Global ETD Search

31	Evaluating the efficiency of Host-based Intrusion Detection Systems protecting web applications Willerton, Adam, Gustafsson, Rasmus January 2022 (has links) Background. Web applications are a more significant part of our digital experience, and the number of users keeps continuously growing. Social media alone accounts for more than half of the world’s population. Therefore these applications have become a lucrative target for attackers, and we have seen several attacks against them. One such example saw attackers manage to compromise a twitter account [15], leading to false information being published, causing the New York stock exchange to drop 150 points, erasing 136 billion dollars in equity market value. There are methods to protect web applications, such as web application firewalls or content security policies. Still, another candidate for defending these applications is Host-based Intrusion Detection Systems (HIDS). This study aims to assess the efficiency of these HIDS when defending against web applications. Objectives. The main objective of the thesis is to create an efficiency evaluating model for a HIDS when protecting web applications. Additionally, we will test two open-source HIDS against web applications built to emulate a vulnerable environment and measure these HIDS efficiencies with the model mentioned above. Methods. To reach the objectives of our thesis, a literature review regarding what metrics to evaluate the efficiency of a HIDS was conducted. This allowed us to construct a model for which we evaluated the efficiency of our selected HIDS. In this model, we use 3 categories, each containing multiple metrics. Once completed, the environment hosting our vulnerable applications and their HIDS was set up, followed by the attacks of the applications. The data generated by the HIDS gave us the data required to make our efficiency evaluation which was performed through the lens of the previously mentioned model. Results. The result shows a low overall efficiency from the two HIDS when regarding the category attack detection. The most efficient of the two could be determined. Of the two evaluated, Wazuh and Samhain; we determined Wazuh to be the more efficient HIDS. We identified several components required to improve their attack detection. Conclusions. Through the use of our model, we concluded that the HIDS Wazuh had higher efficiency than the HIDS Samhain. However both HIDS had low performances regarding their ability to detect attacks. Some specific components need to be implemented within these systems before they can reliably be used for defending web applications. Intrusion Detection System IDS Host-based Intrusion Detection System HIDS Web applications Efficiency Computer and Information Sciences Data- och informationsvetenskap
32	An Ensemble Learning Based Multi-level Network Intrusion Detection System for Wi-Fi Dominant Networks Francisco D. Vaca (6790182) 03 June 2019 (has links) <div>Today, networks contribute signicantly to everyone's life. The enormous usefulness of networks for various services and data storage motivates adversaries to launch attacks on them. Network Intrusion Detection Systems (NIDSs) are used as security measure inside the organizational networks to identify any intrusions and generate alerts for them. The idea of deploying an NIDS is quite known and has been studied and adopted in both academia and industry. However, most of the NIDS literature have emphasized to detect the attacks that originate externally in a wired network infrastructure. In addition, Wi-Fi and wired networks are treated the same for the NIDSs. The open infrastructure in Wi-Fi network makes it different from the wired network. Several internal attacks that could happen in a Wi-Fi network are not pos-</div><div>sible in a wired network. The NIDSs developed using traditional approaches may fail to identify these internal attacks.</div><div><br></div><div><div>The thesis work attempts to develop a Multi-Level Network Intrusion Detection System (ML-NIDS) for Wi-Fi dominant networks that can detect internal attacks specic to Wi-Fi networks as well as the generic network attacks that are independent of network infrastructure. In Wi-Fi dominant networks, Wi-Fi devices (stations) are prevalent at the edge of campus and enterprise networks and integrated with the fixed wired infrastructure at the access. The implementation is proposed for Wi-Fi dominant networks; nevertheless, it aims to work for the wired network as well. We develop the ML-NIDS using an ensemble learning method that combines several weak</div><div>learners to create a strong learner.</div></div><div><br></div> Computer Engineering Wi-Fi
