Global ETD Search

91	Sistema embarcado inteligente para detecção de intrusão em subestações de energia elétrica utilizando o Protocolo OpenFlow / Embedded intelligent system for intrusion detection in electric power substations using the OpenFlow protocol Lázaro Eduardo da Silva 05 October 2016 (has links) O protocolo International Electrotechnical Commission (IEC)-61850 tornou possível integrar os equipamentos das subestações de energia elétrica, através de uma rede de comunicação de dados Ethernet de alta velocidade. A utilização deste protocolo tem como objetivo principal a interligação dos Intelligent Electronic Devices (IEDs) para a automatização dos processos no sistema elétrico. As contribuições deste protocolo para a integração do controle e supervisão do sistema elétrico são diversas, porém, o fato de utilizar uma rede de comunicação de dados Ethernet integrada expõe o sistema elétrico à ataques cibernéticos. A norma IEC-62351 estabelece uma série de recomendações para prover segurança à rede de comunicação do sistema elétrico, dentre elas, o gerenciamento da rede de comunicação, a análise dos campos da mensagem Generic Object Oriented Substation Event (GOOSE) e a utilização de sistemas de detecção de intrusão. O presente trabalho descreve o desenvolvimento de um Intrusion Detection System (IDS) que atende os requisitos de segurança propostos pelo protocolo IEC-62351, para a identificação de ataques à comunicação realizada por mensagens GOOSE do protocolo IEC-61850, e entre equipamentos do sistema elétrico. Para o desenvolvimento desta aplicação, foram identificados os campos que compõem as mensagens GOOSE, de forma a reconhecer os valores esperados em diferentes situações de operação do sistema elétrico. Determinaram-se padrões de comportamento a serem utilizados para discernir mensagens falsas na rede de comunicação. Instalou-se e configurou-se um sistema operacional de tempo real embarcado na plataforma de desenvolvimento Zynq Board (ZYBO), juntamente com o controlador Open-Mul, para gerenciar a rede de comunicação da subestação, através do protocolo OpenFlow, realizando otimizações para o tráfego multicast. Foi desenvolvido um sistema de detecção e bloqueio de mensagens GOOSE falsas que utiliza o protocolo OpenFlow para controle da rede de comunicação do Sistema Elétrico. Desenvolveu-se ainda um sistema inteligente, utilizando-se uma Rede Neural Artificial (RNA) Nonlinear Autoregressive Model with Exogenous Input (NARX), para predição do tráfego realizado por mensagens GOOSE e detecção de ataques Distributed Deny of Service (DDOS). Os resultados obtidos demonstraram que o protocolo OpenFlow pode ser uma ferramenta interessante para controle da rede, porém, os fabricantes necessitam amadurecer sua implementação nos switches, para que sejam utilizados em produção nas redes de comunicação das subestações. O sistema de predição do tráfego gerado por mensagens GOOSE apresentou benefícios interessantes para a segurança da rede de comunicação, demonstrando potencial para compor um sistema de detecção de ataques DDOS realizado por mensagens GOOSE, na rede de comunicação das subestações de energia elétrica. / The IEC-61850 made it possible to integrate equipments of electric power system substations to a high-speed Ethernet data communication network. Its main goal is the interconnection of IEDs for the automation of processes in an electrical system. The contributions of this protocol for the integration of the control and supervision of the electrical system are diverse, although an Ethernet network exposes the electrical system for cyber attacks. The IEC-62351 states a series of recommendations to provide security to the communication network of the electrical system, such as the communication network management, the analysis of GOOSE messages and the use of intrusion detection systems. This study describes the development of an IDS that meets the security requirements proposed by the IEC-62351 standard to identify attacks on communication between GOOSE messages exchanged by electrical equipment using IEC-61850. For the development of this application, fields of the GOOSE messages were identified, in order to recognize the expected values in different power system operating conditions. Behaviour patterns were determined to detect false messages on the communication network. A real-time embedded operating system on ZYBO was installed and configured, as well as the OpenMul controller to manage the communication network of the substation through the OpenFlow protocol, performing optimizations for multicast traffic. A detection system and block tamper GOOSE messages, using the