Operational Decision Making under Uncertainty: Inferential, Sequential, and Adversarial Approaches

Modern security threats are characterized by a stochastic, dynamic, partially observable, and ambiguous operational environment. This dissertation addresses such complex security threats using operations research techniques for decision making under uncertainty in operations planning, analysis, and assessment. First, this research develops a new method for robust queue inference with partially observable, stochastic arrival and departure times, motivated by cybersecurity and terrorism applications. In the dynamic setting, this work develops a new variant of Markov decision processes and an algorithm for robust information collection in dynamic, partially observable and ambiguous environments, with an application to a cybersecurity detection problem. In the adversarial setting, this work presents a new application of counterfactual regret minimization and robust optimization to a multi-domain cyber and air defense problem in a partially observable environment

Search Engine Optimization Techniques for Malaysian University Websites: A Comparative Analysis on Google and Bing Search Engine

Search Engine Optimization (SEO) plays very vital role in the development of professional web sites. There are a number of search engines available on the internet such as Yahoo, Ask.com, AOL.com, Baidu, Bing, etc. Among which Google is the most widely used search engine. Each search engine uses different SEO technique and algorithm which not only forms the foundation of SEO, but affects the position of a website in organic search results as well. As Google modify its algorithm about 500 or more times per year, the web design and internet also evolves dynamically because of changes in SEO techniques and algorithms.  However, how well Malaysian universities websites are optimized for other search engines is questionable particularly the key differences between search engine ranking techniques and algorithms. This research paper tends to answer these vital questions by proposing a comparative analysis of Bing and Google on some Malaysian universities website, analyzing their search engine optimization parameters and outcomes of using  Microsoft Bing as compared to its primary competitor, Google.

A control theoretic approach for security of cyber-physical systems

In this dissertation, several novel defense methodologies for cyber-physical systems have been proposed. First, a special type of cyber-physical system, the RFID system, is considered for which a lightweight mutual authentication and ownership management protocol is proposed in order to protect the data confidentiality and integrity. Then considering the fact that the protection of the data confidentiality and integrity is insufficient to guarantee the security in cyber-physical systems, we turn to the development of a general framework for developing security schemes for cyber-physical systems wherein the cyber system states affect the physical system and vice versa. After that, we apply this general framework by selecting the traffic flow as the cyber system state and a novel attack detection scheme that is capable of capturing the abnormality in the traffic flow in those communication links due to a class of attacks has been proposed. On the other hand, an attack detection scheme that is capable of detecting both sensor and actuator attacks is proposed for the physical system in the presence of network induced delays and packet losses. Next, an attack detection scheme is proposed when the network parameters are unknown by using an optimal Q-learning approach. Finally, this attack detection and accommodation scheme has been further extended to the case where the network is modeled as a nonlinear system with unknown system dynamics --Abstract, page iv

Deep Learning -Powered Computational Intelligence for Cyber-Attacks Detection and Mitigation in 5G-Enabled Electric Vehicle Charging Station

An electric vehicle charging station (EVCS) infrastructure is the backbone of transportation electrification. However, the EVCS has various cyber-attack vulnerabilities in software, hardware, supply chain, and incumbent legacy technologies such as network, communication, and control. Therefore, proactively monitoring, detecting, and defending against these attacks is very important. The state-of-the-art approaches are not agile and intelligent enough to detect, mitigate, and defend against various cyber-physical attacks in the EVCS system. To overcome these limitations, this dissertation primarily designs, develops, implements, and tests the data-driven deep learning-powered computational intelligence to detect and mitigate cyber-physical attacks at the network and physical layers of 5G-enabled EVCS infrastructure. Also, the 5G slicing application to ensure the security and service level agreement (SLA) in the EVCS ecosystem has been studied. Various cyber-attacks such as distributed denial of services (DDoS), False data injection (FDI), advanced persistent threats (APT), and ransomware attacks on the network in a standalone 5G-enabled EVCS environment have been considered. Mathematical models for the mentioned cyber-attacks have been developed. The impact of cyber-attacks on the EVCS operation has been analyzed. Various deep learning-powered intrusion detection systems have been proposed to detect attacks using local electrical and network fingerprints. Furthermore, a novel detection framework has been designed and developed to deal with ransomware threats in high-speed, high-dimensional, multimodal data and assets from eccentric stakeholders of the connected automated vehicle (CAV) ecosystem. To mitigate the adverse effects of cyber-attacks on EVCS controllers, novel data-driven digital clones based on Twin Delayed Deep Deterministic Policy Gradient (TD3) Deep Reinforcement Learning (DRL) has been developed. Also, various Bruteforce, Controller clones-based methods have been devised and tested to aid the defense and mitigation of the impact of the attacks of the EVCS operation. The performance of the proposed mitigation method has been compared with that of a benchmark Deep Deterministic Policy Gradient (DDPG)-based digital clones approach. Simulation results obtained from the Python, Matlab/Simulink, and NetSim software demonstrate that the cyber-attacks are disruptive and detrimental to the operation of EVCS. The proposed detection and mitigation methods are effective and perform better than the conventional and benchmark techniques for the 5G-enabled EVCS

