Global ETD Search

411	A 3-DIMENSIONAL UAS FORENSIC INTELLIGENCE-LED TAXONOMY (U-FIT) Fahad Salamh (11023221) 22 July 2021 (has links) Although many counter-drone systems such as drone jammers and anti-drone guns have been implemented, drone incidents are still increasing. These incidents are categorized as deviant act, a criminal act, terrorist act, or an unintentional act (aka system failure). Examples of reported drone incidents are not limited to property damage, but include personal injuries, airport disruption, drug transportation, and terrorist activities. Researchers have examined only drone incidents from a technological perspective. The variance in drone architectures poses many challenges to the current investigation practices, including several operation approaches such as custom commutation links. Therefore, there is a limited research background available that aims to study the intercomponent mapping in unmanned aircraft system (UAS) investigation incorporating three critical investigative domains---behavioral analysis, forensic intelligence (FORINT), and unmanned aerial vehicle (UAV) forensic investigation. The UAS forensic intelligence-led taxonomy (U-FIT) aims to classify the technical, behavioral, and intelligence characteristics of four UAS deviant actions --- including individuals who flew a drone too high, flew a drone close to government buildings, flew a drone over the airfield, and involved in drone collision. The behavioral and threat profiles will include one criminal act (i.e., UAV contraband smugglers). The UAV forensic investigation dimension concentrates on investigative techniques including technical challenges; whereas, the behavioral dimension investigates the behavioral characteristics, distinguishing among UAS deviants and illegal behaviors. Moreover, the U-FIT taxonomy in this study builds on the existing knowledge of current UAS forensic practices to identify patterns that aid in generalizing a UAS forensic intelligence taxonomy. The results of these dimensions supported the proposed UAS forensic intelligence-led taxonomy by demystifying the predicted personality traits to deviant actions and drone smugglers. The score obtained in this study was effective in distinguishing individuals based on certain personality traits. These novel, highly distinguishing features in the behavioral personality of drone users may be of particular importance not only in the field of behavioral psychology but also in law enforcement and intelligence. Human Information Behaviour Computer System Security Data Encryption Networking and Communications UAV remote sensing Cyber Crime Cyber Forensic Incident Response Threat Intelligence Intelligent models personality dimensions Psychology behavior characterization Cybersecurity Drone
412	Bezpečnost práce s elektronickými daty v průmyslových podnicích / Security of Work with Electronic Data in Industrial Enterprises Žáčková, Eliška January 2013 (has links) The aim of this thesis is not only to characterise the key terms related to this field, but also to analyse the possible solutions to the area in a particular industrial enterprise in the Czech Republic by means of a case study which is a reliable method of qualitative research. The thesis is divided into theoretical and practical part. In the theoretical part the terms such as information, electronic data, know-how, enterprise information systems, cybercrime, and cyberterrorism are defined. The practical part drawing on the theoretical part gives a thorough analysis of the initial state of an industrial enterprise in food industry. Furthermore, it deals with the implementation of the ECM (Enterprise Content Management) which is considered a possible solution to the security of work with electronic data in industrial enterprise.
413	L'ingénierie sociale : la prise en compte du facteur humain dans la cybercriminalité / Social engineering : the importance of the human factor in cybercrime Gross, Denise 08 July 2019 (has links) La révolution numérique a favorisé l’apparition d’une nouvelle forme de criminalité : la cybercriminalité. Celle-ci recouvre un grand nombre de faits dont la plupart sont commis à l’aide de stratégies d’ingénierie sociale. Il s’agit d’un vieux phénomène, pourtant mal connu qui, encouragé par l’accroissement de données circulant sur Internet et par le développement de barrières techniques de sécurité, s’est adapté aux caractéristiques de l’univers virtuel pour une exploitation combinée des vulnérabilités « humaines » avec des outils numériques. L’ingénierie sociale transforme les utilisateurs qui deviennent, inconsciemment, facilitateurs des cyberattaques, au point d’être perçus comme le « maillon faible » de la cybersécurité. Les particuliers, les entreprises et les Etats sont tous confrontés au défi de trouver une réponse à ces atteintes. Cependant, les moyens juridiques, techniques, économiques et culturels mis en place semblent encore insuffisants. Loin d’être éradiquée, l’utilisation de l’ingénierie sociale à des fins illicites poursuit son essor. Face au manque d’efficacité de la politique criminelle actuelle, le travail en amont nous apparaît comme une piste à explorer. Savoir anticiper, détecter