B4 APG News • Thursday, June 8, 2017

THIS WEEK IN APG HISTORY

Sgt. Maj. Michael Striffolino of the Ordnance Center and

Schools, admires the Harford County Public Schools

Student Memorial after its dedication ceremony in Bel

Air.

Donna Coyne of the APG women’s softball team pitches

for her team during the first Sports Day tournament at

Fort George G. Meade.

Kirk Army Hospital Maj. Helen Jagiello, center, presents

completion diplomas for the operating room procedures

basic course to Pfcs. Robert Gregory, left, and Larry

Velez, right.

10 Years Ago 25 Years Ago 50 Years AgoJune 7, 2007 June 10, 1992 June 8, 1967

Take a look back in timeas theAPG

News exploreswhatmade the

headlines aroundAPGduring this

week10, 25 and 50 years ago. This

week’sAPGNewsmasthead is from

1999.

By Yvonne Johnson, APG News

2020 2010 2000 1990 1980 1970 1960 1950

After months of research, an AberdeenHigh School Science and MathematicsAcademy senior received the opportunityto present his capstone project, titled“Using machine learning to create ahost-based intrusion detection system,” toU.S.ArmyMateriel SystemsAnalysisActiv-ity employeesMay 22.

NoahZbozny,18, creditshismentorJohnBurghardt, an operations research analystwithAMSAA, forhelpinghimselect a topicthat would give him real-world experiencein the career field he wants to pursue:cybersecurity. Burghardt met with Zbonzyabout once a week over the course of theschool year to develop the project.

“Really the entire project was a veryinteresting and new experience,” Zboznysaid. “Ididn’t knowmuchabout cybersecu-rity and machine learning when I startedoff.”

The capstone research project is part ofthe curriculum for all seniors who attendthe Science and Mathematics Academy, orSMA, a rigorous four-yearmagnet programfor academically talented students. Thisyear, 25 out of 42 seniorswerementoredbyAPGpersonnel.

“They take courses like cryptology,linear algebra, microcontrollers, somereally interesting stuff that isn’t offered in atypical high school,” Burghardt said.

Capstone projectZbozny said the purpose of his research

project was to provide system adminis-trators with a new method to protectnetworks. To achieve this, he developed anintrusion detection system, or IDS, capableof predicting if network activity is ma-licious, and alerting the network adminis-trator accordingly.

To collect data for this project, he used asecure shell, or SSH, honeypot. A SSH is anetwork protocol that allows an individualto make a secure connection over anunsecured network.

“[SSH] protects your data while you'reon openWi-Fi,” he explained.

A honeypot is amachine that is set up tolook vulnerable, while in reality it is“trapping” information about connectionsand potential intrusions, Zbozny said. Datacollected during this study included pass-word, user name, duration, timestamp,input and a source port, which is anendpoint of communication between twonetwork processes or devices.

To find patterns in his data, Zbozny usedmachine learning, a method of patternrecognition forvery largedimensionaldata,similar to artificial intelligence.

“When you’ve got 50 plus variables,humans can’t identify patterns reasonablywithin those,” he said. “Machine learningallows computers to more accurately pre-dict the outcome based on the data that ithas.”

Zbozny said the honeypot used for theprojectwas run on an anonymous server. Itreceived over 3,000 malicious log-in at-tempts by outside users in about 10 days ofcollection.

“Those were legitimate hacking at-tempts,” he said.

Tocollectmore information frombenigndata, he asked a group of SMA students to“hack-in” to the SSHhoneypot.

“The ones by the SMA students werecontrolled in the sense that the SMAstudents were not genuinely trying todownloadmalwareorharmtheserver, theywere merely acting as a malicious userwould,” he said. “Many of the SMAstudentswere in the test data set, butnot allof them.”

Project findingsZbozny’s findings revealed that input is

the most important attribute, because itwas the most consistently different be-tween themalicious and benign users.

“Nobenignusersweredownloading filesfrom the internet or changing their privi-leges, so it was deemed by the algorithm tobe themost important for deciding if a userwasmalicious or benign,” he said.

He also found that while most of thebenign users were connecting from thedefault SSH port, many of the malicioususers connected through different ports.

"When you connect to a machine viaSSH,your sourceport is randomlyassignedto you, based on a specific range of sourceports," he said. "What we found is thatmany of the malicious users from theinternet were tunneling in from a differentport outside of that range, to attempt tomask that they were connecting from a

SSH. So they specifically set their port to bedifferent fromwhat that rangewould be."

Project resultsIn a test of 175 unique connections, the

IDSwas 84 percent accurate, Zbozny said.“It is actually higher than we expected,”

he said. “The research and industry at-temptsat this are typically in the80percentrange, sowe didn’t really actually expect toget that high.”

Zbozny said he was pleased with theresults and it is a good starting point forfurther research and development.

“While it's not accurate enough to bemainstreamed, it helps research in thefield,” he said.

Audience reactionsBurghardt said he was impressed with

Zbozny’s presentation.“I just thoughthedidaphenomenal job,”

he said. I was really proud of him, he wasvery prepared. All of the work that he didover the school year, it really came throughin his response to questions and how hehandled himself.”

AMSAA Materiel Performance AnalysisDivision Chief Scott Schoeb, congratulatedZbozny after the presentation.

“He has a bright future,” he said. “This ison the cutting edge of innovation, and it iswhereweneed to go to protect our nation.”

SMA Program Specialist Sarah Voskuhlcalled Zbozny’s research project “impres-

sive.”“Noah has been a fabulous student,” she

said. “He ishard-working, kindand funny. Icouldn't be more proud of him and hisresearch project.”

In addition to presenting to AMSAAemployees, Zbozny was one out of fivestudents selected to speak at the annualSenior Capstone Gallery Walk May 23 atAHS. During the awards presentationimmediately after the gallery walk, hereceived the Robert L. Johnson Award forPerseverance&ProblemSolving.

“I know several of the previous studentswhohavereceived theaward, andIamverygrateful that my teachers felt that Ideserved to be one of them,” he said.

Looking to the futureZbozny has been accepted into the

University of Maryland Honors CollegeAdvanced Cybersecurity Experience forStudents program. He was awarded theBanneker/Key Scholarship, a University ofMaryland scholarship offered to only aselect group of applicants who havedemonstrated academic accomplishmentand leadership in high school.

Zbozny’s mother, Jennifer Zbozny, thedirectorof theU.S.ArmyCommunications-Electronics Command’s Software Engi-neeringCenter, said shewas “very proud.”

“He worked really hard and it showedout there,” she said. “Everything that heworked for culminates in these capstoneevents.”

SMA senior presents capstoneproject to AMSAA employeesBy Rachel PonderAPG News

Noah Zbozny, an Aberdeen High School Science and Mathematics Academy senior, presents his capstone project, titled “Using machine

learning to create a host-based intrusion detection system,” to U.S. Army Materiel Systems Analysis Activity employees May 22, 2017.

U.S. ARMY PHOTO BY RACHEL PONDER, APG NEWS