Graduation Year


Document Type




Degree Name

Doctor of Philosophy (Ph.D.)

Degree Granting Department

Computer Science and Engineering

Major Professor

Xinming Ou, Ph.D.

Committee Member

Jay Ligatti, Ph.D.

Committee Member

Mehran Mozaffari Kermani, Ph.D.

Committee Member

Nasir Ghani, Ph.D.

Committee Member

Raj Rajagopalan, Ph.D.


Anthropology, Ethnography, Honeypot, Internet of Things, Secure Software Development


The issue of cybersecurity has become much more prevalent over the last few years, with a number of widely publicised incidents, hacking attempts, and data breaches reaching the news. There is no sign of an abatement in the number of cyber incidents, and it would be wise to reconsider the way cybersecurity is viewed and whether a mindset shift is necessary. Cybersecurity, in general, can be seen as primarily a human problem, and it is for this reason that it requires human solutions and tradeoffs. In order to study this problem, using two perspectives; that of the adversaries and that of the defenders, I investigated human activities in cybersecurity. The growing number of Internet of Things (IoT) devices makes it imperative to be aware of the real-world threats they face in terms of cybersecurity. While honeypots have been historically used as decoy devices to help researchers/organizations gain a better understanding of the dynamic of threats on a network and their impact, IoT devices pose a unique challenge for this purpose due to the variety of devices and their physical connections. When a honeypot is built in such a way that an attacker is given the impression it represents a real system used by humans and organizations, it will yield useful insights. Identifying these threats requires an understanding of what attackers are looking for, and how they penetrate our network. It will therefore be possible to have a more secure and safe environment. In the first part of this dissertation, I present here a new Internet of Things honeypot framework, called MPMFPot, which can be used to observe real-world attackers' behavior within a controlled environment. The MPMFPot framework consists of three layers. As part of layer 1, I designed a new approach towards creating a multi-phased, multi-faceted honeypot ecosystem, which gradually increases the sophistication of honeypots' interactions with adversaries. In addition, I developed and designed a low interaction honeypot for cameras that allowed researchers to obtain a deeper understanding of what attackers are targeting. In the second layer, I designed and built a laboratory for Internet of Things(IoT) devices to analyze the adversaries' behavior in greater detail. This goal was achieved by developing and implementing a proxy instance called ``ProxyPot'' that sits between IoT devices and the external network and helps researchers study the inbound and outbound communication patterns of these devices. The PorxyPot instance was used to enhance the sophistication of the honeypots in the previous layer as well as helping the researchers to better understand IoT attacks in more depth. The third layer, or communication layer, is responsible for connecting multiple laboratories together. I have also created an innovative data analytics method that enables us to identify the goals of adversaries. These honeypots have been active for more than three years now. In each phase, we have been able to collect increasingly sophisticated attack data. In addition, our data analytics point to the fact that the majority of attacks caught in the honeypots show striking similarities to a great extent and can be clustered and grouped to yield a more complete understanding of goals, patterns, and trends of IoT attacks in the wild. In the second part of this dissertation, I conducted an ethnographic study of a software development company using the anthropological research method of participant observation for a period of six months. I worked as a software engineer to complete this effort and took part in all of the development activities as a new employee. During the course of the fieldwork, I applied and exploited the penetration testing methodology for the company and studied the developers' reactions on the spot. During this task I found 1) security vulnerabilities are sometimes intentionally introduced and/or overlooked due to the difficulty in managing the various stakeholders’ responsibilities in an economic ecosystem, and cannot be simply blamed on developers’ lack of knowledge or skills; 2) accidental vulnerabilities discovered in the pen-testing process produce different reactions in the development team, often times contrary to what a security researcher would predict. The findings of this study illustrate the nuanced nature of the root causes of software vulnerability and the necessity to take into account a significant amount of contextual information in order to better comprehend how and why software vulnerabilities can develop during software development. Instead of focusing on the competence of the developers or their practices, this research sheds light on the often forgotten human factors that significantly influence the security of software developed by actual companies rather than simply focusing on the deficiencies in developer knowledge or practice. Furthermore, I find that improving the security of software during the development process can be improved through the implementation of a co-creation model, where security experts collaborate with software developers to better identify security concerns and provide tools that are readily applicable within the context of the software development process.