Global ETD Search

421	INTERNET OF THINGS SYSTEMS SECURITY: BENCHMARKING AND PROTECTION Naif S Almakhdhub (8810120) 07 May 2020 (has links) <div><p>Internet of Things (IoT) systems running on Microcontrollers (MCUS) have become a prominent target of remote attacks. Although deployed in security and safety critical domains, such systems lack basic mitigations against control-flow hijacking attacks. Attacks against IoT systems already enabled malicious takeover of smartphones, vehicles, unmanned aerial vehicles, and industrial control systems.</p></div><div><p> </p><div><p>The thesis introduces a systemic analysis of previous defense mitigations to secure IoT systems. Building off this systematization, we identify two main issues in IoT systems security. First, efforts to protect IoT systems are hindered by the lack of realistic benchmarks and evaluation frameworks. Second, existing solutions to protect from control-flow hijacking on the return edge are either impractical or have limited security guarantees. This thesis addresses these issues using two approaches. </p></div><div><p> </p></div><div><p>First, we present BenchIoT, a benchmark suite of five realistic IoT applications and an evaluation framework that enables automated and extensible evaluation of 14 metrics covering security, performance, memory usage, and energy. BenchIoT enables evaluating and comparing security mechanisms. Using BenchIoT, we show that even if two security mechanisms have similarly modest runtime overhead, one can have undesired consequences on security such as a large portion of privileged user execution.</p></div><div><p> </p></div><div><p>Second, we introduce Return Address Integrity (RAI), a novel security mechanism to prevent all control-flow hijacking attacks targeting return edges, without requiring special hardware. We design and implement μRAI to enforce the RAI property. Our results show μRAI has a low runtime overhead of 0.1% on average, and therefore is a</p></div><div><p>practical solution for IoT systems. </p></div><div><p> </p></div><div><p>This thesis enables measuring the security IoT systems through standardized benchmarks and metrics. Using static analysis and runtime monitors, it prevents control-flow hijacking attacks on return edges with low runtime overhead. Combined, this thesis advances the state-of-the-art of protecting IoT systems and benchmarking its security.</p></div></div> Computer Engineering Applied Computer Science Computer System Security Cyber security Computer Security System Security Software Security Embedded Systems Security IoT Security Internet of things(IoT) control-flow hijacking embedded systems Cybersecurity
422	Mise en oeuvre d’une approche sociotechnique de la vie privée pour les systèmes de paiement et de recommandation en ligne EL Haddad, Ghada 12 1900 (has links) Depuis ses fondements, le domaine de l’Interaction Homme-Machine (IHM) est marqué par le souci constant de concevoir et de produire des systèmes numériques utiles et utilisables, c’est-à-dire adaptés aux utilisateurs dans leur contexte. Vu le développement exponentiel des recherches dans les IHM, deux états des lieux s’imposent dans les environnements en ligne : le concept de confiance et le comportement de l’usager. Ces deux états ne cessent de proliférer dans la plupart des solutions conçues et sont à la croisée des travaux dans les interfaces de paiements en ligne et dans les systèmes de recommandation. Devant les progrès des solutions conçues, l’objectif de cette recherche réside dans le fait de mieux comprendre les différents enjeux dans ces deux domaines, apporter des améliorations et proposer de nouvelles solutions adéquates aux usagers en matière de perception et de comportement en ligne. Outre l’état de l’art et les problématiques, ce travail est divisé en cinq parties principales, chacune contribue à mieux enrichir l’expérience de l’usager en ligne en matière de paiement et recommandations en ligne : • Analyse des multi-craintes en ligne : nous analysons les différents facteurs des sites de commerce électronique qui influent directement sur le comportement des consommateurs en matière de prise de décision et de craintes en ligne. Nous élaborons une méthodologie pour mesurer avec précision le moment où surviennent la question de la confidentialité, les perceptions en ligne et les craintes de divulgation et de pertes financières. • Intégration de personnalisation, contrôle et paiement conditionnel : nous proposons une