Global ETD Search

101	Context-Aware Malware Detection Using Topic Modeling Stegner, Wayne 28 September 2021 (has links) No description available. Computer Engineering Cybersecurity Context-Aware Malware Detection Topic Modeling AI
102	Analyzing Global Cyber Attack Correlates Through an Open Database Aiello, Brady Benjamin 01 June 2018 (has links) (PDF) As humanity becomes more reliant on digital storage and communication for every aspect of life, cyber attacks pose a growing threat. However, cyber attacks are generally understood as individual incidents reported in technological circles, sometimes tied to a particular vulnerability. They are not generally understood through the macroscopic lens of statistical analysis spanning years over several countries and sectors, leaving researchers largely ignorant of the larger trends and correlates between attacks. This is large part due to the lack of a coherent and open database of prominent attacks. Most data about cyber attacks has been captured using a repository of common vulnerabilities and exposures (CVE’s), and \honey pots", unsecured internet-connected devices which record attacks as they occur against them. These approaches help in the process of identifying vulnerabilities, but they do not capture the real world impact these attacks achieve. Therefore, in this thesis I create a database of 4,000 cyber attacks using a semi-open data source, and perform analytical queries on it to gather insights into how cyber attack volume varies among countries and sectors, and the correlates of cyber attack victims. From here, it is also possible to relate socio-economic data such as GDP and World Happiness Index to cyber attack volume. The end result is an open database of cyber attacks that allows researchers to understand the larger underlying forces which propel cyber attacks. cybersecurity cyber attacks socioeconomic political malware Information Security
103	A Methodology to Measure the Impact of Diversity on Cybersecurity Team Effectiveness Cornel, Caralea May 01 August 2019 (has links) In recent years, the definition of cybersecurity professional has been diluted to include more individuals, particularly women, to be included. Depending on the definition used, women currently comprise between 11% and 25% of the cybersecurity workforce. While multiple studies have indicated the benefits to diverse teams, research in the cybersecurity area is lacking.This research proposes a framework that uses a modified escape-the-room gamified scenario to measure the effectiveness of cybersecurity teams in technical problem-solving. The framework presents two routes, incident response and penetration testing, the participants can choose. In a preliminary study, this framework is used to show the combination of gender diversity and prior cybersecurity experience and/or cybersecurity knowledge, particularly in women, are found to be significant in reducing the time taken to solve cybersecurity tasks in the incident response, and penetration testing domains.In conclusion, opportunities for extending this research into a large-scale study are discussed, along with other applications of cybersecurity escape-rooms. gender diversity cybersecurity teams framework effectiveness team effectiveness Engineering Sociology
104	Building Android Malware Detection Architectures using Machine Learning Mathur, Akshay January 2022 (has links) No description available. Computer Science Technology
105	Guardians at the Gate: The Influence of Senior Management on Cybersecurity Culture and Awareness Training : A Qualitative Multiple Case Study Karim, Adam, Törnqvist, Alexandra January 2023 (has links) Background: Organisations are left vulnerable and susceptible to cyber-attacks due to the digitisation of information and dependency on information and communication technologies. As a result, the critical need for organisations to hinder, protect and preserve their cyberspace from multiple threats is emphasised. Due to human error being accountable for most electronic data breaches, a resilient cybersecurity culture is desired. To minimise cybersecurity threats, a human-inclusive strategy must be implemented in the culture and the inclusion and engagement of strong leadership within senior management. Purpose: The purpose of this study is to explore senior management’s role in cybersecurity culture and particularly, its influence on awareness training. Method: The research is based on an interpretivist paradigm and adheres to abductive reasoning. Through the usage of semi-structured interviews and the utilisation of non-probability sampling, qualitative data was produced, and a multiple case study was conducted. Conclusion: Senior management influences the practical implications in the organisation, such as training, as well as the assumptions and beliefs of its employees. Senior management influences the engagement, involvement, and responsibility of protecting and safeguarding the organisation's assets, and how this is reciprocated to the whole organisation. Furthermore, senior management addresses and manages the priority of cybersecurity in the organisation. Thus, employee behaviour and attitude are greatly impacted by senior management engagement and presence, showcasing a positive correlation between senior management influence and employee behaviour and beliefs. Cybersecurity Cybersecuirty Culture Senior Management Awareness Training Business Administration Företagsekonomi