Simulated penetration testing and mitigation analysis

Da Unternehmensnetzwerke und Internetdienste stetig komplexer werden, wird es immer schwieriger, installierte Programme, Schwachstellen und Sicherheitsprotokolle zu überblicken. Die Idee hinter simuliertem Penetrationstesten ist es, Informationen über ein Netzwerk in ein formales Modell zu transferiern und darin einen Angreifer zu simulieren. Diesem Modell fügen wir einen Verteidiger hinzu, der mittels eigener Aktionen versucht, die Fähigkeiten des Angreifers zu minimieren. Dieses zwei-Spieler Handlungsplanungsproblem nennen wir Stackelberg planning. Ziel ist es, Administratoren, Penetrationstestern und der Führungsebene dabei zu helfen, die Schwachstellen großer Netzwerke zu identifizieren und kosteneffiziente Gegenmaßnahmen vorzuschlagen. Wir schaffen in dieser Dissertation erstens die formalen und algorithmischen Grundlagen von Stackelberg planning. Indem wir dabei auf klassischen Planungsproblemen aufbauen, können wir von gut erforschten Heuristiken und anderen Techniken zur Analysebeschleunigung, z.B. symbolischer Suche, profitieren. Zweitens entwerfen wir einen Formalismus für Privilegien-Eskalation und demonstrieren die Anwendbarkeit unserer Simulation auf lokale Computernetzwerke. Drittens wenden wir unsere Simulation auf internetweite Szenarien an und untersuchen die Robustheit sowohl der E-Mail-Infrastruktur als auch von Webseiten. Viertens ermöglichen wir mittels webbasierter Benutzeroberflächen den leichten Zugang zu unseren Tools und Analyseergebnissen.As corporate networks and Internet services are becoming increasingly more complex, it is hard to keep an overview over all deployed software, their potential vulnerabilities, and all existing security protocols. Simulated penetration testing was proposed to extend regular penetration testing by transferring gathered information about a network into a formal model and simulate an attacker in this model. Having a formal model of a network enables us to add a defender trying to mitigate the capabilities of the attacker with their own actions. We name this two-player planning task Stackelberg planning. The goal behind this is to help administrators, penetration testing consultants, and the management level at finding weak spots of large computer infrastructure and suggesting cost-effective mitigations to lower the security risk. In this thesis, we first lay the formal and algorithmic foundations for Stackelberg planning tasks. By building it in a classical planning framework, we can benefit from well-studied heuristics, pruning techniques, and other approaches to speed up the search, for example symbolic search. Second, we design a theory for privilege escalation and demonstrate the applicability of our framework to local computer networks. Third, we apply our framework to Internet-wide scenarios by investigating the robustness of both the email infrastructure and the web. Fourth, we make our findings and our toolchain easily accessible via web-based user interfaces

Internet Marketing for Profit Organizations: A framework for the implementation of strategic internet marketing

Merged with duplicate record 10026.1/828 on 13.03.2017 by CS (TIS)The development of the Internet has significantly changed the face of established markets and operation approaches across a tremendous spectrum of different industries. Within the competitive environment of those industries, the opportunities and risks derived from the new platform are so ubiquitous that unused opportunities quickly translate into potential risks. Those opportunities and risks demand for a structured approach how to implement a sustainable Internet marketing strategy that targets clear business objectives. Marketing and strategic management theory describes very clear structural principles towards their operational implementation. Based on those principles an extensive literature review has been conducted which confirms the result from representative statistics that demonstrate the lack of a comprehensive framework for strategic Internet marketing. The distinct result of this research is such a comprehensive framework which has been directly derived from the illustrated principles of strategic management and Internet marketing. All major components of this generic framework are designed, evaluated in dedicated surveys and validated in extensive case studies. The main achievements of the research are: • A comprehensive review of the current state-of-the-art Internet marketing strategies • Conceptual specification of a strategic Internet marketing framework with generic applicability to profit organizations • Demonstration of the practical feasibility of the proposed framework at the implementation level (via several examples like the SIMTF and SIMPF) • Confirmation of the applicability of the framework based upon a survey of potential beneficiaries • Validation of the effectiveness of the approach via case study scenarios Changing the understanding of a former technical discipline, the thesis describes how Internet marketing becomes a precise strategic instrument for profit organizations. The new structured, complete and self-similar framework facilitates sales organizations to significantly increase the effectiveness and efficiency of their marketing operations. Furthermore, the framework ensures a high level of transparency about the impact and benefit of individual activities. The new model explicitly answers concerns and problems raised and documented in existing research and accommodate for the current limitations of strategic Internet marketing. The framework allows evaluating existing as well as future Internet marketing tactics and provides a reference model for all other definitions of objectives, KPI and work packages. Finally this thesis also matures the subject matter of Internet marketing as a discipline of independent scientific research providing an underlying structure for subsequent studies.Darmstadt Node of the CSCAN Network at University of Applied Sciences, Darmstad

Three Essays on Contagion Risk in Supply Chain

Firms often benefit when an unfavourable event befalls a rival, usually through a shift in demand. But sometimes negative events can adversely affect other firms in the industry, a phenomena referred to as contagion. While contagion can harm the supply chain by disrupting supply or demand, or increasing operating costs, it has not yet been studied in the area of supply chain risk management. Aiming to fill this gap, in the first essay I use real cases to conceptualize the process of contagion and apply related theories and literature to theorize the key factors contributing to contagion risk. The second essay examines the contagion effect of small to moderate events as opposed to extreme events, such as an explosion in a nuclear power plant, where contagion is clearly evident and documented. Finally, the third essay explores the conditions under which low-risk firms may benefit from investing in safety improvements for their higher-risk rivals. My dissertation contributes to the literature by recognizing the role of rivals’ safety in supply chain risk management