Global ETD Search

341	AGENTES INTELIGENTES PARA DETECÇÃO DE INTRUSOS EM REDES DE COMPUTADORES / AGENTS FOR INTELLIGENT DETECTION OF INTRUSOS IN NETWORKS COMPUTERS Lima, Christiane Ferreira Lemos 10 May 2002 (has links) Made available in DSpace on 2016-08-17T14:52:45Z (GMT). No. of bitstreams: 1 Cristiane Lima.pdf: 1837914 bytes, checksum: acce166dfcbb2c425c7249c9bd06c29d (MD5) Previous issue date: 2002-05-10 / Recently, the interest for advanced techniques for network intrusion detection have been increased for protecting important information in computational environment. This research work presents a proposal of a new network intrusion detection system based on a society of intelligent agents whose reasoning are aupported by neural network paradigms, named NIDIA (Network Intrusion Detection System based on Intelligent Agents). A computational implementation has been carried out for the network and host sensors for dealing with task of capturing packets related to suspicious connections or abnormal behaviors within critical hosts. / Técnicas avançadas de detecção de intrusos em redes de computadores tornam-se cada vez mais importantes para prevenir abusos e proteger informações no ambiente. Esta dissertação apresenta uma proposta de um sistema de detecção de intrusos em redes de computadores, baseado na noção de sociedade de agentes inteligentes e redes neurais, denominado NIDIA. Uma implementação computacional é feita dos agentes sensores de rede e de host para realizar a tarefa de captura de pacotes associados às conexões suspeitas ou comportamentos anormais em servidores críticos. detecção de intrusos segurança de redes de computadores sistemas multiagentes redes neurais network intrusion detection network security multi-agents systems neural networks
342	SAMARA SOCIEDADE DE AGENTES PARA A MONITORAÇÃO DE ATAQUES E RESPOSTAS AUTOMATIZADAS / SAMARA SOCIETY OF AGENTS FOR THE MONITORING OF ATTACKS AND AUTOMATIZED ANSWERS OLIVEIRA, Antonio Alfredo Pires 17 June 2005 (has links) Made available in DSpace on 2016-08-17T14:52:58Z (GMT). No. of bitstreams: 1 Antonio Alfredo Pires Oliveira.pdf: 8225871 bytes, checksum: c2e6155a7365443f49c0172bf39c5dac (MD5) Previous issue date: 2005-06-17 / The traditional security techniques applied in computer networks try to block attacks (using firewalls) or to detect them as soon as they happen (using Intrusion Detection Systems). Both are of recognized value, however, they have limitations. In that sense, there is to innovate as for techniques and defense tactics, as well as the tools and technologies that complement the traditional mechanisms applied in network and computer security. One of these solutions have been using honeypots (networks traps) to collect information, motives, tactics and tools used in malicious network activities and distributed systems. This research work introduce an architecture for automated incident response, called SAMARA, based on honeypots and intelligent agents, created to support the functional requisites of decoy server and honeynet agents proposed for NIDIA Project Network Intrusion Detection System based on Intelligent Agents [18], but that can be adjust to others detection, prevention and reaction approaches of security incidents in network and distributed systems. / As técnicas tradicionais de segurança aplicadas em redes de computadores tentam bloquear ataques (utilizando firewalls) ou detectá- los assim que eles ocorrem (utilizando Sistemas de Detecção de Intrusos). Ambas são de reconhecido valor, porém, têm seus limites. Nesse sentido, há que se inovar em relação às técnicas e táticas de defesas, bem como em ferramentas e tecnologias que complementem os mecanismos tradicionais aplicados em segurança de redes e computadores. Uma dessas soluções tem sido o uso de honeypots (armadilhas de redes) na coleta de informações, motivos, táticas e ferramentas utilizadas em atividades maliciosas em redes e sistemas distribuídos. Este trabalho introduz a arquitetura de respostas automatizadas a incidentes de segurança, denominada SAMARA, que é baseada em honeypots e agentes inteligentes, concebida para atender os requisitos funcionais dos agentes decoy server e honeynet propostos para o Projeto NIDIA Network Intrusion Detection System based on Intelligent Agents [18], mas que pode se ajustar a outras abordagens de detecção e prevenção e reação a incidentes de segurança em redes e sistemas distribuídos. Segurança de Redes Armadilhas de Redes Honeypots Honeynet Agentes Inteligentes Network Security Network Traps Honeypots Honeynet Intelligent Agents
