Evaluating the Effects of Denial-of-Service Attacks from IoT Devices

Lernefalk, Marcus

January 2021

Internet växer idag konstant och det förväntas finnas fler än 50 miljarder enheter anslutna till internet efter år 2020. Flertalet av dessa enheter kommer vara små, inbäddade enheter som är anslutna och kommunicerar via Internet of Things. Att försäkra att dessa enheter är säkra och skyddade från obehörig åtkomst har varit något som väckt oro ända sedan så kallade botnets visat sig kapabla till att ta över och utnyttja hundratusentals Internet of Things anslutna enheter för att utföra Distributed Denial-of-Service attacker. Målet med denna studie har varit att ställa frågan samt svara på hur stor påverkan Internet of Things enheter har när de utnyttjas för att utföra en Distributed Denial-of-Service attack i ett lokalt trådlöst nätverk. För att besvara denna fråga har denna avhandling forskat kring områden som rör cybersäkerhet, Internet of Things, samt metoder för att utföra Distributed Denial-of-Service attacker. Denna studie har implementerat ett scenario som mäter påverkan vid en Distributed Denial-of-Service attack när upp till sex emulerade Internet of Things enheter som attackerar en ensam offerdator via TCP, UDP och HTTP flood metoder i ett lokalt nätverk. Flertalet test har utförts samt analyserats. Resultatet från denna studie presenteras och jämförs vilket visar att offerdatorn är relativt kapabel till att försvara sig mot TCP och HTTP floods med upp till sex Internet of Things enheter vid respektive attack.  Det implementerade scenariot och metoden är huruvida kapabel till att tungt överbelasta offerdatorn när UDP flood används för samtliga sex Internet of Things enheter. / The internet is constantly growing, we are expecting there to be more than 50 billion devices on the internet past 2020. Many of these devices will be small, embedded devices connected and communicating using the Internet of Things. Keeping these devices secure and protected from unauthorized access has been a raising concern in part due to botnets that have proven capable of exploiting hundreds of thousands of Internet of Things devices to carry out Distributed Denial-of-Service attacks in the past. The objective of this study has been to answer how big of an impact compromised IoT devices might have when exploited to carry out a Distributed Denial-of-Service attack in a Wireless Local Area Network. To answer this question this thesis has done research in the fields concerning cyber-security, the Internet of Things, and methods of distributing Denial-of-Service attacks. This study implements a scenario that measures the impact of a Distributed Denial-of-Service attack utilizing up to six emulated IoT devices that attack a single victim computer using a TCP, UDP or HTTP flood. Several tests have been performed and analyzed. The results from this work are presented and compared and shows that the victim computer is relatively capable of mitigating and defending against the TCP and HTTP flood with up to six utilized IoT devices in each attack. In the implemented scenario and method are however capable of heavily congesting and overwhelming a single victim computer when utilizing a UDP flood with all six IoT devices simultaneously attacking.

IoT

DoS

DDoS

LOIC

Botnets

Cyber-security

Software Engineering

Programvaruteknik

AI-driven Techniques for Malware and Malicious Code Detection

Hou, Shifu

26 August 2022

No description available.

Computer Science

Towards An Enterprise Self-healing System against Botnets Attacks

Alhomoud, Adeeb M., Awan, Irfan U., Pagna Disso, Jules F.

05 1900

no / Protecting against cyber attacks is no longer a problem of organizations and home users only. Cyber security programs are now a priority of most governments. Cyber criminals have been using botnets to gain control over millions of computer, steel information and commit other malicious activities. In this paper we propose a self-healing architecture that was originally inspired from a nature paradigm and applied in the computer field. Our solution is designed to work within a network domain. We present the initial design of our solution based on the principles of self healing systems and the analysis of botnet behaviour. We discuss how to either neutralize or reverse (correct) their actions ensuring that network operations continue without disruption.

A Next Generation Approach to Combating Botnets

Alhomoud, Adeeb M., Awan, Irfan U., Pagna Disso, Jules F., Younas, M.

04 1900

no / As part of a defense-in-depth security solution for domain-controlled enterprise networks, a proposed self-healing system architecture is designed to increase resiliency against botnets with minimal disruption to network services.

