Mark Patton - Academia.edu (original) (raw)
Papers by Mark Patton
With the rapid development of blockchain platforms, it is important that different implementation... more With the rapid development of blockchain platforms, it is important that different implementations are tested and analyzed for comparative purposes. One such implementation is Hyperledger Sawtooth, a new member of the Hyperledger family. Sawtooth blockchain is a permissioned implementation developed in part by Intel. While research has been done on Hyperledger Fabric, research on Sawtooth is not well documented. Using the Hyperledger Caliper benchmarking tool, we aim to test the performance of the blockchain and identify potential issues.
Proceedings of the ... Annual Hawaii International Conference on System Sciences, 2020
The intentional and non-intentional use of social media platforms resulting in digital wildfires ... more The intentional and non-intentional use of social media platforms resulting in digital wildfires of misinformation has increased significantly over the last few years. However, the factors that influence this rapid spread in the online space remain largely unknown. We study how believability and intention to share information are influenced by multiple factors in addition to confirmation bias. We conducted an experiment where a mix of true and false articles were evaluated by study participants. Using hierarchical linear modelling to analyze our data, we found that in addition to confirmation bias, believability is influenced by source endorser credibility and argument quality, both of which are moderated by the type of informationtrue or false. Source likeability also had a positive main effect on believability. After controlling for belief and confirmation bias, intention to share information was affected by source endorser credibility and information source likeability. 2.1 Fake News As mentioned, fake news has been used broadly and refers to a range of items, which makes it a difficult issue to address [5]. Identifying the purpose, channel, source, and propagators can help us better grasp its dimensions. Key purposes for spreading fake news include but are not limited to satire or parody/humor [8], financial gain from promoting fake 'sponsored' news stories supporting products [9], bloggers looking for large audience to gain views and advertising revenue [10], and election manipulation [11]. Fake news has been used to manipulate public sentiment and cause public unrest [12] through internal [13] and foreign intervention [6]. In some cases, fake news is created to garner support or drive opposition towards controversial topics (e.g., welfare, abortion, gun control) [14]. There are two broad areas of research on Fake news: technical and behavioral. Technical focuses on detecting
2016 IEEE Conference on Intelligence and Security Informatics (ISI), 2016
This poster analyzes the Alphabay underground marketplace - an anonymous trading grounds for illi... more This poster analyzes the Alphabay underground marketplace - an anonymous trading grounds for illicit goods and services. Listing data was collected and interpreted using Latent-Dirichlet Allocation (LDA), to determine common topics in the listings. Results found offer insight to the types of goods being sold and who is selling them.
IEEE Intelligent Systems, 2018
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018
Scientific advances of higher education institutions make them attractive targets for malicious c... more Scientific advances of higher education institutions make them attractive targets for malicious cyberattacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80% of vulnerabilities found in scanned higher education institutions.
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
Performing port scans through Tor is a way to hide the source's IP address from the target. R... more Performing port scans through Tor is a way to hide the source's IP address from the target. Researchers hoping to source their own scans benefit from a means of scanning that helps them to anonymize themselves from targets that may potentially retaliate as the result of being scanned. Though effective in providing anonymization during scanning, it is not scalable to the point of scanning the entire IPv4 Address space on multiple ports, as scans take considerably longer to execute through Tor. This paper specifically explores using a third-party data source to target specific areas of interest in the IPv4 range and then scanning those areas anonymously with parallelized scanners as an effective way to anonymously collect internet scan data. The results demonstrate the feasibility of this approach.
Rights Copyright © is held by the author. Digital access to this material is made possible by the... more Rights Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author. Downloaded 19-Feb-2016 04:52:05 Link to item
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018
The intentional and non-intentional use of social media platforms resulting in digital wildfires ... more The intentional and non-intentional use of social media platforms resulting in digital wildfires of misinformation has increased significantly over the last few years. However, the factors that influence this rapid spread in the online space remain largely unknown. We study how believability and intention to share information are influenced by multiple factors in addition to confirmation bias. We conducted an experiment where a mix of true and false articles were evaluated by study participants. Using hierarchical linear modelling to analyze our data, we found that in addition to confirmation bias, believability is influenced by source endorser credibility and argument quality, both of which are moderated by the type of information – true or false. Source likeability also had a positive main effect on believability. After controlling for belief and confirmation bias, intention to share information was affected by source endorser credibility and information source likeability.
2020 IEEE International Conference on Intelligence and Security Informatics (ISI), 2020
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018
Cyber threats have emerged as a key societal concern. To counter the growing threat of cyber-atta... more Cyber threats have emerged as a key societal concern. To counter the growing threat of cyber-attacks, organizations, in recent years, have begun investing heavily in developing Cyber Threat Intelligence (CTI). Fundamentally a data driven process, many organizations have traditionally collected and analyzed data from internal log files, resulting in reactive CTI. The online hacker community can offer significant proactive CTI value by alerting organizations to threats they were not previously aware of. Amongst various platforms, forums provide the richest metadata, data permanence, and tens of thousands of freely available Tools, Techniques, and Procedures (TTP). However, forums often employ anti-crawling measures such as authentication, throttling, and obfuscation. Such limitations have restricted many researchers to batch collections. This exploratory study aims to (1) design a novel web crawler augmented with numerous anti-crawling countermeasures to collect hacker exploits on an ongoing basis, (2) employ a state-of-the-art deep learning approach, Long Short-Term Memory (LSTM) Recurrent Neural Network (RNN), to automatically classify exploits into pre-defined categories onthe-fly, and (3) develop interactive visualizations enabling CTI practitioners and researchers to explore collected exploits for proactive, timely CTI. The results of this study indicate, among other findings, that system and network exploits are shared significantly more than other exploit types.
