Defence against denial of service in self-aware networks

Loukas, Georgios

January 2006

No description available.

005.8

Specification and security analysis of mobile ad-hoc networks

Nanz, Sebastian

January 2006

No description available.

005.8

Improving intrusion detection systems using data mining techniques

Almutairi, Abdulrazaq Z.

January 2016

Recent surveys and studies have shown that cyber-attacks have caused a lot of damage to organisations, governments, and individuals around the world. Although developments are constantly occurring in the computer security field, cyber-attacks still cause damage as they are developed and evolved by hackers. This research looked at some industrial challenges in the intrusion detection area. The research identified two main challenges; the first one is that signature-based intrusion detection systems such as SNORT lack the capability of detecting attacks with new signatures without human intervention. The other challenge is related to multi-stage attack detection, it has been found that signature-based is not efficient in this area. The novelty in this research is presented through developing methodologies tackling the mentioned challenges. The first challenge was handled by developing a multi-layer classification methodology. The first layer is based on decision tree, while the second layer is a hybrid module that uses two data mining techniques; neural network, and fuzzy logic. The second layer will try to detect new attacks in case the first one fails to detect. This system detects attacks with new signatures, and then updates the SNORT signature holder automatically, without any human intervention. The obtained results have shown that a high detection rate has been obtained with attacks having new signatures. However, it has been found that the false positive rate needs to be lowered. The second challenge was approached by evaluating IP information using fuzzy logic. This approach looks at the identity of participants in the traffic, rather than the sequence and contents of the traffic. The results have shown that this approach can help in predicting attacks at very early stages in some scenarios. However, it has been found that combining this approach with a different approach that looks at the sequence and contents of the traffic, such as event- correlation, will achieve a better performance than each approach individually.

005.8

Evaluating and integrating software process improvement models and security engineering principles

Li, Haiwen

January 2005

The research is concerned with the management of software quality and information system security in rapidly changing business environments. Project development life cycles are becoming more complex and e-commerce is growing rapidly. Suppliers will offer new and exciting services but decision makers are faced with the challenge of identifying the information security solutions and reducing business risks. Both customers and suppliers are interested in improving the development of security products, system and services. The field of security engineering has several generally accepted principles, but it currently lacks a comprehensive framework for evaluating security-engineering practices and integrating security engineering approaches with software quality improvment models. The aims of this research are 1) to evaluate existing security engineering principles and software process improvement models (such as ISO 15504, CMM, ISO 17799), to identify weaknesses through a comparison. 2) To analyse and investigate the current security management practices in the different organisations, to explore and identify the potential security risks. 3) To integrate and set up a bridge between software quality improvement processes and security engineering principles. 4) To design a model which can provide organisations with guidance on how to gain control of their processes for developing software quality improvement and information security management, and how to evolve towards a culture of security management process through overcoming the weaknesses in above models. The literature review has been conducted to study the existing software process assessment and information security management models. The well-known software process assessment models CMM, ISO 15504, BOOTSTRAP, the information security management standard ISO 17799 and the USD Generally Accepted Security System Pronciple (GASSP) and SSE-CMM have been analysed. The strengths and weakness of these models have been highlighted from model structure, major functions and frame analysis. Additionally journals and conferences proceedings provide information and a comprehensive knowledge and background for informatuion security management in rapidly changing and e-business environment. In this study surveys on information security management in rapidly changing and e-business environments have been conducted, focusing on exploring and investigating the security management processes and ISO 17799 information security standard usage in different kinds of organisations. The differences between UK and non-UK organisations have been analysed. Some major activities for info-security management and ISO 17799 current status are highlighted, the most important security risk management processes and potential weaknesses have also been analysed. Based on these results, recommendations and further considerations are presented for software houses, e-business companies, financial and security consultant organisations. To provide valuable input in the development of such an approach, an in-depth analysis of the information security management special issues and best practices has been carried out. This research also integrates the security engineering process into a project lifecycle. A new Security Engineering Process Improvement Approach (SEPIA) has been developed as a major contribution to the software industry that fills an important gap between software quality improvement modelling and security engineering principles. It includes more than 120 detailed process improvement and control areas. The SEPIA model has been validated and verified in a global organisation, details of five projects have been presented and analysed, the existing problems in the organisation have been highlighted based on the SEPIA model. After the verification and validation activities, more inputs were also gained to achieve the final SEPIA model. The new model provides organisations with guidance and extra audit reference on how to gain control of their processes for devloping software security management, and how to evolve towards a culture of security management process through overcoming the weaknesses in the existing guidelines

