Global ETD Search

91	Detection of DDoS Attacks against the SDN Controller using Statistical Approaches Al-Mafrachi, Basheer Husham Ali January 2017 (has links) No description available. Computer Engineering SDN Controller DDoS attacks SPRT CD PD CUSUM ED
92	Effektivitetsanalys och optimering av DDoS-skydd i Azures molnbaserade IT-infrastruktur / Efficiency analysis and optimization of DDoS-protection in Azure's cloud-based IT-infrastructure Zengin, Tolga January 2024 (has links) Detta examensarbete undersöker försvaret mot DDoS-attacker i molnbaserade miljöer, med ett särskilt fokus på Azure-infrastrukturen. Arbetet inkluderar en omfattande analys av komponenterna utöver DDoS-skyddet som erbjuds av Azure för att få ett komplett skydd av nätverksinfrastrukturen. I undersökningen jämfördes olika skyddskomponenter och det konstaterades att de valda lösningarna presterade bättre än andra marknadsledande lösningar när det gäller prestanda och säkerhet. Resultatet visar att komponenterna effektivt kan motverka DDoS-attacker under kontrollerade förhållanden, men ytterligare tester i riktiga miljöer är rekommenderade. Arbetet visar att framtida studier bör fokusera på att integrera artificiell intelligens för att förbättra skyddet mot DDoS-attacker ytterligare. / This thesis examines the defense against DDoS attacks in cloud-based environments, with a particular focus on the Azure infrastructure. The work includes a comprehensive analysis of the components in addition to the DDoS protection offered by Azure to get a complete protection of the network infrastructure. The study compared different protection components and found that the selected solutions outperformed other market-leading solutions in terms of performance and security. The results show that the components can effectively counter DDoS attacks under controlled conditions, but further testing in real environments is recommended. The work shows that future research should focus on integrating artificial intelligence to further improve protection against DDoS attacks. DDoS-attacker molnbaserade miljöer Azures IT-infrastruktur nätverkssäkerhet webbappli-kationsbrandvägg brandväggar trafikhantering säkerhetskomponenter Computer Systems Datorsystem
93	Detecting DDoS Attacks with Machine Learning : A Comparison between PCA and an autoencoder / Att Upptäcka DDoS-attacker med Maskininlärning : En Jämförelse mellan PCA och en autoencoder Johansson, Sofie January 2024 (has links) Distibuted denial of service (DDoS) attacks are getting more and more common in society as the number of devices connected to the Internet is increasing. To reduce the impact of such attacks it is important to detect them as soon as possible. Many papers have investigated how well different machine learning algorithms can detect DDoS attacks. However, most papers are focusing on supervised learning algorithms which require a lot of labeled data, which is hard to find. This thesis compares two unsupervised learning algorithms, an autoencoder and principal component analysis (PCA), in how well they detect DDoS attacks. The models are implemented in the Python libraries Keras, Tensorflow and scikit-learn. They are then trained and tested with data that has its origin in the CICDDOS2019 dataset. There are normal data and nine different types of DDoS attacks in the used dataset. The models are compared by computing the Receiver Operating Characteristic (ROC) curve and its Area Under the Curve (AUC) score, and the F1 score of the models. For both measures the mean value of the results of all attack types are used. The computations show that the autoencoder perform better than PCA with respect to both the mean AUC score (0.981 compared to 0.967) and the mean F1 score (0.987 compared to 0.978). The thesis goes on to discussing why the autoencoder performs better than PCA and, finally draws conclusions based on the insights of the analysis. machine learning distributed denial of service attack DDoS autoencoder pca Computer Engineering Datorteknik
