Mark W Patton

Interests

Teaching

CybersecurityRisk Management and IT AuditNetworkingIT and Business Strategy

Research

Cybersecurity Big Data Analytics

Courses

Scholarly Contributions

Journals/Publications

• Ampel, B., Patton, M., & Chen, H. (2019). Performance Modeling of Hyperledger Sawtooth Blockchain. 2019 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 59-61.
• Arnold, N., Ebrahimi, M., Zhang, N., Lazarine, B., Patton, M., Chen, H., & Samtani, S. (2019). Dark-Net Ecosystem Cyber-Threat Intelligence (CTI) Tool. 2019 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 92-97.
• Harrell, C. R., Patton, M., Chen, H., & Samtani, S. (2018). Vulnerability Assessment, Remediation, and Automated Reporting: Case Studies of Higher Education Institutions. 2018 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 148-153.
• McMahon, E., Patton, M., Samtani, S., & Chen, H. (2018). Benchmarking Vulnerability Assessment Tools for Enhanced Cyber-Physical System (CPS) Resiliency. 2018 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 100-105.
• Samtani, S., Yu, S., Zhu, H., Patton, M. W., Matherly, J., & Chen, H. (2018). Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things: A Text-Mining Approach. IEEE Intelligent Systems, 33.
• Samtani, S., Yu, S., Zhu, H., Patton, M., Matherly, J., & Chen, H. (2018). Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things. IEEE INTELLIGENT SYSTEMS, 33(2), 63-73.
• Williams, R., Samtani, S., Patton, M., & Chen, H. (2018). Incremental Hacker Forum Exploit Collection and Classification for Proactive Cyber Threat Intelligence: An Exploratory Study. 2018 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 94-99.
• El, M., McMahon, E., Samtani, S., Patton, M., & Chen, H. (2017). Benchmarking Vulnerability Scanners: An Experiment on SCADA Devices and Scientific Instruments. 2017 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 83-88.
• Grisham, J., Samtani, S., Patton, M., & Chen, H. (2017). Identifying Mobile Malware and Key Threat Actors in Online Hacker Forums for Proactive Cyber Threat Intelligence. 2017 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 13-18.
• McMahon, E., Williams, R., El, M., Samtani, S., Patton, M., & Chen, H. (2017). Assessing Medical Device Vulnerabilities on the Internet of Things. 2017 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 176-178.
• Rohrmann, R. R., Ercolani, V. J., & Patton, M. W. (2017). Large Scale Port Scanning Through Tor Using Parallel Nmap Scans to Scan Large Portions of the IPv4 Range. 2017 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 185-187.
• Williams, R., McMahon, E., Samtani, S., Patton, M., & Chen, H. (2017). Identifying Vulnerabilities of Consumer Internet of Things (IoT) Devices: A Scalable Approach. 2017 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 179-181.
• Ercolani, V. J., Patton, M. W., & Chen, H. (2016). Shodan Visualized. IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS: CYBERSECURITY AND BIG DATA, 193-195.
• Grisham, J., Barreras, C., Afarin, C., Patton, M., & Chen, H. (2016). Identifying Top Listers in Alphabay Using Latent Dirichlet Allocation. IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS: CYBERSECURITY AND BIG DATA, 219-219.
• Jicha, A., Patton, M., & Chen, H. (2016). SCADA Honeypots An In-depth Analysis of Conpot. IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS: CYBERSECURITY AND BIG DATA, 196-198.
• Jicha, R., Patton, M. W., & Chen, H. (2016). Identifying Devices Across the IPv4 Address Space. IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS: CYBERSECURITY AND BIG DATA, 199-201.
• Rohrmann, R., Patton, M. W., & Chen, H. (2016). Anonymous Port Scanning Performing Network Reconnaissance Through Tor. IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS: CYBERSECURITY AND BIG DATA, 217-217.
• Samtani, S., Yu, S., Zhu, H., Patton, M., & Chen, H. (2016). Identifying SCADA Vulnerabilities Using Passive and Active Vulnerability Assessment Techniques. IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS: CYBERSECURITY AND BIG DATA, 25-30.
• Patton, M., Gross, E., Chinn, R., Forbis, S., Walker, L., & Chen, H. (2014). Uninvited Connections A Study of Vulnerable Devices on the Internet of Things (IoT). 2014 IEEE JOINT INTELLIGENCE AND SECURITY INFORMATICS CONFERENCE (JISIC), 232-235.
• Nunamaker Jr., J. E., Derrick, D. C., Elkins, A. C., Burgoon, J. K., & Patton, M. W. (2011). Embodied Conversational Agent-Based Kiosk for Automated Interviewing. JOURNAL OF MANAGEMENT INFORMATION SYSTEMS, 28(1), 17-48.

