The proliferation of computer devices and their interconnections has changed the way people communicate. Devices that include smart phones, home appliances, televisions, home automation devices, medical devices, and automobiles are now interconnected through home networks and private networks which are also connected to the internet. Terms such as “smart homes” and “smart cities” connote an environment where devices are interconnected with online data sources to provide enhanced products and services. This wide spread use of computing devices and computer networks raises concerns for computer security professionals because each device represents an access point to a computer network and thus, an opportunity for a cyber adversary to gain access and pose a security threat to networked devices, computer systems, and the associated networks. Cyber defense tactics must include methods to keep intruders out of the network as well as methods to detect and defend a computer system once an adversary has gained access. This study addresses the cybersecurity concern by providing a method to continuously monitor the system behavior of network devices. Traditional health and status monitoring techniques collect data from the monitored devices and perform data analysis within the enterprise network. This study proposes using the inherent processing capabilities of the network endpoints to perform security surveillance at the network edge to minimize unauthorized access, prevent the installation of malware, and reduce the risk of using the endpoints as a mechanism to attack the enterprise systems.
After a general discussion on security systems engineering, cybersecurity situational awareness and anomaly detection, the study discusses and evaluates three methods for anomaly detection. Principal component analysis (PCA) is introduced as a statistical approach for anomaly detection. Two machine learning methods—support vector machine (SVM) and neural networks (NN)—are also used in this study to evaluate their effectiveness in performing anomaly detection. Although the analysis is limited to two publicly available data sets the results indicate the SVM and NN are effective in detecting phishing websites with a detection accuracy greater than 92%. The PCA detection method exhibited a high rate of false positive detections. Consequently, SVM and NN outperformed PCA for anomaly detection in this study.
|Advisor:||Islam, Muhammad F.|
|Commitee:||Etemadi, Amirhossein, Malalla, Ebrahim, Thompson, James R.|
|School:||The George Washington University|
|School Location:||United States -- District of Columbia|
|Source:||DAI-B 79/08(E), Dissertation Abstracts International|
|Subjects:||Engineering, Systems science, Artificial intelligence|
|Keywords:||Anomally detection, Neural networks, Principal component analysis, Support vector machine|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be