• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 48
  • 5
  • 4
  • 3
  • 3
  • 3
  • 2
  • 2
  • 1
  • Tagged with
  • 84
  • 36
  • 29
  • 28
  • 19
  • 18
  • 17
  • 17
  • 16
  • 15
  • 13
  • 13
  • 12
  • 12
  • 12
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
41

Feature selection and clustering for malicious and benign software characterization

Chhabra, Dalbir Kaur R 13 August 2014 (has links)
Malware or malicious code is design to gather sensitive information without knowledge or permission of the users or damage files in the computer system. As the use of computer systems and Internet is increasing, the threat of malware is also growing. Moreover, the increase in data is raising difficulties to identify if the executables are malicious or benign. Hence, we have devised a method that collects features from portable executable file format using static malware analysis technique. We have also optimized the important or useful features by either normalizing or giving weightage to the feature. Furthermore, we have compared accuracy of various unsupervised learning algorithms for clustering huge dataset of samples. So once the clusters are created we can use antivirus (AV) to identify one or two file and if they are detected by AV then all the files in cluster are malicious even if the files contain novel or unknown malware; otherwise all are benign.
42

Modèle de protection contre les codes malveillants dans un environnement distribué / Malicious Codes Detection in Distributed Environments

Ta, Thanh Dinh 11 May 2015 (has links)
La thèse contient deux parties principales: la première partie est consacrée à l’extraction du format des messages, la deuxième partie est consacrée à l’obfuscation des comportements des malwares et la détection. Pour la première partie, nous considérons deux problèmes: "la couverture des codes" et "l’extraction du format des messages". Pour la couverture des codes, nous proposons une nouvelle méthode basée sur le "tainting intelligent" et sur l’exécution inversée. Pour l’extraction du format des messages, nous proposons une nouvelle méthode basée sur la classification de messages en utilisant des traces d’exécution. Pour la deuxième partie, les comportements des codes malveillants sont formalisés par un modèle abstrait pour la communication entre le programme et le système d’exploitation. Dans ce modèle, les comportements du programme sont des appels systèmes. Étant donné les comportements d’un programme bénin, nous montrons de façon constructive qu’il existe plusieurs programmes malveillants ayant également ces comportements. En conséquence, aucun détecteur comportemental n’est capable de détecter ces programmes malveillants / The thesis consists in two principal parts: the first one discusses the message for- mat extraction and the second one discusses the behavioral obfuscation of malwares and the detection. In the first part, we study the problem of “binary code coverage” and “input message format extraction”. For the first problem, we propose a new technique based on “smart” dynamic tainting analysis and reverse execution. For the second one, we propose a new method using an idea of classifying input message values by the corresponding execution traces received by executing the program with these input values. In the second part, we propose an abstract model for system calls interactions between malwares and the operating system at a host. We show that, in many cases, the behaviors of a malicious program can imitate ones of a benign program, and in these cases a behavioral detector cannot distinguish between the two programs
43

A Security Framework for Wireless Sensor Networks

Zia, Tanveer January 2008 (has links)
Doctor of Philosophy (PhD) / Sensor networks have great potential to be employed in mission critical situations like battlefields but also in more everyday security and commercial applications such as building and traffic surveillance, habitat monitoring and smart homes etc. However, wireless sensor networks pose unique security challenges. While the deployment of sensor nodes in an unattended environment makes the networks vulnerable to a variety of potential attacks, the inherent power and memory limitations of sensor nodes makes conventional security solutions unfeasible. Though there has been some development in the field of sensor network security, the solutions presented thus far address only some of security problems faced. This research presents a security framework WSNSF (Wireless Sensor Networks Security Framework) to provide a comprehensive security solution against the known attacks in sensor networks. The proposed framework consists of four interacting components: a secure triple-key (STKS) scheme, secure routing algorithms (SRAs), a secure localization technique (SLT) and a malicious node detection mechanism. Singly, each of these components can achieve certain level of security. However, when deployed as a framework, a high degree of security is achievable. WSNSF takes into consideration the communication and computation limitations of sensor networks. While there is always a trade off between security and performance, experimental results prove that the proposed framework can achieve high degree of security with negligible overheads.
44

