Global ETD Search

501	Detecting DDoS Attacks with Machine Learning : A Comparison between PCA and an autoencoder / Att Upptäcka DDoS-attacker med Maskininlärning : En Jämförelse mellan PCA och en autoencoder Johansson, Sofie January 2024 (has links) Distibuted denial of service (DDoS) attacks are getting more and more common in society as the number of devices connected to the Internet is increasing. To reduce the impact of such attacks it is important to detect them as soon as possible. Many papers have investigated how well different machine learning algorithms can detect DDoS attacks. However, most papers are focusing on supervised learning algorithms which require a lot of labeled data, which is hard to find. This thesis compares two unsupervised learning algorithms, an autoencoder and principal component analysis (PCA), in how well they detect DDoS attacks. The models are implemented in the Python libraries Keras, Tensorflow and scikit-learn. They are then trained and tested with data that has its origin in the CICDDOS2019 dataset. There are normal data and nine different types of DDoS attacks in the used dataset. The models are compared by computing the Receiver Operating Characteristic (ROC) curve and its Area Under the Curve (AUC) score, and the F1 score of the models. For both measures the mean value of the results of all attack types are used. The computations show that the autoencoder perform better than PCA with respect to both the mean AUC score (0.981 compared to 0.967) and the mean F1 score (0.987 compared to 0.978). The thesis goes on to discussing why the autoencoder performs better than PCA and, finally draws conclusions based on the insights of the analysis. machine learning distributed denial of service attack DDoS autoencoder pca Computer Engineering Datorteknik
502	The effect of individual variability and larger carnivores on the functional response of cheetahs Hilborn, Anne Winona 07 February 2018 (has links) Functional response is the framework thorough which we can quantify how predator hunting behaviors such as rate of successful attack and time spent handling prey interact with prey density to determine the rate at which prey are killed. Cheetahs are mesopredators and their behavior can be shaped by the need to avoid larger predators while hunting relatively large bodied and mobile prey. I used data from 34 years of observed cheetah hunts in Serengeti National Park in Tanzania to investigate how reproductive condition, prey density, seasonality, and the proximity of larger predators affect cheetah kill rates, probability of successful attack, and time spent handling prey. Mothers with cubs had an asymptotic Type II functional response where kill rate increased but eventually leveled-off at high prey densities, while cheetahs without cubs had a dome shaped Type IV functional response where kill rates actually declined at high prey density. Probability of successful attack on prey was higher for mothers with cubs, and increased slightly with prey density. Mothers with cubs had different prey handling behavior than other cheetahs. Cheetah mothers spend longer at kills then other cheetahs despite the risk that the carcass can attract lions and hyenas that could steal the carcass and potentially kill her cubs. Mothers must make sure their cubs have sufficient time at the carcass to eat their fill, thus they minimize risk from larger predators by being vigilant. In contrast, cheetahs without cubs are unconcerned with cub predation and can eat quickly to minimize the risk of kleptoparasitism. My results show how the pressures of cub rearing and coexisting with larger carnivores differentially shape the hunting behavior of cheetahs, and suggest that intensity of mesopredator suppression may depend on individual variability. This is the first time the functional response for a large mesopredator, has been quantified and the first time a dome shaped response has been recorded in a mammal. My work shows the value in accounting for individual variability in functional response and how linking of carnivore hunting behavior to multiple species interactions advances our understanding of how classical ecological theory applies to wild ecosystems. / Ph. D. / One of the most basic interactions between species is when one kills and eats another. Determining how many prey a predator kills is challenging, especially because it is difficult to observe hunting behavior in nature. To assess killing rates, we need information on prey density, the rate predators attack prey, and how long they spent killing and eating it. In smaller bodied predators (a.k.a. mesopredators), those behaviors are often influenced by the presence of larger, dangerous predators. I used 34 years of data on wild cheetahs in Serengeti National Park in Tanzania to examine whether their hunting behavior was influenced by having cubs, the proximity of lions and hyenas, and the season. I assessed how these factors affect the relationships between cheetah kill rates and gazelle density, the probability of a successful attack, and the time cheetahs spend handling their prey. I found that cheetah hunting behavior is largely shaped by whether or not they