Papers by Daniel Ragsdale
The George Washington University, Report No. CSPRI- …, Jan 1, 2004
Abstract In cybersecurity competitions, participants either create new or protect preconfigured i... more Abstract In cybersecurity competitions, participants either create new or protect preconfigured information systems and then defend these systems against attack in a real-world setting. Institutions should consider important structural and resource-related issues before establishing such a competition. Critical infrastructures increasingly rely on information systems and on the Internet to provide connectivity between systems. Maintaining and protecting these systems requires an education in information warfare ...
The Journal of …, Jan 1, 2002
Abstract The use of virtualization technologies to increase the capacity and utilization of labor... more Abstract The use of virtualization technologies to increase the capacity and utilization of laboratory resources is widely used in classroom environments using several workstation based virtualization products. These virtual networks are often air gapped to prevent the inadvertent release of malware. This implementation however requires users to be in the classroom.
Abstract While advances in, and diverse applications of, technology are revolutionizing our way o... more Abstract While advances in, and diverse applications of, technology are revolutionizing our way of life, they also expose us to numerous new threats. We must understand how these highly complicated and interconnected systems work, as well as how to employ and protect them.
Abstract–One can argue that Information Assurance education is vitally important. It is often imp... more Abstract–One can argue that Information Assurance education is vitally important. It is often impractical to allow students to experiment with real networks. A simulation-based tool is needed to supplement classroom instruction. This paper introduces the Military Academy Attack/Defense Network (MAADNET) that allows users to explore interrelationships between people, procedures, hardware, software, and data and how each of these factors impact on network design and security.
Abstract At the US Military Academy at West Point, New York, we approach the topic of protecting ... more Abstract At the US Military Academy at West Point, New York, we approach the topic of protecting and defending information systems as a matter of national security. The time has long passed where we could consider cyberattacks as merely a nuisance; the threat from a cyberattack is very real. Our national information infrastructure is not just essential to the USA economy; it is a life-critical system.
Abstract: Honeynets provide network and system managers a unique intrusion detection and monitori... more Abstract: Honeynets provide network and system managers a unique intrusion detection and monitoring system that provides indications of malicious behavior in a near “false positive” proof manner. When deployed properly, these systems can provide warning of both inside and external network threats. However if the deployment is not tightly integrated into the existing topology and the honeynet is configured to allow in only the threat intended to monitor, the usefulness will be greatly diminished.
John R. James, John-James@ usma. edu, John Marin, Paul Manz Daniel Ragsdale, John Surdu, Wayne Sc... more John R. James, John-James@ usma. edu, John Marin, Paul Manz Daniel Ragsdale, John Surdu, Wayne Schepens, Office of the Program Manager Timothy Presby Field Artillery Tactical Data System United States Military Academy, West Point, NY Fort Monmouth, NJ Keywords: network, distributed, fixed, mobile, latency
Planning of complex activities is a deliberative process and automation support for re-planning a... more Planning of complex activities is a deliberative process and automation support for re-planning activities should provide for cognitive modeling of the planning process. This paper takes the position that the cognitive model should contain details of the domain being supported and, especially for support of on-line re-planning, knowledge of the system implementation architecture -including performance modeling of the implementation architecture. We discuss these thoughts in some detail and provide an overview of a test bed framework being implemented to perform experiments on the validity of this approach. In particular, we are interested in creating analysis tools that apply metrics to sensed data to assist in determining when a re-planning activity is required and in prioritizing re-planning activities. The framework is intended to support experiments with military decision making and, in particular, with re-planning activities that support execution of a military Operation Order (OPORD). One of the products often created during OPORD preparation is the commander's Synchronization Matrix (also know as an Execution Matrix) to support coordination of operational activities by different units. Likewise during OPORD execution, if a synchronization matrix exists, monitoring of the degree to which actual events correspond to those entered in the synchronization matrix provides an effective approach to estimating whether the commander's Concept of the Operation is being followed. We are investigating use of a new simulation tool to accumulate information at the messagepacket-level and perform analysis at the network-applicationlevel. We discuss use of this framework for pattern recognition of activities distributed in time and space. Finally, we assert that this level of detail is required to enable assessment of the information assurance situation to support evaluation of risks, as well as implementation and application of metrics for analysis of alternatives for reacting to attacks and monitoring of the selected alternatives. Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503 UNCLASSIFIED 20. LIMITATION OF ABSTRACT UNLIMITED NSN 7540-01-280-5500 Standard Form 298 (Rev. 2-89) Prescribed by ANSI Std. Z39-18 298-102 $10.00
