Global ETD Search

321	ARL-VIDS visualization techniques : 3D information visualization of network security events Gaw, Tyler J. 03 May 2014 (has links) Government agencies and corporations are growing increasingly reliant on networks for day-to-day operations including communication, data processing, and data storage. As a result, these networks are in a constant state of growth. These burgeoning networks cause the number of network security events requiring investigation to grow exceptionally, creating new problems for network security analysts. The increasing number of attacks propagated against high-value networks only increases the gravity. Therefore, security analysts need assistance to be able to continue to monitor network events at an acceptable rate. Network analysts rely on many different systems and tools to properly secure a network. One line of defense is an intrusion detection system or IDS. Intrusion detection systems monitor networks for suspicious activity and then print alerts to a log file. An important part of effective intrusion detection is finding relationships between network events, which allows for detection of network anomalies. However, network analysts typically monitor these logs in a sparsely formatted view, which simply isn’t effective for large networks. Therefore, a Visual Intrusion Detection System or VIDS is an interesting solution to aid network security analysts in properly securing the networks. The visualization tool takes a log file and represents the alerts on a three-dimensional graph. Previous research shows that humans have an innate ability to match patterns based on visual cues, which we hope will allow network analysts to match patterns between alerts and identify anomalies. In addition, the tool will leverage the user’s intuition and experience to aid intrusion detection by allowing them to manipulate the view of the data. The objective of this thesis is to quantify and measure the effectiveness of this Visual Intrusion Detection System built as an extension to the SNORT open source IDS. The purpose of the visualization is to give network security analysts an alternative view from what traditional network security software provides. This thesis will also explore other features that can be built into a Visual Intrusion Detection System to improve its functionality. / Department of Computer Science Information visualization Snort (Software)
322	Embedded monitors for detecting and preventing intrusions in cryptographic and application protocols. Joglekar, Sachin P. 12 1900 (has links) There are two main approaches for intrusion detection: signature-based and anomaly-based. Signature-based detection employs pattern matching to match attack signatures with observed data making it ideal for detecting known attacks. However, it cannot detect unknown attacks for which there is no signature available. Anomaly-based detection builds a profile of normal system behavior to detect known and unknown attacks as behavioral deviations. However, it has a drawback of a high false alarm rate. In this thesis, we describe our anomaly-based IDS designed for detecting intrusions in cryptographic and application-level protocols. Our system has several unique characteristics, such as the ability to monitor cryptographic protocols and application-level protocols embedded in encrypted sessions, a very lightweight monitoring process, and the ability to react to protocol misuse by modifying protocol response directly. Computer security. Cyberterrorism -- Prevention. Cryptographic protocol intrussion detection anomaly
323	Modeling and analyzing intrusion attempts to a computer network operating in a defense-in-depth posture Givens, Mark Allen 09 1900 (has links) Approved for public release; distribution is unlimited / In order to ensure the confidentially, integrity, and availability of networked resources operating on the Global Information Grid, the Department of Defense has incorporated a "Defense-in-Depth" posture. This posture includes the use of network security mechanisms and does not rely on a single defense for protection. Firewalls, Intrusion Detection Systems (IDS's), Anti-Virus (AV) software, and routers are such tools used. In recent years, computer security discussion groups have included IDS's as one of their most relevant issues. These systems help identify intruders that exploit vulnerabilities associated with operating systems, application software, and computing hardware. When IDS's are utilized on a host computer or network, there are two primary approaches to detecting and / or preventing attacks. Traditional IDS's, like most AV software, rely on known "signatures" to detect attacks. This thesis will focus on the secondary approach: Anomaly or "behavioral based" IDS's look for abnormal patterns of activity on a network to identify suspicious behavior. / Major, United States Marine Corps Computer networks Security measures United States Firewalls (Computer security)
324	Evaluation of two host-based intrusion prevention systems Labbe, Keith G. 06 1900 (has links) Host-based intrusion-prevention systems are recently popular technologies which protect computer systems from malicious attacks. Instead of merely detecting exploits, the systems attempt to prevent the exploits from succeeding on the host they protect. This research explores the threats that have led to the development of these systems and the techniques many use to counter those problems. We then evaluate two current intrusion-prevention products (McAfee Entercept and the Cisco Security Agent) as to their success in preventing exploits. Our tests used live viruses, worms, Trojan horses, and remote exploits which were turned loose on an isolated two-computer network. We make recommendations about deployment of the two products based on the results of our own testing. Computer security Computer networks Security measures Security systems
325	Web-based dissemination system for the Trusted Computing Exemlar [i.e. Exemplar] project Kane, Douglas Robert. 06 1900 (has links) Open dissemination of the Trusted Computing Exemplar (TCX) project is needed. This dissemination must include methods to provide secure web access to project material, integrity verification of data, and group-based access controls. Because previously developed dissemination systems do not meet these requirements, a hybrid web-based dissemination system is necessary. The development of the TCX Dissemination System requirements involved the analysis of assumptions, threats, policies, and security objectives for the system and its environment based on the Common Criteria methodology. The requirements yielded a design specification that included a dissemination application that uses XML capabilities for redaction and preparation of releasable materials. This led to the creation of an initial implementation to satisfy a subset of the TCX dissemination requirements. Future work was identified for a subsequent implementation that fulfills additional project requirements. The complete implementation of the dissemination environment described in this thesis will provide a seamless dissemination interface for the TCX project. The Dissemination System provides an example of how controlled information can be organized and made available on the web. When combined with TCX project results, it supports the assured information sharing objectives of the Department of Defense Global Information Grid vision. / US Navy (USN) author. Computer security Computer networks Security measures Data protection
