Machine learning (ML) and deep neural networks (DNNs) have achieved great success in a variety of application domains, however, despite significant effort to make these networks robust, they remain vulnerable to adversarial attacks in which input that is perceptually indistinguishable from natural data can be erroneously classified with high prediction confidence. Works on defending against adversarial examples can be broadly classified as correcting or detecting, which aim, respectively at negating the effects of the attack and correctly classifying the input, or detecting and rejecting the input as adversarial. In this work, a new approach for detecting adversarial examples is proposed. The approach takes advantage of the robustness of natural images to noise. As noise is added to a natural image, the prediction probability of its true class drops, but the drop is not sudden or precipitous. The same seems to not hold for adversarial examples. In other word, the stress response profile for natural images seems different from that of adversarial examples, which could be detected by their stress response profile. An evaluation of this approach for detecting adversarial examples is performed on the MNIST, CIFAR-10 and ImageNet datasets. Experimental data shows that this approach is effective at detecting some adversarial examples on small scaled simple content images and with little sacrifice on benign accuracy.

Since its introduction to the iPhone X in 2017, Apple’s Face ID has been regarded as more accurate than facial recognition systems used by their competitors due to the use of depth information and infrared images to capture accurate face data. The goal of this thesis is to explore the usability of current smartphone facial recognition systems as represented by the latest generation of Apple’s Face ID. To that end, a research study was conducted to test the usability of Apple’s Face ID on the iPhone XR under diverse, simulated conditions designed to replicate real-life scenarios under which a consumer may need to use Face ID. The goal of the study was to make observations on Face ID usability and create a preliminary understanding of areas in which technology may struggle and/or fail. From the results of the research study, Face ID on the iPhone XR generally performed well under low-light conditions and adapted to minor changes in the conditions under which a face capture is done, but did not do as well when the user did not maintain full eye contact with the camera or when the capture is done at an angle.

For systems having computers as a significant component, it becomes a critical task to identify the potential threats that the users of the system can present, while being both inside and outside the system. One of the most important factors that differentiate an insider from an outsider is the fact that the insider being a part of the system, owns privileges that enable him/her access to the resources and processes of the system through valid capabilities. An insider with malicious intent can potentially be more damaging compared to outsiders. The above differences help to understand the notion and scope of an insider.

The significant loss to organizations due to the failure to detect and mitigate the insider threat has resulted in an increased interest in insider threat detection. The well-studied effective techniques proposed for defending against attacks by outsiders have not been proven successful against insider attacks. Although a number of security policies and models to deal with the insider threat have been developed, the approach taken by most organizations is the use of audit logs after the attack has taken place. Such approaches are inspired by academic research proposals to address the problem by tracking activities of the insider in the system. Although tracking and logging are important, it is argued that they are not sufficient. Thus, the necessity to predict the potential damage of an insider is considered to help build a stronger evaluation and mitigation strategy for the insider attack. In this thesis, the question that seeks to be answered is the following: `Considering the relationships that exist between the insiders and their role, their access to the resources and the resource set, what is the potential damage that an insider can cause?'

A general system model is introduced that can capture general insider attacks including those documented by Computer Emergency Response Team (CERT) for the Software Engineering Institute (SEI). Further, initial formulations of the damage potential for leakage and availability in the model is introduced. The model usefulness is shown by expressing 14 of actual attacks in the model and show how for each case the attack could have been mitigated.

Due to large data resources generated by online educational applications, Educational Data Mining (EDM) has improved learning effects in different ways: Students Visualization, Recommendations for students, Students Modeling, Grouping Students, etc. A lot of programming assignments have the features like automating submissions, examining the test cases to verify the correctness, but limited studies compared different statistical techniques with latest frameworks, and interpreted models in a unified approach.

In this thesis, several data mining algorithms have been applied to analyze students’ code assignment submission data from a real classroom study. The goal of this work is to explore

and predict students’ performances. Multiple machine learning models and the model accuracy were evaluated based on the Shapley Additive Explanation.

The Cross-Validation shows the Gradient Boosting Decision Tree has the best precision 85.93% with average 82.90%. Features like Component grade, Due Date, Submission Times have higher impact than others. Baseline model received lower precision due to lack of non-linear fitting.

A web server is a program that responds to your browser's
requests. Often, the response is a HTML document that the browser
renders in a way that looks pleasant to humans. The manner in which it
responds is generally determined before the server is started up; it
is static. The content may change arbitrarily, but the actual logic
that the server follows resists change while the server is still
running. The goal of this thesis is to explore the possibility of
removing this restriction, allowing a web server's logic to be
modified arbitrarily during runtime by select users. This is why the
term ``Federated'' appears in the title: my goal is to create a system
that can be developed in a decentralized manner, by multiple entities
with similar high-level goals but different ideas at the lower level.

