libra etd
Online Archive of University of Virginia Scholarship

BLUESPAWN: An Open-Source, Active Defense & Endpoint Detection and Response (EDR) Software for Windows-based Systems; Understanding the Rise of Cyberweapons as a Key Element of National Security 3049 views

Author

Smith, Jacob, School of Engineering and Applied Science, University of Virginia

Advisors

  • Kwon, Yonghwi , EN-Comp Science Dept , University of Virginia
  • Elliott, Travis , EN-STS Dept , University of Virginia

Abstract

Over the past several decades, the world has dramatically shifted to where almost everything has some “connected” component. This digital revolution has fundamentally changed nearly every aspect of society. These changes though, have brought on their own, new sets of challenges. In particular, as we increasingly rely on computers in both our business and personal lives, that dependence presents a potential vulnerability. Criminals will abuse this situation to simply make easy money, but nation-states carrying out cyber operations have far more consequences. Over the last two decades, intelligence and military actors have stolen foreign intellectual property, influenced elections, waged disinformation campaigns, and even disrupted nuclear weapons development. These actions cause wide-ranging effects and should not be taken lightly. Alongside the growth of cyber operations, an entire $60+ billion dollar a year cybersecurity industry has flourished. Professionals study both offensive and defensive tradecraft in pursuit of one goal: stopping breaches. Back when computers were first gaining popularity, the threats were relatively simple - and so were the defenses. Now though, security teams have constructed elaborate defenses to counter the increasingly complex attacks. Unfortunately, for a number of reasons, this defensive software often operates in a “black-box” manner. This approach makes it somewhat more difficult for attackers to identify ways to bypass these protections, yet it also raises the bar required for students and other security professionals to learn how these crucial tools operate. This thesis will explore the rise of cyberweapons as a key element of national security from a technological and societal point of view. We will study how various countries have employed cyberattacks in different ways to meet their national objectives. In addition, we will also detail the creation of an open source, active defense and EDR tool called BLUESPAWN. This software helps defenders quickly detect, identify, and eliminate malicious activity and malware across a network.

Degree

BS (Bachelor of Science)

Keywords

cybersecurity; endpoint detection and response (EDR); cyber defense; national security; advanced persistent threat (APT)

Related Links

Notes

School of Engineering and Applied Science Bachelor of Science in Computer Science Technical Advisor: Yonghwi Kwon STS Advisor: S. Travis Elliott Technical Team Members: James McDowell, Calvin Krist, William Mayes

Language

English

Rights

All rights reserved (no additional license for public reuse)

Issued Date

2020-05-08

Persistent Link

https://doi.org/10.18130/v3-b1n6-ef83

Suggested Citation

Smith, Jacob. BLUESPAWN: An Open-Source, Active Defense & Endpoint Detection and Response (EDR) Software for Windows-based Systems; Understanding the Rise of Cyberweapons as a Key Element of National Security. University of Virginia, School of Engineering and Applied Science, BS (Bachelor of Science), 2020-05-08, https://doi.org/10.18130/v3-b1n6-ef83.

Files

Smith_Jacob_Prospectus.pdf
Downloads: 338
Download
Smith_Jacob_STS Research Paper.pdf
Downloads: 501
Download
Smith_Jacob_Sociotechnical Synthesis.pdf
Downloads: 352
Download
Smith_Jacob_Technical Report.pdf
Downloads: 3323
Download
opens in a new window