, the prevalence of narrow, tight fitting spaces that are blocked by walls or obstructions is common. In the past, aviation maintainers have had to rely on memorizing 2D diagrams and feeling around dark, cramped spaces in order to determine where certain parts are located. Previous research in the field of AR primarily focuses on comparing AR methods to traditional methods for different types of tasks in simulacra. There is a lack of research in the specific application of AR that addresses occlusion introduced into these tasks. By conducting trials of simulated maintenance in an occluded area using AR technology, we found that the novice maintainer increased the accuracy of performance and decreased maintenance time when compared to traditional methods, while providing a subjectively easier method for instruction.

Published

2022

33. ATTACKING NEURAL NETWORKS WITH HIGH ENTROPY INPUT SAMPLING

Author

Barton, Armon C., Orescanin, Marko, Computer Science (CS), DeRidder, Daniel S., Barton, Armon C., Orescanin, Marko, Computer Science (CS), and DeRidder, Daniel S.

Abstract

Deep learning is becoming a technology central to the safety and accuracy of many types of systems. Unfortunately, attackers can create adversarial examples that manipulate Deep Neural Networks (DNN) into making incorrect predictions by carefully crafting perturbations that, to humans, look indistinguishable from examples the DNN would classify correctly. Research shows that adversarial examples exist near the decision boundary. Decision-based attacks are designed to find adversarial examples by traversing the data manifold toward the decision boundary using iterative sampling without any knowledge of the model parameters or gradients. In this sense, decision-based attacks are very important, as they apply to many real-world attack scenarios. We propose a new decision-based attack, High Entropy Input Sampling (HEIS), that iteratively steps toward the decision boundary by using entropy over class predictions as a heuristic to find adversarial examples without any knowledge of the model gradients. Using HEIS, we were able to produce adversarial examples that reduced the accuracy of a CIFAR-10 DNN from 91% to 11% for epsilon=0.2 and reduced the accuracy of ResNet50, an ImageNet DNN, from 81% to 22% for epsilon=0.4. Furthermore, we discovered that the adversarial examples are highly transferable to other models, causing dramatic drops in accuracy among all models tested. Finally, we use HEIS to break three state-of-the-art neural network defenses., Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2022

34. EXPLOITING KASPAROV'S LAW: ENHANCED INFORMATION SYSTEMS INTEGRATION IN DOD SIMULATION-BASED TRAINING ENVIRONMENTS

Author

Darken, Rudolph P., MacKinnon, Douglas J., McDowell, Perry L., Blais, Curtis L., Balogh, Imre L., Morse, Katherine, JHU/APL, Computer Science (CS), Morse, Matthew M., Darken, Rudolph P., MacKinnon, Douglas J., McDowell, Perry L., Blais, Curtis L., Balogh, Imre L., Morse, Katherine, JHU/APL, Computer Science (CS), and Morse, Matthew M.

Abstract

Despite recent advances in the representation of logistics considerations in DOD staff training and wargaming simulations, logistics information systems (IS) remain underrepresented. Unlike many command and control (C2) systems, which can be integrated with simulations through common protocols (e.g., OTH-Gold), many logistics ISs require manpower-intensive human-in-the-loop (HitL) processes for simulation-IS (sim-IS) integration. Where automated sim-IS integration has been achieved, it often does not simulate important sociotechnical system (STS) dynamics, such as information latency and human error, presenting decision-makers with an unrealistic representation of logistics C2 capabilities in context. This research seeks to overcome the limitations of conventional sim-IS interoperability approaches by developing and validating a new approach for sim-IS information exchange through robotic process automation (RPA). RPA software supports the automation of IS information exchange through ISs’ existing graphical user interfaces. This “outside-in” approach to IS integration mitigates the need for engineering changes in ISs (or simulations) for automated information exchange. In addition to validating the potential for an RPA-based approach to sim-IS integration, this research presents recommendations for a Distributed Simulation Engineering and Execution Process (DSEEP) overlay to guide the engineering and execution of sim-IS environments., Major, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2022

35. IPV6 BLOCKCHAIN DATA COMMUNICATION FOR UAV SWARM-INTELLIGENCE SYSTEMS BASED ON PEER-TO-PEER, PEER-TO-MANY, AND MANY-TO-PEER SCENARIOS

Author

Michael, James B., Ateshian, Peter R., Computer Science (CS), Dymas, Dymas, Michael, James B., Ateshian, Peter R., Computer Science (CS), and Dymas, Dymas

