Global ETD Search

171	Robust and efficient intrusion detection systems Gupta, Kapil Kumar January 2009 (has links) Intrusion Detection systems are now an essential component in the overall network and data security arsenal. With the rapid advancement in the network technologies including higher bandwidths and ease of connectivity of wireless and mobile devices, the focus of intrusion detection has shifted from simple signature matching approaches to detecting attacks based on analyzing contextual information which may be specific to individual networks and applications. As a result, anomaly and hybrid intrusion detection approaches have gained significance. However, present anomaly and hybrid detection approaches suffer from three major setbacks; limited attack detection coverage, large number of false alarms and inefficiency in operation. / In this thesis, we address these three issues by introducing efficient intrusion detection frameworks and models which are effective in detecting a wide variety of attacks and which result in very few false alarms. Additionally, using our approach, attacks can not only be accurately detected but can also be identified which helps to initiate effective intrusion response mechanisms in real-time. Experimental results performed on the benchmark KDD 1999 data set and two additional data sets collected locally confirm that layered conditional random fields are particularly well suited to detect attacks at the network level and user session modeling using conditional random fields can effectively detect attacks at the application level. / We first introduce the layered framework with conditional random fields as the core intrusion detector. Layered conditional random field can be used to build scalable and efficient network intrusion detection systems which are highly accurate in attack detection. We show that our systems can operate either at the network level or at the application level and perform better than other well known approaches for intrusion detection. Experimental results further demonstrate that our system is robust to noise in training data and handles noise better than other systems such as the decision trees and the naive Bayes. We then introduce our unified logging framework for audit data collection and perform user session modeling using conditional random fields to build real-time application intrusion detection systems. We demonstrate that our system can effectively detect attacks even when they are disguised within normal events in a single user session. Using our user session modeling approach based on conditional random fields also results in early attack detection. This is desirable since intrusion response mechanisms can be initiated in real-time thereby minimizing the impact of an attack.
172	Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logic Virti, Émerson Salvadori January 2007 (has links) Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism. Seguranca : Computadores Seguranca : Redes : Computadores Detecção : Intrusão Intrusion detection systems Security Fuzzy logic SNMP
173	Système de détection d'intrusion adapté au système de communication aéronautique ACARS / Intrusion detection system for ACARS communications Asselin, Eric 28 June 2017 (has links) L’aviation civile moderne dépend de plus en plus sur l’interconnexion de tous les acteurs qu’il soit avionneur, équipementier, contrôleur aérien, pilote, membre d’équipage ou compagnie aérienne. Ces dernières années, de nombreux travaux ont été réalisés dans le but de proposer des méthodes pour simplifier la tache des pilotes, de mieux contrôler et optimiser l’espace aérien, de faciliter la gestion des vols par les compagnies aériennes et d’optimiser les taches de maintenance entre les vols. De plus, les compagnies aériennes cherchent non seulement a offrir a ses passagers, de plus en plus exigeants, des services de divertissements, de messagerie et de navigation sur le Web mais également des services de connexion a Internet pour leurs propres appareils. Cette omniprésence de connectivité dans le domaine aéronautique a ouvert la voie a un nouvel ensemble de cyber-menaces. L’industrie doit donc être en mesure de déployer des mécanismes de sécurité qui permettent d’offrir les mêmes garanties que la sûreté de fonctionnement tout en permettant de répondre aux nombreux besoins fonctionnels de tous les acteurs. Malgré tout, il existe peu de solutions permettant l’analyse et la détection d’intrusion sur les systèmes avioniques embarqués. La complexité des mises a jour sur de tel système rend difficile l’utilisation de mécanismes strictement a base de signatures alors il est souhaitable que des mécanismes plus "intelligents", a l’abri de l’évolution des menaces, puissent être développés et mis en place. Cette thèse s’inscrit dans une démarche de mise en place de mécanismes de sécurité pour les communications entre le sol et l’avion, et plus particulièrement un système de détection d’intrusion pour le système de communication aéronautique ACARS visant a protéger les fonctions Air Traffic Control (ATC) et Aeronautical Operational Control (AOC) embarquées dans l’avion. Fonde sur la détection d’anomalie, un premier modèle propose permet de discriminer les messages ACARS anormaux a l’aide d’une technique empruntée a la classification de texte, les n-grammes. Un second modèle propose, également fonde sur la détection d’anomalie, permet de modéliser, a l’aide des chaines de Markov, l’ensemble des messages échanges entre le bord et le sol durant un vol complet permettant de détecter des messages ne faisant pas partie d’une communication normale. Une dernière contribution consiste en une alternative a la courbe ROC pour évaluer les performances d’un système de détection d’intrusion lorsque le jeu de données disponible contient seulement des instances normales. / Modern civil aviation is increasingly dependent on the interconnection of all players, be it