Дисертації з теми "Security attacks detection"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Security attacks detection.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 дисертацій для дослідження на тему "Security attacks detection".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Kazi, Shehab. "Anomaly based Detection of Attacks on Security Protocols." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4806.
Анотація:
Abstract. Security and privacy in digital communications is the need of the hour. SSL/TLS has become widely adopted to provide the same. Multiple application layer protocols can be layered on top of it. However protection is this form results in all the data being encrypted causing problems for an intrusion detection system which relies on a sniffer that analyses packets on a network. We thus hypothesise that a host based intrusion detection system that analyses packets after decryption would be able to detect attacks against security protocols. To this effect we conduct two experiments where we attack a web server and a mail server, collect data, analyse it and conclude with methods to detect such attacks. These methods are in the form of peudocode.
2
Whitelaw, Clayton. "Precise Detection of Injection Attacks on Concrete Systems." Scholar Commons, 2015. http://scholarcommons.usf.edu/etd/6051.
Анотація:
Injection attacks, including SQL injection, cross-site scripting, and operating system command injection, rank the top two entries in the MITRE Common Vulnerability Enumeration (CVE) [1]. Under this attack model, an application (e.g., a web application) uses some untrusted input to produce an output program (e.g., a SQL query). Applications may be vulnerable to injection attacks because the untrusted input may alter the output program in malicious ways. Recent work has established a rigorous definition of injection attacks. Injections are benign iff they obey the NIE property, which states that injected symbols strictly insert or expand noncode tokens in the output program. Noncode symbols are strictly those that are either removed by the tokenizer (e.g., insignificant whitespace) or span closed values in the output program language, and code symbols are all other symbols. This thesis demonstrates that such attacks are possible on applications for Android—a mobile device operating system—and Bash—a common Linux shell—and shows by construction that these attacks can be detected precisely. Specifically, this thesis examines the recent Shellshock attacks on Bash and shows how it widely differs from ordinary attacks, but can still be precisely detected by instrumenting the output program’s runtime. The paper closes with a discussion of the lessons learned from this study and how best to overcome the practical challenges to precisely preventing these attacks in practice.
3
Jan, Steve T. K. "Robustifying Machine Learning based Security Applications." Diss., Virginia Tech, 2020. http://hdl.handle.net/10919/99862.
Анотація:
In recent years, machine learning (ML) has been explored and employed in many fields. However, there are growing concerns about the robustness of machine learning models. These concerns are further amplified in security-critical applications — attackers can manipulate the inputs (i.e., adversarial examples) to cause machine learning models to make a mistake, and it's very challenging to obtain a large amount of attackers' data. These make applying machine learning in security-critical applications difficult.
In this dissertation, we present several approaches to robustifying three machine learning based security applications. First, we start from adversarial examples in image recognition. We develop a method to generate robust adversarial examples that remain effective in the physical domain. Our core idea is to use an image-to-image translation network to simulate the digital-to-physical transformation process for generating robust adversarial examples. We further show these robust adversarial examples can improve the robustness of machine learning models by adversarial retraining. The second application is bot detection. We show that the performance of existing machine learning models is not effective if we only have the limit attackers' data. We develop a data synthesis method to address this problem. The key novelty is that our method is distribution aware synthesis, using two different generators in a Generative Adversarial Network to synthesize data for the clustered regions and the outlier regions in the feature space. We show the detection performance using 1% of attackers' data is close to existing methods trained with 100% of the attackers' data. The third component of this dissertation is phishing detection. By designing a novel measurement system, we search and detect phishing websites that adopt evasion techniques not only at the page content level but also at the web domain level. The key novelty is that our system is built on the observation of the evasive behaviors of phishing pages in practice. We also study how existing browsers defenses against phishing websites that impersonate trusted entities at the web domain. Our results show existing browsers are not yet effective to detect them.Doctor of Philosophy
Machine learning (ML) is computer algorithms that aim to identify hidden patterns from the data. In recent years, machine learning has been widely used in many fields. The range of them is broad, from natural language to autonomous driving. However, there are growing concerns about the robustness of machine learning models. And these concerns are further amplified in security-critical applications — Attackers can manipulate their inputs (i.e., adversarial examples) to cause machine learning models to predict wrong, and it's highly expensive and difficult to obtain a huge amount of attackers' data because attackers are rare compared to the normal users. These make applying machine learning in security-critical applications concerning. In this dissertation, we seek to build better defenses in three types of machine learning based security applications. The first one is image recognition, by developing a method to generate realistic adversarial examples, the machine learning models are more robust for defending against adversarial examples by adversarial retraining. The second one is bot detection, we develop a data synthesis method to detect malicious bots when we only have the limit malicious bots data. For phishing websites, we implement a tool to detect domain name impersonation and detect phishing pages using dynamic and static analysis.
4
Taub, Lawrence. "Application of a Layered Hidden Markov Model in the Detection of Network Attacks." NSUWorks, 2013. http://nsuworks.nova.edu/gscis_etd/320.
Анотація:
Network-based attacks against computer systems are a common and increasing problem. Attackers continue to increase the sophistication and complexity of their attacks with the goal of removing sensitive data or disrupting operations. Attack detection technology works very well for the detection of known attacks using a signature-based intrusion detection system. However, attackers can utilize attacks that are undetectable to those signature-based systems whether they are truly new attacks or modified versions of known attacks. Anomaly-based intrusion detection systems approach the problem of attack detection by detecting when traffic differs from a learned baseline. In the case of this research, the focus was on a relatively new area known as payload anomaly detection. In payload anomaly detection, the system focuses exclusively on the payload of packets and learns the normal contents of those payloads. When a payload's contents differ from the norm, an anomaly is detected and may be a potential attack. A risk with anomaly-based detection mechanisms is they suffer from high false positive rates which reduce their effectiveness. This research built upon previous research in payload anomaly detection by combining multiple techniques of detection in a layered approach. The layers of the system included a high-level navigation layer, a request payload analysis layer, and a request-response analysis layer. The system was tested using the test data provided by some earlier payload anomaly detection systems as well as new data sets. The results of the experiments showed that by combining these layers of detection into a single system, there were higher detection rates and lower false positive rates.
5
Rosa, José Luís da Silva. "Customer-side detection of BGP routing attacks." Master's thesis, Universidade de Aveiro, 2016. http://hdl.handle.net/10773/17808.
Анотація:
Mestrado em Engenharia de Computadores e TelemáticaA utilização diária da Internet tornou-se uma rotina que foi assimilada pelas pessoas sem considerarem a complexidade interna desta gigante rede. Até um certo ponto, o Border Gateway Protocol é o que mantem toda esta conectividade possível apesar de ser um protocolo defeituoso por natureza. Em 2008, um ataque Man-In-The-Middle foi pela primeira vez apresentado ao grande público e desde de então mais técnicas para explorar este protocolo e obter tráfego alheio de forma ilícita foram dadas a conhecer. Mesmo que o desvio não aconteça com natureza maliciosa, mas sim devido a um erro de configuração, este é um problema que deverá ser enfrentado. Alguns provedores de serviço e institutos de investigação já apresentaram propostas para novos protocolos e/ou sistemas de monitorização, mas estes estão atrasados no seu desenvolvimento ou apenas afetam a camada superior da rede, deixando utilizadores e um grande número de empresas que estão ligadas a um provedor sem meios para agir e sem informação sobre o encaminhamento do seu tráfego. Nesta dissertação, é apresentado, concebido e implementado um sistema que atinge uma monitorização ativa do BGP através da medição do tempo médio de viagem de vários pacotes enviados de várias localizações, através de uma rede mundial de sondas, e do processamento dos resultados obtidos, permitindo que todos os interessados possam ser alertados.
The daily use of the Internet has become a routine that many people absorbed into their lives without even thinking about the insides of this gigantic network. To an extent, the Border Gateway Protocol is what is keeping all this connectivity together despite being a very flawed protocol due to its design. In 2008 a Man-In-The-Middle attack was first presented to the general audience and ever since more techniques were reported to use the protocol to obtain traffic illicitly. Even if the routing deviation does not occur via a malicious intention but due to some poorly configured router, this is a problem that must be tackled. Some network providers and research institutes already presented some drafts for new protocols or monitoring systems but they are late into deployment or only affect the top layer of the network, leaving users and most part of the companies connected to the provider impotent and without any proper information about the routing of their traffic. In this dissertation a system is presented, implemented and deployed, achieving an active monitorization of BGP through measurements of the average travel time of several packets sent to various locations by a worldwide set of Probes and the collected results processed allowing all concerned actors to be alerted.
6
Lantz, David. "Detection of side-channel attacks targeting Intel SGX." Thesis, Linköpings universitet, Programvara och system, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177987.
Анотація:
In recent years, trusted execution environments like Intel SGX have allowed developers to protect sensitive code inside so called enclaves. These enclaves protect its code and data even in the cases of a compromised OS. However, SGX enclaves have been shown to be vulnerable to numerous side-channel attacks. Therefore, there is a need to investigate ways that such attacks against enclaves can be detected. This thesis investigates the viability of using performance counters to detect an SGX-targeting side-channel attack, specifically the recent Load Value Injection (LVI) class of attacks. A case study is thus presented where performance counters and a threshold-based detection method is used to detect variants of the LVI attack. The results show that certain attack variants could be reliably detected using this approach without false positives for a range of benign applications. The results also demonstrate reasonable levels of speed and overhead for the detection tool. Some of the practical limitations of using performance counters, particularly in an SGX-context, are also brought up and discussed.
7
Aditham, Santosh. "Mitigation of Insider Attacks for Data Security in Distributed Computing Environments." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6639.
Анотація:
In big data systems, the infrastructure is such that large amounts of data are hosted away from the users. Information security is a major challenge in such systems. From the customer’s perspective, one of the big risks in adopting big data systems is in trusting the service provider who designs and owns the infrastructure, with data security and privacy. However, big data frameworks typically focus on performance and the opportunity for including enhanced security measures is limited. In this dissertation, the problem of mitigating insider attacks is extensively investigated and several static and dynamic run-time techniques are developed. The proposed techniques are targeted at big data systems but applicable to any data system in general.
First, a framework is developed to host the proposed security techniques and integrate with the underlying distributed computing environment. We endorse the idea of deploying this framework on special purpose hardware and a basic model of the software architecture for such security coprocessors is presented. Then, a set of compile-time and run-time techniques are proposed to protect user data from the perpetrators. These techniques target detection of insider attacks that exploit data and infrastructure. The compile-time intrusion detection techniques analyze the control flow by disassembling program binaries while the run-time techniques analyze the memory access patterns of processes running on the system.
The proposed techniques have been implemented as prototypes and extensively tested using big data applications. Experiments were conducted on big data frameworks such as Hadoop and Spark using cloud-based services. Experimental results indicate that the proposed techniques successfully detect insider attacks in the context of data loss, data degradation, data exposure and infrastructure degradation.
8
Rubio, Hernan Jose Manuel. "Detection of attacks against cyber-physical industrial systems." Thesis, Evry, Institut national des télécommunications, 2017. http://www.theses.fr/2017TELE0015/document.
