Global ETD Search

11	Fundamental Attacks on Ethereum Oracles and How to Prevent Them Jafari, Mikael January 2023 (has links) Many applications and protocols on blockchain platforms are reliant on real-world data which exists outside the blockchain, something which is not directly accessible through these platforms. To bridge this gap, blockchain oracles help these applications and protocols by providing them with this data. As different data used by these applications and protocols can result in different outcomes occurring, one way for attackers to attack these applications and protocols is to attack the oracles they rely on. This thesis investigates what types of fundamental attacks are possible on oracles hosted on Ethereum, potential ways to protect against them and how these attacks can be categorized. It also investigates if the different attributes of Solana or Corda provides any protection against these attacks in some way. In order to answer these questions, the different blockchain platforms are researched and investigated, along with different oracles and attacks on oracles. A framework which describes the different states data in a oracle can be in was also created in order to help find attacks. In total, eleven different fundamental attacks on Ethereum oracles were found along with different methods to protect against them. A majority of these attacks were deemed to be able to be done in full capability by both independent and nation-state attackers. Both Solana and Corda were found to provide some inherent protection against some of these attacks. Solana was found to be able to almost fully eliminate one type of attack due to its execution environment. Corda was found to make many of the found attacks harder to execute for an attacker, mainly due to its lack of anonymity. / Många applikationer och protokoll på blockkedje-plattformar är beroende av verklig data som existerar utanför blockkedjan, något som inte är direkt nåbart genom dessa plattformar. I syfte att göra denna data nåbar, så hjälper orakel på blockkedjor dessa applikationer och protokoll genom att tillhandahålla dem denna data. Eftersom dessa applikationer och protokoll kan ha olika utfall beroende på vilken data de använder sig av, så är en metod att attackera dem genom att attackera dem orakel som de använder sig av. Denna avhandling undersöker vilka typer av fundamentala attacker som är möjliga mot orakel som körs på Ethereum, potentiella sätt att skydda mot attackerna samt hur dessa attacker kan kategoriseras. Den undersöker även ifall de olika attributen som finns hos Solana eller Corda ger något skydd mot dessa attacker på något sätt. För att besvara dessa frågor har de olika blockkedjeplattformarna undersökts. Även olika orakel samt attacker mot orakel har undersökts. Ett ramverk som beskriver de olika tillstånden som data i ett orakel kan befinna sig i skapades med syfte att underlätta hittandet av attacker. Totalt så hittades elva olika fundamentala attacker mot orakel som körs på Ethereum tillsammans med tillhörande skyddsmetoder. Majoriteten av dessa attacker bedömdes kunna genomföras i full förmåga av både självständiga angripare samt nationssponsrade angripare. Både Solana och Corda visade sig ge skydd mot vissa av de elva attackerna genom sina attribut. Solana kan genom sin exekveringsmiljö nästan helt eliminera möjligheten av en av attackerna. Corda visade sig göra flera av de olika attackerna svårare att genomföra för angripare, främst på grund av sin avsaknad av anonymitet i plattformen. Blockchain Attacks Ethereum Solana Corda Oracle Blockkedja Attacker Ethereum Solana Corda Orakel Computer Sciences Datavetenskap (datalogi)
12	COMPUTATION IN SOCIAL NETWORKS Shaikh, Sajid S. 27 July 2007 (has links) No description available. Reputation Function ATTACKER SOCIAL NETWORK Memory Averaging Memory Averaging Function Fading Memory
13	Effektivitetsanalys och optimering av DDoS-skydd i Azures molnbaserade IT-infrastruktur / Efficiency analysis and optimization of DDoS-protection in Azure's cloud-based IT-infrastructure Zengin, Tolga January 2024 (has links) Detta examensarbete undersöker försvaret mot DDoS-attacker i molnbaserade miljöer, med ett särskilt fokus på Azure-infrastrukturen. Arbetet inkluderar en omfattande analys av komponenterna utöver DDoS-skyddet som erbjuds av Azure för att få ett komplett skydd av nätverksinfrastrukturen. I undersökningen jämfördes olika skyddskomponenter och det konstaterades att de valda lösningarna presterade bättre än andra marknadsledande lösningar när det gäller prestanda och säkerhet. Resultatet visar att komponenterna effektivt kan motverka DDoS-attacker under kontrollerade förhållanden, men ytterligare tester i riktiga miljöer är rekommenderade. Arbetet visar att framtida studier bör fokusera på att integrera artificiell intelligens för att förbättra skyddet mot DDoS-attacker ytterligare. / This thesis examines the defense against DDoS attacks in cloud-based environments, with a particular focus on the Azure infrastructure. The work includes a comprehensive analysis of the components in addition to the DDoS protection offered by Azure to get a complete protection of the network infrastructure. The study compared different protection components and found that the selected solutions outperformed other market-leading solutions in terms of performance and security. The results show that the components can effectively counter DDoS attacks under controlled conditions, but further testing in real environments is recommended. The work shows that future research should focus on integrating artificial intelligence to further improve protection against DDoS attacks. DDoS-attacker molnbaserade miljöer Azures IT-infrastruktur nätverkssäkerhet webbappli-kationsbrandvägg brandväggar trafikhantering säkerhetskomponenter Computer Systems Datorsystem
