Global ETD Search

61	Empirically Driven Investigation of Dependability and Security Issues in Internet-Centric Systems Huynh, Toan Nguyen Duc 06 1900 (has links) The Web, being the most popular component of the Internet, has been transformed from a static information-serving medium into a fully interactive platform. This platform has been used by developers to create web applications rivaling traditional desktop systems. Designing, developing and evaluating these applications require new or modified methodologies, techniques and tools because of the different characteristics they exhibit. This dissertation discusses two important areas for developing and evaluating these applications: security and data mining. In the security area, a survey using a process similar to the Goal Question Metric approach examines the properties of web application vulnerabilities. Using results from the survey, a white-box approach to identify web applications vulnerabilities is proposed. Although the approach eliminates vulnerabilities during the development process, it does not protect existing web applications that have not utilized the approach. Hence, an Anomaly-based Network Intrusion Detection System, called AIWAS, is introduced. AIWAS protects web applications through the analysis of interactions between the users and the web applications. These interactions are classified as either benign or malicious; malicious interactions are prevented from reaching the web applications under protection. In the data mining area, the method of reliability estimation from server logs is examined in detail. This examination reveals the fact that the session workload is currently obtained using a constant Session Timeout Threshold (STT) value. However, each website is unique and should have its own STT value. Hence, an initial model for estimating the STT is introduced to encourage future research on sessions to use a customized STT value per website. This research on the STT leads to a deeper investigation of the actual session workload unit. More specifically, the distributional properties of the session workload are re-examined to determine whether the session workload can be described as a heavy-tailed distribution. / Software Engineering and Intelligent Systems web application security data mining web application vulnerabilities network intrusion detection system web system reliability session timeout threshold session workload
62	Improving the Efficiency and Robustness of Intrusion Detection Systems Fogla, Prahlad 20 August 2007 (has links) With the increase in the complexity of computer systems, existing security measures are not enough to prevent attacks. Intrusion detection systems have become an integral part of computer security to detect attempted intrusions. Intrusion detection systems need to be fast in order to detect intrusions in real time. Furthermore, intrusion detection systems need to be robust against the attacks which are disguised to evade them. We improve the runtime complexity and space requirements of a host-based anomaly detection system that uses q-gram matching. q-gram matching is often used for approximate substring matching problems in a wide range of application areas, including intrusion detection. During the text pre-processing phase, we store all the q-grams present in the text in a tree. We use a tree redundancy pruning algorithm to reduce the size of the tree without losing any information. We also use suffix links for fast linear-time q-gram search during query matching. We compare our work with the Rabin-Karp based hash-table technique, commonly used for multiple q-gram matching. To analyze the robustness of network anomaly detection systems, we develop a new class of polymorphic attacks called polymorphic blending attacks, that can effectively evade payload-based network anomaly IDSs by carefully matching the statistics of the mutated attack instances to the normal profile. Using PAYL anomaly detection system for our case study, we show that these attacks are practically feasible. We develop a formal framework which is used to analyze polymorphic blending attacks for several network anomaly detection systems. We show that generating an optimal polymorphic blending attack is NP-hard for these anomaly detection systems. However, we can generate polymorphic blending attacks using the proposed approximation algorithms. The framework can also be used to improve the robustness of an intrusion detector. We suggest some possible countermeasures one can take to improve the robustness of an intrusion detection system against polymorphic blending attacks. Computer security Network security Intrusion detection system Approximate string matching Q-gram matching Anomaly detection (Computer security)
63	Empirically Driven Investigation of Dependability and Security Issues in Internet-Centric Systems Huynh, Toan Nguyen Duc Unknown Date No description available. web application security data mining web application vulnerabilities network intrusion detection system web system reliability session timeout threshold session workload