005.8

Computing

A reflective study of how security conceptualises the international standardisation of security

Al Darmaki, Mohamed Juma

January 2015

The benefits of international cooperation in security are well understood. However, they have proven difficult to achieve as has any unanimously agreed standard or protocol. The purpose of this research is to establish how standardisation in security could be implemented internationally. Special attention has been paid to the operational level of the security apparatus and staff to conceptualise the challenges of implementation in multi-disciplined policing and security. This thesis also takes a wide-ranging view of the social interaction and interrelationship between the security apparatus and society; how the changes in the security environment have focused attention on the need for international standardisation and the challenges which led to the establishment of some international cooperation and systems, none of which has received universal acceptance. The important contribution of this research is in identifying and explaining the challenges involved in the establishment of an international security standard, and in providing some solutions and insights based upon the objective experiential reflection of people and organisations facing the challenges posed by a variety of security risks. The aim of this work is achieved by addressing two overarching concepts; the first of which addresses the difficulties involved in establishing an international standard for security acceptable to the international community such that they would cooperate given their many sovereign interests. The second of which defines the possibility of such a proposition involving the practicalities of implementing such a system at an operational level given the inevitable differences between countries. This study is based upon a complex body of data and information the gathering of which has been complicated by the inherent confidentiality in the sector. Infrastructural Information gathered by desk research and a wide literature review have been enriched by Operational Information from which three key hypotheses going to the root of the problem statement have been developed. 30 key issues/areas of focus were derived from these hypotheses and expanded into a questionnaire of 49 questions. The questionnaire targets objective information by the reflection of the participants on a wide range of issues, which also provides the basis of the interview regime. The data and information are analysed within a by-question discussion protocol and used to test the three key hypotheses from which conclusions are defined and recommendations identified. It was found that limited access to information within the culture of secrecy in the security sector hinders progress towards standardisation. Whilst there was a low level of resistance from the police and the security establishment to cooperation, many countries would need legislation to enable participation, which many would be provisionally willing to enact to enable cooperation. This in turn would require the sharing and exchange of information which would be a benefit of coordination and cooperation. The majority of countries would support working to a standard and would value cooperation. A need for support is indicated in the areas of management, benchmarking, commonality and improvement of processes. This is because few countries manage their security to a standard; and the majority want improvements and common standards to work to. It is clear that success depends upon commonality and coordination and there is a willingness to coordinate and cooperate by the majority of countries. It is recommended that standardisation come under the auspices of a supranational body like the United Nations because of the development work required in bringing countries together. A coordinated cooperation within a structured standardised organisation sensitive to various country needs would appeal to the majority and would most likely succeed.

005.8

Criminology

New methods to improve the pixel domain steganography, steganalysis, and simplify the assessment of steganalysis tools

Khalind, Omed Saleem

January 2015

Unlike other security methods, steganography hides the very existence of secret messages rather than their content only. Both steganography and steganalysis are strongly related to each other, the new steganographic methods should be evaluated with current steganalysis methods and vice-versa. Since steganography is considered broken when the stego object is recognised, undetectability would be the most important property of any steganographic system. Digital image files are excellent media for steganography, as they have redundancy in their representation. Also, the most widely used method of image steganography is the least significant bit (LSB) embedding. This thesis investigates the latest methods of pixel domain steganography and provides new efficient approaches to improve them in three perspectives: embedding, detection, and the digital forensics investigation process. Firstly, the probability of detection is considered for non-adaptive LSB and 2LSB image steganography even for the embedding rate of 1. The proposed method noticeably reduced the probability of detection for different detection methods via improving the embedding efficiency of both LSB and 2LSB methods, which is not restricted to a specific steganalysis attack. The extensions to LSB steganography methods have received great attention from steganographers, especially 2LSB, because it is easy to implement, has a higher capacity, is visually imperceptible, brings complex changes to the image pixel values and is harder to detect. The proposed method improves the detection accuracy of the current state of the art targeted 2LSB steganalysis methods via a novel approach pixel value grouping and statistical analysis of the image pixel values histogram. Moreover, a discrete classifier version of the proposed method is developed which gives a label (‘Stego’ or ‘Clean’) to the analysed image and avoids the overhead of setting a right threshold value. The last perspective of this research considers the evaluation process of the steganalysis tools and simplifying the digital forensics investigation process. Hence, a novel statistical method is proposed to effectively simplify the investigation process by showing the area of differences between the testing image set and the random set of images that is used as a baseline. It also indicates whether the difference is significant or not. All the above mentioned novel approaches included in this thesis are proven, in both theoretical and practical perspectives, to be better than the current state-of-the-art methods and add some value to the knowledge in the field of steganography, steganalysis and its applications.

