Global ETD Search

31	Malicious user attacks in decentralised cognitive radio networks Sivakumaran, Arun January 2020 (has links) Cognitive radio networks (CRNs) have emerged as a solution for the looming spectrum crunch caused by the rapid adoption of wireless devices over the previous decade. This technology enables efficient spectrum utility by dynamically reusing existing spectral bands. A CRN achieves this by requiring its users – called secondary users (SUs) – to measure and opportunistically utilise the band of a legacy broadcaster – called a primary user (PU) – in a process called spectrum sensing. Sensing requires the distribution and fusion of measurements from all SUs, which is facilitated by a variety of architectures and topologies. CRNs possessing a central computation node are called centralised networks, while CRNs composed of multiple computation nodes are called decentralised networks. While simpler to implement, centralised networks are reliant on the central node – the entire network fails if this node is compromised. In contrast, decentralised networks require more sophisticated protocols to implement, while offering greater robustness to node failure. Relay-based networks, a subset of decentralised networks, distribute the computation over a number of specialised relay nodes – little research exists on spectrum sensing using these networks. CRNs are vulnerable to unique physical layer attacks targeted at their spectrum sensing functionality. One such attack is the Byzantine attack; these attacks occur when malicious SUs (MUs) alter their sensing reports to achieve some goal (e.g. exploitation of the CRN’s resources, reduction of the CRN’s sensing performance, etc.). Mitigation strategies for Byzantine attacks vary based on the CRN’s network architecture, requiring defence algorithms to be explored for all architectures. Because of the sparse literature regarding relay-based networks, a novel algorithm – suitable for relay-based networks – is proposed in this work. The proposed algorithm performs joint MU detection and secure sensing by large-scale probabilistic inference of a statistical model. The proposed algorithm’s development is separated into the following two parts. • The first part involves the construction of a probabilistic graphical model representing the likelihood of all possible outcomes in the sensing process of a relay-based network. This is done by discovering the conditional dependencies present between the variables of the model. Various candidate graphical models are explored, and the mathematical description of the chosen graphical model is determined. • The second part involves the extraction of information from the graphical model to provide utility for sensing. Marginal inference is used to enable this information extraction. Belief propagation is used to infer the developed graphical model efficiently. Sensing is performed by exchanging the intermediate belief propagation computations between the relays of the CRN. Through a performance evaluation, the proposed algorithm was found to be resistant to probabilistic MU attacks of all frequencies and proportions. The sensing performance was highly sensitive to the placement of the relays and honest SUs, with the performance improving when the number of relays was increased. The transient behaviour of the proposed algorithm was evaluated in terms of its dynamics and computational complexity, with the algorithm’s results deemed satisfactory in this regard. Finally, an analysis of the effectiveness of the graphical model’s components was conducted, with a few model components accounting for most of the performance, implying that further simplifications to the proposed algorithm are possible. / Dissertation (MEng)--University of Pretoria, 2020. / Electrical, Electronic and Computer Engineering / MEng / Unrestricted UCTD Decentralised cognitive radio networks malicious user detection cooperative spectrum sensing data fusion
32	Novel Alert Visualization: The Development of a Visual Analytics Prototype for Mitigation of Malicious Insider Cyber Threats Clarke, Karla A. 01 January 2018 (has links) Cyber insider threat is one of the most difficult risks to mitigate in organizations. However, innovative validated visualizations for cyber analysts to better decipher and react to detected anomalies has not been reported in literature or in industry. Attacks caused by malicious insiders can cause millions of dollars in losses to an organization. Though there have been advances in Intrusion Detection Systems (IDSs) over the last three decades, traditional IDSs do not specialize in anomaly identification caused by insiders. There is also a profuse amount of data being presented to cyber analysts when deciphering big data and reacting to data breach incidents using complex information systems. Information visualization is pertinent to