64	An intrusion detection system for supervisory control and data acquisition systems Hansen, Sinclair D. January 2008 (has links) Despite increased awareness of threats against Critical Infrastructure (CI), securing of Supervisory Control and Data Acquisition (SCADA) systems remains incomplete. The majority of research focuses on preventative measures such as improving communication protocols and implementing security policies. New attempts are being made to use commercial Intrusion Detection System (IDS) software to protect SCADA systems. These have limited effectiveness because the ability to detect specific threats requires the context of the SCADA system. SCADA context is defined as any information that can be used to characterise the current status and function of the SCADA system. In this thesis the standard IDS model will be used with the varying SCADA data sources to provide SCADA context to a signature and anomaly detection engine. A novel addition to enhance the IDS model will be to use the SCADA data sources to simulate the remote SCADA site. The data resulting from the simulation is used by the IDS to make behavioural comparison between the real and simulated SCADA site. To evaluate the enhanced IDS model the specific context of a water and wastewater system is used to develop a prototype. Using this context it was found that the inflow between sites has similar diurnal characteristic to network traffic. This introduced the idea of using inflow data to detect abnormal behaviour for a remote wastewater site. Several experiments are proposed to validate the prototype using data from a real SCADA site. Initial results show good promise for detecting abnormal behaviour and specific threats against water and wastewater SCADA systems. Information security intrusion detection system (IDS) remote telemetry device (RTU) anomaly detection signature detection
65	Establishing the Software-Defined Networking Based Defensive System in Clouds January 2014 (has links) abstract: Cloud computing is regarded as one of the most revolutionary technologies in the past decades. It provides scalable, flexible and secure resource provisioning services, which is also the reason why users prefer to migrate their locally processing workloads onto remote clouds. Besides commercial cloud system (i.e., Amazon EC2), ProtoGENI and PlanetLab have further improved the current Internet-based resource provisioning system by allowing end users to construct a virtual networking environment. By archiving the similar goal but with more flexible and efficient performance, I present the design and implementation of MobiCloud that is a geo-distributed mobile cloud computing platform, and G-PLaNE that focuses on how to construct the virtual networking environment upon the self-designed resource provisioning system consisting of multiple geo-distributed clusters. Furthermore, I conduct a comprehensive study to layout existing Mobile Cloud Computing (MCC) service models and corresponding representative related work. A new user-centric mobile cloud computing service model is proposed to advance the existing mobile cloud computing research. After building the MobiCloud, G-PLaNE and studying the MCC model, I have been using Software Defined Networking (SDN) approaches to enhance the system security in the cloud virtual networking environment. I present an OpenFlow based IPS solution called SDNIPS that includes a new IPS architecture based on Open vSwitch (OVS) in the cloud software-based networking environment. It is enabled with elasticity service provisioning and Network Reconfiguration (NR) features based on POX controller. Finally, SDNIPS demonstrates the feasibility and shows more efficiency than traditional approaches through a thorough evaluation. At last, I propose an OpenFlow-based defensive module composition framework called CloudArmour that is able to perform query, aggregation, analysis, and control function over distributed OpenFlow-enabled devices. I propose several modules and use the DDoS attack as an example to illustrate how to composite the comprehensive defensive solution based on CloudArmour framework. I introduce total 20 Python-based CloudArmour APIs. Finally, evaluation results prove the feasibility and efficiency of CloudArmour framework. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2014 Computer science Intrusion Detection System Intrusion Prevention System Mobile Cloud Computing Network Security OpenFlow Software-Defined Networking
66	Avaliação de ambientes servidores para agentes móveis. / Evaluation of mobile agents server environments. Stenio Firmino Pereira Filho 01 June 2001 (has links) Agentes móveis são programas que podem ser disparados de um computador (cliente) e transmitidos através de uma rede de comunicação para uma outra maquina (servidor) com o objetivo de executar tarefas a eles designadas. Esta dissertação apresenta uma avaliação de plataformas de desenvolvimento e servidores para agentes móveis. A tecnologia de agentes móveis tem sido alvo de grandes pesquisas, inclusive nos setores de Segurança da Informação e Comércio Eletrônico. Foram executados testes e com as informações foi feita uma análise comparativa, levando-se em consideração questões como características de desempenho dos agentes, desempenho e segurança. Para efetuar os testes foram necessários o entendimento do funcionamento do servidor e o desenvolvimento de seus agentes. Os testes de desempenho serviram para definir quais agentes são mais ágeis e quais são os gastos de processamento dos servidores. Já o teste de segurança teve a finalidade de classificar os servidores quanto à segurança. Os resultados obtidos serviram para indicar qual a