nouvelle plateforme de paiement en ligne qui supporte à la fois la personnalisation et les paiements multiples et conditionnels, tout en préservant la vie privée du détenteur de carte. • Exploration de l’interaction des usagers en ligne versus la sensibilisation à la cybersécurité : nous relatons une expérience de magasinage en ligne qui met en relief la perception du risque de cybercriminalité dans les activités en ligne et le comportement des utilisateurs lié à leur préoccupation en matière de confidentialité. • Équilibre entre utilité des données et vie privée : nous proposons un modèle de préservation de vie privée basé sur l’algorithme « k-means » et sur le modèle « k-coRating » afin de soutenir l’utilité des données dans les recommandations en ligne tout en préservant la vie privée des usagers. • Métrique de stabilité des préférences des utilisateurs : nous ciblons une meilleure méthode de recommandation qui respecte le changement des préférences des usagers par l’intermédiaire d’un réseau neural. Ce qui constitue une amélioration à la fois efficace et performante pour les systèmes de recommandation. Cette thèse porte essentiellement sur quatre aspects majeurs liés : 1) aux plateformes des paiements en ligne, 2) au comportement de l’usager dans les transactions de paiement en ligne (prise de décision, multi-craintes, cybersécurité, perception du risque), 3) à la stabilité de ses préférences dans les recommandations en ligne, 4) à l’équilibre entre vie privée et utilité des données en ligne pour les systèmes de recommandation. / Technologies in Human-Machine Interaction (HMI) are playing a vital role across the entire production process to design and deliver advanced digital systems. Given the exponential development of research in this field, two concepts are largely addressed to increase performance and efficiency of online environments: trust and user behavior. These two extents continue to proliferate in most designed solutions and are increasingly enriched by continuous investments in online payments and recommender systems. Along with the trend of digitalization, the objective of this research is to gain a better understanding of the various challenges in these two areas, make improvements and propose solutions more convenient to the users in terms of online perception and user behavior. In addition to the state of the art and challenges, this work is divided into five main parts, each one contributes to better enrich the online user experience in both online payments and system recommendations: • Online customer fears: We analyze different components of the website that may affect customer behavior in decision-making and online fears. We focus on customer perceptions regarding privacy violations and financial loss. We examine the influence on trust and payment security perception as well as their joint effect on three fundamentally important customers’ aspects: confidentiality, privacy concerns and financial fear perception. • Personalization, control and conditional payment: we propose a new online payment platform that supports both personalization and conditional multi-payments, while preserving the privacy of the cardholder. • Exploring user behavior and cybersecurity knowledge: we design a new website to conduct an experimental study in online shopping. The results highlight the impact of user’s perception in cybersecurity and privacy concerns on his online behavior when dealing with shopping activities. • Balance between data utility and user privacy: we propose a privacy-preserving method based on the “k-means” algorithm and the “k-coRating” model to support the utility of data in online recommendations while preserving user’s privacy. • User interest constancy metric: we propose a neural network to predict the user’s interests in recommender systems. Our aim is to provide an efficient method that respects the constancy and variations in user preferences. In this thesis, we focus on four major contributions related to: 1) online payment platforms, 2) user behavior in online payments regarding decision making, multi-fears and cyber security 3) user interest constancy in online recommendations, 4) balance between privacy and utility of online data in recommender systems. Vie privée Paiements en ligne Protocole Protection des données Contrôle Système de recommandation Cyber sécurité Filtrage collaboratif Privacy Online payment Payment protocol Data protection Data control Recommender system Cybersecurity Collaborative filtering
