- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 41 to 50 of 67 (0.022 seconds)Spelling suggestions: "subject:"botnet"" "subject:"dotnet""
| 41 |
On P2P Networks and P2P-Based Content Discovery on the InternetMemon, Ghulam 17 June 2014 (has links)
The Internet has evolved into a medium centered around content: people watch videos on YouTube, share their pictures via Flickr, and use Facebook to keep in touch with their friends. Yet, the only globally deployed service to discover content - i.e., Domain Name System (DNS) - does not discover content at all; it merely translates domain names into locations. The lack of persistent naming, in particular, makes content discovery, instead of domain discovery, challenging. Content Distribution Networks (CDNs), which augment DNSs with location-awareness, also suffer from the same problem of lack of persistent content names. Recently, several infrastructure- level solutions to this problem have emerged, but their fundamental limitation is that they fail to preserve the autonomy of network participants. Specifically, the storage requirements for resolution within each participant may not be proportional to their capacity. Furthermore, these solutions cannot be incrementally deployed. To the best of our knowledge, content discovery services based on peer-to-peer (P2P) networks are the only ones that support persistent content names. These services also come with the built-in advantage of scalability and deployability. However, P2P networks have been deployed in the real-world only recently, and their real-world characteristics are not well understood. It is important to understand these real-world characteristics in order to improve the performance and propose new designs by identifying the weaknesses of existing designs. In this dissertation, we first propose a novel, lightweight technique for capturing P2P traffic. Using our captured data, we characterize several aspects of P2P networks and draw conclusions about their weaknesses. Next, we create a botnet to demonstrate the lethality of the weaknesses of P2P networks. Finally, we address the weaknesses of P2P systems to design a P2P-based content discovery service, which resolves the drawbacks of existing content discovery systems and can operate at Internet-scale.
This dissertation includes both previously published/unpublished and co-authored material.
|
| 42 |
The Current State of DDoS DefenseNilsson, Sebastian January 2014 (has links)
A DDoS attack is an attempt to bring down a machine connected to the Internet. This is done by having multiple computers repeatedly sending requests to tie up a server making it unable to answer legitimate requests. DDoS attacks are currently one of the biggest security threats on the internet according to security experts. We used a qualitative interview with experts in IT security to gather data to our research. We found that most companies are lacking both in knowledge and in their protection against DDoS attacks. The best way to minimize this threat would be to build a system with redundancy, do a risk analysis and revise security policies. Most of the technologies reviewed were found ineffective because of the massive amount of data amplification attacks can generate. Ingress filtering showed promising results in preventing DDoS attacks by blocking packages with spoofed IP addresses thus preventing amplification attacks.
|
| 43 |
An implementation of a DNS-based malware detection systemFors, Markus, Grahn, Christian January 2010 (has links)
Today’s wide usage of the Internet makes malicious software (malware) and botnets a big problem. While anti-virus software is commonplace today, malware is constantly evolving to remain undetected. Passively monitoring DNS traffic on a network can present a platform for detecting malware on multiple computers at a low cost and low complexity. To explore this avenue for detecting malware we decided it was necessary to design an extensible system where the framework was separate from the actual detection methods. We wanted to divide the system into three parts, one for logging, one for handling modules for detection and one for taking action against suspect traffic. The system we implemented in C collects DNS traffic and processes it with modules that are compiled separately and can be plugged in or out during runtime. Two proof of concept modules have been implemented. One based on a blacklist and one based on geolocation of requested servers. The system is complete to the point of being ready for field testing and implementation of more advanced detection modules.
|
| 44 |
Vyhledávání podobností v síťových bezpečnostních hlášeních / Similarity Search in Network Security AlertsŠtoffa, Imrich January 2020 (has links)
Network monitoring systems generate a high number of alerts reporting on anomalies and suspicious activity of IP addresses. From a huge number of alerts, only a small fraction is high priority and relevant from human evaluation. The rest is likely to be neglected. Assume that by analyzing large sums of these low priority alerts we can discover valuable information, namely, coordinated IP addresses and type of alerts likely to be correlated. This knowledge improves situational awareness in the field of network monitoring and reflects the requirement of security analysts. They need to have at their disposal proper tools for retrieving contextual information about events on the network, to make informed decisions. To validate the assumption new method is introduced to discover groups of coordinated IP addresses that exhibit temporal correlation in the arrival pattern of their events. The method is evaluated on real-world data from a sharing platform that accumulates 2.2 million alerts per day. The results show, that method indeed detected truly correlated groups of IP addresses.
|
| 45 |
Spamming mobile botnet detection using computational intelligenceVural, Ickin January 2013 (has links)
This dissertation explores a new challenge to digital systems posed by the adaptation of mobile
devices and proposes a countermeasure to secure systems against threats to this new digital
ecosystem.
The study provides the reader with background on the topics of spam, Botnets and machine
learning before tackling the issue of mobile spam.
The study presents the reader with a three tier model that uses machine learning techniques to
combat spamming mobile Botnets. The three tier model is then developed into a prototype and
demonstrated to the reader using test scenarios.