Abstract

This thesis explores the use of blockchains along with the Internet Protocol version 6 (IPv6) data packet messages to support secure, high-performance, and scalable communication with an intelligent swarm of unmanned aerial vehicles (UAVs). For this thesis, we investigate the exchange of encrypted data packets for three scenarios, those being peer-to-peer, peer-to-many, and many-to-peer. We simulate the swarm’s behavior for each of these scenarios and vary the number of UAVs in a swarm over the simulation runs. The simulation-based results showed that for peer-to-peer scenarios and many-to-peer scenarios, there is no significant increase in latency even though in many-to-peer scenarios, the number of interacting nodes increases. In contrast, latency increases for the peer-to-many scenarios. Additional research needs to be performed to assess the security and scalability of the blockchain-IPv6 approach proposed in this thesis., Major, Indonesian Navy, Approved for public release. Distribution is unlimited.

Published

2022

36. DECISION MODEL IMPLEMENTATION IN THE GLOBAL INFORMATION NETWORK ARCHITECTURE

Author

Singh, Gurminder, Anderson, Thomas S., Barton, Armon C., Computer Science (CS), Sweeney, Matthew K., Singh, Gurminder, Anderson, Thomas S., Barton, Armon C., Computer Science (CS), and Sweeney, Matthew K.

Abstract

The future battlefield is one that will be heavily influenced by rapidly changing technological capabilities of near-peer adversaries. Success in this environment will require simple to use systems that are adaptable to situations and capable of integration with other forces and systems. The Multi-Domain Operations Command, Control, Computers, Communications, Combat Systems, and Intelligence (MDOC5i) aims to prepare the Marine Corps for the future battlefield. Due to certain drawback of traditional machine learning techniques, MDOC5i uses vector relational data modeling (VRDM) to provide the Marine Corps with systems suitable for dynamic employment. MDOC5i uses the Global Information Network Architecture (GINA) as its VRDM platform. This research uses GINA to create a ubiquitous decision model that can be configured to USMC scenarios. The research implements the ubiquitous model and proves functionality through a network analysis use case. This decision model will serve as the base model for all GINA implementations. The ability to quickly construct and adapt GINA models based on scenarios and integrate those models into a common framework will provide the Marine Corps with information overmatch against future adversaries., Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2022

37. SOFTWARE DEFINED CUSTOMIZATION OF NETWORK PROTOCOLS WITH LAYER 4.5

Author

Xie, Geoffrey G., Kroll, Joshua A., Kolsch, Mathias N., Stanica, Pantelimon, Rohrer, Justin P., Wiegand, Karl, USN (Reserves), Computer Science (CS), Lukaszewski, Daniel F., Xie, Geoffrey G., Kroll, Joshua A., Kolsch, Mathias N., Stanica, Pantelimon, Rohrer, Justin P., Wiegand, Karl, USN (Reserves), Computer Science (CS), and Lukaszewski, Daniel F.

Abstract

The rise of software defined networks, programmable data planes, and host level kernel programmability gives rise to highly specialized enterprise networks. One form of network specialization is protocol customization, which traditionally extends existing protocols with additional features, primarily for security and performance reasons. However, the current methodologies to deploy protocol customizations lack the agility to support rapidly changing customization needs. This dissertation designs and evaluates the first software-defined customization architecture capable of distributing and continuously managing protocol customizations within enterprise or datacenter networks. Our unifying architecture is capable of performing per-process customizations, embedding per-network security controls, and aiding the traversal of customized application flows through otherwise problematic middlebox devices. Through the design and evaluation of the customization architecture, we further our understanding of, and provide robust support for, application transparent protocol customizations. We conclude with the first ever demonstration of active application flow "hot-swapping" of protocol customizations, a capability not currently supported in operational networks., Office of Naval Research, Arlington, VA 22203, Lieutenant Commander, United States Navy, Approved for public release. Distribution is unlimited.

Published

2022

38. MULTI-DIMENSIONAL PROFILING OF CYBER THREATS FOR LARGE-SCALE NETWORKS

Author

Singh, Gurminder, Barton, Armon C., Computer Science (CS), Calnan, Michael C., Singh, Gurminder, Barton, Armon C., Computer Science (CS), and Calnan, Michael C.

