- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 51 to 60 of 149 (0.091 seconds)Spelling suggestions: "subject:"1detection system"" "subject:"d'etection system""
| 51 |
Rules Based Analysis Engine for Application Layer IDSScrobonia, David 01 May 2017 (has links)
Web application attack volume, complexity, and costs have risen as people, companies, and entire industries move online. Solutions implemented to defend web applications against malicious activity have traditionally been implemented at the network or host layer. While this is helpful for detecting some attacks, it does not provide the gran- ularity to see malicious behavior occurring at the application layer. The AppSensor project, an application level intrusion detection system (IDS), is an example of a tool that operates in this layer. AppSensor monitors users within the application by observing activity in suspicious areas not able to be seen by traditional network layer tools. This thesis aims to improve the state of web application security by supporting the development of the AppSensor project. Specifically, this thesis entails contributing a rules-based analysis engine to provide a new method for determining whether suspicious activity constitutes an attack. The rules-based method aggregates information from multiple sources into a logical rule to identify malicious activity, as opposed to relying on a single source of information. The rules-based analysis engine is designed to offer more flexible configuration for administrators and more accurate results than the incumbent analysis engine. Tests indicate that the new engine should not hamper the performance of AppSensor and use cases highlight how rules can be leveraged for more accurate results.
|
| 52 |
Návrh zabezpečení průmyslového řídícího systému / Industrial control system security designStrnad, Matěj January 2019 (has links)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
|
| 53 |
NIDS im CampusnetzSchier, Thomas 04 May 2004 (has links)
Workshop "Netz- und Service-Infrastrukturen"
Dieser Beitrag zum Workshop "Netz- und Service-Infrastrukturen" behandelt den
Aufbau eines Network Intrusion Detection System
im Campusnetz.
|
| 54 |
Security in low power wireless networks : Evaluating and mitigating routing attacks in a reactive, on demand ad-hoc routing protocol / Säkerheten i trådlösa lågenerginätverk : Utvärdering och begränsning av routing attacker i ett reaktivt ad-hoc routing protokollFredriksson, Tony, Ljungberg, Niklas January 2017 (has links)
Using low energy devices to communicate over the air presents many challenges to reach security as resources in the world of Internet Of Things (IoT) are limited. Any extra overhead of computing or radio transmissions that extra security might add affects cost of both increased computing time and energy consumption which are all scarce resources in IoT. This thesis details the current state of security mechanisms built into the commercially available protocol stacks Zigbee, Z-wave, and Bluetooth Low Energy, and collects implemented and proposed solutions to common ways of attacking systems built on these protocol stacks. Attacks evaluated are denial of service/sleep, man-in-the-middle, replay, eavesdropping, and in mesh networks, sinkhole, black hole, selective forwarding, sybil, wormhole, and hello flood. An intrusion detection system is proposed to detect sinkhole, selective forwarding, and sybil attacks in the routing protocol present in the communication stack Rime implemented in the operating system Contiki. The Sinkhole and Selective forwarding mitigation works close to perfection in larger lossless networks but suffers an increase in false positives in lossy environments. The Sybil Detection is based on Received Signal Strength and strengthens the blacklist used in the sinkhole and selective forwarding detection, as a node changing its ID to avoid the blacklist will be detected as in the same geographical position as the blacklisted node.
|
| 55 |
A Kangaroo-Based Intrusion Detection System on Software-Defined NetworksYazdinejadna, Abbas, Parizi, Reza M., Dehghantanha, Ali, Khan, Mohammad S. 15 January 2021 (has links)
In recent years, a new generation of architecture has emerged in the world of computer networks, known as software-defined networking (SDN), that aims to improve and remove the limitations of traditional networks. Although SDN provides viable benefits, it has faced many security threats and vulnerability-related issues. To solve security issues in the SDN, one of the most vital solutions is employing an intrusion detection system (IDS). Merging IDS into the SDN network remains efficient due to the unique features of SDN, such as high manageability, flexibility, and programmability. In this paper, we propose a new approach as a kangaroo-based intrusion detection system (KIDS), which is an SDN-based architecture for attack detection and malicious behaviors in the data plane. Designing a zone-based architecture in the KIDS assists us in achieving a distributed architecture which is scalable in both area and anomaly detection. In the KIDS architecture, the IDS module supplies the flow-based and packet-based intrusion detection components based on monitoring packet parser and Flow tables of the SDN switches. In the proposed approach, the IDS uses consecutive jumps like a kangaroo for announcing the attacks both to the SDN controller and other IDSs, contributing to improved scalability and efficiency. The evaluation of the proposed approach shows an enhanced performance against that of peer approaches in detecting malicious packets.
