Global ETD Search

81	Anomaly-based network intrusion detection enhancement by prediction threshold adaptation of binary classification models Al Tobi, Amjad Mohamed January 2018 (has links) Network traffic exhibits a high level of variability over short periods of time. This variability impacts negatively on the performance (accuracy) of anomaly-based network Intrusion Detection Systems (IDS) that are built using predictive models in a batch-learning setup. This thesis investigates how adapting the discriminating threshold of model predictions, specifically to the evaluated traffic, improves the detection rates of these Intrusion Detection models. Specifically, this thesis studied the adaptability features of three well known Machine Learning algorithms: C5.0, Random Forest, and Support Vector Machine. The ability of these algorithms to adapt their prediction thresholds was assessed and analysed under different scenarios that simulated real world settings using the prospective sampling approach. A new dataset (STA2018) was generated for this thesis and used for the analysis. This thesis has demonstrated empirically the importance of threshold adaptation in improving the accuracy of detection models when training and evaluation (test) traffic have different statistical properties. Further investigation was undertaken to analyse the effects of feature selection and data balancing processes on a model's accuracy when evaluation traffic with different significant features were used. The effects of threshold adaptation on reducing the accuracy degradation of these models was statistically analysed. The results showed that, of the three compared algorithms, Random Forest was the most adaptable and had the highest detection rates. This thesis then extended the analysis to apply threshold adaptation on sampled traffic subsets, by using different sample sizes, sampling strategies and label error rates. This investigation showed the robustness of the Random Forest algorithm in identifying the best threshold. The Random Forest algorithm only needed a sample that was 0.05% of the original evaluation traffic to identify a discriminating threshold with an overall accuracy rate of nearly 90% of the optimal threshold. 004
82	Uma arquitetura híbrida com aprendizagem para o desenvolvimento de agentes de software / A Hybrid Architecture with Learning for the Development of Software Agents COSTA, Adriana Leite 14 August 2017 (has links) Submitted by Rosivalda Pereira (mrs.pereira@ufma.br) on 2017-09-22T18:42:19Z No. of bitstreams: 1 AdrianaCosta.pdf: 3838428 bytes, checksum: 2c98d9d837cb8ba187aa038e80b2d304 (MD5) / Made available in DSpace on 2017-09-22T18:42:19Z (GMT). No. of bitstreams: 1 AdrianaCosta.pdf: 3838428 bytes, checksum: 2c98d9d837cb8ba187aa038e80b2d304 (MD5) Previous issue date: 2017-08-14 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Fundação de Amparo à Pesquisa e ao Desenvolvimento Científico e Tecnológico do Maranhão / Software agents represent an evolution of traditional software entities, having the ability to control their own behavior and acting with autonomy. Typically, software agents act reactively, where actions and perceptions are predefined at design time, or in a deliberative way, where the corresponding action for a given perception is found at run time through reasoning. Deliberative agents do not need all knowledge to be predefined; on the contrary, from an initial knowledge they can infer new knowledge. However, to find an action appropriate to a particular perception, they take a long time, generating a high computational cost. As a solution to this problem, a hybrid architecture with learning for the development of hybrid software agents is presented in this work. Hybrid agents combine reactive and deliberative behavior taking advantage of the speed of reactive behavior and the reasoning capability of the deliberative one are a better option for structuring software agents. The main advantages of the proposed architecture are learning of the reactive behavior, faster and more efficient, through the interactions of the agent with its environment and its consequent adaptability to the environment. The agent adapts to the environment as it learns new reactive behavior from frequent deliberative behavior. The proposed architecture was evaluated through the development of case studies in the information security domain using case-based reasoning, ontologies for the representation of domain knowledge and supervised learning for automatic generation of reactive rules. Results obtained with the case studies performed confirmed a greater effectiveness and a shorter response time of the hybrid agent with learning regarding both the reactive or deliberative agent as well as a hybrid agent without learning in the intrusion detection in computer networks domain. From the specification and evaluation of the hybrid architecture