- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 51 to 60 of 152 (0.065 seconds)Spelling suggestions: "subject:"detection system"" "subject:"1detection system""
| 51 |
Generation of cyber attack data using generative techniquesNidhi Nandkishor Sakhala (6636128) 15 May 2019 (has links)
<div><div><div><p>The presence of attacks in day-to-day traffic flow in connected networks is considerably less compared to genuine traffic flow. Yet, the consequences of these attacks are disastrous. It is very important to identify if the network is being attacked and block these attempts to protect the network system. Failure to block these attacks can lead to loss of confidential information and reputation and can also lead to financial loss. One of the strategies to identify these attacks is to use machine learning algorithms that learn to identify attacks by looking at previous examples. But since the number of attacks is small, it is difficult to train these machine learning algorithms. This study aims to use generative techniques to create new attack samples that can be used to train the machine learning based intrusion detection systems to identify more attacks. Two metrics are used to verify that the training has improved and a binary classifier is used to perform a two-sample test for verifying the generated attacks.</p></div></div></div>
|
| 52 |
Rules Based Analysis Engine for Application Layer IDSScrobonia, David 01 May 2017 (has links)
Web application attack volume, complexity, and costs have risen as people, companies, and entire industries move online. Solutions implemented to defend web applications against malicious activity have traditionally been implemented at the network or host layer. While this is helpful for detecting some attacks, it does not provide the gran- ularity to see malicious behavior occurring at the application layer. The AppSensor project, an application level intrusion detection system (IDS), is an example of a tool that operates in this layer. AppSensor monitors users within the application by observing activity in suspicious areas not able to be seen by traditional network layer tools. This thesis aims to improve the state of web application security by supporting the development of the AppSensor project. Specifically, this thesis entails contributing a rules-based analysis engine to provide a new method for determining whether suspicious activity constitutes an attack. The rules-based method aggregates information from multiple sources into a logical rule to identify malicious activity, as opposed to relying on a single source of information. The rules-based analysis engine is designed to offer more flexible configuration for administrators and more accurate results than the incumbent analysis engine. Tests indicate that the new engine should not hamper the performance of AppSensor and use cases highlight how rules can be leveraged for more accurate results.
|
| 53 |
Návrh zabezpečení průmyslového řídícího systému / Industrial control system security designStrnad, Matěj January 2019 (has links)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
|
| 54 |
NIDS im CampusnetzSchier, Thomas 04 May 2004 (has links)
Workshop "Netz- und Service-Infrastrukturen"
Dieser Beitrag zum Workshop "Netz- und Service-Infrastrukturen" behandelt den
Aufbau eines Network Intrusion Detection System
im Campusnetz.
|
| 55 |
Security in low power wireless networks : Evaluating and mitigating routing attacks in a reactive, on demand ad-hoc routing protocol / Säkerheten i trådlösa lågenerginätverk : Utvärdering och begränsning av routing attacker i ett reaktivt ad-hoc routing protokollFredriksson, Tony, Ljungberg, Niklas January 2017 (has links)
Using low energy devices to communicate over the air presents many challenges to reach security as resources in the world of Internet Of Things (IoT) are limited. Any extra overhead of computing or radio transmissions that extra security might add affects cost of both increased computing time and energy consumption which are all scarce resources in IoT. This thesis details the current state of security mechanisms built into the commercially available protocol stacks Zigbee, Z-wave, and Bluetooth Low Energy, and collects implemented and proposed solutions to common ways of attacking systems built on these protocol stacks. Attacks evaluated are denial of service/sleep, man-in-the-middle, replay, eavesdropping, and in mesh networks, sinkhole, black hole, selective forwarding, sybil, wormhole, and hello flood. An intrusion detection system is proposed to detect sinkhole, selective forwarding, and sybil attacks in the routing protocol present in the communication stack Rime implemented in the operating system Contiki. The Sinkhole and Selective forwarding mitigation works close to perfection in larger lossless networks but suffers an increase in false positives in lossy environments. The Sybil Detection is based on Received Signal Strength and strengthens the blacklist used in the sinkhole and selective forwarding detection, as a node changing its ID to avoid the blacklist will be detected as in the same geographical position as the blacklisted node.
|
| 56 |
A Kangaroo-Based Intrusion Detection System on Software-Defined NetworksYazdinejadna, Abbas, Parizi, Reza M., Dehghantanha, Ali, Khan, Mohammad S. 15 January 2021 (has links)
In recent years, a new generation of architecture has emerged in the world of computer networks, known as software-defined networking (SDN), that aims to improve and remove the limitations of traditional networks. Although SDN provides viable benefits, it has faced many security threats and vulnerability-related issues. To solve security issues in the SDN, one of the most vital solutions is employing an intrusion detection system (IDS). Merging IDS into the SDN network remains efficient due to the unique features of SDN, such as high manageability, flexibility, and programmability. In this paper, we propose a new approach as a kangaroo-based intrusion detection system (KIDS), which is an SDN-based architecture for attack detection and malicious behaviors in the data plane. Designing a zone-based architecture in the KIDS assists us in achieving a distributed architecture which is scalable in both area and anomaly detection. In the KIDS architecture, the IDS module supplies the flow-based and packet-based intrusion detection components based on monitoring packet parser and Flow tables of the SDN switches. In the proposed approach, the IDS uses consecutive jumps like a kangaroo for announcing the attacks both to the SDN controller and other IDSs, contributing to improved scalability and efficiency. The evaluation of the proposed approach shows an enhanced performance against that of peer approaches in detecting malicious packets.
