Spelling suggestions: "subject:"1nternet -- 2security measures"" "subject:"1nternet -- bsecurity measures""
51 |
A framework for high speed lexical classification of malicious URLsEgan, Shaun Peter January 2014 (has links)
Phishing attacks employ social engineering to target end-users, with the goal of stealing identifying or sensitive information. This information is used in activities such as identity theft or financial fraud. During a phishing campaign, attackers distribute URLs which; along with false information, point to fraudulent resources in an attempt to deceive users into requesting the resource. These URLs are made obscure through the use of several techniques which make automated detection difficult. Current methods used to detect malicious URLs face multiple problems which attackers use to their advantage. These problems include: the time required to react to new attacks; shifts in trends in URL obfuscation and usability problems caused by the latency incurred by the lookups required by these approaches. A new method of identifying malicious URLs using Artificial Neural Networks (ANNs) has been shown to be effective by several authors. The simple method of classification performed by ANNs result in very high classification speeds with little impact on usability. Samples used for the training, validation and testing of these ANNs are gathered from Phishtank and Open Directory. Words selected from the different sections of the samples are used to create a `Bag-of-Words (BOW)' which is used as a binary input vector indicating the presence of a word for a given sample. Twenty additional features which measure lexical attributes of the sample are used to increase classification accuracy. A framework that is capable of generating these classifiers in an automated fashion is implemented. These classifiers are automatically stored on a remote update distribution service which has been built to supply updates to classifier implementations. An example browser plugin is created and uses ANNs provided by this service. It is both capable of classifying URLs requested by a user in real time and is able to block these requests. The framework is tested in terms of training time and classification accuracy. Classification speed and the effectiveness of compression algorithms on the data required to distribute updates is tested. It is concluded that it is possible to generate these ANNs in a frequent fashion, and in a method that is small enough to distribute easily. It is also shown that classifications are made at high-speed with high-accuracy, resulting in little impact on usability.
|
52 |
Secure web applications against off-line password guessing attack : a two way password protocol with challenge response using arbitrary imagesLu, Zebin 14 August 2013 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / The web applications are now being used in many security oriented areas, including online shopping, e-commerce, which require the users to transmit sensitive information on
the Internet. Therefore, to successfully authenticate each party of web applications is very important. A popular deployed technique for web authentication is the Hypertext Transfer
Protocol Secure (HTTPS) protocol. However the protocol does not protect the careless users who connect to fraudulent websites from being trapped into tricks. For example, in
a phishing attack, a web user who connects to an attacker may provide password to the attacker, who can use it afterwards to log in the target website and get the victim’s
credentials. To prevent phishing attacks, the Two-Way Password Protocol (TPP) and Dynamic Two-Way Password Protocol (DTPP) are developed. However there still exist
potential security threats in those protocols. For example, an attacker who makes a fake website may obtain the hash of users’ passwords, and use that information to arrange offline
password guessing attacks. Based on TPP, we incorporated challenge responses with arbitrary images to prevent the off-line password guessing attacks in our new protocol,
TPP with Challenge response using Arbitrary image (TPPCA). Besides TPPCA, we developed another scheme called Rain to solve the same problem by dividing shared
secrets into several rounds of negotiations. We discussed various aspects of our protocols, the implementation and experimental results.
|
53 |
The design and implementation of a security and containment platform for peer-to-peer media distribution / Die ontwerp en implimentasie van ’n sekure en begeslote platvorm vir portuurnetwerk mediaverspreidingStorey, Quiran 12 1900 (has links)
Thesis (MScEng)--Stellenbosch University, 2013. / ENGLISH ABSTRACT: The way in which people consume video is changing with the adoption of
new technologies such as tablet computers and smart televisions. These new
technologies, along with the Internet, are moving video distribution away from
satellite and terrestrial broadcast to distribution over the Internet. Services
online now offer the same content that originally was only available on satellite
broadcast television. However, these services are only viable in countries with
high speed, inexpensive Internet bandwidth. The need therefore exists for
alternative services to deliver content in countries where bandwidth is still
expensive and slow. These include many of the developing nations of Africa.
