• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 214
  • 61
  • 32
  • 11
  • 6
  • 5
  • 3
  • 3
  • 3
  • 2
  • 1
  • 1
  • Tagged with
  • 438
  • 438
  • 222
  • 177
  • 144
  • 141
  • 121
  • 94
  • 87
  • 84
  • 69
  • 63
  • 59
  • 59
  • 58
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
91

Machine Learning-Based Decision Support to Secure Internet of Things Sensing

Chen, Zhiyan 07 December 2023 (has links)
Internet of Things (IoT) has weaknesses due to the vulnerabilities in the wireless medium and massively interconnected nodes that form an extensive attack surface for adversaries. It is essential to ensure security including IoT networks and applications. The thesis focus on three streams in IoT scenario, including fake task attack detection in Mobile Crowdsensing (MCS), blockchain technique-integrated system security and privacy protection in MCS, and network intrusion detection in IoT. In this thesis, to begin, in order to detect fake tasks in MCS with promising performance, a detailed analysis is provided by modeling a deep belief network (DBN) when the available sensory data is scarce for analysis. With oversampling to cope with the class imbalance challenge, a Principal Component Analysis (PCA) module is implemented prior to the DBN and weights of various features of sensing tasks are analyzed under varying inputs. Additionally, an ensemble learning-based solution is proposed for MCS platforms to mitigate illegitimate tasks. Meanwhile, a k-means-based classification is integrated with the proposed ensemble method to extract region-specific features as input to the machine learning-based fake task detection. A novel approach that is based on horizontal Federated Learning (FL) is proposed to identify fake tasks that contain a number of independent detection devices and an aggregation entity. Moreover, the submitted tasks are collected and managed conventionally by a centralized MCS platform. A centralized MCS platform is not safe enough to protect and prevent tampering sensing tasks since it confronts the single point of failure which reduces the effectiveness and robustness of MCS system. In order to address the centralized issue and identify fake tasks, a blockchain-based decentralized MCS is designed. Integration of blockchain into MCS enables a decentralized framework. The distributed nature of a blockchain chain prevents sensing tasks from being tampered. The blockchain network uses a Practical Byzantine Fault Tolerance (PBFT) consensus that can tolerate 1/3 faulty nodes, making the implemented MCS system robust and sturdy. Lastly, Machine Learning (ML)-based frameworks are widely investigated to identity attacks in IoT networks, namely Network Intrusion Detection System (NIDS). ML models perform divergent detection performance in each class, so it is challenging to select one ML model applicable to all classes prediction. With this in mind, an innovative ensemble learning framework is proposed, two ensemble learning approaches, including All Predict Wisest Decides (APWD) and Predictor Of the Lowest Cost (POLC), are proposed based on the training of numerous ML models. According to the individual model outcomes, a wise model performing the best detection performance (e.g., F1 score) or contributing the lowest cost is determined. Moreover, an innovated ML-based framework is introduced, combining NIDS and host-based intrusion detection system (HIDS). The presented framework eliminates NIDS restrictions via observing the entire traffic information in host resources (e.g., logs, files, folders).
92

Machines Do Not Have Little Gray Cells: : Analysing Catastrophic Forgetting in Cross-Domain Intrusion Detection Systems / Machines Do Not Have Little Gray Cells: : Analysing Catastrophic Forgetting in Cross-Domain Intrusion Detection Systems

Valieh, Ramin, Esmaeili Kia, Farid January 2023 (has links)
Cross-domain intrusion detection, a critical component of cybersecurity, involves evaluating the performance of neural networks across diverse datasets or databases. The ability of intrusion detection systems to effectively adapt to new threats and data sources is paramount for safeguarding networks and sensitive information. This research delves into the intricate world of cross-domain intrusion detection, where neural networks must demonstrate their versatility and adaptability. The results of our experiments expose a significant challenge: the phenomenon known as catastrophic forgetting. This is the tendency of neural networks to forget previously acquired knowledge when exposed to new information. In the context of intrusion detection, it means that as models are sequentially trained on different intrusion detection datasets, their performance on earlier datasets degrades drastically. This degradation poses a substantial threat to the reliability of intrusion detection systems. In response to this challenge, this research investigates potential solutions to mitigate the effects of catastrophic forgetting. We propose the application of continual learning techniques as a means to address this problem. Specifically, we explore the Elastic Weight Consolidation (EWC) algorithm as an example of preserving previously learned knowledge while allowing the model to adapt to new intrusion detection tasks. By examining the performance of neural networks on various intrusion detection datasets, we aim to shed light on the practical implications of catastrophic forgetting and the potential benefits of adopting EWC as a memory-preserving technique. This research underscores the importance of addressing catastrophic forgetting in cross-domain intrusion detection systems. It provides a stepping stone for future endeavours in enhancing multi-task learning and adaptability within the critical domain of intrusion detection, ultimately contributing to the ongoing efforts to fortify cybersecurity defences.
93