343	PROPOSTA DE ATUALIZAÇÃO AUTOMÁTICA DOS SISTEMAS DE DETECÇÃO DE INTRUSÃO POR MEIO DE WEB SERVICES / PROPOSAL OF AUTOMATIC UPDATE OF THE DETECTION SYSTEMS OF INTRUSION BY MEANS OF WEB SERVICES PESTANA JÚNIOR, Fernando Augusto 09 December 2005 (has links) Made available in DSpace on 2016-08-17T14:53:00Z (GMT). No. of bitstreams: 1 Fernando Augusto Pestana Junior.pdf: 2112146 bytes, checksum: 3755fc62c38bddc947e01ff9a28f74a9 (MD5) Previous issue date: 2005-12-09 / The security of computer networks is indispensable for its administrators. Intrusion Detection Systems (IDSs) can increase their security but is very important to update them constantly. This research work proposes a model for sharing information between Computer Security Incident Response Teams (CSIRTs) and IDSs, aiming the achievement of an automatic update of the IDSs response actions data base, based on restrictive short-term measures suggested in security alerts issued by CSIRTs. This model is based on Web services and Extensible Markup Language (XML) technologies. It is also presented a multiagent architecture based on information retrieval and filtering techniques, designed to automatically maintain the IDSs attacks signatures mechanism up-to-date. / A segurança das redes de computadores é imprescindível para seus administradores. Os Sistemas de Detecção de Intrusão (SDIs) podem torná-las mais seguras, entretanto é imperativo que esses sistemas estejam em constante atualização para desempenhar sua função de forma satisfatória. Esta dissertação propõe um modelo de compartilhamento de informações entre Grupos de Resposta a Incidentes de Segurança em Computadores, geralmente conhecidos como CSIRTs (do inglês "Computer Security Incident Response Team") e SDIs objetivando a atualização automática do conjunto de ações de resposta a intrusões dos SDIs. Essa atualização será feita com base nas medidas restritivas de curto prazo sugeridas nos alertas de segurança emitidos pelos CSIRTs. Esse modelo é baseado nas tecnologias de Web services e da Extensible Markup Language (XML). Também é proposta uma arquitetura multiagente, baseada nas técnicas de recuperação e filtragem de informação, que tem como objetivo manter o mecanismo de detecção de ataques dos SDIs atualizados de forma automática. Segurança de Redes Detecção de Intrusos Web services Recuperação Filtragem de Informação Network Security Intrusion Detection Web services Information Retrieval and Filtering
344	Network security monitoring and anomaly detection in industrial control system networks Mantere, M. (Matti) 19 May 2015 (has links) Abstract Industrial control system (ICS) networks used to be isolated environments, typically separated by physical air gaps from the wider area networks. This situation has been changing and the change has brought with it new cybersecurity issues. The process has also exacerbated existing problems that were previously less exposed due to the systems’ relative isolation. This process of increasing connectivity between devices, systems and persons can be seen as part of a paradigm shift called the Internet of Things (IoT). This change is progressing and the industry actors need to take it into account when working to improve the cybersecurity of ICS environments and thus their reliability. Ensuring that proper security processes and mechanisms are being implemented and enforced on the ICS network level is an important part of the general security posture of any given industrial actor. Network security and the detection of intrusions and anomalies in the context of ICS networks are the main high-level research foci of this thesis. These issues are investigated through work on machine learning (ML) based anomaly detection (AD). Potentially suitable features, approaches and algorithms for implementing a network anomaly detection system for use in ICS environments are investigated. After investigating the challenges, different approaches and methods, a proof-ofconcept (PoC) was implemented. The PoC implementation is built on top of the Bro network security monitoring framework (Bro) for testing the selected approach and tools. In the PoC, a Self-Organizing Map (SOM) algorithm is implemented using Bro scripting language to demonstrate the feasibility of using Bro as a base system. The implemented approach also represents a minimal case of event-driven machine learning anomaly detection (EMLAD) concept conceived during the research. The contributions of this thesis are as follows: a set of potential features for use in machine learning anomaly detection, proof of the feasibility of the machine learning approach in ICS network setting, a concept for event-driven machine learning anomaly detection, a design and initial implementation of user configurable and extendable machine learning anomaly detection framework for ICS networks. / Tiivistelmä