Global ETD Search

41	UMA ONTOLOGIA DE APLICAÇÃO PARA APOIO À TOMADA DE DECISÕES EM SITUAÇÕES DE AMEAÇA À SEGURANÇA DA INFORMAÇÃO. / AN ONTOLOGY OF INFORMATION FOR DECISION SUPPORT IN SITUATIONS OF THREAT TO INFORMATION SECURITY. SILVA, Rayane Meneses da 24 June 2015 (has links) Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-31T14:44:32Z No. of bitstreams: 1 Rayane.pdf: 4026589 bytes, checksum: 7e6066416420555456030ab6db3a1231 (MD5) / Made available in DSpace on 2017-08-31T14:44:32Z (GMT). No. of bitstreams: 1 Rayane.pdf: 4026589 bytes, checksum: 7e6066416420555456030ab6db3a1231 (MD5) Previous issue date: 2015-06-24 / Many security mechanisms, such as Intrusion Detection Systems (IDSs) have been developed to approach the problem of information security attacks but most of them are traditional information systems in which their threats repositories are not represented semantically. Ontologies are knowledge representation structures that enable semantic processing of information and the construction of knowledge-based systems, which provide greater effectiveness compared to traditional systems. This paper proposes an application ontology called “Application Ontology for the Development of Case-based Intrusion Detection Systems” that formally represents the concepts related to information security domain of intrusion detection systems and “Case Based Reasoning”. The “Case Based Reasoning” is an approach for problem solving in which you can reuse the knowledge of past experiences to solve new problems. The evaluation of the ontology was performed by the development of an Intrusion Detection System that can detect attacks on computer networks and recommend solutions to these attacks. The ontology was specified using the “Ontology Web Language” and the Protégé ontology editor and. It was also mapped to a cases base in Prolog using the “Thea” tool. The results have shown that the developed Intrusion Detection System presented a good effectiveness in detecting attacks that the proposed ontology conceptualizes adequately the domain concepts and tasks. / Muitos mecanismos de segurança, como os Sistemas de Detecção de Intrusão têm sido desenvolvidos para abordar o problema de ataques à Segurança da Informação. Porém, a maioria deles são sistemas de informação tradicionais nos quais seus repositórios de ameaças não são representados semanticamente. As ontologias são estruturas de representação do conhecimento que permitem o processamento semântico das informações bem como a construção dos sistemas baseados em conhecimento, os quais fornecem uma maior efetividade em relação aos sistemas tradicionais. Neste trabalho propõe-se uma ontologia de aplicação denominada “Application Ontology for the Development of Case-based Intrusion Detection Systems” que representa formalmente os conceitos relacionados ao domínio de Segurança da Informação, dos sistemas de detecção de intrusão e do “Case-Based Reasoning”. O “Case-Based Reasoning” é uma abordagem para resolução de problemas nos quais é possível reutilizar conhecimentos de experiências passadas para resolver novos problemas. A avaliação da ontologia foi realizada por meio do desenvolvimento de um Sistema de Detecção de Intrusão que permite detectar ataques a redes de computadores e recomendar soluções a esses ataques. A ontologia foi especificada na linguagem “Ontology Web Language” utilizando o editor de ontologias Protegé e, logo após, mapeada a uma base de casos em Prolog utilizando o ferramenta “Thea”. Os resultados mostraram que o Sistema de Detecção de Intrusão desenvolvido apresentou boa efetividade na detecção de ataques e portanto, conclui-se que a ontologia proposta conceitualiza de forma adequada os conceitos de domínio e tarefa abordados. Sistemas de Informação
42	Improving host-based computer security using secure active monitoring and memory analysis Payne, Bryan D. 03 June 2010 (has links) Thirty years ago, research in designing operating systems to defeat malicious software was very popular. The primary technique was to design and implement a small security kernel that could provide security assurances to the rest of the system. However, as operating systems grew in size throughout the 1980's and 1990's, research into security kernels slowly waned. From a security perspective, the story was bleak. Providing security to one of these large operating systems typically required running software within that operating system. This weak security foundation made it relatively easy for attackers to subvert the entire system without detection. The research presented in this thesis aims to reimagine how we design and deploy computer systems. We show that through careful use of virtualization technology, one can effectively isolate the security critical components in a system from malicious software. Furthermore, we can control this isolation to allow the security software a complete view to monitor the running system. This view includes all of the necessary information for implementing useful security applications including the system memory, storage, hardware events, and