melhor plataforma a ser utilizada no desenvolvimento do Sistema de Detecção de Intrusão (SDI) do ICMC. As plataformas que obtiveram destaques nos testes foram o ASDK 1.1 e Grasshopper. A plataforma escolhida para o SDI foi o ASDK 1.1. / Mobile agents are programs able to migrate from a client computer to a server computer through communication networks. There are several mobile agent technologis application, includind Information Security and Eletronic Commerce. This work describes the valuation of mobile agent plataforms. A test environment was desired and 5 plataforms were compared in terms of the security and performance provided. To make the assessment it was necessary to understand the server functionality an the methodologies to develop the agents. The test of performace helped to define which agents are more agile and what are their processing needs while in the server. The security test aimed to classify the servers in them security. The results were used to determine which is better mobile agente plataform to be used in the on going ICMCs Intrusion Detection System (IDS). The best performance plataforms were the ASDK 1.1 and the Grasshopper. The chosen plataform for the IDS was the ASDK 1.1. agentes móveis avaliação de desempenho segurança da informação sistemas de detecção de intrusos sistemas distribuidos distribuited systems information security intrusion detection system mobile agent
67	A study of Centralized Network Intrusion Detection System using low end single board computers Andersson, Michael, Mickols, Andreas January 2017 (has links) The use of Intrusion Detection Systems is a normal thing today in bigger companies, butthe solutions that are to be found in market is often too expensive for the smallercompany. Therefore, we saw the need in investigating if there is a more affordablesolution. In this report, we will show that it is possible to use low cost single boardcomputers as part of a bigger centralized Intrusion Detection System. To investigate this,we set up a test system including 2 Raspberry Pi 3 Model B, a cloud server and the use oftwo home networks, one with port mirroring implemented in firmware and the other withdedicated span port. The report will show how we set up the environment and the testingwe have done to prove that this is a working solution. IDS NIDS Network Intrusion Detection System Raspberry Pi Distributed NIDS Single Board Computer Computer and Information Sciences Data- och informationsvetenskap
68	A risk analysis and risk management methodology for mitigating wireless local area networks (WLANs) intrusion security risks Abdullah, Hanifa 12 October 2006 (has links) Every environment is susceptible to risks and Wireless Local Area Networks (WLANs) based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard are no exception. The most apparent risk of WLANs is the ease with which itinerant intruders obtain illicit entry into these networks. These intrusion security risks must therefore be addressed which means that information security risk analysis and risk management need to be considered as integral elements of the organisation’s business plan. A well-established qualitative risk analysis and risk management methodology, the Operationally Critical Threat Asset and Vulnerability Evaluation (OCTAVE) is selected for conducting the WLAN intrusion security risk analysis and risk management process. However, the OCTAVE risk analysis methodology is beset with a number of problems that could hamper a successful WLAN intrusion security risk analysis. The ultimate deliverable of this qualitative risk analysis methodology is the creation of an organisation-wide protection strategy and risk mitigation plan. Achieving this end using the OCTAVE risk analysis methodology requires an inordinate amount of time, ranging from months to years. Since WLANs are persistently under attack, there is a dire need for an expeditious risk analysis methodology. Furthermore, the OCTAVE risk analysis methodology stipulates the identification of assets and corresponding threat scenarios via a brainstorming session, which may be beyond the scope of a person who is not proficient in information security issues. This research was therefore inspired by the pivotal need for a risk analysis and risk management methodology to address WLAN intrusion attacks and the resulting risks they pose to the confidentiality, integrity and availability of information processed by these networks. Copyright / Dissertation (MSc (Computer Science))--University of Pretoria, 2006. / Computer Science / unrestricted Ooda cycle Risk Risk analysis Risk management Octave Risk assessment Wireless intrusion detection system Wireless local area network (WLAN) UCTD
69	Intrusion Detection System in Smart Home Network Using Artificial Immune System and Extreme Learning Machine Alalade, Emmanuel 16 June 2020 (has links) No description available. Information Technology Intrusion detection system smart home artificial immune system Extreme learning machine Artificial Immune System Internet of Things
70	A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment. Pagna Disso, Jules F. January 2010 (has links) Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker¿s actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes. Intrusion Detection System (IDS) Visibility of attacks Performance evaluation Snort Computer network security

Search results