A Study On API Security Pentesting

Asemi, Hadi

01 October 2023

Application Programming Interfaces (APIs) are essential in the digital realm as the bridge enabling seamless communication and collaboration between diverse software applications. Their significance lies in simplifying the integration of different systems, allowing them to work together effortlessly and share data. APIs are used in various applications, for example, healthcare, banks, authentication, etc. Ensuring the security of APIs is critical to ensure data security, privacy, and more. Therefore, the security of APIs is not only urgent but mandatory for pentesting APIs at every stage of development and to catch vulnerabilities early. The primary purpose of this research is to provide guidelines to help apply existing tools for reconnaissance and authentication pentesting. To achieve this goal, we first introduce the basics of API and OWASP's Top 10 API security vulnerabilities. Secondly, we propose deployable scripts developed for Ubuntu Debian Systems to install pentesting tools automatically. These scripts allow future students to participate in API security courses and conduct API security pentesting. API security pentesting, regarding reconnaissance and authentication, is discussed based on the configured system. For reconnaissance, passive and active approaches are introduced with different tools for authentication, including password-based authentication brute-forcing, one-time password (OTP) brute-forcing, and JSON web token brute force.

Cyber Security

API Pentesting

Cyber Tools

API

Ethical hacking

The social production of vulnerabilities online : A Tale about digitalised disaster

Nilsson, Emma

January 2023

This thesis aims to display how disastrous events in the cyber domain can be understood to have root causes attributed to non-technical vulnerabilities. The goal is to show the accelerating importance in understanding the cyber domain as any other societal arena. Further, the European Union and reports about the threat landscape from the European Union Agency for Cybersecurity will be analysed. Theoretical assumption from the field of disaster risk reduction about vulnerabilities will be used to understand how vulnerabilities are understood in the empirical material. The first report which was released in the year of 2012 and the most current one from the year of 2022 will be compared to understand patterns and correlations in the development during the last decade. The results shows that the reports have multiple features that can be interpreted as understanding of how events offline relate to threats online. Further the comparison shows that even if superficial factors and their appearance have changed, the underlying vulnerabilities have much in common.

Vulnerabilities

cyber security

disaster risk reduction

prevention

Political Science

Statsvetenskap

A proposed framework that enhances the quality of cyber security audits

Matsikidze, Hezel

23 March 2023

The need to protect information systems or assets remains crucial today. Innovations in technology have led to rapid developments and as technology continues to advance, so is the need to protect information systems. Amongst numerous effects of cyber-attacks on organizations, huge financial losses which in turn affect the economy have since been reported. Cyber security audits need to be strengthened to tighten the protection of information systems. The importance of cybersecurity audits is widely endorsed in literature. Nonetheless, frameworks used to audit cybersecurity are viewed as‘sometimes' weak links to cybersecurity due to their drawbacks in auditing cyber security. A review of literature indicated that cyber-attacks are more rampant in the African continent with the financial sector being the most targeted. Literature also highlighted that the use of relevant frameworks for auditing cyber security improves the quality and effectiveness of audits thereby enhancing cyber security. Studies in information systems have mostly looked at the adoption of frameworks, types of cyber threats and tools needed to audit. Nonetheless, it is important to note that few scholars have examined the applicability and effectiveness of the existing frameworks in auditing cyber security. Furthermore, previous studies emphasize on enhancing cyber security without a particular focus on auditing cyber security including assessing the role of the auditor during the process. As a result, this study looked at cyber security from an auditing perspective with a particular focus on the strengths and weaknesses of the current frameworks that are being used to audit cyber security including. The study also looked at the factors that enhance the effectiveness of cyber security audits. The study draws from different theories, literature and from the strengths and drawbacks of existing frameworks to create an explanatory model. To statistically test and evaluate the model, a quantitative research approach was employed to collect, analyze, and interpret data from South Africa. Data was collected using a questionnaire which was distributed to IT auditors and cyber security professionals from the Information Systems Audit and Control Association (ISACA) South African chapter members. The National Institute of Standards and Technology (NIST) cyber security framework was found to be the widely adopted framework followed by the International Organization for Standardization (ISO) standards, with the Control Objectives for Information Technologies (COBIT) being the least employed framework. The COBIT framework was found to be more aligned to Information Technology governance rather than cyber security. Furthermore, results of this study indicate that effectiveness of cyber security audits is dependent upon competencies of auditors including their ethics and integrity. Results further indicate that frameworks used for auditing are effective to some extent if properly implemented. A proper alignment of an auditor's competencies which include ethics and integrity, and an adoption of a relevant framework will result in effective cyber security audits that reduce the risks of cyber-attacks. Concerning the contribution to practice, results from this study can help organizations to determine and review focus areas of cyber security auditing that they need to emphasize and develop on. Furthermore, the developed model can be used by auditors to develop an audit plan and conduct audits that are effective in identifying, protecting, detecting, preventing, and recovering information systems or assets. The methodological, theoretical, and practical contributions are further discussed in this thesis along with limitations, recommendations, and areas for future research.