In this thesis we design and develop a video distribution platform that
relies on peer-to-peer networking to deliver high quality video content. We use
an existing video streaming peer-to-peer protocol as the primary distribution
mechanism, but allow users to share video over other protocols and services.
These can include BitTorrent, DC++ and users sharing hard drives with one
another. In order to protect the video content, we design and implement a
security scheme that prevents users from pirating video content, while allowing easy distribution of video data. The core of the security scheme requires a low
bandwidth Internet connection to a server that streams keys to unlock the
video content. The project also includes the development of a custom video
player application to integrate with the security scheme.
The platform is not limited to, but is aimed at high speed local area networks
where bandwidth is free. In order for the platform to support feasible
business models, we provision additional services, such as video cataloging
and search, video usage monitoring and platform administration. The thesis
includes a literature study on techniques and solutions to secure video entertainment,
specifically in a peer-to-peer environment. / AFRIKAANSE OPSOMMING: Die wyse waarvolgens mense video verbruik is aan die verander met die ingebruikneming
van nuwe tegnologie soos tabletrekenaars en slim televisiestelle.
Hierdie nuwe tegnologie tesame met die Internet maak dat die verspreiding
van video al hoe minder plaasvind deur middel van satellietuitsendings en al
hoe meer versprei word deur die Internet. Aanlyn-Internetdienste bied deesdae
dieselfde inhoud aan as wat voorheen slegs deur beeldsending versprei is.
Hierdie dienste is egter slegs lewensvatbaar in lande met hoëspoed- en goedkoop
Internetbandwydte. Daar is dus ’n behoefte aan alternatiewe tot hierdie
dienste in lande waar bandwydte steeds duur en stadig is. Baie lande in Afrika
kan in hierdie kategorie ingesluit word.
In hierdie tesis word ’n videoverspreidingsplatform ontwerp en ontwikkel,
wat van portuurnetwerke gebruik maak om hoëkwaliteit-beeldmateriaal te versprei.
Die stelsel gebruik ’n bestaande portuurnetwerk-datavloeiprotokol as
die premêre verspreidingsmeganisme, maar laat gebruikers ook toe om videoinhoud
direk met ander gebruikers en dienste te deel. BitTorrent, DC++ en
gebruikers wat hardeskywe met mekaar deel word hierby ingesluit. Ten einde die videoinhoud te beskerm ontwerp en implimenteer ons ’n sekuriteitstelsel
wat verhoed dat gebruikers die videoinhoud onregmatig kan toe-eien, maar
wat terselfdertyd die verspreiding van die data vergemaklik. Hierdie sluit die
ontwikkeling van ’n pasgemaakte videospeler in. Die kern van die sekuriteitstelsel
benodig ’n lae-bandwydte-Internetverbinding na ’n bediener wat sleutels
uitsaai om die videoinhoud te ontsluit.
Alhoewel nie daartoe beperk nie, is die platform gemik op hoëspoed-plaaslikegebiedsnetwerke
met gratis bandwydte. Om die platvorm aan ’n haalbare
sakemodel te laat voldoen het ons vir addisionele dienste soos videokatalogisering
met soekfunksies, videoverbruikersmonitering en platvormadministrasie
voorsiening gemaak. Die tesis sluit ’n literatuurstudie oor tegnieke en oplossings
vir die beskerming van video data, spesifiek in die portuurnetwerke
omgeving, in.