précocement et réagir promptement face à la délinquance informatique sont alors des questions prioritaires nécessitant une approche plus humaniste, axée sur la prévention et la coopération. Si nous sommes d’accord sur ce qu’il reste à faire, le défi est de trouver le« comment ». / The digital revolution has encouraged the emergence of a new type of criminal activity : cyber-crime. This includes a vast array of activities and offences that often use social engineering techniques. These techniques are old and not widely understood, yet benefit from the increase of data available online and the use of firewalls and other security systems. They have been adapted to work with the Internet and digital technologies in order to exploit the “vulnerabilities” of human psychology. Social engineering targets the user, who often unconsciously, allows access to systems or data, making the user the weakest link in the cyber-security chain. Individuals, companies and governments are all facing the same challenge in trying to solve these issues, utilising current legal, financial, technological and social resources which seem to be insufficient. Far from being eradicated, fraudulent activities that use social engineering continue to increase in prevalence. The inefficiency of current judicial polices forces us to consider alternative strategies upstream. Being proactive, predicting early and reacting quickly to computer related crimes should be the priority of a more humanistic approach which is focused on prevention and cooperation. Although one can agree on the approach ; the challenge is to find out how to implement it. Ingénierie sociale Facteur humain Information Manipulation Internet Intelligence économique Cybercriminalité Criminalité organisée Politique criminelle Cybersécurité Social engineering Human factor Data Psychological manipulation Internet Economic intelligence Cybercrime Organized crime Criminal policy Cybersecurity 340
414	Ensemble Classifier Design and Performance Evaluation for Intrusion Detection Using UNSW-NB15 Dataset Zoghi, Zeinab 30 November 2020 (has links) No description available. Mathematics Computer Engineering Computer Science Engineering Statistics UNSW-NB15 Ensemble Learning Ensemble Classification XGBoost Random Forest Balanced Bagging Bagging Boosting Hellinger Distance Elastic Net Sequential Feature Selection Anomaly Detection System Machine Learning Cybersecurity Data Science
415	Practice-Oriented Cybersecurity Training Framework Podila, Laxmi Mounika January 2020 (has links) No description available. Academic Guidance Counseling Computer Engineering Computer Science Curriculum Development Education
416	MIXED-METHODS ANALYSIS OF SOCIAL-ENGINEERING INCIDENTS Grusha Ahluwalia (13029936) 29 April 2023 (has links) <p> </p> <p>The following study is a research thesis on the subject matter of Social Engineering (SE) or Social Engineering Information Security Incidents (SEISI). The research evaluates the common features that can be used to cover a social engineering scenario from the perspectives of all stakeholders, at the individual and organizational level in terms of social engineering Tactics, Techniques, and Procedures (TTP). The research utilizes extensive secondary literary sources for understanding the topic of Social Engineering, highlights the issue of inconsistencies in the existing frameworks on social engineering and, addresses the research gap of availability of reliable dataset on past social engineering incidents by information gathered on the common themes of data reported on these. The study annotates salient features which have been identified in several studies in the past to develop a comprehensive dataset of various social engineering attacks which could be used by both computational and social scientists. The resulting codebook or the features of a social engineering are coded and defined based on Pretext Design Maps as well as industry standards and frameworks like MITRE ATT&CK, MITRE CVE, NIST, etc. Lastly, Psychological Theories of Persuasion like Dr. Cialdini’s principles of persuasion, Elaboration Likelihood Model, and Scherer’s Typology of Affective Emotional States guides the psychological TTPs of social engineering evaluated in this study. </p> Digital forensics Information security management Social psychology Social Engineering attacks Threat Modelling Principles of Influence & Persuasion MITRE ATT&CK framework
417	DEEP LEARNING FOR SECURING CRITICAL INFRASTRUCTURE WITH THE EMPHASIS ON POWER SYSTEMS AND WIRELESS COMMUNICATION Gihan janith mendis Imbulgoda liyangahawatte (10488467) 27 April 2023 (has links) <p><em>Imbulgoda Liyangahawatte, Gihan Janith Mendis Ph.D., Purdue University, May</em></p> <p><em>2023. Deep learning for securing critical infrastructure with the emphasis on power</em></p> <p><em>systems and wireless communication. Major Professor: Dr. Jin Kocsis.