About
37
Publications
15,091
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
506
Citations
Introduction
Dr. O’Connor’s research has centered on computer security, emphasizing cybersecurity education, the security and privacy of IoT devices, wireless protocols, software-defined networking, and machine learning approaches for security. Dr. O’Connor served 20 years as an US Army Officer, retiring in 2019 at the rank of Lieutenant Colonel. His service included an academic appointment to the Electrical Engineering and Computer Science Department at the US Military Academy.
Skills and Expertise
Additional affiliations
August 2008 - August 2011
Position
- Professor (Assistant)
Description
- Served as an instructor, leader, and role model for the United States Military Academy in the Department of Electrical Engineering & Computer Science. Served as a course director for courses in Digital Forensics and Computer Exploitation. Project advisor for a computer science senior design project that supports the National Reconnaissance Office. Supported cadet development by serving as a club officer for the Special Interest Group on Security, Audit and Control (SIGSAC).
Education
May 2015 - May 2019
August 2006 - May 2008
May 1995 - May 1999
Publications
Publications (37)
A myriad of security and privacy threats have accompanied the rapid proliferation and widespread adoption of Internet-of-Things (IoT) devices. IoT vendors often justify this challenge by citing the difficulty of securing resource-constrained embedded devices. However, the monolithic nature of IoT devices introduces the opportunity to leverage manda...
United States higher education institutions host an assortment of services that are accessible via public IP addresses. The wide variety of network services and the important personal and institutional data stored on such services make higher education institutions particularly desirable targets for attackers. This study analyses the vulnerabilitie...
Developing expertise in vulnerability research is critical to closing the cybersecurity workforce shortage. However, very few institutions have adopted vulnerability research into their cybersecurity curriculum, and fewer have examined how to teach this skill to students. The recent emergence of lightweight, container-based vir-tualization presents...
Cybersecurity education has grown exponentially to support the need for a skilled cybersecurity workforce. Further, capture-the-flag competitions have popularized cybersecurity by engaging and recruiting students while exposing them to cybersecurity workforce competencies. However, the heavy reliance on competition-based educational approaches may...
A robust cybersecurity workforce is critical for protection against a range of malicious attacks. However, it has been noted that there are many vacancies and a shortage of individuals entering the cybersecurity workforce. The workforce shortage has been partially attributed to the lack of diversity in the cybersecurity domain, with women, African...
During the COVID-19 pandemic, remote learning (RL) transformed the educational landscape for hands-on Computer Science courses. This paradigm shift accelerated the transition from traditional in-person programming labs to decentralized student-provided resources. Even as students returned to in-person learning, many continued to rely on their perso...
The availability and usage of the Internet of Things (IoT) have grown significantly over the last decade. This growth in ubiquitous computing has enabled continuous observation, decision-making, and execution of actions to improve the livelihood of millions. However, IoT also has an increased cybersecurity risk by making the user vulnerable to atta...
A myriad of security challenges has accompanied the rapid proliferation of internet-of-things (IoT) smart-home devices. While smart-home security cameras, locks, digital speakers , and thermostats offer the promise of security, their naive implementations often introduce vulnerability into our digitally connected lives. We argue that the consumer d...
IoT malware has accompanied the rapid growth of embedded devices over the last decade. Previous work has proposed static and dynamic detection and classification techniques for IoT malware. However, this work requires a diverse and fine-grained set of malware-specific characteristics. This paper presents a longitudinal, diverse, and open-source IoT...
The availability and usage of the Internet of Things (IoT) have grown significantly over the last decade. This growth in ubiquitous computing has enabled continuous observation, decision-making, and execution of actions to improve the livelihood of millions. However, IoT also has an increased cybersecurity risk by making the user vulnerable to atta...
To support the workforce gap of skilled cybersecurity professionals, gamified pedagogical approaches for teaching cybersecurity have exponentially grown over the last two decades. During this same period, e-sports developed into a multi-billion dollar industry and became a staple on college campuses. In this work, we explore the opportunity to inte...
Analyzing binary programs without source code is critical for cyber-security professionals. This paper presents an undergraduate binary reverse engineering course design that culminates with a comprehensive binary exploitation competition. Our approach challenges students to develop tools that automatically detect and exploit program vulnerabilitie...
The pedagogy of cybersecurity education presents an exciting challenge. Although cyber-warfare has existed for nearly four decades, we fail to adequately model the chaos of offensive cyber attacks in the classroom. Instead, coursework focuses on studying chore-ographed cyber-attack patterns. In this paper, we present an undergraduate cybersecurity...
Security and privacy concerns present the most significant obstacles to consumer adoption of Internet-of-Things (IoT) devices. A lack of transparency and control complicates user trust in IoT. Additionally, a growing history of misuse and abuse exists in IoT. Notably, smart TVs have periodically scanned and collected users' private information with...
The always-on, always-connected nature of smart home devices complicates Internet-of-Things (IoT) security and privacy. Unlike traditional hosts, IoT devices constantly send sensor, state, and heartbeat data to cloud-based servers. These data channels require reliable, routine communication, which is often at odds with an IoT device's storage and p...
The widespread adoption of smart home IoT devices has led to a broad and heterogeneous market with flawed security designs and privacy concerns. While the quality of IoT device software is unlikely to be fixed soon, there is great potential for a network-based solution that helps protect and inform consumers. Unfortunately, the encrypted and propri...
Advanced Persistent Threats (APTs) commonly use stepping stone attacks that allow the adversary to move laterally undetected within an enterprise network towards a target. Existing network security techniques provide limited protection against such attacks, because they lack intra-network mediation and the context of information semantics. We propo...
Advanced Persistent Threat (APT) exhibits discernible attributes or patterns that can be monitored by readily available, open source tools. Tools such as OSSEC, Snort, Splunk, Sguil, and Squert may allow early detection of APT behavior. The assumption is that attackers are regularly attempting to compromise enterprises,from basic service abuse to c...
The combination of competitive security exercises and hands-on learning represents a powerful approach for teaching information system security. Although creating and maintaining such a course can be difficult, the benefits to learning are worthwhile. Our undergraduate Information Assurance course is practice-focused and makes substantial use of co...
This paper presents honeyM, a framework for deploying virtual mobile device honeyclients. Honeyclients provide the ability discover early warnings about novel attacks and ex- ploitations and are typically deployed to protect wired infrastructure. In a wireless environment, honeyclients usually record attacks against the wireless access point. To id...
Unlabeled network traffic data is readily available to the security research community, but there is a severe shortage of labeled datasets that allow validation of experimental results. The labeled DARPA datasets of 1998 and 1999, while innovative at the time, are of only marginal utility in today's threat environment. In this paper we demonstrate...
Bluetooth, a protocol designed to replace peripheral cables, has grown steadily over the last five years and includes a variety of applications. The Bluetooth protocol operates on a wide variety of mobile and wireless devices and is nearly ubiquitous. Several attacks exist that successfully target and exploit Bluetooth enabled devices. This paper d...