33	Key distribution and distributed intrusion detection system in wireless sensor network Techateerawat, Piya, piyat33@yahoo.com January 2008 (has links) This thesis proposes a security solution in key management and Intrusion Detection System (IDS) for wireless sensor networks. It addresses challenges of designing in energy and security requirement. Since wireless communication consumes the most energy in sensor network, transmissions must be used efficiently. We propose Hint Key Distribution (HKD) for key management and Adaptive IDS for distributing activated IDS nodes and cooperative operation of these two protocols. HKD protocol focuses on the challenges of energy, computation and security. It uses a hint message and key chain to consume less energy while self-generating key can secure the secret key. It is a proposed solution to key distribution in sensor networks. Adaptive IDS uses threshold and voting algorithm to distribute IDS through the network. An elected node is activated IDS to monitor its network and neighbors. A threshold is used as a solution to reduce number of repeated activations of the same node. We attempt to distribute the energy use equally across the network. In a cooperative protocol, HKD and Adaptive IDS exchange information in order to adjust to the current situation. The level of alert controls the nature of the interaction between the two protocols. Wireless Sensor Network Sensor network Security Key Distribution Intrusion Detection System Hint Key Distribution Adaptive Intrusion Detection System HKD IDS Adaptive IDS
34	The Resilience of Deep Learning Intrusion Detection Systems for Automotive Networks : The effect of adversarial samples and transferability on Deep Learning Intrusion Detection Systems for Controller Area Networks / Motståndskraften hos Deep Learning Intrusion Detection Systems för fordonsnätverk : Effekten av kontradiktoriska prover och överförbarhet på Deep Learning Intrusion Detection Systems för Controller Area Networks Zenden, Ivo January 2022 (has links) This thesis will cover the topic of cyber security in vehicles. Current vehicles contain many computers which communicate over a controller area network. This network has many vulnerabilities which can be leveraged by attackers. To combat these attackers, intrusion detection systems have been implemented. The latest research has mostly focused on the use of deep learning techniques for these intrusion detection systems. However, these deep learning techniques are not foolproof and possess their own security vulnerabilities. One such vulnerability comes in the form of adversarial samples. These are attacks that are manipulated to evade detection by these intrusion detection systems. In this thesis, the aim is to show that the known vulnerabilities of deep learning techniques are also present in the current state-of-the-art intrusion detection systems. The presence of these vulnerabilities shows that these deep learning based systems are still to immature to be deployed in actual vehicles. Since if an attacker is able to use these weaknesses to circumvent the intrusion detection system, they can still control many parts of the vehicles such as the windows, the brakes and even the engine. Current research regarding deep learning weaknesses has mainly focused on the image recognition domain. Relatively little research has investigated the influence of these weaknesses for intrusion detection, especially on vehicle networks. To show these weaknesses, firstly two baseline deep learning intrusion detection systems were created. Additionally, two state-of-the-art systems from recent research papers were recreated. Afterwards, adversarial samples were generated using the fast gradient-sign method on one of the baseline systems. These adversarial samples were then used to show the drop in performance of all systems. The thesis shows that the adversarial samples negatively impact the two baseline models and one state-of-the-art model. The state-of-the-art model’s drop in performance goes as high as 60% in the f1-score. Additionally, some of the adversarial samples need as little as 2 bits to be changed in order to evade the intrusion detection systems. / Detta examensarbete kommer att täcka ämnet cybersäkerhet i fordon. Nuvarande fordon innehåller många datorer som kommunicerar över ett så kallat controller area network. Detta nätverk har många sårbarheter som kan utnyttjas av angripare. För att bekämpa dessa angripare har intrångsdetekteringssystem implementerats. Den senaste forskningen har mestadels fokuserat på användningen av djupinlärningstekniker för dessa intrångsdetekteringssystem. Dessa djupinlärningstekniker är dock inte idiotsäkra och har sina egna säkerhetsbrister. En sådan sårbarhet kommer i form av kontradiktoriska prover. Dessa är attacker som manipuleras för att undvika upptäckt av dessa intrångsdetekteringssystem. I det här examensarbetet kommer vi att försöka visa att de kända sårbarheterna hos tekniker för djupinlärning också finns i de nuvarande toppmoderna systemen för intrångsdetektering. Förekomsten av dessa sårbarheter visar att dessa djupinlärningsbaserade system fortfarande är för omogna för att kunna användas i verkliga fordon. Eftersom om en angripare kan använda dessa svagheter för att kringgå intrångsdetekteringssystemet, kan de fortfarande kontrollera många delar av fordonet som rutorna, bromsarna och till och med motorn. Aktuell forskning om svagheter i djupinlärning har främst fokuserat på bildigenkänningsdomänen. Relativt lite forskning har undersökt inverkan av dessa svagheter för intrångsdetektering, särskilt på fordonsnätverk. För att visa dessa svagheter skapades först två baslinjesystem för djupinlärning