Анотація:
Nous abordons des problèmes de sécurité dans des systèmes cyber-physiques industriels. Les attaques contre ces systèmes doivent être traitées à la fois en matière de sûreté et de sécurité. Les technologies de contrôles imposés par les normes industrielles, couvrent déjà la sûreté. Cependant, du point de vue de la sécurité, la littérature a prouvé que l’utilisation de techniques cyber pour traiter la sécurité de ces systèmes n’est pas suffisante, car les actions physiques malveillantes seront ignorées. Pour cette raison, on a besoin de mécanismes pour protéger les deux couches à la fois. Certains auteurs ont traité des attaques de rejeu et d’intégrité en utilisant une attestation physique, p. ex., le tatouage des paramètres physiques du système. Néanmoins, ces détecteurs fonctionnent correctement uniquement si les adversaires n’ont pas assez de connaissances pour tromper les deux couches. Cette thèse porte sur les limites mentionnées ci-dessus. Nous commençons en testant l’efficacité d’un détecteur qui utilise une signature stationnaire afin de détecter des actions malveillantes. Nous montrons que ce détecteur est incapable d’identifier les adversaires cyber-physiques qui tentent de connaître la dynamique du système. Nous analysons son ratio de détection sous la présence de nouveaux adversaires capables de déduire la dynamique du système. Nous revisitons le design original, en utilisant une signature non stationnaire, afin de gérer les adversaires visant à échapper à la détection. Nous proposons également une nouvelle approche qui combine des stratégies de contrôle et de communication. Toutes les solutions son validées à l’aide de simulations et maquettes d’entraînementWe address security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not enough, since physical malicious actions are ignored. For this reason, cyber-physical systems have to be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes, f.i., physical watermarking to ensure the truthfulness of the process. However, these detectors work properly only if the adversaries do not have enough knowledge to mislead crosslayer data. This thesis focuses on the aforementioned limitations. It starts by testing the effectiveness of a stationary watermark-based fault detector, to detect, as well, malicious actions produced by adversaries. We show that the stationary watermark-based detector is unable to identify cyber-physical adversaries. We show that the approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection performance of the original design under the presence of adversaries that infer the system dynamics to evade detection. We revisit the original design, using a non-stationary watermark-based design, to handle those adversaries. We also propose a novel approach that combines control and communication strategies. We validate our solutions using numeric simulations and training cyber-physical testbeds
9
Wang, Le. "Detection of Man-in-the-middle Attacks Using Physical Layer Wireless Security Techniques." Digital WPI, 2013. https://digitalcommons.wpi.edu/etd-theses/992.
Анотація:
"In a wireless network environment, all the users are able to access the wireless channel. Thus, if malicious users exploit this feature by mimicking the characteristics of a normal user or even the central wireless access point (AP), they can intercept almost all the information through the network. This scenario is referred as a Man-in-the-middle (MITM) attack. In the MITM attack, the attackers usually set up a rogue AP to spoof the clients. In this thesis, we focus on the detection of MITM attacks in Wi-Fi networks. The thesis introduces the entire process of performing and detecting the MITM attack in two separate sections. The first section starts from creating a rogue AP by imitating the characteristics of the legitimate AP. Then a multi-point jamming attack is conducted to kidnap the clients and force them to connect to the rogue AP. Furthermore, the sniffer software is used to intercept the private information passing through the rogue AP. The second section focuses on the detection of MITM attacks from two aspects: jamming attacks detection and rogue AP detection. In order to enable the network to perform defensive strategies more effectively, distinguishing different types of jamming attacks is necessary. We begin by using signal strength consistency mechanism in order to detect jamming attacks. Then, based on the statistical data of packets send ratio (PSR) and packets delivery ratio (PDR) in different jamming situations, a model is built to further differentiate the jamming attacks. At the same time, we gather the received signal strength indication (RSSI) values from three monitor nodes which process the random RSSI values employing a sliding window algorithm. According to the mean and standard deviation curve of RSSI, we can detect if a rogue AP is present within the vicinity. All these proposed approaches, either attack or detection, have been validated via computer simulations and experimental hardware implementations including Backtrack 5 Tools and MATLAB software suite. "
10
Rubio, Hernan Jose Manuel. "Detection of attacks against cyber-physical industrial systems." Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2017. http://www.theses.fr/2017TELE0015.
Анотація:
Nous abordons des problèmes de sécurité dans des systèmes cyber-physiques industriels. Les attaques contre ces systèmes doivent être traitées à la fois en matière de sûreté et de sécurité. Les technologies de contrôles imposés par les normes industrielles, couvrent déjà la sûreté. Cependant, du point de vue de la sécurité, la littérature a prouvé que l’utilisation de techniques cyber pour traiter la sécurité de ces systèmes n’est pas suffisante, car les actions physiques malveillantes seront ignorées. Pour cette raison, on a besoin de mécanismes pour protéger les deux couches à la fois. Certains auteurs ont traité des attaques de rejeu et d’intégrité en utilisant une attestation physique, p. ex., le tatouage des paramètres physiques du système. Néanmoins, ces détecteurs fonctionnent correctement uniquement si les adversaires n’ont pas assez de connaissances pour tromper les deux couches. Cette thèse porte sur les limites mentionnées ci-dessus. Nous commençons en testant l’efficacité d’un détecteur qui utilise une signature stationnaire afin de détecter des actions malveillantes. Nous montrons que ce détecteur est incapable d’identifier les adversaires cyber-physiques qui tentent de connaître la dynamique du système. Nous analysons son ratio de détection sous la présence de nouveaux adversaires capables de déduire la dynamique du système. Nous revisitons le design original, en utilisant une signature non stationnaire, afin de gérer les adversaires visant à échapper à la détection. Nous proposons également une nouvelle approche qui combine des stratégies de contrôle et de communication. Toutes les solutions son validées à l’aide de simulations et maquettes d’entraînementWe address security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not enough, since physical malicious actions are ignored. For this reason, cyber-physical systems have to be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes, f.i., physical watermarking to ensure the truthfulness of the process. However, these detectors work properly only if the adversaries do not have enough knowledge to mislead crosslayer data. This thesis focuses on the aforementioned limitations. It starts by testing the effectiveness of a stationary watermark-based fault detector, to detect, as well, malicious actions produced by adversaries. We show that the stationary watermark-based detector is unable to identify cyber-physical adversaries. We show that the approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection performance of the original design under the presence of adversaries that infer the system dynamics to evade detection. We revisit the original design, using a non-stationary watermark-based design, to handle those adversaries. We also propose a novel approach that combines control and communication strategies. We validate our solutions using numeric simulations and training cyber-physical testbeds
11
Theerthagiri, Dinesh. "Reversing Malware : A detection intelligence with in-depth security analysis." Thesis, Linköping University, Department of Electrical Engineering, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-52058.
Анотація:
More money nowadays moves online and it is very understandable that criminals want to make more money online aswell, because these days’ banks don’t have large sums of money in their cash box. Since there are many other internalrisks involved in robbing a bank, criminals have found many other ways to commit crimes and much lower risMore money nowadays moves online and it is very understandable that criminals want to make more money online as well, because these days’ banks don’t have large sums of money in their cash box. Since there are many other internal risks involved in robbing a bank, criminals have found many other ways to commit crimes and much lower risk in online crime. The first level of change involved was email-based phishing, but later circumstances changed again.
Authentication methods and security of online bank has been improved over the period. This will drastically reduce effects of phishing based on emails and fraudulent website. The next level of online bank fraud is called banking Trojans. These Trojans infect the online customers of banks. These Trojans monitors customer’s activities and uses their authenticated session to steal customers’ money.
A lot of money is made by these kinds of attacks. Comparatively few perpetrators have been caught, and the problem is getting worse day by day. To have a better understanding of this problem, I have selected a recent malware sample named as SilentBanker. It had the capability of attacking more than 400 banks. This thesis presents the problem in general and includes my results in studying the behaviour of the SilentBanker Trojan.
12
Sriskandarajah, Shriparen. "Detection and mitigation of denial-of-service attacks against software-defined networking." Thesis, Queensland University of Technology, 2021. https://eprints.qut.edu.au/226951/1/Shriparen_Sriskandarajah_Thesis.pdf.
Анотація:
Software-defined networking (SDN) is an emerging architecture in computer networking that was introduced to fulfill the demand of current Internet-based services and applications. New features introduced in the SDN architecture open the space for attackers to disrupt the SDN-based networks using new types of Denial-of-Service (DoS) attacks. In this study, first, we present a new DoS attack, namely the control channel DoS attack. Second, we present another new DoS attack to overwhelm the flow table of the SDN switches, namely the flow rule overwhelming attack. Finally, we propose novel strategies to detect and mitigate DoS attacks against the SDN architecture.
13
Zhang, Yueqian. "Resource Clogging Attacks in Mobile Crowd-Sensing: AI-based Modeling, Detection and Mitigation." Thesis, Université d'Ottawa / University of Ottawa, 2020. http://hdl.handle.net/10393/40082.
Анотація:
Mobile Crowdsensing (MCS) has emerged as a ubiquitous solution for data collection from embedded sensors of the smart devices to improve the sensing capacity and reduce the sensing costs in large regions. Due to the ubiquitous nature of MCS, smart devices require cyber protection against adversaries that are becoming smarter with the objective of clogging the resources and spreading misinformation in such a non-dedicated sensing environment. In an MCS setting, one of the various adversary types has the primary goal of keeping participant devices occupied by submitting fake/illegitimate sensing tasks so as to clog the participant resources such as the battery, sensing, storage, and computing. With this in mind, this thesis proposes a systematical study of fake task injection in MCS, including modeling, detection, and mitigation of such resource clogging attacks.
We introduce modeling of fake task attacks in MCS intending to clog the server and drain battery energy from mobile devices. We creatively grant mobility to the tasks for more extensive coverage of potential participants and propose two take movement patterns, namely Zone-free Movement (ZFM) model and Zone-limited Movement (ZLM) model. Based on the attack model and task movement patterns, we design task features and create structured simulation settings that can be modified to adapt different research scenarios and research purposes.
Since the development of a secure sensing campaign highly depends on the existence of a realistic adversarial model. With this in mind, we apply the self-organizing feature map (SOFM) to maximize the number of impacted participants and recruits according to the user movement pattern of these cities. Our simulation results verify the magnified effect of SOFM-based fake task injection comparing with randomly selected attack regions in terms of more affected recruits and participants, and increased energy consumption in the recruited devices due to the illegitimate task submission.
For the sake of a secure MCS platform, we introduce Machine Learning (ML) methods into the MCS server to detect and eliminate the fake tasks, making sure the tasks arrived at the user side are legitimate tasks. In our work, two machine learning algorithms, Random Forest and Gradient Boosting are adopted to train the system to predict the legitimacy of a task, and Gradient Boosting is proven to be a more promising algorithm. We have validated the feasibility of ML in differentiating the legitimacy of tasks in terms of precision, recall, and F1 score. By comparing the energy-consuming, effected recruits, and impacted candidates with and without ML, we convince the efficiency of applying ML to mitigate the effect of fake task injection.
14
Gabelli, Filippo. "Security analysis of physical attacks to offshore O&G facilities." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2021.
