Global ETD Search

131	Comparison of systems to detect rogue access points Lennartsson, Alexander, Melander, Hilda January 2019 (has links) A hacker might use a rogue access point to gain access to a network, this poses athreat to the individuals connected to it. The hacker might have the potential to leakcorporate data or steal private information. The detection of rogue access points istherefore of importance to prevent any damage to both businesses and individuals.Comparing different software that detects rogue access points increases the chanceof someone finding a solution that suits their network. The different type of softwarethat are compared are intrusion detection systems, wireless scanners and a Ciscowireless lan controller. The parameters that are being compared are; cost, compat-ibility, detection capability and implementation difficulty. In order to obtain resultssome of the parameters require testing. As there are three types of software, threeexperiment environments should be conducted. Our research indicates that alreadyexisting network equipment or the size of the network affects the results from theexperiments. Network Intrusion Detection Rogue Access Points WirelessScanner Wireless Lan Controller Software Comparisons Computer Sciences Datavetenskap (datalogi)
132	Incremental Support Vector Machine Approach for DoS and DDoS Attack Detection Seunghee Lee (6636224) 14 May 2019 (has links) <div> <div> <div> <p>Support Vector Machines (SVMs) have generally been effective in detecting instances of network intrusion. However, from a practical point of view, a standard SVM is not able to handle large-scale data efficiently due to the computation complexity of the algorithm and extensive memory requirements. To cope with the limitation, this study presents an incremental SVM method combined with a k-nearest neighbors (KNN) based candidate support vectors (CSV) selection strategy in order to speed up training and test process. The proposed incremental SVM method constructs or updates the pattern classes by incrementally incorporating new signatures without having to load and access the entire previous dataset in order to cope with evolving DoS and DDoS attacks. Performance of the proposed method is evaluated with experiments and compared with the standard SVM method and the simple incremental SVM method in terms of precision, recall, F1-score, and training and test duration.<br></p> </div> </div> </div> Applied Computer Science SVM Incremental SVM ISVM KNN algorithm Incremental learning Intrusion Detection System (IDS)
133	Método de interrogação de fibra óptica para detecção de intrusão / Optic fiber interrogation method for intrusion detection Febbo, Maurino de 24 June 2016 (has links) Neste trabalho é proposto um método de interrogação de fibra óptica com arquitetura reduzida, que pode ser empregado em sistemas distribuídos de detecção de intrusão de médias e longas distâncias, como para proteção de perímetros, divisas, faixa de dutos, plantas industriais, ou outras instalações, usando uma fibra óptica comum como elemento sensor. O método é baseado na técnica Brillouin Optical Time Domain Analysis (BOTDA), porém dispensando-se a varredura sequencial com diferentes frequências, o que simplifica o sistema, reduz custos e melhora o tempo de resposta. O trabalho consiste de uma abordagem geral sobre o tema, sendo apresentada a teoria básica dos fenômenos de espalhamento não linear em fibras ópticas, o detalhamento do método de interrogação proposto e a descrição dos experimentos realizados em laboratório, seguida de uma analise e comentários quanto ao desempenho alcançado, bem como de algumas de sugestões para melhor explorar o potencial do método. / In this research work is proposed an optic fiber interrogation method with reduced architecture, that can be applied in distributed intrusion detection systems of medium and long distances, such as for the protection of pipeline\'s right of way, perimeters, boundaries, industrial plants or others installations, using a standard optic fiber as a sensor. The proposed method is based on a Brillouin Time Domain Analysis (BOTDA), however dispensing the sequential frequency sweeping, what simplifies the system, reduce its costs and improve the response time. The work comprehends a general discussion of the subject, being presented the basic theory of the nonlinear scattering phenomena in optic fibers, the description of the proposed interrogation method and the conducted in lab experiments, followed by an analysis and comments on the achieved performance, as well as a few suggestions to better explore the potential of the method. BOTDA BOTDA Brillouin sensor Detecção de intrusão Distributed sensing Intrusion detection Sensor Brillouin Sensor distribuído
