Дисертації з теми "Attack on the network"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Attack on the network.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 дисертацій для дослідження на тему "Attack on the network".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Avidan, Lenoy. "Dynamic Shifting of Virtual Network Topologies for Network Attack Prevention." DigitalCommons@CalPoly, 2019. https://digitalcommons.calpoly.edu/theses/1986.
Повний текст джерелаАнотація:
Computer networks were not designed with security in mind, making research into the subject of network security vital. Virtual Networks are similar to computer networks, except the components of a Virtual Network are in software rather than hardware. With the constant threat of attacks on networks, security is always a big concern, and Virtual Networks are no different. Virtual Networks have many potential attack vectors similar to physical networks, making research into Virtual Network security of great importance. Virtual Networks, since they are composed of virtualized network components, have the ability to dynamically change topologies. In this paper, we explore Virtual Networks and their ability to quickly shift their network topology. We investigate the potential use of this flexibility to protect network resources and defend against malicious activities.
To show the ability of reactively shifting a Virtual Network’s topology to se- cure a network, we create a set of four experiments, each with a different dynamic topology shift, or “dynamic defense”. These four groups of experiments are called the Server Protection, Isolated Subnet, Distributed Port Group, and Standard Port Group experiments. The Server Protection experiments involve detecting an attack against a server and shifting the server behind a protected subnet. The other three sets of experiments, called Attacker Prevention experiments, involve detecting a malicious node in the internal network and initiating a dynamic de- fense to move the attacker behind a protected subnet. Each Attacker Prevention experiment utilizes a different dynamic defense to prevent the malicious node from attacking the rest of the Virtual Network. For each experiment, we run 6 different network attacks to validate the effectiveness of the dynamic defenses. The network attacks utilized for each experiment are ICMP Flooding, TCP Syn Flooding, Smurf attack, ARP Spoofing, DNS Spoofing, and NMAP Scanning. Our validation shows that our dynamic defenses, outside of the standard port group, are very effective in stopping each attack, consistently lowering the at- tacks’ success rate significantly. The Standard Port Group was the one dynamic defense that is ineffective, though there are also a couple of experiments that could benefit from being run with more attackers and with different situations to fully understand the effectiveness of the defenses. We believe that, as Virtual Networks become more common and utilized outside of data centers, the ability to dynamically shift topology can be used for network security purposes.
2
Karaaslan, Ibrahim. "Anti-sensor Network: Distortion-based Distributed Attack In Wireless Sensor Networks." Master's thesis, METU, 2008. http://etd.lib.metu.edu.tr/upload/3/12609276/index.pdf.
Повний текст джерелаАнотація:
In this thesis, a novel anti-sensor network paradigm is introduced against wireless sensor networks (WSN). Anti-sensor network (ASN) aims to destroy application reliability by adaptively and anonymously introducing adequate level of artificial distortion into the communication of the event features transported from the sensor nodes (SN) to the sink. ASN is composed of anti-sensor nodes (aSN) randomly distributed
over the sensor network field. aSNs pretend to be SNs tomaintain anonymity and so improve resiliency against attack detection and prevention mechanisms. Performance
evaluations via mathematical analysis and simulation experiments show that ASN can effectively reduce the application reliability of WSN.
3
Gerbert, Oscar. "Attack on the Chaos Sensor Network Protocol." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-260480.
Повний текст джерелаАнотація:
As the demand for wireless sensor networks increases the need for new protocols with specific ways of distributing data emerges. Chaos is one of those protocols. Chaos has no native security countermeasures implemented, therefore it is important to test how vulnerable it is against attacks. In this thesis I present four novel attacks to test the robustness of Chaos. Experiments show that a Drizzle-attack was the most effective attack, strategic placement of the nodes was the key to a more efficient attack.
4
Van, Heerden Renier Pelser. "A formalised ontology for network attack classification." Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011603.
Повний текст джерелаАнотація:
One of the most popular attack vectors against computers are their network connections. Attacks on computers through their networks are commonplace and have various levels of complexity. This research formally describes network-based computer attacks in the form of a story, formally and within an ontology. The ontology categorises network attacks where attack scenarios are the focal class. This class consists of: Denial-of- Service, Industrial Espionage, Web Defacement, Unauthorised Data Access, Financial Theft, Industrial Sabotage, Cyber-Warfare, Resource Theft, System Compromise, and Runaway Malware. This ontology was developed by building a taxonomy and a temporal network attack model. Network attack instances (also know as individuals) are classified according to their respective attack scenarios, with the use of an automated reasoner within the ontology. The automated reasoner deductions are verified formally; and via the automated reasoner, a relaxed set of scenarios is determined, which is relevant in a near real-time environment. A prototype system (called Aeneas) was developed to classify network-based attacks. Aeneas integrates the sensors into a detection system that can classify network attacks in a near real-time environment. To verify the ontology and the prototype Aeneas, a virtual test bed was developed in which network-based attacks were generated to verify the detection system. Aeneas was able to detect incoming attacks and classify them according to their scenario. The novel part of this research is the attack scenarios that are described in the form of a story, as well as formally and in an ontology. The ontology is used in a novel way to determine to which class attack instances belong and how the network attack ontology is affected in a near real-time environment.
5
Tan, Hailun Computer Science & Engineering Faculty of Engineering UNSW. "Secure network programming in wireless sensor networks." Awarded By:University of New South Wales. Computer Science & Engineering, 2010. http://handle.unsw.edu.au/1959.4/44835.
Повний текст джерелаАнотація:
Network programming is one of the most important applications in Wireless Sensor Networks as It provides an efficient way to update program Images running on sensor nodes without physical access to them. Securing these updates, however, remains a challenging and important issue, given the open deployment environment of sensor nodes. Though several security schemes have been proposed to impose the authenticity and Integrity protection on network programming applications, they are either energy Inefficient as they tend to use digital signature or lacks the data confidentiality. In addition, due to the absence of secure memory management in the current sensor hardware, the attacker could inject malicious code into the program flash by exploiting buffer overflow In the memory despite the secure code dissemination. The contribution of this thesis Is to provide two software-based security protocols and one hardware-based remote attestation protocol for network programming application. Our first protocol deploys multiple one-way key chains for a multi-hop sensor network. The scheme Is shown to be lower In computational, power consumption and communication costs yet still able to secure multi??hop propagation of program images. Our second protocol utilizes an Iterative hash structure to the data packets in network programming application, ensuring the data confidentiality and authenticity. In addition, we Integrated confidentiality and DoS-attack-resistance in a multi??hop code dissemination protocol. Our final solution is a hardware-based remote attestation protocol for verification of running codes on sensor nodes. An additional piece of tamper-proof hardware, Trusted Platform Module (TPM), is imposed into the sensor nodes. It secures the sensitive information (e.g., the session key) from attackers and monitors any platform environment changes with the Internal registers. With these features of TPM, the code Injection attack could be detected and removed when the contaminated nodes are challenged in our remote attestation protocol. We implement the first two software-based protocols with Deluge as the reference network programming protocol in TinyOS, evaluate them with the extensive simulation using TOSSIM and validate the simulation results with experiments using Tmote. We implement the remote attestation protocol on Fleck, a sensor platform developed by CSIRO that Integrates an Atmel TPM chip.