with supervised learning in the Information Security domain, a reference architecture for the development of hybrid agents with learning was generalized. In future works, we intend to evaluate this reference architecture in other domains, with other types of reasoning and learning techniques to evaluate its impact on the productivity and quality of the development of hybrid software agents. / Os agentes de software representam uma evolução do software tradicional, tendo a capacidade de controlar seu próprio comportamento e agir com autonomia. Tipicamente, os agentes de software agem de forma reativa, onde as percepções e ações são predefinidas no momento da sua concepção, ou de forma deliberativa, onde a ação correspondente para uma determinada percepção é encontrada em tempo de execução através de um processo de raciocínio. Os agentes deliberativos não necessitam que todo o conhecimento seja predefinido, ao contrário, a partir de um conhecimento inicial eles conseguem inferir novo conhecimento. Todavia, em muitos casos, para encontrar uma ação apropriada a uma determinada percepção eles levam muito tempo, gerando um alto custo computacional. Como solução a esse problema, apresentamos neste trabalho uma arquitetura híbrida com aprendizagem para o desenvolvimento de agentes de software híbridos. Os agentes híbridos, que combinam comportamento reativo e deliberativo, são uma opção melhor para estruturar os agentes de software. As principais vantagens da arquitetura tese é o aprendizado do comportamento reativo, mais rápido e eficiente, através de interações do agente com o seu ambiente e a sua consequente adaptabilidade ao ambiente. O agente se adapta ao ambiente na medida em que aprende novo comportamento reativo a partir de comportamento deliberativo frequente. A arquitetura tese foi avaliada através do desenvolvimento de estudos de casos no domínio da segurança da informação utilizando o raciocínio baseado em casos, ontologias para a representação do conhecimento do domínio de estudo e aprendizagem supervisionada para geração automática de regras reativas. Os resultados obtidos com os estudos de casos realizados confirmaram uma efetividade maior e um menor tempo de resposta do agente híbrido com aprendizagem em relação tanto ao comportamento isolado de um agente reativo ou deliberativo bem como de um agente híbrido sem aprendizagem no domínio da detecção de intrusões em redes de computadores. A partir da especificação e avaliação da arquitetura híbrida com aprendizagem supervisionada no domínio da Segurança da Informação, foi generalizada uma arquitetura de referência para o desenvolvimento de agentes híbridos com aprendizagem. Em trabalhos futuros, pretende-se avaliar esta arquitetura de referência em outros domínios, com outros tipos de raciocínio e técnicas de aprendizagem para avaliar o seu impacto na produtividade e qualidade do desenvolvimento de agentes de software híbridos. Arquiteturas de Agentes de Software Raciocínio Baseado em Casos Sistemas para Detecção de Intrusões Ontologias Hybrid Learning Software Agents Software Agent Architectures Intrusion Detection Systems Ontologies Engenharia de Software
83	Performance Enhancement Of Intrusion Detection System Using Advances In Sensor Fusion Thomas, Ciza 04 1900 (has links) The technique of sensor fusion addresses the issues relating to the optimality of decision-making in the multiple-sensor framework. The advances in sensor fusion enable to perform intrusion detection for both rare and new attacks. This thesis discusses this assertion in detail, and describes the theoretical and experimental work done to show its validity. The attack-detector relationship is initially modeled and validated to understand the detection scenario. The different metrics available for the evaluation of intrusion detection systems are also introduced. The usefulness of the data set used for experimental evaluation has been demonstrated. The issues connected with intrusion detection systems are analyzed and the need for incorporating multiple detectors and their fusion is established in this work. Sensor fusion provides advantages with respect to reliability and completeness, in addition to intuitive and meaningful results. The goal for this work is to investigate how to combine data from diverse intrusion detection systems in order to improve the detection rate and reduce the false-alarm rate. The primary objective of the proposed thesis work is to develop a theoretical and practical basis for enhancing the performance of intrusion detection systems using advances in sensor fusion with easily available intrusion detection systems. This thesis introduces the mathematical basis for sensor fusion in order to provide enough support for the acceptability of sensor fusion in performance enhancement of intrusion detection systems. The thesis also shows the practical feasibility of performance enhancement