Detecting DoS Attack in Smart Home IoT Devices Using a Graph-Based Approach

Paudel, Ramesh, Muncy, Timothy, Eberle, William

01 December 2019

The use of the Internet of Things (IoT) devices has surged in recent years. However, due to the lack of substantial security, IoT devices are vulnerable to cyber-attacks like Denial-of-Service (DoS) attacks. Most of the current security solutions are either computationally expensive or unscalable as they require known attack signatures or full packet inspection. In this paper, we introduce a novel Graph-based Outlier Detection in Internet of Things (GODIT) approach that (i) represents smart home IoT traffic as a real-time graph stream, (ii) efficiently processes graph data, and (iii) detects DoS attack in real-time. The experimental results on real-world data collected from IoT-equipped smart home show that GODIT is more effective than the traditional machine learning approaches, and is able to outperform current graph-stream anomaly detection approaches.

anomaly detection

DoS attack detection

graph mining

IoT Security

smart home

Hacka dig själv och upptäck attacker

Fransén, Johan, Sorlija, Adnan

January 2019

Denna uppsats bygger på idén om att hacka det egna systemet före en utomstående hackare gör det för att upptäcka systemets läckor. Detta görs med ett automatiserat hackingverktyg som utför penetrationstester mot en utvecklad hemsida. Lagringstekniken som används är en eventdatabas med namnet Event Store som lagrar varje händelse som skedde mot hemsidan. Syftet med Event Store är att upptäcka de olika penetrationstesterna och lagra dess händelser för att sedan ge indikationer till administratören att hemsidan var under attack. Uppsatsen riktar sig främst på ifall Event Store är lämpligt att implementera tillsammans med en hemsida som blir attackerad med penetrationstester och vilka för- och nackdelar det finns med att använda Event Store. Resultatet visar att Event Store kan användas för att identifiera anomalier mot en hemsida vid hackingattacker. Med stor sannolikhet kan intrång mot hemsidan bevisas med hjälp utav det utvecklade systemet med Event Store. / This thesis is based on the idea of hacking your own system before an outside hacker does it to find the system vulnerabilities. This is done with an automated hacking tool that performs penetration tests against the created website. The database technology that is used is the event database Event Store that stores every event that take place against the website. The task of Event Store in this case is to discover the different penetration tests and to store the events and to give indications to the administrator that the website was under attack. The study is primarily aimed at finding out whether Event Store is advisable to implement with a website where different penetration testing shall be made, and what the advantages and disadvantages are to using Event Store. Results show that Event Store can be used to identify anomalies against a website during attacks. Intrusions against the website can with great probability be proven with the help of the developed system with Event Store.

Hacking

Event Store

Event database

OWASP Zed Attack Proxy

ZAP

Engineering and Technology

Teknik och teknologier

Influence of C₃S Content of Cement on Concrete Sulfate Durability

Shanahan, Natalya G

15 December 2003

The influence of tricalcium silicate content of cement on concrete durability has long been a topic of discussion in the literature. The objective of this investigation was to determine whether increasing tricalcium silicate content of cement has a negative effect on concrete sulfate durability. Several mill certificates were reviewed to select cements with similar tricalcium aluminate content and variable tricalcium silicate contents. Cements selected for this study were randomly labeled as cements C, D, D2, E, and P. The following properties were assessed for the as-received cements: Blaine fineness, particle size distribution, chemical oxide content, and mineralogical content. Three different methods were employed to determine the mineralogical composition of the as-received cements: Bogue calculation, internal standard method, and Rietveld refinement analysis. Despite the attempt to select cements with similar composition, it was determined that the as-received cements had compositional differences other than their C3S content. These cements had a variable tricalcium aluminate and alkali content, as well as differences in the amount and form of calcium sulfates. In order to eliminate these variances, doped cements were prepared by increasing the C3S content of the as received cements to 69 % by Bogue calculation. Durability of as-received cements and doped cements was assessed through several measurements including length change, compressive strength, and phase transformation in sodium sulfate solution. For as-received cements, compressive strength of mortar cubes stored in saturated lime solution was evaluated as well. Semiquantitative x-ray diffraction analysis and scanning electron microscopy observations were performed on mortar bars to evaluate the relative amounts and morphology of the hydrated phases. It was concluded at the end of this study that cements with high tricalcium silicate content generally have poor durability in sodium sulfate environment. All the cements experienced higher expansion with increased C3S content. High C3S content combinedwith high C3A content was particularly detrimental to mortar resistance to sodium sulfate attack.

alite

cement composition

sulfate attack

expansion

compressive strength

American Studies

Arts and Humanities

Patterns Within Nine Preattack Phases That Emerged in Israel Suicide Bombing Cases

