Abstract
As technology grows, the number of threats we face in the cyber world grows as well. In response to these threats, the cybersecurity measures must continue to evolve and adapt. My thesis portfolio aims to address this by exploring essential cybersecurity measures through both a technical and STS project.
My technical project proposes an AI-driven Intrusion Detection System (IDS) specifically made to detect Advanced Persistent Threats (APTs). The reason is that APTs have been a challenge for cybersecurity professionals due to their ability to penetrate systems and remain within them for extended periods.
To properly implement and evaluate this AI-driven IDS, large APT datasets will be processed, implemented into a pipeline, and the results will then be categorized. The data processing will include the use of large relevant datasets, which will be processed to prevent data imbalance, then put into the Wasserstein Generative Adversarial Networks with Gradient Penalty. Once the data is properly processed, it will be implemented into a Hybrid AE-BiLSTM Pipeline. This is simply an autoencoder and a bidirectional Long Short-Term Memory (LSTM) model. This pipeline was chosen specifically to counter APTs as it produces very accurate results and is applicable for long periods of time. After the Hybrid AE-BiLSTM Pipeline, we will get the results, which will be categorized as an APT or a possible APT. The categorized APTs will then undergo review from a security analyst to ensure the results are accurate and verify the possible APTs. After review, the results will be recycled back into the IDS for further training. Most importantly, the results will be evaluated based on accuracy, detection rates, and F1 score. Once satisfactory results are reached and the IDS no longer detects many possible APTs, the need for a security analyst can be lessened and eventually completely removed. Therefore, after proper implementation and evaluation, an AI-driven IDS will be developed to counteract APTs.
In my STS project, I investigated the research question of how ethical hackers navigate the tension between technological transparency and societal expectations of security and privacy. To properly investigate this question, I utilized the Diffusion of Innovation framework by Everett Rogers, analyzed case studies, and policy analysis. Specifically, the case studies analyzed were simulations of ethical hacking in the medical industry and cases of untraditional ethical hackers preventing attacks. Through policy analysis, I explore the legal implications that ethical hackers have to face in the United States and in foreign countries. After conducting my research, I found that current ethical hacking is limited in society. For instance, it lacks support from society, it is misunderstood by society, and the legal implications in place prevent ethical hackers from working at their full potential. However, we can see a step in the right direction with the introduction of bug bounty programs, an incentive for ethical hackers to attempt to breach an organization's system on their own accord and report the findings accordingly. Many large organizations have been able to adopt bug bounty programs, such as Apple, Microsoft, and the Pentagon. Smaller organizations are unable to adopt similar programs as they are very resource-consuming.
With these findings, the Diffusion of Innovation framework is applied to conclude that ethical hacking currently sits in the early majority category. However, it has the potential to move up into the next category if the proper steps are taken, such as properly showing society the importance of ethical hacking and a rework of the current legal limitations in place. With these steps, ethical hacking can be properly supported within society and, most importantly, prosper.
Through both of these projects, I was able to explore the technical and non-technical sides of two crucial cybersecurity measures. In a technical project, I proposed an AI-driven IDS to combat APTs, which allowed me to explore and understand technical aspects that must go into designing a proper cybersecurity measure. This included looking at the data processing, detection, response, and evaluation of the proposed system. On the other hand, my STS project explores the non-technical aspects of ethical hacking, such as legal implications and societal impacts. Overall, various technical and non-technical aspects were explored; however, one thing was clear, whether it's on the technical or non-technical side, cybersecurity measures must continue to evolve.