OpenFlow protocol for control of the electrical system communication network, were developed. In addition, an intelligent system using an Artificial Neural Network (ANN) Nonlinear Autoregressive Model with Exogenous Input (NARX) for predicting of the GOOSE messages traffic and the detection of Distributed Deny of Service attack (DDOS) were also developed. The results obtained show that the OpenFlow protocol may be a valuable tool for network control, however, manufacturers should maturely carry on with its implementation in the switches, so that it be used in substation communication networks. The traffic prediction system of the GOOSE messages presented interesting benefits for the security of the communication network, demonstrating potential to built a DDOS attack detection system performed by GOOSE messages on the communication network of electric power substations. IEC-61850 IEC-62351 Redes de comunicação de dados Segurança cibernética Sistema de detecção de intrusão Sistema elétrico Sistema embarcado Sistema inteligente Cyber security Data communication network Embedded system IEC-61850 IEC-62351 Intelligent system Intrusion detection system Power system
92	Analysis of Computer System Incidents and Security Level Evaluation / Incidentų kompiuterių sistemose tyrimas ir saugumo lygio įvertinimas Paulauskas, Nerijus 10 June 2009 (has links) The problems of incidents arising in computer networks and the computer system security level evaluation are considered in the thesis. The main research objects are incidents arising in computer networks, intrusion detection systems and network scanning types. The aim of the thesis is the investigation of the incidents in the computer networks and computer system security level evaluation. The following main tasks are solved in the work: classification of attacks and numerical evaluation of the attack severity level evaluation; quantitative evaluation of the computer system security level; investigation of the dependence of the computer system performance and availability on the attacks affecting the system and defense mechanisms used in it; development of the model simulating the computer network horizontal and vertical scanning. The thesis consists of general characteristic of the research, five chapters and general conclusions. General characteristic of the thesis is dedicated to an introduction of the problem and its topicality. The aims and tasks of the work are also formulated; the used methods and novelty of solutions are described; the author‘s publications and structure of the thesis are presented. Chapter 1 covers the analysis of existing publications related to the problems of the thesis. The survey of the intrusion detection systems is presented and methods of the intrusion detection are analyzed. The currently existing techniques of the attack classification are... [to full text] / Disertacijoje nagrinėjamos incidentų kompiuterių tinkluose ir kompiuterių sistemų saugumo lygio įvertinimo problemos. Pagrindiniai tyrimo objektai yra incidentai kompiuterių tinkluose, atakų atpažinimo sistemos ir kompiuterių tinklo žvalgos būdai. Disertacijos tikslas – incidentų kompiuterių tinkluose tyrimas ir kompiuterių sistemų saugumo lygio įvertinimas. Darbe sprendžiami šie pagrindiniai uždaviniai: atakų klasifikavimas ir jų sunkumo lygio skaitinis įvertinimas; kompiuterių sistemos saugumo lygio kiekybinis įvertinimas; kompiuterių sistemos našumo ir pasiekiamumo priklausomybės nuo sistemą veikiančių atakų ir joje naudojamų apsaugos mechanizmų tyrimas; modelio, imituojančio kompiuterių tinklo horizontalią ir vertikalią žvalgą kūrimas. Disertaciją sudaro įvadas, penki skyriai ir bendrosios išvados. Įvadiniame skyriuje nagrinėjamas problemos aktualumas, formuluojamas darbo tikslas bei uždaviniai, aprašomas mokslinis darbo naujumas, pristatomi autoriaus pranešimai ir publikacijos, disertacijos struktūra. Pirmasis skyrius skirtas literatūros apžvalgai. Jame apžvelgiamos atakų atpažinimo sistemos, analizuojami atakų atpažinimo metodai. Nagrinėjami atakų klasifikavimo būdai. Didelis dėmesys skiriamas kompiuterių sistemos saugumo lygio įvertinimo metodams, kompiuterių prievadų žvalgos būdams ir žvalgos atpažinimo metodams. Skyriaus pabaigoje formuluojamos išvados ir konkretizuojami disertacijos uždaviniai. Antrajame skyriuje pateikta sudaryta atakų nukreiptų į kompiuterių... [toliau žr. visą tekstą] Electronics and Electrical Engineering Computer system security Security level evaluation Network scanning Intrusion detection system Computer system incidents Kompiuterių sistemų saugumas Saugumo lygio įvertinimas Tinklo žvalga Atakų atpažinimo sistmos Incidentai kompiuterių sistemose