the identification and mitigation of malicious cyber insider threats. The main goal of this study was to develop and validate, using Subject Matter Experts (SME), an executive insider threat dashboard visualization prototype. Using the developed prototype, an experimental study was conducted, which aimed to assess the perceived effectiveness in enhancing the analysts’ interface when complex data correlations are presented to mitigate malicious insiders cyber threats. Dashboard-based visualization techniques could be used to give full visibility of network progress and problems in real-time, especially within complex and stressful environments. For instance, in an Emergency Room (ER), there are four main vital signs used for urgent patient triage. Cybersecurity vital signs can give cyber analysts clear focal points during high severity issues. Pilots must expeditiously reference the Heads Up Display (HUD), which presents only key indicators to make critical decisions during unwarranted deviations or an immediate threat. Current dashboard-based visualization techniques have yet to be fully validated within the field of cybersecurity. This study developed a visualization prototype based on SME input utilizing the Delphi method. SMEs validated the perceived effectiveness of several different types of the developed visualization dashboard. Quantitative analysis of SME’s perceived effectiveness via self-reported value and satisfaction data as well as qualitative analysis of feedback provided during the experiments using the prototype developed were performed. This study identified critical cyber visualization variables and identified visualization techniques. The identifications were then used to develop QUICK.v™ a prototype to be used when mitigating potentially malicious cyber insider threats. The perceived effectiveness of QUICK.v™ was then validated. Insights from this study can aid organizations in enhancing cybersecurity dashboard visualizations by depicting only critical cybersecurity vital signs. Information technology cybersecurity insider threat Intrusion Detection malicious insider visualization vital signs Computer Sciences
33	Detecting Malicious Behavior in OpenWrt with QEMU Tracing Porter, Jeremy 06 August 2019 (has links) No description available. Computer Engineering Computer Science embedded devices malware rootkits malicious router QEMU OpenWrt HTTP request
34	Applying Push-Pull-Mooring model to investigate non-malicious workarounds behavior Aljohani, Nawaf Rasheed 08 August 2023 (has links) (PDF) More than half of the violations of information systems security policies are initiated by non-malicious activities of insiders. To investigate these non-malicious activities, we utilized the theory of workaround and argued that the application of neutralization techniques impacts the use of workarounds. We built our model using three theories: the theory of workaround, push-pull-mooring theory, and techniques of neutralization. We identified the elements of workarounds related to non-malicious violations and proposed a theoretical perspective using the push-pull-mooring theory to investigate non-malicious workarounds empirically. We propose that non-malicious activities of insiders can be seen as a switching behavior, with push factors such as system dissatisfaction and time pressure, and pull factors such as convenience and alternative attractiveness. The mooring factors in our model are techniques of neutralization, including denial of injury, denial of responsibility, and defense of necessity. We employed the scenario-based factorial survey method to mitigate the effect of social desirability bias. Our mixed model analysis indicates that time pressure, convenience, denial of injury, and defense of necessity significantly impact an individual's likelihood of engaging in non-malicious workarounds. Additionally, the relative weight analysis of our model shows that convenience and time pressure explain most of the variance in our model. Insider non-malicious threat workaround push-pull-mooring techniques of neutralization factorial survey method
35	Evaluation of machine learning models for classifying malicious URLs Abad, Shayan, Gholamy, Hassan January 2023 (has links) Millions of new websites are created daily, making it challenging to determine which ones are safe. Cybersecurity involves protecting companies and users from cyberattacks. Cybercriminals exploit various methods, including phishing attacks, to trick users into revealing sensitive information. In Australia alone, there were over 74,000 reported phishing attacks in 2022, resulting in a financial loss of over $24 million. Artificial intelligence (AI) and machine learning are effective tools in various domains, such as cancer detection, financial fraud detection, and chatbot development. Machine learning models, such as Random Forest and Support