Practical approaches for MTCP Security
Multi-path TCP (MPTCP) is an emerging IETF standard for providing connection resilience and bandwidth aggregation. MPTCP evolves the existing TCP protocol by allowing multiple TCP flows for a TCP session. This provides exciting new possibilities for mobile devices that can maintain TCP sessions as connection paths are added or dropped, and multi-homed servers that allow TCP sessions to take advantage of a mesh topology. However, current network security monitoring infrastructure solutions cannot appropriately inspect MPTCP connections, leaving significant intrusion detection and data loss blind spots. This paper will discuss practical approaches for MPTCP security.
36287 (PDF, 6.89MB)
2 Oct 2015Related Content
USB: Universal Security Breach or Uniquely Secured Bus? Assessing the Effectiveness of Windows 11 Group Policy at Controlling USB Device Installation for Budget-Constrained Security Teams
Research PaperThis study evaluates three progressively granular Windows 11 Group Policy (GPO) configurations—class-based blocking, VID/PID allowlisting, and Device Instance ID allowlisting—against legitimate business peripherals and a Hak5 USB Rubber Ducky configured as a composite BadUSB device, using the Windows 11 v25H2 Security Baseline as the unmodified reference state.
- 22 Jun 2026
- Kire Jacobson
Investigating Operating System Variations in IPv6 Implementations
Research PaperThis research tested the four most common operating system families, Windows, Linux, macOS, and BSD, for RFC compliance and behavioral differences across a controlled set of IPv6 test cases. Because RFC specifications leave many implementation details to the developer, behavior was expected to diverge, and the testing confirmed that it did.
- 22 Jun 2026
- Donovan Rodriguez
macOS Infostealer Exfiltration Techniques via Native Tooling: Behavioral Analysis and Defenses
Research PaperThis paper analyzes macOS infostealers and their reliance on native system utilities. The use of specific command-line options and arguments should be predictable and detectable with proper analysis.
- 22 Jun 2026
- Cory Findley
Untested: An Overlooked Link in the Software Supply Chain
Research PaperThis research explores test code as an attack surface and takes a first step toward creating a tool to help analysts detect and mitigate malware lurking in test libraries.
- 16 Apr 2026
- Evan Ottinger
Cyber Risk Intelligence and Security Posture (CRISP): From Compliance to Threat-Informed Intelligence
Research PaperThis paper presents CRISP (Cyber Risk Intelligence & Security Posture), a platform that automates the transformation of STIG compliance data into threat-informed security intelligence.
- 7 Apr 2026
- Eric Kaden
Enhancing Linux Threat Detection: A Sysmon - Based Approach to Identifying Sandworm TTPs
Research PaperLinux systems have become foundational across modern IT enterprises. Threat actors are increasingly targeting Linux systems, including well - known advanced persistent threats (APTs) such as Sandworm.
- 20 Mar 2026
- Joshua Keller
Open-Source National Security Infrastructure for Sweden’s National Security Apparatus
Research PaperThis paper investigates whether core IT infrastructure implemented using open-source software and infrastructure-as-code techniques can achieve compliance with selected information security requirements defined in Chapter 4 of PMFS 2022:1.
- 18 Mar 2026
- Fredrik Bolinder
Configuring Windows 11 Workgroup Computers to CIS Windows 11 L1 and BitLocker Baseline Recommendations Using PowerShell DSC
Research PaperEndpoints are often the first points of cyberattacks. Enterprises would often try to harden them according to established security baselines, such as those published by the Center for Internet Security (CIS).
- 24 Feb 2026
- Tan Gui De
Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement
Research PaperThis study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.
- 5 Dec 2025
- Garland Brown
Defending Vulnerable Populations Against Scams: Effectiveness of Browser Extensions in Mitigating Scammer Attack Chains
Research PaperThis research evaluates the effectiveness of a browser extension as a security control—Grandma’s Guardian—designed for simplicity and accessibility so that even non-technical home users can benefit from enterprise-grade protection.
- 19 Nov 2025
- Thomas Gorman
Building Scalable Detection-as-Code Pipelines with Agentic Validation and Refinement
Research PaperThe proposed DaC pipeline uses large language models (LLMs) for logic conversion, variant analysis, and simulation testing via Atomic Red Team, with queries executed against Splunk to measure true positives and false negatives.
- 6 Nov 2025
- Benjamin Opel
Isolated Trust: Zero Trust in Standalone Systems
Research PaperThe use of air-gapped, isolated systems remains an essential tool for organizations that require high confidentiality or integrity, including those in the government, industrial control systems, and the banking industry.
- 6 Nov 2025
- Brian Crowley
"You Again": Fingerprinting and Tracking Mechanisms of Malicious Sites
Research PaperBrowsers provide many APIs for any visited site to perform stateful and stateless tracking, and legitimate websites utilize these capabilities. Yet little is widely known about what tracking, if any, malicious sites perform.
- 26 Sep 2025
- Erin Kuffel-Flato
Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing
Research PaperWhile most evaluations rely on vendor checklists and surface-level comparisons, this white paper takes a different approach: building and applying a hands-on testing framework grounded in NIST SP 800-207 and the CISA Zero Trust Maturity Model.
- 11 Jul 2025
- Derron Carstensen
AI-Driven Insecurity: Assessing Security Gaps in AI Generated IT Guidance
Research PaperThe increasing reliance on AI-generated technical guidance for IT system configuration introduces significant security risks. This study assesses these risks through a case study: setting up an Apache web server on a Rocky Linux system using instructions from seven AI models.
- 13 May 2025
- Edward Abbott
SIEM Detection Logic Conversion with LLMs
Research PaperThis research explores how Large Language Models (LLMs) and automation scripts can expedite the translation of detection logic between SIEMs, converting detections in minutes instead of hours.
- 2 May 2025
- David Wolverton
Validating the Effectiveness of MITRE Engage and Active Defense
Research PaperThis research examines the impact of Active Defense compared to a traditional security posture when an adversary employs common tactics and techniques to identify high-value targets or exfiltrate sensitive data.
- 29 Mar 2025
- Mark Stephens
Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components
Research PaperThe research presented in this paper demonstrates that companies can shift the detection and awareness of developers using vulnerable components left in the early development stages.
- 26 Mar 2025
- Wellington Rampazo
Strolling Through the STIG
Research PaperThis research demonstrates how a new tool, Stroll, avoids the additional hardware requirements by living off the land.
- 7 Mar 2025
- Seth R. Butler
Building Resilient IoT Devices: Binary Hardening with Yocto and Clang
Research PaperThis paper addresses the critical need for enhanced security in Internet of Things (IoT) devices by evaluating the implementation of binary hardening techniques using Clang security features within the Yocto build environment.
- 3 Mar 2025
- William Terwilliger
