Global ETD Search

11	Security Countermeasure Selection as a Constraint Solving Problem Kathem, Aya January 2021 (has links) Network systems often contain vulnerabilities that remain unmitigated in a network for various reasons, such as lack of a patch and limited budget. Adversaries can exploit these existing vulnerabilities through different strategies. The attackers can use the existing vulnerabilities to gain capabilities that will enable them to reach their target goal. This thesis aims to find the most effective defense strategy that can defend against all discovered/known attack scenarios in attempt to secure the system's critical assets. Threat modeling is a well-known technique to find and assess vulnerabilities and threats in the system. Attack graphs are one of the common models used to illustrate and analyze attack scenarios. They provide a logical overview that illustrates how an attacker can combine multiple vulnerabilities to reach a specific part of the system. This project utilizes attack graphs, taking advantage of the causal relationship of their elements to formulate a Constraint Solving Problem, performs a number of analyses to define some constraints and objectives to select the most appropriate actions to be taken by the defender. This is achieved by addressing the security requirements and organization requirements for a given budget. The results show that the selected combination of countermeasures restricts all attack paths presented in the Logical attack graph. The countermeasures are be distributed on the most critical parts of a system and reduce the potential harm for several vulnerabilities rather than provide high protection to a few vulnerabilities. This approach aids in finding the most relevant way to protect system's assets based on the available budget. Logical attack graph Optimization problem Constraint Solving Problems Computer Network Security. Computer Sciences Datavetenskap (datalogi)
12	A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment Pagna Disso, Jules Ferdinand January 2010 (has links) Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes. 004
13	Classificação de conteúdo malicioso baseado em Floresta de Caminhos Ótimos / Malicious content classification based on Optimum-path Forest Fernandes, Dheny [UNESP] 19 May 2016 (has links) Submitted by DHENY FERNANDES null (dfernandes@fc.unesp.br) on 2016-06-15T17:19:42Z No. of bitstreams: 1 Dissertação.pdf: 1456402 bytes, checksum: 56f028f949d37b33c377e1c247b0fd43 (MD5) / Approved for entry into archive by Ana Paula Grisoto (grisotoana@reitoria.unesp.br) on 2016-06-21T17:18:53Z (GMT) No. of bitstreams: 1 fernandes_d_me_bauru.pdf: 1456402 bytes, checksum: 56f028f949d37b33c377e1c247b0fd43 (MD5) / Made available in DSpace on 2016-06-21T17:18:53Z (GMT). No. of bitstreams: 1 fernandes_d_me_bauru.pdf: 1456402 bytes, checksum: 56f028f949d37b33c377e1c247b0fd43 (MD5) Previous issue date: 2016-05-19 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES) / O advento da Internet trouxe amplos benefícios nas áreas de comunicação, entretenimento, compras, relações sociais, entre outras. Entretanto, várias ameaças começaram a surgir nesse cenário, levando pesquisadores a criar ferramentas para lidar com elas. Spam, malwares, con- teúdos maliciosos, pishing, fraudes e falsas URLs são exemplos de ameaças. Em contrapartida, sistemas antivírus, firewalls e sistemas de detecção e prevenção de intrusão são exemplos de ferramentas de combate às tais ameaças. Principalmente a partir de 2010, encabeçado pelo malware Stuxnet, as ameaças tornaram-se muito mais complexas e persistentes, fazendo com que as ferramentas até então utilizadas se tornassem obsoletas. O motivo é que tais ferra- mentas, baseadas em assinaturas e anomalias, não conseguem acompanhar tanto a velocidade de desenvolvimento das ameaças quanto sua complexidade. Desde então, pesquisadores têm voltado suas atenções a métodos mais eficazes para se combater ciberameaças. Nesse contexto, algoritmos de aprendizagem de máquina estão sendo explorados na busca por soluções que analisem em tempo real ameaças provenientes da internet. Assim sendo, este trabalho tem como objetivo analisar o desempenho dos classificadores baseados em Floresta de Caminhos Ótimos, do inglês Optimum-path Forest (OPF), comparando-os com os demais classificadores do estado-da-arte. Para tanto, serão analisados dois métodos de extração de características: um baseado em tokens e o outro baseado em Ngrams, sendo N igual a 3. De maneira geral, o OPF mais se destacou no não bloqueio de mensagens legítimas e no tempo de treinamento. Em algumas bases a quantidade de spam corretamente classificada também foi alta. A versão do OPF que utiliza grafo completo foi melhor, apesar de que em alguns casos a versão com grafo knn se sobressaiu. Devido às exigências atuais em questões de segurança, o OPF, pelo seu rápido tempo de treinamento, pode ser melhorado em sua eficácia visando uma aplicação real. Em relação aos métodos de extração de características, 3gram foi superior, melhorando os resultados obtidos pelo OPF. / The advent of Internet has brought widespread benefits in the areas of communication, entertainment, shopping, social relations, among others. However, several threats began to emerge in this scenario, leading researchers