Richman, Aaron

01 January 2018

From 2000 to 2013, Israel had the second highest number of deaths from suicide attacks and was on the list of countries that may experience increases in terrorism due to ongoing conflicts. Suicide bombings present highly complex situations for counterterrorism and counterinsurgency professionals. Using Freeman, Tucker, and Merton's framework of 9 preattack phases as the primary theoretical constuct, the purpose of this multiple case study was to explore specific patterns that consistently emerged in the adversary planning process for 6 successful or failed suicide bombing cases in Israel. Secondary, archival data were acquired through a data use agreement with a private security organization in Israel and a maximum variation sampling procedure was used to identify cases. These data were subjected to Straus and Corbin's open and axial coding procedures. Coded data were analyzed using Merriam's cross case analysis procedure. Findings indicated that although the nine preattack phases emerged in both the successful and unsuccessful attacks, they were more consistently present in the successful bombing cases. For the successful attacks, general planning, financing, and operational preparation received the most occurrences. The implications for positive social change are directed at counterterrorist decision makers and operators as focusing on the early planning phases of a terrorist attack will help them to better identify essential opportunities to prevent suicide attacks from occurring.

counterterrorism

emergency planning

homeland security

risk management

suicide attack

terrorism

Public Policy

Expert Perspectives on How the Islamic State Potentially Shaped the Future of Islamic Transnational Terrorism: An Exploratory Study

Culp, Richard Bryant

01 January 2019

Since the Islamic State of Iraq and al-Sham (ISIS) declared its caliphate in June 2014, there has been an unprecedented amount of terrorist attacks conducted in the West by individuals either inspired by jihadist ideology or linked to ISIS. As evidenced by the number of ISIS-related attacks throughout Europe and North America, the West faces an ongoing and persistent transnational threat from Islamic terrorism. There is an extensive amount of literature on terrorism and ISIS. However, there is a gap in literature on the potential impact of ISIS on the future of Islamic terrorism. This qualitative case study explored how ISIS potentially shaped the future of Islamic transnational terrorism. Stepanova'€™s asymmetric conflict theory served as the framework for this study. Interviews and one open-ended questionnaire on Islamic transnational terrorism were collected from 15 individuals within the defense enterprise, academia, and individuals working in private defense organizations, using purposive sampling. Analysis occurred by using Braum and Clarke'€™s six phases of coding. The results of this study indicated ISIS has shaped the future of transnational terrorism by demonstrating likeminded extremists no longer have to travel to conflict zones in order to plan or receive guidance on attack targets while using simple attack methods and weapons. Additionally, ISIS empowered and encouraged its members to interact with potential recruits or supporters through social media and open forums, which may possibly be emulated in the future by likeminded groups. The results contribute to positive social change by providing decision makers information on the future of Islamic transnational terrorism, thus allowing for appropriate countermeasures that mitigate terror activities.

ISIS

Islamic State

lone actor

terrorism

terrorist attack

transnational terrorism

Public Administration

Toward Reliable, Secure, and Energy-Efficient Multi-Core System Design

Basu, Prabal

01 August 2019

Computer hardware researchers have perennially focussed on improving the performance of computers while stipulating the energy consumption under a strict budget. While several innovations over the years have led to high performance and energy efficient computers, more challenges have also emerged as a fallout. For example, smaller transistor devices in modern multi-core systems are afflicted with several reliability and security concerns, which were inconceivable even a decade ago. Tackling these bottlenecks happens to negatively impact the power and performance of the computers. This dissertation explores novel techniques to gracefully solve some of the pressing challenges of the modern computer design. Specifically, the proposed techniques improve the reliability of on-chip communication fabric under a high power supply noise, increase the energy-efficiency of low-power graphics processing units, and demonstrate an unprecedented security loophole of the low-power computing paradigm through rigorous hardware-based experiments.

Network-on-Chip

Power Supply Noise

Near-Threshold Computing

Graphics Processing Unit

Fault Attack

Electrical and Computer Engineering

An Empirical Assessment of Senior Citizens’ Cybersecurity Awareness, Computer Self-Efficacy, Perceived Risk of Identity Theft, Attitude, and Motivation to Acquire Cybersecurity Skills

Blackwood-Brown, Carlene G.