134	Avaliação de técnicas de captura para sistemas detectores de intrusão. / Evaluation of capture techniques for intrusion detection systems. Tavares, Dalton Matsuo 04 July 2002 (has links) O objetivo principal do presente trabalho é apresentar uma proposta que permita a combinação entre uma solução de captura de pacotes já existente e não muito flexível (sniffer) e o conceito de agentes móveis para aplicação em redes segmentadas. Essa pesquisa possui como foco principal a aplicação da técnica captura de pacotes em SDIs network based, utilizando para isso o modelo desenvolvido no ICMC (Cansian, 1997) e posteriormente adequado ao ambiente de agentes móveis (Bernardes, 1999). Assim sendo, foi especificada a camada base do ambiente desenvolvido em (Bernardes, 1999) visando as interações entre seus agentes e o agente de captura de pacotes. / The main objective of the current work is to present a proposal that allows the combination between an existent and not so flexible packet capture solution (sniffer) and the concept of mobile agents for application in switched networks. This research focuses the application of the packet capture technique in IDSs network-based, using for this purpose the model developed at ICMC (Cansian, 1997) and later adjusted to the mobile agents environment (Bernardes, 1999). Therefore, the base layer of the developed environment (Bernardes, 1999} was specified focusing the interactions between its agents and the packet capture agent. agentes móveis captura em switches capture over switches intrusion detection systems mobile agents sistemas de detecção de intrusão
135	Détection d'intrusion pour des réseaux embarqués automobiles : une approche orientée langage / Intrusion detection for automotive embedded networks : a language oriented approach Studnia, Ivan 22 September 2015 (has links) Les calculateurs embarqués dans les automobiles, ou ECU (Electronic Control Unit) sont responsables d’un nombre croissant de fonctionnalités au sein du véhicule. Pour pouvoir coordonner leurs actions, ces calculateurs s’échangent des données via des bus de communication et forment ainsi un véritable réseau embarqué. Si historiquement ce réseau pouvait être considéré comme un système fermé, l’apparition de nombreux moyens de communication dans les automobiles a ouvert ce réseau au monde extérieur et fait émerger de nombreuses problématiques de sécurité dans ce domaine.Nos travaux s’inscrivent dans une démarche de mise en place de moyens de sécurité-immunité dans les réseaux automobiles. La thématique de la sécurité-immunité dans l’automobile étant un sujet relativement récent, un effort particulier a été apporté à la définition du contexte. Ainsi, dans ce manuscrit, nous décrivons les menaces qui peuvent cibler ces systèmes embarqués, proposons une classification des scénarios d’attaques puis présentons les différents mécanismes de sécurité pouvant être appliqués aux systèmes embarqués d’une automobile.Ensuite, afin de compléter les mesures de sécurité préventives mises en place pour empêcher un attaquant de pénétrer au coeur du réseau embarqué, nous proposons dans cette thèse un système de détection d’intrusion pour les réseaux automobiles embarqués. Celui-ci, conçu à partir des spécifications du ou des systèmes à surveiller, intègre notamment des mécanismes permettant d’effectuer une corrélation des messages observés sur le réseau afin d’identifier des séquences de messages suspectes. Après avoir décrit formellement le fonctionnement de notre système de détection, nous présentons de premières expérimentations visant à valider notre méthode et à évaluer ses performances. / In today’s automobiles, embedded computers, or ECUs (Electronic Control Units) are responsible for an increasing number of features in a vehicle. In order to coordinate their actions, these computers are able to exchange data over communication buses, effectively constituting an embedded network. While this network could previously be considered a closed system, the addition of means of communication in automobiles has opened this network to the outside world, thus raising many security issues.Our research work focuses on these issues and aims at proposing efficient architectural security mechanisms for protecting embedded automotive networks. The security of embedded automotive systems being a relatively recent topic, we first put a strong focus on defining the context. For that purpose, we describe the threats that can target a car’s embedded systems, provide a classification of the possible attack scenarios and present a survey of protection mechanisms in embedded automotive networks.Then, in order to complement the preventive security means that aim at stopping an attacker from entering the embedded network, we introduce an Intrusion Detection System (IDS) fit for vehicular networks. Leveraging the high predictability of embedded automotive systems, we use language theory to elaborate a set of attack signatures derived from behavioral models of the automotive calculators in order to detect a malicious sequence of messages transiting through the internal network. After a formal description of our IDS, we present a first batch of experiments aimed at validating our approach and assessing its performances. Sécurité Automobile Détection d’Intrusions Réseaux Embarqués Security Automotive Intrusion Detection Embedded Networks 004