using advances in sensor fusion and discusses various sensor fusion algorithms, its characteristics and related design and implementation is-sues. We show that it is possible to build performance enhancement to intrusion detection systems by setting proper threshold bounds and also by rule-based fusion. We introduce an architecture called the data-dependent decision fusion as a framework for building intrusion detection systems using sensor fusion based on data-dependency. Furthermore, we provide information about the types of data, the data skewness problems and the most effective algorithm in detecting different types of attacks. This thesis also proposes and incorporates a modified evidence theory for the fusion unit, which performs very well for the intrusion detection application. The future improvements in individual IDSs can also be easily incorporated in this technique in order to obtain better detection capabilities. Experimental evaluation shows that the proposed methods have the capability of detecting a significant percentage of rare and new attacks. The improved performance of the IDS using the algorithms that has been developed in this thesis, if deployed fully would contribute to an enormous reduction of the successful attacks over a period of time. This has been demonstrated in the thesis and is a right step towards making the cyber space safer. Sensor Networks Intrusion Detection Systems Detector Networks Detectors (Computer Science) Sensor Fusion Data-Dependent Decision Fusion Sensor Fusion Algorithms Demspter-Shafer Evidence Theory Chebyshev Inequality Neural Network Attack-Detection Data-dependent Decision Fusion Computer Science
84	Intrusion Identification For Mobile Ad Hoc Networks Sahoo, Chandramani 03 1900 (has links) A Mobile Ad Hoc Network (MANETs) is a collection of wireless hosts that can be rapidly deployed as a multi hop packet radio network without the aid of any established infrastructure or centralized administration. Such networks can be used to enable next generation of battlefield applications envisioned by the military, including situation awareness systems for maneuvering war fighters, and remotely deployed unmanned microsensor networks. Ad Hoc networks can also provide solutions for civilian applications such as disaster recovery and message exchanges among safety and security personnel involved in rescue missions. Existing solutions for wired network Intrusion Detection Systems (IDSs) do not suit wireless Ad Hoc networks. To utilize either misuse detection or anomaly detection to monitor any possible compromises, the IDS must be able to distinguish normal from anomaly activities. To enable intrusion detection in wireless Ad Hoc networks, the research problems are: • How to efficiently collect normal and anomaly patterns of Ad Hoc networks? The lifetime of the hosts is short and Ad Hoc networks do not have traffic concentration points (router, switch). • How to detect anomalies? The loss could be caused by host movement instead of attacks. Unexpectedly long delay could be caused by unreliable channel instead of malicious discard. In this thesis, we have proposed a novel architecture that uses specification based intrusion detection techniques to detect active attacks against the routing protocols of mobile Ad Hoc networks. Our work analyzes some of the vulnerabilities and discuss the attacks against the AODV protocol. Our approach involves the use of an FSM (Finite State Machine) for specifying the AODV routing behavior and the distributed network monitors for detecting the sequence number attack. Our method can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased with high detection rate. For packet dropping attack, we present a distributed technique to detect this attack in wireless Ad Hoc networks. A bad node can forward packets but in fact it fails to do so. In our technique, every node in the network will check the neighboring nodes to detect if any of them fail to forward the packets. Our technique can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased. The proposed solution can be applied to identify multiple malicious nodes cooperating with each other in MANETs and discover secure routes from source to destination by avoiding malicious nodes acting in cooperation. Our technique will detect the sequence number and Packet Dropping attacks in real time within its radio range with no extra overhead. For resource consumption attack, the proposed scheme incurs no extra overhead, as it makes minimal modifications to the existing data structures and functions related to bad listing a node in the existing version of pure AODV. The proposed scheme is more efficient in terms of the resultant routes established, resource reservations, and computational complexity. If multiple malicious nodes collaborate, they in turn will be restricted and isolated by their neighbors, because they monitor