Global ETD Search

251	Analysis of Security Findings and Reduction of False Positives through Large Language Models Wagner, Jonas 18 October 2024 (has links) This thesis investigates the integration of State-of-the-Art (SOTA) Large Language Models (LLMs) into the process of reassessing security findings generated by Static Application Security Testing (SAST) tools. The primary objective is to determine whether LLMs are able to detect false positives (FPs) while maintaining a high true positive (TP) rate, thereby enhancing the efficiency and effectiveness of security assessments. Four consecutive experiments were conducted, each addressing specific research questions. The initial experiment, using a dataset of security findings extracted from the OWASP Bench- mark, identified the optimal combination of context items provided by the SAST tool Spot- Bugs, which, when used with GPT-3.5 Turbo, reduced FPs while minimizing the loss of TPs. The second experiment, conducted on the same dataset, demonstrated that advanced prompting techniques, particularly few-shot Chain-of-Thought (CoT) prompting combined with Self-Consistency (SC), further improved the reassessment process. The third experiment compared both proprietary and open-source LLMs on an OWASP Benchmark dataset about one-fourth the size of the previously used dataset. GPT-4o achieved the highest performance, detecting 80 out of 128 FPs without missing any TPs, resulting in a perfect TPR of 100% and a decrease in FPR by 41.27 percentage points. Meanwhile, Llama 3.1 70B detected 112 out of the 128 FPs but missed 10 TPs, resulting in a TPR of 94.94% and a reduction in FPR by 56.62 percentage points. To validate these findings in a real-world context, the approach was applied to a dataset generated from the open-source project Mnestix using multiple SAST tools. GPT-4o again emerged as the top performer, detecting 26 out of 68 FPs while only missing one TP, resulting in a TPR decreased by 2.22 percentage points but simultaneously an FPR decreased 37.57 percentage points.:Table of Contents IV List of Figures VI List of Tables VIII List of Source Codes IX List of Abbreviations XI 1. Motivation 1 2. Background 3 3. Related Work 17 4. Concept 31 5. Preparing a Security Findings Dataset 39 6. Implementing a Workflow 51 7. Identifying Context Items 67 8. Comparing Prompting Techniques 85 9. Comparing Large Language Models 101 10.Evaluating Developed Approach 127 11.Discussion 141 12.Conclusion 145 A. Appendix: Figures 147 A.1. Repository Directory Tree 148 A.2. Precision-Recall Curve of Compared Large Language Models 149 A.3. Performance Metrics Self-Consistency on Mnestix Dataset 150 B. Appendix: Tables 151 B.1. Design Science Research Concept 151 C. Appendix: Code 153 C.1. Pydantic Base Config Documentation 153 C.2. Pydantic LLM Client Config Documentation 155 C.3. LLM BaseClient Class 157 C.4. Test Cases Removed From Dataset 158
252	COMPLY OR DIE : A case study of conditions for NIS2-compliance Burström, Ludvig, Petersson, André January 2024 (has links) Cybersecurity is increasingly becoming more pervasive and prevalent due in part to ongoing conflicts in the world as well as increased reliance on digital technologies. To combat the emerging threats posed by this, the European Union introduced NIS2, a legislation aimed at increasing the lowest level of cybersecurity across its member states. Thus, the research question this study set out to answer was “How can conditions for organizational compliance with NIS2 be evaluated?” This case study has utilized a Delphi-panel with experts within the field, conducted interviews, analyzed internal documents, and established cybersecurity standards. The study has found several crucial conditions for reaching compliance with this new legislation, it has also developed a means of evaluation for organizations forced to comply. The findings further the field of cybersecurity by uncovering ownership as an important and generally overlooked condition for compliance. As well as providing a tool for practitioners and researchers to help evaluate conditions for NIS2 compliance. Cybersecurity Compliance Readiness Ownership NIS2 Information Systems, Social aspects