423	Modelo de referencia para identificar el nivel de madurez de ciberinteligencia de amenazas en la dark web Aguilar Gallardo, Anthony Josue, Meléndez Santos, Ricardo Alfonso 31 October 2020 (has links) La web oscura es una zona propicia para actividades ilegales de todo tipo. En los últimos tiempos los cibercriminales están cambiando su enfoque hacia el tráfico de informacion (personal o corporativa) porque los riesgos son mucho más bajos en comparación con otros tipos de delito. Hay una gran cantidad de información alojada aquí, pero pocas compañías saben cómo acceder a estos datos, evaluarlos y minimizar el daño que puedan causar. El presente trabajo propone un modelo de referencia para identificar el nivel de madurez del proceso de Ciber Inteligencia de Amenazas. Esta propuesta considera la información comprometida en la web oscura, originando un riesgo latente que las organizaciones no consideran en sus estrategias de ciberseguridad. El modelo propuesto tiene como objetivo aumentar el nivel de madurez del proceso mediante un conjunto de controles propuestos de acuerdo a los hallazgos encontrados en la web oscura. El modelo consta de 3 fases:1. Identificación de los activos de información mediante herramientas de Ciber inteligencia de amenazas. 2. Diagnóstico de la exposición de los activos de información. 3. Propuesta de controles según las categorías y criterios propuestos. La validación de la propuesta se realizó en una institución de seguros en Lima, Perú con datos obtenidos por la institución. Los resultados preliminares mostraron 196 correos electrónicos y contraseñas expuestos en la web oscura de los cuales 1 correspondía al Gerente de Tecnología. Con esta identificación, se diagnosticó que la institución se encontraba en un nivel de madurez “Normal”, y a partir de la implementación de los controles propuestos se llegó al nivel “Avanzado”. / The dark web is an area conducive to illegal activities of all kinds. In recent times, cybercriminals are changing their approach towards information trafficking (personal or corporate) because the risks are much lower compared to other types of crime. There is a wealth of information hosted here, but few companies know how to access this data, evaluate it, and minimize the damage it can cause. In this work, we propose a reference model to identify the maturity level of the Cyber Intelligence Threat process. This proposal considers the dark web as an important source of cyber threats causing a latent risk that organizations do not consider in their cybersecurity strategies. The proposed model aims to increase the maturity level of the process through a set of proposed controls according to the information found on the dark web. The model consists of 3 phases: 1. Identification of information assets using cyber threat intelligence tools. 2. Diagnosis of the exposure of information assets. 3. Proposal of controls according to the proposed categories and criteria. The validation of the proposal was carried out in an insurance institution in Lima, Peru with data obtained by the institution. Preliminary results showed 196 emails and passwords exposed on the dark web of which 1 corresponded to the Technology Manager of the company under evaluation. With this identification, it was diagnosed that the institution was at a “Normal” maturity level, and from the implementation of the proposed controls the “Advanced” level was reached. / Tesis Ciberseguridad Ciber inteligencia de amenazas Modelo de madurez Web oscura Cybersecurity Cyber threat intelligence Maturity model Dark Web
424	CISTAR Cybersecurity Scorecard Braiden M Frantz (8072417) 03 December 2019 (has links) <p>Highly intelligent and technically savvy people are employed to hack data systems throughout the world for prominence or monetary gain. Organizations must combat these criminals with people of equal or greater ability. There have been reports of heightened threats from cyber criminals focusing upon the energy sector, with recent attacks upon natural gas pipelines and payment centers. The Center for Innovative and Strategic Transformation of Alkane Resources (CISTAR) working collaboratively with the Purdue Process Safety and Assurance Center (P2SAC) reached out to the Computer and Information Technology Department to assist with analysis of the current cybersecurity posture of the companies involved with the CISTAR initiative. This cybersecurity research project identifies the overall defensive cyber posture of CISTAR companies and provides recommendations on how to bolster internal cyberspace defenses through the identification of gaps and shortfalls, which aided the compilation of suggestions for improvement. Key findings include the correlation of reduced cybersecurity readiness to companies founded less than 10 years ago, cybersecurity professionals employed by all CISTAR companies and all CISTAR companies implementing basic NIST cybersecurity procedures.