aircraft manufacturers, air traffic controllers, pilots, crew members or airlines. In recent years, much work has been done to propose methods to simplify the task of pilots, to better control and optimize airspace, to facilitate the management of flights by airlines and to optimize the maintenance tasks between flights. In addition, airlines are seeking not only to provide more demanding passengers with entertainment, messaging and web browsing services, but also Internet connection services for their own devices. This omnipresence of connectivity in the aeronautical field has paved the way for a new set of cyber threats. The industry must therefore be able to deploy security mechanisms inline with safety requirements while allowing the many functional needs of all actors. Despite this, there are few solutions for intrusion detection and analysis on avionics systems. The complexity of updates on such a system makes it difficult to use strictly signature-based mechanisms, so it is desirable that more "smart" mechanisms, threats evolution proof, be developed and deployed. This thesis is part of an approach to put in place security mechanisms for communications between the ground and the airplane, and more particularly an intrusion detection system for the aeronautical communication system ACARS to protect the Air Traffic Control (ATC) and Aeronautical Operational Control (AOC) functions. Based on anomaly detection technique, a first proposed model makes it possible to discriminate the abnormal ACARS messages using a technique borrowed from the text classification, n-grams. A second proposed model, also based on anomaly detection technique, allows to model a sequence of messages, using Markov chains, exchanged between the ground and the airplane during a flight, allowing to detect messages not taking part of a normal communication. The last contribution consists of an alternative to the ROC curve to evaluate the performance of an intrusion detection system when the available data set contains only normal instances. Détection d’intrusion Aéronautique ACARS Systèmes embarqués Journalisation Sécurité Intrusion detection Avionics ACARS Embedded Logging Security
174	Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logic Virti, Émerson Salvadori January 2007 (has links) Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism. Seguranca : Computadores Seguranca : Redes : Computadores Detecção : Intrusão Intrusion detection systems Security Fuzzy logic SNMP
175	iGen: Toward Automatic Generation and Analysis of Indicators of Compromise (IOCs) using Convolutional Neural Network January 2017 (has links) abstract: Field of cyber threats is evolving rapidly and every day multitude of new information about malware and Advanced Persistent Threats (APTs) is generated in the form of malware reports, blog articles, forum posts, etc. However, current Threat Intelligence (TI) systems have several limitations. First, most of the TI systems examine and interpret data manually with the help of analysts. Second, some of them generate Indicators of Compromise (IOCs) directly using regular expressions without understanding the contextual meaning of those IOCs from the data sources which allows the tools to include lot of false positives. Third, lot of TI systems consider either one or two data sources for the generation of IOCs, and misses some of the most valuable IOCs from other data sources. To overcome these limitations, we propose iGen, a novel approach to fully automate the process of IOC generation and analysis. Proposed approach is based on the idea that our model can understand English texts like human beings, and extract the IOCs from the different data sources intelligently. Identification of the IOCs is done on the basis of the syntax and semantics of the sentence as well as context words (e.g., ``attacked'', ``suspicious'') present in the sentence which helps the approach work on any kind of data source. Our proposed technique, first removes the words with no contextual meaning like stop words and punctuations etc. Then using the rest of the words in the sentence and output label (IOC or non-IOC sentence), our model intelligently learn to classify sentences into IOC and non-IOC sentences. Once IOC sentences are identified using this learned Convolutional Neural Network (CNN) based approach, next step is to identify the IOC tokens (like domains, IP, URL) in the sentences. This CNN based classification model helps in removing false positives (like IPs which are not malicious). Afterwards, IOCs extracted from different data sources are correlated to find the links between thousands of apparently unrelated attack instances, particularly infrastructures shared between them. Our approach fully automates the process of IOC generation from gathering data from different sources to creating rules (e.g. OpenIOC, snort rules, STIX rules) for deployment on the security infrastructure. iGen has collected around 400K IOCs till now with a precision of 95\%, better than any state-of-art method. / Dissertation/Thesis / Masters Thesis Computer Science 2017 Computer science CNN Indicators of Compromise Intrusion Detection Machine Learning NLP Security
