Global ETD Search

71	Optimizations of Battery-Based Intrusion Protection Systems Nelson, Theresa Michelle 03 June 2008 (has links) As time progresses, small mobile devices become more prevalent for both personal and industrial use, providing malicious network users with new and exciting venues for security exploits. Standard security applications, such as Norton Antivirus and MacAfee, require computing power, memory space, and operating system complexity that are not present in small mobile devices. Recently, the Battery-Sensing Intrusion Protection System (B-SIPS) was devised as a means to correct the inability of small mobile devices to protect themselves against network attacks. The B-SIPS application uses smart battery data in conjunction with process and network information to determine whether the mobile device is experiencing a battery depletion attack. Additionally, B-SIPS provides mobile device statistics to system administrators such that they can analyze the state of the wireless network more thoroughly. The research presented in this thesis collaborates with and extends the B-SIPS research through optimizations and validation. Areas of focus include ensuring public acceptance of the application through the implementation of a usability study and verifying that the deployment of the application will not jeopardize the performance of external mobile device applications. Additionally, this thesis describes how GUI optimizations are realized for both the B-SIPS client and CIDE server, how future smart battery hardware implementations are introduced for increased effectiveness with the B-SIPS application, and it discusses how an optimum deployment data transmission period is determined. / Master of Science intrusion protection system mobile device network security
72	Crystallization and Emplacement of the Monte Amarelo Dikes: Magma Storage Assessment on Fogo, Cape Verde Islands / Intrusion och kristallisering av vulkaniska gångbergarter i Monte Amarelo-vulkanen: En studie om magmalagringssystem på ön Fogo, Kap Verde Risby, Olle January 2017 (has links) The volcanic island of Fogo belongs to the Cape Verde archipelago, a two-tiered chain of islands situated 500 km west of the African coast. Fogo is regarded as one of the most active volcanoes in the world with 10 eruptions during the last 250 years. The former shield volcano Monte Amarelo reached 3500 m.a.s.l. before it collapsed into the Atlantic Ocean. The massive landslide event occurred between 124 and 86 ka, forming the Bordeira cliffs and the high plateau Cha das Caldeiras on Fogo. We have collected rock samples from the Bordeira dikes, which intruded into the Bordeira wall prior to collapse. The purpose of the project is to produce a magmatic storage model for Fogo using mineral chemistry and thermobarometric methods. Additionally, I aim to determine the processes prevailing in the magmatic system, the link between the volcanic and plutonic system. Previous studies on the magma storage beneath Fogo have focused on the volcanics, which show crystallization pressures between 0.45 to 0.68 GPa using clinopyroxene-melt thermobarometry on rims. The Bordeira dikes are basanitic to nephelinitic in composition. The mineral assemblage of the 20 dike samples consist of phenocrystic clinopyroxene ± olivine ± plagioclase ± xenocrystic amphibole. Accessory minerals are titanomagnetite, apatite, nepheline, plagioclase and alkali feldspar in a microcrystalline groundmass. Clinopyroxene displays a large compositional variation, ranging from Mg#38 to Mg#85, with a mean of Mg#71±10 2s.d. (n=614). Xenocrystic amphibole varies from Mg#37 to Mg#72, with a mean of Mg#62±15 2s.d. (n=78). Interstitial feldspar forms two groups, one of An#24 to An#79, with a mean of An#66±19 2s.d., (n=125) and a second with Or#19 to 100 with a mean of Or#69±42 2s.d.(n=71). Bulk geochemistry of the 20 samples range from 1.82 to 11.5 MgO wt%. Our clinopyroxene-melt thermobarometry show crystallization pressures ranging from 0.02 to 0.85 GPa, with a mean of 0.47±0.29 2s.d. (n=502) (Putirka et al. 2003). Structural data from the intrusive dikes in the Bordeira contain three preferred orientations, N-S, NW-SE and E-W (n=371). The main process occurring in the magmatic system is fractional crystallization, however there is some evidence for phenocryst accumulation and magma recharge. Our magma storage model show that clinopyroxene crystallization initiates in the lithospheric mantle, between 15 to 28 km depth. Significant clinopyroxene rim and microcryst crystallization occur above Moho, between 9 to 12 km, implying that magma storage levels do exist in the oceanic crust. The intrusive and extrusive rocks present on Fogo show common storage levels, suggesting that they are formed in the same system but the difference being their residence time in the crustal level storage. Our structural data and 3D model suggest that the Monte Amarelo rift zone was composed of three components, being oriented NW-SE, N-NE and E-W. The flank collapse was caused by dike intrusions of N-S orientation which enabled a E-W extension of the shield volcano. / Vulkanön Fogo är en del av ögruppen Kap Verde i Atlanten. Ögruppen bildar en två delad arkipelag