Systems, Man, and …, Jan 1, 2000
This paper examines techniques for providing adaptation in intrusion detection and intrusion resp... more This paper examines techniques for providing adaptation in intrusion detection and intrusion response systems. As attacks on computer systems are becoming increasingly numerous and sophisticated, there is a growing need for intrusion detection and response systems to dynamically adapt to better detect and respond to attacks. The Adaptive Hierarchical Agentbased Intrusion Detection System (AHA! IDS) provides detection adaptation by adjusting the amount of s ystem resources devoted to the task of detecting intrusive activities. This is accomplished by dynamically invoking new combinations of lower level detection agents in response to changing circumstances and by adjusting the confidence associated with these lower-level agents. The Adaptive Agentbased Intrusion Response System (AAIRS) provides response adaptation by weighting those responses that have been successful in the past over those techniques that have not been as successful. As a result, the more successful responses are used more often than the less successful techniques. It also adapts responses based on the system's belief that intrusion detection reports are valid. Intuitively, adaptive detection and response systems will provide more robust protection than static, non-adaptive systems.
Proceedings of the 2001 …, Jan 1, 2001
The model presented in this paper is an extension of work reported in 1991 by John McCumber. His ... more The model presented in this paper is an extension of work reported in 1991 by John McCumber. His model provided an abstract research and pedagogic framework for the profession. In the decade since McCumber prepared his model, Information Systems Security (INFOSEC) has evolved into Information Assurance (IA). Although the framework remains sound, the growth of the profession has suggested that changes are needed. This extension of the model accommodates the expanded needs of the IA discipline and include three temporal measures have been included.
discex, Jan 1, 2001
Anomaly detection involves characterizing the behaviors of individuals or systems and recognizing... more Anomaly detection involves characterizing the behaviors of individuals or systems and recognizing behavior that is outside the norm. This paper describes some preliminary results concerning the robustness and generalization capabilities of machine learning methods in creating user profiles based on the selection and subsequent classification of command line arguments. We base our method on the belief that legitimate users can be classified into categories based on the percentage of commands they use in a specified period. The hybrid approach we employ begins with the application of expert rules to reduce the dimensionality of the data, followed by an initial clustering of the data and subsequent refinement of the cluster locations using a competitive network called Learning Vector Quantization. Since Learning Vector Quantization is a nearest neighbor classifier, and new record presented to the network that lies outside a specified distance is classified as a masquerader. Thus, this system does not require anomalous records to be included in the training set.
Journal of Computing …, Jan 1, 2001
This paper describes a unique resource at West Point, the Information Analysis and Research Labor... more This paper describes a unique resource at West Point, the Information Analysis and Research Laboratory, referred to as the IWAR range. The IWAR range is an isolated laboratory used by undergraduate students and faculty researchers. The IWAR is a production-system-like, heterogeneous environment. The IWAR has become a vital part of the Information Assurance curriculum at West Point. We use the military range analogy to teach the students in the class that the exploits and other tools used in the laboratory are weapons and should be treated with the same care as rifles and grenades. This paper describes the structure of the laboratory and how it is used in classroom instruction. It also describes the process used to create the IWAR and how an IWAR might be built using limited resources. Finally, this paper describes the future directions of the IWAR project.
… , Part A: Systems and Humans, IEEE …, Jan 1, 2001
Proceedings of the …, Jan 1, 2004
Abstract The Information Technology (IT) movement in higher education has been growing over sever... more Abstract The Information Technology (IT) movement in higher education has been growing over several years, leading to a draft ACM CC2004 report that defines Information Technology in relation to other computing disciplines and a draft ABET/CAC accreditation standard that calls for documented educational objectives. As yet, there is no authoritative agreement on educational objectives for Information Technology. While proposing an Information Technology (IT) definition and objectives that compares Information ...
Uploads
Papers by Daniel Ragsdale