Global ETD Search

161	Zvýšení bezpečnostního povědomí ve společnosti / Increasing security awareness in the company Novák, Petr January 2021 (has links) The master’s thesis is focused on increasing security awareness in the company. The first chapter contains the theoretical background, which is necessary for creating a security education system. The second chapter deals with the analysis of the current situation, which is needed for determinating the need to increase security awareness. The third and last chapter contains the design of the education system itself.
162	A Hacker-Centric Perspective to Empower Cyber Defense January 2020 (has links) abstract: Malicious hackers utilize the World Wide Web to share knowledge. Previous work has demonstrated that information mined from online hacking communities can be used as precursors to cyber-attacks. In a threatening scenario, where security alert systems are facing high false positive rates, understanding the people behind cyber incidents can help reduce the risk of attacks. However, the rapidly evolving nature of those communities leads to limitations still largely unexplored, such as: who are the skilled and influential individuals forming those groups, how they self-organize along the lines of technical expertise, how ideas propagate within them, and which internal patterns can signal imminent cyber offensives? In this dissertation, I have studied four key parts of this complex problem set. Initially, I leverage content, social network, and seniority analysis to mine key-hackers on darkweb forums, identifying skilled and influential individuals who are likely to succeed in their cybercriminal goals. Next, as hackers often use Web platforms to advertise and recruit collaborators, I analyze how social influence contributes to user engagement online. On social media, two time constraints are proposed to extend standard influence measures, which increases their correlation with adoption probability and consequently improves hashtag adoption prediction. On darkweb forums, the prediction of where and when hackers will post a message in the near future is accomplished by analyzing their recurrent interactions with other hackers. After that, I demonstrate how vendors of malware and malicious exploits organically form hidden organizations on darkweb marketplaces, obtaining significant consistency across the vendors’ communities extracted using the similarity of their products in different networks. Finally, I predict imminent cyber-attacks correlating malicious hacking activity on darkweb forums with real-world cyber incidents, evidencing how social indicators are crucial for the performance of the proposed model. This research is a hybrid of social network analysis (SNA), machine learning (ML), evolutionary computation (EC), and temporal logic (TL), presenting expressive contributions to empower cyber defense. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020 Computer science Artificial Intelligence Cybersecurity Darkweb Machine Learning Online Hacking Communities Social Network Analysis
163	"More dangerous than guns and tanks" : How cybersecurity is framed by the EU and Sweden Lindvall, Erik January 2020 (has links) The purpose of this thesis is to study the way the European Union and Sweden respectively frame the subject of cybersecurity, to see whether their framing differs and what consequences that may have. In order to study this, the thesis will study the cybersecurity strategies of the European Union and Sweden through a discourse analysis according to the Copenhagen school’s theory of securitization. The purpose is to see what the two actors define as the object that needs to be secured, what threatens said object and what measures should be taken to secure it. To study the cybersecurity strategies, data will be gathered from the European Union’s Cybersecurity Act of 2019 and Sweden’s six cybersecurity priorities, alongside other policy papers deemed relevant. The two points will then be compared in order to see how the framing align or contrast, to see what consequences that may bring. Cybersecurity cyberattacks cyberthreats cyberspace European Union Sweden securitization discourse analysis Political Science Statsvetenskap