Proceedings Publications

• Lazarine, B., Samtani, S., Patton, M. W., Zhu, H., Ullman, S., Ampel, B., & Chen, H. (2020, Fall). Identifying Vulnerable GitHub Repositories and Users in Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach. In 2020 IEEE International Conference on Intelligence and Security Informatics (ISI).
• Patton, M. W., Brown, S. A., & Suntwal, S. (2019, January). How Does Information Spread? An Exploratory Study of True and Fake News. In Hawaiian International Conference on Systems Sciences (HICSS).
• Patton, M. W., Brown, S. A., & Suntwal, S. (2020, January). How Does Information Spread? An Exploratory Study of True and Fake News. In Hawaiian International Conference on Systems Sciences (HICSS).
• Ullman, S., Samtani, S., Lazarine, B., Zhu, H., Ampel, B., Patton, M. W., & Chen, H. (2020, Fall). Smart Vulnerability Assessment for Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach. In 2020 IEEE International Conference on Intelligence and Security Informatics (ISI).
• Chen, H., Patton, M. W., Samtani, S., Lazarine, B., Zhang, N., Ebrahimi, M., & Arnold, N. (2019, July). Dark Net Ecosystem Cyber Threat Intelligence Tool. In IEEE International Conference on Intelligence and Security Informatics.
• Chen, H., Patton, M. W., Samtani, S., & Williams, R. (2018, November). Incremental Hacker Forum Exploit Collection and Classification for Proactive Cyber Threat Intelligence: An Exploratory Study. In IEEE ISI 2018.
• McMahon, E., Patton, M. W., Samtani, S., & Chen, H. (2018, November). Benchmarking Vulnerability Assessment Tools for Enhanced Cyber-Physical System (CPS) Resiliency. In IEEE ISI 2019.
• Ercolani, V. J., Patton, M. W., & Rohrmann, R. R. (2017).

  Large scale port scanning through tor using parallel Nmap scans to scan large portions of the IPv4 range

  . In 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 185-187.
  More info

  Performing port scans through Tor is a way to hide the source's IP address from the target. Researchers hoping to source their own scans benefit from a means of scanning that helps them to anonymize themselves from targets that may potentially retaliate as the result of being scanned. Though effective in providing anonymization during scanning, it is not scalable to the point of scanning the entire IPv4 Address space on multiple ports, as scans take considerably longer to execute through Tor. This paper specifically explores using a third-party data source to target specific areas of interest in the IPv4 range and then scanning those areas anonymously with parallelized scanners as an effective way to anonymously collect internet scan data. The results demonstrate the feasibility of this approach.
• Samtani, S., Chen, H., El, M., Mcmahon, E., & Patton, M. (2017).

  Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments

  . In 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 83-88.
  More info

  Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-the-art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.
• Samtani, S., Chen, H., Grisham, J., & Patton, M. (2017).