have cubs. Mothers’ kill rates are higher than cheetahs without cubs and stay high as gazelle densities increase. In contrast, the rate cheetahs without cubs kill declines at high gazelle density, the first time this relationship has been recorded in a wild mammal. Once prey are dead, mothers spend more time at the kill in order to ensure their cubs get enough time to eat. However, being at the kill is risky because lions and hyenas can arrive and kill her cubs. To minimize risks to cubs at the kill, mothers are more vigilant for predators than other cheetahs. Cheetahs without cubs spend less time at the kill, eating quickly without being vigilant. My results show how living in a landscape with multiple larger predators and mobile prey shapes the hunting behavior of all cheetahs, while providing detail on how having cubs can drive differences in those behaviors among individuals. The patterns of behavior seen in cheetahs may be indicative of how mesopredators alter hunting behavior to cope with pressures from larger predators. This is relevant as we craft conservation and management policies that take into account relationships among multiple carnivore species and their prey. Carnivores predator-prey interactions mesopredators functional response attack rate handling time mesopredator suppression individual variability
503	Smart card fault attacks on public key and elliptic curve cryptography Ling, Jie January 2014 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key. Smart Card RSA ECC Fault Attack Smart Card Security Public Key NAF wNAF Counter Fault Attack Bit Flip Attack Doubling Attack Attack Simulation Data encryption (Computer science) Curves, Elliptic -- Data processing Cryptography -- Mathematics Public key cryptography -- Research Data protection -- Research Computer engineering -- Research Coding theory Computer security Data structures (Computer science) Embedded computer systems Smart card industry Computer networks -- Security measures Computers -- Access control
504	Eavesdropping Attacks on Modern-Day Connected Vehicles and Their Ramifications / Avlyssningsattacker på moderna uppkopplade bilar och deras följder Bakhshiyeva, Afruz, Berefelt, Gabriel January 2022 (has links) Vehicles today are becoming increasingly more connected. Most cars are equipped with Bluetooth, Wi-Fi and Wi-Fi hotspot capabilities and the ability to connect to the internet via a cellular modem. This increase in connectivity opens up new attack surfaces for hackers to exploit. This paper aims to study the security of three different cars, a Tesla Model 3 (2020), an MG Marvel R (2021) and a Volvo V90 (2017), in regards to three different eavesdropping attacks. The performed attacks were a port scan of the vehicles, a relay attack of the key fobs and a MITM attack. The study discovered some security risks and discrepancies between the vehicles, especially regarding the open ports and the relay attack. This hopefully promotes further discussion on the importance of cybersecurity in connected vehicles. / Bilar idag har blivit alltmer uppkopplade. Idag har de inte bara bluetooth och Wi-Fi funktionalitet utan vissa bilar har förmågan att kopplas till internet via ett mobilt bredband. Denna trend har visats ge bilar nya attackytor som hackare kan utnyttja. Målet med denna studie är att testa säkerheten hos tre olika bilar, Tesla Model 3 (2020), MG Marvel R (2021) och Volvo V90 (2017) med åtanke på tre olika avlyssningsattacker. De attackerna som studien valde var port-skanning på bilen, relä-attack på bilnycklarna och mannen-i-mitten attack. Studien hittar vissa säkerhetsrisker och skillnader mellan de olika bilarna särskilt vid reläattacken och port-skanningen som förhoppningsvis främjar en fortsatt diskussion om cybersäkerhetens vikt för säkrare uppkopplade bilar. Connected vehicle hacking pentest eavesdropping security Tesla Model 3 Volvo XC40 MG Marvel R automotive cybersecurity interception attacks passive attacks wireless attacks Wi-Fi attacks attack surface relay attack port scan man-in-the-middle attack Uppkopplade fordon hacking avlyssning säkerhet Tesla Model 3 Volvo XC40 MG Marvel R fordonscybersäkerhet avlyssningsattacker passiva attacker trådlösa attacker Wi-Fi-attacker attackyta relä-attack port-skanning mannen-i-mitten attack Computer Sciences Datavetenskap (datalogi)
505	On optimising FAC(M) counter missile tactics : a dynamic simulation model to optimise soft kill tactics employed by a generic fast attack craft against a generic surface-to-surface, fire-and-forget missile Engelbrecht, Gerhard Nieuwoudt 11 1900 (has links) The aim of this dissertation is to show how counter missile tactics for a fast attack craft armed with missiles [FAC(M)] against a surface-to-surface, fireand- forget missile [SSM] can be optimised. As a result the ship and missile will be modelled as generic concepts while the environment will be a chosen area of operations. The applicable methodology is to simulate the ship, missile and environment as well as the interactions between them. At the same time, the ship will be carrying out combinations of five separate missile counter measures. The methodology is then to build a dynamic simulation model to optimise soft kill tactics by a generic F AC(M) against a generic SSM in the chosen environment and evaluate the outcome of the simulation by viewing the experiment as a 25 factorial design and to analyse it accordingly. / Operations Research / M.Sc. (Operations Research) Anti-missile tactics Fast attack craft Maritime environment Missile counter measures Naval warfare Surface warfare Surface-to-surface missile 359.98174011 Antiship missile defenses Surface-to-surface missiles Fast attack craft Naval tactics -- Simulation methods Operations research