network traffic. In addition, we show how to perform both passive and active monitoring securely, using this new system architecture. Security applications must be redesigned to work within this new monitoring architecture. The data acquired through our monitoring is typically very low-level and difficult to use directly. In this thesis, we describe work that helps bridge this semantic gap by locating data structures within the memory of a running virtual machine. We also describe work that shows a useful and novel security framework made possible through this new monitoring architecture. This framework correlates human interaction with the system to distinguish legitimate and malicious outgoing network traffic. Memory analysis Introspection Virtualization Security Active monitoring User intent Computer networks Security measures Computer security
43	An Anomaly Behavior Analysis Methodology for Network Centric Systems Alipour, Hamid Reza January 2013 (has links) Information systems and their services (referred to as cyberspace) are ubiquitous and touch all aspects of our life. With the exponential growth in cyberspace activities, the number and complexity of cyber-attacks have increased significantly due to an increase in the number of applications with vulnerabilities and the number of attackers. Consequently, it becomes extremely critical to develop efficient network Intrusion Detection Systems (IDS) that can mitigate and protect cyberspace resources and services against cyber-attacks. On the other hand, since each network system and application has its own specification as defined in its protocol, it is hard to develop a single IDS which works properly for all network protocols. The keener approach is to design customized detection engines for each protocol and then aggregate the reports from these engines to define the final security state of the system. In this dissertation, we developed a general methodology based on data mining, statistical analysis and protocol semantics to perform anomaly behavior analysis and detection for network-centric systems and their protocols. In our approach, we develop runtime models of protocol's state transitions during a time interval ΔΤ. We consider any n consecutive messages in a session during the time interval ΔΤ as an n-transition pattern called n-gram. By applying statistical analysis over these n-gram patterns we can accurately model the normal behavior of any protocol. Then we use the amount of the deviation from this normal model to quantify the anomaly score of the protocol activities. If this anomaly score is higher than a well-defined threshold the system marks that activity as a malicious activity. To validate our methodology, we have applied it to two different protocols: DNS (Domain Name System) at the application layer and the IEEE 802.11(WiFi) at the data link layer, where we have achieved good detection results (>95%) with low detection errors (<0.1%). Computer Networks Domain Name System IEEE 802.11 Intrusion Detection Systems Security Electrical & Computer Engineering Anomaly Detection
44	A Modified Genetic Algorithm and Switch-Based Neural Network Model Applied to Misuse-Based Intrusion Detection Stewart, IAN 17 March 2009 (has links) As our reliance on the Internet continues to grow, the need for secure, reliable networks also increases. Using a modified genetic algorithm and a switch-based neural network model, this thesis outlines the creation of a powerful intrusion detection system (IDS) capable of detecting network attacks. The new genetic algorithm is tested against traditional and other modified genetic algorithms using common benchmark functions, and is found to produce better results in less time, and with less human interaction. The IDS is tested using the standard benchmark data collection for intrusion detection: the DARPA 98 KDD99 set. Results are found to be comparable to those achieved using ant colony optimization, and superior to those obtained with support vector machines and other genetic algorithms. / Thesis (Master, Computing) -- Queen's University, 2009-03-03 13:28:23.787 Network security Intrusion Detection Systems (IDS) Data mining Machine learning Real time detection Genetic algorithm Neural networks
45	SELEÇÃO DE VARIÁVEIS DE REDE PARA DETECÇÃO DE INTRUSÃO / NETWORK FEATURE SELECTION FOR INTRUSION DETECTION Alves, Victor Machado 22 October 2012 (has links) Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Intrusion Detection Systems are considered important mechanisms to ensure protection for computer networks. However, the information used by these systems should be properly selected, because the accuracy and performance are sensitive to the quality and size of the analyzed data. The selection of variables for Intrusion Detection Systems (IDS) is a key point in the design of IDS. The process of selection of variables, or features, makes the choice of appropriate information by removing irrelevant data that affect the result of detection. However, existing approaches to assist IDS select the variables only once, not adapting