Abstract

Current multi-domain command and control computer networks require significant oversight to ensure acceptable levels of security. Firewalls are the proactive security management tool at the network’s edge to determine malicious and benign traffic classes. This work aims to develop machine learning algorithms through deep learning and semi-supervised clustering, to enable the profiling of potential threats through network traffic analysis within large-scale networks. This research accomplishes these objectives by analyzing enterprise network data at the packet level using deep learning to classify traffic patterns. In addition, this work examines the efficacy of several machine learning model types and multiple imbalanced data handling techniques. This work also incorporates packet streams for identifying and classifying user behaviors. Tests of the packet classification models demonstrated that deep learning is sensitive to malicious traffic but underperforms in identifying allowed traffic compared to traditional algorithms. However, imbalanced data handling techniques provide performance benefits to some deep learning models. Conversely, semi-supervised clustering accurately identified and classified multiple user behaviors. These models provide an automated tool to learn and predict future traffic patterns. Applying these techniques within large-scale networks detect abnormalities faster and gives network operators greater awareness of user traffic., Outstanding Thesis, Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2022

39. ENLISTING AI IN COURSE OF ACTION ANALYSIS AS APPLIED TO NAVAL FREEDOM OF NAVIGATION OPERATIONS

Author

Darken, Christian J., Alt, Jonathan K., Maroon, Kenneth, U.S. Naval Academy, Computer Science (CS), Allen, John T., II, Darken, Christian J., Alt, Jonathan K., Maroon, Kenneth, U.S. Naval Academy, Computer Science (CS), and Allen, John T., II

Abstract

Navy Planning Process (NPP) Course of Action (COA) analysis requires time and subject matter experts (SMEs) to function properly. Independent steamers (lone destroyers) can soon find themselves lacking time or more than 1–2 SMEs or both. Artificial Intelligence (AI) techniques implemented in real-time strategy (RTS) wargames can be applied to military wargaming to aid military decision-makers’ COA analysis. Using a deep-Q network (DQN) and the ATLATL wargaming framework, I was able to train AI agents that could operate as the opposing force (OPFOR) commander at both satisfactory and near-optimal levels of performance, after less than 24 hours of training or 500000–learning steps. I also show that under 6 hours or 150000–learning steps does not result in a satisfactory AI admiral capable of playing the role as the OPFOR commander in a similarly sized freedom of navigation operation (FONOP) scenario. Applying these AI techniques can save both time onboard and time for reachback personnel. Training AI admirals as quality OPFOR commanders can enhance the NPP for the entire Navy without adding additional strain and without creating analysis paralysis. The meaningful insights and localized flashpoints revealed through hundreds of thousands of constructive operations and experienced by the crew in live simulation or simulation replays will lead to real world, combat-ready naval forces capable of deterring aggression and maintaining freedom of the seas., Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2022

40. BEHAVIORAL CHARACTERIZATION OF ATTACKS ON THE REMOTE DESKTOP PROTOCOL

Author

Rowe, Neil C., Nguyen, Thuy D., Computer Science (CS), Ramirez, Ryan, Rowe, Neil C., Nguyen, Thuy D., Computer Science (CS), and Ramirez, Ryan

Abstract

The Remote Desktop Protocol (RDP) is popular for enabling remote access and administration of Windows systems; however, attackers can take advantage of RDP to cause harm to critical systems using it. Detection and classification of RDP attacks is a challenge because most RDP traffic is encrypted, and it is not always clear which connections to a system are malicious after manual decryption of RDP traffic. In this research, we used open-source tools to generate and analyze RDP attack data using a power-grid honeypot under our control. We developed methods for detecting and characterizing RDP attacks through malicious signatures, Windows event log entries, and network traffic metadata. Testing and evaluation of our characterization methods on actual attack data collected by four instances of our honeypot showed that we could effectively delineate benign and malicious RDP traffic and classify the severity of RDP attacks on unprotected or misconfigured Windows systems. The classification of attack patterns and severity levels can inform defenders of adversarial behavior in RDP attacks. Our results can also help protect national critical infrastructure, including Department of Defense systems., DOE, Washington DC 20805, Civilian, SFS, Approved for public release. Distribution is unlimited.