and exercise control over forwarding RREQs by nodes. Hence, the scheme successfully prevents Distributed attacks. The proposed scheme shifts the responsibility of monitoring this parameter to the node's neighbor, ensuring compliance of this restriction. This technique solves all of the problems caused due to unnecessary RREQs from a compromised node. Instead of self-control, the control exercised by a node's neighbor results in preventing this attack. Experiments show that the tool provides effective intrusion detection functionality while using only a limited amount of resources. The loop freedom property has been reduced to an invariant on pairs of nodes. Each node decides & transmits its decision to a control center. Robustness to Threats, Robustness to nodes destruction: Loss of Performance (in terms of ratio) is least for Distributed Option and highest for Centralized Option and Robustness to observations deletion. All the proposed schemes were analyzed and tested under different topologies and conditions with varying number of nodes .The proposed algorithms for improving the robustness of the wireless Ad Hoc networks using AODV protocol against Packet Dropping Attack, Sequence Number attack and resource consumption attack have been simulated for an illustrative network of about 30 nodes. Our experiments have shown that the pattern extracted through simulation can be used to detect attacks effectively. The patterns could also be applied to detect similar attacks on other protocols. Cellular Telephone Mobile Communication Networks Intrusion (Communication) Routing Protocols Routing (Computer Networks) Network Security Wireless Ad Hoc Networks Mobile Ad Hoc Networks (MANETs) Intrusion Detection Ad Hoc On-Demand Distance Vector (AODV) Intrusion Detection Systems (IDSs) Intrusion Identification Communication Engineering
85	Gerenciamento e Integração das Bases de Dados de Sistemas de Detecção de Intrusões / MANAGEMENT AND INTEGRATION OF BASES DATA SYSTEMS FOR DETECTING INVASION SILVA, Emanoel Costa Claudino 19 December 2006 (has links) Made available in DSpace on 2016-08-17T14:53:13Z (GMT). No. of bitstreams: 1 Emanoel Claudino.pdf: 1555729 bytes, checksum: b4ba5604a13f7f5cbe0d556a5a9eedf8 (MD5) Previous issue date: 2006-12-19 / The digital security has become an important factor for institutions of diverse domains. The Intrusion Detection Systems (IDS) have appeared as a solution for detention and correction of intrusion of pro-active way. Thus, some models of SDIs have appeared to diminish the probability of compromising of on computational systems connected in net, identifying, reporting and answering to these incidents. In face to that diversity of solutions, they lack proposals of standardization of the information used for these Systems, as well as of mechanisms of interoperability and exchange of information between the solutions in use. This dissertation, proposes a model, an architecture and an implementation of a SDI´s Information Manager, using the technologies of Multi- Agents Systems and Web Services. The objective of the Information Manager is to keep the information that are necessary to the development of the inherent functions of a SDI, in a safe and updated way. We also propose a standard of format for storage of these data to insert requirements in the environment, as: Unified Storage, Transparent Access, Uniform Generation of Data and Friendly Interaction. / A Segurança digital tem se tornado fator inegociável para instituições de diversos domínios. Os Sistemas de Detecção de Intrusão (SDIs) têm surgido como uma solução para detecção e correção de intrusão de forma próativa. Assim, vários modelos de SDIs têm surgido para, identificando, reportando e respondendo a estes incidentes, diminuir a probabilidade de comprometimento dos sistemas computacionais ligados em rede. Diante desta diversidade de soluções, faltam propostas de padronização das informações utilizadas por estes Sistemas, bem como de mecanismos de interoperabilidade e troca de informações entre as soluções em uso. Esta dissertação, propõem um modelo, uma arquitetura e uma implementação de um Gerenciador de Informações para SDIs, usando as tecnologias de Sistemas Multiagentes e Web Services. O objetivo do Gerenciador de Informações é manter de forma segura e atualizada as informações que são necessárias ao desenvolvimento das funções inerentes a um SDI. É proposto também, um padrão de formato para armazenamento desses dados, de forma a inserir no ambiente requisitos como: Armazenamento Unificado, Acesso Transparente, Geração de Dados Uniforme e Facilidade de Interoperabilidade. Gerenciamento de Informações Sistemas Multiagentes Segurança de Redes Information Manager Intrusion Detection Systems Multi-Agents Systems Data Integration Systems for IDS Net Security