behavioral changes. The variation of the network traffic is not so accompanied by these selectors. A strategy for reducing the false alarm rate based on abnormalities in IDS is evaluating whether a same time interval abrupt changes occur in more than one variable network. However, this strategy takes as hypothesis that the variables are related, requiring a prior procedure for variable selection. This paper proposes a dynamic method of selecting variables for network IDS, called SDCorr (Selection by Dynamic Correlation), which operates in the mode filter and as an evaluator uses the Pearson correlation test. The method dynamically adapts to changes in network traffic through the selection of new variables at each iteration with the detector. Therefore allow track changes in data and establish relationships between variables. As a result, it improves the accuracy and performance of the IDS by eliminating unnecessary variables and decreasing the size of the analyzed data. / Sistemas de Detecção de Intrusão são considerados mecanismos importantes para assegurar a proteção em redes de computadores. Entretanto as informações utilizadas por estes sistemas devem estar devidamente selecionadas, pois a precisão e desempenho são sensíveis à qualidade e dimensão dos dados analisados. A seleção de variáveis para Sistemas de Detecção de Intrusão (IDS - Intrusion Detection Systems) é assim um ponto chave no projeto de IDS. O processo de seleção de variáveis, ou de características, realiza a escolha das informações apropriadas através da remoção de dados irrelevantes que interferem no resultado da detecção. No entanto, abordagens existentes para auxiliar IDS selecionam as variáveis apenas uma vez, não se adaptando as mudanças comportamentais. As variações inerentes ao tráfego de rede não são assim acompanhadas dinamicamente por estes selecionadores. Uma estratégia para reduzir a taxa de falsos alarmes em IDS baseados em anomalias é avaliar se num mesmo intervalo de tempo ocorrem mudanças abruptas em mais de uma variável de rede. Porém, esta estratégia assume como hipótese que as variáveis analisadas são correlacionadas, exigindo um procedimento prévio de seleção de variáveis. Este trabalho propõe um método dinâmico de seleção de variáveis para IDS de rede, chamado SDCorr (Seleção Dinâmica por Correlação), que opera na modalidade de filtro e utiliza como avaliador o teste de correlação de Pearson. O método adapta-se dinamicamente as variações do tráfego de rede por meio da seleção de novas variáveis a cada iteração com o detector. Assim, possibilita acompanhar as mudanças nos dados e estabelecer relações entre variáveis. Como resultado, melhora-se a precisão e desempenho do IDS através da eliminação de variáveis desnecessárias e da redução da dimensão dos dados analisados. Segurança Sistemas de detecção de intrusão Seleção de variáveis Security Intrusion detection systems Feature selection
46	Um modelo dinâmico de clusterização de dados aplicado na detecção de intrusão Rogério Akiyoshi Furukawa 25 April 2003 (has links) Atualmente, a segurança computacional vem se tornando cada vez mais necessária devido ao grande crescimento das estatísticas que relatam os crimes computacionais. Uma das ferramentas utilizadas para aumentar o nível de segurança é conhecida como Sistemas de Detecção de Intrusão (SDI). A flexibilidade e usabilidade destes sistemas têm contribuído, consideravelmente, para o aumento da proteção dos ambientes computacionais. Como grande parte das intrusões seguem padrões bem definidos de comportamento em uma rede de computadores, as técnicas de classificação e clusterização de dados tendem a ser muito apropriadas para a obtenção de uma forma eficaz de resolver este tipo de problema. Neste trabalho será apresentado um modelo dinâmico de clusterização baseado em um mecanismo de movimentação dos dados. Apesar de ser uma técnica de clusterização de dados aplicável a qualquer tipo de dados, neste trabalho, este modelo será utilizado para a detecção de intrusão. A técnica apresentada neste trabalho obteve resultados de clusterização comparáveis com técnicas tradicionais. Além disso, a técnica proposta possui algumas vantagens sobre as técnicas tradicionais investigadas, como realização de clusterizações multi-escala e não necessidade de determinação do número inicial de clusters / Nowadays, the computational security is becoming more and more necessary due to the large growth of the statistics that describe computer crimes. One of the tools used to increase the safety level is named Intrusion Detection Systems (IDS). The flexibility and usability of these systems have contributed, considerably, to increase the protection of computational environments. As large part of the intrusions follows behavior patterns very well defined in a computers network, techniques for data classification and clustering tend to be very appropriate to obtain an effective solutions to this problem. In this work, a dynamic clustering model based on a data movement mechanism are presented. In spite of a clustering technique applicable to any data type, in this work, this model will be applied to the detection intrusion. The technique presented in this work obtained clustering results comparable to those obtained by traditional techniques. Besides the proposed technique presents some advantages on the traditional techniques investigated, like multi-resolution clustering and no need to previously know the number of clusters Análise dos componentes principais Clusterização de dados Sistemas de detecção de intrusão Data clustering Intrusion detection systems Principal analisys component