Анотація:
Chemical and petrochemical plants are susceptible to malicious acts due to the attractiveness brought by the substances handled, the possibility to thieve secret information, and their strategic importance. Thus, a number of qualitative and semi-quantitative methodologies have been developed for the assessment of vulnerabilities of such sites. Similarly, offshore facilities, that are central in the production of hydrocarbons, were subjected to physical and cyber security events as is outlined in relevant past accident analysis. However, there are just few methodologies tailored for the identification of vulnerabilities in that specific environment. The current study is aimed at closing such gap by building a proper technique for modeling attacks towards offshore sites. The method has been developed just for physical attacks and has been drafted with reference to the ASD model, for rendering the adversary pattern, and to the single path computer model (EASI), for the estimation of the PPS effectiveness. The methodology is intended as a tool for supporting standard SVA/SRA procedures, with particular reference to the API RP 780,
therefore its purpose is to provide a systematic approach to the analysis. It has been applied to a case study, represented by an offshore production platform, to point out the results obtained and to outline the link with the API SRA methodology.
15
Scanlan, JD. "A context aware attack detection system across multiple gateways in real-time." Thesis, Honours thesis, University of Tasmania, 2004. https://eprints.utas.edu.au/117/1/Thesis_Final.pdf.
Анотація:
It is understood that intrusion detection systems can make more intelligent decisions if the context of the traffic being observed is known. This thesis examines whether an attack detection system, looking at traffic as it arrives at gateways or firewalls, can make smarter decisions if the context of attack patterns across a class of IP addresses is known. A system that detects and forestalls the continuation of both fast attacks and slow attacks across several IP addresses is described and the development of heuristics both to ban activity from hostile IP addresses and then lift these bans is illustrated. The System not only facilitates detection of methodical multiple gateway attacks, but also acts to defeat the attack before penetration can occur across the gateway range.
16
APRUZZESE, GIOVANNI. "Security Analytics and Machine Learning for Cyber Detection: Problematiche Moderne e Soluzioni Innovative." Doctoral thesis, Università degli studi di Modena e Reggio Emilia, 2020. http://hdl.handle.net/11380/1200588.
Анотація:
La rilevazione efficace dei cyber-attacchi avanzati è un problema complesso che presenta numerose problematiche e sfide. Gli attaccanti più esperti migliorano continuamente i propri strumenti e, attraverso l'attuazione di strategie originali, sono in grado di eludere la rilevazione degli approcci tradizionali basati su regole statiche. Di conseguenza, molte data-breach richiedono mesi prima di essere identificate, provocando ingenti danni alle organizzazioni moderne. Gli operatori umani da soli non sono in grado di gestire il continuo aumento della complessità, varietà e velocità delle minacce recenti. Per risolvere questo problema, come evidenziato sia dalla letteratura scientifica che da appositi report tecnici, gli analisti della sicurezza devono essere supportati da meccanismi di rilevazione aumatici che possano sfruttare le grandi quantità di dati generati dalle reti moderne. Questa tesi promuove e incentiva questa posizione, proponendo tecniche di security analytics che adottano modelli di machine learning e algoritmi matematici. In particolare, vengono presentate soluzioni originali per la cyber detection di minacce diffuse quali botnet, lateral movement, comunicazioni periodiche malevole, e phishing. Viene anche effettuato uno studio dei problemi che affliggono questi approcci nei contesti di cybersecurity, caratterizati da una - non apparente - difficoltà di applicazione di nuove soluzioni, a causa della difficoltà di definire la linea di separazione tra azioni malevole e legittime. Nella seconda parte di questa tesi, si considera il problema degli adversarial attack contro i cyber detector, e si presentano soluzioni originali per ridurre l'impatto di simili minacce. Tutti i metodi proposti richiedono un ridotto quantitativo di informazioni e si basano su assunzioni essenziali, consentendone l'integrazione nei framework di difesa adottati dalle organizzazioni reali. Un valore importante che caratterizza l'intera tesi è che tutte le idee e tecniche proposte sono validate attraverso numerose campagne sperimentali effettuate su dataset realistici di grosse dimensioni. I risultati ottenuti migliorano lo stato dell'arte e, in alcuni casi, risolvono i problemi di detection. Per queste ragioni, si può affermare che la presente tesi costituisca un solido fondamento per la creazione di sistemi difensivi che siano in grado di supportare gli analisti della sicurezza anche in presenza delle forme di cyber-attacchi più all'avanguardia.Efficient detection of advanced cyber attacks is a complex problem that presents multiple issues and challenges. Skilled attackers are constantly improving their tools and, by adopting original strategies, are able to evade the detection of traditional rule-based approaches. As a consequence, large amounts of data breaches remain undetected for months, causing severe damage to organizations. Humans alone cannot efficiently deal with the increasing velocity, complexity and variety of modern threats. To address these critical menaces, as evidenced by both scientific literature and practical reports, cybersecurity analysts need to be supported with forms of automatic detection mechanisms that exploit the huge volume of data generated by modern systems and networks. This thesis promotes and improves this conviction by leveraging security analytics through machine learning models and mathematical algorithms. We present original solutions for cyber detection of popular threats related to botnets, lateral movements, malicious periodic communications and phishing. We also study the problems affecting these approaches in cybersecurity contexts where solutions are not as straightforward as expected and the balance between true and false detection remains an open issue. In the second part of the thesis, we consider the problem of adversarial attacks against cyber detectors, and we present original solutions to mitigate similar threats. The proposed methods require minimal amounts of information and few assumptions, thus enabling their integration in real defensive frameworks of large enterprises. An important value characterizing the entire thesis is that all the proposed ideas and approaches are implemented and evaluated through experimental campaigns involving real datasets. The presented results improve the state-of-the-art and, in some cases, solve the detection problems. For these reason, we can conclude that this thesis paves the way to new defensive systems that can support cyber analysts in detecting advanced forms of attacks in several scenarios.
17
Musa, Shahrulniza. "Visualising network security attacks with multiple 3D visualisation and false alert classification." Thesis, Loughborough University, 2008. https://dspace.lboro.ac.uk/2134/14241.
Анотація:
Increasing numbers of alerts produced by network intrusion detection systems (NIDS) have burdened the job of security analysts especially in identifying and responding to them. The tasks of exploring and analysing large quantities of communication network security data are also difficult. This thesis studied the application of visualisation in combination with alerts classifier to make the exploring and understanding of network security alerts data faster and easier. The prototype software, NSAViz, has been developed to visualise and to provide an intuitive presentation of the network security alerts data using interactive 3D visuals with an integration of a false alert classifier. The needs analysis of this prototype was based on the suggested needs of network security analyst's tasks as seen in the literatures. The prototype software incorporates various projections of the alert data in 3D displays. The overview was plotted in a 3D plot named as "time series 3D AlertGraph" which was an extension of the 2D histographs into 3D. The 3D AlertGraph was effectively summarised the alerts data and gave the overview of the network security status. Filtering, drill-down and playback of the alerts at variable speed were incorporated to strengthen the analysis. Real-time visual observation was also included. To identify true alerts from all alerts represents the main task of the network security analyst. This prototype software was integrated with a false alert classifier using a classification tree based on C4.5 classification algorithm to classify the alerts into true and false. Users can add new samples and edit the existing classifier training sample. The classifier performance was measured using k-fold cross-validation technique. The results showed the classifier was able to remove noise in the visualisation, thus making the pattern of the true alerts to emerge. It also highlighted the true alerts in the visualisation. Finally, a user evaluation was conducted to find the usability problems in the tool and to measure its effectiveness. The feed backs showed the tools had successfully helped the task of the security analyst and increased the security awareness in their supervised network. From this research, the task of exploring and analysing a large amount of network security data becomes easier and the true attacks can be identified using the prototype visualisation tools. Visualisation techniques and false alert classification are helpful in exploring and analysing network security data.
18
Akbar, Yousef M. A. H. "Intrusion Detection of Flooding DoS Attacks on Emulated Smart Meters." Thesis, Virginia Tech, 2020. http://hdl.handle.net/10919/98554.
Анотація:
The power grid has changed a great deal from what has been generally viewed as a traditional power grid. The modernization of the power grid has seen an increase in the integration and incorporation of computing and communication elements, creating an interdependence of both physical and cyber assets of the power grid. The fast-increasing connectivity has transformed the grid from what used to be primarily a physical system into a Cyber- Physical System (CPS). The physical elements within a power grid are well understood by power engineers; however, the newly deployed cyber aspects are new to most researchers and operators in this field. The new computing and communications structure brings new vulnerabilities along with all the benefits it provides. Cyber security of the power grid is critical due to the potential impact it can make on the community or society that relies on the critical infrastructure. These vulnerabilities have already been exploited in the attack on the Ukrainian power grid, a highly sophisticated, multi-layered attack which caused large power outages for numerous customers. There is an urgent need to understand the cyber aspects of the modernized power grid and take the necessary precautions such that the security of the CPS can be better achieved. The power grid is dependent on two main cyber infrastructures, i.e., Supervisory Control And Data Acquisition (SCADA) and Advanced Metering Infrastructure (AMI). This thesis investigates the AMI in power grids by developing a testbed environment that can be created and used to better understand and develop security strategies to remove the vulnerabilities that exist within it. The testbed is to be used to conduct and implement security strategies, i.e., an Intrusion Detections Systems (IDS), creating an emulated environment to best resemble the environment of the AMI system. A DoS flooding attack and an IDS are implemented on the emulated testbed to show the effectiveness and validate the performance of the emulated testbed.M.S.
The power grid is becoming more digitized and is utilizing information and communication technologies more, hence the smart grid. New systems are developed and utilized in the modernized power grid that directly relies on new communication networks. The power grid is becoming more efficient and more effective due to these developments, however, there are some considerations to be made as for the security of the power grid. An important expectation of the power grid is the reliability of power delivery to its customers. New information and communication technology integration brings rise to new cyber vulnerabilities that can inhibit the functionality of the power grid. A coordinated cyber-attack was conducted against the Ukrainian power grid in 2015 that targeted the cyber vulnerabilities of the system. The attackers made sure that the grid operators were unable to observe their system being attacked via Denial of Service attacks. Smart meters are the digitized equivalent of a traditional energy meter, it wirelessly communicates with the grid operators. An increase in deployment of these smart meters makes it such that we are more dependent on them and hence creating a new vulnerability for an attack. The smart meter integration into the power grid needs to be studied and carefully considered for the prevention of attacks. A testbed is created using devices that emulate the smart meters and a network is established between the devices. The network was attacked with a Denial of Service attack to validate the testbed performance, and an Intrusion detection method was developed and applied onto the testbed to prove that the testbed created can be used to study and develop methods to cover the vulnerabilities present.
19
Morgan, Justin L. "Clustering Web Users By Mouse Movement to Detect Bots and Botnet Attacks." DigitalCommons@CalPoly, 2021. https://digitalcommons.calpoly.edu/theses/2304.
