Global ETD Search

521	Generátor síťových útoků / Network Attack Generator Buček, Hynek January 2013 (has links) This thesis is focused on the study of the best-known network attacks, especially on those that can be theoretically detected without knowledge of the contents of transmitted messages. The goal is to use the basis of acquired knowledge to create a tool that will simulate the behavior of the communication in different network attacks. Simulation outputs will be used for testing the quality of security tools designed to defend against network attacks. The simulator will be used only for offline testing, it will not be possible to carry out real attacks. Purpose of this work is to improve the security against network attacks nowadays.
522	Užití techniky lámání hesel u komprimačních formátů RAR, ZIP a 7z a extrakce hesel z samorozbalovacích archivů / Analysis of the Possibility of Password Break through for RAR, ZIP and 7z Formats Prustoměrský, Milan January 2013 (has links) This Thesis deals with analysis of the possiblity of password breakthrough for common compression formats and password extraction from self-extraction archives used for malicious software. Structure of compression programs, ciphers and connection between cipher and archives is described. Common and specialized attacks on archives and ciphers are described. Structure of self-extracting archives and password location is used to create extractor of passwords in self-extracting archives.
523	Analýza automatizovaného generování signatur s využitím Honeypotu / Analysis of Automated Generation of Signatures Using Honeypots Bláha, Lukáš January 2012 (has links) In this paper, system of automatic processing of attacks using honeypots is discussed. The first goal of the thesis is to become familiar with the issue of signatures to detect malware on the network, especially the analysis and description of existing methods for automatic generation of signatures using honeypots. The main goal is to use the acquired knowledge to the design and implementation of tool which will perform the detection of new malicious software on the network or end user's workstation.
524	Attack Modeling and Risk Assessments in Software Deﬁned networking (SDN) Frankeline, Tanyi January 2019 (has links) Software Defined Networking (SDN) is a technology which provides a network architecture with three distinct layers that is, the application layer which is made up of SDN applications, the control layer which is made up of the controller and the data plane layer which is made up of switches. However, the exits different types of SDN architectures some of which are interconnected with the physical network. At the core of SDN, the control plane is physically and logically separated from the data plane. The controller is connected to the application layer through an interface known as the northbound interface and to the data plane through another interface known as the southbound interface. The centralized control plane uses APIs to communicate through the northbound and southbound interface with the application layer and the data plane layer respectively. By default, these APIs such as Restful and OpenFlow APIs do not implement security mechanisms like data encryption and authentication thus, this introduces new network security threats to the SDN architecture. This report presents a technique known as threat modeling in SDN. To achieve this technique, attack scenarios are created based on the OpenFlow SDN vulnerabilities. After which these vulnerabilities are defined as predicates or facts and rules, a framework known as multihost multistage vulnerability analysis (MulVAL) then takes these predicates and rules to produce a threat model known as attack graph. The attack graph is further used to performed quantitative risk analysis using a metric to depict the risks associated to the OpenFlow SDN model SDN Application layer Northbound Interface Controller Southbound Interface data plane OpenFlow Threat Model MulVAL Attack Graph Attack Trees Risk Analysis Övrig annan teknik
525	Kryptoanalýza algoritmu post-kvantové kryptografie / Cryptoanalysis of a Post-quantum Cryptography Algorithm Štumpf, Daniel January 2020 (has links) National Institute of Standards and Technology (NIST) is currently running a stan- dardization process for a post-quantum cryptography primitives. Depending on the al- gorithms building blocks these primitives can be divided into five categories. In the first part of this thesis we described all five categories and compared their characteristics. The most important aspect of the schemes for NIST is security against both classical and quantum adversaries. We chose one of the five categories (namely, we picked lattice- based cryptosystems) for further cryptanalysis. As we think that the security analysis of some of the second round candidates in the NIST standardization project is not suffi- ciently well described in their specification documents and some known attacks are not considered at all, we provide a unified security analysis of these schemes. We described two currently known attacks (primal and dual attacks) against lattice-based schemes, estimated cost of these attacks against the lattice-based candidates in the second round of the NIST standardization project and compared these values with the security claimed by these candidates. In most cases our estimations matches those published in the speci- fication documents and therefore we conclude that the security estimates claimed by the candidates are...
