Global ETD Search

401	Provendo segurança em redes definidas por software através da integração com sistemas de detecção e prevenção de intrusão Fernandes, Henrique Santos 03 July 2017 (has links) Submitted by Patrícia Cerveira (pcerveira1@gmail.com) on 2017-06-07T20:29:49Z No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Approved for entry into archive by Biblioteca da Escola de Engenharia (bee@ndc.uff.br) on 2017-07-03T14:05:51Z (GMT) No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Made available in DSpace on 2017-07-03T14:05:51Z (GMT). No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Os Sistemas de Detecção e Prevenção de Intrusão são fundamentais para a segurança da rede de computadores, inspecionar o tráfego da rede em tempo real em busca de intrusos para garantir uma rede confiável é um dos seus papéis. Porém a falta de integração com os ativos da rede é um dos principais fatores que limitam sua atuação. O conceito de Redes Definidas por Software visa diminuir a falta de integração entre os ativos de rede devido a separação do plano de dados do plano de controle. Diante da limitação da integração entre os ativos de redes e os Sistemas de Detecção e Prevenção de Intrusão, o presente estudo propõe, desenvolve e demonstra o IDSFlow, um modelo de integração de sistemas de detecção de intrusão em redes definidas por software. Para validar o IDSFlow, foram realizados testes utilizando o Openflow, o Mininet, CPqD e o Snort. Os resultados obtidos pelos algorítimos desenvolvidos e apresentados mostram a capacidade de integração proposta, é possível verificar a viabilidade de utilizar as regras já existentes e funcionais para o Snort assim como utilizar o histórico de utilização da rede para aumentar a efetividade da detecção e dos bloqueios de intrusos. / Intrusion Detection and Prevention Systems are fundamental to the network security, to inspect the traffic in real time seeking intruders to ensure a reliable network is one of it’s roles. However the lack of integration between the network equipments, is one of the biggest factors to limit its operations. The concept of Software Defined Networks aims to reduce the lack of integration among network assets due to the separation of the data plan from the control plan. Given the limitation of integration between networks assets and Intrusion Detection and Prevention Systems, the present study proposes, develops and demonstrates IDSFlow, an integration model of intrusion detection systems in softwaredefined networks. To validate IDSFlow, tests were run using Openflow, Mininet, CPqD and Snort. The results obtained by the algorithms developed and presented show the proposed integration capacity, it is possible to verify the feasibility of using the existing and functional rules for Snort as well as to use the network usage history to increase the effectiveness of intrusion detection and block. SDN Openflow Snort IDS Rede de Computadores IPS NIDS Segurança Análise de tráfego Redes definidas por software Rede de computadores Segurança de dados on-line Fluxo contínuo Sistema de telecomunicação Software defined networks Networks Network Security Security
402	Enhancing security and scalability of Virtual Private LAN Services Liyanage, M. (Madhusanka) 21 November 2016 (has links) Abstract Ethernet based VPLS (Virtual Private LAN Service) is a transparent, protocol independent, multipoint L2VPN (Layer 2 Virtual Private Network) mechanism to interconnect remote customer sites over IP (Internet Protocol) or MPLS (Multiprotocol Label Switching) based provider networks. VPLS networks are now becoming attractive in many Enterprise applications, such as DCI (data center interconnect), voice over IP (VoIP) and videoconferencing services due to their simple, protocol-independent and cost efficient operation. However, these new VPLS applications demand additional requirements, such as elevated security, enhanced scalability, optimum utilization of network resources and further reduction in operational costs. Hence, the motivation of this thesis is to develop secure and scalable VPLS architectures for future communication networks. First, a scalable secure flat-VPLS architecture is proposed based on a Host Identity Protocol (HIP). It contains a session key-based security mechanism and an efficient broadcast mechanism that increase the forwarding and security plane scalability of VPLS networks. Second, a secure hierarchical-VPLS architecture is proposed to achieve control plane scalability. A novel encrypted label-based secure frame forwarding mechanism is designed to transport L2 frames over a hierarchical VPLS network. Third, a novel Distributed Spanning Tree Protocol (DSTP) is designed to maintain a loop free Ethernet