  Identifying mobile malware and key threat actors in online hacker forums for proactive cyber threat intelligence

  . In 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), 13-18.
  More info

  Cyber-attacks are constantly increasing and can prove difficult to mitigate, even with proper cybersecurity controls. Currently, cyber threat intelligence (CTI) efforts focus on internal threat feeds such as antivirus and system logs. While this approach is valuable, it is reactive in nature as it relies on activity which has already occurred. CTI experts have argued that an actionable CTI program should also provide external, open information relevant to the organization. By finding information about malicious hackers prior to an attack, organizations can provide enhanced CTI and better protect their infrastructure. Hacker forums can provide a rich data source in this regard. This research aims to proactively identify mobile malware and associated key authors. Specifically, we use a state-of-the-art neural network architecture, recurrent neural networks, to identify mobile malware attachments followed by social network analysis techniques to determine key hackers disseminating the mobile malware. Results of this study indicate that many identified attachments are zipped Android apps made by threat actors holding administrative positions in hacker forums. Our identified mobile malware attachments are consistent with some of the emerging mobile malware concerns as highlighted by industry leaders.
• Afarin, C., Barreras, C., Chen, H., Grisham, J., & Patton, M. (2016).

  Identifying top listers in Alphabay using Latent Dirichlet Allocation

  . In 2016 IEEE Conference on Intelligence and Security Informatics (ISI), 219-219.
  More info

  This poster analyzes the Alphabay underground marketplace - an anonymous trading grounds for illicit goods and services. Listing data was collected and interpreted using Latent-Dirichlet Allocation (LDA), to determine common topics in the listings. Results found offer insight to the types of goods being sold and who is selling them.
• Chen, H., Jicha, A., & Patton, M. (2016).

  SCADA honeypots: An in-depth analysis of Conpot

  . In 2016 IEEE Conference on Intelligence and Security Informatics (ISI), 196-198.
  More info

  Supervisory Control and Data Acquisition (SCADA) honeypots are key tools not only for determining threats which pertain to SCADA devices in the wild, but also for early detection of potential malicious tampering within a SCADA device network. An analysis of one such SCADA honeypot, Conpot, is conducted to determine its viability as an effective SCADA emulating device. A long-term analysis is conducted and a simple scoring mechanism leveraged to evaluate the Conpot honeypot.
• Chen, H., Jicha, R., & Patton, M. W. (2016).

  Identifying devices across the IPv4 address space

  . In 2016 IEEE Conference on Intelligence and Security Informatics (ISI), 199-201.
  More info

  Many of today's devices are internet-enabled with IPv4 internet addresses, exposing them to internet threats. To determine the true scale of vulnerabilities being introduced, particularly in the IPv4 internet address space, a new methodology of scanning the entire IPv4 internet space is required. To improve scanning speeds we created a framework combining fast connectionless port scanners with a thorough and accurate connection-oriented scanner to verify results. The results are stored to a database. This combined framework provides more robust results than current connectionless scanners, yet still scans the IPv4 internet fast enough to be practically usable for mass scanning.
• Chen, H., Patton, M. W., & Rohrmann, R. R. (2016).

  Anonymous port scanning: Performing network reconnaissance through Tor

  . In 2016 IEEE Conference on Intelligence and Security Informatics (ISI), 217-217.
  More info

  The anonymizing network Tor is examined as one method of anonymizing port scanning tools and avoiding identification and retaliation. Performing anonymized port scans through Tor is possible using Nmap, but parallelization of the scanning processes is required to accelerate the scan rate.
• Samtani, S., Yu, S., Zhu, H., Chen, H., & Patton, M. (2016).

  Identifying SCADA vulnerabilities using passive and active vulnerability assessment techniques

  . In 2016 IEEE Conference on Intelligence and Security Informatics (ISI), 25-30.
  More info

  Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of convenience, it also increases their susceptibility to cyber-attacks. Given the potentially severe ramifications of exploiting SCADA systems, the purpose of this study is to utilize passive and active vulnerability assessment techniques to identify the vulnerabilities of Internet enabled SCADA systems. Specifically, we collect a large testbed of SCADA devices from Shodan, a search engine for the IoT, and assess their vulnerabilities with Nessus and against the National Vulnerability Database (NVD). Results of this study indicate that many SCADA systems from major vendors such as Rockwell Automation and Siemens are vulnerable to default credential, man-in-the-middle, and SSH exploit attacks.