106	A cybersecurity application framework for consumer IoT devices Spaho, Jonilda January 2023 (has links) In recent years, there is an increasing use of smart Internet of Things (IoT) devices in our everyday lives. Cyberattacks on consumer IoT devices are also increasing. IoT certification is an active topic of research with many proposed frameworks for IoT cybersecurity certification and also proposing labels that can be used to represent the security and privacy levels of consumer IoT devices. The research problem that this thesis tried to solve was first, to understand why certification for consumer IoT devices was less used than expected, and second, define robust and complete processes for security and certification on consumer IoT devices, that will be used to broadly raise their security level. From a literature review performed, we became aware that the reason why little progress towards consumer IoT cybersecurity certification is not that research and frameworks do not exist, but there are multiple other responsible factors. Such factors are the lack of a universal cybersecurity framework and the fact that the consumers are not involved in the certification process of the frameworks. The framework that was designed in this thesis project tries to address all of the above factors. Design Science Research (DSR) was used as the methodology for developing and evaluating the artifact of this work, which is a framework that describes how to properly apply and certify cybersecurity on consumer IoT devices, building on top of existing cybersecurity procedures, frameworks and tools. During the design of the framework, further literature searches were performed for identifying important steps that need to be carried out. The framework proposed in this project, does not limit itself to the vendor of such devices as the only involved actor, but consumers and cybersecurity regulating authorities are also involved in the process. The evaluation of the framework showed that, if applied, it could adequately improve the cybersecurity of existing consumer IoT products by detecting and solving all of the common vulnerabilities and security weaknesses, as it was demonstrated on one use case selected. The significance of this work is that it is the first step towards a universal cybersecurity certification for consumer IoT devices. Cybersecurity IoT Framework Security Certification Information Systems
107	Malicious Game Client Detection Using Feature Extraction and Machine Learning Austad, Spencer J. 20 November 2023 (has links) (PDF) Minecraft, the world's best-selling video game, boasts a vast and vibrant community of users who actively develop third-party software for the game. However, it has also garnered notoriety as one of the most malware-infested gaming environments. This poses a unique challenge because Minecraft software has many community-specific nuances that make traditional malware analysis less effective. These differences include unique file types, differing code formats, and lack of standardization in user-generated content analysis. This research looks at Minecraft clients in the two most common formats: Portable Executable and Java Archive file formats. Feature correlation matrices showed that malware features are too complicated to analyze without advanced algorithms. The latest machine learning methods for malware analysis were employed to classify samples based on both behavioral features generated from running samples in a sandbox environment and static features through file-based analysis. A total sample set of 92 files was used and found that Portable Executable and Java Archive files have significantly different feature sets that are important for malware identification. This study was able to successfully classify 77.8% of all Portable Executable samples 84.2% of all Java Archive samples while maintaining high recall scores. This research, by shedding light on the intricacies of malware detection in Minecraft clients, provides a framework for a more nuanced and adaptable approach to game-related malware research. malware detection cybersecurity Minecraft game mods machine learning Engineering
108	Maritim cybersäkerhet och positionssystem : Utvärdering av rekommendationer till maritima industrin utifrån nuvarande forskning / Maritime Cybersecurity and Positioning Systems : Evaluation of Recommendations for the Maritime Industry Based on Current Research Petersson, Wilhelm, Nilsson, Arwid January 2024 (has links) I detta arbete utforskas cybersäkerhetsaspekter av positionssystem inom sjöfartssektorn. Syftet är att identifiera åtgärder för att hantera och förebygga säkerhetshot samt utforska implementering av övningar för att bygga kompetens i detektering och hantering av dessa hot. Genom en systematisk litteraturstudie granskades befintlig forskning. Resultaten visar på vikten av anpassade utbildningsprogram, en förändrad inställning till cybersäkerhet, behovet av starka säkerhetskulturer samt effektiva förebyggande strategier och beredskapsplaner. Studien utreder även den kollektiva ansträngningen mellan rederier, tillverkare och andra maritima aktörer för att förbättra systemens motståndskraft mot cyberhot. Slutligen uppmanar avhandlingen till vidare forskning för att utveckla mer detaljerade implementeringsstrategier. / In this work, cybersecurity aspects are