network over a VPLS network. With DSTP it is proposed to run a modified STP (Spanning Tree Protocol) instance in each remote segment of the VPLS network. In addition, two Redundancy Identification Mechanisms (RIMs) termed Customer Associated RIMs (CARIM) and Provider Associated RIMs (PARIM) are used to mitigate the impact of invisible loops in the provider network. Lastly, a novel SDN (Software Defined Networking) based VPLS (Soft-VPLS) architecture is designed to overcome tunnel management limitations in legacy secure VPLS architectures. Moreover, three new mechanisms are proposed to improve the performance of legacy tunnel management functions: 1) A dynamic tunnel establishment mechanism, 2) a tunnel resumption mechanism and 3) a fast transmission mechanism. The proposed architecture utilizes a centralized controller to command VPLS tunnel establishment based on real-time network behavior. Hence, the results of the thesis will help for more secure, scalable and efficient system design and development of VPLS networks. It will also help to optimize the utilization of network resources and further reduction in operational costs of future VPLS networks. / Tiivistelmä Ethernet-pohjainen VPLS (Virtual Private LAN Service) on läpinäkyvä, protokollasta riippumaton monipisteverkkomekanismi (Layer 2 Virtual Private Network, L2VPN), jolla yhdistetään asiakkaan etäkohteet IP (Internet Protocol)- tai MPLS (Multiprotocol Label Switching) -yhteyskäytäntöön pohjautuvien palveluntarjoajan verkkojen kautta. VPLS-verkoista on yksinkertaisen protokollasta riippumattoman ja kustannustehokkaan toimintatapansa ansiosta tullut kiinnostavia monien yrityssovellusten kannalta. Tällaisia sovelluksia ovat esimerkiksi DCI (Data Center Interconnect), VoIP (Voice over IP) ja videoneuvottelupalvelut. Uusilta VPLS-sovelluksilta vaaditaan kuitenkin uusia asioita, kuten parempaa tietoturvaa ja skaalautuvuutta, optimaalista verkkoresurssien hyödyntämistä ja käyttökustannusten pienentämistä entisestään. Tämän väitöskirjan tarkoituksena onkin kehittää turvallisia ja skaalautuvia VPLS-arkkitehtuureja tulevaisuuden tietoliikenneverkoille. Ensin väitöskirjassa esitellään skaalautuva ja turvallinen flat-VPLS-arkkitehtuuri, joka perustuu Host Identity Protocol (HIP) -protokollaan. Seuraavaksi käsitellään istuntoavaimiin perustuvaa tietoturvamekanismia ja tehokasta lähetysmekanismia, joka parantaa VPLS-verkkojen edelleenlähetyksen ja tietoturvatason skaalautuvuutta. Tämän jälkeen esitellään turvallinen, hierarkkinen VPLS-arkkitehtuuri, jolla saadaan aikaan ohjaustason skaalautuvuus. Väitöskirjassa kuvataan myös uusi salattu verkkotunnuksiin perustuva tietokehysten edelleenlähetysmekanismi, jolla L2-kehykset siirretään hierarkkisessa VPLS-verkossa. Lisäksi väitöskirjassa ehdotetaan uuden Distributed Spanning Tree Protocol (DSTP) -protokollan käyttämistä vapaan Ethernet-verkkosilmukan ylläpitämiseen VPLS-verkossa. DSTP:n avulla on mahdollista ajaa muokattu STP (Spanning Tree Protocol) -esiintymä jokaisessa VPLS-verkon etäsegmentissä. Väitöskirjassa esitetään myös kaksi Redundancy Identification Mechanism (RIM) -mekanismia, Customer Associated RIM (CARIM) ja Provider Associated RIM (PARIM), joilla pienennetään näkymättömien silmukoiden vaikutusta palveluntarjoajan verkossa. Viimeiseksi ehdotetaan uutta SDN (Software Defined Networking) -pohjaista VPLS-arkkitehtuuria (Soft-VPLS) vanhojen turvallisten VPLS-arkkitehtuurien tunnelinhallintaongelmien poistoon. Näiden lisäksi väitöskirjassa ehdotetaan kolmea uutta mekanismia, joilla voidaan parantaa vanhojen arkkitehtuurien tunnelinhallintatoimintoja: 1) dynaaminen tunnelinluontimekanismi, 2) tunnelin jatkomekanismi ja 3) nopea tiedonsiirtomekanismi. Ehdotetussa arkkitehtuurissa käytetään VPLS-tunnelin luomisen hallintaan keskitettyä ohjainta, joka perustuu reaaliaikaiseen verkon käyttäytymiseen. Tutkimuksen tulokset auttavat suunnittelemaan ja kehittämään turvallisempia, skaalautuvampia ja tehokkaampia VLPS järjestelmiä, sekä auttavat hyödyntämään tehokkaammin verkon resursseja ja madaltamaan verkon operatiivisia kustannuksia. Host Identity Protocol Software Defined Networking Spanning Tree Protocol Virtual Private LAN Services Virtual Private Networks network security scalability Host Identity Protocol Software-defined Networking (SDN) Spanning Tree Protocol VPLS VPN-verkot skaalautuvuus verkon tietoturva