93	Applying mobile agents in an immune-system-based intrusion detection system Zielinski, Marek Piotr 30 November 2004 (has links) Nearly all present-day commercial intrusion detection systems are based on a hierarchical architecture. In such an architecture, the root node is responsible for detecting intrusions and for issuing responses. However, an intrusion detection system (IDS) based on a hierarchical architecture has many single points of failure. For example, by disabling the root node, the intrusion-detection function of the IDS will also be disabled. To solve this problem, an IDS inspired by the human immune system is proposed. The proposed IDS has no single component that is responsible for detecting intrusions. Instead, the intrusion-detection function is divided and placed within mobile agents. Mobile agents act similarly to white blood cells of the human immune system and travel from host to host in the network to detect intrusions. The IDS is fault-tolerant because it can continue to detect intrusions even when most of its components have been disabled. / Computer Science (School of Computing) / M. Sc. (Computer Science) Computer security Intrusion detection system Immune system Mobile agent Fault-tolerance Anomaly detection System call monitoring Computer immunology 005.8 Computer security Mobile agents (Computer software) Computer networks -- Security measures
94	A SOM+ Diagnostic System for Network Intrusion Detection Langin, Chester Louis 01 August 2011 (has links) This research created a new theoretical Soft Computing (SC) hybridized network intrusion detection diagnostic system including complex hybridization of a 3D full color Self-Organizing Map (SOM), Artificial Immune System Danger Theory (AISDT), and a Fuzzy Inference System (FIS). This SOM+ diagnostic archetype includes newly defined intrusion types to facilitate diagnostic analysis, a descriptive computational model, and an Invisible Mobile Network Bridge (IMNB) to collect data, while maintaining compatibility with traditional packet analysis. This system is modular, multitaskable, scalable, intuitive, adaptable to quickly changing scenarios, and uses relatively few resources. 3D Full-Color Self-Organizing Map (SOM) Complex Hybridized Soft Computing (SC) Information Security Diagnostic System Network Intrusion Detection Types
95	SISTEMA DE DETECÇÃO DE INTRUSOS EM ATAQUES ORIUNDOS DE BOTNETS UTILIZANDO MÉTODO DE DETECÇÃO HÍBRIDO / Intrusion Detection System in Attacks Coming from Botnets Using Method Hybrid Detection CUNHA NETO, Raimundo Pereira da 28 July 2011 (has links) Made available in DSpace on 2016-08-17T14:53:19Z (GMT). No. of bitstreams: 1 dissertacao Raimundo.pdf: 3146531 bytes, checksum: 40d7a999c6dda565c6701f7cc4a171aa (MD5) Previous issue date: 2011-07-28 / The defense mechanisms expansion for cyber-attacks combat led to the malware evolution, which have become more structured to break these new safety barriers. Among the numerous malware, Botnet has become the biggest cyber threat due to its ability of controlling, the potentiality of making distributed attacks and because of the existing structure of control. The intrusion detection and prevention has had an increasingly important role in network computer security. In an intrusion detection system, information about the current situation and knowledge about the attacks contribute to the effectiveness of security process against this new cyber threat. The proposed solution presents an Intrusion Detection System (IDS) model which aims to expand Botnet detectors through active objects system by proposing a technology with collect by sensors, preprocessing filter and detection based on signature and anomaly, supported by the artificial intelligence method Particle Swarm Optimization (PSO) and Artificial Neural Networks. / A ampliação dos mecanismos de defesas no uso do combate de ataques ocasionou a evolução dos malwares, que se tornaram cada vez mais estruturados para o rompimento destas novas barreiras de segurança. Dentre os inúmeros malwares, a Botnet tornou-se uma grande ameaça cibernética, pela capacidade de controle e da potencialidade de ataques distribuídos e da estrutura de controle existente. A detecção e a prevenção de intrusão desempenham um papel cada vez mais importante na segurança de redes de computadores. Em um sistema de detecção de intrusão, as informações sobre a situação atual e os conhecimentos sobre os ataques tornam mais eficazes o processo de segurança diante desta nova ameaça cibernética. A solução proposta apresenta um modelo de Sistema de Detecção de Intrusos (IDS) que visa na ampliação de detectores de Botnet através da utilização de sistemas objetos ativos, propondo uma tecnologia de coleta por sensores, filtro de pré-processamento e detecção baseada em assinatura e anomalia, auxiliado pelo método de inteligência artificial Otimização de Enxame da Partícula (PSO) e Redes Neurais Artificiais. Segurança de Redes Botnets Sistema de Detecção de Intrusos - IDS Redes Neurais Artificiais Network Security Botnet Intrusion Detection System - IDS Particle Swarm Optimization - PSO Artificial Neural Networks