|
54 |
Internet-based electronic payment systemsKortekaas, Birgit Friederike 01 January 2002 (has links)
As today, the traditional payment systems of cash, cheques and credit cards are being
supplemented by electronic cheques, electronic credit card-based systems, and token-based
systems, online security is of utmost importance and one of the biggest criteria
used for evaluating electronic payment systems. Electronic payment systems must
guarantee the essential security requirements: confidentiality, privacy, integrity,
availability. authentication, non-repudiation as well as anonymity and trust. This paper
compares the various payment systems (both traditional and electronic) available today
mainly according to their security aspects. Secure processing can be accomplished
including access controls and detection techniques, such as, encrypted communication
channels, user and/or message authentication, symmetric and asymmetric encryption,
digital certificates and firewalls. These effective security measures, which are outlined in
detail in this paper, will protect the information and payment systems against security
risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)
|
55 |
The law of data (privacy) protection: a comparative and theoretical studyRoos, Anneliese 31 October 2003 (has links)
In present-day society more and more personal information is being collected. The nature of the collection has also changed: more sensitive and potentially prejudicial information is collected. The advent of computers and the development of new telecommunications technology, linking computers in networks (principally the Internet) and enabling the transfer of information between computer systems, have made information increasingly important, and boosted the collection and use of personal information. The risks inherent in the processing of personal information are that the data may be inaccurate, incomplete or irrelevant, accessed or disclosed without authorisation, used for a purpose other than that for which they were collected, or destroyed. The processing of personal information poses a threat to a person's right to privacy. The right to identity is also infringed when incorrect or misleading information relating to a person is processed. In response to the problem of the invasion of the right to privacy by the processing of personal information, many countries have adopted "data protection" laws. Since the common law in South Africa does not provide adequate protection for personal data, data protection legislation is also required. This study is undertaken from a private law perspective. However, since privacy is also protected as a fundamental right, the influence of constitutional law on data protection is also considered. After analysing different foreign data protection laws and legal instruments, a set of core data protection principles is identified. In addition, certain general legal principles that should form the basis of any statutory data protection legislation in South Africa are proposed. Following an analysis of the theoretical basis for data protection in South African private law, the current position as regards data protection in South-Africa is analysed and measured against the principles identified. The conclusion arrived at is that the current South African acts can all be considered to be steps in the right direction, but not complete solutions. Further legislation incorporating internationally accepted data protection principles is therefore necessary. The elements that should be incorporated in a data protection regime are discussed. / Jurisprudence / LL. D. (Jurisprudence)
|
56 |
Internet-based electronic payment systemsKortekaas, Birgit Friederike 01 January 2002 (has links)
As today, the traditional payment systems of cash, cheques and credit cards are being
supplemented by electronic cheques, electronic credit card-based systems, and token-based
systems, online security is of utmost importance and one of the biggest criteria
used for evaluating electronic payment systems. Electronic payment systems must
guarantee the essential security requirements: confidentiality, privacy, integrity,
availability. authentication, non-repudiation as well as anonymity and trust. This paper
compares the various payment systems (both traditional and electronic) available today
mainly according to their security aspects. Secure processing can be accomplished
including access controls and detection techniques, such as, encrypted communication
channels, user and/or message authentication, symmetric and asymmetric encryption,
digital certificates and firewalls. These effective security measures, which are outlined in
detail in this paper, will protect the information and payment systems against security
risks that currently threaten the Internet / Computing / M.Sc. (Information Systems)
|
57 |
The law of data (privacy) protection: a comparative and theoretical studyRoos, Anneliese 31 October 2003 (has links)