14	Nätverkssäkerhet med IPS : Förbättrad nätverkssäkerhet med Intrusion Prevention Systems Dubell, Michael, Johansson, David January 2013 (has links) Att skydda sin IT-miljö mot olika typer av intrång och attacker som till exempel trojaner,skadliga Java applets eller DoS attacker med hjälp av brandväggar och antivirusprogramär två viktiga lager i skalskyddet. I den här uppsatsen undersöks hur väl ett Intrusion Prevention System skulle kunna fungera som ett ytterligare lager i skalskyddet. Fokus ligger på hur väl IPS-systemet klarar av att avvärja attacker, hur mycket tid som går åt till konfigurering och drift för att få ett fungerande IPS samt hur prestandan i nätverket påverkas av implementationen. För att mäta hur väl IPS systemet klarar av att upptäcka och blockera attacker utförs två experiment där ett mindre nätverk attackeras på olika sätt. I det första experimentet skyddas infrastrukturen av en brandvägg och klienterna är utrustade med antivirusprogram. I det andra experimentet genomförs samma attacker igen fast med ett Snort IPS implementerat i nätverket. Resultatet av de genomförda experimenten visar att en IPS klarar att blockera ca 87% av attackerna, men nätverksprestandan påverkas negativt. Slutsatsen är att endast brandväggar och antivirusprogram inte ger ett fullgott skydd. network security network attacks virus trojans snort nätverkssäkerhet ips trojan nätverk Intrusion Prevention System snort attacker Computer Sciences Datavetenskap (datalogi)
15	Moderní služby honeypot/honeynet pro klasické informační sítě / Honeypot/Honeynet as modern services for classical information networks Karger, David January 2020 (has links) This work describes honeypots, their definition, clasification and logging possibilities. In the practical part honeypots are tested for the services that are most often attacked, their installation is performed and tests are made for basic familiarization with the functionality of the honeypot. Furthermore, the honeypot is exposed to the Internet and the obtained data are analyzed.
16	Eavesdropping Attacks on Modern-Day Connected Vehicles and Their Ramifications / Avlyssningsattacker på moderna uppkopplade bilar och deras följder Bakhshiyeva, Afruz, Berefelt, Gabriel January 2022 (has links) Vehicles today are becoming increasingly more connected. Most cars are equipped with Bluetooth, Wi-Fi and Wi-Fi hotspot capabilities and the ability to connect to the internet via a cellular modem. This increase in connectivity opens up new attack surfaces for hackers to exploit. This paper aims to study the security of three different cars, a Tesla Model 3 (2020), an MG Marvel R (2021) and a Volvo V90 (2017), in regards to three different eavesdropping attacks. The performed attacks were a port scan of the vehicles, a relay attack of the key fobs and a MITM attack. The study discovered some security risks and discrepancies between the vehicles, especially regarding the open ports and the relay attack. This hopefully promotes further discussion on the importance of cybersecurity in connected vehicles. / Bilar idag har blivit alltmer uppkopplade. Idag har de inte bara bluetooth och Wi-Fi funktionalitet utan vissa bilar har förmågan att kopplas till internet via ett mobilt bredband. Denna trend har visats ge bilar nya attackytor som hackare kan utnyttja. Målet med denna studie är att testa säkerheten hos tre olika bilar, Tesla Model 3 (2020), MG Marvel R (2021) och Volvo V90 (2017) med åtanke på tre olika avlyssningsattacker. De attackerna som studien valde var port-skanning på bilen, relä-attack på bilnycklarna och mannen-i-mitten attack. Studien hittar vissa säkerhetsrisker och skillnader mellan de olika bilarna särskilt vid reläattacken och port-skanningen som förhoppningsvis främjar en fortsatt diskussion om cybersäkerhetens vikt för säkrare uppkopplade bilar. Connected vehicle hacking pentest eavesdropping security Tesla Model 3 Volvo XC40 MG Marvel R automotive cybersecurity interception attacks passive attacks wireless attacks Wi-Fi attacks attack surface relay attack port scan man-in-the-middle attack Uppkopplade fordon hacking avlyssning säkerhet Tesla Model 3 Volvo XC40 MG Marvel R fordonscybersäkerhet avlyssningsattacker passiva attacker trådlösa attacker Wi-Fi-attacker attackyta relä-attack port-skanning mannen-i-mitten attack Computer Sciences Datavetenskap (datalogi)