Kehittyneet yhteiskunnat käyttävät teollisuuslaitoksissaan ja infrastruktuuriensa operoinnissa monimuotoisia automaatiojärjestelmiä. Näiden automaatiojärjestelmien tieto- ja kyberturvallisuuden tila on hyvin vaihtelevaa. Laitokset ja niiden hyödyntämät järjestelmät voivat edustaa usean eri aikakauden tekniikkaa ja sisältää useiden eri aikakauden heikkouksia ja haavoittuvaisuuksia. Järjestelmät olivat aiemmin suhteellisen eristyksissä muista tietoverkoista kuin omista kommunikaatioväylistään. Tämä automaatiojärjestelmien eristyneisyyden heikkeneminen on luonut uuden joukon uhkia paljastamalla niiden kommunikaatiorajapintoja ympäröivälle maailmalle. Nämä verkkoympäristöt ovat kuitenkin edelleen verrattaen eristyneitä ja tätä ominaisuutta voidaan hyödyntää niiden valvonnassa. Tässä työssä esitetään tutkimustuloksia näiden verkkojen turvallisuuden valvomisesta erityisesti poikkeamien havainnoinnilla käyttäen hyväksi koneoppimismenetelmiä. Alkuvaiheen haasteiden ja erityispiirteiden tutkimuksen jälkeen työssä käytetään itsejärjestyvien karttojen (Self-Organizing Map, SOM) algoritmia esimerkkiratkaisun toteutuksessa uuden konseptin havainnollistamiseksi. Tämä uusi konsepti on tapahtumapohjainen koneoppiva poikkeamien havainnointi (Event-Driven Machine Learning Anomaly Detection, EMLAD). Työn kontribuutiot ovat seuraavat, kaikki teollisuusautomaatioverkkojen kontekstissa: ehdotus yhdeksi anomalioiden havainnoinnissa käytettävien ominaisuuksien ryhmäksi, koneoppivan poikkeamien havainnoinnin käyttökelpoisuuden toteaminen, laajennettava ja joustava esimerkkitoteutus uudesta EMLAD-konseptista toteutettuna Bro NSM työkalun ohjelmointikielellä. anomaly detection cybersecurity industrial control system security information security intrusion detection machine learning network security automaatiojärjestelmien turvallisuus koneoppiminen kyberturvallisuus poikkeamien havainnointi tietoturva tunkeutumisen havainnointi
345	New cryptanalysis and modelling for wireless networking Alzaabi, Mohamed Abdulla Hasan Saif January 2015 (has links) High data rates and interoperability of vender devices have made WiMAX a prime desire for use worldwide. WiMAX is based on the IEEE 802.16 standard. IEEE 802.16a, b, c & d versions were updated within three years of the first launch of WiMAX. However, during those early years reports were published that highlighted the security weaknesses of the standard. These weaknesses prompted the IEEE to issue a new version, 802.16e to tackle the security issues. Despite this security enhancement, WiMAX remains vulnerable. This research project looks at the vulnerability of WiMAX 802.16e Subscriber Station/Mobile Station authentication at the initial entry and proposes approaches to the prevention of Denial of Service (DoS) attacks at this point in order to secure the Media Access Control (MAC) layer from such threats. A new protocol has been designed and developed to provide confidentiality, authentication and integrity to WiMAX users. This new protocol is integrated with Z algorithm (an algorithm described later in this paper) to provide: • Confidentiality of management messages • Message Authentication code • ID to provide for message integrity and user authentication. A simulation package was also required, to prove that a linear load of DoS attack would disable or exhaust the capacity of the base station of a WiMAX network, as well as providing other simulation functions. The freely available simulation tool NIST (NIST IPSec (Internet Protocol Security) and IKE (Internet Key Exchange) Simulation) is oriented towards fixed network communications (NIIST, 2003). There are no other relevant simulation tools; hence the purpose of this research project is to develop a new tool to simulate WiMAX security vulnerabilities and test the new protocol. 004.6
346	Un système de médiation distribué pour l'e-santé et l'épidémiologie / A shared mediation system for E-health and epidemiology Cipière, Sébastien 12 July 2016 (has links) À ce jour, les mesures de risque des cancers ou d’efficacité de leur suivi, se font à partir de recueils de données médicales spécifiques initiés par les médecins épidémiologistes. Ces recueils disposent néanmoins de certaines limites : perte d’information, biais de déclaration, absence de données pour un risque non connu, biais de mesure (par exemple pour les données de nature médico-économiques). Le partage sécurisé de données médicales entre différentes structures médicales publiques et/ou privées est à ce jour en pleine mutation technologique. Les technologies proposées doivent rendre possible un partage électronique et sécurisé de ces données de manière à les rendre disponible à tout instant dans le cadre de