6
Hamid, Thaier K. A. "Attack graph approach to dynamic network vulnerability analysis and countermeasures." Thesis, University of Bedfordshire, 2014. http://hdl.handle.net/10547/576432.
Повний текст джерелаАнотація:
It is widely accepted that modern computer networks (often presented as a heterogeneous collection of functioning organisations, applications, software, and hardware) contain vulnerabilities. This research proposes a new methodology to compute a dynamic severity cost for each state. Here a state refers to the behaviour of a system during an attack; an example of a state is where an attacker could influence the information on an application to alter the credentials. This is performed by utilising a modified variant of the Common Vulnerability Scoring System (CVSS), referred to as a Dynamic Vulnerability Scoring System (DVSS). This calculates scores of intrinsic, time-based, and ecological metrics by combining related sub-scores and modelling the problem’s parameters into a mathematical framework to develop a unique severity cost. The individual static nature of CVSS affects the scoring value, so the author has adapted a novel model to produce a DVSS metric that is more precise and efficient. In this approach, different parameters are used to compute the final scores determined from a number of parameters including network architecture, device setting, and the impact of vulnerability interactions. An attack graph (AG) is a security model representing the chains of vulnerability exploits in a network. A number of researchers have acknowledged the attack graph visual complexity and a lack of in-depth understanding. Current attack graph tools are constrained to only limited attributes or even rely on hand-generated input. The automatic formation of vulnerability information has been troublesome and vulnerability descriptions are frequently created by hand, or based on limited data. The network architectures and configurations along with the interactions between the individual vulnerabilities are considered in the method of computing the Cost using the DVSS and a dynamic cost-centric framework. A new methodology was built up to present an attack graph with a dynamic cost metric based on DVSS and also a novel methodology to estimate and represent the cost-centric approach for each host’ states was followed out. A framework is carried out on a test network, using the Nessus scanner to detect known vulnerabilities, implement these results and to build and represent the dynamic cost centric attack graph using ranking algorithms (in a standardised fashion to Mehta et al. 2006 and Kijsanayothin, 2010). However, instead of using vulnerabilities for each host, a CostRank Markov Model has developed utilising a novel cost-centric approach, thereby reducing the complexity in the attack graph and reducing the problem of visibility. An analogous parallel algorithm is developed to implement CostRank. The reason for developing a parallel CostRank Algorithm is to expedite the states ranking calculations for the increasing number of hosts and/or vulnerabilities. In the same way, the author intends to secure large scale networks that require fast and reliable computing to calculate the ranking of enormous graphs with thousands of vertices (states) and millions of arcs (representing an action to move from one state to another). In this proposed approach, the focus on a parallel CostRank computational architecture to appraise the enhancement in CostRank calculations and scalability of of the algorithm. In particular, a partitioning of input data, graph files and ranking vectors with a load balancing technique can enhance the performance and scalability of CostRank computations in parallel. A practical model of analogous CostRank parallel calculation is undertaken, resulting in a substantial decrease in calculations communication levels and in iteration time. The results are presented in an analytical approach in terms of scalability, efficiency, memory usage, speed up and input/output rates. Finally, a countermeasures model is developed to protect against network attacks by using a Dynamic Countermeasures Attack Tree (DCAT). The following scheme is used to build DCAT tree (i) using scalable parallel CostRank Algorithm to determine the critical asset, that system administrators need to protect; (ii) Track the Nessus scanner to determine the vulnerabilities associated with the asset using the dynamic cost centric framework and DVSS; (iii) Check out all published mitigations for all vulnerabilities. (iv) Assess how well the security solution mitigates those risks; (v) Assess DCAT algorithm in terms of effective security cost, probability and cost/benefit analysis to reduce the total impact of a specific vulnerability.
7
Schuhart, Russell G. "Hacking social networks examining the viability of using computer network attack against social networks." Thesis, Monterey, Calif. : Naval Postgraduate School, 2007. http://bosun.nps.edu/uhtbin/hyperion.exe/07Mar%5FSchuhart.pdf.
Повний текст джерелаАнотація:
Thesis (M.S. in Information Systems and Operations)--Naval Postgraduate School, March 2007.Thesis Advisor(s): David Tucker. "March 2007." Includes bibliographical references (p. 55-56). Also available in print.
8
Klaus, Christian. "Network design for reliability and resilience to attack." Thesis, Monterey, California: Naval Postgraduate School, 2014. http://hdl.handle.net/10945/41406.
Повний текст джерелаАнотація:
Approved for public release; distribution is unlimited.We define and solve two network-design problems. In the first, (1) a defender uses limited resources to select a portfolio of paths or design a sub-network; (2) an attacker then uses limited attack resources to destroy network arcs, and then (3) the defender operates the damaged network optimally by ending a shortest path. The solution identifies a network design that minimizes post-attack path length. We show how the tri-level problem is equivalent to a single-level mixed integer program (MIP) with an exponential number of rows and columns, and solve that MIP using simultaneous row and column generation. Methods extend to network operations denied through general now constructs. The second problem considers a stochastic logistics network where arcs are present randomly and independently. Shipping from a source to a destination may be delayed until a path connecting the two is available. In the presence of storage capacity, cargo can be shipped partway. The problem's solution identifies the storage locations that minimize the cargo's waiting time for shipment. We develop and demonstrate practical methods to solve this #P-complete problem on a model instance derived from a Department of Defense humanitarian shipping network.
9
Mohammadnia, Hamzeh. "IoT-NETZ: Spoong Attack Mitigation in IoT Network." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-260250.
Повний текст джерелаАнотація:
The phenomenal growth of the Internet of Things (IoT) and popularity of the mobile stations have rapidly increased the demand of WLAN network (known as IEEE 802.11 and WiFi). WLAN is a low-cost alternative of the cellular network and being an unlicensed spectrum to build the master plan of embedding the Internet in everything -&-anywhere. At the same time, monitoring the number of IoT and WiFi-enabled devices across residential and enterprises is not trivial. Therefore, future WiFi network architecture requires an agile management paradigm to provide internal support and security for WiFi networks.The operation of IoT and mobile device applications relies on scalability and high-performance computing of clouds. Cloud computing has completely centralized the current data center networking architecture and it provides computation-intensive, high-speed network, and realtime responses to the requests of IoT. The IoT-to-cloud communication is the essence of network security concerns and it is in grievous need of constant security improvement along the inter-networking. Based on the number of researches and analysis on generated traffic by IoT, it has been observed there are the significant number of massive spoofing-oriented attacks targeting cloud services are launched from compromised IoT.On the basis of reviewing prior researches on mostly-conducted network attacks by IoT, there is a challenging and common characteristic which has been frequently utilized in the numerous massive Internet attacks, known as spoofing. This work will survey the existing proposed solutions which have been deployed to protect both traditional and softwarized network paradigms. Then, it proposes the approach of this work that enables IoT-hosting networks protected by employing Software-defined Wireless Networking (SDWN) within the proposed model to mitigate spoofing -oriented network attacks. In addition, the proposed solution provides the environmental sustainability feature by saving power consumption in networking devices during network operation. The practical improvement in the proposed model is measured and evaluated within the emulated environment of Mininet-WiFi.Den fenomenala tillväxten av IoT och populariteten hos mobilstationerna har snabbt ökat efterfrågan på WLAN-nätverk (känd som IEEE 802.11 och WiFi). WLAN är ett billigt alternativ för mobilnätet och är ett olicensierat spektrum för att bygga huvudplanen för att bädda in Internet i allt-och-var som helst. Samtidigt är det inte trivialt att övervaka antalet IoT och WiFi-aktiverade enheter över bostäder och företag. Därför kräver framtida WiFi nätverksarkitektur ett smidigt hantering paradigm för att tillhandahålla internt stöd och säkerhet för WiFi-nätverk.Användningen av IoT och mobilanvändningsapplikationer är beroende av skalbarhet och högpresterande beräkningar av moln. Cloud computing har helt centraliserat den nuvarande datacenters nätverksarkitektur och det ger beräkningsintensiva, höghastighetsnätverk och realtidssvar påbegäran från IoT. IoT-till-moln kommunikationen är kärnan i nätverkssäkerhetshänsyn och de har ett allvarligt behov av ständig förbättring och säkerhetshärdning inom deras internätverk. Baserat på antalet undersökningar och analyser av genererad trafik av IoT har det observerats. Det finns det betydande antalet massiva spoofing-orienterade attacker som riktar sig mot molntjänster, lanseras från komprometterad IoT.På grundval av att granska tidigare undersökningar om IoTs mest genomförda nätverksattacker finns det en utmanande och gemensam egenskap som ofta utnyttjats i de många massiva internetattackerna. Detta arbete kommer att undersöka de befintliga lösningarna som har implementerats för att skydda både traditionella och mjukvariga nätverksparadigmer. Därefter föreslår det tillvägagångssättet för detta arbete som möjliggör IoT-värdnät skyddade genom att använda SDWN inom den föreslagna modellen för att mildra poofing-orienterade nätverksattacker. Dessutom erbjuder den föreslagna lösningen miljöhållbarhet genom att spara strömförbrukning i nätverksenheter under nätverksdrift. Den praktiska förbättringen av den föreslagna modellen mäts och utvärderas inom den omgivande miljön av Mininet-WiFi.