164	Explainable Neural Networks based Anomaly Detection for Cyber-Physical Systems Amarasinghe, Kasun 01 January 2019 (has links) Cyber-Physical Systems (CPSs) are the core of modern critical infrastructure (e.g. power-grids) and securing them is of paramount importance. Anomaly detection in data is crucial for CPS security. While Artificial Neural Networks (ANNs) are strong candidates for the task, they are seldom deployed in safety-critical domains due to the perception that ANNs are black-boxes. Therefore, to leverage ANNs in CPSs, cracking open the black box through explanation is essential. The main objective of this dissertation is developing explainable ANN-based Anomaly Detection Systems for Cyber-Physical Systems (CP-ADS). The main objective was broken down into three sub-objectives: 1) Identifying key-requirements that an explainable CP-ADS should satisfy, 2) Developing supervised ANN-based explainable CP-ADSs, 3) Developing unsupervised ANN-based explainable CP-ADSs. In achieving those objectives, this dissertation provides the following contributions: 1) a set of key-requirements that an explainable CP-ADS should satisfy, 2) a methodology for deriving summaries of the knowledge of a trained supervised CP-ADS, 3) a methodology for validating derived summaries, 4) an unsupervised neural network methodology for learning cyber-physical (CP) behavior, 5) a methodology for visually and linguistically explaining the learned CP behavior. All the methods were implemented on real-world and benchmark datasets. The set of key-requirements presented in the first contribution was used to evaluate the performance of the presented methods. The successes and limitations of the presented methods were identified. Furthermore, steps that can be taken to overcome the limitations were proposed. Therefore, this dissertation takes several necessary steps toward developing explainable ANN-based CP-ADS and serves as a framework that can be expanded to develop trustworthy ANN-based CP-ADSs. Explainable Artificial Intelligence Machine Learning Artificial Neural Networks Safety-Critical Systems Cybersecurity Artificial Intelligence and Robotics
165	NATO and Offensive Cybersecurity: A Strategic Analysis / NATO and Offensive Cybersecurity: A Strategic Analysis Lopes Carvalho Viana, André January 2018 (has links) This thesis presents a strategic analysis on the possibility of use of offensive cyber capabilities by NATO in its defensive efforts. There is a vast array of academic literature regarding the strategic value of the use of offensive capabilities in cybersecurity, and NATO's cyber posture, however, there is little available regarding the relationship between both. Through the use of tools borrowed from Strategic Studies, this thesis attempts to determine whether it is possible to formulate valid cybersecurity strategies for the use of offensive cyber capabilities from the combination of known academic concepts with current NATO capabilities. The thesis also analyzes the possible implications of using such strategies as well as the underlying causes of their potential success or failure. Viana, André Lopes C. NATO and Offensive Cybersecurity: A Strategic Analysis, [number of pages]p. Master Thesis. Charles University, Faculty of Social Sciences, Institute of Political Studies. Supervisor PhDr. Vít Střítecký, M.Phil., Ph.D.
166	Blockchain v národní bezpečnosti / Blockchain in National Security Pavliv, Katerina January 2020 (has links) The given work is dedicated to the provision of the evaluation on the effectiveness of Blockchain if applied within national security. The research is done through the summative evaluation approach, which allows to estimate the studied phenomenon in one realm in terms of its level of usefulness and transfer the findings to the framework of the thesis on the basis of the main methodological hypothesis. The research comprises the analysis and evaluation of the Blockchain environment, levels of operation, existing normative clash, the componential issues of the latter, provision of the final perspectives of the potential incorporation of the Blockchain technologies into national security with the discussion on the possible application, benefits of the platform, its social and technical vulnerabilities, and limitations.