Published

2022

41. APPLYING NATURAL LANGUAGE PROCESSING (NLP) TO ASSESS HEALTH OF MARINE CORPS CULTURE

Author

Aten, Kathryn J., Barton, Armon C., Computer Science (CS), Sanchez Garcia, Yvonne, Aten, Kathryn J., Barton, Armon C., Computer Science (CS), and Sanchez Garcia, Yvonne

Abstract

The Marine Corps’ 38th Commandant calls for a force that can “affect the behavior of real-world pacing threats” through its “innovation, ingenuity, and willingness to continually adapt to and initiate changes in the operating environment.” Having a healthy and inclusive environment is vital to the Marine Corps’ success in developing and maintaining a force that can rise to the higher standard. Currently, the closest snapshot of the health of Marine Corps culture is collected via command climate surveys, which contain quantitative and free-response questions. Senior levels of Marine Corps leadership do not gain value from the free-text data because 1) analysis on free-text comments is time consuming and no analysis is done on those comments for the commander, and 2) there is no trend analysis on the aggregate of surveys over time and throughout commands, so they are not commander specific. This thesis developed a tool to gain value from free-text comments; it applied natural language processing (NLP) techniques, specifically topic extraction and sentiment analysis, on free-text comments from command climate surveys to provide a quantitative analysis on the health of culture in Marine Corps units. This approach can also be replicated to other services and can inspire efforts that will positively impact talent management and retention., Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2022

42. CREATING SYNTHETIC ATTACKS WITH EVOLUTIONARY ALGORITHMS FOR INDUSTRIAL-CONTROL-SYSTEM SECURITY TESTING

Author

Rowe, Neil C., Nguyen, Thuy D., Computer Science (CS), Haynes, Nathaniel J., Rowe, Neil C., Nguyen, Thuy D., Computer Science (CS), and Haynes, Nathaniel J.

Abstract

Cybersecurity defenders can use honeypots (decoy systems) to capture and study adversarial activities. An issue with honeypots is obtaining enough data on rare attacks. To improve data collection, we created a tool that uses machine learning to generate plausible artificial attacks on two protocols, Hypertext Transfer Protocol (HTTP) and IEC 60870-5-104 (“IEC 104” for short, an industrial-control-system protocol). It uses evolutionary algorithms to create new variants of two cyberattacks: Log4j exploits (described in CVE-2021-44228 as severely critical) and the Industroyer2 malware (allegedly used in Russian attacks on Ukrainian power grids). Our synthetic attack generator (SAGO) effectively created synthetic attacks at success rates up to 70 and 40 percent for Log4j and IEC 104, respectively. We tested over 5,200 unique variations of Log4j exploits and 256 unique variations of the approach used by Industroyer2. Based on a power-grid honeypot’s response to these attacks, we identified changes to improve interactivity, which should entice intruders to mount more revealing attacks and aid defenders in hardening against new attack variants. This work provides a technique to proactively identify cybersecurity weaknesses in critical infrastructure and Department of Defense assets., Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2022

43. SUPPORTING MISSION PLANNING WITH A PERSISTENT AUGMENTED ENVIRONMENT

Author

Sadagic, Amela, Guerrero, Michael J., Computer Science (CS), Turner, JaMerra S., Cruz, Joanna F., Sadagic, Amela, Guerrero, Michael J., Computer Science (CS), Turner, JaMerra S., and Cruz, Joanna F.

Abstract

Includes supplementary material, Includes Supplementary Material, The Department of the Navy relies on current naval practices such as briefs, chat, and voice reports to provide an overall operational assessment of the fleet. That includes the cyber domain, or battlespace, depicting a single snapshot of a ship’s network equipment and service statuses. However, the information can be outdated and inaccurate, creating confusion among decision-makers in understanding the service and availability of equipment in the cyber domain. We examine the ability of a persistent augmented environment (PAE) and 3D visualization to support communications and cyber network operations, reporting, and resource management decision-making. We designed and developed a PAE prototype and tested the usability of its interface. Our study examined users’ comprehension of 3D visualization of the naval cyber battlespace onboard multiple ships and evaluated the PAE’s ability to assist in effective mission planning at the tactical level. The results are highly encouraging: the participants were able to complete their tasks successfully. They found the interface easy to understand and operate, and the prototype was characterized as a valuable alternative to their current practices. Our research provides close insights into the feasibility and effectiveness of the novel form of data representation and its capability to support faster and improved situational awareness and decision-making in a complex operational technology (OT) environment between diverse communities., Lieutenant, United States Navy, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2022

44. APPLYING MACHINE LEARNING FOR COP/CTP DATA FILTERING

Author

Blais, Curtis L., Garza, Victor R., Wood, Brian P., Fitzpatrick, Christian R., Computer Science (CS), Goh, Wei Ting, Blais, Curtis L., Garza, Victor R., Wood, Brian P., Fitzpatrick, Christian R., Computer Science (CS), and Goh, Wei Ting

