Global ETD Search

131	Implementing Bayesian Networks for online threat detection Pappaterra, Mauro José January 2018 (has links) Cybersecurity threats have surged in the past decades. Experts agree that conventional security measures will soon not be enough to stop the propagation of more sophisticated and harmful cyberattacks. Recently, there has been a growing interest in mastering the complexity of cybersecurity by adopting methods borrowed from Artificial Intelligence (AI) in order to support automation. Moreover, entire security frameworks, such as DETECT (Decision Triggering Event Composer and Tracker), are designed aimed to the automatic and early detection of threats against systems, by using model analysis and recognising sequences of events and other tropes, inherent to attack patterns. In this project, I concentrate on cybersecurity threat assessment by the translation of Attack Trees (AT) into probabilistic detection models based on Bayesian Networks (BN). I also show how these models can be integrated and dynamically updated as a detection engine in the existing DETECT framework for automated threat detection, hence enabling both offline and online threat assessment. Integration in DETECT is important to allow real-time model execution and evaluation for quantitative threat assessment. Finally, I apply my methodology to some real-world case studies, evaluate models with sample data, perform data sensitivity analyses, then present and discuss the results. Cybersecurity Bayesian Networks Threat Detection Attack Trees DETECT Risk Evaluation Threat Assessment CPS Computer Systems Datorsystem
132	Microservices-based approach for Healthcare Cybersecurity Unknown Date (has links) Healthcare organizations, realizing the potential of the Internet of Things (IoT) technology, are rapidly adopting the technology to bring signi cant improvements in the quality and e ectiveness of the service. However, these smart and interconnected devices can act as a potential \back door" into a hospital's IT network, giving attack- ers access to sensitive information. As a result, cyber-attacks on medical IoT devices have been increasing since the last few years. It is a growing concern for all the stakeholders involved, as the impact of such attacks is not just monetary or privacy loss, but the lives of many patients are also at risk. Considering the various kinds of IoT devices one may nd connected to a hospital's network, traditional host-centric security solutions (e.g. antivirus, software patches) are at odds with realistic IoT infrastructure (e.g. constrained hardware, lack of proper built-in security measures). There is a need for security solutions which consider the challenges of IoT devices like heterogeneity of technology and protocols used, limited resources in terms of battery and computation power, etc. Accordingly, the goals of this thesis have been: (1) to provide an in-depth understanding of vulnerabilities of medical IoT devices; (2) to in- troduce a novel approach which uses a microservices-based framework as an adaptive and agile security solution to address the issue. The thesis focuses on OS Fingerprint- ing attacks because of its signi cance for attackers to understand a target's network. In this thesis, we developed three microservices, each one designed to serve a speci c functionality. Each of these microservices has a small footprint with RAM usage of approximately 50 MB. We also suggest how microservices can be used in a real-life scenario as a software-based security solution to secure a hospital's network consisting of di erent IoT devices. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2018. / FAU Electronic Theses and Dissertations Collection Cybersecurity Healthcare Internet of things--Security measures
133	Détection d'intrusions pour les systèmes de contrôle industriels / Intrusion detection for industrial control systems Koucham, Oualid 12 November 2018 (has links) L’objectif de ce travail de thèse est le développement de techniques de détection d’intrusions et de corrélation d’alertes spécifiques aux systèmes de contrôle industriels (ICS). Cet intérêt est justifié par l’émergence de menaces informatiques visant les ICS, et la nécessité de détecter des attaques ciblées dont le but est de violer les spécifications sur le comportement correct du processus physique.Dans la première partie de nos travaux, nous nous sommes intéressés à l’inférence automatique de spécifications pour les systèmes de contrôle séquentiels et ce à des fins de détection d’intrusions. La particularité des systèmes séquentiels réside dans leur logique de contrôle opérant par étapes discrètes. La détection d’intrusions au sein de ces systèmes a été peu étudiée malgré leur omniprésence dans plusieurs domaines d’application. Dans notre approche, nous avons adopté le formalisme de la logique temporelle linéaire (LTL) et métrique (MTL) permettant de représenter des propriétés temporelles