Анотація:
The need for website administrators to efficiently and accurately detect the presence of web bots has shown to be a challenging problem. As the sophistication of modern web bots increases, specifically their ability to more closely mimic the behavior of humans, web bot detection schemes are more quickly becoming obsolete by failing to maintain effectiveness. Though machine learning-based detection schemes have been a successful approach to recent implementations, web bots are able to apply similar machine learning tactics to mimic human users, thus bypassing such detection schemes. This work seeks to address the issue of machine learning based bots bypassing machine learning-based detection schemes, by introducing a novel unsupervised learning approach to cluster users based on behavioral biometrics. The idea is that, by differentiating users based on their behavior, for example how they use the mouse or type on the keyboard, information can be provided for website administrators to make more informed decisions on declaring if a user is a human or a bot. This approach is similar to how modern websites require users to login before browsing their website; which in doing so, website administrators can make informed decisions on declaring if a user is a human or a bot. An added benefit of this approach is that it is a human observational proof (HOP); meaning that it will not inconvenience the user (user friction) with human interactive proofs (HIP) such as CAPTCHA, or with login requirements
20
Tevemark, Jonas. "Intrusion Detection and Prevention in IP Based Mobile Networks." Thesis, Linköping University, Department of Electrical Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-12015.
Анотація:
Ericsson’s Packet Radio Access Network (PRAN) is a network solution for packet transport in mobile networks, which utilizes the Internet Protocol (IP). The IP protocol offers benefits in responsiveness and performance adaptation to data bursts when compared to Asynchronous Transfer Mode (ATM), which is still often used. There are many manufacturers / operators providing IP services, which reduce costs. The IP’s use on the Internet brings greater end-user knowledge, wider user community and more programs designed for use in IP environments. Because of this, the spectrum of possible attacks against PRAN broadens. This thesis provides information on what protection an Intrusion Prevention System (IPS) can add to the current PRAN solution.
A risk analysis is performed to identify assets in and threats against PRAN, and to discover attacks that can be mitigated by the use of an IPS. Information regarding placement of an IPS in the PRAN network is given and tests of a candidate system are performed. IPS features in hardware currently used by Ericsson as well as missing features are pinpointed . Finally, requirements for an IPS intended for use in PRAN are concluded.
21
Khraisat, Ansam. "Intelligent zero-day intrusion detection framework for internet of things." Thesis, Federation University Australia, 2020. http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/179729.
Анотація:
Zero-day intrusion detection system faces serious challenges as hundreds of thousands of new instances of malware are being created every day to cause harm or damage to the computer system. Cyber-attacks are becoming more sophisticated, leading to challenges in intrusion detection. There are many Intrusion Detection Systems (IDSs), which are proposed to identify abnormal activities, but most of these IDSs produce a large number of false positives and low detection accuracy. Hence, a significant quantity of false positives could generate a high-level of alerts in a short period of time as the normal activities are classified as intrusion activities. This thesis proposes a novel framework of hybrid intrusion detection system that integrates the Signature Intrusion Detection System (SIDS) with the Anomaly Intrusion Detection System (AIDS) to detect zero-day attacks with high accuracy. SIDS has been used to identify previously known intrusions, and AIDS has been applied to detect unknown zero-day intrusions. The goal of this research is to combine the strengths of each technique toward the development of a hybrid framework for the efficient intrusion detection system. A number of performance measures including accuracy, F-measure and area under ROC curve have been used to evaluate the efficacy of our proposed models and to compare and contrast with existing approaches. Extensive simulation results conducted in this thesis show that the proposed framework is capable of yielding excellent detection performance when tested with a number of widely used benchmark datasets in the intrusion detection system domain. Experiments show that the proposed hybrid IDS provides higher detection rate and lower false-positive rate in detecting intrusions as compared to the SIDS and AIDS techniques individually.Doctor of Philosophy
22
Wang, Xinmu. "HARDWARE TROJAN ATTACKS: THREAT ANALYSIS AND LOW-COST COUNTERMEASURES THROUGH GOLDEN-FREE DETECTION AND SECURE DESIGN." Case Western Reserve University School of Graduate Studies / OhioLINK, 2014. http://rave.ohiolink.edu/etdc/view?acc_num=case1378489509.
23
Munir, Rashid. "A Quantitative Security Assessment of Modern Cyber Attacks. A Framework for Quantifying Enterprise Security Risk Level Through System's Vulnerability Analysis by Detecting Known and Unknown Threats." Thesis, University of Bradford, 2014. http://hdl.handle.net/10454/14251.
Анотація:
Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically.
24
Pagna, Disso Jules F. "A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment." Thesis, University of Bradford, 2010. http://hdl.handle.net/10454/5248.
Анотація:
Recent research has indicated that although security systems are developing,
illegal intrusion to computers is on the rise. The research conducted here
illustrates that improving intrusion detection and prevention methods is
fundamental for improving the overall security of systems.
This research includes the design of a novel Intrusion Detection System (IDS)
which identifies four levels of visibility of attacks. Two major areas of security
concern were identified: speed and volume of attacks; and complexity of
multistage attacks. Hence, the Multistage Intrusion Detection and Prevention
System (MIDaPS) that is designed here is made of two fundamental elements:
a multistage attack engine that heavily depends on attack trees and a Denial of
Service Engine. MIDaPS were tested and found to improve current intrusion
detection and processing performances.
After an intensive literature review, over 25 GB of data was collected on
honeynets. This was then used to analyse the complexity of attacks in a series
of experiments. Statistical and analytic methods were used to design the novel
MIDaPS.
Key findings indicate that an attack needs to be protected at 4 different levels.
Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use
legitimate actions, MIDaPS uses a novel approach of attack trees to trace the
attacker¿s actions. MIDaPS was tested and results suggest an improvement to
current system performance by 84% whilst detecting DDOS attacks within 10
minutes.
25
Aparicio-Navarro, Francisco J. "Using metrics from multiple layers to detect attacks in wireless networks." Thesis, Loughborough University, 2014. https://dspace.lboro.ac.uk/2134/16309.
Анотація:
The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place. The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack.
26
Pagna, Disso Jules Ferdinand. "A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment." Thesis, University of Bradford, 2010. http://hdl.handle.net/10454/5248.
Анотація:
Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes.
27
Kalogiannis, Konstantinos. "Investigating Attacks on Vehicular Platooning and Cooperative Adaptive Cruise Control." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-292951.
Анотація:
Autonomous vehicles are a rising technology that aims to change the way people think about mobility in the future. A crucial step towards that goal is the assurance that malicious actors cannot instigate accidents that could lead to damages or loss of life. Currently, vehicle platoons, that is vehicles cooperating together to increase fuel saving and driver comfort, are used in limited environments and are the focus of research aimed to make them suitable for real-world wide usage. In that regard, guaranteeing that the vehicle is able to operate alongside other entities, autonomous or not, in the traditional sense is not adequate. The computer systems involved can be the target or the source of a malicious act without the knowledge of the operator in either case. In the context of platooning, these acts can have devastating effects and can originate either from other vehicles on the road or from within, from compromised vehicles that are part of the formation. In this thesis, the focus is centered around the latter. We investigate jamming and data falsification attacks that aim to either destabilize the platoon, thus, reducing its benefits or provoke an accident. These attacks are more difficult to discern and will range from simple falsification attacks to more complex ones that aim to bypass defensive mechanisms. In that sense, we direct our experiments against the platoon maneuvers that are a core functionality of platooning and are required for its nominal operation. The results of this analysis show that several attacks can lead to accidents with position falsification being the most productive. It is also demonstrated that a malicious leader can pose a serious threat to the viability of the platoon because of his unique capability of interacting with all the platoon members. Attacks during the platoon maneuvers are demonstrated to pose a threat, not only to the stability of the formation but also the nature of the platooning application itself. This is achieved by effectively isolating the platoon from potential joiners.Självkörande fordon är en framväxande teknologi med mål att ändra människors framtida inställning till mobilitet. Ett kritiskt steg mot målet är att försäkra sig om att aktörer med ont uppsåt inte kan orsaka olyckor som kan leda till skador eller dödsfall. För närvarande används fordonståg, alltså fordon som samarbetar för att minska bränsleförbrukning och öka körkomfort, i avgränsade miljöer med fokus på att anpassa dessa för verklig användning. Att garantera att fordonet kan köras tillsammans med andra enheter är då inte tillräckligt eftersom dessa system kan bli mål för externa och interna attacker som kan ha förödande konsekvenser. Denna uppsats fokuserar på det senare fallet och undersöker interna datafalsifierings- och frekvensstörningsattacker avsedda att destabilisera fordonståg i syfte att minska deras fördelar eller provocera fram en olycka. Dessa attacker är svåra att urskilja och inkluderar allt från enkla falsifikationsattacker till komplexa attacker som syftar till att kringgå specifika försvarsmekanismer. Med det i åtanke inriktar vi våra experiment mot de manövrar som är en del av fordonstågens grundfunktionalitet och krävs för deras nominella drift. Resultaten av arbetet visar att under fordonstågmanövrar så kan flertalet av de utvärderade attackerna orsaka olyckor och att attacker genom förfalskning av position var speciellt förödande. Vi har även påvisat att en fordonstågsledare med ont uppsåt utgör ett speciellt allvarligt hot mot fordonstågets funktionalitet på grund av dennes unika möjlighet att interagera med alla medlemmar. Attacker under manövrar har visats utgöra ett hot, inte bara mot stabiliteten av formationen, men även mot de grundläggande egenskaperna hos systemet själv såsom att isolera fordonståget från nya medlemmar.
28
Likarish, Peter F. "Early detection of malicious web content with applied machine learning." Diss., University of Iowa, 2011. https://ir.uiowa.edu/etd/4871.
Анотація:
This thesis explores the use of applied machine learning techniques to augment traditional methods of identifying and preventing web-based attacks. Several factors complicate the identification of web-based attacks. The first is the scale of the web. The amount of data on the web and the heterogeneous nature of this data complicate efforts to distinguish between benign sites and attack sites. Second, an attacker may duplicate their attack at multiple, unexpected locations (multiple URLs spread across different domains) with ease. Third, attacks can be hosted nearly anonymously; there is little cost or risk associated with hosting or publishing a web-based attack. In combination, these factors lead one to conclude that, currently, the webs threat landscape is unfavorably tilted towards the attacker.
To counter these advantages this thesis describes our novel solutions to web se- curity problems. The common theme running through our work is the demonstration that we can detect attacks missed by other security tools as well as detecting attacks sooner than other security responses. To illustrate this, we describe the development of BayeShield, a browser-based tool capable of successfully identifying phishing at- tacks in the wild. Progressing from specific to a more general approach, we next focus on the detection of obfuscated scripts (one of the most commonly used tools in web-based attacks). Finally, we present TopSpector, a system we've designed to forecast malicious activity prior to it's occurrence. We demonstrate that by mining Top-Level DNS data we can produce a candidate set of domains that contains up to 65% of domains that will be blacklisted. Furthermore, on average TopSpector flags malicious domains 32 days before they are blacklisted, allowing the security community ample time to investigate these domains before they host malicious activity.
29
Öberg, Fredrik. "Investigation on how presentation attack detection can be used to increase security for face recognition as biometric identification : Improvements on traditional locking system." Thesis, Mittuniversitetet, Institutionen för informationssystem och –teknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-42294.