253	Investigation of Post-Quantum Cryptography (FIPS 203 & 204) Compared to Legacy Cryptosystems, and Implementation in Large Corporations. Marmebro, Alma, Stenbom, Kristin January 2024 (has links) As quantum computing advances, there is a critical need to develop quantum resistant cryptographic algorithms. The precise timeline for quantum computers to challenge current encryption methods is uncertain, yet the potential risk to global data security is clear. This study addresses the necessity to prepare for these future threats by evaluating and enhancing the security of proposed quantum safe systems. The National Institute of Standards and Technology (NIST) has been proactive in addressing these challenges, proposing a set of quantum safe cryptographic systems, including ML-KEM (Module Lattice-based Key Encapsulation Mechanism) and ML-DSA (Module Lattice-based Digital Signature Algorithm). These systems are believed to be resilient against the computational capabilities of quantum computers, offering a pathway to secure cryptographic practices in the forthcoming quantum era. We have conducted a detailed analysis of ML-KEM and ML-DSA, focusing on their mathematical foundations and the inherent hardness of these systems. This examination helps clarify why they are considered secure against quantum computing. Our study involves implementing an Module-Learning With Errors (MLWE)-based cryptosystem, the foundational hardness of which underpins the security of ML-KEM and ML-DSA. In this implementation, we test two distributions to evaluate the impact of their parameters, as the choice of distribution is crucial since poor distribution choices can lead to significant errors. We carefully track these errors to determine their onset and rate of increase. Furthermore, we assess the readiness of organizations for the quantum era, finding that some have already begun their transition. However, our analysis suggests that security personnel within a well known company may not be as prepared as NIST’s recommendations would suggest. It is imperative for organizations to start preparing now to ensure the future security of their data in the face of quantum computing advancements. Encryption Post-quantum cryptography Cybersecurity Decryption Other Mathematics Annan matematik Other Engineering and Technologies Annan teknik
254	Cyber Activity in Sweden : A study on the digital threat landscape in Sweden Brandt, Samuel January 2024 (has links) Due to erupting conflict within the European region, State officials and newspaper outlets have spoken about the ever-decreasing safety of the Swedish nation in several aspects with the digital threat being one of the forthcoming concerns. To be able to act in a proportional manner and safeguard our digitalized society we first need to gauge the digital threat landscape and uncover how much the situation has changed with the coming of this conflict. We created a wide set of questions based on the published works of academia and grey literature that are related to Cybersecurity and the digital threat landscape. We used this information to interview IT personnel that work in cybersecurity to get a perspective on how the situation looks like for the people at the forefront of this propagated threat. The interviews uncovered that the situation had indeed changed and for the worse. A more digitalized society and advancing technology combined with the existence of skillful hackers result in more frequent and sophisticated attacks. The IT personnel tasked with safeguarding their networks are very aware of this and provide some insight on how they perceive the digital threat landscape in this investigation. Cybersecurity Digital threat landscape Threat landscape Sweden Computer Sciences Datavetenskap (datalogi)
255	The Influence of Institutional Factors on AI adoption in EU banking cybersecurity: : A narrative literature review. Engvall, Nazgul January 2024 (has links) The adoption of artificial intelligence (AI) in the European Union (EU) banking sector for cybersecurity purposes presents a complex interplay of promise and challenge. This study employs a qualitative narrative review to investigate how institutional pressures, including regulatory requirements, industry norms, and the pursuit of legitimacy, shape banks' decisions to integrate AI. Analyzing both academic and grey literature, this study reveals how these institutional forces influence banks' decision-making, highlighting the tension between the potential for enhanced security through AI and the need to mitigate risks, address ethical concerns, and maintain public trust. Ultimately, this research contributes to a deeper understanding of the complex institutional dynamics that shape AI adoption in the highly regulated context of EU banking. / Tillämpningen av artificiell intelligens (AI) inom EU:s banksektor för cybersäkerhet innebär en komplex balansgång mellan möjligheter och risker. Denna kvalitativa narrativa litteraturstudie undersöker hur institutionella faktorer – regleringar, branschnormer och strävan efter legitimitet – påverkar bankernas beslut att implementera AI. Genom att analysera både akademisk forskning och branschrapporter belyser studien hur dessa faktorer formar bankernas strategier och beslutsprocesser kring AI. Studien lyfter fram spänningen mellan potentialen för ökad säkerhet genom AI och behovet av att hantera risker, etiska överväganden och upprätthålla förtroendet hos allmänheten. Genom att granska den komplexa institutionella dynamiken som präglar AI-adoption inom den hårt reglerade europeiska banksektorn bidrar denna forskning till en fördjupad förståelse för de utmaningar och möjligheter som AI innebär för cybersäkerheten i denna bransch. artificial intelligence cybersecurity AI in banking European banks institutional theory Social Sciences Samhällsvetenskap
