Nova Southeastern University Search NSUSite MapNova Southeastern University
Information Assurance/Security 
National Center of Academic
Excellence in Information Assurance Education
Curriculum Certified for Compliance with CNSS Training Standards
Academic Programs in Information Security
Information Security Incorporated in Non-Technical Disciplines
Practice of Information Assurance at the University
Research in Information Security
Information Assurance Laboratory
Declared Center for IA Education and Research
Request Information
Contact Us
Graduate School of Computer and Information Sciences

Center of Academic Excellence in Information Assurance Education

Faculty Active in Research in Information Assurance/Security

NSU faculty members have been active in research in information assurance/security for several years.  Following are examples of publications/presentations describing IA research at NSU:

Title: A Self-Adaptive Negative Selection Approach for Anomaly Detection
Author: Gonzalez, L. & Cannady, J.
Publication: Proceedings of the 2004 Congress of Evolutionary Computation
Abstract: To date, negative selection algorithms that possess evolutionary features, for example, the NSMutation algorithm, require the optimal value of their strategy parameters, e.g., the mutation rate and the detector lifetime indicator, to be tuned manually. The labor required for this is too time consuming and impractical when manual trial and error is used to determine the values of the strategy parameters. A reasonable alternative is to let the evolutionary algorithm determine the settings itself by using self-adaptive techniques. This paper presents a novel evolutionary negative selection algorithm for anomaly detection  (non-stationary environments) that outperforms the NSMutation on benchmark tests by using self-adaptive techniques to mutate the mutation step size of the detectors.

Title: Foundations of Computer Forensics
Author:  Wang, Y. & Cannady, J.
Publication: Proceedings of the 5th International Workshop on Information Security Applications
Abstract: With the rapid advance in computer and network technology, computer-based electronic evidence has increasingly played an important role in the courtroom over the last decade.   Computer forensics, a growing discipline rooted in forensic science and computer security technology, focuses on acquiring electronic evidence from computer systems to prosecute computer crimes, national security threats, and computer abuse. It has lost its mystique as a  technique used solely by law enforcement and intelligence agents, and has become a popular and  powerful application employed by corporations for civil disputes, employee terminations, and  intellectual property proceedings.   When a computer-related incident occurs, many organizations use internal untrained IT staff to conduct a computer forensics investigation. However, computer forensics is a double-edged sword; improperly applying and using this technique might lead to damaging important potential evidence, or cause evidence not to be admitted in the courtroom. Organizations need to understand and follow the guidelines and procedures of computer forensics in order to fight against computer crime and computer-related violations. This article provides an introduction to computer forensics and outlines the associated inspection steps.

Title: An Automated Approach in Reverse Engineering Java Applications Using Petri Nets
Author:  Fuhs, J. & Cannady, J.
Publication: Proceedings of the 2004 IEEE SOUTHEASTCON
Abstract: Petri nets are a graphical modeling language that has had excellent success representing system behaviors of various types. The following work outlines reverse engineering techniques for dissecting Java code into basic Petri Net (PN) structures. Prototyping with PN’s, allow developers to discover design flaws.  Petri Nets are flexible tools that provide users modeling capability in and outside the computer science arena. Unfortunately reverse engineering of larger production systems is not frequently performed. Reasons behind implementers not taking on such task relate to the size, complexity, and the tedious manual efforts needed in dissecting the model in question. Historically, Petri Nets have been used to reverse engineer or prototype smaller applications. This entails a manual effort of translating places, transitions, and arches to corresponding data dependencies and control structures. The following paper introduces methods for an automated approach in deriving software into 3 hierarchical Petri Net levels of abstraction. These abstractions present a simplified representation of the source code in question. It creates an easily understandable high-level model while still retaining the lower-level semantic elements of source code. To accomplish this, certain rules and methods must be applied to categorize information about the source code.  As with traditional Petri Nets, the prototype application will provide insight into flow controls, dead paths, and resource utilization. The concluding sections provide an overview of results obtained and the strengths and weaknesses of using these approaches.

Title: Legal Issues in Honeypots Worldwide
Author: Bates, E. & Hafner, W.
Publication:  Proceedings of the 13th Annual European Institute for Computer Antivirus Research (EICAR):Technical, Legal and Social Aspects of IT Security
Abstract: This paper presents the current state of IT security based on the regulations in place the United States and the rest of the world, primarily the EU. Implications are drawn from the analysis of legislation to show the divergence of approaches and to identify some common ground.