005.8

Computing

Exploring the memorability of multiple recognition-based graphical passwords and their resistance to guessability attacks

Chowdhury, Soumyadeb

January 2015

Most users find it difficult to remember traditional text-based passwords. In order to cope with multiple passwords, users tend to adopt unsafe mechanisms like writing down the passwords or sharing them with others. Recognition-based graphical authentication systems (RBGSs) have been proposed as one potential solution to minimize the above problems. But, most prior works in the field of RBGSs make the unrealistic assumption of studying a single password. It is also an untested assumption that RBGS passwords are resistant to being written down or verbally communicated. The main aim of the research reported in this thesis is to examine the memorability of multiple image passwords and their guessability using written descriptions (provided by the respective account holders). In this context, the thesis presents four user studies. The first user study (US1) examined the usability of multiple RBGS passwords with four different image types: Mikon, doodle, art and everyday objects (e.g. images of food, buildings, sports etc.). The results obtained in US1 demonstrated that subjects found it difficult to remember four RBGS passwords (of the same image type) and the memorability of the passwords deteriorated over time. The results of another usability study (US2) conducted using the same four image types (as in US1) demonstrated that the memorability of the multiple RBGS passwords created by employing a mnemonic strategy do not improve even when compared to the existing multiple password studies and US1. In the context of the guessability, a user study (GS1) examined the guessability of RBGS passwords (created in US1), using the textual descriptions given by the respective account holders. Another study (GS2) examined the guessability of RBGS passwords (created in US2), using descriptions given by the respective account holders. The results obtained from both the studies showed that RBGS passwords can be guessed using the password descriptions in the experimental set-up used. Additionally, this thesis presents a novel Passhint authentication system (PHAS).The results of a usability study (US3) demonstrated that the memorability of multiple PHAS passwords is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for the successful attempts is either equivalent to or less than the time reported for previous GASs. The guessability study (GS3) showed that the art passwords are the least guessable, followed by Mikon, doodle and objects in that order. This thesis offers these initial studies as a proof of principle to conduct large scale field studies in the future with PHAS. Based on the review of the existing literature, this thesis identifies the need for a general set of principles to design usability experiments that would allow systematic evaluation and comparison of different authentication systems. From the empirical studies (US1, US2 and US3) reported in this thesis, we found that multiple RBGS passwords are difficult to remember, and the memorability of such passwords can be increased using the novel PHAS. We also recommend using the art images as the passwords in PHAS, because they are found to be the least guessable using the written descriptions in the empirical studies (GS1, GS2 and GS3) reported in this thesis.

005.8

QA76 Computer software

Development of digital filtering techniques in three-dimensional TLM models

Vongurai, Rawin

January 2013

Digital filtering (DF) techniques are receiving significant interest, because they can represent fine features such as vias, thin-panels and thin-wires in full-field solutions of electromagnetic problems with significant savings in computational costs. However, a limitation of this technique is that DF can only represent a fine feature as a plane or as an internal boundary. In other words, an internal boundary can represent the electromagnetic properties of a fine feature in one dimension or two directions. The DF technique is usually involved with time domain solvers such as the Finite-difference time-domain (FDTD) and the Transmission Line Modeling (TLM) methods. Both of them are commonly used to investigate the electromagnetic fields in the problem spaces. Here the TLM method is selected for demonstrating the DF technique. This thesis presents the formulation of TLM in three-dimensions in order to investigate the limitations of the DF technique and the solutions. As a result, new techniques have been developed. These techniques can be applied to the three dimensional TLM method in order to represent the fine features in three-dimensions appropriately. The developed techniques were demonstrated using some examples of three-dimensional embedded objects, such as conducting volumes and dielectrics. Their accuracy and efficiency are compared with the standard TLM method in the time and frequency-domain. The results show good agreement between these techniques and the standard TLM method.