Abstract

Student Thesis (NPS NRP Project Related), Accurate tracks and targeting are key to providing decision-makers with the confidence to execute their missions. Increasingly, multiple intelligence, surveillance, and reconnaissance (ISR) assets across different intelligence sources are being used to increase the accuracy of track location, resulting in the need to develop methods to exploit heterogeneous sensor data streams for better target state estimation. One of the algorithms commonly used for target state estimation is the Kalman Filter (KF) algorithm. This algorithm performs well if its covariance matrices are accurate approximations of the uncertainty in sensor measurements. Our research complements the artificial intelligence/machine learning (AI/ML) efforts the U.S. Navy is conducting by quantitatively assessing the potential of using an ML model to predict sensor measurement noise for KF state estimation. We used a computer simulation to generate sensor tracks of a single target and trained a neural network to predict sensor error. The hybrid model (ML-KF) was able to outperform our baseline KF model that uses normalized sensor errors by approximately 20% in target position estimation. Further research in enhancing the ML model with external environment variables as inputs could potentially create an adaptive state estimation system that is capable of operating in varied environment settings., NPS Naval Research Program, This project was funded in part by the NPS Naval Research Program., Outstanding Thesis, Captain, Singapore Army, Approved for public release. Distribution is unlimited.

Published

2022

45. PREDICTIVE MAINTENANCE USING MACHINE LEARNING AND EXISTING DATA SOURCES

Author

Rowe, Neil C., Zhao, Ying, Computer Science (CS), Frazier, William J., Rowe, Neil C., Zhao, Ying, Computer Science (CS), and Frazier, William J.

Abstract

Includes supplementary material, The United States Marine Corps must address material-readiness challenges with emerging technologies at minimum cost. Predictive maintenance using machine learning is a growing field that can be applied using free or commercial-off-the-shelf software. Naval aviation organizations already maintain a network of data repositories that collect and store current and historical data on repairable flight-critical components. Many components fail before their expected structural life as published their manufacturers, which results in costly unscheduled maintenance. The ability to predict component failures and plan for their replacement or repair can significantly increase operational readiness. This thesis develops and analyzes machine-learning models to predict the conditional probability of failure of various MV-22B flight-critical components using data from existing Naval aviation repositories. Data preprocessing, model training, and predictions use commercial-off-the-shelf software. This work can help improve material readiness and acclimatize military-aviation personnel to emerging technologies in decision making., Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2022

46. ANALYZING HUMAN-INDUCED PATHOLOGY IN THE TRAINING OF REINFORCEMENT LEARNING ALGORITHMS

Author

Xie, Geoffrey G., Orescanin, Marko, Computer Science (CS), Atkinson, Brian R., Xie, Geoffrey G., Orescanin, Marko, Computer Science (CS), and Atkinson, Brian R.

Abstract

Modern artificial intelligence (AI) systems trained with reinforcement learning (RL) are increasingly more capable, but agents training to complete tasks in safety critical environments still require millions of trial-and-error training steps. Previous research with a Pong agent has shown that some human heuristics initially accelerate training but cause agent performance to regress to a state of performance collapse. This thesis utilizes the FlappyBird environment to evaluate if the pathology is generalizable. After initially confirming a similar pathology in an unaided agent, comprehensive experimentation was performed with optimizers, weight initialization methods, activation functions, and varied hyperparameters. The pathology persisted across all experiments and the results show the network architecture is likely the principal cause. At a high level, this work illustrates the importance of determining the inherent capacity of an architecture to learn and model complex environments and how more systematic methods to quantify capacity would greatly enhance RL., Outstanding Thesis, Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published

2022

47. RISK WEIGHTED VULNERABILITY ANALYSIS IN AUTOMATED RED TEAMING

Author

Shaffer, Alan B., Singh, Gurminder, Computer Science (CS), Muse, Audrey C., Shaffer, Alan B., Singh, Gurminder, Computer Science (CS), and Muse, Audrey C.

Abstract

The Cyber Automated Red Team Tool (CARTT) automates red teaming tasks, such as conducting vulnerabilities analysis in DOD networks. The tool provides its users with recommendations to either mitigate cyber threats against identified vulnerabilities or with options to exploit those vulnerabilities using cyber-attack actions. Previous versions of CARTT, however, did not consider a risk weighting of identified vulnerabilities before the exploitation phase. This thesis focused on extending CARTT by implementing a risk weighted framework that provides a risk-based analysis of identified vulnerabilities. The framework is based on the Host Exposure algorithm presented by the Naval Research Laboratory and was built into the existing CARTT server using the Python programming language. The resulting risk-based analysis of vulnerabilities is presented to the CARTT user in an easily readable table that provides more complete and actionable information. The implementation of this risk-weighted framework provides CARTT with enhanced analysis of vulnerabilities that pose the greatest risk to a target network., Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2022

48. A SECURITY-CENTRIC APPLICATION OF PRECISION TIME PROTOCOL WITHIN ICS/SCADA SYSTEMS

Author

Dinolt, George W., Bollmann, Chad A., Rogers, Darren J., Computer Science (CS), Allen, Charles A., Dinolt, George W., Bollmann, Chad A., Rogers, Darren J., Computer Science (CS), and Allen, Charles A.