Анотація:
Biometric identification has already been applied to society today, as today’s mobile phones use fingerprints and other methods like iris and the face itself. With growth for technologies like computer vision, the Internet of Things, Artificial Intelligence, The use of face recognition as a biometric identification on ordinary doors has become increasingly common. This thesis studies is looking into the possibility of replacing regular door locks with face recognition or supplement the locks to increase security by using a pre-trained state-of-the-art face recognition method based on a convolution neural network. A subsequent investigation concluded that a networks based face recognition are is highly vulnerable to attacks in the form of presentation attacks. This study investigates protection mechanisms against these forms of attack by developing a presentation attack detection and analyzing its performance. The obtained results from the proof of concept showed that local binary patterns histograms as a presentation attack detection could help the state of art face recognition to avoid attacks up to 88\% of the attacks the convolution neural network approved without the presentation attack detection. However, to replace traditional locks, more work must be done to detect more attacks in form of both higher percentage of attacks blocked by the system and the types of attack that can be done. Nevertheless, as a supplement face recognition represents a promising technology to supplement traditional door locks, enchaining their security by complementing the authorization with biometric authentication. So the main contributions is that by using simple older methods LBPH can help modern state of the art face regognition to detect presentation attacks according to the results of the tests. This study also worked to adapt this PAD to be suitable for low end edge devices to be able to adapt in an environment where modern solutions are used, which LBPH have.
30
Fredriksson, Tony, and Niklas Ljungberg. "Security in low power wireless networks : Evaluating and mitigating routing attacks in a reactive, on demand ad-hoc routing protocol." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-145362.
Анотація:
Using low energy devices to communicate over the air presents many challenges to reach security as resources in the world of Internet Of Things (IoT) are limited. Any extra overhead of computing or radio transmissions that extra security might add affects cost of both increased computing time and energy consumption which are all scarce resources in IoT. This thesis details the current state of security mechanisms built into the commercially available protocol stacks Zigbee, Z-wave, and Bluetooth Low Energy, and collects implemented and proposed solutions to common ways of attacking systems built on these protocol stacks. Attacks evaluated are denial of service/sleep, man-in-the-middle, replay, eavesdropping, and in mesh networks, sinkhole, black hole, selective forwarding, sybil, wormhole, and hello flood. An intrusion detection system is proposed to detect sinkhole, selective forwarding, and sybil attacks in the routing protocol present in the communication stack Rime implemented in the operating system Contiki. The Sinkhole and Selective forwarding mitigation works close to perfection in larger lossless networks but suffers an increase in false positives in lossy environments. The Sybil Detection is based on Received Signal Strength and strengthens the blacklist used in the sinkhole and selective forwarding detection, as a node changing its ID to avoid the blacklist will be detected as in the same geographical position as the blacklisted node.
31
Klas, Juliana. "Advanced applications for state estimators in smart grids : identification, detection and correction of simultaneous measurement, parameter and topology cyber-attacks." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2018. http://hdl.handle.net/10183/185233.
Анотація:
Growing demand and concern over climate change are key drivers for renewable sources of electricity and grid modernization. Grid modernization, or the so called smart grid, not only enables renewable sources but also opens the door to new applications with far-reaching impacts such as preventing or restoring outages (self-healing capabilities), and enabling consumers to have greater control over their electricity consumption and to actively participate in the electricity market. According to the Electric Power Research Institute (EPRI), one of the biggest challenges facing smart grid deployment is related to the cyber security of the systems. The current cyber-security landscape is characterized by rapidly evolving threats and vulnerabilities that pose challenges for the reliability, security, and resilience of the electricity sector. Power system state estimators (PSSE) are critical tools for grid reliability, under a system observable scenario, they allow power flow optimization and detection of incorrect data. In this work cyber-attacks are modeled as malicious data injections on system measurements, parameters and topology. The contributions of this work are twofold. First, a model for cyber-attack as a false data injection detection and identification is presented. The presented model considers the minimization of the composed measurement error while applying the Lagrangian relaxation. The presented contribution, enables false data injection attacks detection even if this belongs to the subspace spanned by the columns of the Jacobian matrix and in network areas with low measurement redundancy Second, state-of-the-art solutions consider correction of parameters or topology when measurements are free of error. However, how may one correct measurements if parameters or topology might be simultaneously in error? To solve this problem, a relaxed model is presented and solved iteratively in a continuous manner. Once identified and detected, cyber-attacks in parameters, topology and measurements are corrected. The proposed solution is based on a Taylor series relaxed, composed normalized error (CNE) hybrid approach with Lagrange multipliers. Validation is made on the IEEE-14 and IEEE-57 bus systems. Comparative results highlight the proposed methodology’s contribution to the current state-of-the-art research on this subject. Providing mitigation, response and system recovery capabilities to the state estimator with reduced computational burden, the proposed model and methodology have strong potential to be integrated into SCADA state estimators for real-world applications.O aumento da demanda e a preocupação com as mudanças climáticas são importantes motivadores para as fontes de energia renováveis e a modernização da rede elétrica. A modernização da rede elétrica inteligentes (REI) ou smart grid, não somente possibilita as fontes de energia renováveis mas também abre portas à novas aplicações de grande impacto como a prevenção e restauração automática de falhas e a possibilidade dos consumidores terem grande controle sobre o consumo de eletricidade e atuação participativa no mercado de energia. De acordo com o Instituto Norte Americano de Pesquisas do Setor Elétrico, um dos principais desafios a ser enfrentado no desenvolvimento das REIs é relacionado a segurança cibernética dos sistemas. O cenário da segurança cibernética atual é caracterizado pela rápida evolução dos riscos e vulnerabilidades que impõe desafios para a confiabilidade, segurança e resiliência do setor elétrico. Neste contexto, estimadores de estado do sistema de potência são ferramentas críticas para a confiabilidade da rede, sob um cenário de observabilidade do sistema eles possibilitam o fluxo de potência do sistema e a análise de dados incorretos. Neste trabalho, ataques cibernéticos são modelados como injeção de dados incorretos em medidas, parâmetros e topologia do sistema. A metodologia proposta possibilita detecção de ataques mesmo se eles pertencerem ao subespaço ortogonal formado pelas colunas da matriz Jacobiana e em áreas do sistema com reduzida redundância de medidas. A solução proposta pelo estado da arte considera correções em parâmetros ou topologia quando medidas estão livres de erros. Porém, como pode-se corrigir medidas se parâmetros ou a topologia estão simultaneamente com erros? Para resolver este problema um modelo relaxado é proposto e resolvido iterativamente. Assim que detectado e identificado, ataques cibernéticos em parâmetros, topologia e/ou medidas são corrigidos. As contribuições específicas do trabalho são: cálculo do desvio padrão para pseudomedidas (iguais à zero) e medidas de baixa magnitude baseado em medidas correlatas e propriedades da covariância; modelo baseado em relaxação lagrangiana e erro composto de medida para identificação e detecção de ataques cibernéticos; estratégia hibrida de relaxamento iterativo (EHRI) para correção de ataque cibernético em parâmetros da rede de modo contínuo e com reduzido esforço computacional e metodologia baseada em ciclo holístico de resiliência para estimadores de estado sob ataques cibernéticos simultâneos em parâmetros, topologia e medidas. A validação é feita através dos sistemas de teste do IEEE de 14 e 57 barras, testes comparativos elucidam as contribuições da metodologia proposta ao estado da arte nesta área de pesquisa. Trazendo as capacidades de mitigação, resposta e recuperação ao estimador de estado com esforço computacional reduzido, o modelo e metodologia propostos tem grande potencial de ser integrado em SCADAs para aplicação em casos reais.
32
Alkadi, Alaa. "Anomaly Detection in RFID Networks." UNF Digital Commons, 2017. https://digitalcommons.unf.edu/etd/768.
Анотація:
Available security standards for RFID networks (e.g. ISO/IEC 29167) are designed to secure individual tag-reader sessions and do not protect against active attacks that could also compromise the system as a whole (e.g. tag cloning or replay attacks). Proper traffic characterization models of the communication within an RFID network can lead to better understanding of operation under “normal” system state conditions and can consequently help identify security breaches not addressed by current standards. This study of RFID traffic characterization considers two piecewise-constant data smoothing techniques, namely Bayesian blocks and Knuth’s algorithms, over time-tagged events and compares them in the context of rate-based anomaly detection.
This was accomplished using data from experimental RFID readings and comparing (1) the event counts versus time if using the smoothed curves versus empirical histograms of the raw data and (2) the threshold-dependent alert-rates based on inter-arrival times obtained if using the smoothed curves versus that of the raw data itself. Results indicate that both algorithms adequately model RFID traffic in which inter-event time statistics are stationary but that Bayesian blocks become superior for traffic in which such statistics experience abrupt changes.
33
Chuku, Ejike E. "Security and Performance Engineering of Scalable Cognitive Radio Networks. Sensing, Performance and Security Modelling and Analysis of ’Optimal’ Trade-offs for Detection of Attacks and Congestion Control in Scalable Cognitive Radio Networks." Thesis, University of Bradford, 2019. http://hdl.handle.net/10454/18448.
Анотація:
A Cognitive Radio Network (CRN) is a technology that allows unlicensed users to utilise licensed spectrum by detecting an idle band through sensing. How- ever, most research studies on CRNs have been carried out without considering the impact of sensing on the performance and security of CRNs. Sensing is essential for secondary users (SUs) to get hold of free band without interfering with the signal generated by primary users (PUs). However, excessive sensing time for the detection of free spectrum for SUs as well as extended periods of CRNs in an insecure state have adverse effects on network performance. Moreover, a CRN is very vulnerable to attacks as a result of its wireless nature and other unique characteristics such as spectrum sensing and sharing. These attacks may attempt to eavesdrop or modify the contents of packets being transmitted and they could also deny legitimate users the opportunity to use the band, leading to underutilization of the spectrum space. In this context, it is often challenging to differentiate between networks under Denial of Service (DoS) attacks from those networks experiencing congestion. This thesis employs a novel Stochastic Activity Network (SAN) model as an effective analytic tool to represent and study sensing vs performance vs security trade-offs in CRNs. Specifically, an investigation is carried out focusing on sensing vs security vs performance trade-offs, leading to the optimization of the spectrum band’s usage. Moreover, consideration is given either when a CRN experiencing congestion and or it is under attack. Consequently, the data delivery ratio (PDR) is employed to determine if the network is under DoS attack or experiencing congestion. In this context, packet loss probability, queue length and throughput of the transmitter are often used to measure the PDR with reference to interarrival times of PUs. Furthermore, this thesis takes into consideration the impact of scalability on the performance of the CRN. Due to the unpredictable nature of PUsactivities on the spectrum, it is imperative for SUs to swiftly utilize the band as soon as it becomes available. Unfortunately, the CRN models proposed in literature are static and unable to respond effectively to changes in service demands. To this end, a numerical simulation experiment is carried out to determine the impact of scalability towards the enhancement of nodal CRN sensing, security and performance. Atthe instant the band becomes idle and there are requests by SUs waiting for encryption and transmission, additional resources are dynamically released in order to largely utilize the spectrum space before the reappearance of PUs. These additional resources make the same service provision, such as encryption and intrusion detection, as the initial resources. To this end,SAN model is proposed in order to investigate the impact of scalability on the performance of CRN. Typical numerical simulation experiments are carried out, based on the application of the Mobius Petri Net Package to determine the performance of scalable CRNs (SCRNs) in comparison with unscalable CRNs (UCRNs) and associated interpretations are made.
34
Srivastava, Abhinav. "Robust and secure monitoring and attribution of malicious behaviors." Diss., Georgia Institute of Technology, 2011. http://hdl.handle.net/1853/41161.