005.8

TK7800 Electronics

Information security based on temporal order and ergodic matrix

Zhou, Xiaoyi

January 2012

This thesis proposes some information security systems to aid network temporal security applications with multivariate quadratic polynomial equations, image cryptography and image hiding. In the first chapter, some general terms of temporal logic, multivariate quadratic equations (MQ) problems and image cryptography/hiding are introduced. In particular, explanations of the need for them and research motivations are given, i.e., a formal characterization of time-series, an alternative scheme of MQ systems, a hybrid-key based image encryption and authentication system and a DWT-SVD (Discrete Wavelet Transform and Singular Value Decomposition) based image hiding system. This is followed by a literature review of temporal basis, ergodic matrix, cryptography and information hiding. After these tools are introduced, they are used to show how they can be applied in our research. The main part of this thesis is about using ergodic matrix and temporal logic in cryptography and hiding information. Specifically, it can be described as follows: A formal characterization of time-series has been presented for both complete and incomplete situations, where the time-series are formalized as a triple (ts, R, Dur) which denote the temporal order of time-elements, the temporal relationship between time-elements and the temporal duration of each time-element, respectively. A cryptosystem based on MQ is proposed. The security of many recently proposed cryptosystems is mainly based on the difficulty of solving large MQ systems. Apart from UOV schemes with proper parameter values, the basic types of these schemes can be broken down without great difficulty. Moreover, there are some shortages lying in some of these examined schemes. Therefore, a bisectional multivariate quadratic equation (BMQE) system over a finite field of degree q is proposed. The BMQE system is analysed by Kipnis and Shamir’s relinearization and fixing-variables method. It is shown that if the number of the equations is larger or equal to twice the number of the variables, and qn is large enough, the system is complicated enough to prevent attacks from some existing attacking schemes. A hybrid-key and ergodic-matrix based image encryption/authentication scheme has been proposed in this work. Because the existing traditional cryptosystems, such as RSA, DES, IDEA, SAFER and FEAL, are not ideal for image encryption for their slow speed and not removing the correlations of the adjacent pixels effectively. Another reason is that the chaos-based cryptosystems, which have been extensively used since last two decades, almost rely on symmetric cryptography. The experimental results, statistical analysis and sensitivity-based tests confirm that, compared to the existing chaos-based image cryptosystems, the proposed scheme provides more secure way for image encryption and transmission. However, the visible encrypted image will easily arouse suspicion. Therefore, a hybrid digital watermarking scheme based on DWT-SVD and ergodic matrix is introduced. Compared to other watermarking schemes, the proposed scheme has shown both significant improvement in perceptibility and robustness under various types of image processing attacks, such as JPEG compression, median filtering, average filtering, histogram equalization, rotation, cropping, Gaussian noise, speckle noise, salt-pepper noise. In general, the proposed method is a useful tool for ownership identification and copyright protection. Finally, two applications based on temporal issues were studied. This is because in real life, when two or more parties communicate, they probably send a series of messages, or they want to embed multiple watermarks for themselves. Therefore, we apply a formal characterization of time-series to cryptography (esp. encryption) and steganography (esp. watermarking). Consequently, a scheme for temporal ordered image encryption and a temporal ordered dynamic multiple digital watermarking model is introduced.

005.8

QA76 Computer software

Implementation, management and dissemination of information security : an organisational perspective of financial institution

Alhayani, Abdullah

January 2013

The objective of this thesis is to investigate the significant perceived security threats against information security systems (ISS) for information systems (IS) in Saudi organisations. An empirical survey using a self-administered questionnaire has been carried out to achieve this objective. The survey results revealed that almost half of the responded Saudi organisations have suffered financial losses due to internal and external IS security breaches. The statistical results further revealed that accidental and intentional entry of bad data; accidental destruction of data by employees; employees' sharing of passwords; introduction of computer viruses to IS; suppression and destruction of output; unauthorised document visibility; and directing prints and distributed information to people who are not entitled to receive are the most significant perceived threats to IS in Saudi organisations. Accordingly, it is recommended to strengthen the security controls over the above weakened security areas and to enhance the awareness of IS security issues among Saudi companies to achieve better protection to their IS.

005.8

Stakeholder ; Security policy