Global ETD Search

141	Development and Validation of a Proof-of-Concept Prototype for Analytics-based Malicious Cybersecurity Insider Threat in a Real-Time Identification System Hueca, Angel L. 01 January 2018 (has links) Insider threat has continued to be one of the most difficult cybersecurity threat vectors detectable by contemporary technologies. Most organizations apply standard technology-based practices to detect unusual network activity. While there have been significant advances in intrusion detection systems (IDS) as well as security incident and event management solutions (SIEM), these technologies fail to take into consideration the human aspects of personality and emotion in computer use and network activity, since insider threats are human-initiated. External influencers impact how an end-user interacts with both colleagues and organizational resources. Taking into consideration external influencers, such as personality, changes in organizational polices and structure, along with unusual technical activity analysis, would be an improvement over contemporary detection tools used for identifying at-risk employees. This would allow upper management or other organizational units to intervene before a malicious cybersecurity insider threat event occurs, or mitigate it quickly, once initiated. The main goal of this research study was to design, develop, and validate a proof-of-concept prototype for a malicious cybersecurity insider threat alerting system that will assist in the rapid detection and prediction of human-centric precursors to malicious cybersecurity insider threat activity. Disgruntled employees or end-users wishing to cause harm to the organization may do so by abusing the trust given to them in their access to available network and organizational resources. Reports on malicious insider threat actions indicated that insider threat attacks make up roughly 23% of all cybercrime incidents, resulting in $2.9 trillion in employee fraud losses globally. The damage and negative impact that insider threats cause was reported to be higher than that of outsider or other types of cybercrime incidents. Consequently, this study utilized weighted indicators to measure and correlate simulated user activity to possible precursors to malicious cybersecurity insider threat attacks. This study consisted of a mixed method approach utilizing an expert panel, developmental research, and quantitative data analysis using the developed tool on simulated data set. To assure validity and reliability of the indicators, a panel of subject matter experts (SMEs) reviewed the indicators and indicator categorizations that were collected from prior literature following the Delphi technique. The SMEs’ responses were incorporated into the development of a proof-of-concept prototype. Once the proof-of-concept prototype was completed and fully tested, an empirical simulation research study was conducted utilizing simulated user activity within a 16-month time frame. The results of the empirical simulation study were analyzed and presented. Recommendations resulting from the study also be provided. cybersecurity indicator analysis insider threat intrusion detection Computer Sciences
142	A Novel Cooperative Intrusion Detection System for Mobile Ad Hoc Networks Solomon, Adam 01 January 2018 (has links) Mobile ad hoc networks (MANETs) have experienced rapid growth in their use for various military, medical, and commercial scenarios. This is due to their dynamic nature that enables the deployment of such networks, in any target environment, without the need for a pre-existing infrastructure. On the other hand, the unique characteristics of MANETs, such as the lack of central networking points, limited wireless range, and constrained resources, have made the quest for securing such networks a challenging task. A large number of studies have focused on intrusion detection systems (IDSs) as a solid line of defense against various attacks targeting the vulnerable nature of MANETs. Since cooperation between nodes is mandatory to detect complex attacks in real time, various solutions have been proposed to provide cooperative IDSs (CIDSs) in efforts to improve detection efficiency. However, all of these solutions suffer from high rates of false alarms, and they violate the constrained-bandwidth nature of MANETs. To overcome these two problems, this research presented a novel CIDS utilizing the concept of social communities and the Dempster-Shafer theory (DST) of evidence. The concept of social communities was intended to establish reliable cooperative detection reporting while consuming minimal bandwidth. On the other hand, DST targeted decreasing false accusations through honoring partial/lack of evidence obtained solely from reliable sources. Experimental evaluation of the proposed CIDS resulted in consistently high detection rates, low false alarms rates, and low bandwidth consumption. The results of this research demonstrated the viability of applying the social communities concept combined with DST in achieving high detection accuracy and minimized bandwidth consumption throughout the detection process. cooperative Cybersecurity intrusion detection MANET networking Computer Sciences
143	Do You Have A Minute…? How Emotions Shape the Experience and Outcomes of Daily Work Intrusions Puranik, Harshad 11 June 2019 (has links) No description available. Management Work interruption Work intrusion Emotion Annoyance Happiness Interruption
144	A New SCADA Dataset for Intrusion Detection System Research Turnipseed, Ian P 14 August 2015 (has links) Supervisory Control and Data Acquisition (SCADA) systems monitor and control industrial control systems in many industrials and economic sectors which are considered critical infrastructure. In the past, most SCADA systems were isolated from all other networks, but recently connections to corporate enterprise networks and the Internet have increased. Security concerns have risen from this new found connectivity. This thesis makes one primary contribution to researchers and industry. Two datasets have been introduced to support intrusion detection system research for SCADA systems. The datasets include network traffic captured on a gas pipeline SCADA system in Mississippi State University’s SCADA lab. IDS researchers lack a common framework to train and test proposed algorithms. This leads to an inability to properly compare IDS presented in literature and limits research progress. The datasets created for this thesis are available to be used to aid researchers in assessing the performance of SCADA IDS systems. cyber attacks machine learning IDS intrusion detection dataset SCADA