Анотація:
Worldwide computer systems continue to execute malicious software that degrades the systemsâ performance and consumes network capacity by generating high volumes of unwanted traffic. Network-based detectors can effectively identify machines participating in the ongoing attacks by monitoring the traffic to and from the systems. But, network detection alone is not enough; it does not improve the operation of the Internet or the health of other machines connected to the network. We must identify malicious code running on infected systems, participating in global attack networks.
This dissertation describes a robust and secure approach that identifies malware present on infected systems based on its undesirable use of network. Our approach, using virtualization, attributes malicious traffic to host-level processes responsible for the traffic. The attribution identifies on-host processes, but malware instances often exhibit parasitic behaviors to subvert the execution of benign processes.
We then augment the attribution software with a host-level monitor that detects parasitic behaviors occurring at the user- and kernel-level. User-level parasitic attack detection happens via the system-call interface because it is a non-bypassable interface for user-level processes. Due to the unavailability of one such interface inside the kernel for drivers, we create a new driver monitoring interface inside the kernel to detect parasitic attacks occurring through this interface.
Our attribution software relies on a guest kernelâ s data to identify on-host processes. To allow secure attribution, we prevent illegal modifications of critical kernel data from kernel-level malware. Together, our contributions produce a unified research outcome --an improved malicious code identification system for user- and kernel-level malware.
35
Picot, Marine. "Protecting Deep Learning Systems Against Attack : Enhancing Adversarial Robustness and Detection." Electronic Thesis or Diss., université Paris-Saclay, 2023. http://www.theses.fr/2023UPASG017.
Анотація:
Au cours de la dernière décennie, l'apprentissage profond a été à l'origine de percées dans de nombreux domaines différents, tels que le traitement du langage naturel, la vision par ordinateur et la reconnaissance vocale. Cependant, il est désormais connu que les modèles basés sur l'apprentissage profond sont extrêmement sensibles aux perturbations, en particulier lorsque la perturbation est bien conçue et générée par un agent malveillant. Cette faiblesse des réseaux neuronaux profonds tend à empêcher leur utilisation dans des applications critiques, où des informations sensibles sont disponibles, ou lorsque le système interagit directement avec la vie quotidienne des gens. Dans cette thèse, nous nous concentrons sur la protection des réseaux neuronaux profonds contre les agents malveillants de deux manières principales. La première méthode vise à protéger un modèle des attaques en augmentant sa robustesse, c'est-à-dire la capacité du modèle à prédire la bonne classe même en cas d'attaques. Nous observons que la sortie d'un réseau neuronal profond forme une variété statistique et que la décision est prise sur cette variété. Nous exploitons cette connaissance en utilisant la mesure de Fisher-Rao, qui calcule la distance géodésique entre deux distributions de probabilité sur la variété statistique auquel elles appartiennent. Nous utilisons la mesure de Fisher-Rao pour régulariser la fonction coût utilisée lors de l'apprentissage et augmenter la robustesse du modèle. Nous adaptons ensuite cette méthode à une autre application critique : les réseaux intelligents (Smart Grids), qui, en raison de divers besoins de la surveillance et de service, reposent sur des composants cybernétiques, tels qu'un estimateur d'état, ce qui les rend sensibles aux attaques. Nous construisons donc des estimateurs d'état robustes en utilisant des autoencodeurs variationnels et l'extension de notre méthode proposée au cas de la régression. La deuxième méthode sur laquelle nous nous concentrons et qui vise à protéger les modèles basés sur l'apprentissage profond est la détection d'échantillons adverses. En ajoutant un détecteur au modèle, il est possible d'augmenter la fiabilité des décisions prises par les réseaux neuronaux profonds. De multiples méthodes de détection sont disponibles aujourd'hui, mais elles reposent souvent sur un entraînement lourd et des heuristiques ad-hoc. Dans notre travail, nous utilisons des outils statistiques simples appelés les profondeurs de données (data-depth) pour construire des méthodes de détection efficaces supervisées (c'est-à-dire que les attaques sont fournies pendant l'entraînement du détecteur) et non supervisées (c'est-à-dire que l'entraînement ne peut s'appuyer que sur des échantillons propres)Over the last decade, Deep Learning has been the source of breakthroughs in many different fields, such as Natural Language Processing, Computer Vision, and Speech Recognition. However, Deep Learning-based models have now been recognized to be extremely sensitive to perturbations, especially when the perturbation is well-designed and generated by a malicious agent. This weakness of Deep Neural Networks tends to prevent their use in critical applications, where sensitive information is available, or when the system interacts directly with people's everyday life. In this thesis, we focus on protecting Deep Neural Networks against malicious agents in two main ways. The first method aims at protecting a model from attacks by increasing its robustness, i.e., the ability of the model to predict the right class even under threats. We observe that the output of a Deep Neural Network forms a statistical manifold and that the decision is taken on this manifold. We leverage this knowledge by using the Fisher-Rao measure, which computes the geodesic distance between two probability distributions on the statistical manifold to which they belong. We exploit the Fisher-Rao measure to regularize the training loss to increase the model robustness. We then adapt this method to another critical application: the Smart Grids, which, due to monitoring and various service needs, rely on cyber components, such as a state estimator, making them sensitive to attacks. We, therefore, build robust state estimators using Variational AutoEncoders and the extension of our proposed method to the regression case. The second method we focus on that intends to protect Deep-Learning-based models is the detection of adversarial samples. By augmenting the model with a detector, it is possible to increase the reliability of decisions made by Deep Neural Networks. Multiple detection methods are available nowadays but often rely on heavy training and ad-hoc heuristics. In our work, we make use of a simple statistical tool called the data-depth to build efficient supervised (i.e., attacks are provided during training) and unsupervised (i.e., training can only rely on clean samples) detection methods
36
Ovšonka, Daniel. "Obfuskace síťového provozu pro zabránění jeho detekce pomocí IDS." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236209.
Анотація:
This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.
37
Amari, Houda. "Smart models for security enhancement in the internet of vehicles." Electronic Thesis or Diss., Normandie, 2023. http://www.theses.fr/2023NORMC248.
Анотація:
Avec les progrès réalisés au cours de la dernière décennie dans les Systèmes de Transport Intelligents (STI), les progrès technologiques dans le domaine véhciculaire à connu une évolution qui a donné naissance au paradigme prometteur de l'Internet des véhicules (IoV), attirant l'attention de nombreux chercheurs et inudstriels. Il est à noter que l'Internet des véhicules (IoV) vise à améliorer l'efficacité des transports, la sécurité et le confort des passagers en échangeant des informations sur la circulation et l'infodivertissement avec des véhicules connectés. La multitude de technologies d'accès aux réseaux, la mobilité exceptionnellement élevée des véhicules connectés et leur forte densité en zone urbaine, ainsi que la prédominance des communications sans fil font de l'écosystème IoV un réseau complexe, vulnérable et hétérogène aux caractéristiques très dynamiques de l'environnement véhiculaire. De nombreuses entités composent son architecture (véhicules connectés, humains, unités routières. De plus, les réseaux véhiculaires présentent différents types de communication pour confirmer sa connectivité et sa continuité. En conséquence, de nombreux messages critiques pour la sécurité à faible latence sont générés et échangés au sein du réseau. Cependant, cette diversité conduit à de nouvelles exigences de sécurité qui semblent difficiles à prendre en compte et à élargir la surface d'attaque de tels réseaux. Par conséquent, la diffusion de messages/entités malveillants au sein de l'IoV réduit considérablement les performances du réseau et devient une menace pour les passagers et les piétons vulnérables. En conséquence, des mécanismes de sécurité devraient être envisagés pour sécuriser les communications dans l'IoV. Cette thèse vise à proposer de nouveaux modèles pour améliorer les aspects de sécurité de l'écosystème IoV face à diverses attaques, y compris les attaques DDoS, tout en préservant la confidentialité des utilisateursWith the major progress in Intelligent Transportation Systems (ITS), there has been an exponential interest in technological advancements of Internet of Vehicles (IoV), attracting the attention of numerous researchers from academia and industry. IoV technology aims to enhance transport efficiency, passenger safety, and comfort by exchanging traffic and infotainment information to connected vehicles. The multitude of network access technologies, the exceptionally high mobility of connected vehicles and their high density in urban areas, and the predominance of wireless communications make the IoV ecosystem a complex, vulnerable and heterogeneous network with very dynamic characteristics, some of which are difficult to predict and subject to scalability and threats problems. Many entities compose its architecture (connected vehicles, humans, roadside units (RSUs), ITS). Moreover, it presents different communication types to confirm its connectivity and vulnerability. However, this diversity leads to new security requirements that seem challenging to consider and enlarge the attack surface of such networks. Therefore, disseminating malicious messages/entities within the network significantly reduces the network performance and becomes a threat to passengers and vulnerable pedestrians. Accordingly, security mechanisms should be considered to secure communications in vehicular networks. This thesis aims to develop novel models to enhance the security aspects of the IoV ecosystem dealing with diverse attacks, including DDoS attacks, while preserving users' privacy
38
Thames, John Lane. "Advancing cyber security with a semantic path merger packet classification algorithm." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/45872.
Анотація:
This dissertation investigates and introduces novel algorithms, theories, and supporting frameworks to significantly improve the growing problem of Internet security. A distributed firewall and active response architecture is introduced that enables any device within a cyber environment to participate in the active discovery and response of cyber attacks. A theory of semantic association systems is developed for the general problem of knowledge discovery in data. The theory of semantic association systems forms the basis of a novel semantic path merger packet classification algorithm. The theoretical aspects of the semantic path merger packet classification algorithm are investigated, and the algorithm's hardware-based implementation is evaluated along with comparative analysis versus content addressable memory. Experimental results show that the hardware implementation of the semantic path merger algorithm significantly outperforms content addressable memory in terms of energy consumption and operational timing.
39
Jacko, Michal. "Metody klasifikace síťového provozu." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2017. http://www.nusl.cz/ntk/nusl-363885.
Анотація:
This paper deals with a problem of detection of network traffic anomaly and classification of network flows. Based on existing methods, paper describes proposal and implementaion of a tool, which can automatically classify network flows. The tool uses CUDA platform for network data processing and computation of network flow metrics using graphics processing unit. Processed flows are subsequently classified by proposed methods for network anomaly detection.
40
Dvorský, Radovan. "Detekce útoků na WiFi sítě pomocí získávaní znalostí." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2014. http://www.nusl.cz/ntk/nusl-236114.
Анотація:
Widespread use of wireless networks has made security a serious issue. This thesis proposes misuse based intrusion detection system for wireless networks, which applies artificial neural network to captured frames for purpose of anomalous patterns recognition. To address the problem of high positive alarm rate, this thesis presents a method of applying two artificial neural networks.
41
Izagirre, Mikel. "Deception strategies for web application security: application-layer approaches and a testing platform." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-64419.