Finally, this dissertation critically discusses the advantages of having using the three tier model
to combat spamming Botnets. / Dissertation (MSc)--University of Pretoria, 2013. / gm2014 / Computer Science / unrestricted
|
| 46 |
Scanning and Host Fingerprinting Methods for Command and Control Server DetectionNakamura, Yuki, Åström, Björn January 2021 (has links)
Background. Detecting malware command and control infrastructure has impor-tant applications for protecting against attacks. Much research has focused on thisproblem, but a majority of this research has used traffic monitoring methods fordetection. Objectives. In this thesis we explore methods based on network scanning and active probing, where detection is possible before an attack has begun, in theory resulting in the ability to bring the command and control server down preemptively. Methods. We use network scanning to discover open ports which are then fed into our probing tool for protocol identification and data gathering. Fingerprinting is performed on the open ports and running services of each host.We develop two methods for fingerprinting and classification of hosts. The first method uses a machine learning algorithm over the open ports and probe data, while the other computes distance scores between hosts. We compare these methods to the new but established JARM method for host fingerprinting, as well as to two other simple methods. Results. Our findings suggest that our general active probing method is feasible for use in detecting command and control infrastructure, but that the results vary strongly depending on the malware family, with certain malware families providing much better results than others. Conclusions. We end with discussions on the limitations of our methods and how they can be improved, as well as bring up our opinions on the potential for future work in this area. / Bakgrund. Att kunna upptäcka command-and-control-infrastruktur kopplad till malware har viktiga tillämpningar för syftet att skydda mot attacker. Mycket forskning existerar som fokuserar på detta problem, men en majoritet använder metoder baserade på trafikmonitorering. Syfte. I denna uppsats utforskar vi istället metoder baserade på scanning och probing av nätverk, genom vilka detektering är möjlig innan en attack har ägt rum, med fördelen att en command-and-control-server i teorin kan tas ner förebyggande. Metod. Vi använder nätverks-scanning för att upptäcka öppna portar vilka matas in i vårt probing-verktyg som sedan utför protokoll-identifiering och datainsamling. Vi skapar ett fingeravtryck av varje server från de öppna portarna och de hostade tjänsterna. Två metoder för klassifiering av servrar togs fram. Den första metoden använder en maskininlärningsalgoritm över de öppna portarna och probe-datan, medan den andra beräknar en distans mellan två servrar. Vi jämför dessa metoder med den nya men etablerade JARM-metoden, som tar fram fingeravtryck av servrar från TLS-data, samt med två andra, simplare metoder. Resultat. Våra upptäckter visar att vår metod, som bygger på generell, aktiv probing är möjlig att använda för detektering av command-and-control-infrastruktur, men att resultaten varierar kraftigt beroende på malware-familj, där vissa familjer erbjuder mycket bättre resultat än andra. Slutsatser. Vi avslutar med att diskutera begränsningar i våra metoder och hur dessa kan förbättras, samt tar upp våra åsikter om potentialen för framtida forskning inom detta område.
|
| 47 |
Integrate Model and Instance Based Machine Learning for Network Intrusion DetectionAra, Lena 12 1900 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / In computer networks, the convenient internet access facilitates internet services, but at the same time also augments the spread of malicious software which could represent an attack or unauthorized access. Thereby, making the intrusion detection an important area to explore for detecting these unwanted activities. This thesis concentrates on combining the Model and Instance Based Machine Learning for detecting intrusions through a series of algorithms starting from clustering the similar hosts.
Similar hosts have been found based on the supervised machine learning techniques like Support Vector Machines, Decision Trees and K Nearest Neighbors using our proposed Data Fusion algorithm. Maximal cliques of Graph Theory has been explored to find the clusters. A recursive way is proposed to merge the decision areas of best features. The idea is to implement a combination of model and instance based machine learning and analyze how it performs as compared to a conventional machine learning algorithm like Random Forest for intrusion detection. The system has been evaluated on three datasets by CTU-13. The results show that our proposed method gives better detection rate as compared to traditional methods which might overfit the data.
The research work done in model merging, instance based learning, random forests, data mining and ensemble learning with regards to intrusion detection have been studied and taken as reference.
|
| 48 |
Bezpečnostní systém pro eliminaci útoků na webové aplikace / Security System for Web Application Attacks EliminationVašek, Dominik January 2021 (has links)
Nowadays, botnet attacks that aim to overwhelm the network layer by malformed packets and other means are usually mitigated by hardware intrusion detection systems. Application layer botnet attacks, on the other hand, are still a problem. In case of web applications, these attacks contain legitimate traffic that needs to be processed. If enough bots partake in this attack, it can lead to inaccessibility of services provided and other problems, which in turn can lead to financial loss. In this thesis, we propose a detection and mitigation system that can detect botnet attacks in realtime using statistical approach. This system is divided into several modules that together cooperate on the detection and mitigation. These parts can be further expanded. During the testing phase, the system was able to capture approximately 60% of botnet attacks that often focused on spam, login attacks and also DDoS. The number of false positive addresses is below 5%.
|
| 49 |
Multi-stage attack detection: emerging challenges for wireless networksLefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 03 February 2023 (has links)
Yes / Multi-stage attacks (MSAs) are among the most serious threats in cyberspace today. Criminals target big organisations and government critical infrastructures mainly for financial gain. These attacks are becoming more advanced and stealthier, and thus have capabilities to evade Intrusion Detection Systems (IDSs). As a result, the attack strategies used in the attack render IDSs ineffective, particularly because of new security challenges introduced by some of the key emerging technologies such as 5G wireless networks, cloud computing infrastructure and Internet of Things (IoT), Advanced persistent threats (APTs) and botnet attacks are examples of MSAs, these are serious threats on the Internet. This work analyses recent MSAs, outlines and reveals open issues, challenges and opportunities with existing detection methods.
|
| 50 |
Cross-Device Federated Intrusion Detector For Early Stage Botnet PropagationFamera, Angela Grace 03 January 2023 (has links)
No description available.
|
Page generated in 0.0397 seconds