|
| 57 |
MACHINE LEARNING BASED ALGORITHMIC APPROACHES FOR NETWORK TRAFFIC CLASSIFICATIONJamil, Md Hasibul 01 December 2021 (has links)
Networking and distributed computing system have provided computational resources for machine learning (ML) application for a long time. Network system itself also can benefit from ML technologies. For example high performance packet classification is a key component to support scalable network applications like firewalls, intrusion detection, and differentiated services. With ever increasing demand in the line rate for core networks, a great challenge is to use hand-tuned heuristic approaches to design a scalable and high performance packet classification solution. By exploiting the sparsity present in a ruleset, in this thesis an algorithm is proposed to use few effective bits (EBs) to extract a large number of candidate rules with just a few number of memory access. These effective bits are learned with deep reinforcement learning and they are used to create a bitmap to filter out the majority of rules which do not need to be fully matched to improve the online system performance. Utilizing reinforcement learning allows the proposed solution to be learning based rather than heuristic based algorithms. So proposed learning-based selection method is independent of the ruleset, which can be applied to different rulesets without relying on the heuristics. Proposed multibit tries classification engine outperforms lookup time both in worst and average case by 55% and reduce memory footprint, compared to traditional decision tree without EBs. Furthermore, many field packet classification are required for openFlow supported switches. With the proliferation of fields in the packet header, a traditional 5-field classification technique isn’t applicable for an efficient classification engine for those openFlow supported switches. Although the algorithmic insights obtained from 5-field classification techniques could still be applied for many field classification engine. To decompose given fields of a ruleset, different grouping metrics like standard deviation of individual fields and a novel metric called Diversity Index (DI) is considered for such many field scenarios. A detailed discussion and evaluation of how to decompose rule fields/dimension into subgroup, how a decision tree construction can be considered as reinforcement learning problem, and how to encode state and action space, reward calculation to effectively build trees for each subgroup with a global optimization objective is introduced in this work. Finally, to identify benign or malicious heterogeneous type of traffic present in a modern home network, a deep neural network based approach is introduced. A split architecture of such traffic classifier, in application of home network intrusion detection system consists of multiple machine learning (ML) models. These models trained on two separate dataset for heterogeneous traffic types. An analysis of run-time implementation performance of the proposed IDS models is also discussed.
|
| 58 |
Integrate Model and Instance Based Machine Learning for Network Intrusion DetectionAra, Lena 12 1900 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / In computer networks, the convenient internet access facilitates internet services, but at the same time also augments the spread of malicious software which could represent an attack or unauthorized access. Thereby, making the intrusion detection an important area to explore for detecting these unwanted activities. This thesis concentrates on combining the Model and Instance Based Machine Learning for detecting intrusions through a series of algorithms starting from clustering the similar hosts.
Similar hosts have been found based on the supervised machine learning techniques like Support Vector Machines, Decision Trees and K Nearest Neighbors using our proposed Data Fusion algorithm. Maximal cliques of Graph Theory has been explored to find the clusters. A recursive way is proposed to merge the decision areas of best features. The idea is to implement a combination of model and instance based machine learning and analyze how it performs as compared to a conventional machine learning algorithm like Random Forest for intrusion detection. The system has been evaluated on three datasets by CTU-13. The results show that our proposed method gives better detection rate as compared to traditional methods which might overfit the data.
The research work done in model merging, instance based learning, random forests, data mining and ensemble learning with regards to intrusion detection have been studied and taken as reference.
|
| 59 |
Pruning GHSOM to create an explainable intrusion detection systemKirby, Thomas Michael 12 May 2023 (has links) (PDF)
Intrusion Detection Systems (IDS) that provide high detection rates but are black boxes leadto models that make predictions a security analyst cannot understand. Self-Organizing Maps(SOMs) have been used to predict intrusion to a network, while also explaining predictions throughvisualization and identifying significant features. However, they have not been able to compete withthe detection rates of black box models. Growing Hierarchical Self-Organizing Maps (GHSOMs)have been used to obtain high detection rates on the NSL-KDD and CIC-IDS-2017 network trafficdatasets, but they neglect creating explanations or visualizations, which results in another blackbox model.This paper offers a high accuracy, Explainable Artificial Intelligence (XAI) based on GHSOMs.One obstacle to creating a white box hierarchical model is the model growing too large and complexto understand. Another contribution this paper makes is a pruning method used to cut down onthe size of the GHSOM, which provides a model that can provide insights and explanation whilemaintaining a high detection rate.
|
| 60 |
Leveraging PLC Ladder Logic for Signature Based IDS Rule GenerationRichey, Drew Jackson 12 August 2016 (has links)
Industrial Control Systems (ICS) play a critical part in our world’s economy, supply chain and critical infrastructure. Securing the various types of ICS is of the utmost importance and has been a focus of much research for the last several years. At the heart of many defense in depth strategies is the signature based intrusion detection system (IDS). The signatures that define an IDS determine the effectiveness of the system. Existing methods for IDS signature creation do not leverage the information contained within the PLC ladder logic file. The ladder logic file is a rich source of information about the PLC control system. This thesis describes a method for parsing PLC ladder logic to extract address register information, data types and usage that can be used to better define the normal operation of the control system which will allow for rules to be created to detect abnormal activity.
|
Page generated in 0.073 seconds