10
Kenar, Serkan. "An Extensible Framework For Automated Network Attack Signature Generation." Master's thesis, METU, 2010. http://etd.lib.metu.edu.tr/upload/2/12611418/index.pdf.
Повний текст джерелаАнотація:
The effectiveness of misuse-based intrusion detection systems (IDS) are seriously broken, with the advance of threats in terms of speed and scale. Today worms, trojans, viruses and other threats can spread all around the globe in less than thirty minutes. In order to detect these emerging threats, signatures must be generated automatically and distributed to intrusion detection systems rapidly. There are studies on automatically generating signatures for worms
and attacks. However, either these systems rely on Honeypots which are supposed to receive only suspicious traffic, or use port-scanning outlier detectors. In this study, an open, extensible system based on an network IDS is proposed to identify suspicious traffic using anomaly
detection methods, and to automatically generate signatures of attacks out of this suspicious traffic. The generated signatures are classified and fedback into the IDS either locally or distributed. Design and proof-of-concept implementation are described and developed system
is tested on both synthetic and real network data. The system is designed as a framework to test different methods and evaluate the outcomes of varying configurations easily.
The test results show that, with a properly defined attack detection algorithm, attack signatures could be generated with high accuracy and efficiency. The resulting system could be used to prevent early damages of fast-spreading worms and other threats.
11
Nazari, Mahmood, and Kun Zhou. "Campus Network Design and Man-In-The-Middle Attack." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-25683.
Повний текст джерелаАнотація:
Security is at the front line of most networks, and most companies apply an exclusive security policy enclosing many of the Open Systems Interconnection (OSI) layers, from application layer all the way down to Internet Protocol (IP) security. On the other hand, an area that is often not protected with high level of security is the second layer of OSI model and this can compromise the entire network to a diversity of attacks.This report presents an experimental performance analysis within the real environment. It focuses on understanding and preventing the Man-In-The-Middle (MITM) also known as Address Resolution Protocol (ARP) Poisoning on the Cisco Catalyst 3560 series switches with Cisco IOS Software. The Linux Command Line (CLI) tools and Ettercap tool were used to launch the Layer 2 attacks that you might come up against. Mitigation methods to stop this attack are evaluated and concluded. Finally we will answer if Secure Socket Layer (SSL) is enough to protect the users’ data against MITM in the network.A HP laptop and two DELL PCs were utilized for these tests and acted as the attacker, the Server and the victim. Victim PC runs Windows 7, attacker’s Laptop and server run Linux.Finally, three different case studies were analyzed and compared with each other and different solutions that might help to solve or detect the issue of MITM attack are concluded.
12
Oguz, Saziye Deniz. "Protein Domain Networks: Analysis Of Attack Tolerance Under Varied Circumstances." Master's thesis, METU, 2010. http://etd.lib.metu.edu.tr/upload/12612518/index.pdf.
Повний текст джерелаАнотація:
Recently, there has been much interest in the resilience of complex networks to random failures and intentional attacks. The study of the network robustness is particularly important by several occasions. In one hand a higher degree of robustness to errors and attacks may be desired for maintaining the information flow in communication networks under attacks. On the other hand planning a very limited attack aimed at fragmenting a network by removal of minimum number of the most important nodes might have significant usage in drug design.
Many real world networks were found to display scale free topology including WWW, the internet, social networks or regulatory gene and protein networks. In the recent studies it was shown that while these networks have a surprising error tolerance, their scale-free topology makes them fragile under intentional attack, leaving the scientists a challenge on how to improve the networks robustness against attacks.
In this thesis, we studied the protein domain co-occurrence network of yeast which displays scale free topology generated with data from Biomart which links to Pfam database. Several networks obtained from protein domain co-occurrence network having exactly the same connectivity distribution were compared under attacks to investigate the assumption that the different networks with the same connectivity distribution do not need to have the same attack tolerances. In addition to this, we considered that the networks with the same connectivity distribution have higher attack tolerance as we organize the same resources in a better way. Then, we checked for the variations of attack tolerance of the networks with the same connectiviy distributions. Furthermore, we investigated whether there is an evolutionary mechanism for having networks with higher or lower attack tolerances for the same connectivity distribution. As a result of these investigations, the different networks with the same connectivity distribution do not have the same attack tolerances under attack. In addition to this, it was observed that the networks with the same connectivity distribution have higher attack tolerances as organizing the same resources in a better way which implies that there is an evolutionary mechanism for having networks with higher attack tolerance for the same connectivity distribution.
13
Almohri, Hussain. "Security risk prioritization for logical attack graphs." Thesis, Manhattan, Kan. : Kansas State University, 2008. http://hdl.handle.net/2097/1114.
Повний текст джерела
14
Suraev, Maxim. "Denial-of-service attack resilience of the GSM access network." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2011. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-13313.
Повний текст джерелаАнотація:
GSM network capable of connecting to any operator providing SIP trunk has beenconstructed to serve as a target for controlled experiment on DoS attacks againstGSM. The usage of this network as a tool to perform DoS attack against mobilephones was also investigated and documented.Open source implementation of testing tool to check DoS resilience of any GSMbase station against RACH flood attack was developed as part of this thesis.Additionally, the analysis of the GSM flaws which opened the possibility for DoSattacks, and the analysis of potential countermeasures is presented.
15
Williams, Leevar (Leevar Christoff). "GARNET : a Graphical Attack graph and Reachability Network Evaluation Tool." Thesis, Massachusetts Institute of Technology, 2008. http://hdl.handle.net/1721.1/46367.