Skadlig kod och sårbarheter i Windows : En studie i virusens historia och nutidens olika säkerhetsrisker

Lejdemalm, Roger, Andreasson, Daniel January 2008 (has links)
<p>I dag kan man oftast läsa om olika säkerhetshot och risker en datoranvändare måste tänka på för att inte ge någon utomstående möjlighet att komma åt känslig och/eller privat information. Här talas det om nya virus och nya typer av trojaner som sprids som epidemier över Internet, och i bland handlar det om ett spionprogram som följer med en nedladdad fil. Det är svårt att hålla reda på alla typer av skadlig kod som nämns fast med ökad förståelse ökar också chanserna för att klara sig från smitta. Det har visat sig att utvecklingen av skadlig kod är lika stark som den inom kommersiella mjukvaror. Från persondatorns uppkomst i början av 80-talet och fram till i dag, har utveckling skett i alla områden av den skadliga kod det handlar om strategi, syfte och framförallt ren kodkomplexitet.</p><p>Dagens ledande leverantör av operativsystem och webbläsare, Microsoft, lovar allt mer sofistikerade säkerhetslösningar varje gång en ny version av ett program släpps. Framförallt nämndes det i samband med lanseringen av Windows Vista att säkerheten var det som stod högst på listan.</p><p>Vi har tillsammans med WM-data i Stockholm tagit fram en programvara för fjärradministration av Windows. Huvudmålet var att med hjälp av våra baskunskaper i programmering skapa ett program för Windows XP och Windows Vista där en rad funktioner skulle kunna fjärrstyras utan att en användare vid den drabbade datorn upptäckte intrånget.</p><p>I denna rapport beskrivs utvecklingen av programvaran och de tester som gjorts på de båda operativsystemen. Vidare delas begreppet ”skadlig kod” upp i kategorierna virus, maskar, trojaner samt rootkits och förklaras mer ingående tillsammans med en historisk bild över hur utvecklingen av skadlig kod har sett ut.</p> / <p>In media today, you often read about different security threats and risks that one has to be aware of. Many things must be taken into consideration in order to maintain your integrity and information secrecy. It might be new virus outbreak, a new trojan or some kind of spy ware that undetected finds the way to your computer. It’s hard to keep track of all terms and types of malicious code, and with greater understanding, the risk of infection decreases. The development when it comes to malicious code is as strong as the one in commercial software development. From the 80’s until present day, every area in the development of malicious code has evolved, from strategy and purpose to the pure complexity of the code.</p><p>Microsoft, the worlds leading supplier of operating systems and web browsers, ensure us with every new release, that measures has been taken in order to enhance the security features. As the new operating system Windows Vista was released, spokesmen said that the security was now the highest priority.</p><p>We have, together with WM-data in Stockholm, developed software for remote administration of Windows. The objectives where by using our limited programming skills only, to come up with a program for Windows XP and Windows Vista, where a number of functions could be remotely executed without alerting a user at the infected computer.</p><p>This report describes the development of the software together with test results of execution on both operating systems. Further on, the report discusses different types of malicious code, such as viruses, worms, Trojans and root kits, together with a historical study of the development of malicious code.</p>
45

A Security Framework for Wireless Sensor Networks

Zia, Tanveer January 2008 (has links)
Doctor of Philosophy (PhD) / Sensor networks have great potential to be employed in mission critical situations like battlefields but also in more everyday security and commercial applications such as building and traffic surveillance, habitat monitoring and smart homes etc. However, wireless sensor networks pose unique security challenges. While the deployment of sensor nodes in an unattended environment makes the networks vulnerable to a variety of potential attacks, the inherent power and memory limitations of sensor nodes makes conventional security solutions unfeasible. Though there has been some development in the field of sensor network security, the solutions presented thus far address only some of security problems faced. This research presents a security framework WSNSF (Wireless Sensor Networks Security Framework) to provide a comprehensive security solution against the known attacks in sensor networks. The proposed framework consists of four interacting components: a secure triple-key (STKS) scheme, secure routing algorithms (SRAs), a secure localization technique (SLT) and a malicious node detection mechanism. Singly, each of these components can achieve certain level of security. However, when deployed as a framework, a high degree of security is achievable. WSNSF takes into consideration the communication and computation limitations of sensor networks. While there is always a trade off between security and performance, experimental results prove that the proposed framework can achieve high degree of security with negligible overheads.
46