Vector Machines, are commonly used for classification tasks. With the rise of cybercrime, it is crucial to use machine learning to identify both known and new malicious URLs. The purpose of the study is to compare different instance selection methods and machine learning models for classifying malicious URLs. In this study, a dataset containing approximately 650,000 URLs from Kaggle was used. The dataset consisted of four categories: phishing, defacement, malware, and benign URLs. Three datasets, each consisting of around 170,000 URLs, were generated using instance selection methods (DRLSH, BPLSH, and random selection) implemented in MATLAB. Machine learning models, including SVM, DT, KNNs, and RF, were employed. The study applied these instance selection methods to a dataset of malicious URLs, trained the machine learning models on the resulting datasets, and evaluated their performance using 16 features and one output feature. In the process of hyperparameter tuning, the training dataset was used to train four models with different hyperparameter settings. Bayesian optimization was employed to find the best hyperparameters for each model. The classification process was then conducted, and the results were compared. The study found that the random instance selection method outperformed the other two methods, BPLSH and DRLSH, in terms of both accuracy and elapsed time for data selection. The lower accuracies achieved by the DRLSH and BPLSH methods may be attributed to the imbalanced dataset, which led to poor sample selection. Machine learning Cyber security Classification Malicious URL Instance selection Computer Engineering Datorteknik
36	Study of Information Behavior of Opportunistic Insiders with Malicious Intent Sinha, Vikas 05 1900 (has links) Enterprises have focused on mechanisms to track insiders who may intentionally exceed and misuse their authorized access. However, there is an opportunity to understand why a trusted individual would want to exploit the trust and seek information with the intent of a malicious outcome. The detection of insider rogue or nefarious activities with information to which a user is already authorized is extremely difficult. Such insider threats require more deliberation than just considering it to be a problem that can be mitigated only by software or hardware enhancements. This research expects to help gain an early understanding of antecedents to such information behavior and provide an opportunity to develop approaches to address relevant character traits which could lead to a higher propensity of information misuse. This research proposes a theoretical framework and a conceptual research model to understand the antecedent factors to opportunistic information-seeking behavior of individuals. The study follows the three-essay format. Essay 1 explores the scholarly literature published about insider behavior to understand information behavior and proposes the theoretical framework for the study. PRISMA methodology was used for the thematic literature review. Essay 2 is a quantitative study of 424 university students surveyed using an online instrument for their responses to various scenarios in the context of academic dishonesty. Academic dishonesty is proposed as a proxy for information misuse. Essay 3 is a qualitative study engaging senior executives from various industries to understand their perspectives on the behavioral characteristics of individuals as they try to protect their corporate information from being misused and protect their reputation and liability from malicious use of their information. Malicious Information Behavior Opportunistic Information Behavior Insider Threat Information Security Moral Resiliency Social Resiliency Zero-Trust
37	The Everyday Internet, a Minefield in Disguise : Characterization of different types of domains including malicious and popularity / Internet, ett minfält i förklädnad. Petersson, Linn, Lindkvist, Rebecka January 2022 (has links) Today, security has become a growing concern for all internet users, where technology is developing faster than its security is implemented, which leads to insecure domains. In this thesis, we look at the reality of today’s domains and research if some categories of domains are safer than others and the reason behind it. The total amount of researched domains was 8080 divided into four categories; popular, categories, continents, and malicious. The analysis was made by looking closer at default protocols, cipher suites, certificate authorities (CAs), certificate classifications, page loading times, and vulnerabilities. Our result indicated that TLS 1.2 and TLS 1.3 are the most commonly used protocol. The largest difference between the domains could be seen among the CAs, even though no definite reason for this could be found. The most popular cipher suite for popular, categories, and malicious belonged to TLS 1.3 meanwhile, continents had a cipher suite belonging to TLS 1.2. All four categories were vulnerable to at least five out of eight different types of attacks. The least commonly used certificate classification is EV certificates, while DV is the most commonly used. Through our data collection and analysis, we could conclude that all domains are not as safe as one might think, while the underlying security infrastructure of malicious domains might be better than anyone expects. characterisation malicious domains vulnerabilities cipher suites TLS protocols security certificates Computer and Information Sciences Data- och informationsvetenskap