86	Malware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Setting Saradha, R January 2014 (has links) (PDF) In the last decade, a lot of machine learning and data mining based approaches have been used in the areas of intrusion detection, malware detection and classification and also traffic analysis. In the area of malware analysis, static binary analysis techniques have become increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In prior art, a number of clustering and classification techniques have been used to classify the malwares into families and to also identify new malware families, from the behavior reports. In this thesis, we have analysed in detail about the use of Profile Hidden Markov models for the problem of malware classification and clustering. The advantage of building accurate models with limited examples is very helpful in early detection and modeling of malware families. The thesis also revisits the learning setting of an Intrusion Detection System that employs machine learning for identifying attacks and normal traffic. It substantiates the suitability of incremental learning setting(or stream based learning setting) for the problem of learning attack patterns in IDS, when large volume of data arrive in a stream. Related to the above problem, an elaborate survey of the IDS that use data mining and machine learning was done. Experimental evaluation and comparison show that in terms of speed and accuracy, the stream based algorithms perform very well as large volumes of data are presented for classification as attack or non-attack patterns. The possibilities for using stream algorithms in different problems in security is elucidated in conclusion. Malware (Malicious Software) Malware, Cyber Attacks Malware Analysis Profile Hidden Markov Models Intrusion Detection Systems Data Mining Malware Classification and Clustering Machine Learning Malware Detection Cyber Attacks Stream-based Learning Polymorphic Malware Detection Huffman Encoding Stream Algorithms Computer Science
87	Digital Twin-based Intrusion Detection for Industrial Control Systems Varghese, Seba January 2021 (has links) Digital twins for industrial control systems have gained significant interest over recent years. This attention is mainly because of the advanced capabilities offered by digital twins in the areas of simulation, optimization, and predictive maintenance. Some recent studies discuss the possibility of using digital twins for intrusion detection in industrial control systems. To this end, this thesis aims to propose a security framework for industrial control systems including its digital twin for security monitoring and a machine learning-based intrusion detection system for real-time intrusion detection. The digital twin solution used in this study is a standalone simulation of an industrial filling plant available as open-source. After thoroughly evaluating the implementation aspects of the existing knowledge-driven open-source digital twin solutions of industrial control systems, this solution is chosen. The cybersecurity analysis approach utilizes this digital twin to model and execute different realistic process-aware attack scenarios and generate a training dataset reflecting the process measurements under normal operations and attack scenarios. A total of 23 attack scenarios are modelled and executed in the digital twin and these scenarios belong to four different attack types, naming command injection, network DoS, calculated measurement injection, and naive measurement injection. Furthermore, the proposed framework also includes a machine learning-based intrusion detection system. This intrusion detection system is designed in two stages. The first stage involves an offline evaluation of the performance of eight different supervised machine learning algorithms on the labelled dataset. In the second stage, a stacked ensemble classifier model that combines the best performing supervised algorithms on different training dataset labels is modelled as the final machine learning model. This stacked ensemble model is trained offline using the labelled dataset and then used for classifying the incoming data samples from the digital twin during the live operation of the system. The results show that the designed intrusion detection system is capable of detecting and classifying intrusions in near real-time (0.1 seconds). The practicality and benefits of the proposed digital twin-based security framework are also discussed in this work. / Digitala tvillingar för industriella styrsystem har fått ett betydande intresse under de senaste åren. Denna uppmärksamhet beror främst på de avancerade möjligheter som digitala tvillingar erbjuder inom simulering, optimering och förutsägbart underhåll. Några färska studier diskuterar möjligheten att använda digitala tvillingar för intrångsdetektering i industriella styrsystem. För detta ändamål syftar denna avhandling till att föreslå ett säkerhetsramverk för industriella styrsystem inklusive