136	The Byzantine Agreement Protocol Applied to Security Toth, David 12 January 2005 (has links) Intrusion Detection & Countermeasure Systems (IDCS) and architectures commonly used in commercial, as well as research environments, suffer from a number of problems that limit their effectiveness. The most common shortcoming of current IDCSs is their inability to tolerate failures. These failures can occur naturally, such as hardware or software failures, or can be the result of attackers attempting to compromise the IDCS itself. Currently, the WPI System Security Laboratory at Worcester Polytechnic Institute is developing a Secure Architecture and Fault-Resilient Engine (S.A.F.E.), a system capable of tolerating failures. This system makes use of solutions to the Byzantine General's Problem, developed earlier by Lamport and others. Byzantine Agreement Protocols will be used to achieve consensus about which nodes have been compromised or failed, with a series of synchronized, secure rounds of message exchanges. Once a consensus has been reached, the offending nodes can be isolated and countermeasure actions can be initiated by the system. We consider the necessary and sufficient conditions for the application of Byzantine Agreement Protocols to the intrusion detection problem. Further, a first implementation of this algorithm will be embedded in the Distributed Trust Manager (DTM) module of S.A.F.E. The DTM is the key module responsible for assuring trust amongst the members of the system. Finally, we will evaluate the DTM, as a standalone unit, to ensure that it performs correctly. intrusion detection system Byzantine Agreement Protocol Computer security Fault-tolerant computing
137	Détection d'intrusions pour les systèmes de contrôle industriels / Intrusion detection for industrial control systems Koucham, Oualid 12 November 2018 (has links) L’objectif de ce travail de thèse est le développement de techniques de détection d’intrusions et de corrélation d’alertes spécifiques aux systèmes de contrôle industriels (ICS). Cet intérêt est justifié par l’émergence de menaces informatiques visant les ICS, et la nécessité de détecter des attaques ciblées dont le but est de violer les spécifications sur le comportement correct du processus physique.Dans la première partie de nos travaux, nous nous sommes intéressés à l’inférence automatique de spécifications pour les systèmes de contrôle séquentiels et ce à des fins de détection d’intrusions. La particularité des systèmes séquentiels réside dans leur logique de contrôle opérant par étapes discrètes. La détection d’intrusions au sein de ces systèmes a été peu étudiée malgré leur omniprésence dans plusieurs domaines d’application. Dans notre approche, nous avons adopté le formalisme de la logique temporelle linéaire (LTL) et métrique (MTL) permettant de représenter des propriétés temporelles d’ordre qualitatif et quantitatif sur l’état des actionneurs et des capteurs. Un algorithme d’inférence de propriétés a été développé afin d’automatiser la génération des propriétés à partir de motifs de spécifications couvrant les contraintes les plus communes. Cette approche vise à pallier le nombre conséquent de propriétés redondantes inférées par les approches actuelles.Dans la deuxième partie de nos travaux, nous cherchons à combiner l’approche de détection d’intrusions développée dans le premier axe avec des approches de détection d’intrusions classiques. Pour ce faire, nous explorons une approche de corrélation tenant compte des spécificités des systèmes industriels en deux points: (i) l’enrichissement et le prétraitement d’alertes venant de domaines différents (cyber et physique), et (ii) la mise au point d’une politique de sélection d’alertes tenant compte du contexte d’exécution du processus physique. Le premier point part du constat que, dans un système industriel, les alertes qui sont remontées au corrélateur sont caractérisées par des attributs hétérogènes (attributs propres aux domaines cyber et physique). Cependant, les approches de corrélation classiques présupposent une certaine homogénéité entre les alertes. Afin d’y remédier, nous développons une approche d’enrichissement des alertes du domaine physique par des attributs du domaine cyber sur la base d’informations relatives aux protocoles supportés par les contrôleurs et à la distribution des variables du processus au sein des contrôleurs. Le deuxième point concerne le développement d’une politique de sélection d’alertes qui adapte dynamiquement les fenêtres de sélection des alertes selon l’évolution des sous-processus.Les résultats de l’évaluation de nos approches de détection et de corrélation montrent des performances améliorées sur la base de métriques telles que le nombre de propriétés inférées, le taux de réduction des alertes et la complétude des corrélations. / The objective of this thesis is to develop intrusion detection and alert correlation techniques geared towards industrial control systems (ICS). Our interest is driven by the recent surge