Анотація:
The popularity of the internet has made the use of web applications ubiquitous and essential to the daily lives of people, businesses and governments. Web servers and web applications are commonly used to handle tasks and data that can be critical and highly valuable, making them a very attractive target for attackers and a vector for successful attacks that are aimed at the application layer. Existing misuse and anomaly-based detection and prevention techniques fail to cope with the volume and sophistication of new attacks that are continuously appearing, which suggests that there is a need to provide new additional layers of protection. This work aims to design a new layer of defense based on deception that is employed in the context of web application-layer traffic with the purpose of detecting and preventing attacks. The proposed design is composed of five deception strategies: Deceptive Comments, Deceptive Request Parameters, Deceptive Session Cookies, Deceptive Status Codes and Deceptive JavaScript. The strategies were implemented as a software artifact and their performance evaluated in a testing environment using a custom test script, the OWASP ZAP penetration testing tool and two vulnerable web applications. Deceptive Parameter strategy obtained the best security performance results, followed by Deceptive Comments and Deceptive Status Codes. Deceptive Cookies and Deceptive JavaScript got the poorest security performance results since OWASP ZAP was unable to detect and use deceptive elements generated by these strategies. Operational performance results showed that the deception artifact could successfully be implemented and integrated with existing web applications without changing their source code and adding a low operational overhead.
42
Mouton, Francois. "Digital forensic readiness for wireless sensor network environments." Diss., University of Pretoria, 2012. http://hdl.handle.net/2263/24955.
Анотація:
The new and upcoming field of wireless sensor networking is unfortunately still lacking in terms of both digital forensics and security. All communications between different nodes (also known as motes) are sent out in a broadcast fashion. These broadcasts make it quite difficult to capture data packets forensically and, at the same time, retain their integrity and authenticity. The study presents several attacks that can be executed successfully on a wireless sensor network, after which the dissertation delves more deeply into the flooding attack as it is one of the most difficult attacks to address in wireless sensor networks. Furthermore, a set of factors is presented to take into account while attempting to achieve digital forensic readiness in wireless sensor networks. The set of factors is subsequently discussed critically and a model is proposed for implementing digital forensic readiness in a wireless sensor network. The proposed model is next transformed into a working prototype that is able to provide digital forensic readiness to a wireless sensor network. The main contribution of this research is the digital forensic readiness prototype that can be used to add a digital forensics layer to any existing wireless sensor network. The prototype ensures the integrity and authenticity of each of the data packets captured from the existing wireless sensor network by using the number of motes in the network that have seen a data packet to determine its integrity and authenticity in the network. The prototype also works on different types of wireless sensor networks that are in the frequency range of the network on which the prototype is implemented, and does not require any modifications to be made to the existing wireless sensor network. Flooding attacks pose a major problem in wireless sensor networks due to the broadcasting of communication between motes in wireless sensor networks. The prototype is able to address this problem by using a solution proposed in this dissertation to determine a sudden influx of data packets within a wireless sensor network. The prototype is able to detect flooding attacks while they are occurring and can therefore address the flooding attack immediately. Finally, this dissertation critically discusses the advantages of having such a digital forensic readiness system in place in a wireless sensor network environment. CopyrightDissertation (MSc)--University of Pretoria, 2012.
Computer Science
unrestricted
43
MOKALLED, HASSAN. "The importance to manage data protection in the right way: Problems and solutions." Doctoral thesis, Università degli studi di Genova, 2020. http://hdl.handle.net/11567/997252.
Анотація:
Information and communication technology (ICT) has made remarkable impact on the society, especially on companies and organizations. The use of computers, databases, servers, and other technologies has made an evolution on the way of storing, processing, and transferring data. However, companies access and share their data on internet or intranet, thus there is a critical need to protect this data from destructive forces and from the unwanted actions of unauthorized users. This thesis groups a set of solutions proposed, from a company point of view, to reach the goal of “Managing data protection”. The work presented in this thesis represents a set of security solutions, which focuses on the management of data protection taking into account both the organizational and technological side. The work achieved can be divided into set of goals that are obtained particularly from the needs of the research community. This thesis handles the issue of managing data protection in a systematic way, through proposing a Data protection management approach, aiming to protect the data from both the organizational and the technological side, which was inspired by the ISO 27001 requirements. An Information Security Management System (ISMS) is then presented implementing this approach, an ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives, The goal of ISMS is to minimize risk and ensure continuity by pro-actively limiting the impact of a security breach. To be well-prepared to the potential threats that could occur to an organization, it is important to adopt an ISMS that helps in managing the data protection process, and in saving time and effort, minimizes cost of any loss. After that, a comprehensive framework is designed for the security risk management of Cyber Physical Systems (CPSs), this framework represents the strategy used to manage the security risk management, and it falls inside the ISMS as a security strategy. Traditional IT risk assessment methods can do the job (security risk management for a CPS); however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method that addresses the type, functionalities and complexity of a CPS. Therefore, there is a critical need to follow a solution that breaks the restriction to a traditional risk assessment method, and so a high-level framework is proposed, it encompasses wider set of procedures and gives a great attention to the cybersecurity of these systems, which consequently leads to the safety of the physical world. In addition, inside the ISMS, another part of the work takes place, suggesting the guidelines to select an applicable Security Incident and Event Management (SIEM) solution. It also proposes an approach that aims to support companies seeking to adopt SIEM systems into their environments, suggesting suitable answers to preferred requirements that are believed to be valuable prerequisites a SIEM system should have; and to suggest criteria to judge SIEM systems using an evaluation process composed of quantitative and qualitative methods. This approach, unlike others, is customer driven which means that customer needs are taken into account when following the whole approach, specifically when defining the requirements and then evaluating the suppliers’ solutions. At the end, a research activity was carried out aiming classify web attacks on the network level, since any information about the attackers might be helpful and worth a lot to the cyber security analysts. And so, using network statistical fingerprints and machine learning techniques, a two-layers classification system is designed to detect the type of the web attack and the type of software used by the attackers.
44
Rmayti, Mohammad. "Misbehaviors detection schemes in mobile ad hoc networks." Thesis, Troyes, 2016. http://www.theses.fr/2016TROY0029/document.
Анотація:
Avec l’évolution des besoins d’utilisateurs, plusieurs technologies de réseaux sans fil ont été développées. Parmi ces technologies, nous trouvons les réseaux mobiles ad hoc (MANETs) qui ont été conçus pour assurer la communication dans le cas où le déploiement d’une infrastructure réseaux est coûteux ou inapproprié. Dans ces réseaux, le routage est une fonction primordiale où chaque entité mobile joue le rôle d’un routeur et participe activement dans le routage. Cependant, les protocoles de routage ad hoc tel qu’ils sont conçus manquent de contrôle de sécurité. Sur un chemin emprunté, un nœud malveillant peut violemment perturber le routage en bloquant le trafic. Dans cette thèse, nous proposons une solution de détection des nœuds malveillants dans un réseau MANET basée sur l’analyse comportementale à travers les filtres bayésiens et les chaînes de Markov. L’idée de notre solution est d’évaluer le comportement d’un nœud en fonction de ses échanges avec ses voisins d’une manière complètement décentralisée. Par ailleurs, un modèle stochastique est utilisé afin de prédire la nature de comportement d’un nœud et vérifier sa fiabilité avant d’emprunter un chemin. Notre solution a été validée via de nombreuses simulations sur le simulateur NS-2. Les résultats montrent que la solution proposée permet de détecter avec précision les nœuds malveillants et d’améliorer la qualité de services de réseaux MANETsWith the evolution of user requirements, many network technologies have been developed. Among these technologies, we find mobile ad hoc networks (MANETs) that were designed to ensure communication in situations where the deployment of a network infrastructure is expensive or inappropriate. In this type of networks, routing is an important function where each mobile entity acts as a router and actively participates in routing services. However, routing protocols are not designed with security in mind and often are very vulnerable to node misbehavior. A malicious node included in a route between communicating nodes may severely disrupt the routing services and block the network traffic. In this thesis, we propose a solution for detecting malicious nodes in MANETs through a behavior-based analysis and using Bayesian filters and Markov chains. The core idea of our solution is to evaluate the behavior of a node based on its interaction with its neighbors using a completely decentralized scheme. Moreover, a stochastic model is used to predict the nature of behavior of a node and verify its reliability prior to selecting a path. Our solution has been validated through extensive simulations using the NS-2 simulator. The results show that the proposed solution ensures an accurate detection of malicious nodes and improve the quality of routing services in MANETs
45
SILVA, Rayane Meneses da. "UMA ONTOLOGIA DE APLICAÇÃO PARA APOIO À TOMADA DE DECISÕES EM SITUAÇÕES DE AMEAÇA À SEGURANÇA DA INFORMAÇÃO." Universidade Federal do Maranhão, 2015. http://tedebc.ufma.br:8080/jspui/handle/tede/1885.
Анотація:
Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-31T14:44:32Z
No. of bitstreams: 1
Rayane.pdf: 4026589 bytes, checksum: 7e6066416420555456030ab6db3a1231 (MD5)Made available in DSpace on 2017-08-31T14:44:32Z (GMT). No. of bitstreams: 1 Rayane.pdf: 4026589 bytes, checksum: 7e6066416420555456030ab6db3a1231 (MD5) Previous issue date: 2015-06-24
Many security mechanisms, such as Intrusion Detection Systems (IDSs) have been developed to approach the problem of information security attacks but most of them are traditional information systems in which their threats repositories are not represented semantically. Ontologies are knowledge representation structures that enable semantic processing of information and the construction of knowledge-based systems, which provide greater effectiveness compared to traditional systems. This paper proposes an application ontology called “Application Ontology for the Development of Case-based Intrusion Detection Systems” that formally represents the concepts related to information security domain of intrusion detection systems and “Case Based Reasoning”. The “Case Based Reasoning” is an approach for problem solving in which you can reuse the knowledge of past experiences to solve new problems. The evaluation of the ontology was performed by the development of an Intrusion Detection System that can detect attacks on computer networks and recommend solutions to these attacks. The ontology was specified using the “Ontology Web Language” and the Protégé ontology editor and. It was also mapped to a cases base in Prolog using the “Thea” tool. The results have shown that the developed Intrusion Detection System presented a good effectiveness in detecting attacks that the proposed ontology conceptualizes adequately the domain concepts and tasks.
Muitos mecanismos de segurança, como os Sistemas de Detecção de Intrusão têm sido desenvolvidos para abordar o problema de ataques à Segurança da Informação. Porém, a maioria deles são sistemas de informação tradicionais nos quais seus repositórios de ameaças não são representados semanticamente. As ontologias são estruturas de representação do conhecimento que permitem o processamento semântico das informações bem como a construção dos sistemas baseados em conhecimento, os quais fornecem uma maior efetividade em relação aos sistemas tradicionais. Neste trabalho propõe-se uma ontologia de aplicação denominada “Application Ontology for the Development of Case-based Intrusion Detection Systems” que representa formalmente os conceitos relacionados ao domínio de Segurança da Informação, dos sistemas de detecção de intrusão e do “Case-Based Reasoning”. O “Case-Based Reasoning” é uma abordagem para resolução de problemas nos quais é possível reutilizar conhecimentos de experiências passadas para resolver novos problemas. A avaliação da ontologia foi realizada por meio do desenvolvimento de um Sistema de Detecção de Intrusão que permite detectar ataques a redes de computadores e recomendar soluções a esses ataques. A ontologia foi especificada na linguagem “Ontology Web Language” utilizando o editor de ontologias Protegé e, logo após, mapeada a uma base de casos em Prolog utilizando o ferramenta “Thea”. Os resultados mostraram que o Sistema de Detecção de Intrusão desenvolvido apresentou boa efetividade na detecção de ataques e portanto, conclui-se que a ontologia proposta conceitualiza de forma adequada os conceitos de domínio e tarefa abordados.