145	Cyberthreats, Attacks and Intrusion Detection in Supervisory Control and Data Acquisition Networks Gao, Wei 14 December 2013 (has links) Supervisory Control and Data Acquisition (SCADA) systems are computer-based process control systems that interconnect and monitor remote physical processes. There have been many real world documented incidents and cyber-attacks affecting SCADA systems, which clearly illustrate critical infrastructure vulnerabilities. These reported incidents demonstrate that cyber-attacks against SCADA systems might produce a variety of financial damage and harmful events to humans and their environment. This dissertation documents four contributions towards increased security for SCADA systems. First, a set of cyber-attacks was developed. Second, each attack was executed against two fully functional SCADA systems in a laboratory environment; a gas pipeline and a water storage tank. Third, signature based intrusion detection system rules were developed and tested which can be used to generate alerts when the aforementioned attacks are executed against a SCADA system. Fourth, a set of features was developed for a decision tree based anomaly based intrusion detection system. The features were tested using the datasets developed for this work. This dissertation documents cyber-attacks on both serial based and Ethernet based SCADA networks. Four categories of attacks against SCADA systems are discussed: reconnaissance, malicious response injection, malicious command injection and denial of service. In order to evaluate performance of data mining and machine learning algorithms for intrusion detection systems in SCADA systems, a network dataset to be used for benchmarking intrusion detection systemswas generated. This network dataset includes different classes of attacks that simulate different attack scenarios on process control systems. This dissertation describes four SCADA network intrusion detection datasets; a full and abbreviated dataset for both the gas pipeline and water storage tank systems. Each feature in the dataset is captured from network flow records. This dataset groups two different categories of features that can be used as input to an intrusion detection system. First, network traffic features describe the communication patterns in a SCADA system. This research developed both signature based IDS and anomaly based IDS for the gas pipeline and water storage tank serial based SCADA systems. The performance of both types of IDS were evaluates by measuring detection rate and the prevalence of false positives. Network Security Dataset Vulnerability SCADA : Intrusion detection system
146	Data Fusion Process Refinement in intrusion Detection Alert Correlation Systems Sheets, David January 2008 (has links) No description available. Computer Science Intrusion Detection Alert Correlation Data Fusion
147	Intrusion Detection in the Internet of Things : From Sniffing to a Border Router’s Point of View Bull, Victoria January 2023 (has links) The Internet of Things is expanding, and with the increasing numbers of connected devices,exploitation of those devices also becomes more common. Since IoT devices and IoT networksare used in many crucial areas in modern societies, ranging from everything between securityand militrary applications to healthcare monitoring and production efficiency, the need to securethese devices is of great importance for researchers and businesses. This project explores howan intrusion detection system called DETONAR can be used on border router logs, instead of itsoriginal use of sniffer devices. Using DETONAR in this way allows us to detect many differentattacks, without contributing to the additional cost of deploying sniffer devices and the additionalrisk of the sniffer devices themselves becoming the target of attack Internet of Things IoT intrusion detection routing attacks Computer Engineering Datorteknik
148	Intrusion Detection In Wireless Sensor Networks Nguyen, Hong Nhung 01 January 2006 (has links) There are several applications that use sensor motes and researchers continue to explore additional applications. For this particular application of detecting the movement of humans through the sensor field, a set of Berkley mica2 motes on TinyOS operating system is used. Different sensors such as pressure, light, and so on can be used to identify the presence of an intruder in the field. In our case, the light sensor is chosen for the detection. When an intruder crosses the monitored environment, the system detects the changes of the light values, and any significant change meaning that a change greater than a pre-defined threshold. This indicates the presence of an intruder. An integrated web cam is used to take snapshot of the intruder and transmit the picture through the network to a remote station. The basic motivation of this thesis is that a sensor web system can be used to monitor and detect any intruder in a specific area from a remote location. Intrusion Detection Wireless Network Sensor Computer Engineering Engineering