38	Algorithmic Mechanism Design for Data Replication Problems Guo, Minzhe 13 September 2016 (has links) No description available. Computer Science algorithmic mechanism design content delivery data replica placement malicious peer-assisted self-interested
39	Detekce škodlivých webových stránek pomocí strojového učení / Detection of Malicious Websites using Machine Learning Šulák, Ladislav January 2018 (has links) Táto práca sa zaoberá problematikou škodlivého kódu na webe so zameraním na analýzu a detekciu škodlivého JavaScriptu umiestneného na strane klienta s využitím strojového učenia. Navrhnutý prístup využíva známe i nové pozorovania s ohľadom na rozdiely medzi škodlivými a legitímnymi vzorkami. Tento prístup má potenciál detekovať nové exploity i zero-day útoky. Systém pre takúto detekciu bol implementovaný a využíva modely strojového učenia. Výkon modelov bol evaluovaný pomocou F1-skóre na základe niekoľkých experimentov. Použitie rozhodovacích stromov sa podľa experimentov ukázalo ako najefektívnejšia možnosť. Najefektívnejším modelom sa ukázal byť Adaboost klasifikátor s dosiahnutým F1-skóre až 99.16 %. Tento model pracoval s 200 inštanciami randomizovaného rozhodovacieho stromu založeného na algoritme Extra-Trees. Viacvrstvový perceptrón bol druhým najlepším modelom s dosiahnutým F1-skóre 97.94 %.
40	Network layer reliability and security in energy harvesting wireless sensor networks Yang, Jing 08 December 2023 (has links) (PDF) Wireless sensor networks (WSNs) have become pivotal in precision agriculture, environmental monitoring, and smart healthcare applications. However, the challenges of energy consumption and security, particularly concerning the reliance on large battery-operated nodes, pose significant hurdles for these networks. Energy-harvesting wireless sensor networks (EH-WSNs) emerged as a solution, enabling nodes to replenish energy from the environment remotely. Yet, the transition to EH-WSNs brought forth new obstacles in ensuring reliable and secure data transmission. In our initial study, we tackled the intermittent connectivity issue prevalent in EH-WSNs due to the dynamic behavior of energy harvesting nodes. Rapid shifts between ON and OFF states led to frequent changes in network topology, causing reduced link stability. To counter this, we introduced the hybrid routing method (HRM), amalgamating grid-based and opportunistic-based routing. HRM incorporated a packet fragmentation mechanism and cooperative localization for both static and mobile networks. Simulation results demonstrated HRM's superior performance, enhancing key metrics such as throughput, packet delivery ratio, and energy consumption in comparison to existing energy-aware adaptive opportunistic routing approaches. Our second research focused on countering emerging threats, particularly the malicious energy attack (MEA), which remotely powers specific nodes to manipulate routing paths. We developed intelligent energy attack methods utilizing Q-learning and Policy Gradient techniques. These methods enhanced attacking capabilities across diverse network settings without requiring internal network information. Simulation results showcased the efficacy of our intelligent methods in diverting traffic loads through compromised nodes, highlighting their superiority over traditional approaches. In our third study, we developed a deep learning-based two-stage framework to detect MEAs. Utilizing a stacked residual network (SR-Net) for global classification and a stacked LSTM network (SL-Net) to pinpoint specific compromised nodes, our approach demonstrated high detection accuracy. By deploying trained models as defenses, our method outperformed traditional threshold filtering techniques, emphasizing its accuracy in detecting MEAs and securing EH-WSNs. In summary, our research significantly advances the reliability and security of EH-WSN, particularly focusing on enhancing the network layer. These findings offer promising avenues for securing the future of wireless sensor technologies. Hybrid Routing Method (HRM) Intermittent Connectivity Energy Harvesting Malicious Energy Attack (MEA) Reinforcement Learning (RL) Malicious Energy Attack Detection Deep Learning(DL)

Search results