94	Kommunikationslösningar i molnet : Examensarbete angående olika nätverkslösningar i WAN Andersson, Tobias, Hedlund, Victor January 2015 (has links) Att koppla samman nätverk över geografiskt olika platser har blivit allt vanligare i dagens samhälle. Rapporten kommer belysa olika WAN-lösningar för att göra detta möjligt. De olika lösningar som kommer belysas i denna rapport är att hyra egen fiber, lager2-länk, MPLS och även VPN. Det kommer göras jämförelser mellan dessa lösningar när det gäller kostnad, säkerhet, hastighet och tillförlitlighet. Detta har gjorts med vetenskapliga artiklar och intervjuer men rapporten innefattar även en praktisk tillämpling i form av ett experiment. / To connect networks across geographically diverse sites has become increasingly common in todays society. This report will highlight the various WAN solutions to make this possible. The different solutions that will be highlighted in this report is rent own fiber , Layer 2 link, MPLS , and VPN. There will be comparisons between these solutions in terms of cost, safety , speed and reliability. This has been done with scientific articles and interviews , but the report also includes a practical laboration. WAN MAN Remote-network HOIC DDos Site-to-Site LAN VPN Layer2-link MPLS Network Throughput WAN MAN Remote-Network HOIC DDos Site-to-Site LAN VPN Lager2-länk MPLS Nätverk Nedladdningshastighet Uppladdningshastighet. Computer Sciences Datavetenskap (datalogi)
95	Information-Theoretic Framework for Network Anomaly Detection: Enabling online application of statistical learning models to high-speed traffic / ITF-NAD : Ett informationsteoretiskt ramverk för realtidsdetektering av nätverksanomalier Damour, Gabriel January 2019 (has links) With the current proliferation of cyber attacks, safeguarding internet facing assets from network intrusions, is becoming a vital task in our increasingly digitalised economies. Although recent successes of machine learning (ML) models bode the dawn of a new generation of intrusion detection systems (IDS); current solutions struggle to implement these in an efficient manner, leaving many IDSs to rely on rule-based techniques. In this paper we begin by reviewing the different approaches to feature construction and attack source identification employed in such applications. We refer to these steps as the framework within which models are implemented, and use it as a prism through which we can identify the challenges different solutions face, when applied in modern network traffic conditions. Specifically, we discuss how the most popular framework -- the so called flow-based approach -- suffers from significant overhead being introduced by its resource heavy pre-processing step. To address these issues, we propose the Information Theoretic Framework for Network Anomaly Detection (ITF-NAD); whose purpose is to facilitate online application of statistical learning models onto high-speed network links, as well as provide a method of identifying the sources of traffic anomalies. Its development was inspired by previous work on information theoretic-based anomaly and outlier detection, and employs modern techniques of entropy estimation over data streams. Furthermore, a case study of the framework's detection performance over 5 different types of Denial of Service (DoS) attacks is undertaken, in order to illustrate its potential use for intrusion detection and mitigation. The case study resulted in state-of-the-art performance for time-anomaly detection of single source as well as distributed attacks, and show promising results regarding its ability to identify underlying sources. / I takt med att antalet cyberattacker växer snabbt blir det alltmer viktigt för våra digitaliserade ekonomier att skydda uppkopplade verksamheter från nätverksintrång. Maskininlärning (ML) porträtteras som ett kraftfullt alternativ till konventionella regelbaserade lösningar och dess anmärkningsvärda framgångar bådar för en ny generation detekteringssytem mot intrång (IDS). Trots denna utveckling, bygger många IDS:er fortfarande på signaturbaserade metoder, vilket förklaras av de stora svagheter som präglar många ML-baserade lösningar. I detta arbete utgår vi från en granskning av nuvarande forskning kring tillämpningen av ML för intrångsdetektering, med fokus på de nödvändiga steg som omger modellernas implementation inom IDS. Genom att sätta upp ett ramverk för hur variabler konstrueras och identifiering av attackkällor (ASI) utförs i olika lösningar, kan vi identifiera de flaskhalsar och begränsningar som förhindrar deras praktiska implementation. Särskild vikt läggs vid analysen av de populära flödesbaserade modellerna, vars