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
2016 IEEE Conference on Intelligence and Security Informatics (ISI), 2016
Critical infrastructure such as power plants, oil refineries, and sewage are at the core of moder... more Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-the-middle, and SSH exploit attacks.
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
2019 IEEE International Conference on Intelligence and Security Informatics (ISI), 2019
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
Cybersecurity is a critical concern in society today. One common avenue of attack for malicious h... more Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-the-art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.
2020 IEEE International Conference on Intelligence and Security Informatics (ISI), 2020
The accelerated growth of computing technologies has provided interdisciplinary teams a platform ... more The accelerated growth of computing technologies has provided interdisciplinary teams a platform for producing innovative research at an unprecedented speed. Advanced scientific cyberinfrastructures, in particular, provide data storage, applications, software, and other resources to facilitate the development of critical scientific discoveries. Users of these environments often rely on custom developed virtual machine (VM) images that are comprised of a diverse array of open source applications. These can include vulnerabilities undetectable by conventional vulnerability scanners. This research aims to identify the installed applications, their vulnerabilities, and how they vary across images in scientific cyberinfrastructure. We propose a novel unsupervised graph embedding framework that captures relationships between applications, as well as vulnerabilities identified on corresponding GitHub repositories. This embedding is used to cluster images with similar applications and vulnerabilities. We evaluate cluster quality using Silhouette, Calinski-Harabasz, and Davies-Bouldin indices, and application vulnerabilities through inspection of selected clusters. Results reveal that images pertaining to genomics research in our research testbed are at greater risk of high-severity shell spawning and data validation vulnerabilities.
2016 IEEE Conference on Intelligence and Security Informatics (ISI), 2016
The anonymizing network Tor is examined as one method of anonymizing port scanning tools and avoi... more The anonymizing network Tor is examined as one method of anonymizing port scanning tools and avoiding identification and retaliation. Performing anonymized port scans through Tor is possible using Nmap, but parallelization of the scanning processes is required to accelerate the scan rate.
With the rapid development of blockchain platforms, it is important that different implementation... more With the rapid development of blockchain platforms, it is important that different implementations are tested and analyzed for comparative purposes. One such implementation is Hyperledger Sawtooth, a new member of the Hyperledger family. Sawtooth blockchain is a permissioned implementation developed in part by Intel. While research has been done on Hyperledger Fabric, research on Sawtooth is not well documented. Using the Hyperledger Caliper benchmarking tool, we aim to test the performance of the blockchain and identify potential issues.
Proceedings of the ... Annual Hawaii International Conference on System Sciences, 2020
The intentional and non-intentional use of social media platforms resulting in digital wildfires ... more The intentional and non-intentional use of social media platforms resulting in digital wildfires of misinformation has increased significantly over the last few years. However, the factors that influence this rapid spread in the online space remain largely unknown. We study how believability and intention to share information are influenced by multiple factors in addition to confirmation bias. We conducted an experiment where a mix of true and false articles were evaluated by study participants. Using hierarchical linear modelling to analyze our data, we found that in addition to confirmation bias, believability is influenced by source endorser credibility and argument quality, both of which are moderated by the type of informationtrue or false. Source likeability also had a positive main effect on believability. After controlling for belief and confirmation bias, intention to share information was affected by source endorser credibility and information source likeability. 2.1 Fake News As mentioned, fake news has been used broadly and refers to a range of items, which makes it a difficult issue to address [5]. Identifying the purpose, channel, source, and propagators can help us better grasp its dimensions. Key purposes for spreading fake news include but are not limited to satire or parody/humor [8], financial gain from promoting fake 'sponsored' news stories supporting products [9], bloggers looking for large audience to gain views and advertising revenue [10], and election manipulation [11]. Fake news has been used to manipulate public sentiment and cause public unrest [12] through internal [13] and foreign intervention [6]. In some cases, fake news is created to garner support or drive opposition towards controversial topics (e.g., welfare, abortion, gun control) [14]. There are two broad areas of research on Fake news: technical and behavioral. Technical focuses on detecting
2016 IEEE Conference on Intelligence and Security Informatics (ISI), 2016
This poster analyzes the Alphabay underground marketplace - an anonymous trading grounds for illi... more This poster analyzes the Alphabay underground marketplace - an anonymous trading grounds for illicit goods and services. Listing data was collected and interpreted using Latent-Dirichlet Allocation (LDA), to determine common topics in the listings. Results found offer insight to the types of goods being sold and who is selling them.
