Global ETD Search

61	Exploring SME Vulnerabilities to Cyber-criminal Activities Through Employee Behavior and Internet Access Twisdale, Jerry Allen 01 January 2018 (has links) Cybercriminal activity may be a relatively new concern to small and medium enterprises (SMEs), but it has the potential to create financial and liability issues for SME organizations. The problem is that SMEs are a future growth target for cybercrime activity as larger corporations begin to address security issues to reduce cybercriminal risks and vulnerabilities. The purpose of this study was to explore a small business owner's knowledge about to the principal elements of decision making for SME investment into cybersecurity education for employees with respect to internet access and employee vulnerabilities. The theoretical framework consisted of the psychological studies by Bandura and Jaishankar that might affect individual decision making in terms of employee risks created through internet use. This qualitative case study involved a participant interview and workplace observations to solicit a small rural business owner's knowledge of cybercriminal exploitation of employees through internet activities such as social media and the potential exploitation of workers by social engineers. Word frequency analysis of the collected data concluded that SME owners are ill equipped to combat employee exploitation of their business through social engineering. Qualitative research is consistent with understanding the decision factors for cost, technical support, and security threat prevention SME organizational leadership use and is the focus of this study as emergent themes. The expectation is that this study will aid in the prevention of social engineering tactics against SME employees and provide a platform for future research for SMEs and cybercriminal activity prevention. cybercrime cyber security information security information security management Small and medium enterprises social engineering Databases and Information Systems
62	Secure Control and Operation of Energy Cyber-Physical Systems Through Intelligent Agents El Hariri, Mohamad 05 November 2018 (has links) The operation of the smart grid is expected to be heavily reliant on microprocessor-based control. Thus, there is a strong need for interoperability standards to address the heterogeneous nature of the data in the smart grid. In this research, we analyzed in detail the security threats of the Generic Object Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV) protocol mappings of the IEC 61850 data modeling standard, which is the most widely industry-accepted standard for power system automation and control. We found that there is a strong need for security solutions that are capable of defending the grid against cyber-attacks, minimizing the damage in case a cyber-incident occurs, and restoring services within minimal time. To address these risks, we focused on correlating cyber security algorithms with physical characteristics of the power system by developing intelligent agents that use this knowledge as an important second line of defense in detecting malicious activity. This will complement the cyber security methods, including encryption and authentication. Firstly, we developed a physical-model-checking algorithm, which uses artificial neural networks to identify switching-related attacks on power systems based on load flow characteristics. Secondly, the feasibility of using neural network forecasters to detect spoofed sampled values was investigated. We showed that although such forecasters have high spoofed-data-detection accuracy, they are prone to the accumulation of forecasting error. In this research, we proposed an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed algorithms was experimentally verified on the Smart Grid testbed at FIU. The test results showed that the proposed techniques have a minimal detection latency, in the range of microseconds. Also, in this research we developed a network-in-the-loop co-simulation platform that seamlessly integrates the components of the smart grid together, especially since they are governed by different regulations and owned by different entities. Power system simulation software, microcontrollers, and a real communication infrastructure were combined together to provide a cohesive smart grid platform. A data-centric communication scheme was selected to provide an interoperability layer between multi-vendor devices, software packages, and to bridge different protocols together. smart grid cyber security cyber-physical systems IEC 61850 GOOSE SMV artificial intelligence dds Power and Energy
63	Riskmedvetenhet kring molntjänster hos studenter / Risk awareness regarding cloud services among students Johansson, Eric, Süld, Niclas January 2021 (has links) Användning av molntjänster har ökat senaste tiden, deras flexibilitet och tillgänglighet har gjort dem till ett lika bra, om inte bättre alternativ till lokal lagring och lokalt installerade programvaror. Denna typ av molnbaserade tjänster är beroende av Internet för att kunna fungera, detta gör datan känslig för eventuella attacker från illvilliga aktörer med en Internetuppkoppling. Alla är dock inte helt medvetna om vilka risker som kan finnas med dessa molntjänster. Covid-19-pandemin har accelererat övergången till molnet ytterligare och bidragit till att användare har blivit tvungna att arbeta och studera hemifrån. I denna uppsats har vi valt att fokusera på högskole- och universitetsstudenters riskmedvetenhet kring molntjänster. Deras kännedom om några av de vanligaste riskerna med molntjänster har undersökts genom en enkätundersökning. Resultatet visar att medvetenheten kring molntjänsters risker har ökat sedan det undersöktes senast. / This is a bachelor thesis written in