96	Mitteilungen des URZ 2/2004 Heide,, Richter,, Riedel,, Schier,, Kratzert,, Ziegler, 10 May 2004 (has links) (PDF) Informationen des Universitätsrechenzentrums Campusnetz Computerpools Zeichenkodierung DINI Recherche Linux Fedora Core 1 MONARCH Mail-Würmer PHP-Programmierung sichere Swish-E ddc:050 ddc:004 Unicode Windows XP Zertifizierung Sicherheit
97	Towards privacy preserving cooperative cloud based intrusion detection systems Kothapalli, Anirudh Mitreya 08 1900 (has links) Les systèmes infonuagiques deviennent de plus en plus complexes, dynamiques et vulnérables aux attaques. Par conséquent, il est de plus en plus difficile pour qu'un seul système de détection d'intrusion (IDS) basé sur le cloud puisse repérer toutes les menaces, en raison des lacunes de connaissances sur les attaques et leurs conséquences. Les études récentes dans le domaine de la cybersécurité ont démontré qu'une coopération entre les IDS d'un nuage pouvait apporter une plus grande efficacité de détection dans des systèmes informatiques aussi complexes. Grâce à cette coopération, les IDS d'un nuage peuvent se connecter et partager leurs connaissances afin d'améliorer l'exactitude de la détection et obtenir des bénéfices communs. L'anonymat des données échangées par les IDS constitue un élément crucial de l'IDS coopérative. Un IDS malveillant pourrait obtenir des informations confidentielles d'autres IDS en faisant des conclusions à partir des données observées. Pour résoudre ce problème, nous proposons un nouveau système de protection de la vie privée pour les IDS en nuage. Plus particulièrement, nous concevons un système uniforme qui intègre des techniques de protection de la vie privée dans des IDS basés sur l'apprentissage automatique pour obtenir des IDS qui respectent les informations personnelles. Ainsi, l'IDS permet de cacher des informations possédant des données confidentielles et sensibles dans les données partagées tout en améliorant ou en conservant la précision de la détection. Nous avons mis en œuvre un système basé sur plusieurs techniques d'apprentissage automatique et de protection de la vie privée. Les résultats indiquent que les IDS qui ont été étudiés peuvent détecter les intrusions sans utiliser nécessairement les données initiales. Les résultats (c'est-à-dire qu'aucune diminution significative de la précision n'a été enregistrée) peuvent être obtenus en se servant des nouvelles données générées, analogues aux données de départ sur le plan sémantique, mais pas sur le plan synthétique. / Cloud systems are becoming more sophisticated, dynamic, and vulnerable to attacks. Therefore, it's becoming increasingly difficult for a single cloud-based Intrusion Detection System (IDS) to detect all attacks, because of limited and incomplete knowledge about attacks and their implications. The recent works on cybersecurity have shown that a co-operation among cloud-based IDSs can bring higher detection accuracy in such complex computer systems. Through collaboration, cloud-based IDSs can consult and share knowledge with other IDSs to enhance detection accuracy and achieve mutual benefits. One fundamental barrier within cooperative IDS is the anonymity of the data the IDS exchanges. Malicious IDS can obtain sensitive information from other IDSs by inferring from the observed data. To address this problem, we propose a new framework for achieving a privacy-preserving cooperative cloud-based IDS. Specifically, we design a unified framework that integrates privacy-preserving techniques into machine learning-based IDSs to obtain privacy-aware cooperative IDS. Therefore, this allows IDS to hide private and sensitive information in the shared data while improving or maintaining detection accuracy. The proposed framework has been implemented by considering several machine learning and privacy-preserving techniques. The results suggest that the consulted IDSs can detect intrusions without the need to use the original data. The results (i.e., no records of significant degradation in accuracy) can be achieved using the newly generated data, similar to the original data semantically but not synthetically. Cloud Systems Cyber Attacks Privacy Intrusion Detection System Cooperative IDS Systèmes infonuagiques Cyber-attaques Intimité Système de détection d’intrusion IDS coopératif