resurskrävande bearbetning av rådata leder till signifikant tidsfördröjning, vilket omöjliggör deras användning i realtidssystem. För att bemöta dessa svagheter föreslår vi ett nytt ramverk -- det informationsteoretiska ramverket för detektering av nätverksanomalier (ITF-NAD) -- vars syfte är att möjliggöra direktanslutning av ML-modeller över nätverkslänkar med höghastighetstrafik, samt tillhandahåller en metod för identifiering av de bakomliggande källorna till attacken. Ramverket bygger på modern entropiestimeringsteknik, designad för att tillämpas över dataströmmar, samt en ASI-metod inspirerad av entropibaserad detektering av avvikande punkter i kategoriska rum. Utöver detta presenteras en studie av ramverkets prestanda över verklig internettrafik, vilken innehåller 5 olika typer av överbelastningsattacker (DoS) genererad från populära DDoS-verktyg, vilket i sin tur illustrerar ramverkets användning med en enkel semi-övervakad ML-modell. Resultaten visar på hög nivå av noggrannhet för detektion av samtliga attacktyper samt lovande prestanda gällande ramverkets förmåga att identifiera de bakomliggande aktörerna. Network Security Distributed Denial of Service DDoS DoS Anomaly Detection Intrusion Detection Attack Source Identification Information Theory Statistical Learnin Nätverkssäkerhet Distribuerad Överbelastningsattack DDoS DoS Anomalidetektering Intrångsdetektering Identifiering av Attackkällor Informationsteori Maskininlärning Probability Theory and Statistics Sannolikhetsteori och statistik
96	An Investigation of People’s Perception of Digital Threats / Formalisering av inneslutningstrategier i ett ramverk för probabilistisk hotmodellering Rabbani, Wasila January 2024 (has links) This project examines cyber threats and their impact on individuals and organizations. The thesis focuses on a thorough literature review and uses surveys for primary data collection. The quantitative method was chosen to gather numeric data on these threats. The methodology classifies digital threats and analyzes survey results about these threats. It also gathers data on the perceived difficulty of these threats and compares general beliefs with expert opinions and statistical data from literature. Surveys targeted individuals aged 20-45 with a university degree, obtaining 86 responses. Interviews with five security professionals followed a standardized format, aiding in a comparative analysis with the survey data. The questions addressed several cyber threats, including phishing, ransomware, insecure passwords, malware, traffic sniffing, and denial of service. Notably, many respondents lacked a clear understanding of the significance of insecure passwords and traffic sniffing. By using quantitative methods and integrating survey results with expert opinions and literature findings, this study deepens the understanding of cyber threats. The results spotlight misconceptions and knowledge gaps about cyber threats, underscoring the need for better cybersecurity awareness and education. / Detta projekt undersöker cyberhot och deras påverkan på individer och organisationer. Avhandlingen fokuserar på en grundlig litteraturgranskning och använder enkäter för primär datainsamling. Den kvantitativa metoden valdes för att samla numeriska data om dessa hot. Metodiken klassificerar digitala hot och analyserar enkätresultat om dessa hot. Den samlar också in data om den upplevda svårigheten av dessa hot och jämför allmänna uppfattningar med expertåsikter och statistiska data från litteratur. Enkäter riktade sig till individer i åldern 20-45 med en universitetsexamen, och gav 86 svar. Intervjuer med fem säkerhetsprofessionella följde ett standardiserat format, vilket underlättade en jämförande analys med enkätdata. Frågorna behandlade flera cyberhot, inklusive phishing, ransomware, osäkra lösenord, skadlig programvara, trafikavlyssning och denial of service. Framför allt saknade många svarande en tydlig förståelse för betydelsen av osäkra lösenord och trafikavlyssning. Genom att använda kvantitativa metoder och integrera enkätresultat med expertutlåtanden och litteraturfynd fördjupar denna studie förståelsen för cyberhot. Resultaten belyser missuppfattningar och kunskapsluckor om cyberhot, vilket understryker behovet av bättre medvetenhet och utbildning inom cybersäkerhet. Cyber Security Cyber Attacks Phishing Attacks Ransomware Insecure Passwords Malware DDos Attacks Insecure IoT devices Cybersäkerhet Cyberattacker Nätfiskeattacker Ransomware Osäkra lösenord Malware DDos-attacker Osäkra IoT-enheter Computer and Information Sciences Data- och informationsvetenskap
