Academic Programs Encourage Research in Information Assurance/Security
IA-related research is a major component of the initiatives underway at NSU. Graduate students in both the master’s and the Ph.D. levels are encouraged to be actively involved in the numerous IA-related research efforts in the university.
Within the graduate-level concentrations in information assurance there are specific courses that focus on IA projects that include research. The concentrations in the M.S. in Computer Information Systems (MCIS) and the M.S. in Management Information Systems (MMIS) each have a capstone project course. The doctoral courses each have an associated 800-level project course. Examples of IA-related research projects completed in these courses include:
MCIS 687 – Information Security Project
- Applying a Statistical Sampling Approach to Steganographic Analysis
- Convergent Algorithm to Stabilize BGP Routers and Defend Against DDoS Attacks
MMIS 687 – Information Security Project
- Disabling Steganographic Content through the Global Application of Obfuscation Algorithms: Foundation for the Enterprise Stegwall
- Enhanced Decision Support in Securing Enterprise Infrastructures
DCIS 830 – Project in Information Security
- Conceptual Design and Initial Performance Evaluation of an IPSec Based Architecture
- Defending against man-in-the-middle attacks in a WLAN using location based information
DISS 855 – Project in Information Security
- Security Risk Management: New Directions
- Defense Against Social Engineering
In addition, several IA-related Ph.D. dissertations have been completed by NSU students in the past few years. These include:
An Evolution Strategy for the Optimization of Network Traffic to Detect Anomalous Behavior
Securing Web Based Transaction Services
Wireless Integrated Secure Data Options Model for Converged Network Security
Computer System Self-Defense Through Object Self/Non-Self Recognition
The Education of Information Security Professionals: An Analysis of Industry Needs vs. Academic Curriculum in the 21st Century
Improving Information Systems Security through Management Practices: A Non-Technical Approach
An Architecture for Implementing Fine-Grained XML Document Security Using Web Services
Examples of approved NSU Ph.D. dissertation proposals in IA-related research:
Metamorphic Defense in Depth: A Paradigm of Dynamic Defense Through Random Temporal Vulnerability Variance
A Self-Adaptive Negative Selection Approach for Anomaly Detection
Emergent Behavior in Autonomous Software Agents for Intrusion Detection
Detecting Network Attacks Using DAML + OIL Enabled Mobile Agents
Runtime Security Protocol Matchmaker – A Software Agent that Selects the Best Security for a given Network Environment Dynamically
A Security Decision Impact Methodology
A New Statistical Approach for Anomaly Intrusion Detection Based on Short-term Profile Data
Understanding Security Vulnerability and Analysis for Control Systems and Networks used by U.S. Critical Infrastructures
The graduate programs in GSCIS contain several stand-alone courses that enable students not enrolled in IA concentrations to gain exposure to information assurance as part of their graduate course of study. The following courses require students to complete a research paper or project (examples of student projects in those classes that have been completed in the past year are also included):
CISC 654 – Computer Security (CS master’s degree students)
- Tracking and Tracing on the Internet
- The Design of an Intelligent Steganography Detection Algorithm
MCIS 652 – Information Security (CIS master’s degree students)
- Challenges of Fusing Real-time Biometrics in an Operational Environment
- Information Assurance in Tactical Military Systems
MMIS 652 – Information Security (MIS master’s degree students)
- Security Measures Supporting the HIPAA Privacy Regulations
- An Investigation of Security Models and the Organization
Several graduate-level non-IA courses in the curriculum encourage papers and projects in IA-related areas. Examples of student projects in those classes are included:
MCIS 650 - Data Communications Networks
- Interference Effects on Wireless Link Availability
- Performance Measurements of Secure Web Applications
MCIS 654 - Electronic Commerce on the Internet
- Database Level Fraud Detection and Fraud Analysis Framework for e-Commerce
MCIS 670 - Artificial Intelligence and Expert Systems
- Securing Agent Mobility and Communication
- Using Genetic Algorithms for Feature Selection in Anomaly Based Intrusion Detection
MCIS 645 Software Engineering
- Towards a Common Access Control Policy Language: The Role of XACML in a service-oriented architecture
- An Integrated Approach to External Access Control for Databases and Unstructured data
DCIS 791 - Distributed Systems
- A Technique for Implementing Dynamic Information Flow Security Policy
- The Current Problematic State of IP Traceback Mechanisms and a Proposed Packet Fingerprinting Model for Tracing Anonymous Packets
Examples of student papers/presentations:
Title: ACE: Anomalous Code Elimination Through Automatic Detection Within Source Code
Presenter: Stange, M.