to create tools to deal with them. Spam, malware, malicious content, phishing, fraud and false URLs are some examples of these threats. In contrast, anti-virus systems, firewalls and intrusion detection and prevention systems are examples of tools to combat such threats. Especially since 2010, headed by the Stuxnet malware, threats have become more complex and persistent, making the tools previously used became obsolete. The reason is that such tools based on signatures and anomalies can not follow both the speed of development of the threats and their complexity. Since then, researchers have turned their attention to more effective methods to combat cyber threats. In this context, machine learning algorithms are being exploited in the search for solutions to analyze real-time threats from the internet. Therefore, this study aims to analyze the performance of classifiers based on Optimum-path Forest, OPF, comparing them with the other state-of-the-art classifiers. To do so, two features extraction methods will be analyzed: one based on tokens and other based on Ngrams, considering N equal 3. Overall, OPF stood out in not blocking legitimate messages and training time. In some bases the amount of spam classified correctly was high as well. The version that uses complete graph was better, although in some cases the version that makes use of knn graph outperformed it. Due to the current demands on security issues, OPF, considering its fast training time, can be improved in its effectiveness aiming at a real application. In relation to feature extraction methods, 3gram was better, improving OPF’s results. Segurança em redes de computadores Floresta de Caminhos Ótimos Spam Classificação Aprendizado de máquina Computer network security Optimum-path Forest Classification Machine learning
14	Policy Viewer : ferramenta para visualização de politicas de segurança em grafos / Policy Viewer: a tool for security policy visualization using graphs Kropiwiec, Diogo Ditzel 23 March 2005 (has links) Orientador: Paulo Licio de Geus / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-04T19:10:45Z (GMT). No. of bitstreams: 1 Kropiwiec_DiogoDitzel_M.pdf: 1443116 bytes, checksum: e21c7e873f831958ffc9ce27db574054 (MD5) Previous issue date: 2005 / Resumo: A Internet trouxe grandes benefícios às organizações e usuários de computadores, porém causou também uma maior exposição dos sistemas computacionais interligados em rede. Inúmeros têm sido os esforços para conter o crescente aumento dos ataques que ocorrem no mundo todo, dentre os quais inclui-se o desenvolvimento de sistemas operacionais mais seguros. Entretanto, a adoção desses sistemas ainda é incipiente, devido a várias dificul-dades envolvidas no processo, dentre as quais destaca-se a complexidade de configuração e gerenciamento de políticas de segurança. Nesta dissertação, são apresentados os aspectos estudados durante o desenvolvimento do mestrado, que permitiram a identificação dos problemas atuais associados a segu-rança de sistemas operacionais e políticas de segurança. Isso resultou no projeto e imple-mentação do Policy Viewer, uma ferramenta de visualização de políticas de segurança. Sua finalidade é auxiliar o administrador de políticas na compreensão, visualização e verificação das políticas de segurança especificadas para o sistema operacional. Utilizando as características apresentadas no projeto, foi desenvolvida uma imple-mentação parcial da ferramenta contendo um subconjunto das funcionalidades previstas, sobre o qual foram elaborados exemplos para demonstrar sua utilidade no auxilio da configuração de políticas e na identificação de problemas da política especificada / Abstract: The Internet brought great benefits to organizations and computer users, but has also caused a larger exposure of the computing systems connected to the network. Countless efforts are being made to contain the increasingly higher leveI of attacks that happen ali over the world, among which stands the development of safer operating systems. Un-fortunately, the adoption of these systems is still incipient, because of several obstacles involved in the processo One of them is the complexity of configuring and managing security policies.This dissertation shows aspects of operating system security and security policies stu-died during the Masters program, leading to the identification of current problems asso-ciated with them. This resulted in the project and implementation of Policy Viewer, a tool for the visualization of security policies. Its purpose is to aid the policy administrator in the comprehension, visualization and validation of operating systems security policies. The tool has been partialiy implemented with a subset of the intended functions, using the features presented in the project. Also, examples are shown to demonstrate its utility toward aiding in the process of policy configuration and in the identification of possible problems of such policies / Mestrado / Mestre em Ciência da Computação Sistemas operacionais (Computadores) Redes de computadores - Administração Computer operating systems Computer network - Security system Computer network - Management