Повний текст джерелаАнотація:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Includes bibliographical references (p. 101-102).
Attack graphs are valuable tools in the assessment of network security, revealing potential attack paths an adversary could use to gain control of network assets. Creating an effective visualization for attack graphs is essential to their utility, but many previous efforts produce complex displays that are difficult to relate to the underlying networks. This thesis presents GARNET (Graphical Attack graph and Reachability Network Evaluation Tool), an interactive visualization tool intended to facilitate the task of attack graph analysis. The tool provides a simplified view of critical steps that can be taken by an attacker and of host-to-host network reachability that enables these exploits. It allows users to perform "what-if" experiments including adding new zero-day attacks, following recommendations to patch software vulnerabilities, and changing the attacker starting location to analyze external and internal attackers. Users are able to view a set of attack graph metrics that summarize different aspects of overall network security for a specific set of attacker models. An initial user evaluation of GARNET identified problematic areas of the interface that assisted in the development of a more functional design.
by Leevar Williams.
M.Eng.
16
Ikusan, Ademola A. "Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined Network." Wright State University / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=wright1515067456228498.
Повний текст джерела
17
Shafley, William K. "Business architecture model for network centric surface combatant land attack warfare." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2001. http://handle.dtic.mil/100.2/ADA397350.
Повний текст джерелаАнотація:
Thesis (M.S. in Information Technology Management) Naval Postgraduate School, Sept. 2001.Thesis advisor(s): Jansen, Erik; Brock, Floyd. "September 2001." Includes bibliographical references (p.115-116). Also available in print.
18
Chen, Ruiliang. "Enhancing Attack Resilience in Cognitive Radio Networks." Diss., Virginia Tech, 2008. http://hdl.handle.net/10919/26330.
Повний текст джерелаАнотація:
The tremendous success of various wireless applications operating in unlicensed bands has resulted in the overcrowding of those bands. Cognitive radio (CR) is a new technology that enables an unlicensed user to coexist with incumbent users in licensed spectrum bands without inducing interference to incumbent communications. This technology can significantly alleviate the spectrum shortage problem and improve the efficiency of spectrum utilization. Networks consisting of CR nodes (i.e., CR networks)---often called dynamic spectrum access networks or NeXt Generation (XG) communication networks---are envisioned to provide high bandwidth to mobile users via heterogeneous wireless architectures and dynamic spectrum access techniques.
In recent years, the operational aspects of CR networks have attracted great research interest. However, research on the security aspects of CR networks has been very limited. In this thesis, we discuss security issues that pose a serious threat to CR networks. Specifically, we focus on three potential attacks that can be launched at the physical or MAC layer of a CR network: primary user emulation (PUE) attack, spectrum sensing data falsification (SSDF) attack, and control channel jamming (CCJ) attack. These attacks can wreak havoc to the normal operation of CR networks. After identifying and analyzing the attacks, we discuss countermeasures. For PUE attacks, we propose a transmitter verification scheme for attack detection. The scheme utilizes the location information of transmitters together with their signal characteristics to verify licensed users and detect PUE attackers. For both SSDF attacks and CCJ attacks, we seek countermeasures for attack mitigation. In particular, we propose Weighted Sequential Probability Ratio Test (WSPRT) as a data fusion technique that is robust against SSDF attacks, and introduce a multiple-rendezvous cognitive MAC (MRCMAC) protocol that is robust against CCJ attacks. Using security analysis and extensive numerical results, we show that the proposed schemes can effectively counter the aforementioned attacks in CR networks.Ph. D.
19
Giannini, Beatrice. "Attack and Mitigation Modelling for Software-Defined Networks." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2020. http://amslaurea.unibo.it/19817/.
Повний текст джерелаАнотація:
Le Software-Defined Networks nascono per superare i limiti delle reti tradizionali, quindi la configurazione verticale e la poca propensione alle novità. Ciò che rende straordinariamente innovative le Software-Defined Networks è la separazione tra piano di controllo e piano dei dati, centralizzando il comando nei controllori e riducendo il compito degli switch al solo inoltro di messaggi. Tuttavia, a causa della giovane età, le SDN non hanno ancora maturato una buona resistenza gli attacchi, soprattutto sono particolarmente propense e soggette ad attacchi di Denial of Service.
Partendo da questo assunto si è voluto dapprima comprendere come lavorano queste reti, sia in situazione normale e sia, in particolare, sotto attacco, concentrandosi su quali sono i problemi e le vulnerabilità. Il primo step è stata dunque l'analisi dei vari scenari e delle varie casistiche possibili, con l'obiettivo di modellare una topologia multi-controller che facesse da base a tutti gli esperimenti. Grazie ad essa è stato possibile simulare e analizzare il comportamente in situazioni normali, con solo traffico di base, per poi studiare la risposta della rete a un attacco DoS, individuando il minimo sforzo necessario all'attaccante per riuscire a manomettere la rete.
Infine, sulla base dello studio dei dati raccolti e dei meccanismi di difesa esistenti, si è pensato che sfruttando una topologia dinamica si potessero ottenere buoni risultati nella prevenzione degli attacchi e si è individuato un modello basato sulla Teoria dei Giochi di mitigazione di un attacco DoS.
20
Lu, Song. "Auto Red Team a network attack automation framework based on Decision Tree /." [Ames, Iowa : Iowa State University], 2008.
Знайти повний текст джерела
21
Javaid, Ahmad Yazdan. "Cyber Security Threat Analysis and Attack Simulation for Unmanned Aerial Vehicle Network." University of Toledo / OhioLINK, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1438816219.
Повний текст джерела
22
Yieh, Pierson. "Vehicle Pseudonym Association Attack Model." DigitalCommons@CalPoly, 2018. https://digitalcommons.calpoly.edu/theses/1840.
Повний текст джерелаАнотація:
With recent advances in technology, Vehicular Ad-hoc Networks (VANETs) have grown in application. One of these areas of application is Vehicle Safety Communication (VSC) technology. VSC technology allows for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications that enhance vehicle safety and driving experience. However, these newly developing technologies bring with them a concern for the vehicular privacy of drivers. Vehicles already employ the use of pseudonyms, unique identifiers used with signal messages for a limited period of time, to prevent long term tracking. But can attackers still attack vehicular privacy even when vehicles employ a pseudonym change strategy? The major contribution of this paper is a new attack model that uses long-distance pseudonym changing and short-distance non-changing protocols to associate vehicles with their respective pseudonyms.
23
Khanal, Sandarva, and Ciara Lynton. "Packet Simulation of Distributed Denial of Service (DDoS) Attack and Recovery." International Foundation for Telemetering, 2013. http://hdl.handle.net/10150/579511.
Повний текст джерелаАнотація:
ITC/USA 2013 Conference Proceedings / The Forty-Ninth Annual International Telemetering Conference and Technical Exhibition / October 21-24, 2013 / Bally's Hotel & Convention Center, Las Vegas, NVDistributed Denial of Service (DDoS) attacks have been gaining popularity in recent years. Most research developed to defend against DDoS attacks have focused on analytical studies. However, because of the inherent nature of a DDoS attack and the scale of a network involved in the attack, analytical simulations are not always the best way to study DDoS attacks. Moreover, because DDoS attacks are considered illicit, performing real attacks to study their defense mechanisms is not an alternative. For this reason, using packet/network simulators, such as OPNET Modeler, is the best option for research purposes. Detection of an ongoing DDoS attack, as well as simulation of a defense mechanism against the attack, is beyond the scope of this paper. However, this paper includes design recommendations to simulate an effective defense strategy to mitigate DDoS attacks. Finally, this paper introduces network links failure during simulation in an attempt to demonstrate how the network recovers during and following an attack.
