Global ETD Search

11	The use of Big Data Analytics to protect Critical Information Infrastructures from Cyber-attacks Oseku-Afful, Thomas January 2016 (has links) Unfortunately, cyber-attacks, which are the consequence of our increasing dependence on digital technology, is a phenomenon that we have to live with today. As technology becomes more advanced and complex, so have the types of malware that are used in these cyber-attacks. Currently, targeted cyber-attacks directed at CIIs such as financial institutions and telecom companies are on the rise. A particular group of malware known as APTs, which are used for targeted attacks, are very difficult to detect and prevent due to their sophisticated and stealthy nature. These malwares are able to attack and wreak havoc (in the targeted system) within a matter of seconds; this is very worrying because traditional cyber security defence systems cannot handle these attacks. The solution, as proposed by some in the industry, is the use of BDA systems. However, whilst it appears that BDA has achieved greater success at large companies, little is known about success at smaller companies. Also, there is scarcity of research addressing how BDA is deployed for the purpose of detecting and preventing cyber-attacks on CII. This research examines and discusses the effectiveness of the use of BDA for detecting cyber-attacks and also describes how such a system is deployed. To establish the effectiveness of using a BDA, a survey by questionnaire was conducted. The target audience of the survey were large corporations that were likely to use such systems for cyber security. The research concludes that a BDA system is indeed a powerful and effective tool, and currently the best method for protecting CIIs against the range of stealthy cyber-attacks. Also, a description of how such a system is deployed is abstracted into a model of meaningful practice. Big data big data analytics CII CI APTs cyber-attacks cyber-security
12	Cyber Attacks Detection and Mitigation in SDN Environments January 2018 (has links) abstract: Cyber-systems and networks are the target of different types of cyber-threats and attacks, which are becoming more common, sophisticated, and damaging. Those attacks can vary in the way they are performed. However, there are similar strategies and tactics often used because they are time-proven to be effective. The motivations behind cyber-attacks play an important role in designating how attackers plan and proceed to achieve their goals. Generally, there are three categories of motivation are: political, economical, and socio-cultural motivations. These indicate that to defend against possible attacks in an enterprise environment, it is necessary to consider what makes such an enterprise environment a target. That said, we can understand what threats to consider and how to deploy the right defense system. In other words, detecting an attack depends on the defenders having a clear understanding of why they become targets and what possible attacks they should expect. For instance, attackers may preform Denial of Service (DoS), or even worse Distributed Denial of Service (DDoS), with intention to cause damage to targeted organizations and prevent legitimate users from accessing their services. However, in some cases, attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect data rather than causing damages. Nowadays, not only the variety of attack types and the way they are launched are important. However, advancement in technology is another factor to consider. Over the last decades, we have experienced various new technologies. Obviously, in the beginning, new technologies will have their own limitations before they stand out. There are a number of related technical areas whose understanding is still less than satisfactory, and in which long-term research is needed. On the other hand, these new technologies can boost the advancement of deploying security solutions and countermeasures when they are carefully adapted. That said, Software Defined Networking i(SDN), its related security threats and solutions, and its adaption in enterprise environments bring us new chances to enhance our security solutions. To reach the optimal level of deploying SDN technology in enterprise environments, it is important to consider re-evaluating current deployed security solutions in traditional networks before deploying them to SDN-based infrastructures. Although DDoS attacks are a bit sinister, there are other types of cyber-threats that are very harmful, sophisticated, and intelligent. Thus, current security defense solutions to detect DDoS cannot detect them. These kinds of attacks are complex, persistent, and stealthy, also referred to Advanced Persistent Threats (APTs) which often leverage the bot control and remotely access valuable information. APT uses multiple stages to break into a network. APT is a sort of unseen, continuous and long-term penetrative network and attackers can bypass the existing security detection systems. It can modify and steal the sensitive data as well as specifically cause physical damage the target system. In this dissertation, two cyber-attack motivations are considered: sabotage, where the motive is the destruction; and information theft, where attackers aim to acquire invaluable information (customer info, business information, etc). I deal with two types of attacks (DDoS attacks and APT attacks) where DDoS attacks are classified under sabotage motivation category, and the APT attacks are classified under information theft motivation category. To detect and mitigate each of these attacks, I utilize the ease of programmability in SDN and its great platform for implementation, dynamic topology changes, decentralized network management, and ease of deploying security countermeasures. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2018 Computer science Advanced Persistent Threats Anomaly Detection Cyber Attacks Machine Learning Software Defined Networking Threats Detection