Swedish about university student's risk awareness regarding cloud computing. The use of cloud computing has increased lately, their flexibility and availability has made them an equally good - if not better option to traditional locally run applications and local storage. Cloud computing is dependent on the Internet to function properly, the connection to the Internet makes them vulnerable to attacks from bad actors with an Internet connection. Despite the widespread use of these services everybody isn't aware of the risks they present. The Covid-19 pandemic has accelerated the increased use of these technologies further by making people work and study from home to a greater extent than before. In this bachelor thesis we have chosen to focus on university students' risk awareness regarding cloud computing. Their knowledge about some of cloud computing's most common risks have been studied using a survey. Results show that awareness has increased since it was last studied. Cloud computing cyber security students risk awareness Molntjänster molntjänstsäkerhet studenter riskmedvetenhet Computer and Information Sciences Data- och informationsvetenskap
64	Designing a solution for automating the management of a capture the flag network Benu, Dalvie January 2023 (has links) Everyday one hears about another cyber attack against a company or state. In 2023 the cost of cyber crime reached 8 trillion USD and is expected to reach 10 trillion in 2025 [1]. It is becoming increasingly clear that cyber security is important in modern society and especially in the IT industry. Practical cyber security courses, like ethical hacking, are important to teach students about how attacks are performed and how to identify vulnerabilities. One such course is ethical hacking (EN2720) at the KTH Royal Institute of Technology. This practical course allows students to practice hacking techniques on a simulated corporate network much like in a capture the flag type event. However, as these networks are being used in unintended ways, as is the nature of the course, it is common for hosts in the network to break. When this happens students will email teaching assistants (TA) to restart the instance. This wastes both students time as they much wait for TAs to read their email and it wastes TAs time as they most issues they deal with are these requests for restarts. This thesis aims to research, design and implement a solution to this problem. In the research phase it is decided that the best solution would be a web application where students can authenticate themselves using existing credentials and request a restart of an instance. The design phase outlines the steps of exactly how this web app will work. The web app is implemented in python as a proof of concept and tests are written to ensure it operated as intended. It is found that the web app successfully solves the outlined problem but there could be some improvements made. Students use provided public key certificates to authenticate themselves, although appropriate in practice, it theory public keys are not secure and can be held by anyone. / Varje dag hör man om en annan cyberattack mot ett företag eller en stat. År 2023 nådde kostnaden för cyberbrottslighet 8 biljoner USD och förväntas uppgå till 10 biljoner år 2025 [1]. Det blir allt tydligare att cybersäkerhet är viktigt i det moderna samhället och särskilt inom IT-branschen. Praktiska cybersäkerhetskurser, som etisk hacking, är viktiga för att lära eleverna om hur attacker utförs och hur man identifierar sårbarheter. En sådan kurs är etisk hacking (EN2720) vid Kungliga Tekniska högskolan. Denna praktiska kurs låter eleverna öva hackingtekniker på ett simulerat företagsnätverk ungefär som i en capture the flag type-händelse. Men eftersom dessa nätverk används på oavsiktliga sätt, vilket är kursens natur, är det vanligt att värdar i nätverket går sönder. När detta händer kommer eleverna att skicka e-post till lärarassistenter (TA) för att starta om instansen. Detta slösar både elevernas tid eftersom de väntar mycket på att TAs ska läsa deras e-post och det slösar TAs tid eftersom de flesta problem de hanterar är dessa förfrågningar om omstarter. Denna avhandling syftar till att undersöka, designa och implementera en lösning på detta problem. I forskningsfasen beslutas att den bästa lösningen skulle vara en webbapplikation där studenter kan autentisera sig med befintliga referenser och begära omstart av en instans. Designfasen beskriver stegen för exakt hur denna webbapp kommer att fungera. Webbappen är implementerad i python som ett proof of concept och tester skrivs för att säkerställa att den fungerar som avsett. Det har visat sig att webbappen framgångsrikt löser det skisserade problemet men det kan göras några förbättringar. Studenter använder tillhandahållna offentliga nyckelcertifikat för att autentisera sig själva, även om det är lämpligt i praktiken, är offentliga nycklar enligt teorin inte säkra och kan innehas av vem som helst. Network Cyber-Security Web App Nätverk cybersäkerhet webbapp Computer and Information Sciences Data- och informationsvetenskap