98	Bearbetningstid och CPU-användning i Snort IPS : En jämförelse mellan ARM Cortex-A53 och Cortex-A7 / Processing time and CPU usage in Snort IPS : A comparision between ARM Cortex-A53 and Cortex-A7 Nadji, Al-Husein, Sarbast Hgi, Haval January 2020 (has links) Syftet med denna studie är att undersöka hur bearbetningstiden hos Snort intrångsskyddssystem varierar mellan två olika processorer; ARM Cortex-A53 och Cortex-A7. CPU-användningen undersöktes även för att kontrollera om bearbetningstid är beroende av hur mycket CPU Snort använder. Denna studie ska ge kunskap om hur viktig en processor är för att Snort ska kunna prestera bra när det gäller bearbetningstid och CPU användning samt visa det uppenbara valet mellan Cortex-A53 och Cortex-A7 när man ska implementera Snort IPS. Med hjälp av litteratursökning konstruerades en experimentmiljö för att kunna ge svar på studiens frågeställningar. Snort kan klassificeras som CPU-bunden vilket innebär att systemet är beroende av en snabb processor. I detta sammanhang innebär en snabb processor gör att Snort hinner bearbeta den mängd nätverkstrafik den får, annars kan trafiken passera utan att den inspekteras vilket kan skada enheten som är skyddat av Snort. Studiens resultat visar att bearbetningstiden i Snort på Cortex-A53 och Cortex-A7 skiljer sig åt och en tydlig skillnad i CPU-användning mellan processorerna observerades. Studien visar även kopplingen mellan bearbetningstiden och CPUanvändning hos Snort. Studiens slutsats är att ARM Cortex-A53 har bättre prestanda vid användning av Snort IPS avseende bearbetningstid och CPU-användning, där Cortex-A53 har 10 sekunder kortare bearbetningstid och använder 2,87 gånger mindre CPU. / The purpose of this study is to examine how the processing time of the Snort intrusion prevention system varies on two different processors; ARM Cortex-A53 and CortexA7. CPU usage was also examined to check if processing time depends on how much CPU Snort uses. This study will provide knowledge about how important a processor is for Snort to be able to perform well in terms of processing time and CPU usage. This knowledge will help choosing between Cortex-A53 and Cortex-A7 when implementing Snort IPS. To achieve the purpose of the study a literature search has been done to design an experimental environment. Snort can be classified as CPU-bound, which means that the system is dependent on a fast processor. In this context, a fast processor means that Snort is given enough time to process the amount of traffic it receives, otherwise the traffic can pass through without it being inspected, which can be harmful to the device that is protected by Snort. The results of the study show that the processing time in Snort on Cortex-A53 and Cortex-A7 differs and an obvious difference in CPU usage between the processors is shown. The study also presents the connection between processing time and CPU usage for Snort. In conclusion, ARM Cortex-A53 has better performance when using Snort IPS in terms of processing time and CPU usage, Cortex-A53 has 10 seconds less processing time and uses 2,87 times less CPU. - Snort Cortex-A53 Cortex-A7 ARM CPU Processing time IDS IPS Intrusion detection system Raspberry Pi Network Snort Cortex-A53 Cortex-A7 ARM CPU Bearbetningstid IDS IPS Intrångsdetekteringssystem Raspberry Pi Nätverk Computer Sciences Datavetenskap (datalogi)
99	Analýza automatizovaného generování signatur s využitím Honeypotu / Analysis of Automated Generation of Signatures Using Honeypots Bláha, Lukáš January 2012 (has links) In this paper, system of automatic processing of attacks using honeypots is discussed. The first goal of the thesis is to become familiar with the issue of signatures to detect malware on the network, especially the analysis and description of existing methods for automatic generation of signatures using honeypots. The main goal is to use the acquired knowledge to the design and implementation of tool which will perform the detection of new malicious software on the network or end user's workstation.
100	Mitteilungen des URZ 2/2004 Heide, Richter, Riedel, Schier, Kratzert, Ziegler 10 May 2004 (has links) Informationen des Universitätsrechenzentrums:Nutzung der Computerpools Unicode - eine neue Art der Zeichenkodierung Sicheres Programmieren mit PHP (Teil 2) NIDS im Campusnetz MONARCH Achtung, Mail-Würmer! Kurzinformationen info:eu-repo/classification/ddc/050 ddc:050 info:eu-repo/classification/ddc/004 ddc:004

Search results