176	Método de interrogação de fibra óptica para detecção de intrusão / Optic fiber interrogation method for intrusion detection Maurino de Febbo 24 June 2016 (has links) Neste trabalho é proposto um método de interrogação de fibra óptica com arquitetura reduzida, que pode ser empregado em sistemas distribuídos de detecção de intrusão de médias e longas distâncias, como para proteção de perímetros, divisas, faixa de dutos, plantas industriais, ou outras instalações, usando uma fibra óptica comum como elemento sensor. O método é baseado na técnica Brillouin Optical Time Domain Analysis (BOTDA), porém dispensando-se a varredura sequencial com diferentes frequências, o que simplifica o sistema, reduz custos e melhora o tempo de resposta. O trabalho consiste de uma abordagem geral sobre o tema, sendo apresentada a teoria básica dos fenômenos de espalhamento não linear em fibras ópticas, o detalhamento do método de interrogação proposto e a descrição dos experimentos realizados em laboratório, seguida de uma analise e comentários quanto ao desempenho alcançado, bem como de algumas de sugestões para melhor explorar o potencial do método. / In this research work is proposed an optic fiber interrogation method with reduced architecture, that can be applied in distributed intrusion detection systems of medium and long distances, such as for the protection of pipeline\'s right of way, perimeters, boundaries, industrial plants or others installations, using a standard optic fiber as a sensor. The proposed method is based on a Brillouin Time Domain Analysis (BOTDA), however dispensing the sequential frequency sweeping, what simplifies the system, reduce its costs and improve the response time. The work comprehends a general discussion of the subject, being presented the basic theory of the nonlinear scattering phenomena in optic fibers, the description of the proposed interrogation method and the conducted in lab experiments, followed by an analysis and comments on the achieved performance, as well as a few suggestions to better explore the potential of the method. BOTDA Detecção de intrusão Sensor Brillouin Sensor distribuído BOTDA Brillouin sensor Distributed sensing Intrusion detection
177	Sistema de coleta, análise e detecção de código malicioso baseado no sistema imunológico humano Oliveira, Isabela Liane [UNESP] 26 March 2012 (has links) (PDF) Made available in DSpace on 2014-06-11T19:24:01Z (GMT). No. of bitstreams: 0 Previous issue date: 2012-03-26Bitstream added on 2014-06-13T19:26:53Z : No. of bitstreams: 1 oliveira_il_me_sjrp.pdf: 432754 bytes, checksum: d67c9dc954bf3fa2db823177db9151a6 (MD5) / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES) / Fundação de Amparo à Pesquisa do Estado de São Paulo (FAPESP) / Os códigos maliciosos (malware) podem causar danos graves em sistemas de computação e dados. O mecanismo que o sistema imunológico humano utiliza para proteger e detectar os organismos que ameaçam o corpo humano demonstra ser eficiente e pode ser adaptado para a detecção de malware atuantes na Internet. Neste contexto, propõe-se no presente trabalho um sistema que realiza coleta distribuída, análise e detecção de programas maliciosos, sendo a detecção inspirada no sistema imunológico humano. Após a coleta de amostras de malware da Internet, as amostras são analisadas de forma dinâmica de modo a proporcionar rastros de execução em nível do sistema operacional e dos fluxos de rede que são usados para criar um modelo comportamental e para gerar uma assinatura de detecção. Essas assinaturas servem como entrada para o detector de malware e atuam como anticorpos no processo de detecção de antígenos realizado pelo sistema imunológico humano. Isso permite entender o ataque realizado pelo malware e auxilia nos processos de remoção de infecções / Malicious programs (malware) can cause severe damages on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this context, we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process performed by immune human system. This allows us to understand the malware attack and aids in the infection removal procedures Computação Internet Virus de computador Malware Computer systems - Intrusion detection Artificial immune system
178	Intrusion Detection and Prevention in IP Based Mobile Networks Tevemark, Jonas January 2008 (has links) Ericsson’s Packet Radio Access Network (PRAN) is a network solution for packet transport in mobile networks, which utilizes the Internet Protocol (IP). The IP protocol offers benefits in responsiveness and performance adaptation to data bursts when compared to Asynchronous Transfer Mode (ATM), which is still often used. There are many manufacturers / operators providing IP services, which reduce costs. The IP’s use on the Internet brings greater end-user knowledge, wider user community and more programs designed for use in IP environments. Because of this, the spectrum of possible attacks against PRAN broadens. This thesis provides information on what protection an Intrusion Prevention System (IPS) can add to the current PRAN solution. A risk analysis is performed to identify assets in and threats against PRAN, and to discover attacks that can be mitigated by the use of an IPS. Information regarding placement of an IPS in the PRAN network is given and tests of a candidate system are performed. IPS features in hardware currently used by Ericsson as well as missing features are pinpointed . Finally, requirements for an IPS intended for use in PRAN are concluded. Computer security Computer networks Network attacks Intrusion detection Intrusion prevention Information Systems
179	Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logic Virti, Émerson Salvadori January 2007 (has links) Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism. Seguranca : Computadores Seguranca : Redes : Computadores Detecção : Intrusão Intrusion detection systems Security Fuzzy logic SNMP
180	Modeling and simulation of intrusion detection system in mobile ad-hoc networks Jarmal, Piotr January 2008 (has links) The thesis investigates the process of modeling and simulation of the mobile ad-hoc networks. It provides a overview of the actual state of art together with a literature survey. Basic ideas of both security issues in mobile ad-hoc networks as well as intrusion detection systems are presented. Additionally some new ideas for improvements - like the AGM mobility model - are proposed, and tested during the simulation proces. As an addition a set of applications designer for automating the simulation processes were created. mobile ad-hoc networks intrusion detection systems mobility models Computer Sciences Datavetenskap (datalogi)

Search results