167	Är gymnasieskolans digitala säkerhet tillräcklig? : Risk- och sårbarhetsanalys, ur ett informationssäkert perspektiv / Is the Swedish highschooldigital security adequate? : Risk and Vulnerability assesment Rahimi, Farhad, Isufi, Mevlyde January 2020 (has links) This work presents a study of how information security has been implemented in the municipal high school. The study covers applications' resistance to intrusion, hardware security, students & the IT department's overall competence, also requirements for confidentiality in relation to municipal and state guidelines. The study includes field visits that have been carried out at two municipal high schools with technical vulnerabilities in focus. Based on this study, a risk and vulnerability analysis and an action plan for identified risks are presented. Cybersecurity Highschool Phishing Pentesting Vulnerability Cloud Informationssäkerhet Gymnasieskola Sårbarhet Molnet Engineering and Technology Teknik och teknologier
168	Performance of DevOps compared to DevSecOps : DevSecOps pipelines benchmarked! Björnholm, Jimmy January 2020 (has links) This paper examines how adding security tools to a software pipeline affect the build time. Software development is an ever-changing field in a world where computers are trusted with almost everything society does. Meanwhile keeping build time low is crucial, and some aspects of quality assurance have therefore been left on the cutting room floor, security being one of the most vital and time-consuming. The time taken to scan for vulnerabilities has been suggested as a reason for the absence of security tests. By implementing nine different security tools into a generic DevOps pipeline, this paper aimed to examine the build times quantitatively. The tools were selected using the OWASP Top Ten, coupled with an ISO standard, as a guideline. OWASP Juice Shop was used as the testing environment, and the scans managed to find most of the vulnerabilities in the Vulnerable Web Application. The pipeline was set up in Microsoft Azure and was configured in .yaml files. The resulting scan durations show that adding security measures to a build pipeline can add as little as 1/3 of the original build time. Software Engineering Programvaruteknik Computer Engineering Datorteknik
169	Who Watches The Privileged Users Persson, Sebastian January 2020 (has links) Today, companies are spending millions of dollars on cybersecurity, but compromised systems and stealing sensitive information are still huge problems. Protecting sensitive information has always been of vital importance. However, the struggle today is that digital information can be distributed to an endless amount of users, everywhere in the world. Security solutions today focus on role-based access control and "the principle of the least privilege". They can affect the productivity of employees, which is also a key aspect to be considered when it comes to security. Privilege users are the ones that possess the most permissions within a system and are, therefore, a significant risk. This thesis project is focusing on developing a solution that protects against security risks connected to the users with the most privilege. The developed solution resulted in a modular role-based access methodology, also adding the "four-eye principle" (4EP). By introducing an extra shield outside the standard API, sensitive commands sent unwittingly or wittingly by a privileged user can be discovered before compromising a system or leaking sensitive information. Introducing the "four-eye principle" in a secure proxy solution, a "third-party" user approves sensitive commands before reaching the intended system. The solution is developed in JAVA and is adaptable to different organisations by letting the system administrators choose an intended system, which policies of sensitive commands to apply and whom that needs to approve them. The concepts implemented in this prototype can be used in future industrial developments. Information security cybersecurity cyber security access control four-eye principle 4EP Computer and Information Sciences Data- och informationsvetenskap
170	Integrating security into agile software development : A case study on the role of inertia Andersson, Rasmus, Edström, Carl January 2022 (has links) The security directives at Ericsson Group IT have recently been re-worked to apply to modern security requirements. For Ericsson's software development teams developing internal applications, security tools have been implemented into the daily workflow to follow these new directives. Before, security mainly was considered during the reviews and scheduled assessments of the software projects. The goal of these new tools is to add security to every part of the software development process. Security thus adds to the scope of work of the developers at Ericsson Group IT, which has, in the past, evolved from being solely a developer to being responsible for development and operations to development, security and operations. However, adding methods and tools to the developer's workflow can create inertia and friction in daily work. We intend to apply the concept of inertia to agile work practices to examine how small-scale projects are affected when new security tools and methods are introduced and implemented in the agile workflow. Research suggests that linked processes and methods should be put in place to achieve desirable results from the implemented tools and be integrated into the team's agile methodologies. The thesis aims to identify the factors that affect inertia by investigating and analysing the developers' use of methods and tools. As for data collection, a pilot study and a case study were applied to a team at Ericsson Group IT. The data was collected through qualitative surveys conducted on twelve proven factors regarding successfulness in work implementations. The data was then analysed through the Gioia methodology by compiling the collected data into first-order concepts and linking them to familiar second-order themes. These themes were then translated into aggregate dimensions synthesised from the study's theoretical framework. The results showed that several factors affected the change process: personnel training and education, appropriate communication, and adaptability to the change process. These are all factors attributing inertia to the change process, and awareness of these can help mitigate and facilitate a successful change process. Streamlining successful change processes is vital when integrating security as a requirement into an agile software development team. agile inertia cybersecurity security change management Övrig annan teknik

Search results