NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 10
  • 1
  • Tagged with
  • 12
  • 12
  • 7
  • 6
  • 5
  • 4
  • 4
  • 4
  • 3
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 11 to 12 of 12 (0.081 seconds)

Spelling suggestions: "subject:"intrusion desponse"" "subject:"intrusion coresponse""

11

Metrics for security activities assisted by argumentative logic / Métriques pour le déclenchement des évènements de sécurité assistées par la logique argumentative

Bouyahia, Tarek 29 March 2017 (has links)
L'accroissement et la diversification des services offerts par les systèmes informatiques modernes rendent la tâche de sécuriser ces systèmes encore plus complexe. D'une part, l'évolution du nombre de services système accroît le nombre des vulnérabilités qui peuvent être exploitées par des attaquants afin d'atteindre certains objectifs d'intrusion. D'autre part, un système de sécurité moderne doit assurer un certain niveau de performance et de qualité de service tout en maintenant l'état de sécurité. Ainsi, les systèmes de sécurité modernes doivent tenir compte des exigences de l'utilisateur au cours du processus de sécurité. En outre, la réaction dans des contextes critiques contre une attaque après son exécution ne peut pas toujours remédier à ses effets néfastes. Dans certains cas, il est essentiel que le système de sécurité soit en avance de phase par rapport à l'attaquant et de prendre les mesures nécessaires pour l'empêcher d'atteindre son objectif d'intrusion. Nous soutenons dans cette thèse que le processus de sécurité doit suivre un raisonnement intelligent qui permet au système de prévoir les attaques qui peuvent se produire par corrélation à une alerte détectée et d'appliquer les meilleures contre-mesures possibles. Nous proposons une approche qui génère des scénarios potentiels d'attaque qui correspondent à une alerte détectée. Ensuite, nous nous concentrons sur le processus de génération d'un ensemble approprié de contre-mesures contre les scénarios d'attaque générés. Un ensemble généré des contre-mesures est considéré comme approprié dans l'approche proposée s'il présente un ensemble cohérent et il satisfait les exigences de l'administrateur de sécurité (par exemple, la disponibilité). Nous soutenons dans cette thèse que le processus de réaction peut être considéré comme un débat entre deux agents. D'un côté, l'attaquant choisit ses arguments comme étant un ensemble d'actions pour essayer d'atteindre un objectif d'intrusion, et de l'autre côté l'agent défendant la cible choisit ses arguments comme étant un ensemble de contre-mesures pour bloquer la progression de l'attaquant ou atténuer les effets de l'attaque. D'autre part, nous proposons une approche basée sur une méthode d'aide à la décision multicritère. Cette approche assiste l'administrateur de sécurité lors de la sélection des contre-mesures parmi l'ensemble approprié des contre-mesures générées à partir de la première approche. Le processus d'assistance est basé sur l'historique des décisions de l'administrateur de sécurité. Cette approche permet également de sélectionner automatiquement des contre-mesures appropriées lorsque l'administrateur de sécurité est dans l'incapacité de les sélectionner (par exemple, en dehors des heures de travail, par manque de connaissances sur l'attaque). Enfin, notre approche est implémentée et testée dans le cadre des systèmes automobiles / The growth and diversity of services offered by modern systems make the task of securing these systems a complex exercise. On the one hand, the evolution of the number of system services increases the risk of causing vulnerabilities. These vulnerabilities can be exploited by malicious users to reach some intrusion objectives. On the other hand, the most recent competitive systems are those that ensure a certain level of performance and quality of service while maintaining the safety state. Thus, modern security systems must consider the user requirements during the security process.In addition, reacting in critical contexts against an attack after its execution can not always mitigate the adverse effects of the attack. In these cases, security systems should be in a phase ahead of the attacker in order to take necessary measures to prevent him/her from reaching his/her intrusion objective. To address those problems, we argue in this thesis that the reaction process must follow a smart reasoning. This reasoning allows the system, according to a detected attack, to preview the related attacks that may occur and to apply the best possible countermeasures. On the one hand, we propose an approach that generates potential attack scenarios given a detected alert. Then, we focus on the generation process of an appropriate set of countermeasures against attack scenarios generated among all system responses defined for the system. A generated set of countermeasures is considered as appropriate in the proposed approach if it presents a coherent set (i.e., it does not contain conflictual countermeasures) and it satisfies security administrator requirements (e.g., performance, availability). We argue in this thesis that the reaction process can be seen as two agents arguing against each other. On one side the attacker chooses his arguments as a set of actions to try to reach an intrusion objective, and on the other side the agent defending the target chooses his arguments as a set of countermeasures to block the attacker's progress or mitigate the attack effects. On the other hand, we propose an approach based on a recommender system using Multi-Criteria Decision Making (MCDM) method. This approach assists security administrators while selecting countermeasures among the appropriate set of countermeasures generated from the first approach. The assistance process is based on the security administrator decisions historic. This approach permits also, to automatically select appropriate system responses in critical cases where the security administrator is unable to select them (e.g., outside working hours, lack of knowledge about the ongoing attack). Finally, our approaches are implemented and tested in the automotive system use case to ensure that our approaches implementation successfully responded to real-time constraints.
Logique argumentative
Réponses à l'intrusion
Sélection des contre-Mesures
Multi-Criteria Decision Making
Systèmes véhiculaire
Airs
Langage de Description d'Attaque
Anti-Corrélation
Argumentative logic
Intrusion response
Countermeasures selection
Multi-Criteria Decision Making
Automotive system
Airs
Attack description language
Anti-Correlation.
004
12

Blockchain-based containment of computer worms

Elsayed, Mohamed Ahmed Seifeldin Mohamed 22 December 2020 (has links)
Information technology systems are essential for most businesses as they facilitate the handling and sharing of data and the execution of tasks. Due to connectivity to the internet and other internal networks, these systems are susceptible to cyberattacks. Computer worms are one of the most significant threats to computer systems because of their fast self-propagation to multiple systems and malicious payloads. Modern worms employ obfuscation techniques to avoid detection using patterns from previous attacks. Although the best defense is to eliminate (patch) the software vulnerabilities being exploited by computer worms, this requires a substantial amount of time to create, test, and deploy the patches. Worm containment techniques are used to reduce or stop the spread of worm infections to allow time for software patches to be developed and deployed. In this dissertation, a novel blockchain-based collaborative intrusion prevention system model is introduced. This model is designed to proactively contain zero-day and obfuscated computer worms. In this model, containment is achieved by creating and distributing signatures for the exploited vulnerabilities. Blockchain technology is employed to provide liveness, maintain an immutable record of vulnerability-based signatures to update peers, accomplish trust in confirming the occurrence of a malicious event and the corresponding signature, and allow a decentralized defensive environment. A consensus algorithm based on the Practical Byzantine Fault Tolerance (PBFT) algorithm is employed in the model. The TLA+ formal method is utilized to check the correctness, liveness, and safety properties of the model as well as to assert that it has no behavioral errors. A blockchain-based automatic worm containment system is implemented. A synthetic worm is created to exploit a network-deployed vulnerable program. This is used to evaluate the effectiveness of the containment system. It is shown that the system can contain the worm and has good performance. The system can contain 100 worm attacks a second by generating and distributing the corresponding vulnerability-based signatures. The system latency to contain these attacks is less than 10 ms. In addition, the system has low resource requirements with respect to memory, CPU, and network traffic. / Graduate
Worm Containment
Intrusion Response
Worm Signature Generation
Blockchain-based Containment
Dynamic Taint Analysis Detection
Vulnerability-based Worm Signatures
TLA+ Formal Method

Page generated in 0.0877 seconds