Through the personal experience of volunteering at ASU Project Humanities, an organization that provides resources such as clothing and toiletries to the homeless population in Downtown Phoenix, I noticed efficiently serving the needs of the homeless population is an important endeavor, but the current processes for Phoenix nonprofits to collect data are manual, ad-hoc, and inefficient. This leads to the research question: is it possible to improve this process of collecting statistics on client needs, tracking donations, and managing resources using technology? Background research includes an interview with ASU Project Humanities, articles by analysts, and related work including case studies of current technologies in the nonprofit community. Major findings include i) a lack of centralized communication in nonprofits collecting needs, tracking surplus donations, and sharing resources, ii) privacy assurance is important to homeless individuals, and iii) pre-existing databases and technological solutions have demonstrated that technology has the ability to make an impact in the nonprofit community. To improve the process, standardization, efficiency, and automation need to increase. As a result of my analysis, the thesis proposes a prototype solution which includes two parts: an inventory database and a web application with forms for user input and tables for the user to view. This solution addresses standardization by showing a consistent way of collecting data on need requests and surplus donations while guaranteeing privacy of homeless individuals. This centralized solution also increases efficiency by connecting different agencies that cater to these clients. Lastly, the solution demonstrates the ability for resources to be made available to each organization which can increase automation. In conclusion, this database and web application has the potential to improve nonprofit organizations’ networking capabilities, resource management, and resource distribution. The percentile of homeless individuals connected to these resources is expected to increase substantially with future live testing and large-scale implementation.

Error-correcting codes are fundamental in modern digital communication with applications in data storage and data transmission. Interest in a class of error-correcting codes called low-density parity-check (LDPC) codes has been growing since their recent rediscovery because of their low decoding complexity and their high-performance. However, practical applications have been limited due to the difficulty of finding good LDPC codes for practical parameters. This paper proposes an exhaustive and a randomized algorithm for constructing a family of LDPC codes with practical parameters whose matrix representations meet the following requirements: for each row in the LDPC code matrix there exists exactly one common nonzero element, each row has a minimum weight of one and must be odd, and each column has a weight of at least two. These conditions improve performance of the resulting codes and simplify conversion into codes for quantum systems. Both algorithms utilize a maximal clique algorithm to construct LDPC matrices from graphs whose vertices are possible rows within said matrices and are adjacent the first condition is true. While these algorithms were found to be suitable for small parameters, future work which optimizes the resulting codes for their expected applications could also dramatically increase performance of the algorithms themselves.

Ethereum smart contracts are susceptible not only to those vulnerabilities common to all software development domains, but also to those arising from the peculiar execution model of the Ethereum Virtual Machine. One of these vulnerabilities, a susceptibility to re-entrancy attacks, has been at the center of several high-profile contract exploits. Currently, there exist many tools to detect these vulnerabilties, as well as languages which preempt the creation of contracts exhibiting these issues, but no mechanism to address them in an automated fashion. One possible approach to filling this gap is direct patching of source files. The process of applying these patches to contracts written in Solidity, the primary Ethereum contract language, is discussed. Toward this end, a survey of deployed contracts is conducted, focusing on prevalence of language features and compiler versions. A heuristic approach to mitigating a particular class of re-entrancy vulnerability is developed, implemented as the SolPatch tool, and examined with respect to its limitations. As a proof of concept and illustrative example, a simplified version of the contract featured in a high-profile exploit is patched in this manner.

Distributed systems are prone to attacks, called Sybil attacks, wherein an adversary may generate an unbounded number of bogus identities to gain control over the system. In this thesis, an algorithm, DownhillFlow, for mitigating such attacks is presented and

tested experimentally. The trust rankings produced by the algorithm are significantly better than those of the distributed SybilGuard protocol and only slightly worse than those of the best-known Sybil defense algorithm, ACL. The results obtained for ACL are

consistent with those obtained in previous studies. The running times of the algorithms are also tested and two results are obtained: first, DownhillFlow’s running time is found to be significantly faster than any existing algorithm including ACL, terminating in

slightly over one second on the 300,000-node DBLP graph. This allows it to be used in settings such as dynamic networks as-is with no additional functionality needed. Second, when ACL is configured such that it matches DownhillFlow’s speed, it fails to recognize

large portions of the input graphs and its accuracy among the portion of the graphs it does recognize becomes lower than that of DownhillFlow.