Conference: 2004 IEEE SOUTHEASTCON Conference
Abstract: This presentation describes a unique approach for eliminating anomalous code in software source code by the use of several detection techniques and reporting suspect code. The idea is as follows: (1) identify characteristics and patterns of anomalous code, identify proper syntax, and identify rules of safe programming practices (2) encode the above items as evaluation properties, and (3) verify whether the evaluation passed or failed. This process has been automated into a pushdown automation tool that uses relational databases, process algorithms, static analysis and dynamic analysis to determine if any evaluation properties have been violated, which may indicate an anomalous issue. The major advantages of this approach are that it is sound in verifying suspect anomalous code, and that it is modifiable for different programming languages. The disadvantages are: efficiency, continuous updating of evaluation properties, and scalability.
Title: IPSec Offload Performance
Presenter: Rassi, J.
Conference: 2004 IEEE SOUTHEASTCON Conference
Abstract: This presentation presents the results of a case study that tested the performance of IPSec Offload feature of Microsoft Windows 2000 Server using 3COM 10/100 Mbps PCI Server NIC 3XP Processors. Based on the results of the benchmark, it was concluded that, in a few cases, a fast CPU with ample RAM and CACHE could yield better performance than a 3DES NIC using the IPSec Offload feature of Microsoft Windows 2000 Server. In most cases, with the IPSec Offload turned on, there was improvement in overall performance of the system. This paper concludes that in order to yield and maintain peak performance, the selection of encryption protocols and devices ought to be dynamic and based on runtime environmental factors.
Title: Detecting Anomalous Behavior: Optimization Of Network Traffic Parameters Via An Evolution Strategy
Presenter: Bauer, D.
Conference: 2001 IEEE SOUTHEASTCON Conference
Abstract: Detecting intrusions falls into two categories: anomaly detection and misuse detection. The former refers to the detection of abnormal behavior in the use of network services and computing resources. Misuse detection, on the other hand, relies on the identification of “well defined patterns of attack that exploit” vulnerabilities in network and computer software. Most of the commercially available intrusion detection products fall into this category. They work by “mechanically... matching known patterns of attack against monitored activity” within the packet payload only. On the other hand, some intrusion detection techniques focus on “packet header information only”. Throughout academia and industry, there appears to be a lack of research in identifying probable attacks by combining the use of payload characteristics and packet header information, that is, by analyzing the entire packet. This paper addresses this void. This work poses the selection of packet information as an optimization problem for the purposes of anomaly detection. Specifically, using the characteristics of network attacks, we designed an evolution strategy (ES) that is able to detect anomalous network behavior and identify the source of the attack through the analysis of packet header and payload information. We demonstrate that evolution strategies are appropriate for those problems that require simultaneous optimization of multiple parameters in the context of network security. Preliminary results are very encouraging suggesting that network traffic can be parameterized, and, through the optimization of these parameters, evolution strategies can detect anomalous behavior in network traffic.
Title: Boundary Expansion of Expert Systems: Incorporating Evolutionary Computation with Intrusion Detection Solutions
Presenter: Bauer, D.
Conference: 2001 IEEE SOUTHEASTCON Conference
Abstract: The work represented here utilizes evolutionary computation to improve intrusion detection techniques. Many intrusion detection techniques incorporate expert systems (e.g., ASAX, IDES, NIDES, DIDS, Hyperview, JiNao). Problems associated with expert systems are in how the rules are defined and matched against potential intruders. Going outside the rule set leaves minimal hope of detection. This work improves upon intrusion detection schemes that utilized expert systems by using an evolution strategy with combinations of attack signatures as individual characteristics. The overall strength is in viewing the rule-matching problem as an optimization problem.