positionerad 500 km väster om det afrikanska fastlandet. Ön, tillika vulkanen Fogo har på senare tid varit en av de mest aktiva vulkanerna i världen med 10 utbrott under de senaste 250 åren. Ön byggdes upp av sköldvulkanen Monte Amarelo nådde 3500 m ö h innan delar av den kollapsade ned i Atlanten. Det massiva skredet som skedde mellan 86 och 124 tusen år sedan skapade högplatån Cha das Caldeiras samt den omringande klippsektionen Bordeira. Vi har samlat stenprover från de plutoniska bergarter som har trängt in sig i klippsektionen Bordeira. Målet med vår studie är att skapa en modell för hur magma lagringen fungerar under Fogo. Vi ämnar kartlägga magmalagringsdjupet med hjälp av kemiska variation i mineral som kan användas för att kartlägga kristalliseringstryck och temperatur som i t.ex. klinopyroxen. Vi är samtidigt intresserade av att veta vilka processer som sker i det magmatiska systemet och sambandet mellan vulkanska bergarter t.ex. lava och plutoniska bergarter. Tidigare studier av Fogos magmalagring har använt vulkaniska bergarter, som kristalliserar sig mellan 0.45 till 0.68 GPa när man undersökt kemin på kristallkanter av klinopyroxen. 20 prover har analyserats från Bordeiraklipporna och de innehåller låga kiselhalter, mellan 37 till 47% samt höga mängder alkaliska oxider så som kalium och natrium. Provernas mineralinnehåll består främst av större kristaller av silikatmineralen klinopyroxen ± olivin± fältspat ± främmande amfibolkristaller. De större kristallerna är omringande av en mikrokristallin grundmassa bestående av järn-titanoxider, apatit och fältspatoider. Klinopyroxen har en relativt stor kemisk variation, med Mg#37 till Mg#85, med ett medelvärde på Mg#71. Vi har även två olika sorter av fältspat, en grupp med ett kalciumrik rikt innehåll klassificeras som anortit, och en annan med ett kaliumrikt innehåll, som ortoklas. Vår analys av klinopyroxen-smälta har gett oss kristalliseringstryck som sträcker sig mellan 0.02 till 0.85 GPa med ett medelvärde på 0.47 GPa. Detta innebär att den dominerande processen i magmalagringssystemet är fraktionerad kristallisering då vi kan se ett linjärt avtagande för många ämnen när de jämförs mot magnesiumhalten. Vår magmalagringsmodell för vulkanen Fogo visar att klinopyroxenkrystallisering påbörjas i den litosfäriska manteln, mellan 15 och 28 km djup. Kristallisering av kanter på klinopyroxenkristaller samt mindre kristaller i grundmassan sker ytligare och visar på att det finns en eller flera magmalagringsnivåer i den oceaniska jordskorpan, mellan 9 till 12 km djup. Vulkaniska och plutoniska bergarter vittnar om ett delat magmasystem, vilket indikerar att skillnaden mellan de två bergarterna främst är tiden de befinner sig på respektive lagringsnivå. Vår strukturgeologiska data samt 3D modell visar att den intrusiva aktiviteten var primärt orienterad NV-SO, N-NO och O-Vriktning. Monte Amarelo-vulkanens skred och kollaps orsakades av intruderande gångar med en generell N-S orientering vilket ledde till ett skred på östsidan. Fogo magma storage model thermobarometry clinopyroxene intrusion & landslide. Fogo magmalagringsdjup termobarometri klinopyroxen intrusion skred
73	Evaluating Machine Learning Intrusion Detection System classifiers : Using a transparent experiment approach Augustsson, Christian, Egeberg Jacobson, Pontus, Scherqvist, Erik January 2019 (has links) There have been many studies performing experiments that showcase the potential of machine learning solutions for intrusion detection, but their experimental approaches are non-transparent and vague, making it difficult to replicate their trained methods and results. In this thesis we exemplify a healthier experimental methodology. A survey was performed to investigate evaluation metrics. Three experiments implementing and benchmarking machine learning classifiers, using different optimization techniques, were performed to set up a frame of reference for future work, as well as signify the importance of using descriptive metrics and disclosing implementation. We found a set of metrics that more accurately describes the models, and we found guidelines that we would like future researchers to fulfill in order to make their work more comprehensible. For future work we would like to see more discussion regarding metrics, and a new dataset that is more generalizable. Network Intrusion Detection System Intrusion Detection System Machine Learning Guidelines Transparency Computer Sciences Datavetenskap (datalogi)