506	Etude de la vulnérabilité des circuits cryptographiques l'injection de fautes par laser. / Study of the vulnerability of cryptographic circuits by laser fault injection. Mirbaha, Amir-Pasha 20 December 2011 (has links) Les circuits cryptographiques peuvent etre victimes d'attaques en fautes visant leur implementation materielle. elles consistent a creer des fautes intentionnelles lors des calculs cryptographiques afin d'en deduire des informations confidentielles. dans le contexte de la caracterisation securitaire des circuits, nous avons ete amenes a nous interroger sur la faisabilite experimentale de certains modeles theoriques d'attaques. nous avons utilise un banc laser comme moyen d'injection de fautes.dans un premier temps, nous avons effectue des attaques en fautes dfa par laser sur un microcontroleur implementant un algorithme de cryptographie aes. nous avons reussi a exclure l'effet logique des fautes ne correspondants pas aux modeles d’attaque par un jeu precis sur l'instant et le lieu d'injection. en outre, nous avons identifie de nouvelles attaques dfa plus elargies.ensuite, nous avons etendu nos recherches a la decouverte et la mise en place de nouveaux modeles d'attaques en fautes. grace a la precision obtenue lors de nos premiers travaux, nous avons developpe ces nouvelles attaques de modification de rondes.en conclusion, les travaux precedents constituent un avertissement sur la faisabilite averee des attaques par laser decrites dans la litterature scientifique. nos essais ont temoigne de la faisabilite toujours actuelle de la mise en place des attaques mono-octets ou mono-bits avec un faisceau de laser qui rencontre plusieurs octets ; et egalement reveler de nouvelles possibilites d’attaque. cela nous a amenes a etudier des contre-mesures adaptees. / Cryptographic circuits may be victims of fault attacks on their hardware implementations. fault attacks consist of creating intentional faults during cryptographic calculations in order to infer secrets. in the context of security characterization of circuits, we have examined practical feasibility of some theoretical models of fault attacks. we used a laser bench as a means of the fault injection.at the beginning, we performed laser fault injections on a microcontroller implementing an aes cryptographic algorithm. we succeeded to exclude the logical effect of mismatched faults by temporal and spatial accuracy in fault injection. moreover, we identified extended new dfa attacks.then, we extended our research to identify and to implement new fault attack models. with the precision obtained in our earlier work, we developed new round modification analysis (rma) attacks.in conclusion, the experiments give a warning for the feasibility of described attacks in the literature by laser. our tests have demonstrated that single-byte or single-bit attacks are still feasible with a laser beam that hits additional bytes on the circuit when the laser emission is accurate and associated with other techniques. they also revealed new attack possibilities. therefore, it conducted us to study of appropriate countermeasures. Attaque En Faute Attaque Materielle Injection De Fautes Par Laser Cryptographie Carte A Puce Advanced Encryption Standard Analyse Differentielle De Fautes Analyse De Modification De Rondes Fault attack Physical attack Laser fault injection Cryptography Smart card Advanced encryption standard Differential fault annalysis Round modification analysis
507	Arithmetic recodings for ECC cryptoprocessors with protections against side-channel attacks / Unités arithmétiques reconfigurables pour cryptoprocesseurs robustes aux attaques Chabrier, Thomas 18 June 2013 (has links) Cette thèse porte sur l'étude, la conception matérielle, la validation théorique et pratique, et enfin la comparaison de différents opérateurs arithmétiques pour des cryptosystèmes basés sur les courbes elliptiques (ECC). Les solutions proposées doivent être robustes contre certaines attaques par canaux cachés tout en étant performantes en matériel, tant au niveau de la vitesse d'exécution que de la surface utilisée. Dans ECC, nous cherchons à protéger la clé secrète, un grand entier, utilisé lors de la multiplication scalaire. Pour nous protéger contre des attaques par observation, nous avons utilisé certaines représentations des nombres et des algorithmes de calcul pour rendre difficiles certaines attaques ; comme par exemple rendre aléatoires certaines représentations des nombres manipulés, en recodant certaines valeurs internes, tout en garantissant que les valeurs calculées soient correctes. Ainsi, l'utilisation de la représentation en