Κατανεμημένη ανίχνευση φάσματος σε γνωστικές ασύρματες επικοινωνίες / Distributed spectrum sensing in cognitive radios

Παναγή, Σπυριδούλα Δανάη 19 April 2010 (has links)
Με τη ραγδαία ανάπτυξη των ασύρματων επικοινωνιών και την μαζική χρήση τους, εμφανίστηκε το πρόβλημα της διάθεσης των ραδιοσυχνοτήτων του φάσματος, του κύριου αλλά πεπερασμένου πόρου για τις ασύρματες επικοινωνίες. Η κύρια πολιτική πρόσβασης στο φάσμα ραδιοσυχνοτήτων, είναι η εξουσιοδότηση επιλεγμένων χρηστών να μεταδίδουν σε συγκεκριμένο εύρος συχνοτήτων. Παρά την κάλυψη όλων των ραδιοσυχνοτήτων από εξουσιοδοτημένους χρήστες, την αυξημένη ζήτηση και το υψηλό κόστος πρόσβασης, μετά από έρευνες αποδεδείχθηκε ότι μόνο το 70% του φάσματος χρησιμοποιείται αποδοτικά μέχρι σήμερα. Η τεχνολογία του Cognitive Radio αναπτύχθηκε με την προοπτική να επιτύχει αποτελεσματικότερη χρήση του φάσματος, δίνοντας τη δυνατότητα σε μη εξουσιοδοτημένους χρήστες να έχουν πρόσβαση σε συχνότητες που είναι καθόλου ή μερικώς κατειλημμένες από τους εξουσιοδοτημένους χρήστες, στο χώρο και στο χρόνο. Η τεχνολογία του Cognitive Radio εφαρμόζει δυο βήματα. Πρώτα αντιλαμβάνεται την κατάσταση του φάσματος στο χώρο σε συγκεκριμένες χρονικές στιγμές και έπειτα διαθέτει δυναμικά τις ελεύθερες συχνότητες που εντόπισε στους μη εξουσιοδοτημένους χρήστες, η διαδικασίες ονομάζονται ανίχνευση και κατανομή φάσματος αντίστοιχα. Ο μόνος περιορισμός είναι, το εκπεμπόμενο σήμα των μη εξουσιοδοτημένων χρηστών να μην παρεμβαίνει (με τη μορφή θορύβου) στο σήμα των εξουσιοδοτημένων χρηστών. Σε αυτήν την εργασία θα υλοποιηθεί μια μέθοδος της διαδικασίας ανίχνευσης φάσματος και οι τεχνικές που την εφαρμόζουν. Ο κύριος στόχος της ανίχνευσης φάσματος είναι ο εντοπισμός των εξουσιοδοτημένων χρηστών όταν αυτοί εκπέμπουν στις καθορισμένες για τον καθένα συχνότητες. Αυτό επιτυγχάνεται όταν φτάνει το σήμα των εξουσιοδοτημένων χρηστών στην κεραία του μη εξουσιοδοτημένου χρήστη. To βασικό εμπόδιο που παρουσιάζεται για τον εντοπισμό αυτών είναι η εξασθένηση του σήματος του εξουσιοδοτημένου χρήστη εξαιτίας των κακών συνθηκών καναλιού που προκύπτουν από τα φαινόμενα multipath, distance dependent path loss και shadowing. Μελέτες έδειξαν ότι η συνεργασία των μη εξουσιοδοτημένων χρηστών σε ένα δίκτυο μπορεί να ακυρώσει την επίδραση τέτοιων φαινόμενων στη διαδικασία εντοπισμού. Έτσι έχουν αναπτυχθεί ποικίλες τεχνικές ανίχνευσης φάσματος βασισμένες στη συνεργασία των μη εξουσιοδοτημένων χρηστών. Η παρούσα εργασία υλοποιεί μια μέθοδο συνεργαζόμενης ανίχνευσης φάσματος που βασίζεται στην ενέργεια του σήματος. Λόγω του κινδύνου αλλοίωσης αποτελεσμάτων από την παρουσία κακόβουλων χρηστών σε συστήματα συνεργασίας, η τεχνική συνεργασίας που επιλέχθηκε εστιάζει στην προστασία του δικτύου από κακόβουλους χρήστες. Μια τέτοια τεχνική θα συγκέντρωνε όλη την απαιτούμενη επεξεργαστική ισχύ σε έναν μη εξουσιοδοτημένο χρήστη που θα αποτελούσε το κέντρο παραγωγής των αποφάσεων-το fusion center. Στην εργασία αυτή η απαιτούμενη επεξεργαστική ισχύς κατανέμεται σε όλους τους μη εξουσιοδοτημένους χρήστες. Αυτό επιτυγχάνεται εισάγοντας ένα επιπλέον βήμα στη διαδικασία. Οι μη εξουσιοδοτημένοι χρήστες εκτελούν αρχικά μια νέα τεχνική ανίχνευσης φάσματος μεμονωμένα, ώστε η τελική απόφαση του fusion center να αφορά αυτές τις συχνότητες για τις οποίες δεν υπήρξε ταύτιση από την πλειοψηφία τους. Η νέα τεχνική που θα εκτελείται μεμονωμένα από τους μη εξουσιοδοτημένους χρήστες είναι μια τεχνική ανίχνευσης φάσματος που δεν διακρίνεται για τα καλά της αποτελέσματα και η μόνη εγγύηση που μπορεί να προσφέρει είναι ο ακριβής εντοπισμός των