17	Relay-attacker : Utnyttjande av trådlösa bilnycklar Marklind, Anton, Marklind, Simon January 2019 (has links) Bilen är en av de saker som många människor använder dagligenoch för att underlätta användandet kommer det hela tiden nya funk-tioner som underlättar användandet. Ett exempel är trådlösa nycklar.Många moderna bilar använder en teknik som kallas för “keyless” vilketinnebär att bilnycklarna under intervaller sänder ut radiosignaler. Detger en möjlighet att inte behöva hålla i nyckeln när bilen ska användasoch bilägaren har det lättare att öppna bilen och lasta in saker, utanatt aktivt behöva använda nycklen.Men är det tillräckligt säkert med helt trådlösa nycklar? Signaler-na är öppen för alla som kan avlyssna dem. Signalerna mellan bil ochnyckel skickas trådlöst och obehöriga kan lyssna av innehållet. I dettaprojekt undersöker vi möjligheten att spela in signalen och därefterspela upp den igen i syfte att låsa upp en bil, utan tillgång till denverkliga nyckeln. Vi utför experiment på X fordon, med olika nycklaroch olika signalfrekvenser. Om det är öppet för alla borde det ock-så gå att spela in dessa signaler och sända ut dem med hjälp utaven radiosändare. Det kallas för en relay-attack och där kommer syftetmed detta arbete, nämligen en studie om hur attackerna går till ochhur enkelt det egentligen är att göra dem själva. Samt att ett experi-ment utförs på en mängd olika bilar med olika typer av bilnycklar medvarierande frekvenser. / On a daily basis the car is frequently used, and a lot of people arein need of their cars. New technologies are developed to make it easierfor car owners to unlock the car and drive away without making theeffort of using the car keys. A technology called “keyless” car keys areimplemented in modern cars, the car keys sends out radio frequenciesin an interval on a couple of seconds.But is a complete wireless key system secure enough? The radiosignals are open to whoever wants to listen to them, and that couldhave devastating consequences. If it is open to everyone, then it shouldalso be possible to record these signals and send them out using a radiotransmitter. It’s called a relay attack and the purpose of this report isto get broader perspective of how an attack like that works and howeasy it is to execute the attack. The experiment was performed ondifferent types of cars and their keys with varying frequencies. Relay attacks keyless remote control keys RKE PKES interception Relay-attacker keyless fjärrnycklar RKE PKES avlyssning Information Systems
18	Self-Adaptive Honeypots Coercing and Assessing Attacker Behaviour / Paradigme de pot de miel adaptatif permettant d'étudier et d'évaluer le comportement et compétences des pirates informatiques Wagener, Gérard 22 June 2011 (has links) Les communautés de la sécurité informatique parlent de "pirates informatiques", mais en réalité, très peu est connu au sujet de leurs compétences. Durant la dernière décennie, le nombre d'attaques a augmenté de façon exponentielle et les pots de miels ont été alors introduits afin de recueillir des informations sur les attaquants. Ces pots de miel viennent en des saveurs différentes en fonction de leur potentiel d'interaction. Cette thèse abordera le paradigme des pots de miel adaptatifs pouvant changer leur comportement dans l’intention de tromper les attaquants en dévoilant le plus de renseignements possibles sur eux-mêmes. Plutôt que d'être autorisé simplement pour effectuer des attaques, les attaquants sont confrontés à des interférences stratégiques. En utilisant des critères mesurables, les compétences et les capacités de l'attaquant peuvent être évaluées par des pots de miel adaptatifs. Nous avons modélisé les interactions des attaquants. L'idée clé derrière la modélisation des interactions des attaquants élaborée dans cette thèse est d'utiliser la théorie des jeux pour définir la configuration d'un pot de miel adaptatif. Nous avons utilisé des mécanismes d'apprentissage par renforcement dans le but de trouver le meilleur comportement face à des attaquants. Un pot de miel adaptatif est capable d'adopter des stratégies comportementales au niveau de l’exécution de commandes par l'attaquant. Nos résultats expérimentaux montrent que ces stratégies dépendent des paramètres contextuels qui peuvent ainsi servir pour construire des pots de miel intelligents / Information security communities are always talking about "attackers" but in reality very little is known about their skills.In the last decade the number of attacks has increased exponentially and honeypots were introduced in order to gather information about attackers. Honeypots come in different flavors with respect to their interaction potential. Choosing the best trade-off between attacker freedom and honeypot restrictions is challenging. In this dissertation, we address the issue ofself-adaptive honeypots that can change their behavior and lure attackers into revealing as much information as possible about themselves. Rather than being allowed simply to carry out attacks, attackers are challenged by strategic interference from adaptive honeypots. The observation of the attackers' reactions is particularly interesting and, using derivedmeasurable criteria, the attacker's skills and capabilities can be assessed by the honeypot operator. We formally model the interactions of attackers with a compromised system. The key idea is to leverage game-theoretic concepts to define the configuration and reciprocal actions of high-interaction honeypots. We have also leveraged reinforcement learningmachine learning in order to arrive at the best behavior when facing attackers. Our experimental results show that behavioral strategies are dependent on contextual parameters and can serve as advanced building blocks forintelligent honeypots Sécurité des informations Pot de miel Comportement des pirates informatiques Théorie des jeux Apprentissae par renforcement Information security Honeypots Attacker behaviour Game theory Reinforcement learning 006