149	Multi-dimensional resilience of water distribution system for water quality sensor placement Acharya, Albira 01 December 2022 (has links) Water distribution system (WDS) is very critical to human health and societal welfare. Maintaining the quality of the water so that potable water gets distributed to consumers has always been a challenge in the water industry. Deterioration of water quality can happen either accidentally or deliberately and the widespread geography of the water system makes it even more vulnerable to contamination. In this respect, researchers and utilities have some response action to flush out the contaminants when they are detected. But not all networks have reliable sensors to detect the contamination and lack of guidelines for sensor deployment has made the situation even more serious. Given this context, framework for decision-making in the case of WDN against contamination is a much-needed approach. Understanding the capability of the water system to handle the contamination event could provide ample insight on how to better protect the system and how to handle if the contamination does enter the system. In this regard, this study explores the concept of resilience to define the system performance when a disruption occurs, which in this case is the intrusion of contaminants. Resilience of a system can be viewed from different perspectives, each highlighting different aspect of the system. With this insight, the objective of this research is to characterize the resilience of the water system against contamination for multiple aspects of performance or functionalities and use that concept to further elucidate the decision-making process. Hydraulic and quality simulation to emulate the contamination intrusion in WDN is performed by using EPANET-MATLAB Toolkit which has the needed package for both EPANET and EPANET-MSX. EPANET-MSX is widely used for simulating multiple intrusions in the system. The result from the MATLAB simulation gives the quality at each node which is then used to draw the performance time-series curve. Resilience is then computed for each of the performance metrics using the area under the curve method. This study makes a comparison study for multi-dimensional resilience and describes in detail the need of considering the attributes of resilience which are resistance, loss rate, recovery rate, failure duration, and recovery ability. To perceive the concept of resilience with respect to the failure scenarios, a sensitivity analysis was performed for four failure contexts namely, intrusion time, intrusion duration, intruded contaminated mass, and the number of intrusion nodes. Furthermore, a system measure is defined to aggregate different individual resilience to overcome the challenge of multi-objective decision-making. Application of both integrated and multi-dimensional resilience was conducted for optimal sensor placement in the network to maximize the resilience of the whole system. The goal of this thesis is to introduce the multi-dimensional resilience concept as a tool for decision-making based on multiple aspects of system performance by characterizing the WDS resilience and water quality sensor optimization based on different aspects of system functionality under contaminant intrusion events. Contamination intrusion Multi-dimensional resilience Resilience Sensor Placement
150	Machine Learning-Based Decision Support to Secure Internet of Things Sensing Chen, Zhiyan 07 December 2023 (has links) Internet of Things (IoT) has weaknesses due to the vulnerabilities in the wireless medium and massively interconnected nodes that form an extensive attack surface for adversaries. It is essential to ensure security including IoT networks and applications. The thesis focus on three streams in IoT scenario, including fake task attack detection in Mobile Crowdsensing (MCS), blockchain technique-integrated system security and privacy protection in MCS, and network intrusion detection in IoT. In this thesis, to begin, in order to detect fake tasks in MCS with promising performance, a detailed analysis is provided by modeling a deep belief network (DBN) when the available sensory data is scarce for analysis. With oversampling to cope with the class imbalance challenge, a Principal Component Analysis (PCA) module is implemented prior to the DBN and weights of various features of sensing tasks are analyzed under varying inputs. Additionally, an ensemble learning-based solution is proposed for MCS platforms to mitigate illegitimate tasks. Meanwhile, a k-means-based classification is integrated with the proposed ensemble method to extract region-specific features as input to the machine learning-based fake task detection. A novel approach that is based on horizontal Federated Learning (FL) is proposed to identify fake tasks that contain a number of independent detection devices and an aggregation entity. Moreover, the submitted tasks are collected and managed conventionally by a centralized MCS platform. A centralized MCS platform is not safe enough to protect and prevent tampering sensing tasks since it confronts the single point of failure which reduces the effectiveness and robustness of MCS system. In order to address the centralized issue and identify fake tasks, a blockchain-based decentralized MCS is designed. Integration of blockchain into MCS enables a decentralized framework. The distributed nature of a blockchain chain prevents sensing tasks from being tampered. The blockchain network uses a Practical Byzantine Fault Tolerance (PBFT) consensus that can tolerate 1/3 faulty nodes, making the implemented MCS system robust and sturdy. Lastly, Machine Learning (ML)-based frameworks are widely investigated to identity attacks in IoT networks, namely Network Intrusion Detection System (NIDS). ML models perform divergent detection performance in each class, so it is challenging to select one ML model applicable to all classes prediction. With this in mind, an innovative ensemble learning framework is proposed, two ensemble learning approaches, including All Predict Wisest Decides (APWD) and Predictor Of the Lowest Cost (POLC), are proposed based on the training of numerous ML models. According to the individual model outcomes, a wise model performing the best detection performance (e.g., F1 score) or contributing the lowest cost is determined. Moreover, an innovated ML-based framework is introduced, combining NIDS and host-based intrusion detection system (HIDS). The presented framework eliminates NIDS restrictions via observing the entire traffic information in host resources (e.g., logs, files, folders). Machine learning Network security Internet of things Intrusion detection

Search results