Combining Static Analysis and Dynamic Learning to Build Context Sensitive Models of Program Behavior

Liu, Zhen 10 December 2005 (has links)
This dissertation describes a family of models of program behavior, the Hybrid Push Down Automata (HPDA) that can be acquired using a combination of static analysis and dynamic learning in order to take advantage of the strengths of both. Static analysis is used to acquire a base model of all behavior defined in the binary source code. Dynamic learning from audit data is used to supplement the base model to provide a model that exactly follows the definition in the executable but that includes legal behavior determined at runtime. Our model is similar to the VPStatic model proposed by Feng, Giffin, et al., but with different assumptions and organization. Return address information extracted from the program call stack and system call information are used to build the model. Dynamic learning alone or a combination of static analysis and dynamic learning can be used to acquire the model. We have shown that a new dynamic learning algorithm based on the assumption of a single entry point and exit point for each function can yield models of increased generality and can help reduce the false positive rate. Previous approaches based on static analysis typically work only with statically linked programs. We have developed a new component-based model and learning algorithm that builds separate models for dynamic libraries used in a program allowing the models to be shared by different program models. Sharing of models reduces memory usage when several programs are monitored, promotes reuse of library models, and simplifies model maintenance when the system updates dynamic libraries. Experiments demonstrate that the prototype detection system built with the HPDA approach has a performance overhead of less than 6% and can be used with complex real-world applications. When compared to other detection systems based on analysis of operating system calls, the HPDA approach is shown to converge faster during learning, to detect attacks that escape other detection systems, and to have a lower false positive rate.
94

AN INTEGRATED SECURITY SCHEME WITH RESOURCE-AWARENESS FOR WIRELESS AD HOC NETWORKS

DENG, HONGMEI 07 October 2004 (has links)
No description available.
95

Probabilistic Model for Detecting Network Traffic Anomalies

Yellapragada, Ramani 30 June 2004 (has links)
No description available.
96

Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps

Sawant, Ankush 21 April 2005 (has links)
No description available.
97

INTRUSION DETECTION USING MACHINE LEARNING FOR INDUSTRIAL CONTROL SYSTEMS

Plaka, Roland January 2021 (has links)
An intrusion detection system (IDS) is a software application that monitors a network forunauthorized and malicious activities or security policy violations related to confidentiality,integrity, and availability of a system. In this thesis, we performed detailed literature reviewson the different types of IDS, anomaly detection methods, and machine learning algorithmsthat can be used for detection and classification. We propose a hybrid intrusion detectionsoftware architecture for IDS using machine learning algorithms. By placing appropriatemachine learning algorithms in the existing detection systems, improvements in attack detectionand classification can be obtained. We have also attempted to compare the machine learningalgorithms by testing them in a simulated environment to make performance evaluations. Ourapproach provides indicators in selecting machine learning algorithms that can be used for ageneric intrusion detection system in the context of industrial control applications. / InSecTT - Intelligent Secure Trustable Things
98

Endpoint Intrusion Detection and Response Agents in Embedded RAN Products : A suitability and performance evaluation / Intrångsdetektering och respons inom ändpunkter i inbyggda RAN produkter : En studie kring lämplighet och prestanda

Hashem, Yousef, Zildzic, Elmedin January 2022 (has links)
Endpoint detection and response is an integral part of the security of large-scale networks. Embedded hardware, such as those found at Ericsson Radio Access Network endpoints, have strict performance requirements that need to be met. This fact makes implementing intrusion detection non-trivial, as intrusion detection software often generate a lot of processing overhead. Wazuh, an established open-source distributed and centralized intrusion detection and response system, shows a lot of promise as a large-scale intrusion detection system. It is very modular and has various capabilities that can be utilized in different ways to minimize processing overhead. One of these capabilities is native support for the native Linux syscall monitoring tool AuditD. While AuditD is very capable, it can introduce severe performance penalties in certain scenarios. Falco is another syscall monitoring tool that shows promise with regards to performance, and also has more features than AuditD; which is why Falco is included as a direct comparison to AuditD. This study evaluates Wazuh, AuditD, and Falco based on a set of requirements set by Ericsson, including flexibility, scalability and reliability, by enacting performance benchmarks with normal background operations active. The results of this study show that, with the correct configuration, Wazuh can be used as an intrusion detection system in embedded systems with limited hardware, where AuditD and Falco can serve as a great addition to detecting indicators of compromise. The solution is to use a minimal intrusion detection ruleset, and in the event of suspicious activity, activate more modules to increase threat detection at the cost of CPU overhead and execution time for normal system operation.
99