explored within positioning systems in the maritime sector. The purpose is to identify means for handling and preventing security threats and explore the implementations of drills to build competency in detecting and handling these threats through a systematic literature review that looks at existing research. The results show the need for education courses, a changed outlook on cybersecurity, a strong security culture, effective prevention strategies, and contingencies. The study also investigates the collective effort between shipping companies, manufacturers, and maritime actors to improve the systems' resilience to cyber threats. Finally, the work encourages further research to develop more detailed implementation strategies. Maritime Cybersecurity GPS Positioning systems Transport Systems and Logistics Transportteknik och logistik
109	Developing a SQL Injection Exploitation Tool with Natural Language Generation Boekweg, Kate Isabelle 22 April 2024 (has links) (PDF) Websites are a popular tool in our modern world, used daily by many companies and individuals. However, they are also rife with vulnerabilities, including SQL injection (SQLI) vulnerabilities. SQLI attacks can lead to significant damage to the data stored within web applications and their databases. Due to the dangers posed by these attacks, many countermeasures have been researched and implemented to protect websites against this threat. Various tools have been developed to enhance the process of detecting SQLI vulnerabilities and active SQLI attacks. Many of these tools have integrated machine learning technologies, aiming to improve their efficiency and effectiveness. Penetration testing is another valid method of detecting and fixing SQLI vulnerabilities, and there are tools designed to automate this process. Some of these automated exploitation tools have also incorporated machine learning techniques. This research aims to identify design requirements of a SQLI exploitation tool that utilizes Natural Language Generation for attack data. This research also aims to compare this new SQLI exploitation to existing tools. This research integrates various components from existing research projects to develop and evaluate the effectiveness of the proposed SQLI exploitation tool. This research establishes a framework for a SQL injection exploitation tool. Additionally, the study successfully tests multiple components of this new tool and compares the accuracy and speed of the new tool to already existing tools. SQL injection injection detection cybersecurity machine learning offensive security Engineering
110	Protection and Cybersecurity in Inverter-Based Microgrids Mohammadhassani, Ardavan 06 July 2023 (has links) Developing microgrids is an attractive solution for integrating inverter-based resources (IBR) in the power system. Distributed control is a potential strategy for controlling such microgrids. However, a major challenge toward the proliferation of distributed control is cybersecurity. A false data injection (FDI) attack on a microgrid using distributed control can have severe impacts on the operation of the microgrid. Simultaneously, a microgrid needs to be protected from system faults to ensure the safe and reliable delivery of power to loads. However, the irregular response of IBRs to faults makes microgrid protection very challenging. A microgrid is also susceptible to faults inside IBR converters. These faults can remain undetected for a long time and shutdown an IBR. This dissertation first proposes a method that reconstructs communicated signals using their autocorrelation and crosscorrelation measurements to make distributed control more resilient against FDI attacks. Next, this dissertation proposes a protection scheme that works by classifying measured harmonic currents using support vector machines. Finally, this dissertation proposes a protection and fault-tolerant control strategy to diagnose and clear faults that are internal to IBRs. The proposed strategies are verified using time-domain simulation case studies using the PSCAD/EMTDC software package. / Doctor of Philosophy / Renewable energy resources, such as wind, solar, and geothermal, are interfaced with the grid using DC-to-AC power electronic converters, popularly known as inverters. These “inverterbased resources (IBR)” are mostly distributed and located near consumers. During outages, IBRs can be used to provide power to customers. This gives developers the idea of integrating IBRs in microgrids. A microgrid is a miniature grid that consists of IBRs and customers. A microgrid is normally connected to the grid but can disconnect from the grid and operate on its own. To run efficiently, a microgrid uses fast and reliable communication between IBRs to create a high-performance distributed control strategy. However, this creates cybersecurity concerns for microgrids. This dissertation proposes a cybersecure distributed control strategy to make sure microgrids can keep their advantages. This dissertation also proposes a protection method that relies on machine learning to clear short circuits in the microgrid. Finally, this dissertation proposes a strategy to diagnose failures inside IBRs and ride through them. The proposed solutions are verified using the industry-grade simulation software PSCAD/EMTDC. Cybersecurity inverter-based resources microgrids power system protection

Search results