Towards Modeling Host-based Data for Cyber-PsychologicalAssessment in Cyber Threat Detection

dc.contributor.advisorChen, Qian
dc.contributor.authorRoy, Krishna Chandra
dc.contributor.committeeMemberLin, Wei-Ming
dc.contributor.committeeMemberKrishnan, Ram
dc.contributor.committeeMemberCao, Yongcan
dc.creator.orcidhttps://orcid.org/0000-0001-9388-8042
dc.date.accessioned2024-02-12T20:02:39Z
dc.date.available2023-02-15
dc.date.available2024-02-12T20:02:39Z
dc.date.issued2022
dc.descriptionThis item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.
dc.description.abstractCyber attacks are constantly on the rise, affecting everything from financial institutions to higher education. Many critical infrastructures such as health care, transportation and electric network, colonial pipeline, etc. are becoming highly targeted for service disruption, information system sabotage, intellectual property theft, or disclosure of classified information. With technological advancements, modern cyber-attacks are more sophisticated and stealthy in compromising high-end computer networks and cyber-physical systems (CPS). Traditional signature or anomaly-based cyber threat detection approaches using cyber data often fails to contain sophisticated attack campaigns, especially insider threat. However, multidomain data analysis with psychological aspects is inevitable to combat the overwhelmingly increasing security breaches and attack campaigns. Many already established research associated user cyber behavior in any human-in-the-loop system with psychological behavior for effective cyber threat detection and forensics [1, 2]. Moreover, reports show that humans are considered to be the weakest link to security [3]. This research attempts three main objectives: i) evaluate and assess the relevance, influence, and utility of psychological behavior (e.g., impulsivity, risk-taking, personality trait) with host data, ii) develop a high accuracy, high fidelity, and robust deep learning framework, and iii) evaluate the effectiveness of host data for run-time anomaly detection and threat investigation. This work proceeds with four different case studies to experiment and evaluate the research objectivesand proposed four deep frameworks DeepRan, LogSHIELD, GraphCH, and ExHPD for threat detection. In this dissertation, we conduct an IRB-approved study to collect host data from real human subjects and introduce a benign host dataset (WHLB) containing 90 days of host logs from 35 workstations and a malware log dataset running 140 malware samples. The findings of this study from four case studies demonstrate the effectiveness of host data in anomaly detection. The results also validated that the cyberspace activities of computer users can be mapped with their psychological behavior which improves the malicious activity detection performance of the AI detectors.
dc.description.departmentElectrical and Computer Engineering
dc.format.extent191 pages
dc.format.mimetypeapplication/pdf
dc.identifier.urihttps://hdl.handle.net/20.500.12588/5367
dc.languageen
dc.subjectArtificial Intelligence
dc.subjectCybersecurity
dc.subjectGraph Neural Network
dc.subjectHost Data
dc.subjectHuman Factor
dc.subjectIntrusion Detection System
dc.subject.classificationComputer engineering
dc.subject.classificationArtificial intelligence
dc.subject.classificationElectrical engineering
dc.titleTowards Modeling Host-based Data for Cyber-PsychologicalAssessment in Cyber Threat Detection
dc.typeThesis
dc.type.dcmiText
dcterms.accessRightspq_closed
thesis.degree.departmentElectrical and Computer Engineering
thesis.degree.grantorUniversity of Texas at San Antonio
thesis.degree.levelDoctoral
thesis.degree.nameDoctor of Philosophy

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
Roy_utsa_1283D_13678.pdf
Size:
8.04 MB
Format:
Adobe Portable Document Format