d’ordre qualitatif et quantitatif sur l’état des actionneurs et des capteurs. Un algorithme d’inférence de propriétés a été développé afin d’automatiser la génération des propriétés à partir de motifs de spécifications couvrant les contraintes les plus communes. Cette approche vise à pallier le nombre conséquent de propriétés redondantes inférées par les approches actuelles.Dans la deuxième partie de nos travaux, nous cherchons à combiner l’approche de détection d’intrusions développée dans le premier axe avec des approches de détection d’intrusions classiques. Pour ce faire, nous explorons une approche de corrélation tenant compte des spécificités des systèmes industriels en deux points: (i) l’enrichissement et le prétraitement d’alertes venant de domaines différents (cyber et physique), et (ii) la mise au point d’une politique de sélection d’alertes tenant compte du contexte d’exécution du processus physique. Le premier point part du constat que, dans un système industriel, les alertes qui sont remontées au corrélateur sont caractérisées par des attributs hétérogènes (attributs propres aux domaines cyber et physique). Cependant, les approches de corrélation classiques présupposent une certaine homogénéité entre les alertes. Afin d’y remédier, nous développons une approche d’enrichissement des alertes du domaine physique par des attributs du domaine cyber sur la base d’informations relatives aux protocoles supportés par les contrôleurs et à la distribution des variables du processus au sein des contrôleurs. Le deuxième point concerne le développement d’une politique de sélection d’alertes qui adapte dynamiquement les fenêtres de sélection des alertes selon l’évolution des sous-processus.Les résultats de l’évaluation de nos approches de détection et de corrélation montrent des performances améliorées sur la base de métriques telles que le nombre de propriétés inférées, le taux de réduction des alertes et la complétude des corrélations. / The objective of this thesis is to develop intrusion detection and alert correlation techniques geared towards industrial control systems (ICS). Our interest is driven by the recent surge in cybersecurity incidents targeting ICS, and the necessity to detect targeted attacks which induce incorrect behavior at the level of the physical process.In the first part of this work, we develop an approach to automatically infer specifications over the sequential behavior of ICS. In particular, we rely on specification language formalisms such as linear temporal logic (LTL) and metric temporal logic (MTL) to express temporal properties over the state of the actuators and sensors. We develop an algorithm to automatically infer specifications from a set of specification patterns covering the most recurring properties. In particular, our approach aims at reducing the number of redundant and unfalsifiable properties generated by the existing approaches. To do so, we add a pre-selection stage which allows to restrict the search for valid properties over non redundant portions of the execution traces. We evaluate our approach on a complex physical process steered by several controllers under process oriented attacks. Our results show that a significant reduction in the number of inferred properties is possible while achieving high detection rates.In the second part of this work, we attempt to combine the physical domain intrusion detection approach developed in the first part with more classical cyber domain intrusion detection approaches. In particular, we develop an alert correlation approach which takes into account some specificities of ICS. First, we explore an alert enrichment approach that allows to map physical domain alerts into the cyber domain. This is motivated by the observation that alertscoming from different domains are characterized by heterogeneous attributes which makes any direct comparison of the alerts difficult. Instead, we enrich the physical domain alerts with cyber domain attributes given knowledge about the protocols supported by the controllers and the memory mapping of process variables within the controllers.In this work, we also explore ICS-specific alert selection policies. An alert selection policy defines which alerts will be selected for comparison by the correlator. Classical approaches often rely on sliding, fixed size, temporal windows as a basis for their selection policy. Instead, we argue that given the complex interdependencies between physical subprocesses, agreeing on analert window size is challenging. Instead, we adopt selection policies that adapt to the state of the physical process by dynamically adjusting the size of the alert windows given the state of the subprocesses within the physical process. Our evaluation results show that our correlator achieves better correlation metrics in comparison with classical temporal based approaches. Détection d'intrusions Système de contrôle industriels Cybersécurité Intrusion detection Industrial control systems Cybersecurity 004 620