In present-day society more and more personal information is being collected. The nature of the collection has also changed: more sensitive and potentially prejudicial information is collected. The advent of computers and the development of new telecommunications technology, linking computers in networks (principally the Internet) and enabling the transfer of information between computer systems, have made information increasingly important, and boosted the collection and use of personal information. The risks inherent in the processing of personal information are that the data may be inaccurate, incomplete or irrelevant, accessed or disclosed without authorisation, used for a purpose other than that for which they were collected, or destroyed. The processing of personal information poses a threat to a person's right to privacy. The right to identity is also infringed when incorrect or misleading information relating to a person is processed. In response to the problem of the invasion of the right to privacy by the processing of personal information, many countries have adopted "data protection" laws. Since the common law in South Africa does not provide adequate protection for personal data, data protection legislation is also required. This study is undertaken from a private law perspective. However, since privacy is also protected as a fundamental right, the influence of constitutional law on data protection is also considered. After analysing different foreign data protection laws and legal instruments, a set of core data protection principles is identified. In addition, certain general legal principles that should form the basis of any statutory data protection legislation in South Africa are proposed. Following an analysis of the theoretical basis for data protection in South African private law, the current position as regards data protection in South-Africa is analysed and measured against the principles identified. The conclusion arrived at is that the current South African acts can all be considered to be steps in the right direction, but not complete solutions. Further legislation incorporating internationally accepted data protection principles is therefore necessary. The elements that should be incorporated in a data protection regime are discussed. / Jurisprudence / LL. D. (Jurisprudence)
|
58 |
Análise dos riscos e efeitos nocivos do uso da internet: contribuições para uma política pública de proteção da criança e do adolescente na era digital / Analysis of the risks and harmful effects of internet use: contributions to public policy child protection and adolescents in the digital ageTono, Cineiva Campoli Paulino 10 April 2015 (has links)
O uso da internet e jogos eletrônicos online, em desarmonia com as demais atividades humanas, independentemente do dispositivo tecnológico para acesso, pode se tornar um vício e produzir efeitos nocivos em vários aspectos da vida dos usuários, potencializados quando os usuários são crianças e adolescentes, pessoas em fase especial de desenvolvimento biopsicossocial. O foco da investigação em pauta foi a análise dos riscos e danos do vício em internet, pressupondo a proteção integral das crianças e dos adolescentes nos aspectos de educação, saúde e segurança. Para tanto, buscou-se referências teóricas em artigos científicos no âmbito mundial, evidências empíricas em pesquisas de campo com adolescentes e no Programa de Pais de Dependentes de Internet do Ambulatório de Transtorno de Impulso do Instituto de Psiquiatria da Universidade de São Paulo. Como as crianças e os adolescentes são sujeitos de direito, com prioridade absoluta de proteção, sentiu-se a necessidade de haver uma intervenção e, para isso, foram propostos conteúdos e metodologias de planejamento de políticas de prevenção a esses riscos e danos, elaborados de forma interinstitucional e interdisciplinar. O método científico utilizado foi o de pesquisa-ação política, socialmente crítica e intervencionista. Para fundamentação teórica, buscaram-se subsídios na análise crítica do determinismo tecnológico e dos riscos envolvidos com a concepção e uso das tecnologias de Feenberg (1991), Giddens (1991), Marcuse (1999), Lima Filho (2005), Setzer (2002), Armstrong e Casement (2001), Smith (2009), entre outros. O trabalho de pesquisa utilizou documentos de base legal, com amparo na Declaração Universal dos Direitos Humanos (1948), na Constituição da República Federativa do Brasil (1988) e no Estatuto da Criança e do Adolescente (1990), os quais priorizam, em termos absolutos, as crianças e os adolescentes na formulação e na gestão de políticas públicas para todas as esferas de execução. Nas fases de observação, diagnose e primeiros registros, a pesquisa partiu da preocupação sobre a fala dos adolescentes de duas escolas públicas de Curitiba, em 2009, quando o problema dessa tese foi delineado riscos e efeitos nocivos da adição à internet e em jogos eletrônicos online. Para a fase de intervenção da pesquisa foi elaborado um plano de ação com foco no eixo de “Tecnologia e Dignidade Humana”, desenvolvido durante as onze audiências públicas no Estado do Paraná, coordenadas pela autora, articuladas ao Projeto UFPR Unindo Talentos com apoio da CAPES, contemplando conteúdos estruturantes para elaboração de uma política pública de prevenção ao vício na internet e, sobretudo, da internet gaming disorder, distúrbio mental previsto pela Associação Americana de Psiquiatria na quinta edição do