526	CISTAR Cybersecurity Scorecard Braiden M Frantz (8072417) 03 December 2019 (has links) <p>Highly intelligent and technically savvy people are employed to hack data systems throughout the world for prominence or monetary gain. Organizations must combat these criminals with people of equal or greater ability. There have been reports of heightened threats from cyber criminals focusing upon the energy sector, with recent attacks upon natural gas pipelines and payment centers. The Center for Innovative and Strategic Transformation of Alkane Resources (CISTAR) working collaboratively with the Purdue Process Safety and Assurance Center (P2SAC) reached out to the Computer and Information Technology Department to assist with analysis of the current cybersecurity posture of the companies involved with the CISTAR initiative. This cybersecurity research project identifies the overall defensive cyber posture of CISTAR companies and provides recommendations on how to bolster internal cyberspace defenses through the identification of gaps and shortfalls, which aided the compilation of suggestions for improvement. Key findings include the correlation of reduced cybersecurity readiness to companies founded less than 10 years ago, cybersecurity professionals employed by all CISTAR companies and all CISTAR companies implementing basic NIST cybersecurity procedures.</p> Computer System Security Web Technologies (excl. Web Search) Cybersecurity Cyber CISTAR P2SAC NIST petroleum natural gas petroleum IT energy energy cyber cyber-attack cyber attack cyber defense natural gas disruption
527	Utvärdering av nätverkssäkerheten på J Bil AB / Evaluation of the network security at J Bil AB Ahmed, Olfet, Saman, Nawar January 2013 (has links) Detta examensarbete är en utvärdering av nätverkssäkerheten hos J BiL AB, både på social och teknisk nivå. Företaget är beroende av säkra Internet-anslutningar för att nå externa tjänster och interna servrar lokaliserade på olika geografiska platser. Företaget har ingen IT-ansvarig som aktivt underhåller och övervakar nätverket, utan konsulterar ett externt dataföretag. Syftet med examensarbetet är att utvärdera säkerheten, upptäcka brister, ge förbättringsförslag och till viss del implementera lösningar. För att undersöka säkerheten har observationer och intervjuer med personalen gjorts och ett flertal attacker mot nätverket har utförts. Utifrån den data som samlats in kunde slutsatsen dras att företaget har brister vad gäller IT-säkerheten. Framförallt den sociala säkerheten visade sig ha stora luckor vilket till stor del beror på att de anställda varken har blivit utbildade eller fått någon information om hur de ska hantera lösenord, datorer och IT-frågor i allmänt. Förbättringsförslag har getts och viss implementation har genomförts för att eliminera bristerna. De anställda har även med hjälp av en IT-policy och föreläsning blivit utbildade i hur de ska agera och tänka kring IT-relaterade säkerhetsfrågor. / The aim of this project is to evaluate the network security at J Bil AB. The focus will be on both social and technical issues. For the employees to be able to con-nect to remote servers and external services and perform their daily work tasks, secure connections is needed. J Bil Ab has no IT manager who actively maintains and monitors the network; rather they consult a computer company when changes and implementations are required. The projects’ goal is to identify gaps, come up with suggestions for improvement and to some extent implement so-lutions. To do this, an observation of the employees hav been made, an inter-view have been held, and several attacks on the network have been performed. Based on the data collected, it was concluded that the company has shortcom-ings in IT security. Above all, the social security appeared to have major gaps in it and that is mainly because the lack of knowledge among the employees and they have never been informed of how to manage their passwords, computers and IT issues in general. Suggestions for improvement have been given and some implementations have been performed to eliminate the deficiencies. Network security brute-force attack dictionary attack encryption VPN wirelsess networks servers phishing IT Policies Säkerhet social säkerhet brute force ordboksattack kryptering trådlösa nätverk servrar VPN IT-policy phishing Computer Engineering Datorteknik
528	Ransomware-attacker : En kvalitativ studie kring informationssäkerhetsarbetet inom mindre svenska kommuner Järgenstedt, Tindra, Kvernplassen, Nelly January 2023 (has links) Ransomware-attacker har blivit ett allt större hot i och med samhällets ständigt pågående digitalisering. Denna studie undersöker vilka faktorer som är viktiga för att förhindra ransomware-attacker mot mindre svenska kommuner. För att åstadkomma detta genomfördes semistrukturerade intervjuer med sex olika respondenter. De som intervjuades arbetade alla i mindre svenska kommuner och hade god insyn och kunskap kring kommunens IT- och informationssäkerhetsarbete. Materialet analyserades sedan utifrån Protection Motivation Theory (PMT). Studien diskuterar både kommunernas attityd till informationssäkerhet samt konstaterar vilka säkerhetsåtgärder som utmärker sig som viktigast. Dessa var skyddade säkerhetskopior, utbildning samt kontinuitetsplaner kopplade till just IT-attacker. / Ransomware attacks have become an increasing threat with the ongoing digitalization of society. This study investigates what factors are important to prevent ransomware attacks against smaller Swedish municipalities. To accomplish this, semi-structured interviews were conducted with six different respondents. The interviewees all worked in smaller Swedish municipalities and had good insight and knowledge of the municipality's IT and information security work. The material was then analyzed using Protection Motivation Theory (PMT). The study discusses both the municipalities' attitude to information security and notes which security measures stand out as most important. These were protected backups, education and continuity plans linked to IT attacks. The paper then concludes with suggestions for further research. Information Security Cyber security Ransomware attack Qualitative research Swedish municipalities Protection Motivation Theory Kill-chain Informationssäkerhet Cybersäkerhet Ransomware-attack Kvalitativ studie Svenska kommuner Protection Motivation Theory Kill Chain Information Systems, Social aspects