65	En jämförande studie av Sveriges cybersäkerhetsstrategi Lindskog, Ted January 2022 (has links) This study applies a post-structural discourse analysis developed by Carol Bacchi, called the WPR-approach, on both Estonia's and the Czech Republic's cyber security policy with the purpose of comparing it to the Swedish cyber security policy. It utilizes Foucauldian ideas about how policy creates rather than discovers “problems'' through representation, and what effects this can have. The purpose of this study is to contribute to the government's work to strengthen Swedish society's cyber security policies, which includes both the public and private sectors, through analysis and comparison of two previously vulnerable countries' policy documents. By previously exposed countries is meant here exposed to socially disruptive cyber-attacks. The results show that many of the identified fundamental problems in the two equivalent policies are not taken into care by the Swedish policy. A conclusion is drawn that the Swedish cybersecurity strategy seems to fail to sufficiently address in what way knowledge-raising measures are needed, especially at the strategic levels. This is important for enabling an overall positive cyber security climate which probably affects how well cyber security will be integrated in ordinary business processes. Lack of sufficient incentive structures seem equally important to acknowledge as well as to investigate further, and perhaps there is also a need for a more ambitious approach as well as a less vague view on responsibility. Finally, as other researchers suggest, there is an urgent need to conduct significantly more research in the interdisciplinary field of cyber security. / <p>2022-05-25</p> Sweden Estonia Czech Republic cyber security problem representation WPR-approach poststructuralism policy analysis Political Science Statsvetenskap
66	Cyber attacks against small companies that outsource their services Haji Akbar, Mahan, Babar, Shahryar Khan January 2022 (has links) Companies outsource a lot of their development tasks. The use of external development teams introduces security problems which may lead to data breaches and even corporate espionage where business ideas are used in other companies, leading to leaking of trade secrets. A detailed explanation of the security implications of outsourcing is given, with ways to mitigate such risks in the first section of the report. The report also explains some basics theory in cyber security such as information gathering, vulnerability scanning, exploitation and post exploitation. We also look at some software tools used in the field. Due to the lack of knowledge and awareness about cyber security, most small companies do not have enough protection against these malicious attacks. The proposed intrusion detection system is capable of recognizing various kinds of cyber attacks including denial of serviceattack, spoofing attack, sniffing attack and so on. The proposed system employs ensemble learning and feature selection techniques to reduce the computational cost and improve the detection rate simultaneously. This paper presents an intelligent intrusion detection system based on tree-structure machine learning models. After the implementation of the proposed intrusion detection system on standard data sets, the system has achieved high detection rate and low computational cost simultaneously. The method used to bring results is python with scikit library that can help with machine learning. The results will show figures of heatmap and scores of models that will explain how likely it will identify a cyber attack. Outsourcing Cyber attack Cyber security Intrusion detection system Computer and Information Sciences Data- och informationsvetenskap
67	Workflow-driven, dynamic authorization for Modular Automation systems Basic, Enna, Radonjic, Ivan January 2023 (has links) Industrial Control Systems (ICSs) play a critical role in various industries, automating processes and efficiency optimization. However, these systems have security vulnerabilities that make them prone to cyber attacks, so it is crucial to have strong access control mechanisms in place. This master thesis focuses on the investigation, development, and evaluation of workflow-driven dynamic authorization for modular automation systems. The authorization enables specifying of policies that can adapt in real-time to the dynamic security environment of ICSs. Furthermore, the thesisexplores the efficiency of authorization in terms of execution time, memory consumption, andtoken size through experimental evaluation. The experimental evaluation compares three variationsof token population: a baseline approach that directly encodes accesscontrol list permissions into the token, and two token population algorithms that aim to reduce thetoken size by replacing permissions with overlapping roles. The results show that the baseline approach achieves the shortest execution time and lowest memory consumption, but leads to increased token sizes. On the other hand, the token population algorithms reduce the token size at the costof increased execution time and memory consumption. The choice between these approaches wouldinvolve trade-offs and would depend on the specific requirements of the ICSs environment. / InSecTT industrial control systems dynamic access control authorization service cyber security modular automation Computer Sciences Datavetenskap (datalogi)
68	Evaluation of machine learning models for classifying malicious URLs Abad, Shayan, Gholamy, Hassan January 2023 (has links) Millions of new websites are created daily, making it challenging to determine which ones are safe. Cybersecurity involves protecting companies and users from cyberattacks. Cybercriminals exploit various methods, including phishing attacks, to trick users into revealing sensitive information. In Australia alone, there were over 74,000 reported phishing attacks in 2022, resulting in a financial loss of over $24 million. Artificial intelligence (AI) and machine learning are effective tools in various domains, such as cancer detection, financial fraud detection, and chatbot development. Machine learning models, such as Random Forest and Support Vector Machines, are commonly used for classification tasks. With the rise of cybercrime, it is crucial to use machine learning to identify both known and new malicious URLs. The purpose of the study is to compare different instance selection methods and machine