134	Security and Verification of Unmanned Vehicles James M. Goppert (5929706) 17 January 2019 (has links) This dissertation investigates vulnerabilities in unmanned vehicles and how to successfully detect and counteract them. As we entrust unmanned vehicles with more responsibilities (e.g. fire-fighting, search and rescue, package delivery), it is crucial to ensure their safe operation. These systems often have not been designed to protect against an intelligent attacker or considering all possible interactions between the physical dynamics and the internal logic. Robust control strategies can verify that the system behaves normally under bounded disturbances, and formal verification methods can check that the system logic operates normally under ideal conditions. However, critical vulnerabilities exist in the intersection of these fields that are addressed in this work. Due to the complex nature of this interaction, only trivial examples have previously been pursued. This work focuses on efficient real-time methods for verification and validation of unmanned vehicles under disturbances and cyberattacks. The efficiency of the verification and validation algorithm is necessary to run it onboard an unmanned vehicle, where it can be used for self diagnosis. We begin with simple linear systems and step to more complex examples with non-linearities. During this progression, new methods are developed to cope with the challenges introduced. We also address how to counter the threat of unmanned aerial systems (UASs) under hostile control by developing and testing an estimation and control scheme for an air-to-air counter UAS system.<br> Aerospace Engineering verification validation security UAS UAV cyberattack cybersecurity model checking lyapunov
135	Measuring the State of Indiana's Cybersecurity James E. Lerums (5929946) 16 January 2019 (has links) <p>This dissertation introduces a scorecard to enable the State of Indiana to measure the cybersecurity of its public and private critical infrastructure and key resource sector organizations. The scorecard was designed to be non-threatening and understandable so that even small organizations without cybersecurity expertise can voluntarily self-asses their cybersecurity strength and weaknesses. The scorecard was also intended to enable organizations to learn, so that they may identify and self-correct their cybersecurity vulnerabilities. The scorecard provided quantifiable feedback to enable organizations to benchmark their initial status and measure their future progress.</p><p><br></p><p>Using the scorecard, the Indiana Executive Council for Cybersecurity launched a Pilot to measure cybersecurity of large, medium, and small organizations across eleven critical infrastructure and key resources sectors. This dissertation presents the analysis and results from scorecard data provided by the Pilot group of 56 organizations. The cybersecurity scorecard developed as part of this dissertation has been included in the Indiana Cybersecurity Strategy Plan published September 21, 2018.</p><p></p> Computer System Security Critical Infrastrucure Key Resource Scorecard Evaluation Cybersecurity Strategic Plan
136	Cybersecurity and non-state actors : a historical analogy with mercantile companies, privateers, and pirates Egloff, Florian J. January 2018 (has links) The thesis investigates how the historical analogy to mercantile companies, privateers, and pirates between the 16th and 19th century can elucidate the relationship between non-state actors and states in cyber(in-)security, and how such an application changes our understanding of cyber(in-)security. It contributes to a better integration of non-state actors into the study of cyber(in-)security and international security by clarifying the political challenges raised by the interaction between these players and states. Drawing on the literature of non-state armed actors, the thesis defines a spectrum of state proximity to develop an analytical framework categorizing actors as state, semi-state, and non-state. The historical investigation utilizes primary and secondary sources to explore three periods in British naval history: the late 16th, late 17th, and mid-19th centuries. A comparison of the two security domains - the sea and cyberspace - identifies the pre-18th century periods as the most useful analogues for cyber(in-)security. The thesis evaluates the analogy by conducting empirical case studies. First, the case of the attacks against Estonia (2007) and three criminal court cases against Russian hackers (2014/2017) examine the analogy to pirates and privateers. Second, the analogy to mercantile companies focuses on the attacks against Google (2009), the attacks against Sony Pictures Entertainment (2014), and the collaboration between large technology companies and Five-Eyes signals intelligence agencies. The thesis makes three main claims: first, the analogy to piracy and privateering provides a new understanding of how state proximity is used politically by attackers and defenders, and offers lessons for understanding attribution in cyberspace. Second, the longevity of historical privateering sheds light on the long-term risks and rewards of state collaboration with cyber criminals, and offers insight into the political constitution of cyber(in-)security. Third, the mercantile company lens improves our understanding of how cooperative and conflictive relations between large technology companies and states influence cyber(in-)security. 320
