Graduation Year

2020

Document Type

Dissertation

Degree

Ph.D.

Degree Name

Doctor of Philosophy (Ph.D.)

Degree Granting Department

Engineering Computer Science

Major Professor

Yu Sun, Ph.D.

Co-Major Professor

Kaiqi Xiong, Ph.D.

Committee Member

Yicheng Tu, Ph.D.

Committee Member

Lawrence Hall, Ph.D.

Committee Member

Xiaopeng Li, Ph.D.

Keywords

Adversarial Attack, Information Theft, Software Defined Networking, User Behavior

Abstract

With the rapid development of a computer network, our lives are already inseparable from it. Wireless Fidelity (Wi-Fi) is in use everywhere; more and more devices are connected to the Internet, and many companies and individuals tend to store their data and information online. Furthermore, it is now very convenient to communicate with each other through email and text messages. However, widespread networks also provide more attack surfaces for attackers. There are a variety of network attacks aimed at information theft. To better defend against those network attacks, one needs to have a broad knowledge of existing attacks. In this dissertation, we address four different types of attacks. (1) We first focus on domain name security, as it is an essential component in a computer network. Attackers can use Domain Generation Algorithm (DGA)-based malware to infiltrate a network and eventually gain access to the network, leading to the loss of a company's assets or personal information theft. We propose a DGA-based malware detection framework for detecting DGA-based malware to alleviate the threat to defend against this type of attack. The threat data was collected from real-world network traffic over a year. The proposed DGA-based malware detection framework consists of a two-level model that performs classification and clustering and a time-series prediction model to predict future DGA domain features. (2) We then focus on Wi-Fi security and countermeasures against Key Reinstallation Attack (KRACK), which utilizes the serious weakness in the 4-way handshake of Wi-Fi Protected Access 2 (WPA2) and aims at stealing Wi-Fi users' information. We propose a Software-Defined Networking (SDN)-based detection and mitigation framework to defend against KRACK. The proposed framework consists of two stages. In the detection stage, we monitor Wi-Fi's network traffic and detect message 3 of the 4-way handshake, where message 3 is a replaying transmission message launched by an attacker based on nonce resets. In the mitigation stage, we update the forwarding rule in the flow table to redirect the attack traffic and prevent it from going to the user. (3) To efficiently prevent users from being victims of information theft, it is also essential to understand how users will behave when facing those attacks. In this dissertation, we focus on studying user behavior when a user encounters with phishing attacks. We propose two study designs: an on-site study design and online study design. We not only collect personal background information through survey questions but also design the necessary software to collect experimental data, such as time measurement and mouse movement. We analyze which factors, such as intervention, monetary incentive, and phishing types, play an important role in phishing attacks. Furthermore, we propose a machine learning framework to help analyze collected data. (4) Since machine learning has been widely used in defending against network attacks, we need to ensure the robustness of the proposed machine learning algorithms and prevent them from adversarial attacks. Last but not least, we explore adversarial examples for attacking the machine learning model used to detect false data injection attacks in an in-vehicle network and build an Adversarial Attack Defending System (AADS) for ensuring the robustness of the machine learning model and securing the in-vehicle network.

Share

COinS