intrångsdetektering. Dessutom återskapades två toppmoderna system från nya forskningsartiklar. Efteråt genererades motstridiga prover med hjälp av den snabba gradient-teckenmetoden på ett av baslinjesystemen. Dessa kontradiktoriska prover användes sedan för att visa nedgången i prestanda för alla system. Avhandlingen visar att de kontradiktoriska proverna negativt påverkar de två baslinjemodellerna och en toppmodern modell. Den toppmoderna modellens minskning av prestanda går så högt som 60% i f1-poängen. Dessutom behöver några av de kontradiktoriska samplen så lite som 2 bitar att ändras för att undvika intrångsdetekteringssystem. Vehicle Security Deep Learning Controller Area Network Intrusion Detection System Adversarial Samples Fordonssäkerhet Deep Learning Controller Area Network Intrusion Detection System kontradiktoriska prover Computer and Information Sciences Data- och informationsvetenskap
35	Stream splitting in support of intrusion detection Judd, John David 06 1900 (has links) Approved for public release, distribution is unlimited / One of the most significant challenges with modern intrusion detection systems is the high rate of false alarms that they generate. In order to lower this rate, we propose to reduce the amount of traffic sent a given intrusion detection system via a filtering process termed stream splitting. Each packet arriving at the system is treated as belonging to a connection. Each connection is then assigned to a network stream. A network stream can then be sent to an analysis engine tailored specifically for that type of data. To demonstrate a stream-splitting capability, both an extendable multi-threaded architecture and prototype were developed. This system was tested to ensure the ability to capture traffic and found to be able to do so with minimal loss at network speeds up to 20 Mb/s, comparable to several open-source analysis programs. The stream splitter was also shown to be able to correctly implement a traffic separation scheme. / Ensign, United States Navy Electronic alarm systems Computer networks Security measures Intrusion detection system Stream splitting Fuzzy logic
36	Incremental Support Vector Machine Approach for DoS and DDoS Attack Detection Seunghee Lee (6636224) 14 May 2019 (has links) <div> <div> <div> <p>Support Vector Machines (SVMs) have generally been effective in detecting instances of network intrusion. However, from a practical point of view, a standard SVM is not able to handle large-scale data efficiently due to the computation complexity of the algorithm and extensive memory requirements. To cope with the limitation, this study presents an incremental SVM method combined with a k-nearest neighbors (KNN) based candidate support vectors (CSV) selection strategy in order to speed up training and test process. The proposed incremental SVM method constructs or updates the pattern classes by incrementally incorporating new signatures without having to load and access the entire previous dataset in order to cope with evolving DoS and DDoS attacks. Performance of the proposed method is evaluated with experiments and compared with the standard SVM method and the simple incremental SVM method in terms of precision, recall, F1-score, and training and test duration.<br></p> </div> </div> </div> Applied Computer Science SVM Incremental SVM ISVM KNN algorithm Incremental learning Intrusion Detection System (IDS)
37	The Byzantine Agreement Protocol Applied to Security Toth, David 12 January 2005 (has links) Intrusion Detection & Countermeasure Systems (IDCS) and architectures commonly used in commercial, as well as research environments, suffer from a number of problems that limit their effectiveness. The most common shortcoming of current IDCSs is their inability to tolerate failures. These failures can occur naturally, such as hardware or software failures, or can be the result of attackers attempting to compromise the IDCS itself. Currently, the WPI System Security Laboratory at Worcester Polytechnic Institute is developing a Secure Architecture and Fault-Resilient Engine (S.A.F.E.), a system capable of tolerating failures. This system makes use of solutions to the Byzantine General's Problem, developed earlier by Lamport and others. Byzantine Agreement Protocols will be used to achieve consensus about which nodes have been compromised or failed, with a series of synchronized, secure rounds of message exchanges. Once a consensus has been reached, the offending nodes can be isolated and countermeasure actions can be initiated by the system. We consider the necessary and sufficient conditions for the application of Byzantine Agreement Protocols to the intrusion detection problem. Further, a first implementation of this algorithm will be embedded in the Distributed Trust Manager (DTM) module of S.A.F.E. The DTM is the key module responsible for assuring trust amongst the members of the system. Finally, we will evaluate the DTM, as a standalone unit, to ensure that it performs correctly. intrusion detection system Byzantine Agreement Protocol Computer security Fault-tolerant computing