24
Costantini, Kevin C. "Development of a cyber attack simulator for network modeling and cyber security analysis /." Online version of thesis, 2007. http://hdl.handle.net/1850/5440.
Повний текст джерела
25
JayashankaraShridevi, Rajesh. "Runtime Detection of a Bandwidth Denial Attack from a Rogue Network-on-Chip." DigitalCommons@USU, 2015. https://digitalcommons.usu.edu/etd/4548.
Повний текст джерелаАнотація:
Chips with high computational power are the crux of today’s pervasive complex digital systems. Microprocessor circuits are evolving towards many core designs with the integration of hundreds of processing cores, memory elements and other devices on a single chip to sustain high performance computing while maintaining low design costs. Two decisive paradigm shifts in the semiconductor industry have made this evolution possible: (a) architectural and (b) organizational.
At the heart of the architectural innovation is a scalable high speed data communication structure, the network-on-chip (NoC). NoC is an interconnect network for the glueless integration of on-chip components in the modern complex communication centric designs. In the recent days, NoC has replaced the traditional bus based architecture owing to its structured and modular design, scalability and low design cost. The organizational revolution has resulted in a globalized and collaborative supply chain with pervasive use of third party intellectual properties to reduce the time-to-market and overall design costs.
Despite the advantages of these paradigm shifts, modern system-on-chips pose a plethora of security vulnerabilities. This work explores a threat model arising from a malicious NoC IP embedded with a hardware trojan affecting the resource availability of on-chip components. A rigorous simulation infrastructure is established to evaluate the feasibility and potency of such an attack. Further, a non-invasive runtime monitoring technique is proposed and thoroughly investigated to ensure the trustworthiness of a third party NoC IP with low overheads.
26
Nanda, Sanjeeb. "GRAPH THEORETIC MODELING: CASE STUDIES IN REDUNDANT ARRAYS OF INDEPENDENT DISKS AND NETWORK DEFENSE." Doctoral diss., University of Central Florida, 2007. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/3165.
Повний текст джерелаАнотація:
Graph theoretic modeling has served as an invaluable tool for solving a variety of problems since its introduction in Euler's paper on the Bridges of Königsberg in 1736 . Two amongst them of contemporary interest are the modeling of Redundant Arrays of Inexpensive Disks (RAID), and the identification of network attacks. While the former is vital to the protection and uninterrupted availability of data, the latter is crucial to the integrity of systems comprising networks. Both are of practical importance due to the continuing growth of data and its demand at increasing numbers of geographically distributed locations through the use of networks such as the Internet. The popularity of RAID has soared because of the enhanced I/O bandwidths and large capacities they offer at low cost. However, the demand for bigger capacities has led to the use of larger arrays with increased probability of random disk failures. This has motivated the need for RAID systems to tolerate two or more disk failures, without sacrificing performance or storage space. To this end, we shall first perform a comparative study of the existing techniques that achieve this objective. Next, we shall devise novel graph-theoretic algorithms for placing data and parity in arrays of n disks (n ≥ 3) that can recover from two random disk failures, for n = p – 1, n = p and n = 2p – 2, where p is a prime number. Each shall be shown to utilize an optimal ratio of space for storing parity. We shall also show how to extend the algorithms to arrays with an arbitrary number of disks, albeit with non-optimal values for the aforementioned ratio. The growth of the Internet has led to the increased proliferation of malignant applications seeking to breach the security of networked systems. Hence, considerable effort has been focused on detecting and predicting the attacks they perpetrate. However, the enormity of the Internet poses a challenge to representing and analyzing them by using scalable models. Furthermore, forecasting the systems that they are likely to exploit in the future is difficult due to the unavailability of complete information on network vulnerabilities. We shall present a technique that identifies attacks on large networks using a scalable model, while filtering for false positives and negatives. Furthermore, it also forecasts the propagation of security failures proliferated by attacks over time and their likely targets in the future.Ph.D.
School of Electrical Engineering and Computer Science
Engineering and Computer Science
Computer Science PhD
27
Chen, Xiangqian. "Defense Against Node Compromise in Sensor Network Security." FIU Digital Commons, 2007. http://digitalcommons.fiu.edu/etd/7.
Повний текст джерелаАнотація:
Recent advances in electronic and computer technologies lead to wide-spread deployment of wireless sensor networks (WSNs). WSNs have wide range applications, including military sensing and tracking, environment monitoring, smart environments, etc. Many WSNs have mission-critical tasks, such as military applications. Thus, the security issues in WSNs are kept in the foreground among research areas. Compared with other wireless networks, such as ad hoc, and cellular networks, security in WSNs is more complicated due to the constrained capabilities of sensor nodes and the properties of the deployment, such as large scale, hostile environment, etc. Security issues mainly come from attacks. In general, the attacks in WSNs can be classified as external attacks and internal attacks. In an external attack, the attacking node is not an authorized participant of the sensor network. Cryptography and other security methods can prevent some of external attacks. However, node compromise, the major and unique problem that leads to internal attacks, will eliminate all the efforts to prevent attacks. Knowing the probability of node compromise will help systems to detect and defend against it. Although there are some approaches that can be used to detect and defend against node compromise, few of them have the ability to estimate the probability of node compromise. Hence, we develop basic uniform, basic gradient, intelligent uniform and intelligent gradient models for node compromise distribution in order to adapt to different application environments by using probability theory. These models allow systems to estimate the probability of node compromise. Applying these models in system security designs can improve system security and decrease the overheads nearly in every security area. Moreover, based on these models, we design a novel secure routing algorithm to defend against the routing security issue that comes from the nodes that have already been compromised but have not been detected by the node compromise detecting mechanism. The routing paths in our algorithm detour those nodes which have already been detected as compromised nodes or have larger probabilities of being compromised. Simulation results show that our algorithm is effective to protect routing paths from node compromise whether detected or not.
28
de, Waern Henrik. "Computer Network Attack som olovligt våld : en fråga om association, effekt, aktör och mål." Thesis, Swedish National Defence College, Swedish National Defence College, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:fhs:diva-22.
Повний текст джерелаАнотація:
I Estland 2007 utbröt vad som kommit att kallas ”Cyberwar I”, vari ett stort antal centrala myndigheters, tillika finansiella institutioners servrar attackerades av massiva så kallade Computer Network Attacks (CNA), utfört av framförallt ryska aktörer. Estland protesterade högljutt, men frågan huruvida CNA är att beteckna som olovligt är allt annat än klar. Prövningen sker mot den folkrättsliga regimen Jus ad Bellum, och huruvida metoden uppfyller vissa centrala begrepp. Men hur skall denna regim appliceras CNA?
De frågeställningar som avses besvaras är: hur kan CNA utgöra våld eller hot om våld i enlighet med FN-stadgans artikel 2(4) samt hur kan CNA utgöra väpnat angrepp i enlighet med FN-stadgans artikel 51? Detta avses göras genom en studie inbegripande flertalet folkrättsliga experters teorier på området CNA och våldsanvändning, samt applicering av desamma på en fallstudie av händelserna i Estland 2007.