</em></p> <p><br></p> <p><em>Critical infrastructures, such as power systems and communication</em></p> <p><em>infrastructures, are of paramount importance to the welfare and prosperity of</em></p> <p><em>modern societies. Therefore, critical infrastructures have a high vulnerability to</em></p> <p><em>attacks from adverse parties. Subsequent to the advancement of cyber technologies,</em></p> <p><em>such as information technology, embedded systems, high-speed connectivity, and</em></p> <p><em>real-time data processing, the physical processes of critical infrastructures are often</em></p> <p><em>monitored and controlled through cyber systems. Therefore, modern critical</em></p> <p><em>infrastructures are often viewed as cyber-physical systems (CPSs). Incorporating</em></p> <p><em>cyber elements into physical processes increases efficiency and control. However, it</em></p> <p><em>also increases the vulnerability of the systems to potential cybersecurity threats. In</em></p> <p><em>addition to cyber-level attacks, attacks on the cyber-physical interface, such as the</em></p> <p><em>corruption of sensing data to manipulate physical operations, can exploit</em></p> <p><em>vulnerabilities in CPSs. Research on data-driven security methods for such attacks,</em></p> <p><em>focusing on applications related to electrical power and wireless communication</em></p> <p><em>critical infrastructure CPSs, are presented in this dissertation. As security methods</em></p> <p><em>for electrical power systems, deep learning approaches were proposed to detect</em></p> <p><em>adversarial sensor signals targeting smart grids and more electric aircraft.</em></p> <p><em>Considering the security of wireless communication systems, deep learning solutions</em></p> <p><em>were proposed as an intelligent spectrum sensing approach and as a primary user</em></p> <p><em>emulation (PUE) attacks detection method on the wideband spectrum. The recent</em></p> <p><em>abundance of micro-UASs can enable the use of weaponized micro-UASs to conduct</em></p> <p><em>physical attacks on critical infrastructures. As a solution for this, the radio</em></p> <p><em>frequency (RF) signal-analyzing deep learning method developed for spectrum</em></p> <p><em>sensing was adopted to realize an intelligent radar system for micro-UAS detection.</em></p> <p><em>This intelligent radar can be used to provide protection against micro-UAS-based</em></p> <p><em>physical attacks on critical infrastructures.</em></p> System and network security Deep learning Deep Learning Cyber-physical system security Wireless Communication System Drone detection radar Power system cybersecurity
418	Cybersäkerhet : Distansarbetets påverkan på cybersäkerhet inom företag Håman, Philip, Kasum, Edin, Klingberg, Olof January 2022 (has links) Digitaliseringen och den konstanta utvecklingen av teknologi i vårt samhälle har medfört många förändringar de senaste åren. I olika områden inom yrkeslivet har rutiner och system behövt uppdaterats för att hålla jämna steg med digitaliseringen. Idag är det inte ovanligt för anställda att arbeta på distans, vanligtvis från sina egna hem. Utöver detta, har Covid-19-pandemin som drabbade världen under 2020, endast utökat och påskyndat processen där företag behöver anpassa sig till denna typ av arbete. Trots att möjligheten att kunna jobba hemifrån reflekterar en modern arbetsplats såväl som ett modernt samhälle, öppnar det även upp frågan om potentiella cyberhot. På grund av detta undersöker nuvarande studie forskningsfrågan: Hur har cybersäkerhet inom företag påverkats av utökat distansarbete? Som avgränsning fokuserar studien specifikt på den finansiella sektorn. Forskningsmetoden som valts ut för studien har varit kvalitativ, i form av primär datainsamling genom semistrukturerade intervjuer som sedan analyserats med hjälp av tematisk analys. Samtliga respondenter arbetar med och har erfarenhet av cybersäkerhet samt har en koppling till finanssektorn. Vidare fokuserar dessa intervjuer på olika aspekter av hur säkerheten inom företag har påverkats av det ökade distansarbetet hemifrån. För att kunna besvara detta, ställdes en rad specifika frågor angående förändringar, kommunikation, cyberhot och utmaningar på grund av distansarbete till respondenterna. Det insamlade och analyserade resultatet visar på att majoriteten av respondenterna anser att jobba hemifrån betyder en ökad mängd förändringar i form av hantering av information, inloggningsrutiner, behörigheter, utrustning och ibland även förändring av IT-infrastrukturen i företagen. Resultaten visar även på hot och utmaningar som kan uppstå vid distansarbete. En slutsats som därmed kan dras från studien är att företagens cybersäkerhet påverkas och hanteras på olika sätt när det kommer till det ökade distansarbetet. Dessa bemöts enligt respondenterna med olika strategier, rutiner och riskminimering. För att vidare minimera cyberhoten vid arbete hemifrån i framtiden, är den generella uppfattningen i studien att företag behöver arbeta förebyggande och utbilda personal i frågan om cybersäkerhet när man inte befinner sig på ordinarie arbetsplats. Trots att respondenterna tillsammans med föregående studier anser att cyberhoten har ökat de senaste åren, håller de med varandra om svårigheten att fastställa om det är ett faktum att de har ökat på grund av just ökat distansarbete. Eftersom det inte alltid rapporteras om hoten som finns mot finanssektorn på grund av anseende- och trovärdighetsskäl, har det varit en utmaning att få tillräckliga svar i de