97	Why are Gandhi and Thoreau AFK? : In Search for Civil Disobedience online Kleinhans, Jan-Peter January 2013 (has links) This thesis investigates if Distributed Denial-of-Service attacks constitute a valid form ofcivil disobedience online. For this purpose a multi-dimensional framework is established,drawing on Brownlee’s paradigm case and classical theory of civil disobedience. Threedifferent examples of DDoS attacks are then examined using this framework - the attacksfrom the Electronic Disturbance Theater in support of the Zapatista movement;Anonymous’ Operation Payback; Electrohippies’ attack against the World TradeOrganization. Following the framework, none of these DDoS attacks are able to constitute acivilly disobedient act online. The thesis then goes on and identifies four key issues, drawingon the results from the examples: The loss of 'individual presence', no inimitable feature ofDDoS attacks, impeding free speech and the danger of western imperialism. It concludes thatDDoS attacks cannot and should not be seen as a form of civil disobedience online. Thethesis further proposes that online actions, in order to be seen as civilly disobedient actsonline, need two additional features: An 'individual presence' of the protesters online tocompensate for the remoteness of cyberspace and an inimitable feature in order to berecognizable by society. Further research should investigate with this extended framework ifthere are valid forms of civil disobedience online. DDoS Civil Disobedience Gandhi Thoreau Activism Digital Activism Protests Philosophy Distributed Denial of Servie Rawls Brownlee Hacktivism Virtual Sit-Ins
98	The Defense Against the latest Cyber Espionage both insider and outsider attacks Nsambu, Emmanuel, Aziz, Danish January 2012 (has links) This study was carried out with the intention of examining the defensive mechanism employed against the latest cyber espionage methods including both insider and outsider attacks. The main focus of this study was on web servers as the targets of the cyber attacks. Information in connection to the study was obtained from researchers’ online articles. A survey was also conducted at MidSweden University in order to obtain information about the latest cyber attacks on web servers and about the existing defensive mechanism against such attacks. The existing defensive mechanism was surveyed and a simple design was created to assist in the investigation of the efficiency of the system. Some simple implementations of the existing defensive mechanism were made in order to provide some practical results that were used for the study. The existing defensive mechanism was surveyed and improved upon where possible. The improved defensive mechanism was designed and implemented and its results were compared with the results from the existing defensive mechanism. Due to the fact that the majority of the attackers use defensive mechanisms’ vulnerability in order to find their way into devices such as web servers, it was felt that, even with the most sophisticated improved defensive mechanism in place, it would not be entirely correct to claim that it is possible to fully protect web servers against such attacks. Cyber attacks Cyber Esionage Hackers SQL injection DDoS attack DoS attack
99	Conception d'une architecture Pair-à-Pair orientée opérateur de services Saad, Radwane 17 September 2010 (has links) (PDF) Les paradigmes et architectures du pair-à-pair (P2P) sont au centre des réalisations d'applications à grande échelle de tout type. Il est nécessaire d'intégrer un niveau de contrôle sur de telles applications. De telles applications seront ainsi opérées et auront comme maître d'œuvre un opérateur de services. Dans la pratique actuelle les entités pairs partageant des ressources se placent d'une manière aléatoire sur un large réseau physique (IP). Nous proposons la conception d'une architecture globale pour la mise en place de telles applications sur des plateformes de type P2P. Dans ce paradigme il est possible d'isoler trois principales composantes : la première est celle qui concerne le service