Sammanfattningsvis konstateras att flertalet variabler har bärighet i hur CNA kan uppfylla artiklarnas centrala begrepp, vari frågan om association, effekt, aktör och mål tydligast faller ut. I en efterföljande diskussion påvisas dock hur variablerna endast är att betrakta som indicier på hur CNA kan klassas så som olovligt, varvid endast statspraxis kan ge den slutgiltiga bedömningen.
29
Arikan, Erinc. "Attack profiling for DDoS benchmarks." Access to citation, abstract and download form provided by ProQuest Information and Learning Company; downloadable PDF file Mb., 96 p, 2006. http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&res_dat=xri:pqdiss&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&rft_dat=xri:pqdiss:1435821.
Повний текст джерела
30
Pagna, Disso Jules F. "A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment." Thesis, University of Bradford, 2010. http://hdl.handle.net/10454/5248.
Повний текст джерелаАнотація:
Recent research has indicated that although security systems are developing,
illegal intrusion to computers is on the rise. The research conducted here
illustrates that improving intrusion detection and prevention methods is
fundamental for improving the overall security of systems.
This research includes the design of a novel Intrusion Detection System (IDS)
which identifies four levels of visibility of attacks. Two major areas of security
concern were identified: speed and volume of attacks; and complexity of
multistage attacks. Hence, the Multistage Intrusion Detection and Prevention
System (MIDaPS) that is designed here is made of two fundamental elements:
a multistage attack engine that heavily depends on attack trees and a Denial of
Service Engine. MIDaPS were tested and found to improve current intrusion
detection and processing performances.
After an intensive literature review, over 25 GB of data was collected on
honeynets. This was then used to analyse the complexity of attacks in a series
of experiments. Statistical and analytic methods were used to design the novel
MIDaPS.
Key findings indicate that an attack needs to be protected at 4 different levels.
Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use
legitimate actions, MIDaPS uses a novel approach of attack trees to trace the
attacker¿s actions. MIDaPS was tested and results suggest an improvement to
current system performance by 84% whilst detecting DDOS attacks within 10
minutes.
31
Bhattacherjee, Debopam. "Stepping Stone Detection for Tracing Attack Sources in Software-Defined Networks." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-190121.
Повний текст джерелаАнотація:
Stepping stones are compromised hosts in a network which can be used by hackers and other malicious attackers to hide the origin of connections. Attackers hop from one compromised host to another to form a chain of stepping stones before launching attack on the actual victim host. Various timing and content based detection techniques have been proposed in the literature to trace back through a chain of stepping stones in order to identify the attacker. This has naturally led to evasive strategies such as shaping the trac di erently at each hop. The evasive techniques can also be detected. Our study aims to adapt some of the existing stepping stone detection and antievasion techniques to software-dened networks which use network function virtualization. We have implemented the stepping-stone detection techniques in a simulated environment and use sFlow for the trac monitoring at the switches. We evaluate the detection algorithms on di erent network topologies and analyze the results to gain insight on the e ectiveness of the detection mechanisms. The selected detection techniques work well on relatively high packet sampling rates. However, new solutions will be needed for large SDN networks where the packet sampling rate needs to be lower.
32
Staples, Zachary H. Michael Robert J. "Redefining attack : taking the offensive against networks /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Mar%5FStaples.pdf.
Повний текст джерелаАнотація:
Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, March 2003. Thesis (M.S. in Computer Science and M.S. in Modeling, Virtual Environments and Simulation)--Naval Postgraduate School, March 2003.Thesis advisor(s): Dan Moran, John Hiles, Rudy Darken. Includes bibliographical references (p. 134-138). Also available online.
33
Moore, Tyler Weston. "Cooperative attack and defense in distributed networks." Thesis, University of Cambridge, 2008. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.612283.
Повний текст джерела
34
Michael, Robert J., and Zachary H. Staples. "Redefining attack: taking the offensive against networks." Thesis, Monterey, California. Naval Postgraduate School, 2003. http://hdl.handle.net/10945/1063.
Повний текст джерелаАнотація:
Approved for public release; distribution is unlimitedThis thesis done in cooperation with the MOVES Institute
The Information Age empowers individuals, and affords small groups an opportunity to attack states' interests with an increasing variety of tactics and great anonymity. Current strategies to prevail against these emerging threats are inherently defensive, relying on potential adversaries to commit mistakes and engage in detectable behavior. While defensive strategies are a critical component of a complete solution set, they cede initiative to the adversary. Moreover, reactive measures are not suited to quickly suppress adversary networks through force. To address this shortfall in strategic planning, the science of networks is rapidly making clear that natural systems built over time with preferential attachment form scale-free networks. These networks are naturally resilient to failure and random attack, but carry inherent vulnerabilities in their highly connected hubs. Taking the offensive against networks is therefore an exercise in discovering and attacking such hubs. To find these hub vulnerabilities in network adversaries, this thesis proposes a strategy called Stimulus Based Discovery, which leads to rapid network mapping and then systematically improves the accuracy and validity of this map while simultaneously degrading an adversary's network cohesion. Additionally, this thesis provides a model for experimenting with Stimulus Based Discovery in a Multi-Agent System.
Lieutenant, United States Navy
35
Pagna, Disso Jules Ferdinand. "A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment." Thesis, University of Bradford, 2010. http://hdl.handle.net/10454/5248.
Повний текст джерелаАнотація:
Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes.
36
Bencel, Jozef. "Analýza bezpečnosti bezdrátových sítí." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2009. http://www.nusl.cz/ntk/nusl-218125.
Повний текст джерелаАнотація:
This master's thesis deals with security of wireless network standard 802.11. There are described security mechanisms as hide SSID, MAC address filtering, WEP, WPA, WPA2 protocols. There are described also the most often kinds of attacks (Denial of Service, disclosure WEP key, Man-in-the-Middle). The work contains investigation of used security mechanisms in wireless networks in parts of Brno. There were used NetStumbler and inSSIDer applications for this measurement. The last part of work contains measurement of security mechanisms (WEP, WPA, WPA2) effect to transfer rate from the point of view of the end user. The measurement was realized with Iperf application.
37
Limmer, Tobias [Verfasser], and Falko [Akademischer Betreuer] Dressler. "Efficient Network Monitoring for Attack Detection = Effizientes Netzwerkmonitoring für Angriffserkennung / Tobias Limmer. Betreuer: Falko Dressler." Erlangen : Universitätsbibliothek der Universität Erlangen-Nürnberg, 2011. http://d-nb.info/1015474462/34.
Повний текст джерела
38
Sangster, Benjamin F. "Performance of VoIP services on a DOCSIS network targeted by a denial of service attack." Connect to this title online, 2007. http://etd.lib.clemson.edu/documents/1193080291/.
Повний текст джерелаАнотація:
Thesis (M.S.) -- Clemson University, 2007.Title from first page of PDF file. Document formatted into pages; contains xi, 66 p. ; also includes graphics (chiefly col). Contains additional supplemental file.
39
Sung, Minho. "Scalable and efficient distributed algorithms for defending against malicious Internet activity." Diss., Available online, Georgia Institute of Technology, 2006, 2006. http://etd.gatech.edu/theses/available/etd-07172006-134741/.