15	A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment. Pagna Disso, Jules F. January 2010 (has links) Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker¿s actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes. Intrusion Detection System (IDS) Visibility of attacks Performance evaluation Snort Computer network security
16	Um sistema de reputação para redes Peer-to-Peer estruturado baseado na reputação de arquivos, com verificação pela reputação dos nos / A structured Peer-to-Peer reputation system based on file reputation, with verification by the nodes reputation Quinellato, Douglas Gielo 13 August 2018 (has links) Orientador: Paulo Licio de Geus / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-13T11:26:28Z (GMT). No. of bitstreams: 1 Quinellato_DouglasGielo_M.pdf: 2170090 bytes, checksum: 70af102166738a9e7bd99af678848faf (MD5) Previous issue date: 2009 / Resumo: As redes P2P ganharam bastante popularidade na ultima decada, consolidando-se como um dos serviços mais populares da internet, provendo uma arquitetura distribuída para o fornecimento de servi¸cos sem a necessidade de um host assumir o papel de servidor. A popularidade trouxe, entretanto, a necessidade de se desenvolver mecanismos para garantir o funcionamento perante os crescentes ataques 'a rede. Com a estabilidade dos algoritmos relacionados ao funcionamento das redes P2P foi possível um aumento no desenvolvimento destes mecanismos de segurança. Nesta dissertação e proposto um sistema de reputação para redes P2P de compartilhamento de arquivos, um mecanismo de seguran¸ca que visa impedir a proliferação de arquivos corrompidos. Tais sistemas funcionam gerenciando as opiniões emitidas pelos nós participantes da rede sobre os serviços prestados pelos outros nós. Estas opiniões podem ser sobre o nó que prestou o serviço ou sobre a qualidade do serviço prestado. As opiniões sobre um mesmo nó ou serviço avaliado são armazenadas e posteriormente agregadas atraves de uma função, formando a reputação destes. O mecanismo proposto baseia-se nas opiniões emitidas sobre a autenticidade os arquivos, utilizando a reputação dos nós para indicar a qualidade da opinião sendo emitida por eles. Essa verificação da qualidade da opinião visa aumentar a confiança na opinião utilizada com a adicão de um nível de verificação por motivos de eficiência, visto que implementar uma rede de confiança inteira é custosa. Foram realizadas simulaçõs para a verificação da eficácia da rede, realizando comparações tanto com uma rede sem nenhum sistema de reputação quanto com outros sistemas de reputação. / Abstract: P2P networks have earned a great deal of popularity over the last decade, consolidating itself as one of the most popular internet service, providing a distributed architecture for the furnishing of services without the need of a centralized server host. However, such popularity brought the necessity for security mechanisms in order to assure the network availability in spite of the attacks on the network. Stability in the algorithms related to the basic operation of the P2P networks made possible the rise on the development of security systems. In this dissertation it's proposed a reputation system for file sharing P2P networks, a security mechanism aimed at lowering the spread of corrupted files in the network. Such systems work by managing the opinions issued by the participants of the network about the received services from the other nodes. These opinions can be about the nodes, or about the quality of the services themselves. Opinions about the same service or node are them joined through the use of a mathematical model (function), calculating their reputation. The proposed reputation system is based on the reputation of the files, using the node reputation as a means to assess the quality of the opinion being issued. This check is made with the purpose of improving trust in the used opinion by adding one level of opinion checking. Only one level is used for efficiency, since implementing a full trust network is expensive. Simulations were used in order to assess the effectiveness of the proposed reputation system. The results are used in comparisons with the same simulation without the use of any reputation system, and with the results of other reputation systems found in the literature. / Mestrado / Segurança de Redes / Mestre em Ciência da Computação Redes estruturadas Computer network security Structured networks
17	HASH STAMP MARKING SCHEME FOR PACKET TRACEBACK NEIMAN, ADAM M. January 2005 (has links) No description available. Computer Science hash message authentication code MAC hash-keyed message authentication HMAC Internet Protocol IP spoofing packet stamping packet marking traceback computer network security denial of service DoS