Title: A Genetic Algorithm-based Intrusion Subclassifier Filter
Author: Dass, M., Cannady, J., & Potter, D.
Publication: Proceedings of the 2003 ACM Southeast Conference
Abstract: With the development of new technologies and the expansion of networked computer systems, security of corporate data is under constant threat of attack from hackers. Intrusion is a very common threat to a network and with the increasing creativity of attackers, it is becoming a challenging job to develop an effective intrusion detection system (IDS). A prior approach to this problem has been to develop a rule-based system, but it has proven to be unsatisfactory owing to its high maintenance cost. This has resulted in the development of Next Generation Intrusion Detection Systems, which use Artificial Intelligence techniques such as Artificial Neural Networks, Logic Trees, Genetic Algorithms, Fuzzy Logic and Data Mining to detect intrusions. It has been shown that knowledge of the type of attack reduces the computational overhead of the IDS. Among other methods, the evolutionary search techniques such as the genetic algorithm have the capacity to distinguish anomalous patterns of network traffic. This paper describes a network filter using a distributed type micro-genetic algorithm modeled after the multiple-fault diagnosis approach to detect sub-classes of intrusion attacks. The results from our preliminary analysis indicate successful detection of sub-classes of Denial-of-Service attacks. This filter is a primary component in the intelligent intrusion detection system we are developing.

Title: LIDS: Learning Intrusion Detection System
Author: Dass, M., Cannady, J., & Potter, D.
Publication: Proceedings of the 2003 Florida Artificial Intelligence Symposium
Abstract: The detection of attacks against computer networks is  becoming a harder problem to solve in the field of network  security. The dexterity of the attackers, the developing technologies and the enormous growth of internet traffic  have made it difficult for any existing intrusion detection  system to offer a reliable service. However, a close examination of the problem shows that there usually exists a  behavioral pattern in the attacks that can be learned and can  be used to detect intrusions more effectively. Thus, there is  a requirement for a system with learning and adapting  capabilities for optimal performance. This paper discusses the design of a Learning Intrusion Detection System (LIDS) that includes a blackboard-based architecture with  autonomous agents. It has the capability for online learning, which may result in better performance than present systems. This feature enables the system to adapt to changes in the network environment as it assimilates more network data.

Title: Security: Perceived Risk, Ambiguity and the Market Mechanism
Author: Nyshadham, E.
Publication: Proceedings of ISOneworld
Abstract: Online transaction security is generally viewed as a technical problem, even though consumer perception of risk and market resolution of risk are psychological and economic issues, respectively. In this paper, we suggest that if perceived risk for online transactions is small and risks are independent, then the market mechanism will solve the problem through an insurance mechanism, which emerges endogenously. However, it is possibly the case that the probability distribution of risks is unknown and hence an insurance industry may not emerge in practice. In this case of ambiguity, the market can not resolve the risk and government intervention may be required.

Title: Representing Attacks with Conceptual Structures
Author: Cannady, J. & Little, M.
Publication: Proceedings of the US Army Collaborative Technologies Conference
Abstract: Conceptual structures provide a knowledge representation formalism for declarative information within an assertional semantic network and exhibits a number of properties that can address issues in representing network attacks in battlefield communications environments. We introduce conceptual graphs and briefly review their potential for battlefield attack representation, and include some illustrative examples.

Title: Intrusion Detection – Capabilities and Considerations
Author:  Cannady, J.
Publication: Global InfoSecurity
Abstract: Regardless of how effective our response to a network attack may be, the first requirement is to know that something is happening.  This may sound rather obvious, but the process of intrusion detection is an extremely complex task.  The individual creativity of attackers, the wide range of computer hardware and operating systems, the lack of adequate audit data, and the ever-changing nature of the overall threat have contributed to  the difficulty in effectively identifying intrusions.  Researchers in academia and industry have been working on ways to detect information attacks for over twenty years.  While progress has been made in the pursuit to detect hackers before they can damage a computer system the accurate and timely detection of intrusions is not yet been fully realized.  In this article we will cover some of the fundamentals of intrusion detection systems  (IDS), review the currently available technologies, and discuss the issues and considerations that impact the effective deployment of IDSs.

Title: The Application of Fuzzy ARTMAP in the Detection of Computer Network Attacks
Author: Cannady, J.
Publication: Proceedings of the International Conference on Artificial Neural Networks
Abstract: The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators and information security researchers. Existing intrusion detection approaches require either manual coding of new attacks in expert systems or the complete retraining of a neural network to improve analysis or learn new attacks. This paper presents a new approach to applying adaptive neural networks to intrusion detection that is capable of autonomously learning new attacks rapidly using feedback from the protected system.

Title: Multiple Self-Organizing Maps for Intrusion Detection
Author: Rhodes, B., Mahaffey, J., & Cannady, J.
Publication: Proceedings of the 23rd National Information Systems Security Conference.
Abstract: The Kohonen self-organizing map is an extremely powerful mechanism for automatic mathematical characterization of acceptable system activity. Because it spontaneously develops a sophisticated characterization of the system whose behaviors it is trained to recognize, it could detect intrusions that it has never observed simply by noting the degree to which they differ from normal activity. After discussing the design of a network monitoring system which would maximize the potential of the self-organizing map, we describe briefly our experimental results in which a simpler system resoundingly detected two different exploits which we perpetrated against one of our servers.