learning models for classifying malicious URLs. In this study, a dataset containing approximately 650,000 URLs from Kaggle was used. The dataset consisted of four categories: phishing, defacement, malware, and benign URLs. Three datasets, each consisting of around 170,000 URLs, were generated using instance selection methods (DRLSH, BPLSH, and random selection) implemented in MATLAB. Machine learning models, including SVM, DT, KNNs, and RF, were employed. The study applied these instance selection methods to a dataset of malicious URLs, trained the machine learning models on the resulting datasets, and evaluated their performance using 16 features and one output feature. In the process of hyperparameter tuning, the training dataset was used to train four models with different hyperparameter settings. Bayesian optimization was employed to find the best hyperparameters for each model. The classification process was then conducted, and the results were compared. The study found that the random instance selection method outperformed the other two methods, BPLSH and DRLSH, in terms of both accuracy and elapsed time for data selection. The lower accuracies achieved by the DRLSH and BPLSH methods may be attributed to the imbalanced dataset, which led to poor sample selection. Machine learning Cyber security Classification Malicious URL Instance selection Computer Engineering Datorteknik
69	Challenges of Online Security for Senior Citizens Sivagumaran, Sinthujan January 2023 (has links) Senior citizens are among the most vulnerable groups of cyber victimization in today’s contexts. Ensuring online security for the elderly has become extremely critical as the global elderly population is on the rise and the incident of cyber victimization is rapidly growing causing financial and societal problems for them. This study is conducted to identify the challenges faced in ensuring online security to senior citizens and to propose remedies to these identified challenges. A systematic literature review was performed on Google Scholar, IEEEXplore, Pubmed, ScienceDirect and Proquest databases to identify the challenges using appropriate keywords and screening criteria. 29 Review articles (n=29) were found relevant for the challenges of online security for senior citizens and broadly categorized into physical and psychological factors, technological factors, and awareness factors. 14 review articles (n=14) were found to be relevant as remedial measures on IEEEXplore database. Challenges found for physical and psychological factors were health problems such as mobility decline which led to higher use of online services (higher visibility), issues in recalling memory which leads to inability to recall information regarding crime and non-reporting of crime, and cognitive impairment where they are unable to assess the potential choices. Remedial measures which can be applied for these issues include home monitoring systems using beacon technology, path tracking fall detection systems, use of apps like senior book, use of elder friendly web forms. Seniors were also found to be in social isolation where they are exposed to unfamiliar online activities due to the death of the capable partner, less able to seek advice due to lack of network and the possibility of building relationships with strangers allows the fraudsters to target the elders easily. Further, the relative wealth of seniors is high, and they are less likely to check their balances, making them vulnerable. Smart home systems, apps such as SAFER were found to be possible remedial measures for these situations. Also, elders are reluctant to report victimization due to fear of victim blaming and fear of loss of independence which results in repeated victimization. Challenges identified for awareness factors include less awareness of content of scam, trusting communications which are legitimate authorities and limited awareness on cyber security. Information Security Awareness Programs, online courses on security awareness can be used as a remedial measure to enhance the awareness of cyber security among elders. Technological challenges identified include lack of cyber security skills where they do not have the motivation to seek cyber security related information, unable to understand the jargon used and use of unsecured networks and easily imitable passwords. The remedies found were biometrics instead of passwords, participatory approach for the design and development of programs and use of elder friendly internet browsers. This study contributes to the cyber security of senior citizens by understanding the challenges and suggesting remedies for the challenges identified. senior citizens elderly cyber security online security challenges remedies Computer Sciences Datavetenskap (datalogi)
70	Classifying and Cataloging Cyber-Security Incidents Within Cyber-Physical Systems Miller, William B 01 December 2014 (has links) (PDF) In the past, there were perceived delineations between the cyber world and the physical world. We are becoming increasingly aware of the overlap between these two worlds, and the overlap itself is increasing. The overlap between these two worlds is known as cyber-physical systems. There have been several incidents involving cyber-physical systems and the number of these incidents is increasing dramatically. In the past there has been no effort to identify methods for describing these incidents in the unique context of cyber-physical systems. This research provides a taxonomy for classifying these incidents that focuses on cross domain, impact oriented analysis. A repository for information about these incidents has also been created as part of this research. William Miller cyber-physical systems cyber-security incident taxonomy database Computer Sciences

Search results