46
Shrivastwa, Ritu Ranjan. "Enhancements in Embedded Systems Security using Machine Learning." Electronic Thesis or Diss., Institut polytechnique de Paris, 2023. http://www.theses.fr/2023IPPAT051.
Анотація:
La liste des appareils connectés (ou IoT) s’allonge avec le temps, de même que leur vulnérabilité face aux attaques ciblées provenant du réseau ou de l’accès physique, communément appelées attaques Cyber Physique (CPS). Alors que les capteurs visant à détecter les attaques, et les techniques d’obscurcissement existent pour contrecarrer et améliorer la sécurité, il est possible de contourner ces contre-mesures avec des équipements et des méthodologies d’attaque sophistiqués, comme le montre la littérature récente. De plus, la conception des systèmes intégrés est soumise aux contraintes de complexité et évolutivité, ce qui rend difficile l’adjonction d’un mécanisme de détection complexe contre les attaques CPS. Une solution pour améliorer la sécurité est d’utiliser l’Intelligence Artificielle (IA) (au niveau logiciel et matériel) pour surveiller le comportement des données en interne à partir de divers capteurs. L’approche IA permettrait d’analyser le comportement général du système à l’aide des capteurs , afin de détecter toute activité aberrante, et de proposer une réaction appropriée en cas d’attaque. L’intelligence artificielle dans le domaine de la sécurité matérielle n’est pas encore très utilisée en raison du comportement probabiliste. Ce travail vise à établir une preuve de concept visant à montrer l’efficacité de l’IA en matière de sécurité.Une partie de l’étude consiste à comparer et choisir différentes techniques d’apprentissage automatique (Machine Learning ML) et leurs cas d’utilisation dans la sécurité matérielle. Plusieurs études de cas seront considérées pour analyser finement l’intérêt et de l’ IA sur les systèmes intégrés. Les applications seront notamment l’utilisation des PUF (Physically Unclonable Function), la fusion de capteurs, les attaques par canal caché (SCA), la détection de chevaux de Troie, l’intégrité du flux de contrôle, etcThe list of connected devices (or IoT) is growing longer with time and so is the intense vulnerability to security of the devices against targeted attacks originating from network or physical penetration, popularly known as Cyber Physical Security (CPS) attacks. While security sensors and obfuscation techniques exist to counteract and enhance security, it is possible to fool these classical security countermeasures with sophisticated attack equipment and methodologies as shown in recent literature. Additionally, end node embedded systems design is bound by area and is required to be scalable, thus, making it difficult to adjoin complex sensing mechanism against cyberphysical attacks. The solution may lie in Artificial Intelligence (AI) security core (soft or hard) to monitor data behaviour internally from various components. Additionally the AI core can monitor the overall device behaviour, including attached sensors, to detect any outlier activity and provide a smart sensing approach to attacks. AI in hardware security domain is still not widely acceptable due to the probabilistic behaviour of the advanced deep learning techniques, there have been works showing practical implementations for the same. This work is targeted to establish a proof of concept and build trust of AI in security by detailed analysis of different Machine Learning (ML) techniques and their use cases in hardware security followed by a series of case studies to provide practical framework and guidelines to use AI in various embedded security fronts. Applications can be in PUFpredictability assessment, sensor fusion, Side Channel Attacks (SCA), Hardware Trojan detection, Control flow integrity, Adversarial AI, etc
47
Hoad, Richard. "The utility of electromagnetic attack detection to information security." Thesis, University of South Wales, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.521628.
Анотація:
Electromagnetic (EM) threats are a specialised subset of offensive threats to the confidentiality, integrity, and availability of information and to information security (INFOSEC) in general. Two broad classifications of threat types; EM interceptors (interception of compromising Radio Frequency (RF) emissions) and EM disruptors (The use of high power RF to disrupt electronics) have been considered and the technical aspects of these threats have been assessed. The technical complexity amongst other factors required to mount an EM interceptor based attack has been shown by analysis to be significant. The hypothesis of this thesis has therefore been focussed on the development of detection and diagnostic concepts analogous to those used to defend against conventional cyber or Computer Network Attack (CNA) threats for EM disruptive attacks. EM Disruptors which have been the focus of this study are likely to have a large impact on the availability of information systems but it has been shown that the effectiveness of the threat and therefore the risk posed to INFOSEC is extremely difficult to quantify. Nonetheless, it has also been shown through analysis and discussion that the `Low Tech' perpetrator (well funded amateur) would be likely to be capable of building an effective EM disruption system. Whilst effective countermeasures for EM disruptors exist it is suggested that it is difficult for INFOSEC professionals to recommend their installation for risk mitigation because the risk is poorly quantified. A series of rigorous EM susceptibility experiments were conducted on computer systems to identify susceptibility trends and to assist with understanding the risk. A prototype Electromagnetic Disruption Detection System (EMDDS) has also been designed and developed. This detector uses similar principles to cyber type Intrusion Detection Systems (IDS) and should therefore be understandable to non EM specialists. It has been shown that the EMDDS system can be used for responding to incidents and as part of a forensic evidence gathering process. The results of this thesis have supported the hypothesis.
48
Siddiqui, Abdul Jabbar. "Securing Connected and Automated Surveillance Systems Against Network Intrusions and Adversarial Attacks." Thesis, Université d'Ottawa / University of Ottawa, 2021. http://hdl.handle.net/10393/42345.
Анотація:
In the recent years, connected surveillance systems have been witnessing an unprecedented
evolution owing to the advancements in internet of things and deep learning technologies. However,
vulnerabilities to various kinds of attacks both at the cyber network-level and at the physical worldlevel are also rising. This poses danger not only to the devices but also to human life and property. The goal of this thesis is to enhance the security of an internet of things, focusing on connected video-based surveillance systems, by proposing multiple novel solutions to address security issues at the cyber network-level and to defend such systems at the physical world-level.
In order to enhance security at the cyber network-level, this thesis designs and develops solutions to detect network intrusions in an internet of things such as surveillance cameras. The first solution is a novel method for network flow features transformation, named TempoCode. It introduces a temporal codebook-based encoding of flow features based on capturing the key patterns of benign traffic in a learnt temporal codebook. The second solution takes an unsupervised learning-based approach and proposes four methods to build efficient and adaptive ensembles of neural networks-based autoencoders for intrusion detection in internet of things such as surveillance cameras.
To address the physical world-level attacks, this thesis studies, for the first time to the best of
our knowledge, adversarial patches-based attacks against a convolutional neural network (CNN)-
based surveillance system designed for vehicle make and model recognition (VMMR). The connected video-based surveillance systems that are based on deep learning models such as CNNs
are highly vulnerable to adversarial machine learning-based attacks that could trick and fool the
surveillance systems. In addition, this thesis proposes and evaluates a lightweight defense solution
called SIHFR to mitigate the impact of such adversarial-patches on CNN-based VMMR systems,
leveraging the symmetry in vehicles’ face images.
The experimental evaluations on recent realistic intrusion detection datasets prove the effectiveness of the developed solutions, in comparison to state-of-the-art, in detecting intrusions of various
types and for different devices. Moreover, using a real-world surveillance dataset, we demonstrate
the effectiveness of the SIHFR defense method which does not require re-training of the target
VMMR model and adds only a minimal overhead. The solutions designed and developed in this
thesis shall pave the way forward for future studies to develop efficient intrusion detection systems
and adversarial attacks mitigation methods for connected surveillance systems such as VMMR.
49
Onwubiko, Cyril. "A security framework for detecting enterprise-wide attacks in computer networks." Thesis, Kingston University, 2008. http://eprints.kingston.ac.uk/20301/.
Анотація:
An integrated security framework is proposed for detecting enterprise-wide network attacks. The proposed framework defines three types of components, namely, sensor, analysis and response. Sensor components gather evidence about security attacks. Analysis components correlate and combine pieces of attack evidence gathered by sensors, in order to detect attacks perceived on the network. Response components execute recommended responses and can be configured to assist humans in executing security countermeasures. Both schematic and formal descriptions of the framework and its components are provided and discussed. General and specific requirements of each component are outlined. To integrate components of the framework together, a lightweight signalling mechanism referred to as "security spaces" is proposed. A security space is a type of "tuple space" that allows sensor, analysis and response components to connect, contribute and communicate security related information. Its application to distributed sensor, and federated sensor environments is described. The detection of enterprise-wide attacks targeting computer networks is accomplished by distributing sensors across the network to collate evidence of perceived attacks, which are communicated to the analysis component for further investigation. In the analysis, a novel approach in data fusion is applied. This approach is underpinned by the Dempster-Shafer theory of evidence that is utilised to collectively combine pieces of attack evidence gathered by the sensors. The fusion of sensor evidence assists to provide accurate detection of attacks perceived on the entire network. Further, to assist security administrators to visualise and mitigate perceived attacks, graph theory and graph matching algorithms are employed in the analysis. Hence, a graph model - pattern activity graph - is proposed and investigated in representing security attacks perceived on the network. Both graph isomorphism and subgraph iso-morphism are used to compare attack graph templates to data graphs obtained from security events. To validate the objectives of this research, a series of experiments were conducted on a testbed network, where live network traffic was monitored. A dataset comprising background data and attack data was gathered. Background data is normal data obtained by monitoring the testbed network. Attack data was generated through the attacks conducted on the monitored testbed LAN. The attacks were primarily network scans, network worms, web attacks, policy violations, and stealthy network scans attacks.
50
Kulle, Linus. "Intrusion Attack & Anomaly Detection in IoT Using Honeypots." Thesis, Malmö universitet, Fakulteten för teknik och samhälle (TS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20676.
Анотація:
This thesis is presented as an artifact of a project conducted at MalmöUniversity IoTaP LABS. The Internet of Things (IoT) is a growing field and its usehas been adopted in many aspects of our daily lives, which has led todigitalization and the creation of smart IoT ecosystems. However, with the rapidadoption of IoT, little or no focus has been put on the security implications,device proliferations and its advancements. This thesis takes a step forward toexplore the usefulness of implementing a security mechanism that canproactively be used to aid understanding attacker behaviour in an IoTenvironment. To achieve this, this thesis has outlined a number of objectivesthat ranges from how to create a deliberate vulnerability by using honeypots inorder to lure attacker’s in order to study their modus operandi. Furthermore,an Intrusion Attack Detection (Model) has been constructed that has aided withthis implementation. The IAD model, has been successfully implemented withthe help of interaction and dependence of key modules that have allowedhoneypots to be executed in a controlled IoT environment. Detailed descriptionsregarding the technologies that have been used in this thesis have also beenexplored to a greater extent. On the same note, the implemented system withthe help of an attack scenario allowed an attacker to access the system andcircumnavigate throughout the camouflaged network, thereafter, the attacker’sfootprints are mapped based on the mode of attack. Consequently, given thatthis implementation has been conducted in MAU environment, the results thathave been generated as a result of this implementations have been reportedcorrectly. Eventually, based on the results that have been generated by thesystem, it is worth to note that the research questions and the objective posedby the thesis have been met.