256	National Industrial Security Program Information Systems Authorization: A Case Study Michael Greene (20348601) 10 January 2025 (has links) <p dir="ltr">This case study addresses a timeliness and cost problem associated to attaining the Authorization to Operate (ATO) for National Industrial Security Program (NISP) information systems. Industry contractor organizations are required to attain ATOs to operate NISP computing systems processing classified information located at their facility locations. The origin of the case study problem is decades old, the problem prompted action from the Executive Office of the President to establish the NISP in 1993. The NISP programs intent is to promote security requirement uniformity between the defense industry and the U.S. government, and to reduce security costs. However, despite efforts to lessen the ATO process burden, the problem continues to impede timeliness and increases cost associated with NISP system ATOs today. The case study will focus on reasons the ATO problem is still prevalent today and why the cost saving attributes designed into the Risk Management Framework (RMF) remain an implementation challenge. First, a systematic multivocal literature review methodology is used to collect relevant formal research literature from academic databases, as well as gray literature from authoritative government resources. Second, a cost estimate comparison is used to examine a Department of Defense (DoD) and a NISP information system authorization. The RMF cybersecurity reciprocity and inheritance attributes are applied to the cost comparison to measure ATO impact analysis.</p> National Industrial Security Program Authorization to Operate Risk Management Framework
257	Guarding The Grid: Exploring Iot And Iiot Security Vulnerabilities In Smart Power Systems Parker, Nicole G 01 January 2024 (has links) (PDF) The Internet of Things (IoT) encompasses the collective network of electrical devices and the technology that enables them to send and receive data. The use of IoT technologies in industrial settings, such as transportation, manufacturing, and energy is referred to as the Industrial Internet of Things (IIoT). With the expansion of IoT in homes and IIoT in the energy sector has come an increase in the number of devices connected with each other. Engineers have utilized this network to develop sophisticated smart systems that combine sensing, processing, actuation, and control to produce smart environments. Along with the benefits of IoT and IIoT expansion in smart systems come cybersecurity risks from possible exploitation of vulnerabilities. Since IIoT devices are connected with each other, a cyberattack on a smart system can lead to a large attack surface with devastating effects. This thesis will serve to identify IoT and IIoT cybersecurity threats in smart devices and their impact on the grid. IoT device security will be analyzed in smart homes, and IIoT device security will be analyzed in substations and utility control centers. Common communication protocols used in IoT and IIoT devices will be compared to determine their level of vulnerability to cyberattacks. Furthermore, this thesis will discuss attack scenarios and explain the idea of a cascading effect of vulnerabilities in devices. To visualize and simulate attack scenarios, a model power system will be created on RT Lab and EXata CPS. From here, the results collected will be presented. The findings will discuss potential vulnerabilities and provide solutions for enhancements in IoT and IIoT security for smart power systems. Electrical and Computer Engineering Power and Energy