IEEE Intelligent Systems, 2018
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018
Scientific advances of higher education institutions make them attractive targets for malicious c... more Scientific advances of higher education institutions make them attractive targets for malicious cyberattacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80% of vulnerabilities found in scanned higher education institutions.
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
Performing port scans through Tor is a way to hide the source's IP address from the target. R... more Performing port scans through Tor is a way to hide the source's IP address from the target. Researchers hoping to source their own scans benefit from a means of scanning that helps them to anonymize themselves from targets that may potentially retaliate as the result of being scanned. Though effective in providing anonymization during scanning, it is not scalable to the point of scanning the entire IPv4 Address space on multiple ports, as scans take considerably longer to execute through Tor. This paper specifically explores using a third-party data source to target specific areas of interest in the IPv4 range and then scanning those areas anonymously with parallelized scanners as an effective way to anonymously collect internet scan data. The results demonstrate the feasibility of this approach.
Rights Copyright © is held by the author. Digital access to this material is made possible by the... more Rights Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author. Downloaded 19-Feb-2016 04:52:05 Link to item
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018
The intentional and non-intentional use of social media platforms resulting in digital wildfires ... more The intentional and non-intentional use of social media platforms resulting in digital wildfires of misinformation has increased significantly over the last few years. However, the factors that influence this rapid spread in the online space remain largely unknown. We study how believability and intention to share information are influenced by multiple factors in addition to confirmation bias. We conducted an experiment where a mix of true and false articles were evaluated by study participants. Using hierarchical linear modelling to analyze our data, we found that in addition to confirmation bias, believability is influenced by source endorser credibility and argument quality, both of which are moderated by the type of information – true or false. Source likeability also had a positive main effect on believability. After controlling for belief and confirmation bias, intention to share information was affected by source endorser credibility and information source likeability.
2020 IEEE International Conference on Intelligence and Security Informatics (ISI), 2020
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018
Cyber threats have emerged as a key societal concern. To counter the growing threat of cyber-atta... more Cyber threats have emerged as a key societal concern. To counter the growing threat of cyber-attacks, organizations, in recent years, have begun investing heavily in developing Cyber Threat Intelligence (CTI). Fundamentally a data driven process, many organizations have traditionally collected and analyzed data from internal log files, resulting in reactive CTI. The online hacker community can offer significant proactive CTI value by alerting organizations to threats they were not previously aware of. Amongst various platforms, forums provide the richest metadata, data permanence, and tens of thousands of freely available Tools, Techniques, and Procedures (TTP). However, forums often employ anti-crawling measures such as authentication, throttling, and obfuscation. Such limitations have restricted many researchers to batch collections. This exploratory study aims to (1) design a novel web crawler augmented with numerous anti-crawling countermeasures to collect hacker exploits on an ongoing basis, (2) employ a state-of-the-art deep learning approach, Long Short-Term Memory (LSTM) Recurrent Neural Network (RNN), to automatically classify exploits into pre-defined categories onthe-fly, and (3) develop interactive visualizations enabling CTI practitioners and researchers to explore collected exploits for proactive, timely CTI. The results of this study indicate, among other findings, that system and network exploits are shared significantly more than other exploit types.
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
2016 IEEE Conference on Intelligence and Security Informatics (ISI), 2016
Critical infrastructure such as power plants, oil refineries, and sewage are at the core of moder... more Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-the-middle, and SSH exploit attacks.
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
2019 IEEE International Conference on Intelligence and Security Informatics (ISI), 2019
2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 2017
Cybersecurity is a critical concern in society today. One common avenue of attack for malicious h... more Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-the-art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.
2020 IEEE International Conference on Intelligence and Security Informatics (ISI), 2020
The accelerated growth of computing technologies has provided interdisciplinary teams a platform ... more The accelerated growth of computing technologies has provided interdisciplinary teams a platform for producing innovative research at an unprecedented speed. Advanced scientific cyberinfrastructures, in particular, provide data storage, applications, software, and other resources to facilitate the development of critical scientific discoveries. Users of these environments often rely on custom developed virtual machine (VM) images that are comprised of a diverse array of open source applications. These can include vulnerabilities undetectable by conventional vulnerability scanners. This research aims to identify the installed applications, their vulnerabilities, and how they vary across images in scientific cyberinfrastructure. We propose a novel unsupervised graph embedding framework that captures relationships between applications, as well as vulnerabilities identified on corresponding GitHub repositories. This embedding is used to cluster images with similar applications and vulnerabilities. We evaluate cluster quality using Silhouette, Calinski-Harabasz, and Davies-Bouldin indices, and application vulnerabilities through inspection of selected clusters. Results reveal that images pertaining to genomics research in our research testbed are at greater risk of high-severity shell spawning and data validation vulnerabilities.
2016 IEEE Conference on Intelligence and Security Informatics (ISI), 2016
The anonymizing network Tor is examined as one method of anonymizing port scanning tools and avoi... more The anonymizing network Tor is examined as one method of anonymizing port scanning tools and avoiding identification and retaliation. Performing anonymized port scans through Tor is possible using Nmap, but parallelization of the scanning processes is required to accelerate the scan rate.