Army Cyber Institute

Permanent URI for this collection


Recent Submissions

Now showing 1 - 5 of 107
  • Item
    SeNet-I: An Approach for Detecting Network Intrusions Through Serialized Network Traffic Images
    (Engineering Applications of Artificial Intelligence, 2023-09-27) Bastian, Nathaniel D.; Farrukh, Yasir; Wali, Syed; Khan, Irfan
    The exponential growth of the internet and inter-connectivity has resulted in an extensive increase in network size and the corresponding data, which has led to numerous novel attacks that pose significant challenges to network security. However, conventional network security approaches predominantly rely on the metadata of network traffic, utilized in numeric form, which is becoming ineffective against new attacks that hide within the content of the traffic. Therefore, it raises the need for security systems to adapt to the changing dynamics of network attacks. To address this issue, we propose a new approach called SeNet-I that leverages computer vision capabilities to combine low-level features and develop a more abstract and high-level representation of network traffic without requiring feature engineering. The proposed approach utilizes the raw network traffic information and transforms it into serialized three-channel images, which are employed as input to a proposed deep concatenated convolutional neural network model. Additionally, SeNet-I can easily incorporate packet level information, which is often challenging for conventional approaches due to its high dimensionality. To demonstrate the effectiveness of the proposed approach, we tested SeNet-I on both packet-based and flow-based network traffic, comparing it with current state-of-the-art methods and different image-based approaches. With F1 scores of 96% and 83% achieved in the multi-class classification of flow-based and packet-based network intrusion detection, our proposed approach outperformed other existing methods in the literature. Lastly, we discussed the advantages and limitations of the proposed method.
  • Item
    Powerful Narratives: Weaponized Harmony and the Soft Power Tools of China’s Rise to Global Primacy
    (Army Cyber Institute, 2022) Brown, Jason C.; Kovalsky, Maxim; Avramov, Kiril; Vaughn, Shannon
    This project explores how the People’s Republic of China (PRC) might use information and other soft-power mechanisms to rise as the dominant hegemonic power by 2035. We acknowledge that fourteen years is an ambitious timeframe within which to upset the balance of power across the globe without incurring the devastating results of a world war, but that is exactly the PRC’s ambition. We use the Threatcasting foresight methodology to explore nearly two dozen possible and probable future scenarios that might appear should the PRC and the Chinese Communist Party (CCP) continue to seek a Chinese-dominated world order. Specifically, we attempt to answer the question, “How does China employ information during the competition phase to advance its position on the global stage as the preponderant world power?” These imagined futures are models of the complex interactions between geopolitical, economic, social, and natural systems, and provide a sophisticated and relatable nuance when seen through the eyes of a person, in a place, experiencing a threat. We provide observations and recommendations about how the United States and allies could disrupt, mitigate, or recover from these future threats.
  • Item
    Cyber Actions by State Actors: Motivation and Utility
    (International Journal of Intelligence and CounterIntelligence, 2014) Brantly, Aaron F.
    Covert action is as old as political man. The subversive manipulation of others is nothing new. It has been written about since Sun Tzu and Kautilya. People and nations have always sought the use of shadowy means to influence situations and events. Covert action is and has been a staple of the state system. A dark and nefarious tool often banished to philosophical and intellectual exile, covert action is in truth an oft-used method of achieving utility that is frequently overlooked by academics. Modern scholars contend that, for utility to be achieved, activities such as war and diplomacy must be conducted transparently. Examined here is the construction of utility for a subset of covert action: cyber attacks.
  • Item
    Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems
    (Optimization Letters, 2023) Chalé, Marc; Cox, Bruce; Weir, Jeffery; Bastian, Nathaniel D.
    Deep learning has enabled network intrusion detection rates as high as 99.9% for malicious network packets without requiring feature engineering. Adversarial machine learning methods have been used to evade classifiers in the computer vision domain; however, existing methods do not translate well into the constrained cyber domain as they tend to produce non-functional network packets. This research views the payload of network packets as code with many functional units. A meta-heuristic based generative model is developed to maximize classification loss of packet payloads with respect to a surrogate model by repeatedly substituting units of code with functionally equivalent counterparts. The perturbed packets are then transferred and tested against three test network intrusion detection system classifiers with various evasion rates that depend on the classifier and malicious packet type. If the test classifier is of the same architecture as the surrogate model, near-optimal adversarial examples penetrate the test model for 69% of packets whereas the raw examples succeeds for only 5% of packets. This confirms hypotheses that NIDS classifiers are vulnerable to adversarial attacks, motivating research in robust learning for cyber.
  • Item
    Can You See Me Now?: Toward Reasonable Standards for Law Enforcement Access to Location Data that Congress Could Enact
    (SSRN Electronic Journal, 2012) Pell, Stephanie K.; Soghoian, Christopher
    The use of location information by law enforcement agencies is common and becoming more so as technological improvements enable collection of more accurate, precise location data. The legal mystery surrounding the proper law enforcement access standard for prospective location data remains unsolved. This mystery, along with conflicting rulings over the appropriate law enforcement access standards for both prospective and historical location data, has created a messy, inconsistent legal landscape where even judges in the same district may require law enforcement to meet different standards to compel location data. As courts struggle with these intertwined technology, privacy, and legal issues, some judges are expressing concern over the scope of the harms, from specific and personal to general and social, presented by unfettered government collection and use of location data and how to respond to them. Judges have sought to communicate the scope and gravity of these concerns through direct references to Orwell’s dystopia in 1984, as well as suggestive allusions to the “panoptic effect” observed by Jeremy Bentham and his later interpreters like Michel Foucault. Some have gone on to suggest that privacy issues raised by law enforcement access to location data might be addressed more effectively by the legislature. This Article proposes a legislative model for law enforcement access standards and downstream privacy protections for location information. This proposal attempts to (1) articulate clear rules for courts to apply and law enforcement agents and industry to follow; and (2) strike a reasonable balance among the interests of law enforcement, privacy, and industry with the ultimate goal of improving the position of all concerned when measured against the current state of the law.