in cybersecurity incidents targeting ICS, and the necessity to detect targeted attacks which induce incorrect behavior at the level of the physical process.In the first part of this work, we develop an approach to automatically infer specifications over the sequential behavior of ICS. In particular, we rely on specification language formalisms such as linear temporal logic (LTL) and metric temporal logic (MTL) to express temporal properties over the state of the actuators and sensors. We develop an algorithm to automatically infer specifications from a set of specification patterns covering the most recurring properties. In particular, our approach aims at reducing the number of redundant and unfalsifiable properties generated by the existing approaches. To do so, we add a pre-selection stage which allows to restrict the search for valid properties over non redundant portions of the execution traces. We evaluate our approach on a complex physical process steered by several controllers under process oriented attacks. Our results show that a significant reduction in the number of inferred properties is possible while achieving high detection rates.In the second part of this work, we attempt to combine the physical domain intrusion detection approach developed in the first part with more classical cyber domain intrusion detection approaches. In particular, we develop an alert correlation approach which takes into account some specificities of ICS. First, we explore an alert enrichment approach that allows to map physical domain alerts into the cyber domain. This is motivated by the observation that alertscoming from different domains are characterized by heterogeneous attributes which makes any direct comparison of the alerts difficult. Instead, we enrich the physical domain alerts with cyber domain attributes given knowledge about the protocols supported by the controllers and the memory mapping of process variables within the controllers.In this work, we also explore ICS-specific alert selection policies. An alert selection policy defines which alerts will be selected for comparison by the correlator. Classical approaches often rely on sliding, fixed size, temporal windows as a basis for their selection policy. Instead, we argue that given the complex interdependencies between physical subprocesses, agreeing on analert window size is challenging. Instead, we adopt selection policies that adapt to the state of the physical process by dynamically adjusting the size of the alert windows given the state of the subprocesses within the physical process. Our evaluation results show that our correlator achieves better correlation metrics in comparison with classical temporal based approaches. Détection d'intrusions Système de contrôle industriels Cybersécurité Intrusion detection Industrial control systems Cybersecurity 004 620
138	Machine Learning-driven Intrusion Detection Techniques in Critical Infrastructures Monitored by Sensor Networks Otoum, Safa 23 April 2019 (has links) In most of critical infrastructures, Wireless Sensor Networks (WSNs) are deployed due to their low-cost, flexibility and efficiency as well as their wide usage in several infrastructures. Regardless of these advantages, WSNs introduce various security vulnerabilities such as different types of attacks and intruders due to the open nature of sensor nodes and unreliable wireless links. Therefore, the implementation of an efficient Intrusion Detection System (IDS) that achieves an acceptable security level is a stimulating issue that gained vital importance. In this thesis, we investigate the problem of security provisioning in WSNs based critical monitoring infrastructures. We propose a trust based hierarchical model for malicious nodes detection specially for Black-hole attacks. We also present various Machine Learning (ML)-driven IDSs schemes for wirelessly connected sensors that track critical infrastructures. In this thesis, we present an in-depth analysis of the use of machine learning, deep learning, adaptive machine learning, and reinforcement learning solutions to recognize intrusive behaviours in the monitored network. We evaluate the proposed schemes by using KDD'99 as real attacks data-sets in our simulations. To this end, we present the performance metrics for four different IDSs schemes namely the Clustered Hierarchical Hybrid IDS (CHH-IDS), Adaptively Supervised and Clustered Hybrid IDS (ASCH-IDS), Restricted Boltzmann Machine-based Clustered IDS (RBC-IDS) and Q-learning based IDS (QL-IDS) to detect malicious behaviours in a sensor network. Through simulations, we analyzed all presented schemes in terms of Accuracy Rates (ARs), Detection Rates (DRs), False Negative Rates (FNRs), Precision-recall ratios, F_1 scores and, the area under curves (ROC curves) which are the key performance parameters for all IDSs. To this end, we show that QL-IDS performs with ~ 100% detection and accuracy rates. Wireless Sensor Networks (WSNs) Networks security Deep Learning Machine Learning Reinforcement Learning Intrusion Detection System