applicatif, la deuxième est le routage (ou la recherche), la troisième est celle qui traite du transport des données. Ce travail consiste à optimiser chaque composante du modèle P2P. Ces études nous permettent de spécifier des structures pour trois principales contributions. La première a pour objectif de cloisonner le trafic P2P et, après généralisation, d'appliquer un algorithme sensible au contexte où chaque groupe de pairs (appartenant à un même système autonome par exemple) est basé sur une DHT (Distributed Hash Table). La seconde est d'accélérer le transfert des données à l'aide du mécanisme FEC (Forward Error Correction). La troisième est d'intégrer une entité de Contrôle/Gestion. BitTorrent est le protocole choisi au niveau transport sur une architecture intégrant ces contributions. L'architecture SPOP (Service Oriented Provider P2P) a été validée par simulation et grâce à une application de sécurité de défense contre les attaques DDoS Bittorrent DDoS DHT FEC Localisation Overlay P2P Performance
100	Classification de flux applicatifs et détection d'intrusion dans le trafic Internet Korczynski, Maciej 26 November 2012 (has links) (PDF) Le sujet de la classification de trafic r'eseau est d'une grande importance pourla planification de r'eseau efficace, la gestion de trafic 'a base de r'egles, la gestionde priorit'e d'applications et le contrˆole de s'ecurit'e. Bien qu'il ait re¸cu une atten-tion consid'erable dans le milieu de la recherche, ce th'eme laisse encore de nom-breuses questions en suspens comme, par exemple, les m'ethodes de classificationdes flux de trafics chiffr'es. Cette th'ese est compos'ee de quatre parties. La premi'erepr'esente quelques aspects th'eoriques li'es 'a la classification de trafic et 'a la d'etec-tion d'intrusion. Les trois parties suivantes traitent des probl'emes sp'ecifiques declassification et proposent des solutions pr'ecises.Dans la deuxi'eme partie, nous proposons une m'ethode d''echantillonnage pr'ecisepour d'etecter les attaques de type "SYN flooding"et "portscan". Le syst'eme examineles segments TCP pour trouver au moins un des multiples segments ACK provenantdu serveur. La m'ethode est simple et 'evolutive, car elle permet d'obtenir unebonne d'etection avec un taux de faux positif proche de z'ero, mˆeme pour des tauxd''echantillonnage tr'es faibles. Nos simulations bas'ees sur des traces montrent quel'efficacit'e du syst'eme propos'e repose uniquement sur le taux d''echantillonnage,ind'ependamment de la m'ethode d''echantillonnage.Dans la troisi'eme partie, nous consid'erons le probl'eme de la d'etection et de laclassification du trafic de Skype et de ses flux de services tels que les appels vocaux,SkypeOut, les vid'eo-conf'erences, les messages instantan'es ou le t'el'echargement defichiers. Nous proposons une m'ethode de classification pour le trafic Skype chiffr'ebas'e sur le protocole d'identification statistique (SPID) qui analyse les valeurs statis-tiques de certains attributs du trafic r'eseau. Nous avons 'evalu'e notre m'ethode surun ensemble de donn'ees montrant d'excellentes performances en termes de pr'eci-sion et de rappel. La derni'ere partie d'efinit un cadre fond'e sur deux m'ethodescompl'ementaires pour la classification des flux applicatifs chiffr'es avec TLS/SSL.La premi'ere mod'elise des 'etats de session TLS/SSL par une chaˆıne de Markov ho-mog'ene d'ordre 1. Les param'etres du mod'ele de Markov pour chaque applicationconsid'er'ee diff'erent beaucoup, ce qui est le fondement de la discrimination entreles applications. La seconde m'ethode de classification estime l''ecart d'horodatagedu message Server Hello du protocole TLS/SSL et l'instant d'arriv'ee du paquet.Elle am'eliore la pr'ecision de classification des applications et permet l'identificationviiefficace des flux Skype. Nous combinons les m'ethodes en utilisant une ClassificationNaive Bay'esienne (NBC). Nous validons la proposition avec des exp'erimentationssur trois s'eries de donn'ees r'ecentes. Nous appliquons nos m'ethodes 'a la classificationde sept applications populaires utilisant TLS/SSL pour la s'ecurit'e. Les r'esultatsmontrent une tr'es bonne performance. [INFO:INFO_OH] Computer Science/Other [INFO:INFO_OH] Informatique/Autre Sécurité La classification du trafic réseau Détection d'intrusion Chiffrement DDoS et scan de port Échantillonnage

Search results