i utförda intervjuerna. / The digitalization and constant development of technology in our society has brought many changes over the last few years. In various areas of the work field, routines and systems have been updated to keep up with the digitalization. Nowadays it is not unusual for employees to be teleworking, most commonly to work from their own homes. On top of that, the global Covid-19-pandemic that hit the world in 2020, has only increased and speeded up the process for companies to adjust to this type of work. Even though being able to work from home reflects a modern workplace as well as society, it does open the question about possible online threats. Therefore, this current study examines the question: How does the increasing teleworking trend affect cybersecurity in organizations? As a demarcation, the study specifically focuses on the financial sector. The research method selected for the study has been of qualitative nature, during which primary data was collected through semi-structured interviews which further were analyzed using thematic analysis. The respondents are all employees and have experience within cybersecurity, related to the financial sector. Furthermore, these interviews focus on different aspects of how the cybersecurity of companies has been affected by the recent increase in teleworking from home. To shed light on the matter, the respondents were asked a specific set of questions regarding changes in; communication, cyber threats and challenges all due to telework. The results gathered and analyzed do show that the majority of the respondents believe that working from home does mean an increased amount of changes in ways of handling information, login-routines, competence, equipment and sometimes even the infrastructure of their IT-systems. Additionally, the results also show threats and challenges that may occur due to increased teleworking, such as larger attack surfaces. Therefore, a conclusion that can be drawn from the study is that there are different ways in which the cybersecurity of companies can be affected by the increasing teleworking trend. According to the respondents, these challenges are met with different strategies, routines and risk minimization. To further minimize future cyberthreats when working from home, the general perception drawn from the study is that companies have to work preventively and as well as educate staff on threats and risks associated with increased teleworking. However, while the respondents and previous studies believe that threats have increased over the last couple of years, they do agree on the difficulty of determining whether it is in fact due to the increased amount of telework. Since the cyberthreats against the financial sector are not always spoken about or reported for reasons of reputation and credibility, there were also respondents who have been hersistant in providing full answers to the interviews. Cybersecurity telework information security cyber threats cyber threat intelligence human factors Covid-19 safety risks Cybersäkerhet distansarbete informationssäkerhet dataintrång underrättelser om cyberhot mänskliga faktorer Covid-19 säkerhetsrisker Computer and Information Sciences Data- och informationsvetenskap Computer Engineering Datorteknik
419	Web Penetration testing : Finding and evaluating vulnerabilities in a web page based on C#, .NET and Episerver Lundquist Amir, Ameena, Khudur, Ivan January 2022 (has links) Today’s society is highly dependent on functional and secure digital resources, to protect users and to deliver different kinds of services. To achieve this, it is important to evaluate the security of such resources, to find vulnerabilities and handle them before they are exploited. This study aimed to see if web applications based on C#, .NET and Episerver had vulnerabilities, by performing different penetration tests and a security audit. The penetration tests utilized were SQL injection, Cross Site Scripting, HTTP request tampering and Directory Traversal attacks. These attacks were performed using Kali Linux and the Burp Suite tool on a specific web application. The results showed that the web application could withstand the penetration tests without disclosing any personal or sensitive information. However, the web application returned many different types of HTTP error status codes, which could potentially reveal areas of interest to a hacker. Furthermore, the security audit showed that it was possible to access the admin page of the web application with nothing more than a username and password. It was also found that having access to the URL of a user’s invoice file was all that was needed to access it. / Dagens samhälle är starkt beroende av funktionella och säkra digitala resurser, för att skydda användare och för att leverera olika typer av tjänster. För att uppnå detta är det viktigt att utvärdera säkerheten för sådana resurser för att hitta sårbarheter och hantera dem innan de utnyttjas. Denna studie syftar till att se om webapplikationer baserade på C#, .NET och Episerver har sårbarheter, genom att utföra olika penetrationstester och genom att göra en säkerhetsgranskning. Penetrationstesterna som användes var