Повний текст джерелаАнотація:
Thesis (Ph. D.)--Computing, Georgia Institute of Technology, 2007.Xu, Jun, Committee Chair ; Ahamad, Mustaque, Committee Member ; Ammar, Mostafa, Committee Member ; Bing, Benny, Committee Member ; Zegura, Ellen, Committee Member.
40
Yan, Qiben. "Security Enhanced Communications in Cognitive Networks." Diss., Virginia Tech, 2014. http://hdl.handle.net/10919/49704.
Повний текст джерелаАнотація:
With the advent of ubiquitous computing and Internet of Things (IoT), potentially billions of devices will create a broad range of data services and applications, which will require the communication networks to efficiently manage the increasing complexity. Cognitive network has been envisioned as a new paradigm to address this challenge, which has the capability of reasoning, planning and learning by incorporating cutting edge technologies including knowledge representation, context awareness, network optimization and machine learning. Cognitive network spans over the entire communication system including the core network and wireless links across the entire protocol stack. Cognitive Radio Network (CRN) is a part of cognitive network over wireless links, which endeavors to better utilize the spectrum resources. Core network provides a reliable backend infrastructure to the entire communication system. However, the CR communication and core network infrastructure have attracted various security threats, which become increasingly severe in pace with the growing complexity and adversity of the modern Internet.
The focus of this dissertation is to exploit the security vulnerabilities of the state-of-the-art cognitive communication systems, and to provide detection, mitigation and protection mechanisms to allow security enhanced cognitive communications including wireless communications in CRNs and wired communications in core networks. In order to provide secure and reliable communications in CRNs: emph{first}, we incorporate security mechanisms into fundamental CRN functions, such as secure spectrum sensing techniques that will ensure trustworthy reporting of spectrum reading. emph{Second}, as no security mechanism can completely prevent all potential threats from entering CRNs, we design a systematic passive monitoring framework, emph{SpecMonitor}, based on unsupervised machine learning methods to strategically monitor the network traffic and operations in order to detect abnormal and malicious behaviors. emph{Third}, highly capable cognitive radios allow more sophisticated reactive jamming attack, which imposes a serious threat to CR communications. By exploiting MIMO interference cancellation techniques, we propose jamming resilient CR communication mechanisms to survive in the presence of reactive jammers. Finally, we focus on protecting the core network from botnet threats by applying cognitive technologies to detect network-wide Peer-to-Peer (P2P) botnets, which leads to the design of a data-driven botnet detection system, called emph{PeerClean}. In all the four research thrusts, we present thorough security analysis, extensive simulations and testbed evaluations based on real-world implementations. Our results demonstrate that the proposed defense mechanisms can effectively and efficiently counteract sophisticated yet powerful attacks.Ph. D.
41
Salla, Vamsi. "Error and attack tolerance of complex real networks." Morgantown, W. Va. : [West Virginia University Libraries], 2005. https://eidr.wvu.edu/etd/documentdata.eTD?documentid=4311.
Повний текст джерелаАнотація:
Thesis (M.S.)--West Virginia University, 2005.Title from document title page. Document formatted into pages; contains x, 80 p. : ill. (some col.). Includes abstract. Includes bibliographical references (p. 70-72).
42
Rejeb, Ridha. "Fault and attack management in all-optical networks." Thesis, University of Warwick, 2005. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.425517.
Повний текст джерела
43
Furman, Joshua R. (Joshua Ronni) 1977. "Attack notification and adaptation in ad hoc networks." Thesis, Massachusetts Institute of Technology, 2002. http://hdl.handle.net/1721.1/87423.
Повний текст джерела
44
Gorlatova, Maria A. "Wormhole attack detection in wireless ad hoc networks." Thesis, University of Ottawa (Canada), 2007. http://hdl.handle.net/10393/27459.
Повний текст джерелаАнотація:
This thesis deals with wormhole attack discovery in mobile wireless ad hoc networks. Two separate approaches to wormhole attack discovery are developed in this thesis. One approach -- based on protocol-breaking -- allows detection of wormholes that disrupt network operations by dropping network packets. Another -- a novel frequency-based analysis of periodic network messages -- detects wormholes that do not drop traffic. The developed wormhole attack discovery techniques are local, do not rely on specialized hardware or clock synchronization, and do not require modification to existing ad hoc network routing protocols.
In addition, tools that are necessary for ad hoc network attack research are created. Network traffic analyzer modules applicable to ad hoc network research are developed and tested. Also, a realistic implementation of a wormhole attack in the NS-2 network simulator is created.
45
Fall, Moustapha. "Cyber-Physical Systems Security: Machine to Machine Controlled by PLC in a Local Network." University of Cincinnati / OhioLINK, 2021. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1623168149265934.
Повний текст джерела
46
Alserhani, Faeiz. "A framework for correlation and aggregation of security alerts in communication networks : a reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspective." Thesis, University of Bradford, 2011. http://hdl.handle.net/10454/5430.
Повний текст джерелаАнотація:
The tremendous increase in usage and complexity of modern communication and network systems connected to the Internet, places demands upon security management to protect organisations' sensitive data and resources from malicious intrusion. Malicious attacks by intruders and hackers exploit flaws and weakness points in deployed systems through several sophisticated techniques that cannot be prevented by traditional measures, such as user authentication, access controls and firewalls. Consequently, automated detection and timely response systems are urgently needed to detect abnormal activities by monitoring network traffic and system events. Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) are technologies that inspect traffic and diagnose system behaviour to provide improved attack protection. The current implementation of intrusion detection systems (commercial and open-source) lacks the scalability to support the massive increase in network speed, the emergence of new protocols and services. Multi-giga networks have become a standard installation posing the NIDS to be susceptible to resource exhaustion attacks. The research focuses on two distinct problems for the NIDS: missing alerts due to packet loss as a result of NIDS performance limitations; and the huge volumes of generated alerts by the NIDS overwhelming the security analyst which makes event observation tedious. A methodology for analysing alerts using a proposed framework for alert correlation has been presented to provide the security operator with a global view of the security perspective. Missed alerts are recovered implicitly using a contextual technique to detect multi-stage attack scenarios. This is based on the assumption that the most serious intrusions consist of relevant steps that temporally ordered. The pre- and post- condition approach is used to identify the logical relations among low level alerts. The alerts are aggregated, verified using vulnerability modelling, and correlated to construct multi-stage attacks. A number of algorithms have been proposed in this research to support the functionality of our framework including: alert correlation, alert aggregation and graph reduction. These algorithms have been implemented in a tool called Multi-stage Attack Recognition System (MARS) consisting of a collection of integrated components. The system has been evaluated using a series of experiments and using different data sets i.e. publicly available datasets and data sets collected using real-life experiments. The results show that our approach can effectively detect multi-stage attacks. The false positive rates are reduced due to implementation of the vulnerability and target host information.
47
Flucke, Thomas J. "IDENTIFICATION OF USERS VIA SSH TIMING ATTACK." DigitalCommons@CalPoly, 2020. https://digitalcommons.calpoly.edu/theses/2208.