74	On Optimizing Traffic Distribution for Clusters of Network Intrusion Detection and Prevention Systems Le, Anh January 2008 (has links) To address the overload conditions caused by the increasing network traffic volume, recent literature in the network intrusion detection and prevention field has proposed the use of clusters of network intrusion detection and prevention systems (NIDPSs). We observe that simple traffic distribution schemes are usually used for NIDPS clusters. These schemes have two major drawbacks: (1) the loss of correlation information caused by the traffic distribution because correlated flows are not sent to the same NIDPS and (2) the unbalanced loads of the NIDPSs. The first drawback severely affects the ability to detect intrusions that require analysis of correlated flows. The second drawback greatly increases the chance of overloading an NIDPS even when loads of the others are low. In this thesis, we address these two drawbacks. In particular, we propose two novel traffic distribution systems: the Correlation-Based Load Balancer and the Correlation-Based Load Manager as two different solutions to the NIDPS traffic distribution problem. On the one hand, the Load Balancer and the Load Manager both consider the current loads of the NIDPSs while distributing traffic to provide fine-grained load balancing and dynamic load distribution, respectively. On the other hand, both systems take into account traffic correlation in their distributions, thereby significantly reducing the loss of correlation information during their distribution of traffic. We have implemented prototypes of both systems and evaluated them using extensive simulations and real traffic traces. Overall, the evaluation results show that both systems have low overhead in terms of the delays introduced to the packets. More importantly, compared to the naive hash-based distribution, the Load Balancer significantly improves the anomaly-based detection accuracy of DDoS attacks and port scans -- the two major attacks that require the analysis of correlated flows -- meanwhile, the Load Manager successfully maintains the anomaly-based detection accuracy of these two major attacks of the NIDPSs. Load Balancing Load Management Intrusion Detection System Intrusion Prevention System Computer Science
75	On Optimizing Traffic Distribution for Clusters of Network Intrusion Detection and Prevention Systems Le, Anh January 2008 (has links) To address the overload conditions caused by the increasing network traffic volume, recent literature in the network intrusion detection and prevention field has proposed the use of clusters of network intrusion detection and prevention systems (NIDPSs). We observe that simple traffic distribution schemes are usually used for NIDPS clusters. These schemes have two major drawbacks: (1) the loss of correlation information caused by the traffic distribution because correlated flows are not sent to the same NIDPS and (2) the unbalanced loads of the NIDPSs. The first drawback severely affects the ability to detect intrusions that require analysis of correlated flows. The second drawback greatly increases the chance of overloading an NIDPS even when loads of the others are low. In this thesis, we address these two drawbacks. In particular, we propose two novel traffic distribution systems: the Correlation-Based Load Balancer and the Correlation-Based Load Manager as two different solutions to the NIDPS traffic distribution problem. On the one hand, the Load Balancer and the Load Manager both consider the current loads of the NIDPSs while distributing traffic to provide fine-grained load balancing and dynamic load distribution, respectively. On the other hand, both systems take into account traffic correlation in their distributions, thereby significantly reducing the loss of correlation information during their distribution of traffic. We have implemented prototypes of both systems and evaluated them using extensive simulations and real traffic traces. Overall, the evaluation results show that both systems have low overhead in terms of the delays introduced to the packets. More importantly, compared to the naive hash-based distribution, the Load Balancer significantly improves the anomaly-based detection accuracy of DDoS attacks and port scans -- the two major attacks that require the analysis of correlated flows -- meanwhile, the Load Manager successfully maintains the anomaly-based detection accuracy of these two major attacks of the NIDPSs. Load Balancing Load Management Intrusion Detection System Intrusion Prevention System Computer Science
76	Building Secure Systems using Mobile Agents Shibli, Muhammad Awais January 2006 (has links) <p>The progress in the field of computer networks and Internet is increasing with tremendous volume in recent years. This raises important issue with regards to security. Several solutions emerged in the past which provide security at host or network level. These traditional solutions like antivirus, firewall, spy-ware, and authentication mechanisms provide security to some extends, but they still face the challenge of inherent system flaws, OS bugs and social engineering attacks. Recently, some interesting solution emerged like Intrusion Detection and Prevention systems, but these too have some problems, like detecting and responding in real time, because they mostly require inputs from system administrator. Optimistically, we have succeeded in protecting the hosts to some extent by applying the reactive approach, such as antivirus, firewall and intrusion detection and response systems, But, if we critically analyze this approach, we will reach the conclusion that it has inherent flaws, since the number of penetrations, Internet crime cases, identity and financial data thefts, etc. are rising exponentially in recent years. The main reason is that we are using only reactive approach, i.e. protection system is activated only when some security