Diagnostical and Statistical Manual of Disorder (DSM V), de maio de 2013. Desse trabalho resultaram contribuições à elaboração do eixo “Tecnologia e Dignidade Humana” da primeira edição do Plano Estadual de Educação em Direitos Humanos do Paraná (PEEDH/PR). / The use of internet and on-line video games, in harmony with other human activities, irrespective of the technological device to access, can be addictive and cause adverse effects in various aspects of life of users, potentiated when the users are children and adolescents people in particular phase of biopsychosocial development. The focus of research on the agenda was the analysis of the risks and vice damage, assuming the full protection of children and adolescents in the aspects of education, health and security. Therefore, we sought theoretical references in scientific papers at the global level, empirical evidence on field research with adolescents, and internet Dependent Parent Program Dependence Center for the Impulse Disorder Clinic at the Institute of Psychiatry, University of São Paulo. As children and adolescents are subjects of rights, with priority protection, felt the need for an intervention, and for this have been proposed content and planning methodologies prevention policies to such risks and damage, prepared in inter-institutional and interdisciplinary way. The scientific method used was the policy action research, socially critical and interventionist. For theoretical foundation sought to subsidies in the critical analysis of technological determinism and the risks involved with the design and use of technologies Feenberg (1991), Giddens (1991), Marcuse (1999), Lima Filho (2004, 2005), Andrade (2004) Setzer (2002, 2009), Armstrong and Casement (2001), Smith (2009), among others. The research used a legal basis documents, with support in the Universal Declaration of Human Rights (1948), the Constitution of the Federative Republic of Brazil (1988) and the Statute of Children and Adolescents (1990), who prioritize in terms absolute, children and adolescents in the design and management of public policies for all enforcement spheres. In phases of observation, diagnosis and first records research came from concern about the speech of adolescents from two public schools in Curitiba, in 2009, when the problem of this thesis was designed, the risks and harmful effects of adding internet and electronic games on-line. For the research intervention phase was prepared an action plan in inter-institutional focused on the “Technology and Human Dignity” axis developed in the eleven public hearings in the State of Paraná, coordinated by the author, contemplating structuring content for development of policy public prevention addiction on the Internet, and especially the internet gaming disorder, mental disorder provided by the American Psychiatric Association in the fifth edition of Diagnostical and Statistical Manual of Disorder (DSM V), May 2013. This work resulted in important contributions to the development axis “Technology and Human Dignity” of the first edition of the State Plan for Education in Human Rights of Paraná (PEEDH / PR).
|
59 |
Adoption of e-banking amongst small, micro and medium enterprises in the City of Tshwane Metropolitan MunicipalityManala, Maseribe Maureen 01 1900 (has links)
The purpose of this study was to examine the level of adoption, usage and factors that influence the adoption of electronic banking (e-banking) by small, micro and medium enterprises (SMMEs) listed in the City of Tshwane Metropolitan Municipality (CTMM). Despite efforts by commercial banks to promote e-banking (internet and cell phone banking) to its customers, the adoption rate for internet and cell phone banking appears to be low. Based on the literature reviewed, the SMME sector has been widely excluded from the formal banking services. It is also observed that e-banking can enable SMMEs to grow and enter international markets. Technology acceptance model (TAM) integrated with perceived risk theory (PRT) was used to investigate factors that influence adoption and usage of e-banking. The study followed a quantitative research approach. Respondents were selected using simple random sampling technique. A structured survey questionnaire was used to collect the data. The survey was conducted on 160 SMMEs in the CTMM with the assistance of fieldworkers. Data were analysed using descriptive statistics, exploratory factor analysis (EFA), Pearson’s bivariate correlation, and multiple regression. The results revealed that perceived ease of use had a significant positive influence on the attitude towards e-banking. Perceived usefulness had a positive but insignificant influence on the attitude towards e-banking. Security risk was the only perceived risk dimension that had a significant negative influence on attitude towards e-banking. However, financial risk, privacy risk, performance risk and social risk had a positive and insignificant influence on attitude towards e-banking. It was envisaged that this study will enable banks to develop strategies that are aimed at increasing their SMME market share. / Finance, Risk management and Banking / M. Com. (Finance)
|
Page generated in 0.0637 seconds