Battery-Based Intrusion Detection

Jacoby, Grant Arthur 22 April 2005 (has links)
This dissertation proposes an efficacious early warning system via a mobile host-based form of intrusion detection that can alert security administrators to protect their corporate network(s) by a novel technique that operates through the implementation of smart battery-based intrusion detection (B-bid) on mobile devices, such as PDAs, HandPCs and smart-phones by correlating attacks with their impact on device power consumption. A host intrusion detection engine (HIDE) monitors power behavior to detect potential intrusions by noting consumption irregularities and serves like a sensor to trigger other forms of protection. HIDE works in conjunction with a Scan Port Intrusion Engine (SPIE) that ascertains the IP and port source of the attack and with a host analysis signature trace engine (HASTE) that determines the energy signature of the attack and correlates it to a variety of the most common attacks to provide additional protection and alerts to both mobile hosts and their network. / Ph. D.
100

Intrusion Detection using Bit Timing Characteristics for CAN Bus

Patel, Chitvan Kirit 19 July 2019 (has links)
In today's world, most automobiles use Controller Area Network (CAN) bus for communication between various Electronic Control Units (ECUs), also called nodes on the CAN bus. Each ECU on the CAN bus is a microcontroller that sends a unique identifier used for node identification. It is possible to spoof node A by sending the same identifier through node B and thereby control node A. Thus, a hacker can control the steering using the car's internal lights and render it ineffective or misuse them. In order to combat this, we try to fingerprint each node by identifying its identifier's unique bit timing characteristics. To that extent, bit timing characteristics used are the Time of Flight (TOF) intervals between successive rising edges of identifier bits, for an ECU. Similarly, other characteristics such as TOF between successive falling edges of the CAN bus node identifier can also be used for node classification. In order to measure these TOFs, we use a device called Time-to-Digital Convertor, which essentially triggers a ring oscillator to measure time values between rising/falling edges of a signal, to the order of picosecond accuracy. These timing values are used as features into the K-nearest neighbors (KNN) classifier algorithm. Once the classifier is trained, it can be used to predict a new timing value into a particular node category, which if different from the expected category is a sign of compromise or intrusion. It is seen that we achieve 95% accuracy of correctly predicting the compromised node under simulation tests. Thereafter, the thesis deals with experimentally predicting an intrusion in the CAN bus system utilizing EPOS Studio CAN bus position controller for Maxon motors. The clock timings being extremely accurate leads to the conclusion that employment of better statistical techniques for node characterization is needed for intrusion detection, which is outside the scope of this work. / Master of Science / In today’s world, most automobiles use Controller Area Network (CAN) bus for communication between various Electronic Control Units (ECUs), also called nodes on the CAN bus. These nodes can range from car headlights, radio, doors, internal lights to brakes, steering, throttle and much more. Each node on the CAN bus is a microcontroller which controls its proper operation. This also means that if a node is compromised using external hardware or a piece of software, it could be quite risky. Thus, a hacker can control the steering using the car’s internal lights and render it ineffective or misuse them. In order to combat this, we try to fingerprint each node by identifying its unique time domain characteristics. These characteristics can be the Time of Flight (TOF) measurement values between successive rising or falling edges of a node’s unique identifier, using an instrument called a Time-to-Digital convertor. Furthermore, these TOF values are used as features for the K-nearest neighbor (KNN) classifier machine learning algorithm, which uniquely identifies signals coming from any of the fingerprinted nodes, thereby raising a flag if a message comes from an unidentified node. In addition, experimental data is obtained for node identifiers on the CAN bus, in digital form, and passed into a neural network (NN) for training the classifier. We achieve an 95% and 70% prediction accuracy for the KNN and NN classifiers respectively.

Page generated in 0.1112 seconds