breach occurs. Secondly, current techniques try to fix the overall huge problem of security using only small remedies (firewall, antivirus and intrusion detection and preventions system) – “point solutions”. Therefore, there is a need to develop a strategy using Mobile Agents in order to operate in reactive and proactive manners, what requires providing security on the principle of defense in depth. So, that ultimate goal of securing a system as a whole can be achieved. System is assumed to be secure if unauthorized access (penetrations) is not possible and system is safe against damages. This strategy will include three aspects: (a) autonomously detect vulnerabilities on different hosts (in a distributed network) before an attacker can exploit (b) protect hosts by detecting attempts of intrusions and responding to them in real time; and finally (c) perform tasks related to security management.</p> Mobile Agents Intrusion Detection Intrusion Response Security Management Information technology Informationsteknik
77	Intrusion Detection and Prevention in IP Based Mobile Networks Tevemark, Jonas January 2008 (has links) <p>Ericsson’s Packet Radio Access Network (PRAN) is a network solution for packet transport in mobile networks, which utilizes the Internet Protocol (IP). The IP protocol offers benefits in responsiveness and performance adaptation to data bursts when compared to Asynchronous Transfer Mode (ATM), which is still often used. There are many manufacturers / operators providing IP services, which reduce costs. The IP’s use on the Internet brings greater end-user knowledge, wider user community and more programs designed for use in IP environments. Because of this, the spectrum of possible attacks against PRAN broadens. This thesis provides information on what protection an Intrusion Prevention System (IPS) can add to the current PRAN solution.</p><p>A risk analysis is performed to identify assets in and threats against PRAN, and to discover attacks that can be mitigated by the use of an IPS. Information regarding placement of an IPS in the PRAN network is given and tests of a candidate system are performed. IPS features in hardware currently used by Ericsson as well as missing features are pinpointed . Finally, requirements for an IPS intended for use in PRAN are concluded.</p> Computer security Computer networks Network attacks Intrusion detection Intrusion prevention Information technology Informationsteknologi
78	Detecting and characterising malicious executable payloads Andersson, Stig January 2009 (has links) Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.
79	Intrusion Detection and Prevention in IP Based Mobile Networks Tevemark, Jonas January 2008 (has links) Ericsson’s Packet Radio Access Network (PRAN) is a network solution for packet transport in mobile networks, which utilizes the Internet Protocol (IP). The IP protocol offers benefits in responsiveness and performance adaptation to data bursts when compared to Asynchronous Transfer Mode (ATM), which is still often used. There are many manufacturers / operators providing IP services, which reduce costs. The IP’s use on the Internet brings greater end-user knowledge, wider user community and more programs designed for use in IP environments. Because of this, the spectrum of possible attacks against PRAN broadens. This thesis provides information on what protection an Intrusion Prevention System (IPS) can add to the current PRAN solution. A risk analysis is performed to identify assets in and threats against PRAN, and to discover attacks that can be mitigated by the use of an IPS. Information regarding placement of an IPS in the PRAN network is given and tests of a candidate system are performed. IPS features in hardware currently used by Ericsson as well as missing features are pinpointed . Finally, requirements for an IPS intended for use in PRAN are concluded. Computer security Computer networks Network attacks Intrusion detection Intrusion prevention Information Systems
80	Network Intrusion and Detection : An evaluation of SNORT Fleming, Theodor, Wilander, Hjalmar January 2018 (has links) Network security has become a vital part for computer networks to ensure that they operate as expected. With many of today's services relying on networks it is of great importance that the usage of networks are not being compromised. One way to increase the security of a computer network is to implement a Network Intrusion Detection System (NIDS). This system monitors the traffic sent to, from and within the network. This study investigates how a NIDS called SNORT with different configurations handles common network attacks. The knowledge of how SNORT managed the attacks is used to evaluate and indicate the vulnerability of different SNORT configurations. Different approaches on both how to bypass SNORT and how to detect attacks are described both theoretically, and practically with experiments. This study concludes that a carefully prepared configuration is the factor for SNORT to perform well in network intrusion detection. network intrusion detection system intrusion detection system snort snort evaluation Computer and Information Sciences Data- och informationsvetenskap

Search results