137	A Framework and Exploration of a Cybersecurity Education Escape Room Snyder, Justin Charles 01 July 2018 (has links) This thesis presents a review of educational-escape-room literature followed by a design-oriented framework (the Snyder Escape Room Framework or SERF) and demonstrates the potential efficacy of escape-rooms in cybersecurity education. Several authors have proposed frameworks and guidelines for game and educational design regarding escape rooms. This work coalesces some of those ideas into a more substantial and comprehensive framework (SERF) that designers can use when developing educational escape rooms. The Snyder Escape Room Framework provides heuristics for goals and objectives, players, activities, context, trajectory design, and evaluation. Additionally, this work describes and analyzes the novel prototyped BYU GCC escape room experience and delves into some of what was successful and what could be improved. The first sessions of the experience were observed and documented, and an expert review was performed. Participants did not gain much confidence in learning new technology; however, they did increase their confidence in using new technology through the experience. Participants did indeed learn from the experience, however, participants focused more on team-related concepts gained from the experience rather than the cybersecurity concepts introduced through the escape-room activities. Based on overwhelming positive responses, participants seemed to enjoy performing the experience. The BYU experience is evaluated against the Snyder Framework as an example of how to use the framework while designing or as a tool for evaluating. Using this framework systemizes and catalogues design choices and implications on the room and provides an informed approach for refinement. Applying the Snyder Escape Room Framework to the BYU experience provides further insight beyond just an expert review, and the BYU experience is a novel example to use with SERF. SERF gives a vocabulary and set of heuristics that help designers zero in on important design decisions. Using the framework provides a well-defined set of attributes for discussing the BYU experience and helps clarify what went well with the room and what could be improved upon. This is especially helpful when iterating on room design. The nature of Snyder Framework and this work is that it is multidisciplinary and touches a wide array of related fields and topics. Of note, are the implications of this work on educational games. The SERF can be used as a resource when designing similar experiences while the analysis of the BYU experience based on the SERF provides an example of how the framework can be used for evaluation and iteration. snyder escape room design framework cybersecurity education serf gcc Systems Engineering
138	Comprehending the Safety Paradox and Privacy Concerns with Medical Device Remote Patient Monitoring Doyle, Marc 01 January 2019 (has links) Medical literature identifies a number of technology-driven improvements in disease management such as implantable medical devices (IMDs) that are a standard treatment for candidates with specific diseases. Among patients using implantable cardiac defibrillators (ICD), for example, problems and issues are being discovered faster compared to patients without monitoring, improving safety. What is not known is why patients report not feeling safer, creating a safety paradox, and why patients identify privacy concerns in ICD monitoring. There is a major gap in the literature regarding the factors that contribute to perceived safety and privacy in remote patient monitoring (RPM). To address this gap, the research goal of this study was to provide an interpretive account of the experience of RPM patients. This study investigated two research questions: 1) How did RPM recipients perceive safety concerns?, and 2) How did RPM recipients perceive privacy concerns? To address the research questions, in-depth, semi-structured interviews were conducted with six participants to explore individual perceptions in rich detail using interpretative phenomenological analysis (IPA). Four themes were identified and described based on the analysis of the interviews that include — comfort with perceived risk, control over information, education, and security — emerged from the iterative review and data analysis. Participants expressed comfort with perceived risk, however being scared and anxious were recurrent subordinate themes. The majority of participants expressed negative feelings as a result of an initial traumatic event related to their devices and lived in fear of being shocked in inopportune moments. Most of these concerns stem from lack of information and inadequate education. Uncertainties concerning treatment tends to be common, due to lack of feedback from ICD RPM status. Those who knew others with ICD RPM became worrisome after hearing about incidences of sudden cardiac death (SCD) when the device either failed or did not work adequately to save their friend’s life. Participants also expressed cybersecurity concerns that their ICD might be hacked, maladjusted, manipulated with magnets, or turned off. They believed ICD RPM security was in place but inadequate as well as reported feeling a lack of control over information. Participants expressed wanting the right to be left alone and in most cases wanted to limit others’ access to their information, which in turn, created conflict within families and loved ones. Geolocation was a contentious node in this study, with most of participants reporting they did not want to be tracked under any circumstances. This research was needed because few researchers have explored how people live and interact with these newer and more advanced devices. These findings have implications for practice relating to RPM safety and privacy such as identifying a gap between device companies, practitioners, and participants and provided directions for future research to discover better ways to live with ICD RPM and ICD shock. cybersecurity IPA privacy remote patient monitoring safety security Computer Engineering Computer Sciences Education Engineering
139	La sécurité intérieure européenne. Les rapports entretenus entre le droit et la politique publique / European internal security. The relationship between law and public policy Berthelet, Pierre 28 November 2016 (has links) Le droit joue un rôle majeur dans l’élaboration d’une nouvelle politique de l’Union européenne : la sécurité intérieure. Il lui confère toute sa substance, mais surtout il est, au regard du principe de légalité, la condition et la limite de l’édification de cette politique intervenant dans un domaine sensible pour les États. En retour, le droit subit des fluctuations, conséquences des rapports interinstitutionnels. L’opérationnalité, comme forme de normativité spécifique, est une caractéristique essentielle de cette politique de nature très étatique. Intimement liée au succès de la nouvelle gouvernance dans la construction européenne, elle est la manifestation de nouvelles formes de régulations atypiques qui tendent à pénétrer le droit européen. La méthode communautaire ne disparaît pas pour autant, mais elle est repensée, tout comme le droit de l’Union dit « classique ». Sa rationalité change au fil de son évolution en direction d’un « droit néo-moderne » (C.-A. De Morand). / Law plays a major role in the development of a new policy of the European Union, named the internal security policy. It gives it all its substance, but, in the light of the legality principle, it is the condition and the limit to building this policy in a sensitive area for States. In return, law undergoes fluctuations, consequences of the interinstitutional relations. The operationality, as a form of « light » normativity, is an essential characteristic of this very nature of this state policy. Intimately linked to the success of the new governance in the European construction, the operationality is the manifestation of new forms of atypical regulations that tend to penetrate the European law. The Community method does not disappear, but it is redesigned, as well as the EU « classical » law. Rationality changes throughout its evolution towards a « neo-modern right » (C.-A. De Morand). Union européenne Sécurité intérieure Sécurité nationale Terrorisme Cybersécurité EU Internal security National security Terrorism Cybersecurity 341.242
140	User's Manual for Tardigrade Risk Assessment Shook, Alexis M 18 May 2018 (has links) This user-guide provides instructions for operating Tardigrade 1.1.3, a cybersecurity software for Nollysoft, LLC. This guide instructs users step-by-step on how to set security controls, risk assessments, and administrative maintenance. Tardigrade 1.1.3 is a Risk Assessment Enterprise that evaluates the risk level of corporations and offers solutions to any security gaps within an organization. Tardigrade 1.1.3 is a role-based software that operates through three modules, Cybersecurity Assessment, Internal Control, and Security Requirement Traceability Matrix. manual cybersecurity technicalwriting user-guide software professionalwriting Computer Engineering Rhetoric and Composition Technical and Professional Writing

Search results