SQL-injektion, Cross Site Scripting, HTTP-förfrågningsmanipulering och Directory Traversal-attacker. Dessa attacker utfördes med Kali Linux och Burp Suite-verktygen på en specifik webbapplikation. Resultaten visade att webbapplikationen klarade penetrationstesterna utan att avslöja någon personlig eller känslig information. Webbapplikationen returnerade dock många olika typer av HTTP-felstatuskoder, som potentiellt kan avslöja områden av intresse för en hackare. Vidare visade säkerhetsgranskningen att det var möjligt att komma åt webbapplikationens adminsida med inget annat än ett användarnamn och lösenord. Det visade sig också att allt som behövdes för att komma åt en användares fakturafiler var webbadressen. Ethical hacking Penetration testing Cybersecurity DREAD HTTP HTTPS Episerver Kali Linux Burp Suite SQL injection XSS HTTP Method Tampering Directory Traversal HSTS IDOR Authentication MFA Computer and Information Sciences Data- och informationsvetenskap
420	Enhancing cybersecurity awareness through educational games : design of an adaptive visual novel game Bouzegza, Firdaous 04 1900 (has links) Dans un monde qui est en numérisation constante, la dépendance aux outils technologiques est devenue inévitable. La pandémie de COVID-19 a encore accéléré la tendance vers le travail et l'éducation à distance, entraînant une augmentation de l'activité en ligne et de l'échange de données. Cependant, malgré cette augmentation de l'activité en ligne, le niveau de sensibilisation à la cybersécurité chez un nombre important d'utilisateurs reste insuffisant. De nombreux utilisateurs manquent d'une éducation appropriée en matière de cybersécurité et de confidentialité en ligne et démontrent une compréhension insuffisante de la sensibilité de leurs données. Nous avons mené une enquête auprès de plus de 300 utilisateurs qui a confirmé que le besoin de contenu de meilleure qualité était évident. Les jeux éducatifs ont démontré leur efficacité en tant qu'outils d'enseignement et d'apprentissage, en particulier pour vulgariser des sujets qui nécessitent généralement une connaissance approfondie pour être maîtrisés. Cependant, des défis sont associés quant à la qualité et à l'évaluation des jeux sérieux, car plusieurs aspects de l’amusement sont subjectifs et intangibles. Motivée par le besoin de jeux éducatifs "de haute qualité" améliorés, cette thèse construit une échelle pour affiner les critères mentionnés par l'évaluation des jeux sérieux de Caserman et l'applique à 45 jeux de cybersécurité. L'évaluation a révélé une insuffisance dans les critères de l’amusement, en particulier le manque d'adaptation dynamique. En conséquence, cette étude propose le cadre de jeu de cybersécurité EVNAG (Educational Visual Novel Adaptive Game), qui s'articule autour de l'adaptation dynamique de la difficulté comme solution à ce problème. Inspiré par cette architecture, le roman visuel de cybersécurité "Grown-Up Blues" a été implémenté. La thèse contribue au corpus croissant de recherches sur les jeux éducatifs en cybersécurité et fournit des idées pour concevoir des jeux éducatifs efficaces qui améliorent l'éducation en matière de cybersécurité. / In a world that continues to be increasingly digitalized, the dependency on technological tools has become unavoidable. The COVID-19 pandemic has further accelerated the trend towards remote work and education, leading to an increase in online activity and data exchange. However, despite this surge in online activity, the level of cybersecurity awareness among a significant number of users remains inadequate. Many users lack proper education on cybersecurity and online privacy and demonstrate a lack of understanding of the sensitivity of their data. A survey we conducted on more than 300 users confirmed that the need for more quality content was blatant. Educational games have demonstrated their effectiveness as teaching and learning tools, particularly in vulgarizing topics generally requiring in-depth knowledge to master. However, challenges are associated with the quality and assessment of serious games, as multiple aspects of game enjoyment are subjective and intangible. Motivated by the need for improved “high quality” educational games, this thesis builds a scale to refine the criteria mentioned by Caserman’s assessment of serious games and applies that to 45 cybersecurity games. The assessment indicated a deficiency in the enjoyment criteria, specifically the lack of dynamic adaptation. As a result, this study proposes the EVNAG (Educational Visual Novel Adaptive Game) cybersecurity game framework, which centers on Dynamic Difficulty Adaptation as a solution to this issue. Inspired by this architecture, the cybersecurity visual novel “Grown-Up Blues” was implemented. The thesis contributes to the growing body of research on educational games in cybersecurity and provides insights for designing effective educational games that enhance cybersecurity education. Educational Games Serious Games Cybersecurity Awareness Caserman's quality criteria Nudges Game Design Visual Novel Theoretical Framework Jeux éducatifs Jeux Sérieux Sensibilisation à la Cybersecurité Cybersécurité Cadre Théorique Design de Jeux

Search results