529	azureLang: a probabilistic modeling and simulation language for cyber attacks in Microsoft Azure cloud infrastructure Hawasli, Ahmad January 2018 (has links) Cyber-attack simulation is a suitable method used for assessing the security ofnetwork systems. An attack simulation advances step-wise from a certain systementry-point to explore the attack paths that lead to dierent weaknesses inthe model. Each step is analyzed, and the time to compromise is calculated.Attack simulations are primarily based on attack graphs. The graphs areemployed to model attack steps where nodes can represent assets in the system,and edges can represent the attack steps. To reduce the computational cost associatedwith building an attack graph for each specic system, domain-specicattack languages, or DSL for short, are used.The nal product of this thesis work is azureLang, a probabilistic modelingand simulation language for modeling Microsoft Azure cloud infrastructure.AzureLang is a DSL which denes a generic attack logic for MicrosoftAzure systems. Using azureLang, system administrators can easily instantiatespecic-system scenarios which emulate their Microsoft Azure cloud system infrastructure.After creating the model, attack simulation can be run to assessthe security of the model. / Cyberattacksimulering är en lämplig metod som används för att bedöma säkerhetenhos nätverkssystem. En angrepsimulering går stegvis från ett visst systeminmatningspunkt för att utforska angreppsbanorna som leder till olika svagheter i modellen. Varje steg analyseras och tiden för kompromettera beräknas.Attack-simuleringar baseras huvudsakligen på attackgrafer. Graferna används för att modellera angreppssteg där noder kan representera tillgångar i systemet, och kanterna kan representera attackenstegen. För att minska kostnaden för att skapa attackgrafer för varje specifikt system används domänspecifika språk eller DSL förkortat.Den slutliga produkten av detta examensarbete är azureLang, ett probabilistisk hotmodelleringsoch attacksimuleringsspråk för analys av Microsoft Azure Cloud Infrastructure. AzureLang är en DSL som definierar en generisk attacklogik för Microsoft Azure-system. Med hjälp av azureLang kan systemadministratörer enkelt ordna specifika systemscenarier som efterliknar deras Microsoft Azure cloudsystem infrastruktur. Efter att ha skapat modellen kan attack simu-lering köras för att bedöma modellens säkerhet. Domain Specic Language Cyber Security Threat Modeling Attack Graphs Domanspecikt sprak Cybersakerhet Hotmodellering Attack Grafer Engineering and Technology Teknik och teknologier
530	Network layer reliability and security in energy harvesting wireless sensor networks Yang, Jing 08 December 2023 (has links) (PDF) Wireless sensor networks (WSNs) have become pivotal in precision agriculture, environmental monitoring, and smart healthcare applications. However, the challenges of energy consumption and security, particularly concerning the reliance on large battery-operated nodes, pose significant hurdles for these networks. Energy-harvesting wireless sensor networks (EH-WSNs) emerged as a solution, enabling nodes to replenish energy from the environment remotely. Yet, the transition to EH-WSNs brought forth new obstacles in ensuring reliable and secure data transmission. In our initial study, we tackled the intermittent connectivity issue prevalent in EH-WSNs due to the dynamic behavior of energy harvesting nodes. Rapid shifts between ON and OFF states led to frequent changes in network topology, causing reduced link stability. To counter this, we introduced the hybrid routing method (HRM), amalgamating grid-based and opportunistic-based routing. HRM incorporated a packet fragmentation mechanism and cooperative localization for both static and mobile networks. Simulation results demonstrated HRM's superior performance, enhancing key metrics such as throughput, packet delivery ratio, and energy consumption in comparison to existing energy-aware adaptive opportunistic routing approaches. Our second research focused on countering emerging threats, particularly the malicious energy attack (MEA), which remotely powers specific nodes to manipulate routing paths. We developed intelligent energy attack methods utilizing Q-learning and Policy Gradient techniques. These methods enhanced attacking capabilities across diverse network settings without requiring internal network information. Simulation results showcased the efficacy of our intelligent methods in diverting traffic loads through compromised nodes, highlighting their superiority over traditional approaches. In our third study, we developed a deep learning-based two-stage framework to detect MEAs. Utilizing a stacked residual network (SR-Net) for global classification and a stacked LSTM network (SL-Net) to pinpoint specific compromised nodes, our approach demonstrated high detection accuracy. By deploying trained models as defenses, our method outperformed traditional threshold filtering techniques, emphasizing its accuracy in detecting MEAs and securing EH-WSNs. In summary, our research significantly advances the reliability and security of EH-WSN, particularly focusing on enhancing the network layer. These findings offer promising avenues for securing the future of wireless sensor technologies. Hybrid Routing Method (HRM) Intermittent Connectivity Energy Harvesting Malicious Energy Attack (MEA) Reinforcement Learning (RL) Malicious Energy Attack Detection Deep Learning(DL)

Search results