</p> Computer System Security Web Technologies (excl. Web Search) Cybersecurity Cyber CISTAR P2SAC NIST petroleum natural gas petroleum IT energy energy cyber cyber-attack cyber attack cyber defense natural gas disruption
425	A 3-DIMENSIONAL UAS FORENSIC INTELLIGENCE-LED TAXONOMY (U-FIT) Fahad Salamh (11023221) 22 July 2021 (has links) Although many counter-drone systems such as drone jammers and anti-drone guns have been implemented, drone incidents are still increasing. These incidents are categorized as deviant act, a criminal act, terrorist act, or an unintentional act (aka system failure). Examples of reported drone incidents are not limited to property damage, but include personal injuries, airport disruption, drug transportation, and terrorist activities. Researchers have examined only drone incidents from a technological perspective. The variance in drone architectures poses many challenges to the current investigation practices, including several operation approaches such as custom commutation links. Therefore, there is a limited research background available that aims to study the intercomponent mapping in unmanned aircraft system (UAS) investigation incorporating three critical investigative domains---behavioral analysis, forensic intelligence (FORINT), and unmanned aerial vehicle (UAV) forensic investigation. The UAS forensic intelligence-led taxonomy (U-FIT) aims to classify the technical, behavioral, and intelligence characteristics of four UAS deviant actions --- including individuals who flew a drone too high, flew a drone close to government buildings, flew a drone over the airfield, and involved in drone collision. The behavioral and threat profiles will include one criminal act (i.e., UAV contraband smugglers). The UAV forensic investigation dimension concentrates on investigative techniques including technical challenges; whereas, the behavioral dimension investigates the behavioral characteristics, distinguishing among UAS deviants and illegal behaviors. Moreover, the U-FIT taxonomy in this study builds on the existing knowledge of current UAS forensic practices to identify patterns that aid in generalizing a UAS forensic intelligence taxonomy. The results of these dimensions supported the proposed UAS forensic intelligence-led taxonomy by demystifying the predicted personality traits to deviant actions and drone smugglers. The score obtained in this study was effective in distinguishing individuals based on certain personality traits. These novel, highly distinguishing features in the behavioral personality of drone users may be of particular importance not only in the field of behavioral psychology but also in law enforcement and intelligence. Human Information Behaviour Computer System Security Data Encryption Networking and Communications UAV remote sensing Cyber Crime Cyber Forensic Incident Response Threat Intelligence Intelligent models personality dimensions Psychology behavior characterization Cybersecurity Drone
426	Bezpečnost práce s elektronickými daty v průmyslových podnicích / Security of Work with Electronic Data in Industrial Enterprises Žáčková, Eliška January 2013 (has links) The aim of this thesis is not only to characterise the key terms related to this field, but also to analyse the possible solutions to the area in a particular industrial enterprise in the Czech Republic by means of a case study which is a reliable method of qualitative research. The thesis is divided into theoretical and practical part. In the theoretical part the terms such as information, electronic data, know-how, enterprise information systems, cybercrime, and cyberterrorism are defined. The practical part drawing on the theoretical part gives a thorough analysis of the initial state of an industrial enterprise in food industry. Furthermore, it deals with the implementation of the ECM (Enterprise Content Management) which is considered a possible solution to the security of work with electronic data in industrial enterprise.