chiffres signés, du système de base double (DBNS) et multiple (MBNS) ont été étudiés. Toutes les techniques de recodage ont été validées théoriquement, simulées intensivement en logiciel, et enfin implantées en matériel (FPGA et ASIC). Une attaque par canaux cachés de type template a de plus été réalisée pour évaluer la robustesse d'un cryptosystème utilisant certaines de nos solutions. Enfin, une étude au niveau matériel a été menée dans le but de fournir à un cryptosystème ECC un comportement régulier des opérations effectuées lors de la multiplication scalaire afin de se protéger contre certaines attaques par observation. / This PhD thesis focuses on the study, the hardware design, the theoretical and practical validation, and eventually the comparison of different arithmetic operators for cryptosystems based on elliptic curves (ECC). Provided solutions must be robust against some side-channel attacks, and efficient at a hardware level (execution speed and area). In the case of ECC, we want to protect the secret key, a large integer, used in the scalar multiplication. Our protection methods use representations of numbers, and behaviour of algorithms to make more difficult some attacks. For instance, we randomly change some representations of manipulated numbers while ensuring that computed values are correct. Redundant representations like signed-digit representation, the double- (DBNS) and multi-base number system (MBNS) have been studied. A proposed method provides an on-the-fly MBNS recoding which operates in parallel to curve-level operations and at very high speed. All recoding techniques have been theoretically validated, simulated extensively in software, and finally implemented in hardware (FPGA and ASIC). A side-channel attack called template attack is also carried out to evaluate the robustness of a cryptosystem using a redundant number representation. Eventually, a study is conducted at the hardware level to provide an ECC cryptosystem with a regular behaviour of computed operations during the scalar multiplication so as to protect against some side-channel attacks. Courbe elliptique Cryptographie Attaque par observation Protection Contre mesure Canaux caché Canaux auxiliaire Recodage arithmétique Fpga Asic Implémentation matérielle. Elliptic curve Cryptography Attack by observation Side channel attack Arithmetic recoding Protection Counter measure Fpga Asic Hardware implementation.
508	Supervision des réseaux pair à pair structurés appliquée à la sécurité des contenus / Monitoring of structured P2P networks applied to the security of contents Cholez, Thibault 23 June 2011 (has links) L'objectif de cette thèse est de concevoir et d'appliquer de nouvelles méthodes de supervision capables d'appréhender les problèmes de sécurité affectant les données au sein des réseaux P2P structurés (DHT). Ceux-ci sont de deux types. D'une part les réseaux P2P sont utilisés pour diffuser des contenus illégaux dont l'activité est difficile à superviser. D'autre part, l'indexation des contenus légitimes peut être corrompue (attaque Sybil).Nous proposons tout d'abord une méthode de supervision des contenus basée sur l'insertion de sondes et le contrôle du mécanisme d'indexation du réseau. Celle-ci permet d'attirer l'ensemble des requêtes des pairs pour un contenu donné, puis de vérifier leur intention en générant des appâts très attractifs. Nous décrivons ainsi les faiblesses du réseau permettant la mise en oeuvre de notre méthode en dépit des protections existantes. Nous présentons les fonctionnalités de notre architecture et en évaluons l'efficacité sur le réseau P2P KAD avant de présenter un déploiement réel ayant pour but l'étude des contenus pédophiles.Nous considérons ensuite la sécurité des données indexées dans une DHT. Nous supervisons le réseau KAD et montrons que celui-ci est victime d'une pollution particulièrement néfaste affectant 2/3 des fichiers mais aussi de nombreuses attaques ciblées affectant la sécurité des contenus stockés. Nous proposons un moyen de détecter efficacement cette dernière attaque en analysant la distribution des identifiants des pairs autour d'une référence ainsi qu'une contre-mesure permettant de protéger les pairs à un coût négligeable. Nous terminons par l'évaluation de la protection au sein de réseaux P2P réels. / The purpose of this thesis is to design and implement new monitoring solutions which are able to deal with the security issues affecting data stored in large structured P2P networks (DHT). There are two major types of issues. First, P2P networks are used to spread illegal contents whose activity is difficult to monitor accurately. Second, the indexation of regular contents can be corrupted (Sybil attack).We first designed a new approach to monitor contents based on the insertion of distributed probes in the network to take control of the indexation mechanism. The probes can attract all the related requests for a given content and assess the peers intent to access it by generating very attractive honeypots. We describe the weaknesses of the network allowing our solution to be effective despite recent protection mechanisms. We then present the services offered by our monitoring