13	European Aviation Crisis Management Ahlin, Katarina, Bredin, Sanna January 2013 (has links) Our aim is to investigate and evaluate the efficiency of crisis management in European aviation, and to recommend enhancements. To fulfill this, we mapped the current crisis management plans and created a fictive scenario where a cyber-attack shut down the power at five of the major airports in Europe. Air traffic in Europe was reconstructed to a chosen day; the 16th of September 2013, and the reconstructed traffic situation was used in the scenario. We also created a model, for the purpose of showing the effect of a cut in time for the steps in the crisis management plan may have on the traffic waiting to depart at the closed airports. When using these means, we could implement the crisis management plans on the fictive scenario and make changes to the plans for a new implementation. The existing crisis management plans were compared to the modified plans made by us, and it was found that usage of a common platform for the different stakeholders involved in the crisis could improve the efficiency of the crisis management. crisis management crisis management plans EACCC delay-minutes cyber-attacks cyber exercises
14	Analysis and Modeling of Services Impacts on System Workload and Performance in Service-based Systems (SBS) January 2012 (has links) abstract: In recent years, service oriented computing (SOC) has become a widely accepted paradigm for the development of distributed applications such as web services, grid computing and cloud computing systems. In service-based systems (SBS), multiple service requests with specific performance requirements make services compete for system resources. IT service providers need to allocate resources to services so the performance requirements of customers can be satisfied. Workload and performance models are required for efficient resource management and service performance assurance in SBS. This dissertation develops two methods to understand and model the cause-effect relations of service-related activities with resources workload and service performance. Part one presents an empirical method that requires the collection of system dynamics data and the application of statistical analyses. The results show that the method is capable to: 1) uncover the impacts of services on resource workload and service performance, 2) identify interaction effects of multiple services running concurrently, 3) gain insights about resource and performance tradeoffs of services, and 4) build service workload and performance models. In part two, the empirical method is used to investigate the impacts of services, security mechanisms and cyber attacks on resources workload and service performance. The information obtained is used to: 1) uncover interaction effects of services, security mechanisms and cyber attacks, 2) identify tradeoffs within limits of system resources, and 3) develop general/specific strategies for system survivability. Finally, part three presents a framework based on the usage profiles of services competing for resources and the resource-sharing schemes. The framework is used to: 1) uncover the impacts of service parameters (e.g. arrival distribution, execution time distribution, priority, workload intensity, scheduling algorithm) on workload and performance, and 2) build service workload and performance models at individual resources. The estimates obtained from service workload and performance models at individual resources can be aggregated to obtain overall estimates of services through multiple system resources. The workload and performance models of services obtained through both methods can be used for the efficient resource management and service performance assurance in SBS. / Dissertation/Thesis / Ph.D. Industrial Engineering 2012 Industrial engineering computer and network services cyber attacks impacts service performance service quality system impacts system survivability
15	Offensive Cyber Operations: An Examination of Their Revolutionary Capabilities Wardle, Madelyn 28 May 2021 (has links) No description available. Political Science International Relations cyber realm cyber attacks offensive cyber operations
16	Detecting Insider and Masquerade Attacks by Identifying Malicious User Behavior and Evaluating Trust in Cloud Computing and IoT Devices Kambhampaty, Krishna Kanth January 2019 (has links) There are a variety of communication mediums or devices for interaction. Users hop from one medium to another frequently. Though the increase in the number of devices brings convenience, it also raises security concerns. Provision of platform to users is as much important as its security. In this dissertation we propose a security approach that captures user behavior for identifying malicious activities. System users exhibit certain behavioral patterns while utilizing the resources. User behaviors such as device location, accessing certain files in a server, using a designated or specific user account etc. If this behavior is captured and compared with normal users’ behavior, anomalies can be detected. In our model, we have identified malicious users and have assigned trust value to each user accessing the system. When a user accesses new files on the servers that have not been previously accessed, accessing multiple accounts from the same device etc., these users are considered suspicious. If this behavior continues, they are categorized as ingenuine. A trust value is assigned to users. This value determines the trustworthiness of a user. Genuine users get higher trust value and ingenuine users get a lower trust value. The range of trust value varies from zero to one, with one being the highest trustworthiness and zero being the lowest. In our model, we have sixteen different features to track user behavior. These features evaluate users’ activities. From the time users’ log in to the system till they log out, users are monitored based on these sixteen features. These features determine whether the user is malicious. For instance, features such as accessing too many accounts, using proxy servers, too many incorrect logins attribute to suspicious activity. Higher the number of these features, more suspicious is the user. More such additional features contribute to lower trust value. Identifying malicious users could prevent and/or mitigate the attacks. This will enable in taking timely action against these users from performing any unauthorized or illegal actions. This could prevent insider and masquerade attacks. This application could be utilized in mobile, cloud and pervasive computing platforms. cloud computing cyber attacks cyber security machine learning network security user behavior trust