427	L'ingénierie sociale : la prise en compte du facteur humain dans la cybercriminalité / Social engineering : the importance of the human factor in cybercrime Gross, Denise 08 July 2019 (has links) La révolution numérique a favorisé l’apparition d’une nouvelle forme de criminalité : la cybercriminalité. Celle-ci recouvre un grand nombre de faits dont la plupart sont commis à l’aide de stratégies d’ingénierie sociale. Il s’agit d’un vieux phénomène, pourtant mal connu qui, encouragé par l’accroissement de données circulant sur Internet et par le développement de barrières techniques de sécurité, s’est adapté aux caractéristiques de l’univers virtuel pour une exploitation combinée des vulnérabilités « humaines » avec des outils numériques. L’ingénierie sociale transforme les utilisateurs qui deviennent, inconsciemment, facilitateurs des cyberattaques, au point d’être perçus comme le « maillon faible » de la cybersécurité. Les particuliers, les entreprises et les Etats sont tous confrontés au défi de trouver une réponse à ces atteintes. Cependant, les moyens juridiques, techniques, économiques et culturels mis en place semblent encore insuffisants. Loin d’être éradiquée, l’utilisation de l’ingénierie sociale à des fins illicites poursuit son essor. Face au manque d’efficacité de la politique criminelle actuelle, le travail en amont nous apparaît comme une piste à explorer. Savoir anticiper, détecter précocement et réagir promptement face à la délinquance informatique sont alors des questions prioritaires nécessitant une approche plus humaniste, axée sur la prévention et la coopération. Si nous sommes d’accord sur ce qu’il reste à faire, le défi est de trouver le« comment ». / The digital revolution has encouraged the emergence of a new type of criminal activity : cyber-crime. This includes a vast array of activities and offences that often use social engineering techniques. These techniques are old and not widely understood, yet benefit from the increase of data available online and the use of firewalls and other security systems. They have been adapted to work with the Internet and digital technologies in order to exploit the “vulnerabilities” of human psychology. Social engineering targets the user, who often unconsciously, allows access to systems or data, making the user the weakest link in the cyber-security chain. Individuals, companies and governments are all facing the same challenge in trying to solve these issues, utilising current legal, financial, technological and social resources which seem to be insufficient. Far from being eradicated, fraudulent activities that use social engineering continue to increase in prevalence. The inefficiency of current judicial polices forces us to consider alternative strategies upstream. Being proactive, predicting early and reacting quickly to computer related crimes should be the priority of a more humanistic approach which is focused on prevention and cooperation. Although one can agree on the approach ; the challenge is to find out how to implement it. Ingénierie sociale Facteur humain Information Manipulation Internet Intelligence économique Cybercriminalité Criminalité organisée Politique criminelle Cybersécurité Social engineering Human factor Data Psychological manipulation Internet Economic intelligence Cybercrime Organized crime Criminal policy Cybersecurity 340
428	Ensemble Classifier Design and Performance Evaluation for Intrusion Detection Using UNSW-NB15 Dataset Zoghi, Zeinab 30 November 2020 (has links) No description available. Mathematics Computer Engineering Computer Science Engineering Statistics UNSW-NB15 Ensemble Learning Ensemble Classification XGBoost Random Forest Balanced Bagging Bagging Boosting Hellinger Distance Elastic Net Sequential Feature Selection Anomaly Detection System Machine Learning Cybersecurity Data Science
429	Practice-Oriented Cybersecurity Training Framework Podila, Laxmi Mounika January 2020 (has links) No description available. Academic Guidance Counseling Computer Engineering Computer Science Curriculum Development Education
430	MIXED-METHODS ANALYSIS OF SOCIAL-ENGINEERING INCIDENTS Grusha Ahluwalia (13029936) 29 April 2023 (has links) <p> </p> <p>The following study is a research thesis on the subject matter of Social Engineering (SE) or Social Engineering Information Security Incidents (SEISI). The research evaluates the common features that can be used to cover a social engineering scenario from the perspectives of all stakeholders, at the individual and organizational level in terms of social engineering Tactics, Techniques, and Procedures (TTP). The research utilizes extensive secondary literary sources for understanding the topic of Social Engineering, highlights the issue of inconsistencies in the existing frameworks on social engineering and, addresses the research gap of availability of reliable dataset on past social engineering incidents by information gathered on the common themes of data reported on these. The study annotates salient features which have been identified in several studies in the past to develop a comprehensive dataset of various social engineering attacks which could be used by both computational and social scientists. The resulting codebook or the features of a social engineering are coded and defined based on Pretext Design Maps as well as industry standards and frameworks like MITRE ATT&CK, MITRE CVE, NIST, etc. Lastly, Psychological Theories of Persuasion like Dr. Cialdini’s principles of persuasion, Elaboration Likelihood Model, and Scherer’s Typology of Affective Emotional States guides the psychological TTPs of social engineering evaluated in this study. </p> Digital forensics Information security management Social psychology Social Engineering attacks Threat Modelling Principles of Influence & Persuasion MITRE ATT&CK framework

Search results