Abstract

Industrial Control System and Supervisory Control and Data Acquisition (ICS/SCADA) systems are key pieces of larger infrastructure that are responsible for safely operating transportation, industrial operations, and military equipment, among many other applications. ICS/SCADA systems rely on precise timing and clear communication paths between control elements and sensors. Because ICS/SCADA system designs place a premium on timeliness and availability of data, security ended up as an afterthought, stacked on top of existing (insecure) protocols. As precise timing is already resident and inherent in most ICS/SCADA systems, a unique opportunity is presented to leverage existing technology to potentially enhance the security of these systems. This research seeks to evaluate the utility of timing as a mechanism to mitigate certain types of malicious cyber-based operations such as a man-on-the-side (MotS) attack. By building a functioning ICS/SCADA system and communication loop that incorporates precise timing strategies in the reporting and control loop, specifically the precision time protocol (PTP), it was shown that certain kinds of MotS attacks can be mitigated by leveraging precise timing., Navy Cyber Warfare Development Group, Suitland, MD, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2022

49. UNDERWATER COMMUNICATIONS WITH ACOUSTIC STEGANOGRAPHY: RECOVERY ANALYSIS AND MODELING

Author

Rohrer, Justin P., Prince, Charles D., Computer Science (CS), Strelkoff, Samuel, Rohrer, Justin P., Prince, Charles D., Computer Science (CS), and Strelkoff, Samuel

Abstract

In the modern warfare environment, communication is a cornerstone of combat competence. However, the increasing threat of communications-denied environments highlights the need for communications systems with low probability of intercept and detection. This is doubly true in the subsurface environment, where communications and sonar systems can reveal the tactical location of platforms and capabilities, subverting their covert mission set. A steganographic communication scheme that leverages existing technologies and unexpected data carriers is a feasible means of increasing assurance of communications, even in denied environments. This research works toward a covert communication system by determining and comparing novel symbol recovery schemes to extract data from a signal transmitted under a steganographic technique and interfered with by a simulated underwater acoustic channel. We apply techniques for reliably extracting imperceptible information from unremarkable acoustic events robust to the variability of the hostile operating environment. The system is evaluated based on performance metrics, such as transmission rate and bit error rate, and we show that our scheme is sufficient to conduct covert communications through acoustic transmissions, though we do not solve the problems of synchronization or equalization., Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2022

50. MACHINE LEARNING OPERATIONS (MLOPS) ARCHITECTURE CONSIDERATIONS FOR DEEP LEARNING WITH A PASSIVE ACOUSTIC VECTOR SENSOR

Author

Leary, Paul, Orescanin, Marko, Computer Science (CS), Villemez, Nicholas R., Leary, Paul, Orescanin, Marko, Computer Science (CS), and Villemez, Nicholas R.

Abstract

As machine learning augmented decision-making becomes more prevalent, defense applications for these techniques are needed to prevent being outpaced by peer adversaries. One area that has significant potential is deep learning applications to classify passive sonar acoustic signatures, which would accelerate tactical, operational, and strategic decision-making processes in one of the most contested and difficult warfare domains. Convolutional Neural Networks have achieved some of the greatest success in accomplishing this task; however, a full production pipeline to continually train, deploy, and evaluate acoustic deep learning models throughout their lifecycle in a realistic architecture is a barrier to further and more rapid success in this field of research. Two main contributions of this thesis are a proposed production architecture for model lifecycle management using Machine Learning Operations (MLOps) and evaluation of the same on live passive sonar stream. Using the proposed production architecture, this work evaluates model performance differences in a production setting and explores methods to improve model performance in production. Through documenting considerations for creating a platform and architecture to continuously train, deploy, and evaluate various deep learning acoustic classification models, this study aims to create a framework and recommendations to accelerate progress in acoustic deep learning classification research., Los Alamos National Lab, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published

2022