19	Domácí násilí jako sociální problém okresu České Budějovice / Domestic violence as a social problem in České Budějovice district ŠÍMOVÁ, Ivana January 2008 (has links) Violence at home, a.k.a. home violence, is a spiraling cycle of brutality committed in private between closely related persons. Such violence can by physical, psychological, sexual, economic or social, with the roles of the attacker and the victim clearly defined and never changing. Anyone can be exposed to home violence, irrespective of her or his social position, education, job, sex, age, religion, or the type of partnership that people live in. Advanced societies have developed a tendency to tackle the issue, and the awareness of the problem has improved. In our country this favorable development is driven primarily by the newly enacted regulations and the keener interest stirred up in the public. The thesis aimed to investigate the general public awareness of home violence within the District of České Budějovice. As followed from the survey, the public living in the District is well aware of the issue. The results showed that as much as 69% of respondents knew about home violence, while the remaining 31% were ignorant of the problem. Hypothesis: Females are better informed about home violence than males - confirmed by comparison between what the women and the men knew about the issue. The difference encountered, however, was just minor. Hypothesis: People living in the District of České Budějovice are not knowledgeable about changes newly passed in Act 135/200 to solve the problem of violence at home - not confirmed. The majority of respondents heard of the Act and were able to specify at least the essential changes it enacted. The change the respondents mentioned most often was the 10 day period of flat-eviction order. It comes as a matter of interest that males were better aware of the Act and could better quote the changes it introduced. Hypothesis: The public accepts as true that home violence is confined to just problem-ridden families - not confirmed. Eighty seven percent of females and 81% of males were convinced that home violence was not limited to only such families. Merely 13% of females and 19% of males believed the home violence was a matter of the problem-ridden families. The survey results showed that the public living in the District of České Budějovice had dropped this myth, i.e. they had not seen the hypothesis as truthful. The thesis can serve as a source of information for the lay public, as a piece of instruction material for the students of the University of South Bohemia, or it could also be given to the Intervention Center to be distributed among the victims of home violence.
20	Reliable Power System Planning and Operations through Robust Optimization Yuan, Wei 16 September 2015 (has links) In this dissertation, we introduce and study robust optimization models and decomposition algorithms in order to deal with the uncertainties such as terrorist attacks, natural disasters, and uncertain demand that are becoming more and more signicant in power systems operation and planning. An optimal power grid hardening problem is presented as a defender-attacker-defender (DAD) sequential game and solved by an exact decomposition algorithm. Network topology control, which is an eective corrective measure in power systems, is then incorporated into the defender-attacker-defender model as a recourse operation for the power system operator after a terrorist attack. Computational results validate the cost-eectiveness of the novel model. In addition, a resilient distribution network planning problem (RDNP) is proposed in order to coordinate the hardening and distributed generation resource placement with the objective of minimizing the distribution system damage under uncertain natural disaster events. A multi-stage and multi-zone based uncertainty set is designed to capture the spatial and temporal dynamics of a natural disaster as an extension to the N-K worst-case network interdiction approach. Finally, a power market day-ahead generation scheduling problem, i.e., robust unit commitment (RUC) problem, that takes account of uncertain demand is analyzed. Improvements have been made in achieving a fast Mixed Integer Programming Network Topology Control Robust Optimization Defender-attacker-defender Model Distribution Network Planning Electrical and Computer Engineering Engineering Industrial Engineering

Search results