18	Verificação formal de protocolos de trocas justas utilizando o metodo de espaços de fitas / Formal verification of fair exchange protocols using the strand spaces method Piva, Fabio Rogério, 1982- 13 August 2018 (has links) Orientador: Ricardo Dahab / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-13T10:57:18Z (GMT). No. of bitstreams: 1 Piva_FabioRogerio_M.pdf: 1281624 bytes, checksum: 2d4f949b868d1059e108b1cd79314629 (MD5) Previous issue date: 2009 / Resumo: Os protocolos de trocas justas foram propostos como solução para o problema da troca de itens virtuais, entre duas ou mais entidades, sem que haja a necessidade de confiança entre elas. A popularização da internet criou uma crescente classe de usuários leigos que diariamente participam de transações de troca, como comercio eletrônico (e-commerce), internet banking, redes ponto-a-ponto (P2P), etc. Com tal demanda por justiça, e preciso garantir que os protocolos de trocas justas recebam a mesma atenção acadêmica dedicada aos protocolos clássicos. Neste contexto, fazem-se necessárias diretrizes de projeto, ferramentas de verificação, taxonomias de ataques e quaisquer outros artefatos que possam auxiliar na composição de protocolos sem falhas. Neste trabalho, apresentamos um estudo sobre o problema de trocas justas e o atual estado da arte das soluções propostas, bem como a possibilidade de criar, a partir de técnicas para a verificação formal e detecção de falhas em protocolos clássicos, metodologias para projeto e correção de protocolos de trocas justas. / Abstract: Fair exchange protocols were first proposed as a solution to the problem of exchanging digital items, between two or more entities, without forcing them to trust each other. The popularization of the internet resulted in an increasing amount of lay users, which constantly participate in exchange transactions, such as electronic commerce (ecommerce), internet banking, peer-to-peer networks (P2P), etc. With such demand for fairness, we need to ensure that fair exchange protocols receive the same amount of attention, from academia, as classic protocols do. Within this context, project guideliness are needed, and so are verification tools, taxonomies of attack, and whatever other artifacts that may help correct protocol design. In this work we present a study on the fair exchange problem and the current state-of-the-art of proposed solutions, as well as a discussion on the possibility of building, from currently available formal verification and attack detection techniques for classic protocols, methods for fair exchange protocols design and correction. / Mestrado / Ciência da Computação / Mestre em Ciência da Computação Criptografia Métodos formais (Computação) Redes de computadores - Protocolos Cryptography Strand spaces (Computer Science) Formal methods (Computer Science) Computer network protocols Computer network security
19	Vers une solution de contrôle d’admission sécurisée dans les réseaux mesh sans fil / Towards a secure admission control in a wireless mesh networks Dromard, Juliette 06 December 2013 (has links) Les réseaux mesh sans fil (Wireless Mesh Networks-WMNs) sont des réseaux facilement déployables et à faible coût qui peuvent étendre l’Internet dans des zones où les autres réseaux peuvent difficilement accéder. Cependant, plusieurs problèmes de qualité de service (QoS) et de sécurité freinent le déploiement à grande échelle des WMNs. Dans cette thèse, nous proposons un modèle de contrôle d’admission (CA) et un système de réputation afin d’améliorer les performances du réseau mesh et de le protéger des nœuds malveillants. Notre système de CA vise à assurer la QoS des flux admis dans le réseau en termes de bande passante et de délai tout en maximisant l’utilisation de la capacité du canal. L’idée de notre solution est d’associer au contrôle d’admission une planification de liens afin d’augmenter la bande passante disponible. Nous proposons également un système de réputation ayant pour but de détecter les nœuds malveillants et de limiter les fausses alertes induites par la perte de paquets sur les liens du réseau. L’idée de notre solution est d’utiliser des tests statistiques comparant la perte de paquets sur les liens avec un modèle de perte préétabli. De plus, il comprend un système de surveillance composé de plusieurs modules lui permettant détecter un grand nombre d’attaques. Notre CA et notre système de réputation ont été validés, les résultats montrent qu’ils atteignent tous deux leurs objectifs / Wireless mesh networks (WMNs) are a very attractive new ﬁeld of research. They are low cost, easily deployed and high performance solution to last mile broadband Internet access. However, they have to deal with security and quality of service issues which prevent them from being largely deployed. In order to overcome these problems, we propose in this thesis two solutions: an admission control with links scheduling and a reputation system which detects bad nodes. These solutions have been devised in order to further merge into a secure admission control. Our admission control schedules dynamically the network’s links each time a new flow is accepted in the network. Its goal is to accept only flows which constraints in terms of delay and bandwidth can be respected, increase the network capacity and decrease the packet loss. Our reputation system aims at assigning each node of the network a reputation which value reflects the real behavior of the node. To reach this goal this reputation system is made of a monitoring tool which can watch many types of attacks and consider the packet loss of the network. The evaluations of our solutions show that they both meet their objectives in terms of quality of service and security Contrôle d'admission des connexions Systèmes de communication sans fil Network performance (telecommunication) Wireless communication system Time division multiple access Computer network -- security measures 621 004

Search results