συχνοτήτων στις οποίες οι εξουσιοδοτημένοι χρήστες δεν μεταδίδουν, θυσιάζοντας πιθανώς κατειλημμένες συχνότητες. Η στοιχειώδης λειτουργία αυτής της τεχνικής σε συνδυασμό με τις ανύπαρκτες απαιτήσεις σε δεδομένα εκ των προτέρων γνωστά, την χαρακτηρίζει πλήρως κατάλληλη για πρώτο βήμα στη μέθοδο που αναπτύχθηκε. / Due to rapid growth of wireless communications and the massive use of them, the problem of sharing the radio spectrum, the main though finite source of wireless communication, made its appearance. The main radio spectrum access policy is to predefine users -named primary- for transmitting to particular radio frequencies. Nevertheless the authorization of the whole the radio spectrum, given the strong competition and the high financial cost for access, doesn’t exploit completely the source. On the contrary, researches have shown that only the 70 % of the radio spectrum is effectively used. The Cognitive Radio technology was developed with the prospect to achieve a more effective use of spectrum, by giving the chance of transmission to non authorization users -secondary- in frequencies which are partially or completely unoccupied with primary users’ signals, from the perspectives of time and space. Cognitive Radio technology applies two processes. At first it senses the spectrum current flow in particular space and time periods, then it dynamically sharing those available frequencies which it sensed, to secondary users. These processes named as Spectrum Sensing and Spectrum Access respectively. The only restriction define to that, transmitted signal of secondary users is forbidden from interfering with primary user signal. In this study, a method of Spectrum Sensing process and individual techniques will be developed. The main objective of Spectrum Sensing process is to determine primary users when they transmit to predefined frequencies. This can be accomplished provided that the signal of primary user can be received from secondary user. Signal deterioration due to channel conditions could be a reason for secondary users in order to not receive primary user signal. Some of these conditions are multipath, distance dependent path loss και shadowing phenomenon. Researches have shown that the secondary users’ cooperation can avoid the effect of those conditions in spectrum sensing process. Thus a variety of spectrum sensing techniques have been developed, which are based on secondary users’ cooperation. In the present study is performed an energy based cooperative spectrum sensing method. Due to the possibility of cooperating with malicious users in the process, the performed cooperation technique focuses on protection from malicious users. Note that such a technique will concentrate the whole computing power on a single secondary user, which one make the final decision and named fusion center. The method of this study distributes the computing power among all the secondary users. That happens by adding one more step in the process. Secondary users firstly execute a spectrum sensing technique individually, in order the process of fusion center to affect only those frequencies, which secondary individual decisions achieved a degree of unanimity for. The individual technique executed by secondary users is not typical of good results in sensing the primary users who transmit, however it gives a guarantee of small values in false alarm possibility. The fundamental operation of this technique in coexistence with very few a-priory requirements made it the appropriate technique for the first step of our method.
47