01 January 2018

Cyber-attacks on Internet users have caused billions of dollars in losses annually. Cybercriminals launch attacks via threat vectors such as unsecured wireless networks and phishing attacks on Internet users who are usually not aware of such attacks. Senior citizens are one of the most vulnerable groups who are prone to cyber-attacks, and this is largely due to their limited cybersecurity awareness and skills. Within the last decade, there has been a significant increase in Internet usage among senior citizens. It was documented that senior citizens had the greatest rate of increase in Internet usage over all the other age groups during the past decade. However, whenever senior citizens use the Internet, they are being targeted and exploited particularly for financial crimes, with estimation that one in five becoming a victim of financial fraud, costing more than $2.6 billion per year. Increasing the cybersecurity awareness and skills levels of Internet users have been recommended to mitigate the effects of cyber-attacks. However, it is unclear what motivates Internet users, particularly senior citizens, to acquire cybersecurity skills so that they can identify as well as mitigate the effects of the cyber-attacks. It is also not known how effective cybersecurity awareness training are on the cybersecurity skill level of senior citizens. Therefore, the main goal of this quantitative study was to empirically investigate the factors that contributed to senior citizens’ motivation to acquire cybersecurity skills so that they would be able to identify and mitigate cyber-attacks, as well as assess their actual cybersecurity skills level. This was done by assessing a model of contributing factors identified in prior literature (senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, & older adults’ computer technology attitude) on the motivation of senior citizens to acquire cybersecurity skills. This study utilized a Web-based survey to measure the contributing factors and a hands-on scenarios-based iPad app called MyCyberSkills™ that was developed and empirically validated in prior research to measure the cybersecurity skills level of the senior citizens. All study measures were done before and after cybersecurity awareness training (pre- & post-test) to uncover if there were any differences on the assessed models and scores due to such treatment. The study included a sample of 254 senior citizens with a mean age of about 70 years. Path analyses using Smart PLS 3.0 were done to assess the pre- and post-test models to determine the contributions of each contributing factor to senior citizens’ motivation to acquire cybersecurity skills. Additionally, analysis of variance (ANOVA) and analysis of covariance (ANCOVA) using SPSS were done to determine significant mean difference between the pre-and post-test levels of the senior citizens’ cybersecurity skill level. The path analysis results indicate that while all paths on both models were significant, many of the paths had very low path coefficients, which in turn, indicated weak relationships among the assessed paths. However, although the path coefficients were lower than expected, the findings suggest that both intrinsic and extrinsic motivation, along with antecedents such as senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, and older adults’ computer technology attitude significantly impact the cybersecurity skill levels of senior citizens. The analysis of variance results indicated that there was a significant increase in the mean cybersecurity skills scores from 59.67% to 64.51% (N=254) as a result of the cybersecurity awareness training. Hence, the cybersecurity awareness training was effective in increasing the cybersecurity skill level of the senior citizens, and empowered them with small but significant improvement in the requisite skills to take mitigating actions against cyberattacks. The analysis of covariance results indicated that, except for years using computers, all the other demographic indicators were not significant. Contributions from this study add to the body of knowledge by providing empirical results on the factors that motivate senior citizens to acquire cybersecurity skills, and thus, may help in reducing some of the billions of dollars in losses accrued to them because of cyber-attacks. Senior citizens will also benefit in that they will be better able to identify and mitigate the effects of cyber-attacks should they attend cybersecurity awareness trainings. Additionally, the recommendations from this study can be useful to law enforcement and other agencies that work with senior citizens in reducing the number of cases relating to cybersecurity issues amongst senior citizens, and thus, free up resources to fight other sources of cybercrime for law enforcement agencies.

Gerontology Cyber-attack

Cybersecurity Awareness

Cybersecurity Skill

Identity Theft

Motivation

Senior Citizen

Computer Sciences

"Det är inte vi som är måltavla" : En studie av hur IT-attacken som drabbade Coop framställs i den svenska debatten

Galyas, Viktoria

January 2021

Sweden is one of the world's most digitized countries but falls behind when it comes to ITand cybersecurity. When we are so dependent on digital solutions and security is far behind, it leaves us with a vulnerable society. This thesis studies Coop, a grocery store, in Sweden that was affected by an IT-attack in the summer of 2021. The purpose is to understand how IT- and cybersecurity is described in the debate surrounding the incident. The theoretical framework used in this study is the securitization theory by Buzan et. al. To answer the research question of what type of security problem the IT-attack is described as in the Swedish debate, a discourse analysis is made. The material for this study is both news articles from the four largest nationwide newspapers and press releases from Coop and the Swedish government. The analysis shows that the IT-attack is described as two different kinds of security problems. In the beginning of the crisis, it is described as a problem for companies, but as the discorus evolves it starts to shift to be described as more of a problem for society as a whole. This thesis contribution is to show how the IT-attack that affected Coop is described and formed in the discourse. Henceforth it also shows the complexity of responsibility of ITand cybersecurity issues.

Coop

säkerhetsproblem

IT-säkerhet

cybersäkerhet

IT-attack

hot

diskurs

ansvar

säkerhetiseringsteorin

Political Science

Statsvetenskap

Úloha sukcinátu v ischemické toleranci srdce potkanů / The role of succinic acid in cardiac ischemic tolerance in rats

Kordač, Petr

January 2021

Succinate is one of the intermediate in the Krebs cycle, which in recent years has been shown to interfere with other cellular events, some of which may affect cardiac ischemic tolerance. The aim of this project was to clarify its cardioprotective role in rat hearts subjected to acute ischemia-reperfusion. The myocardial resistance to acute ischemia (infarct size and incidence and severity of ischemic and reperfusion arrhythmias) was analyzed using the Langendorff method of isolated perfused heart at a constant flow with acute succinate administration. Local ischemia was induced by ligation of left anterior descending coronary artery. Acute administration of 1 mM succinate before 60 minutes of ischemia or before reperfusion only had a beneficial effect on reducing the infarct size by 25-30 % compared to the control group. At the same time, it had an adverse effect on the incidence and severity of ischemic and reperfusion arrhythmias. Key words: Succinate, heart, rat, heart-attack, ventricular arrhythmias

Split Manufacturing: Attacks and Defenses

Chen, Suyuan

07 June 2019

No description available.

Electrical Engineering

Split Manufacturing

Hardware Security

Satisfiability

Cycle Constraints

Hybrid Attack

Proximity Information