258	Data-driven Algorithms for Critical Detection Problems: From Healthcare to Cybersecurity Defenses Song, Wenjia 16 January 2025 (has links) Machine learning and data-driven approaches have been widely applied to critical detection problems, but their performance is often hindered by data-related challenges. This dissertation seeks to address three key challenges: data imbalance, scarcity of high-quality labels, and excessive data processing requirements, through studies in healthcare and cybersecurity. We study healthcare problems with imbalanced clinical datasets that lead to performance disparities across prediction classes and demographic groups. We systematically evaluate these disparities and propose a Double Prioritized (DP) bias correction method that significantly improves the model performance for underrepresented groups and reduces biases. Cyber threats, such as ransomware and advanced persistent threats (APTs), have presented growing threats in recent years. Existing ransomware defenses often rely on black-box models trained on unverified traces, providing limited interpretability. To address the scarcity of reliably labeled training data, we experimentally profile runtime ransomware behaviors of real-world samples and identify core patterns, enabling explainable and trustworthy detection. For APT detection, the large size of system audit logs hinders real-time detection. We introduce Madeline, a lightweight system that efficiently processes voluminous logs with compact representations, overcoming real-time detection bottlenecks. These contributions provide deployable and effective solutions, offering insights for future research within and beyond the fields of healthcare and cybersecurity. / Doctor of Philosophy / Machine learning and data-driven methods have been widely used to solve important detection problems, but their effectiveness is often limited by challenges related to the data they rely on. This dissertation focuses on three key challenges: imbalanced data, a lack of high-quality information, and the need to process large amounts of data quickly. We address these issues through studies in healthcare and cybersecurity. Data from clinical studies is often unbalanced, with certain patient groups or outcomes being underrepresented. This imbalance leads to inconsistent prediction accuracies across groups. We address this by developing a method called Double Prioritized (DP) bias correction, which significantly improves the accuracy for minority groups and reduces biases. Cyber threats are becoming increasingly serious risks. One type of prevalent malware is ransomware, which encrypts the victim's data and demands payment for recovery. Current ransomware defenses often learn from unverified data and make decisions without clear explanations. To improve this, we analyze how real-world ransomware behaves, identifying patterns that allow for more explainable and reliable detection. Another type of threat is called advanced persistent threats (APTs), which aim to stay undetected in the victim's system for a long time and exfiltrate data gradually. For APT detection, the challenge lies in analyzing the vast amount of activity data the system generates, which slows down detection. We introduce detectionname, a system designed to process large logs efficiently, enabling fast and accurate threat detection. These contributions provide practical solutions to pressing problems in healthcare and cybersecurity and offer ideas for future improvements within and beyond these fields. Cybersecurity Advanced Persistent Threats (APTs) Anomaly Detection Digital Health AI Fairness Applied Machine Learning
259	Možnosti zlepšení strategií pro kybernetickou bezpečnost / The potential improvement of the cyber security strategies Jandura, Lukáš January 2016 (has links) The thesis focusses on central nodes' dynamics in cyberspace, representing its key elements. Such approach derives from the theory of networks developed by Albert-László Barabási and it is conceptualised along with cyberspace in security studies and the role of a state in cyberspace. Main question, which is how to improve cybersecurity strategies, is answered by well-structured package of possible positions of a state towards central nodes. It asses the level of involvement in cyberspace, boundaries of intrusion into central nodes and acceptable tools usable against those which are not directly accessible. Powered by TCPDF (www.tcpdf.org)
260	Možnosti zlepšení strategií pro kybernetickou bezpečnost / The potential improvement of the cyber security strategies Jandura, Lukáš January 2016 (has links) The thesis is focused on central nodes' dynamics in cyberspace, representing its key elements. This approach is derived from the theory of networks developed by Albert-László Barabási and applied on different aspects of cyberspace, which brings different views at known events and issues and discovers relationship between central and common nodes. Cyberspace is perceived in its broadest shape as a fluid result of social constructivism influenced by behaviour of its users. Final outcomes are summarised to recommendations for a new approach to a cybersecurity strategy. Powered by TCPDF (www.tcpdf.org)

Search results