Techniques de Test Pour la Détection de Chevaux de Troie Matériels en Circuits Intégrés de Systèmes Sécurisés / Testing Techniques for Detection of Hardware Trojans in Integrated Circuits of Trusted Systems

Acunha guimarães, Leonel 01 December 2017 (has links)
La mondialisation et la déverticalisation des métiers du semi-conducteur a mené cette industrie à sous-traiter certaines étapes de conception et souvent la totalité de la fabrication. Au cours de ces étapes, les circuits intégrés (CIs) sont vulnérables à des altérations malignes : les chevaux de Troie matériels (HTs). Dans les applications sécuritaires, il est important de garantir que les circuits intégrés utilisés ne soient pas altérés par de tels dispositifs. Afin d'offrir un niveau de confiance élevé dans ces circuits, il est nécessaire de développer de nouvelles techniques de test pour détecter les HTs, aussi légers et furtifs soient-ils. Cette thèse étudie les menaces et propose deux approches originales de test post-fabrication pour détecter des HTs implantés après synthèse. La première technique exploite des capteurs de courant incorporés au substrat (BBICS), originalement conçus pour identifier les défauts transitoires dans les CIs. Dans notre cas, ils fournissent une signature numérique obtenue par analyse statistique permettant de détecter tout éventuel HT, même au niveau dopant. La deuxième proposition est une méthode non intrusive pour détecter les HTs dans les circuits asynchrones. Cette technique utilise la plateforme de test du circuit et ne requiert aucun matériel supplémentaire. Elle permet la détection de HTs dont la surface est inférieure à 1% de celle du circuit. Les méthodes et les techniques-,- mises au point dans cette thèse-,- contribuent donc à réduire la vulnérabilité des CIs aux HTs soit par adjonction d'un capteur (BBICS), soit en exploitant les mécanismes de test s'il s'agit de circuits asynchrones. / The world globalization has led the semiconductor industry to outsource design and fabrication phases, making integrated circuits (ICs) potentially more vulnerable to malicious modifications at design or fabrication time: the hardware Trojans (HTs). New efficient testing techniques are thus required to disclose potential slight and stealth HTs, and to ensure trusted devices. This thesis studies possible threats and proposes two new post-silicon testing techniques able to detect HTs implanted after the generation of the IC netlist. The first proposed technique exploits bulk built-in current sensors (BBICS) -- which are originally designed to identify transient faults in ICs -- by using them as testing mechanisms that provide statistically-comparable digital signatures of the devices under test. With only 16 IC samples, the testing technique can detect dopant-level Trojans of zero-area overhead. The second proposition is a non-intrusive technique for detection of gate-level HTs in asynchronous circuits. With this technique, neither additional hardware nor alterations on the original test set-up are required to detect Trojans smaller than 1% of the original circuit. The studies and techniques devised in this thesis contribute to reduce the IC vulnerability to HT, reusing testing mechanisms and keeping security features of original devices.
48