139	Empirical Measurement of Defense in Depth Boggs, Nathaniel January 2015 (has links) Measurement is a vital tool for organizations attempting to increase, evaluate, or simply maintain their overall security posture over time. Organizations rely on defense in depth, which is a layering of multiple defenses, in order to strengthen overall security. Measuring organizations' total security requires evaluating individual security controls such as firewalls, antivirus, or intrusion detection systems alone as well as their joint effectiveness when deployed together in defense in depth. Currently, organizations must rely on best practices rooted in ad hoc expert opinion, reports on individual product performance, and marketing hype to make their choices. When attempting to measure the total security provided by a defense in depth architecture, dependencies between security controls compound the already difficult task of measuring a single security control accurately. We take two complementary approaches to address this challenge of measuring the total security provided by defense in depth deployments. In our first approach, we use direct measurement where for some set of attacks, we compute a total detection rate for a set of security controls deployed in defense in depth. In order to compare security controls operating on different types of data, we link together all data generated from each particular attack and track the specific attacks detected by each security control. We implement our approach for both the drive-by download and web application attack vectors across four separate layers each. We created an extensible automated framework for web application data generation using public sources of English text. For our second approach, we measure the total adversary cost that is the total effort, resources, and time required to evade security controls deployed in defense in depth. Dependencies between security controls prevent us from simply summing the adversary cost to evade individual security controls in order to compute a total adversary cost. We create a methodology that accounts for these dependencies especially focusing on multiplicative relationships where the adversary cost of evading two security controls together is more than the sum of the adversary costs to evade each individually. Using the insight gained into the multiplicative dependency, we design a method for creating sets of multiplicative security controls. Additionally, we create a prototype to demonstrate our methodology for empirically measuring total adversary cost using attack tree visualizations and a database design capable of representing dependent relationships between security controls. Firewalls (Computer security) Virus inhibitors Computer security Computer science
140	Avaliação do uso de agentes móveis em segurança computacional. / An evaluation of the use of mobile agents in computational security. Bernardes, Mauro Cesar 22 December 1999 (has links) Em decorrência do aumento do número de ataques de origem interna, a utilização de mecanismos de proteção, como o firewall, deve ser ampliada. Visto que este tipo de ataque, ocasionado pelos usuários internos ao sistema, não permite a localização imediata, torna-se necessário o uso integrado de diversas tecnologias para aumentar a capacidade de defesa de um sistema. Desta forma, a introdução de agentes móveis em apoio a segurança computacional apresenta-se como uma solução natural, uma vez que permitirá a distribuição de tarefas de monitoramento do sistema e automatização do processo de tomada de decisão, no caso de ausência do administrador humano. Este trabalho apresenta uma avaliação do uso do mecanismo de agentes móveis para acrescentar características de mobilidade ao processo de monitoração de intrusão em sistemas computacionais. Uma abordagem modular é proposta, onde agentes pequenos e independentes monitoram o sistema. Esta abordagem apresenta significantes vantagens em termos de overhead, escalabilidade e flexibilidade. / The use of protection mechanisms must be improved due the increase of attacks from internal sources. As this kind of attack, made by internal users do not allow its immediate localization, it is necessary the integrated use of several technologies to enhance the defense capabilities of a system. Therefore, the introduction of mobile agents to provide security appears to be a natural solution. It will allow the distribution of the system monitoring tasks and automate the decision making process, in the absence of a human administrator. This project presents an evaluation of the use of mobile agents to add mobile capabilities to the process of intrusion detection in computer systems. A finer-grained approach is proposed, where small and independent agents monitor the system. This approach has significant advantages in terms of overhead, scalability and flexibility. agentes móveis computational security intrusion detection systems mobile agents segurança computacional sistemas de detecção de intrusão

Search results