38	Machine Learning-driven Intrusion Detection Techniques in Critical Infrastructures Monitored by Sensor Networks Otoum, Safa 23 April 2019 (has links) In most of critical infrastructures, Wireless Sensor Networks (WSNs) are deployed due to their low-cost, flexibility and efficiency as well as their wide usage in several infrastructures. Regardless of these advantages, WSNs introduce various security vulnerabilities such as different types of attacks and intruders due to the open nature of sensor nodes and unreliable wireless links. Therefore, the implementation of an efficient Intrusion Detection System (IDS) that achieves an acceptable security level is a stimulating issue that gained vital importance. In this thesis, we investigate the problem of security provisioning in WSNs based critical monitoring infrastructures. We propose a trust based hierarchical model for malicious nodes detection specially for Black-hole attacks. We also present various Machine Learning (ML)-driven IDSs schemes for wirelessly connected sensors that track critical infrastructures. In this thesis, we present an in-depth analysis of the use of machine learning, deep learning, adaptive machine learning, and reinforcement learning solutions to recognize intrusive behaviours in the monitored network. We evaluate the proposed schemes by using KDD'99 as real attacks data-sets in our simulations. To this end, we present the performance metrics for four different IDSs schemes namely the Clustered Hierarchical Hybrid IDS (CHH-IDS), Adaptively Supervised and Clustered Hybrid IDS (ASCH-IDS), Restricted Boltzmann Machine-based Clustered IDS (RBC-IDS) and Q-learning based IDS (QL-IDS) to detect malicious behaviours in a sensor network. Through simulations, we analyzed all presented schemes in terms of Accuracy Rates (ARs), Detection Rates (DRs), False Negative Rates (FNRs), Precision-recall ratios, F_1 scores and, the area under curves (ROC curves) which are the key performance parameters for all IDSs. To this end, we show that QL-IDS performs with ~ 100% detection and accuracy rates. Wireless Sensor Networks (WSNs) Networks security Deep Learning Machine Learning Reinforcement Learning Intrusion Detection System
39	Integrate Model and Instance Based Machine Learning for Network Intrusion Detection Lena Ara (5931005) 17 January 2019 (has links) <div> In computer networks, the convenient internet access facilitates internet services, but at the same time also augments the spread of malicious software which could represent an attack or unauthorized access. Thereby, making the intrusion detection an important area to explore for detecting these unwanted activities. This thesis concentrates on combining the Model and Instance Based Machine Learning for detecting intrusions through a series of algorithms starting from clustering the similar hosts. </div><div> Similar hosts have been found based on the supervised machine learning techniques like Support Vector Machines, Decision Trees and K Nearest Neighbors using our proposed Data Fusion algorithm. Maximal cliques of Graph Theory has been explored to find the clusters. A recursive way is proposed to merge the decision areas of best features. The idea is to implement a combination of model and instance based machine learning and analyze how it performs as compared to a conventional machine learning algorithm like Random Forest for intrusion detection. The system has been evaluated on three datasets by CTU-13. The results show that our proposed method gives better detection rate as compared to traditional methods which might overfit the data.</div><div> The research work done in model merging, instance based learning, random forests, data mining and ensemble learning with regards to intrusion detection have been studied and taken as reference. </div> Computer Engineering Machine Learning Intrusion Detection System Clustering Similar Hosts Botnet Traffic
40	The immunophilins as drug targets : development of novel fluorescence assays McKenzie, Neil Iain January 2014 (has links) The immunophilins are a superfamily of proteins comprising the cyclophilins, the FKBPs and the parvulin sub-families. Members are present ubiquitously in plant and animal cells, acting as both prolyl-isomerases and signalling proteins. Some also have chaperone activity. The prolyl isomerase function of the immunophilins has been identified as being central to progression of a large number of diseases, making them tempting drug targets. Whilst there are several assays which can be used to identify inhibitors of the prolyl isomerase function, they are hampered by one or more problems: multistep mechanisms, poor signal-to-noise ratios, expensive, laborious and unamenable to high throughput screening. Multiple fluorescent systems (fluorescence anisotropy, FRET, 2D-FIDA/FCS) and several technologies (solution and solid phase synthesis, solution and solid phase screening, combinatorial synthesis, and stopped-flow spectrometry) were explored to develop a system suitable for fast, efficient screening of immunophilins. The most promising of these is a prototype assay based on the design, cloning, expression and production of fluorescently labelled mutant of cyclophilin B, which shows an increase in fluorescence emission upon cyclosporin ligand binding. 616.07

Search results