Discovering and Mitigating Social Data Bias

January 2017 (has links)
abstract: Exabytes of data are created online every day. This deluge of data is no more apparent than it is on social media. Naturally, finding ways to leverage this unprecedented source of human information is an active area of research. Social media platforms have become laboratories for conducting experiments about people at scales thought unimaginable only a few years ago. Researchers and practitioners use social media to extract actionable patterns such as where aid should be distributed in a crisis. However, the validity of these patterns relies on having a representative dataset. As this dissertation shows, the data collected from social media is seldom representative of the activity of the site itself, and less so of human activity. This means that the results of many studies are limited by the quality of data they collect. The finding that social media data is biased inspires the main challenge addressed by this thesis. I introduce three sets of methodologies to correct for bias. First, I design methods to deal with data collection bias. I offer a methodology which can find bias within a social media dataset. This methodology works by comparing the collected data with other sources to find bias in a stream. The dissertation also outlines a data collection strategy which minimizes the amount of bias that will appear in a given dataset. It introduces a crawling strategy which mitigates the amount of bias in the resulting dataset. Second, I introduce a methodology to identify bots and shills within a social media dataset. This directly addresses the concern that the users of a social media site are not representative. Applying these methodologies allows the population under study on a social media site to better match that of the real world. Finally, the dissertation discusses perceptual biases, explains how they affect analysis, and introduces computational approaches to mitigate them. The results of the dissertation allow for the discovery and removal of different levels of bias within a social media dataset. This has important implications for social media mining, namely that the behavioral patterns and insights extracted from social media will be more representative of the populations under study. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2017
49

Understanding Propagation of Malicious Information Online

January 2020 (has links)
abstract: The recent proliferation of online platforms has not only revolutionized the way people communicate and acquire information but has also led to propagation of malicious information (e.g., online human trafficking, spread of misinformation, etc.). Propagation of such information occurs at unprecedented scale that could ultimately pose imminent societal-significant threats to the public. To better understand the behavior and impact of the malicious actors and counter their activity, social media authorities need to deploy certain capabilities to reduce their threats. Due to the large volume of this data and limited manpower, the burden usually falls to automatic approaches to identify these malicious activities. However, this is a subtle task facing online platforms due to several challenges: (1) malicious users have strong incentives to disguise themselves as normal users (e.g., intentional misspellings, camouflaging, etc.), (2) malicious users are high likely to be key users in making harmful messages go viral and thus need to be detected at their early life span to stop their threats from reaching a vast audience, and (3) available data for training automatic approaches for detecting malicious users, are usually either highly imbalanced (i.e., higher number of normal users than malicious users) or comprise insufficient labeled data. To address the above mentioned challenges, in this dissertation I investigate the propagation of online malicious information from two broad perspectives: (1) content posted by users and (2) information cascades formed by resharing mechanisms in social media. More specifically, first, non-parametric and semi-supervised learning algorithms are introduced to discern potential patterns of human trafficking activities that are of high interest to law enforcement. Second, a time-decay causality-based framework is introduced for early detection of “Pathogenic Social Media (PSM)” accounts (e.g., terrorist supporters). Third, due to the lack of sufficient annotated data for training PSM detection approaches, a semi-supervised causal framework is proposed that utilizes causal-related attributes from unlabeled instances to compensate for the lack of enough labeled data. Fourth, a feature-driven approach for PSM detection is introduced that leverages different sets of attributes from users’ causal activities, account-level and content-related information as well as those from URLs shared by users. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020
50

Generická detekce bootkitů / Generic Detection of Bootkits

Gach, Tomáš January 2013 (has links)
This thesis deals with the generic detection of bootkits which are relatively a new kind of malicious sofware falling into the category of rootkits. The definition of malicious software is presented along with several examples. Then the attention is paid to the rootkits in the context of Microsoft Windows operating systems. This section lists several techniques used by rootkits. After that, the ways of preventing and detecting rootkits are mentioned. Bootkits are known for infecting hard disks Master Boot Record (MBR). The structure of the MBR is described along with the example of hard disk partitioning. Afterwards, the processor instruction set is outlined and the disassembly of Windows 7 MBR is given. The rest of the thesis is devoted to a description of the course of operating system bootkit infection, bootkit prevention, analysis of infected MBR samples, and in particular to the design, implementation and testing of the generic MBR infection detector.

Page generated in 0.0159 seconds