architecture and we evaluate its efficiency on KAD. We also present a real deployment whose purpose is to study pedophile contents on this network.Then, we focus on data integrity in distributed hash tables. We performed large scale monitoring campaigns on the KAD network. Our observations show that it suffers from a very harmful pollution of its indexation mechanism affecting 2/3 of the shared files and from a large number of localized attacks targeting contents. To mitigate these threats, we propose a new efficient way to detect attacks by analysing the distribution of the peers' ID found around an entry after a DHT lookup and a counter-measure which can protect the peers at a negligible cost. Finally, we evaluate our solution in real P2P networks. Réseaux P2P Table de hachage distribuée KAD Supervision Pots de miel Indexation des contenus Sécurité Attaque Sybil Détection d'attaques Défense Pollution des contenus P2P networks Distributed Hash Table KAD Monitoring Honeypot Content indexation Security Sybil attack Attack detection Defense Content pollution
509	Boj proti terorismu na národní a mezinárodní úrovni / The fight against terrorism at a national and international level HOLUB, Michal January 2019 (has links) Terrorism is a modern and constantly developing problem which has been threatening and noticeably affecting the protected interests and built-up values of states. Terrorist groups strive to spread fear, violence, opinions, and ideas to reach their goals through attacks on the population. Today, even countries that have not faced this threat yet, are confronted with this problem. Modern trends and new technologies along with the migration crisis cause that we face this threat in our homes more than ever before. The upraise of The Islamic State can be considered as a phenomenon of today, which has infected practically whole world and gives a space to various individuals to commit terrorist attacks under the auspices of this organization, or just provides instructions on committing such acts for any reason and with different aims. It is necessary to respond adequately to this threat, and it is necessary not to remain only with regret after every terrorist attack. It is essential to monitor the latest trends in terrorist attacks same as fighting against them, which in consequence will help us to set up operational procedures how to deal with these kind of incidences. There is also a need for a strong political spectrum which understands that these measures will never be profitable or popular, however its necessary it keeps supporting them.
510	NATO:s luftkrig i Kosovo utifrån Wardens teorier / NATO:s air war in Kosovo from Wardens perspective Frisk, Erik January 2011 (has links) John A. Warden III is one the most mentioned air power theoretic of his time.He has written a number of theories concerning air power and the best way to use this to win wars.The author of this paper gives a short resume of what he consider are the central thoughts in John Warden´s theories. These thoughts result in four factors; Enemy as a system, centre of gravity, parallel attack/concentration and finally air superiority. These factors are then being used to inves-tigate if NATO used Wardens theories during the Kosovo war in 1999.The reason for the author to choose the Kosovo war specifically is due to the fact that NATO during the war only used air power as an instrument to get Serbia´s president Milosevic to the negotiation table but also the fact that this would turn out to be quite a challenge for NATO.The conclusion is that out of the four factors only one is traceable throughout the entire operation, and that is air superiority. Regarding the other three factors they can only be found in parts of the operation. / John A. Warden III är en av de mest omskrivna luftmaktsteoretikerna under sin tid. Han har lagt fram ett antal teorier för vad han anser är bästa sättet att använda luftmakt för att vinna krig. I uppsatsen ges en sammanfattning av vad författaren anser vara de centrala tankarna i hans teorier. Dessa utmynnar i fyra begrepp; fienden som ett system, tyngdpunktsbegreppet,parallell attack och kraftsamling samt luftrumskontroll. Dessa begrepp står sedan somutgångspunkt för en fallstudie av NATO:s luftmaktsanvändning under Kosovokriget 1999.Undersökningen syftar till att undersöka om NATO använde sig av John Wardens luftmaktsteorier under kriget.Varför författaren har valt just Kosovokriget beror bland annat på att NATO under kriget enbart använde sig av luftmakt för att få Serbiens president Milosevic till förhandlingsbordet samt att det också visade sig bli en stor prövning för dem.Slutsatsen blev att av de fyra utvalda faktorerna så var det endast en som NATO visade sig foku-sera på under hela operationen, detta var luftrumskontroll. Vad gäller de övriga tre faktorerna finner författaren att NATO använt sig av dessa i stort sett bara under slutskedet av operationen. Air Power Kosovo Warden NATO Enemy as a system Centre of gravity parallel attack Concentration Air superiority Luftmakt Kosovo Warden NATO Fienden som ett system Tyngdpunkt Parallell attack kraftsamling luftrumskontroll SOCIAL SCIENCES SAMHÄLLSVETENSKAP

Search results