Повний текст джерелаАнотація:
Secure Shell, a tool to securely access and run programs on a remote machine, is an important tool for both system administrators and developers alike. The technology landscape is becoming increasingly distributed and reliant on tools such as Secure Shell to protect information as a user works on a system remotely. While Secure Shell accounts for the abuses the security of older tools such as telnet overlook, it still has fundamental vulnerabilities which leak information about both the user and their activities through timing attacks. The OpenSSH client, the implementation included in all Linux, Mac, and Windows computers, sends each keystroke entered to the server as soon as it becomes available. As a result, an attacker can observe the network patterns to know when a user presses a key and draw conclusions based on that information such as what a user is typing or who they are. In this thesis, we demonstrate that such an attack allows a malicious observer to identify a user with a concerning level of accuracy without having direct access to either the client or server systems. Using machine learning classifiers, we identify individual users in a crowd based solely on the size and timing of packets traveling across the network. We find that our classifiers were able to identify users with 20\% accuracy using as little as one hour of network traffic. Two of them promise to scale well to the number of users.
48
Hedefalk, Finn. "Robustness of Spatial Databases: Using Network Analysis on GIS Data Models." Thesis, University of Gävle, Department of Technology and Built Environment, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:hig:diva-6625.
Повний текст джерелаАнотація:
Demands on the quality and reliability of Volunteered Geographic Information have increased because of its rising popularity. Due to the less controlled data entry, there is a risk that people provide false or inaccurate information to the database. One factor that affects the effect of such updates is the network structure of the database schema, which might reveal the database’s robustness against different kinds of false updates. Therefore, network analyses are needed. The aim is to analyse GIS data models, stored in UML class diagrams, for scale-free and small-world properties. Moreover, a robustness analysis is to be carried out on selected data models in order to find out their error and attack tolerance against, for example, false updates. Three graphs were specified from the UML class diagrams: (1) class graphs: classes as nodes and their interactive relationships as connections; (2) attribute graphs: classes and attributes as nodes, with connections between the classes and their attributes; and (3) schema graphs: attributes as nodes and their interactive relationships inside and outside the tables as links. The analysed class diagrams were stored in XMI, and therefore transformed with XSLT to the Pajek network format. Thereafter, small-world and scale-free analyses as well as a robustness analysis were performed on the graphs.
The results from the scale-free analyses showed no strict power-laws. Nevertheless, the classes’ relationships and attributes, and the betweenness in the schema graphs were long-tailed distributed. Furthermore, the schema graphs had small-world properties, and the analysed class and schema graphs were robust against errors but fragile against attacks. In a network structure perspective, these results indicate that false updates on random tables of a database should usually do little harm, but falsely updating the most central cells or tables may cause big damage. Consequently, it may be necessary to monitor and constrain sensitive cells and tables in order to protect them from attacks
49
Antunes, João Alexandre Simões 1981. "Network attack injection." Doctoral thesis, 2012. http://hdl.handle.net/10451/7244.
Повний текст джерелаАнотація:
Tese de doutoramento, Informática (Ciência da Computação), Universidade de Lisboa, Faculdade de Ciências, 2012The increasing reliance on networked computer systems demands for high levels of dependability. Unfortunately, new threats and forms of attack are constantly emerging to exploit vulnerabilities in systems, compromising their correctness. An intrusion in a network server may affect its users and have serious repercussions in other services, possibly leading to new security breaches that can be exploited by further attacks. Software testing is the first line of defense in opposing attacks because it can support the discovery and removal of weaknesses in the systems. However, searching for flaws is a difficult and error-prone task, which has invariably overlooked vulnerabilities. The thesis proposes a novel methodology for vulnerability discovery that systematically generates and injects attacks, while monitoring and analyzing the target system. An attack that triggers an unexpected behavior provides a strong indication of the presence of a flaw. This attack can then be given to the developers as a test case to reproduce the anomaly and to assist in the correction of the problem. The main focus of the investigation is to provide a theoretical and experimental framework for the implementation and execution of attack injection on network servers. Several innovative solutions related to this approach are covered, including ways to infer a specification of the protocol implemented by the server, the generation of a comprehensive set of attacks, the injection and monitoring of the target system, and the automatic analysis of results. Furthermore, we apply some of the developed techniques to other areas of network security, namely to intrusion tolerance and detection. In particular, a new method is proposed to assist on the evaluation of the compliance of diverse replicas in intrusion-tolerant systems.
O aumento da dependência e confiança depositada nos sistemas de rede, exige níveis de confiabilidade cada vez mais elevados. Infelizmente, novas ameaças e formas de ataque estão constantemente a surgir, explorando vulnerabilidades nos sistemas e comprometendo a sua correta operação. Uma intrusão num servidor de rede pode afetar os seus utilizadores e ter graves repercussões noutros serviços, eventualmente abrindo novas brechas de segurança que podem ser exploradas por outros ataques. O teste de software é a primeira linha de defesa na oposição a ataques porque pode apoiar a descoberta e remoção de fraquezas dos sistemas. No entanto, a procura de falhas é uma tarefa difícil e propensa a erros, e que tem invariavelmente deixado escapar vulnerabilidades. A tese propõe uma nova metodologia para a descoberta da vulnerabilidades que permite a sistemática geração e injeção de ataques, e a simultânea monitorização e análise do sistema-alvo. Um ataque que desencadeie um comportamento inesperado é uma forte indicação da presença de uma falha. Este ataque pode então ser dado à equipa de desenvolvimento como um caso de teste para reproduzir a anomalia e para auxiliar na correção do problema. O foco principal da investigação é fornecer um quadro teórico e experimental para a concretização e execução da injeção de ataques em servidores de rede. Diversas soluções inovadoras relacionadas com esta abordagem são estudadas, incluindo a inferência da especificação do protocolo concretizado pelo servidor, a geração de um conjunto abrangente de ataques, a injeção e monitorização do sistema-alvo e a análise automática dos resultados. Além disso, aplicamos algumas das técnicas aqui desenvolvidas noutras áreas de segurança de redes, nomeadamente, para a tolerância e deteção de intrusões. Em particular, é proposto um novo método para a avaliação da conformidade de réplicas em sistemas tolerantes a intrusões com diversidade.
Fundação para a Ciência e a Tecnologia (FCT, SFRH/BD/-44336/2008, projetos POSC/EIA/61643/2004 (AJECT) e PTDC/EIA-EIA/100894/2008 (DIVERSE); Multi-annual and CMU-Portugal Programmes; European Comission, projetos IST-2004-27513 (CRUTIAL) e FP7-257475 (MASSIF).
50
Chen, Ming-Hung, and 陳明宏. "Attack Graph Based Network Defense." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/10775568647829336324.
Повний текст джерелаАнотація:
碩士中原大學
資訊工程研究所
93
As the society gradually evolved to accommodate the advances of technologies, many network applications have been invented, which lead to the flourishing development of the Internet. With more and more services move to the Internet, intruders are attracted by the possible advantages they are able to take by exploiting human mistakes or software vulnerabilities. On seeing a suspicious packet, the response an intrusion detection system makes is usually based on the alert solely; environmental characteristics and the current network states are rarely considered. In order to prevent an intruder from achieving his final goal after initial attacks are detected, an automated mechanism that can help in making appropriate decisions on the response strategies and the response actors is needed. Intrusion detection systems produce certain amount of false alarms; and, usually, they react to intrusion events statically .In this thesis, we proposed a mechanism based on attack graph to strengthen the dependability of alarms. Also, when an alarm matches to the attack graph of the site in concern, the mechanism can help to determine the appropriate response to take.