l’observation sanitaire à l’évaluation de prises en charge ou de politiques de santé. Pour répondre à ces besoins, l’infrastructure GINSENG se base sur des informations produites dans le cadre des soins, sans nouvelles modalités de recueil, permettant à la fois une vitesse d’accès à l’information et une exhaustivité accrue. Ce recueil se fait par ailleurs avec de meilleures garanties d’anonymat et un chaînage de l’information médicale pour chaque patient. Une autorisation de la CNIL a été octroyée à l’infrastructure informatique du projet ainsi qu’à son utilisation pour le suivi des cancers en octobre 2013. Depuis le portail web e-ginseng.com, les médecins habilités s’authentifient grâce à leur Carte de Professionnel de Santé (CPS). Chaque patient, dont les données médicales sont réparties dans les établissements de santé, est identifié avec son accord, par les attributs suivants : nom, prénom, année et mois de naissance ainsi que son code postal de résidence avant d’être assigné à un numéro d’identification unique et anonyme. La mise à jour des données médicales de chaque patient est réalisée une fois par semaine ; chaque médecin peut alors consulter toutes les informations médicales relatives à chaque patient par une simple connexion au réseau. Ces informations lui apparaissent sous forme d’une arborescence d’évènements médicaux. Par exemple, un médecin chargé du suivi des patients dans le cadre du dépistage organisé pourra accéder directement depuis le portail web aux informations médicales dont il aura besoin pour établir une fiche médicale exhaustive du parcours du patient pour lequel un cancer aurait été détecté ou bien une suspicion de cancer qui se serait avérée négative suite à plusieurs examens médicaux. Un médecin épidémiologiste peut également réaliser des requêtes statistiques d’envergure sur les données médicales afin de répondre à des questions d’intérêt en santé publique. Pour aller plus loin, les requêtes épidémiologiques lancées sur les données médicales peuvent être couplées à des informations d’utilité publique recueillies sur d’autres bases de données en accès libre sur internet. L’infrastructure informatique GINSENG est actuellement déployée pour le suivi des cancers en région Auvergne entre les structures de gestion du dépistage organisé du cancer (SGDO) et le cabinet d’anatomie et cytologie pathologiques (ACP) Sipath-Unilabs. Le recours à un hébergeur de données de santé (HADS), nommé Informatique de sécurité (IDS), est également proposé pour le stockage des informations confidentielles des patients. Cette infrastructure permet actuellement de collecter toutes les informations médicales d’intérêt pour le suivi des cancers et l’évaluation des pratiques médicales. Les équipes de bio-statistiques et de santé publique du CHU de Clermont-Ferrand établissent actuellement les analyses épidémiologiques d’intérêt à partir des données collectées par le réseau. / The implementation of a grid network to support large-scale epidemiology analysis (based on distributed medical data sources) and medical data sharing require medical data integration and semantic alignment. In this thesis, we present the GINSENG (Global Initiative for Sentinel eHealth Network on Grid) network that federates existing Electronic Health Records through a rich metamodel (FedEHR), a semantic data model (SemEHR) and distributed query toolkits. A query interface based on the VIP platform, and available through the e-ginseng.com web portal helps medical end-users in the design of epidemiological studies and the retrieval of relevant medical data sets. E-Santé Données médicales distribuées Épidémiologie Architecture de grille Identification des patients Réseau sécurisé Cancérologie E-health Distributed medical data Epidemiology Distributed grid framework Record linkage Network security Oncology
347	Monitorování bezpečnosti firemní počítačové sítě / Company network security monitoring Kališ, Martin January 2009 (has links) Main focus of this work is on computer network security monitoring. In first part basic definitions for the area are formed and it also offers different ways to encompass monitoring into company security. Next part defines main functions of monitoring systems and provides guidelines for its implementation in organization. Practical part consists of defining key conditions for selection of monitoring solution and it also applies them when comparing several products available on the market. Then it presents author's view on future trends and development in this area based on facts from previous chapters. Whole work provides complete approach to security monitoring and offers definition of all key concepts and competencies for monitoring systems.