|
| 56 |
MACHINE LEARNING BASED ALGORITHMIC APPROACHES FOR NETWORK TRAFFIC CLASSIFICATIONJamil, Md Hasibul 01 December 2021 (has links)
Networking and distributed computing system have provided computational resources for machine learning (ML) application for a long time. Network system itself also can benefit from ML technologies. For example high performance packet classification is a key component to support scalable network applications like firewalls, intrusion detection, and differentiated services. With ever increasing demand in the line rate for core networks, a great challenge is to use hand-tuned heuristic approaches to design a scalable and high performance packet classification solution. By exploiting the sparsity present in a ruleset, in this thesis an algorithm is proposed to use few effective bits (EBs) to extract a large number of candidate rules with just a few number of memory access. These effective bits are learned with deep reinforcement learning and they are used to create a bitmap to filter out the majority of rules which do not need to be fully matched to improve the online system performance. Utilizing reinforcement learning allows the proposed solution to be learning based rather than heuristic based algorithms. So proposed learning-based selection method is independent of the ruleset, which can be applied to different rulesets without relying on the heuristics. Proposed multibit tries classification engine outperforms lookup time both in worst and average case by 55% and reduce memory footprint, compared to traditional decision tree without EBs. Furthermore, many field packet classification are required for openFlow supported switches. With the proliferation of fields in the packet header, a traditional 5-field classification technique isn’t applicable for an efficient classification engine for those openFlow supported switches. Although the algorithmic insights obtained from 5-field classification techniques could still be applied for many field classification engine. To decompose given fields of a ruleset, different grouping metrics like standard deviation of individual fields and a novel metric called Diversity Index (DI) is considered for such many field scenarios. A detailed discussion and evaluation of how to decompose rule fields/dimension into subgroup, how a decision tree construction can be considered as reinforcement learning problem, and how to encode state and action space, reward calculation to effectively build trees for each subgroup with a global optimization objective is introduced in this work. Finally, to identify benign or malicious heterogeneous type of traffic present in a modern home network, a deep neural network based approach is introduced. A split architecture of such traffic classifier, in application of home network intrusion detection system consists of multiple machine learning (ML) models. These models trained on two separate dataset for heterogeneous traffic types. An analysis of run-time implementation performance of the proposed IDS models is also discussed.
|
| 57 |
Integrate Model and Instance Based Machine Learning for Network Intrusion DetectionAra, Lena 12 1900 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / In computer networks, the convenient internet access facilitates internet services, but at the same time also augments the spread of malicious software which could represent an attack or unauthorized access. Thereby, making the intrusion detection an important area to explore for detecting these unwanted activities. This thesis concentrates on combining the Model and Instance Based Machine Learning for detecting intrusions through a series of algorithms starting from clustering the similar hosts.
Similar hosts have been found based on the supervised machine learning techniques like Support Vector Machines, Decision Trees and K Nearest Neighbors using our proposed Data Fusion algorithm. Maximal cliques of Graph Theory has been explored to find the clusters. A recursive way is proposed to merge the decision areas of best features. The idea is to implement a combination of model and instance based machine learning and analyze how it performs as compared to a conventional machine learning algorithm like Random Forest for intrusion detection. The system has been evaluated on three datasets by CTU-13. The results show that our proposed method gives better detection rate as compared to traditional methods which might overfit the data.
The research work done in model merging, instance based learning, random forests, data mining and ensemble learning with regards to intrusion detection have been studied and taken as reference.
|
| 58 |
Pruning GHSOM to create an explainable intrusion detection systemKirby, Thomas Michael 12 May 2023 (has links) (PDF)
Intrusion Detection Systems (IDS) that provide high detection rates but are black boxes leadto models that make predictions a security analyst cannot understand. Self-Organizing Maps(SOMs) have been used to predict intrusion to a network, while also explaining predictions throughvisualization and identifying significant features. However, they have not been able to compete withthe detection rates of black box models. Growing Hierarchical Self-Organizing Maps (GHSOMs)have been used to obtain high detection rates on the NSL-KDD and CIC-IDS-2017 network trafficdatasets, but they neglect creating explanations or visualizations, which results in another blackbox model.This paper offers a high accuracy, Explainable Artificial Intelligence (XAI) based on GHSOMs.One obstacle to creating a white box hierarchical model is the model growing too large and complexto understand. Another contribution this paper makes is a pruning method used to cut down onthe size of the GHSOM, which provides a model that can provide insights and explanation whilemaintaining a high detection rate.
|
| 59 |
Leveraging PLC Ladder Logic for Signature Based IDS Rule GenerationRichey, Drew Jackson 12 August 2016 (has links)
Industrial Control Systems (ICS) play a critical part in our world’s economy, supply chain and critical infrastructure. Securing the various types of ICS is of the utmost importance and has been a focus of much research for the last several years. At the heart of many defense in depth strategies is the signature based intrusion detection system (IDS). The signatures that define an IDS determine the effectiveness of the system. Existing methods for IDS signature creation do not leverage the information contained within the PLC ladder logic file. The ladder logic file is a rich source of information about the PLC control system. This thesis describes a method for parsing PLC ladder logic to extract address register information, data types and usage that can be used to better define the normal operation of the control system which will allow for rules to be created to detect abnormal activity.
|
| 60 |
Cyber attacks against small companies that outsource their servicesHaji Akbar, Mahan, Babar, Shahryar Khan January 2022 (has links)
Companies outsource a lot of their development tasks. The use of external development teams introduces security problems which may lead to data breaches and even corporate espionage where business ideas are used in other companies, leading to leaking of trade secrets. A detailed explanation of the security implications of outsourcing is given, with ways to mitigate such risks in the first section of the report. The report also explains some basics theory in cyber security such as information gathering, vulnerability scanning, exploitation and post exploitation. We also look at some software tools used in the field. Due to the lack of knowledge and awareness about cyber security, most small companies do not have enough protection against these malicious attacks. The proposed intrusion detection system is capable of recognizing various kinds of cyber attacks including denial of serviceattack, spoofing attack, sniffing attack and so on. The proposed system employs ensemble learning and feature selection techniques to reduce the computational cost and improve the detection rate simultaneously. This paper presents an intelligent intrusion detection system based on tree-structure machine learning models. After the implementation of the proposed intrusion detection system on standard data sets, the system has achieved high detection rate and low computational cost simultaneously. The method used to bring results is python with scikit library that can help with machine learning. The results will show figures of heatmap and scores of models that will explain how likely it will identify a cyber attack.
|
Page generated in 0.1405 seconds