17	Evaluation of Tracking Regimes for, and Security of, PLI Systems Taheri, Shayan 01 May 2015 (has links) In the area of computer and network security, due to the insufficiency, high costs, and user-unfriendliness of existing defending methods against a number of cyber attacks, focus for developing new security improvement methods has shifted from the digital to analog domain. In the analog domain, devices are distinguished based on the present variations and characteristics in their physical signals. In fact, each device has unique features in its signal that can be used for identification and monitoring purposes. In this regard, the term physical layer identification (PLI) or device fingerprinting refers to the process of classifying different electronic devices based on their analog identities that are created by employment of signal processing and data analysis methods. Due to the fact that a device behavior undergoes changes due to variations in external and internal conditions, the available PLI techniques might not be able to identify the device reliably. Therefore, a tracking system that is capable of extracting and explaining the present variations in the electrical signals is required to be developed. In order to achieve the best possible tracking system, a number of prediction models are designed using certain statistical techniques. In order to evaluate the performance of these models, models are run on the acquired data from five different fabrications of the same device in four distinct experiments. The results of performance evaluation show that the surrounding temperature of a device is the best option for predicting its signal. The last part of this research project belongs to the security evaluation of a PLI system. The leveraged security examination technique exposes the PLI system to different types of attacks and evaluates its defending strength accordingly. Based on the mechanism of the employed attack in this work, the forged version of a device’s signal is generated using an arbitrary waveform generator (AWG) and is sent to the PLI system. The outcomes of this experiment indicate that the leveraged PLI technique is strong enough in defeating this attack. cyber attacks security improvement Physical Layer Identification PLI tracking system Computer Engineering
18	Event and Intrusion Detection Systems for Cyber-Physical Power Systems Adhikari, Uttam 14 August 2015 (has links) High speed data from Wide Area Measurement Systems (WAMS) with Phasor Measurement Units (PMU) enables real and non-real time monitoring and control of power systems. The information and communication infrastructure used in WAMS efficiently transports information but introduces cyber security vulnerabilities. Adversaries may exploit such vulnerabilities to create cyber-attacks against the electric power grid. Control centers need to be updated to be resilient not only to well-known power system contingencies but also to cyber-attacks. Therefore, a combined event and intrusion detection systems (EIDS) is required that can provide precise classification for optimal response. This dissertation describes a WAMS cyber-physical power system test bed that was developed to generate datasets and perform cyber-physical power system research related to cyber-physical system vulnerabilities, cyber-attack impact studies, and machine learning algorithms for EIDS. The test bed integrates WAMS components with a Real Time Digital Simulator (RTDS) with hardware in the loop (HIL) and includes various sized power systems with a wide variety of implemented power system and cyber-attack scenarios. This work developed a novel data processing and compression method to address the WAMS big data problem. The State Tracking and Extraction Method (STEM) tracks system states from measurements and creates a compressed sequence of states for each observed scenario. Experiments showed STEM reduces data size significantly without losing key event information in the dataset that is useful to train EIDS and classify events. Two EIDS are proposed and evaluated in this dissertation. Non-Nested Generalized Exemplars (NNGE) is a rule based classifier that creates rules in the form of hyperrectangles to classify events. NNGE uses rule generalization to create a model that has high accuracy and fast classification time. Hoeffding adaptive trees (HAT) is a decision tree classifier and uses incremental learning which is suitable for data stream mining. HAT creates decision trees on the fly from limited number of instances, uses low memory, has fast evaluation time, and adapts to concept changes. The experiments showed NNGE and HAT with STEM make effective EIDS that have high classification accuracy, low false positives, low memory usage, and fast classification times. real-time classification data mining Cyber-attacks Scenarios Datasets Test bed
19	Online Analogies: The Legal Uncertainities of Cyberspace : A Study on Cyber Operations and the Jus ad Bellum Munck af Rosenschöld, Henrietta January 2023 (has links) No description available. cyber operations cyber attacks cyberspace international law Law (excluding Law and Society)
20	Survey of ongoing and NextGeneration Cybersecurity of Maritime Communication Systems / Undersökning av dagens och nästa generations cybersäkerhetför sjöfartskommunikationssytem Björnlund, Pontus, Faqiri, Feraidon January 2023 (has links) The maritime industry is growing more and more for every year that passes. As the industry grows it also becomes a more attractive target for cyber criminals. The amount ofcyberattacks in the industry are few, but it is growing at an alarming rate. This literaturestudy identifies the most common datacom systems and infrastructure in the maritimeindustry and their vulnerabilities. This paper also identifies possible solutions and improvements that can be made to existing datacom systems to make them less susceptible tocyber attacks. The results show that there are many solutions that could be implementedthat would increase the cyber security in the industry, but many of them require international cooperation to implement. Therefore standards are suggested to be implemented inorder to push organisations to update their systems. Additionally, this paper delves intothe aviation industry to examine how the datacom infrastructure utilized in the maritimeindustry could be adopted to enhance both efficiency and security Next Generation Cybersecurity Maritime Communication Systems Cyber Attacks Maritime Infrastructure Communication Systems Kommunikationssystem

Search results