Cyber security

Frameworks

IT auditing

Information assets

Information systems

The Effects of Inhibitory Control and Perceptual Attention on Cyber Security

Pearson, Ed

03 May 2019

This dissertation recommends research to investigate the effects inhibitory control and perceptual attention have on the cyber security decision-making process. Understanding the effects that inhibitory control and perceptual attention have on the security decision- making process will allow for better defenses to be developed against social engineering and phishing. A survey and review of previous research in the area of Human Computer- Interaction and Security is presented. An experiment is performed to evaluate inhibitory control, which is composed of prepotent response inhibition, resistance to distractor interference, and resistance to proactive interference (PI). Additionally, the experiment evaluates perceptual attention and the security decision-making process.

information security

security icons

cyber security knowledge

security indicators

Prevention of cybercrimes in smart cities of India: from a citizen's perspective

Chatterjee, S., Kar, A.K., Dwivedi, Y.K., Kizgin, Hatice

07 October 2019

Yes / Purpose: The purpose of this paper is to identify the factors influencing the citizens of India to prevent cybercrimes in the proposed Smart Cities of India. Design/methodology/approach: A conceptual model has been developed for identifying factors preventing cybercrimes. The conceptual model was validated empirically with a sample size of 315 participants from India. Data were analyzed using structural equation modeling with SPSS and AMOS softwares. Findings: The study reveals that the “awareness of cybercrimes” significantly influences the actual usage of technology to prevent cybercrimes in Smart Cities of India. The study reveals that government initiative (GI) and legal awareness are less influential in spreading of the awareness of cybercrimes (AOC) to the citizens of the proposed smart cities. Research limitations/implications: The conceptual model utilizes two constructs from the technology adoption model, namely, perceived usefulness and ease of use. The study employs other factors such as social media, word of mouth, GIs, legal awareness and organizations constituting entities spreading awareness from different related literature works. Thereby, a comprehensive theoretical conceptual model has been proposed which helps to identify the factors that may help in preventing cybercrimes. Practical implications: This study provides an insight to the policy maker to understand several factors influencing the AOC of the citizens of the proposed Smart Cities of India for the prevention of cybercrimes. Originality/value: There are few existing studies analyzing the effect of AOC to mitigate cybercrimes. Thus, this study offers a novel contribution.

Smart city

Cyber security

Digital services

Cyber-infrastructure

Open-Source Testbed to Evaluate the Cybersecurity of Phasor Measurement Units

Zimmermann, Markus Kenneth

22 June 2022

The Phasor Measurement Unit provides clear data for ease of grid visibility. A major component of the device is the Global Positioning System (GPS) for time synchronization across the board. However, this device has become more susceptible to cyber-attacks such as spoofing. This paper constructs an opensource testbed for the playback of PMU data and testing of cyberattacks on PMUs. Using a local GPS device to simulate what is done in the PMU, MATLAB for data conversion, and Linux operating system running on Ubuntu, the simulator can be constructed. The spoofing attack is done by adding a phase shift of the incoming data to simulate that the data is coming from a different time stamp and shifts between the original. Finally, it is all brought together by viewing the output in an open source Phasor Data Concentrator (PDC) to validate the process. / Master of Science / To monitor the bulk electrical grid, devices used to calculate at what level the grid is at and what point in time as well. These devices that are called Phasor Measurement Units and send this data to the control center for engineers to process and make decisions. Within each device is a Global Positioning System (GPS) to tell which device is sending data and at what time. The GPS device is what is susceptible to be entered by malicious individuals. To better prepare and prevent this, a testbed would be a good solution to test if the preventative measure works. However, the best of the best costs too much money, so the next best solution is an open source test bed that could be implemented anyway. The work in this paper constructs an opensource testbed and simulates a full GPS spoofing attack.

Phasor Measurement Unit (PMU)

Cyber-security

GPS Spoofing