dess digitala tvilling för säkerhetsövervakning och ett maskininlärningsbaserat intrångsdetekteringssystem för intrångsdetektering i realtid. Den digitala tvillinglösningen som används i denna studie är en fristående simulering av en industriell fyllningsanläggning som finns tillgänglig som öppen källkod. Efter noggrann utvärdering av implementeringsaspekterna för de befintliga kunskapsdrivna digitala tvillinglösningarna med öppen källkod för industriella styrsystem, väljs denna lösning. Cybersäkerhetsanalysmetoden använder denna digitala tvilling för att modellera och exekvera olika realistiska processmedvetna attackscenarier och generera en utbildningsdataset som återspeglar processmätningarna under normala operationer och attackscenarier. Totalt 23 angreppsscenarier modelleras och utförs i den digitala tvillingen och dessa scenarier tillhör fyra olika angreppstyper, namnskommandoinjektion, nätverks -DoS, beräknad mätinjektion och naiv mätinjektion. Dessutom innehåller det föreslagna ramverket också ett maskininlärningsbaserat system för intrångsdetektering. Detta intrångsdetekteringssystem är utformat i två steg. Det första steget innebär en offline -utvärdering av prestanda för åtta olika algoritmer för maskininlärning övervakad på den märkta datauppsättningen. I det andra steget modelleras en staplad ensemble -klassificerarmodell som kombinerar de bäst presterande övervakade algoritmerna på olika etiketter för utbildningsdataset som den slutliga modellen för maskininlärning. Denna staplade ensemblemodell tränas offline med hjälp av den märkta datauppsättningen och används sedan för att klassificera inkommande dataprover från den digitala tvillingen under systemets levande drift. Resultaten visar att det konstruerade intrångsdetekteringssystemet kan upptäcka och klassificera intrång i nära realtid (0,1 sekunder). Det praktiska och fördelarna med den föreslagna digitala tvillingbaserade säkerhetsramen diskuteras också i detta arbete. Digital Twin Intrusion Detection Systems Industry 4.0 Industrial Control Systems Machine Learning Stacked Ensemble Model Digital tvilling Intrångsdetekteringssystem Industri 4.0 Industriella styrsystem Maskininlärning Staplad ensemblemodell Computer and Information Sciences Data- och informationsvetenskap
88	Trustworthiness, diversity and inference in recommendation systems Chen, Cheng 28 September 2016 (has links) Recommendation systems are information filtering systems that help users effectively and efficiently explore large amount of information and identify items of interest. Accurate predictions of users' interests improve user satisfaction and are beneficial to business or service providers. Researchers have been making tremendous efforts to improve the accuracy of recommendations. Emerging trends of technologies and application scenarios, however, lead to challenges other than accuracy for recommendation systems. Three new challenges include: (1) opinion spam results in untrustworthy content and makes recommendations deceptive; (2) users prefer diversified content; (3) in some applications user behavior data may not be available to infer users' preference. This thesis tackles the above challenges. We identify features of untrustworthy commercial campaigns on a question and answer website, and adopt machine learning-based techniques to implement an adaptive detection system which automatically detects commercial campaigns. We incorporate diversity requirements into a classic theoretical model and develop efficient algorithms with performance guarantees. We propose a novel and robust approach to infer user preference profile from recommendations using copula models. The proposed approach can offer in-depth business intelligence for physical stores that depend on Wi-Fi hotspots for mobile advertisement. / Graduate / 0984 / cchenv@uvic.ca Bipartite Graphs Matchings NP-hardness Linear Programming Submodular Systems Recommendation Systems Anomaly Detection Community Question and Answer Websites Paid Posters Adaptive Detection Systems Weighted Bipartite b-Matching Conflict Constraints Optimization Approximation Reverse Engineering of Recommendations Wi-Fi Data Mining Profile Inference Copula Modelling