348	Modeling Security and Cooperation in Wireless Networks Using Game Theory Kamhoua, Charles A. K. 27 May 2011 (has links) This research involves the design, development, and theoretical demonstration of models resulting in integrated misbehavior resolution protocols for ad hoc networked devices. Game theory was used to analyze strategic interaction among independent devices with conflicting interests. Packet forwarding at the routing layer of autonomous ad hoc networks was investigated. Unlike existing reputation based or payment schemes, this model is based on repeated interactions. To enforce cooperation, a community enforcement mechanism was used, whereby selfish nodes that drop packets were punished not only by the victim, but also by all nodes in the network. Then, a stochastic packet forwarding game strategy was introduced. Our solution relaxed the uniform traffic demand that was pervasive in other works. To address the concerns of imperfect private monitoring in resource aware ad hoc networks, a belief-free equilibrium scheme was developed that reduces the impact of noise in cooperation. This scheme also eliminated the need to infer the private history of other nodes. Moreover, it simplified the computation of an optimal strategy. The belief-free approach reduced the node overhead and was easily tractable. Hence it made the system operation feasible. Motivated by the versatile nature of evolutionary game theory, the assumption of a rational node is relaxed, leading to the development of a framework for mitigating routing selfishness and misbehavior in Multi hop networks. This is accomplished by setting nodes to play a fixed strategy rather than independently choosing a rational strategy. A range of simulations was carried out that showed improved cooperation between selfish nodes when compared to older results. Cooperation among ad hoc nodes can also protect a network from malicious attacks. In the absence of a central trusted entity, many security mechanisms and privacy protections require cooperation among ad hoc nodes to protect a network from malicious attacks. Therefore, using game theory and evolutionary game theory, a mathematical framework has been developed that explores trust mechanisms to achieve security in the network. This framework is one of the first steps towards the synthesis of an integrated solution that demonstrates that security solely depends on the initial trust level that nodes have for each other. Wireless network Ad hoc network Wireless sensor network Telecommunication Cooperation Game theory Evolutionary game theory Network security Trust Prisoner's dilemma game
349	Datově úsporné zabezpečení cloudových úložišť / Data-efficient security of cloud storages Elis, Martin January 2016 (has links) This work is focused on problematics of a cloud solution, especially on its security side. It describes the current security trends and approaches used by security engineers when creating sophisticated designs of secure cloud systems. As part of it there is a risk analysis and an overview of the most common types of attacks led against the cloud solutions. Also, this document deals with the possibilities, principles, advantages and negatives of different types of cloud distributions. Another text deals with the usual methods used for accessing the cloud. This thesis contains author’s own design of possible realization. In the next part of the document, process of building a safe cloud data storage is described together with principles of ensuring its security. In the conclusion, the author focuses on comparison of cryptographic algorithms and their behavior depending on the length of a used keys.
350	Analys av datakommunikationssäkerhet för VoIP-protokoll / Analysis of data communications security for VoIP protocols Boongerd, Sanhawad, Lindstein, Fredrik January 2012 (has links) Voice over IP (VoIP) is a relatively new technology that enables voice calls over data networks.With VoIP it is possible to lower expenses, and increase functionality and flexibility. FromSwedish Armed Forces point of view, the security issue is of great importance, why the focus inthis report is on the security aspect of the two most common open-source VoIP-protocols H.323and SIP, some of the most common attacks, and counter-measures for those attacks.Because of the level of complexity with a network running H.323 or SIP, and the fact that it hasyet to stand the same level of trial as of traditional telephony, a VoIP-system includes manyknown security-issues, and probably at present many unknown security flaws. The conclusion is that it takes great knowledge and insight about a VoIP-network based onH.323 or SIP to make the network satisfyingly safe as it is today, and is therefore perhaps not asuitable solution for the Swedish Armed Forces today for their more sensitive communications. / Voice over IP (VoIP) är en datakommunkationsteknik som möjliggör röstsamtal överdatanätverk. Med VoIP är det möjligt att sänka kostnader, utöka funktionalitet och flexibilitet.Från Försvarsmaktens perspektiv är säkerhetsfrågan med VoIP av stor vikt, därför läggs speciellfokus för denna rapport på säkerhetsaspekten av de två största öppna VoIP-protokollen H.323och SIP, några av de vanligaste attackerna, och åtgärder mot dessa attacker. Eftersom uppbyggnaden av ett H.323- eller SIP-baserat nätverk är komplext och inte allsbeprövat i samma utsträckning som traditionell telefoni, innehåller det många kända säkerhetshåloch förmodligen för närvarande många okända säkerhetsbrister. Slutsatsen är att det krävs mycket stor kunskap och insikt hur ett VoIP-nätverk baserat på H.323eller SIP fungerar för att göra nätverket tillräckligt säkert i nuläget, vilket gör det till en tveksamttillfredställande lösning för Försvarsmakten idag för deras kommunikation av känsligare slag. Swedish Armed Forces Voice over IP H.323 SIP network security and countermeasures voice and video communication. Försvarsmakten Voice over IP H.323 SIP säkerhetsrisker och -åtgärder röst och videokommunikation. Telecommunications Telekommunikation

Search results