The IT-Adventures program is dedicated to increasing interest in and awareness of information technology among high school students using inquiry-based learning focused on three content areas: cyber ...defense, game design programming, and robotics. The program combines secondary, post-secondary, and industry partnerships in educational programming, competitive events, and service learning projects targeted at high school students to accomplish its goals. This paper provides details about the IT-Adventures program as well as the capstone event for students-the IT-Olympics. Project assessment findings, such as differences between students who compete in different content areas, and descriptive measures about the participants are also provided.
Detecting fraudulent use of cloud resources Idziorek, Joseph; Tannian, Mark; Jacobson, Doug
Proceedings of the 3rd ACM workshop on Cloud computing security workshop,
10/2011
Conference Proceeding
Initial threat modeling and security research on the public cloud model has primarily focused on the confidentiality and integrity of data transferred, processed, and stored in the cloud. Little ...attention has been paid to the external threat sources that have the capability to affect the financial viability, hence the long-term availability, of services hosted in the public cloud. Similar to an application-layer DDoS attack, a Fraudulent Resource Consumption (FRC) attack is a much more subtle attack carried out over a longer duration of time. The objective of the attacker is to exploit the utility pricing model which governs the resource usage in the cloud model by fraudulently consuming web content with the purpose of depriving the victim of their long-term economic availability of hosting publicly accessible web content in the cloud. In this paper, we thoroughly describe the FRC attack and discuss why current application-layer DDoS detection schemes are not applicable to a more subtle attack. We propose three detection metrics that together form the criteria for identifying a FRC attack from that of normal web activity. Experimental results based on three plausible attack scenarios show that an attacker without knowledge of the web log has a difficult time mimicking the self-similar and consistent request semantics of normal web activity.
In the United States, the number of students entering into and completing degrees in science, technology, engineering, and mathematics (STEM) areas has declined significantly over the past decade. ...Although modest increases have been shown in enrollments in computer-related majors in the past 4 years, the prediction is that even in 3 to 4 years when these students graduate, there will be shortages of computer-related professionals for industry. The challenge on which this article focuses is attracting students to select an information technology (IT) field such as computer science, computer engineering, software engineering, or information systems as a major when many high schools do not offer a single computer course, and high school counselors, families, and friends do not provide students with accurate information about the field. The social cognitive career theory (SCCT) has been used extensively within counseling and career psychology as a method for understanding how individuals develop vocational interests, make occupational choices, and achieve success within their chosen field. In this article, the SCCT model identifies factors that specifically influence high school students to select a major in an IT-related discipline. These factors can then be used to develop new or enhance existing IT-related activities for high school students. Our work demonstrates that both interest and outcome expectations have a significant positive impact on choice to major. Interest also is found to mediate the effects of self-efficacy and outcome expectations on choice of major. Overall, the model predicts a good portion of variance in the ultimate outcome of whether or not an individual chooses to major in IT.
The importance of laboratory exercises for students is recognized unilaterally by engineering and technology programs. As engineering educators whose academic focus is information assurance and cyber ...security, we believe students in cyber security need the same type of access to hands on opportunities as their counter parts in hardware design or circuit design. Students should be able to configure and run their own networks, as well as explore the vulnerabilities, exploits, and remediatios needed in a cyber security professional's tool kit. Further, they need exposure to working in the complexity of the Internet. While some might argue that simulation software could be a solution, it often lacks realism. In this paper we show how our institution goes beyond the providing the standard, formalized laboratory activities for our cyber security students by developing a unique, highly configurable testbed called Internet-Scale Event and Attack Generation Environment (ISEAGE - pronounced "ice age") that allows us to imitate the Internet. ISEAGE provides a controlled environment that allows real attacks to be played out against the students' networks and demonstrates to them real world security concepts. This paper provides an overview of how the ISEAGE security testbed functions, as well as illustrates how ISEAGE provides our students five different types of opportunities for real world experience: support of formalized classroom work; cyber defense competitions for high school, community college and four year students; inquiry-based learning in a playground environment for high school, as well as college students; testing environment for network devices such as firewalls, data loss protection, intrusion detection; research environment for senior and graduate student work.
Cloud-based services are vulnerable to attacks that seek to exploit the pay-as-you-go pricing model. A botnet could perform fraudulent resource consumption (FRC) by consuming the bandwidth of ...Web-based services, thereby increasing the cloud consumer's financial burden.
This research focuses on Windows Portable Executable (PE) packed malware detection and Deep Learning (DL) using the Convolutional Neural Network (CNN) algorithm. Our primary goal is to improve the ...usage of DL techniques in Cybersecurity to strengthen the defenses against cyberattacks on U.S. Department of Defense (DoD) systems. According to our hypothesis, existing Cross Domain Solutions (CDSs) can be upgraded to include built-in DL-CNN algorithms for identifying well-crafted packed malware. To put this into perspective, implementing DL-CNN into the Cross Domain Solution (CDS) filter software will significantly enhance the effectiveness and detection of packed malware. CDSs are strategically positioned between unclassified and classified systems, and with DL-CNN capabilities, the CDS virus detection filter will learn to detect malware on its own, regardless of whether the malware is well-crafted, packed, or encrypted. Using our trained model, we were able to identify Windows packed PE malicious executables from Windows packed PE benign executables with an average training accuracy of 94 percent and a validation accuracy of 93 percent. Although the DL-CNN algorithm's results could be enhanced through further development and refinement using KerasTuner, this research provides a solid foundation. Our experiments were conducted on our lab computer system and in the Amazon SageMaker Studio Lab and Google Collab cloud environments.
The IT-Adventures program is designed to increase high school students' interest in information technology (IT) as a career. It allows them to learn about IT in non-threatening, extracurricular ...IT-Club activities using inquiry-based learning. The IT-Clubs have four tracks from which students can select to study: cyber defense, game design programming, robotics, and multimedia. This paper focuses on the cyber defense venue and the need for students to have equal access to computing equipment on which to learn about computer operating systems, networking, and information security prior to competing in a cyber defense competition (CDC) at the end of the academic year. The creation of a remotely located and managed "playground" provides uniform access to equipment across schools. This paper shares our knowledge and experience in creating the "playground".