47	A framework for correlation and aggregation of security alerts in communication networks : a reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspective Alserhani, Faeiz January 2011 (has links) The tremendous increase in usage and complexity of modern communication and network systems connected to the Internet, places demands upon security management to protect organisations' sensitive data and resources from malicious intrusion. Malicious attacks by intruders and hackers exploit flaws and weakness points in deployed systems through several sophisticated techniques that cannot be prevented by traditional measures, such as user authentication, access controls and firewalls. Consequently, automated detection and timely response systems are urgently needed to detect abnormal activities by monitoring network traffic and system events. Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) are technologies that inspect traffic and diagnose system behaviour to provide improved attack protection. The current implementation of intrusion detection systems (commercial and open-source) lacks the scalability to support the massive increase in network speed, the emergence of new protocols and services. Multi-giga networks have become a standard installation posing the NIDS to be susceptible to resource exhaustion attacks. The research focuses on two distinct problems for the NIDS: missing alerts due to packet loss as a result of NIDS performance limitations; and the huge volumes of generated alerts by the NIDS overwhelming the security analyst which makes event observation tedious. A methodology for analysing alerts using a proposed framework for alert correlation has been presented to provide the security operator with a global view of the security perspective. Missed alerts are recovered implicitly using a contextual technique to detect multi-stage attack scenarios. This is based on the assumption that the most serious intrusions consist of relevant steps that temporally ordered. The pre- and post- condition approach is used to identify the logical relations among low level alerts. The alerts are aggregated, verified using vulnerability modelling, and correlated to construct multi-stage attacks. A number of algorithms have been proposed in this research to support the functionality of our framework including: alert correlation, alert aggregation and graph reduction. These algorithms have been implemented in a tool called Multi-stage Attack Recognition System (MARS) consisting of a collection of integrated components. The system has been evaluated using a series of experiments and using different data sets i.e. publicly available datasets and data sets collected using real-life experiments. The results show that our approach can effectively detect multi-stage attacks. The false positive rates are reduced due to implementation of the vulnerability and target host information. 621.382
48	ABIDS-WSN: UM FRAMEWORK DE DETECÇÃO DE INTRUSÃO EM REDES DE SENSORES SEM FIO ORIENTADO POR AGENTES INTELIGENTES. / ABIDS-WSN: A Framework of Intrusion Detection in Wireless Sensor Networks Driven by Intelligent Agents. PIRES, Higo Fellipe Silva 26 January 2017 (has links) Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-01T14:53:33Z No. of bitstreams: 1 Higo Felipe.pdf: 3289455 bytes, checksum: 294f49f96fd41d35ca0024df16006292 (MD5) / Made available in DSpace on 2017-08-01T14:53:33Z (GMT). No. of bitstreams: 1 Higo Felipe.pdf: 3289455 bytes, checksum: 294f49f96fd41d35ca0024df16006292 (MD5) Previous issue date: 2017-01-26 / CAPES / Lately, there has been a significant advance in several technologies directly or indirectly related to Ubiquitous Computing. Among them, the technology of Wireless Sensor Networks (WSNs) can be mentioned. Having its space in the current scenario, the use of wireless sensors extends into various branches of human activity: industrial monitoring, smart houses, medical and military applications. However, several shortcomings and limitations in wireless sensors can be noted: limited hardware, energy and computational capacity are points that are always treated by those who work with such devices. As for these devices, there is, besides the factors already mentioned, an important concern regarding their safety. As with other devices, for these threats to be at least mitigated, it is necessary to create layers of security. One of these layers may be formed by Intrusion Detection Systems (IDS). However, due to the aforementioned hardware restriction of the sensors, the