Title: Next Generation Intrusion Detection: Autonomous Reinforcement Learning of Network Attacks
Author: Cannady, J.
Publication: Proceedings of the 23rd National Information Systems Security Conference.
Abstract: The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators and information security researchers. Existing intrusion detection approaches require either manual coding of new attacks in expert systems or the complete retraining of a neural network to improve analysis or learn new attacks. This paper presents a new approach to applying adaptive neural networks to intrusion detection that is capable of autonomously learning new attacks rapidly through the use of a modified reinforcement learning method that uses feedback from the protected system. The approach has been demonstrated to be extremely effective in learning new attacks, detecting previously learned attacks in a network data stream, and in autonomously improving its analysis over time using feedback from the protected system.

Title: Applying CMAC-based On-line Learning to Intrusion Detection
Author: Cannady, J.
Publication: Proceedings of the 2000 IEEE/INNS Joint International Conference on Neural Networks
Abstract: The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators and information security researchers. Existing intrusion detection approaches require either manual coding of new attacks in expert systems or the complete retraining of a neural network to improve analysis or learn new attacks. This paper presents a new approach to applying adaptive neural networks to intrusion detection that is capable of autonomously learning new attacks rapidly by a modified reinforcement learning method that uses feedback from the protected system.

Title: Privacy Policies of Air Travel Web Sites: A Survey and Analysis
Author: Nyshadham, E.
Publication: Journal of Air Transport Management
Abstract: Numerous airlines and online intermediaries are using their web sites to sell airline tickets to passengers. From a consumer perspective as well as from a regulator perspective, privacy policies adopted by the online vendors are receiving critical attention. A survey of privacy policies of US air travel web sites indicates that significant differences exist among majors, nationals and intermediaries. Further, air travel industry seems to lag behind other industries in implementing fair information practices. Overall, results suggest that the air travel industry has a long way to go in addressing privacy concerns shared by consumers as well as regulators.

Title: Perceptions of Online Transaction Security: A Cognitive Explanation
Author: Nyshadham, E
Publication: Proceedings of the Americas Conference on Information Systems
Abstract: A widely held perception among consumers is that financial transactions conducted online are highly risky, while most security experts believe online  transactions are not riskier and in fact, more secure. In this research, we argue that consumer perceptions arise from well-known cognitive biases. Taking an information processing view of consumer decision making, we identify cognitive biases which affect consumer judgments in information acquisition, alternative evaluation and learning from evidence. Theoretical arguments and limited experimental evidence are provided.

Title: Legal, security, and other Issues and threats in using global virtual teams in online learning
Presenter: Scigliano, J.
Conference: Florida Educational Technology Conference (FETC)
Abstract: The goals of the presenters were to present  the legal  and security threats facing  teachers and students  that use  virtual teams in  online learning  environments and to provide  help  in reducing the liability of all involved.  The threats included the laws, regulations, and codes that deal with the powers and responsibilities of students, team leaders, and teachers.  Issues that were addressed in this session included what to do when things go wrong, what are the rights of students, team leaders, and teachers that use virtual teams,  how to protect  the privacy of students, and  how  to  make  the use  of  teams  safer  for  all involved.

Title: Information Security Education and Research
Presenter: Cannady, J.
Conference: GSA Federal Information Systems Conference
Abstract:  The rise in demand for information security professionals is reaching a critical point and colleges and universities are working to establish educational programs to address the need.  In this talk we will discuss the ongoing efforts to satisfy the demand for qualified security personnel within the structure of traditional educational systems.

Title: The Identity Management Challenge: Managing Identity and Privacy in Society
Presenter: Hafner, W.
Conference: 2nd IBM Identity Management Summit
Abstract: This presentation describes the current state of IT security based on the regulations in place the United States and the rest of the world, primarily the EU. Implications are drawn from the analysis of legislation to show the divergence of approaches and to identify some common ground.

Title: Cognitive Biases and Online Transaction Security
Presenter: Nyshadham, E.
Conference: IBASC
Abstract: A widely held perception among consumers is that financial transactions conducted online are highly risky, while most security experts believe online transactions are not riskier and in fact, more secure. In this research, we argue that consumer perceptions arise from well-known cognitive biases. Taking an information processing view of consumer decision making, we identify cognitive biases that affect consumer judgments in information acquisition, alternative evaluation and learning from evidence. Theoretical arguments and limited experimental evidence are provided.

Title: Security: Perceived Risk, Ambiguity and the Market Mechanism
Presenter: Nyshadham, E
Conference: The Security Conference, ISOneworld
Abstract: Online transaction security is generally viewed as a technical problem, even though consumer perception of risk and market resolution of risk are psychological and economic issues, respectively. In this paper, we suggest that if perceived risk for online transactions is small and risks are independent, then the market mechanism will solve the problem through an insurance mechanism, which emerges endogenously. However, it is possibly the case that the probability distribution of risks is unknown and hence an insurance industry may not emerge in practice. In this case of ambiguity, the market can not resolve the risk and government intervention may be required.

 
 | Nova Southeastern University | Contact | Revised: August 8, 2007