89	Memory Efficient Regular Expression Pattern Matching Architecture For Network Intrusion Detection Systems Kumar, Pawan 08 1900 (has links) (PDF) The rampant growth of the Internet has been coupled with an equivalent growth in cyber crime over the Internet. With our increased reliance on the Internet for commerce, social networking, information acquisition, and information exchange, intruders have found financial, political, and military motives for their actions. Network Intrusion Detection Systems (NIDSs) intercept the traffic at an organization’s periphery and try to detect intrusion attempts. Signature-based NIDSs compare the packet to a signature database consisting of known attacks and malicious packet fingerprints. The signatures use regular expressions to model these intrusion activities. This thesis presents a memory efficient pattern matching system for the class of regular expressions appearing frequently in the NIDS signatures. Proposed Cascaded Automata Architecture is based on two stage automata. The first stage recognizes the sub-strings and character classes present in the regular expression. The second stage consumes symbol generated by the first stage upon receiving input traffic symbols. The basic idea is to utilize the research done on string matching problem for regular expression pattern matching. We formally model the class of regular expressions mostly found in NIDS signatures. The challenges involved in using string matching algorithms for regular expression matching has been presented. We introduce length-bound transitions, counter-based states, and associated counter arrays in the second stage automata to address these challenges. The system uses length information along with counter arrays to keep track of overlapped sub-strings and character class based transition. We present efficient implementation techniques for counter arrays. The evaluation of the architecture on practical expressions from Snort rule set showed compression in number of states between 50% to 85%. Because of its smaller memory footprint, our solution is suitable for both software based implementations on network chips as well as FPGA based designs. Access Control (Computer Networks) Cryptography Network Intrusion Detection System Computer Security Cyber-attack Cascaded Automata Architecture Deterministic Finite Automata Modified Word-based NFA (M-WNFA) Network Security Pattern Matching Computer Science
90	Är det någon som gräver efter krypto på min dator? : En studie kring hotet av kryptobrytning Skåås, Filippa, Olsson, Karin January 2023 (has links) Kryptobrytning är den processen där transaktioner kryptovaluta verifieras.Idag är olaglig kryptobrytning ett stort hot då det utgör en stor del avorganiserad brottslighet. Dessutom kan skadliga kryptobrytningsprogramförkorta en dators livslängd avsevärt. Program som används tillkryptobrytning drar även stora mängder processorkraft, vilket kan göra att endator börjar arbeta långsamt. För att detektera program på en dator går det attta till olika metoder.Syftet med arbetet är att undersöka om det går att identifiera kryptobrytningmed hjälp av verktyg som kan analysera paket som skickas över nätverk frånett kryptobrytningsprogram. Samtidigt observeras det vilka varianter avartefakter som kan urskiljas och vilka andra typer av metoder det finns atttillgå vid detektion av kryptobrytning.Resultatet visar att enbart specifika typer av kryptobrytningsattacker kanupptäckas med paketanalysatorer och systemverktyg eftersom en hackarekan, i de flesta fall, förbipassera verktygen. Däremot visar i de flesta fallresultatet att det finns nackdelar respektive fördelar med varje metod. Detmest effektiva sättet för att skydda privata tillgångar och publikaorganisationers resurser är att använda en flerskiktsstrategi genom attkombinera alla typer av metoder. Ett antal av de artefakter som hittades somkan vara till användning var IP adresser, MAC-adresser, geolokalisering ochmetadata. / Today, illegal crypto mining poses a significant threat because it plays a bigrole in organized crime. In addition, it can shorten the lifespan significantly.Programs dedicated to crypto mining also consume substantial amounts ofprocessing power, which can slow down a computer. Various methods can beemployed to detect such programs on a computer.The purpose of this work is to investigate whether it is possible to identifycrypto mining using tools that can analyze packets transmitted over thenetwork from a crypto mining program. Additionally, it is observed whichvariants of artifacts can be distinguished and what other types of methods areavailable for detecting crypto mining.The result shows that only specific types of crypto mining attacks can bedetected using packet analyzers and system tools, as a hacker can bypass thesetools in most cases. However, the result also indicates that there aredisadvantages and advantages to each method. The most effective way toprotect your assets and organizational resources is to use a multi-layeredstrategy by combining all types of methods. Some of the artifacts found thatmay be useful include IP addresses, MAC addresses, geolocation, andmetadata. cryptocurrency packet sniffers Wireshark Task Manager Resource Monitor Intrusion Detection System machine learning kryptovaluta kryptobrytning paketanalysatorer Wireshark Aktivitetshanteraren Resursövervakaren Intrusion Detection Systems maskininlärning Other Computer and Information Science Annan data- och informationsvetenskap Computer Engineering Datorteknik Human Computer Interaction Interaction Technologies Interaktionsteknik

Search results