development of IDSs - as well as any other application - for such devices should assume such characteristics. As for IDSs, there are some aspects that need to be taken into account, especially flexibility, efficiency and adaptability to new situations. A paradigm that facilitates the implementation of such capabilities is the Intelligent Agents. Therefore, this paper describes the proposition of a framework for intrusion detection in WSNs based on intelligent agents. / Ultimamente, houve um avanço significativo em várias tecnologias direta ou indiretamente correlatas à Computação Ubíqua. Entre elas, pode-se citar a tecnologia das Redes de Sensores sem Fio (WSN s). Tendo já o seu espaço no atual cenário, o uso dos sensores sem fio se estende em vários ramos da atividade humana: monitoramento industrial, smart houses, aplicações médicas e militares. Entretanto, várias deficiências e limitações em sensores sem fio podem ser notadas: recursos limitados de hardware, energia e capacidade computacional são pontos a sempre serem tratados por quem trabalha com tais dispositivos. Quanto a esses dispositivos há, além dos fatores já citados, uma preocupação importante referente á sua segurança. Assim como em outros dispositivos, para que essas ameaças sejam, ao menos, mitigadas é necessário criar camadas de segurança. Uma dessas camadas pode ser formada pelos Sistemas de Detecção de Intrusão (IDS). No entanto, devido à já mencionada restrição de hardware dos sensores, o desenvolvimento de IDSs bem como qualquer outra aplicação para esses dispositivos deve supor tais características. No que se refere, ainda, aos IDSs, há alguns aspectos que devem ser levados em conta, sobretudo flexibilidade, a eficiência e a capacidade de adaptação a novas situações. Um paradigma que facilita a implementação de tais capacidades são os Agentes Inteligentes. Sendo assim, este trabalho descreve a proposta de um framework para detecção de intrusões em WSNs baseado em agentes inteligentes. Engenharia de Software
49	A framework for system fingerprinting Radhakrishnan, Sakthi Vignesh 29 March 2013 (has links) The primary objective of the proposed research is to develop a framework for smart and robust fingerprinting of networked systems. Many fingerprinting techniques have been proposed in the past, however most of these techniques are designed for a specific purpose, such as Operating System (OS) fingerprinting, Access Point (AP) fingerprinting, etc. Such standalone techniques often have limitations which render them dysfunctional in certain scenarios or against certain counter measures. In order to overcome such limitations, we propose a fingerprinting framework that can combine multiple fingerprinting techniques in a smart manner, using a centralized decision making engine. We believe that any given scenario or a counter measure is less likely to circumvent a group of diverse fingerprinting techniques, which serves as the primary motivation behind the aforementioned method of attack. Another major portion of the thesis concentrates on the design and development of a device and device type fingerprinting sub-module (GTID) that has been integrated into the proposed framework. This sub-module used statistical analysis of packet inter arrival times (IATs) to identify the type of device that is generating the traffic. This work also analyzes the performance of the identification technique on a real campus network and propose modifications that use pattern recognition neural networks to improve the overall performance. Additionally, we impart capabilities to the fingerprinting technique to enable the identification of 'Unknown' devices (i.e., devices for which no signature is stored), and also show that it can be extended to perform both device and device type identification. Access control Device type fingerprinting Device fingerprinting System Fingerprinting GTID Security framework Computer networks Security measures
50	A Novel Method For The Detection Of P2p Traffic In The Network Backbone Inspired By Intrusion Detection Systems Soysal, Murat 01 June 2006 (has links) (PDF) The share of peer-to-peer (P2P) protocol in the total network traffic grows dayby- day in the Turkish Academic Network (UlakNet) similar to the other networks in the world. This growth is mostly because of the popularity of the shared content and the great enhancement in the P2P protocol since it first came out with Napster. The shared files are generally both large and copyrighted. Motivated by the problems of UlakNet with the P2P traffic, we propose a novel method for P2P traffic detection in the network backbone in this thesis. Observing the similarity between detecting traffic that belongs to a specific protocol and detecting an intrusion in a computer system, we adopt an Intrusion Detection System (IDS) technique to detect P2P traffic. Our method is a passive detection procedure that uses traffic flows gathered from border routers. Hence, it is scalable and does not have the problems of other approaches that rely on packet payload data or transport layer ports.

Search results