326	Evaluation of Embedded Firewall System Rumelioglu, Sertac. 03 1900 (has links) The performance aspect and security capabilities of the Embedded Firewall (EFW) system are studied in this thesis. EFW is a host-based, centrally controlled firewall system consisting of network interface cards and the "Policy Server" software. A network consisting of EFW clients and a Policy Server is set up in the Advanced Network Laboratory at the Naval Postgraduate School. The Smartbits packet generator is used to simulate realistic data transfer environment. The evaluation is performed centered on two main categories: performance analysis and security capability tests. TTCP program and a script written in TCL are used to perform throughput and packet loss tests respectively. The penetration and vulnerability tests are conducted in order to analyze the security capabilities of EFW. Symantec Personal Firewall is used as a representative application firewall for comparing test results. Our study shows that EFW has better performance especially in connections with high amounts of encrypted packets and more effective in preventing insider attacks. However, current implementation of EFW has some weaknesses such as not allowing sophisticated rules that application firewalls usually do. We recommend that EFW be used as one of the protection mechanisms in a system based on the defense-in-depth concept that consists of application firewalls, intrusion detection systems and gateway protocols. Firewalls (Computer security) Computer networks Security measures Cyberterrorism
327	A discretionary-mandatory model as applied to network centric warfare and information operations Hestad, Daniel R. 03 1900 (has links) Approved for public release, distribution is unlimited / The concepts of DoD information operations and network centric warfare are still in their infancy. In order to develop concepts, the right conceptual models need to be developed from which to design and implement these concepts. Information operations and network centric warfare are fundamentally based on trust decisions. However, the key to developing these concepts is for DoD to develop the organizational framework from which trust, inside and outside, of an organization may be achieved and used to its advantage. In this thesis, an organizational model is submitted for review to be applied to DoD information systems and operational organizations. / Outstanding Thesis / Lieutenant, United States Navy Trust models network centric warfare Computer security Information operations
328	Using human interactive security protocols to secure payments Chen, Bangdao January 2012 (has links) We investigate using Human Interactive Security Protocols (HISPs) to secure payments. We start our research by conducting extensive investigations into the payment industry. After interacting with different payment companies and banks, we present two case studies: online payment and mobile payment. We show how to adapt HISPs for payments by establishing the reverse authentication method. In order to properly and thoroughly evaluate different payment examples, we establish two attack models which cover the most commonly seen attacks against payments. We then present our own payment solutions which aim at solving the most urgent security threats revealed in our case studies. Demonstration implementations are also made to show our advantages. In the end we show how to extend the use of HISPs into other domains. 005.82
329	Security and efficiency concerns with distributed collaborative networking environments Felker, Keith A. 03 1900 (has links) Approved for public release, distribution unlimited / The progression of technology is continuous and the technology that drives interpersonal communication is not an exception. Recent technology advancements in the areas of multicast, firewalls, encryption techniques, and bandwidth availability have made the next level of interpersonal communication possible. This thesis answers why collaborative environments are important in today's online productivity. In doing so, it gives the reader a comprehensive background in distributed collaborative environments, answers how collaborative environments are employed in the Department of Defense and industry, details the effects network security has on multicast protocols, and compares collaborative solutions with a focus on security. The thesis ends by providing a recommendation for collaborative solutions to be utilized by NPS/DoD type networks. Efficient multicast collaboration, in the framework of security is a secondary focus of this research. As such, it takes security and firewall concerns into consideration while comparing and contrasting both multicast-based and non-multicast-based collaborative solutions. Computer networks Security measures Multicasting (Computer networks) Firewalls (Computer security)
330	Information security awareness in small information technology-dependent business organisations 25 March 2015 (has links) M.A. (Business Management) / Small businesses thrive in the developing economy of South Africa and address the important issue of unemployment and poverty that exist in the country. A large number of these business organisations can be found in the province of Gauteng because of the large and diverse economic contribution the province delivers to the economy of South Africa. With the increased use of technology in the small businesses of Gauteng and South Africa, the risks around cyber-security, information security and other IT-related threats that can harm the businesses increase. As part of the related IT risks comes the information security awareness of the businesses. Research findings show that little to no information security awareness exists in the small IT-dependent business organisations of Gauteng, South Africa. New knowledge has been gained from the information technology uses and information security awareness that exists in small business organisations. This knowledge is specific to the small business organisations of South Africa which places an African context to a global debate of information security awareness. Computer security Internet - Safety measures Small business - Information technology

Search results