403	Vers une solution de contrôle d’admission sécurisée dans les réseaux mesh sans fil / Towards a secure admission control in a wireless mesh networks Dromard, Juliette 06 December 2013 (has links) Les réseaux mesh sans fil (Wireless Mesh Networks-WMNs) sont des réseaux facilement déployables et à faible coût qui peuvent étendre l’Internet dans des zones où les autres réseaux peuvent difficilement accéder. Cependant, plusieurs problèmes de qualité de service (QoS) et de sécurité freinent le déploiement à grande échelle des WMNs. Dans cette thèse, nous proposons un modèle de contrôle d’admission (CA) et un système de réputation afin d’améliorer les performances du réseau mesh et de le protéger des nœuds malveillants. Notre système de CA vise à assurer la QoS des flux admis dans le réseau en termes de bande passante et de délai tout en maximisant l’utilisation de la capacité du canal. L’idée de notre solution est d’associer au contrôle d’admission une planification de liens afin d’augmenter la bande passante disponible. Nous proposons également un système de réputation ayant pour but de détecter les nœuds malveillants et de limiter les fausses alertes induites par la perte de paquets sur les liens du réseau. L’idée de notre solution est d’utiliser des tests statistiques comparant la perte de paquets sur les liens avec un modèle de perte préétabli. De plus, il comprend un système de surveillance composé de plusieurs modules lui permettant détecter un grand nombre d’attaques. Notre CA et notre système de réputation ont été validés, les résultats montrent qu’ils atteignent tous deux leurs objectifs / Wireless mesh networks (WMNs) are a very attractive new ﬁeld of research. They are low cost, easily deployed and high performance solution to last mile broadband Internet access. However, they have to deal with security and quality of service issues which prevent them from being largely deployed. In order to overcome these problems, we propose in this thesis two solutions: an admission control with links scheduling and a reputation system which detects bad nodes. These solutions have been devised in order to further merge into a secure admission control. Our admission control schedules dynamically the network’s links each time a new flow is accepted in the network. Its goal is to accept only flows which constraints in terms of delay and bandwidth can be respected, increase the network capacity and decrease the packet loss. Our reputation system aims at assigning each node of the network a reputation which value reflects the real behavior of the node. To reach this goal this reputation system is made of a monitoring tool which can watch many types of attacks and consider the packet loss of the network. The evaluations of our solutions show that they both meet their objectives in terms of quality of service and security Contrôle d'admission des connexions Systèmes de communication sans fil Network performance (telecommunication) Wireless communication system Time division multiple access Computer network -- security measures 621 004
404	Zavedení ISMS v malém podniku se zaměřením na ICT infrastrukturu / The Implementation of ISMS in Small Company Focused on ICT Kosek, Jindřich January 2014 (has links) The diploma thesis is focused on the design implementation of information security management system in a small business and is applying theoretical knowledge to real-life situations in a manufacturing company. First of all is performed analysis of current status and the consequent threats which can affect the company's assets. Thereafter are proposed measures based on identified risks and requirements of the owner.
405	Bootstrapping a Private Cloud Deepika Kaushal (9034865) 29 June 2020 (has links) Cloud computing allows on-demand provision, configuration and assignment of computing resources with minimum cost and effort for users and administrators. Managing the physical infrastructure that underlies cloud computing services relies on the need to provision and manage bare-metal computer hardware. Hence there is a need for quick loading of operating systems in bare-metal and virtual machines to service the demands of users. The focus of the study is on developing a technique to load these machines remotely, which is complicated by the fact that the machines can be present in different Ethernet broadcast domains, physically distant from the provisioning server. The use of available bare-metal provisioning frameworks require significant skills and time. Moreover, there is no easily implementable standard method of booting across separate and different Ethernet broadcast domains. This study proposes a new framework to provision bare-metal hardware remotely using layer 2 services in a secure manner. This framework is a composition of existing tools that can be assembled to build the framework. Distributed Computing Operating Systems Data Encryption Networking and Communications Computer Communications Networks Data Communications Networking Cloud Computing Booting Operating System Virtual Machines Network Security Private Cloud Remote Booting Caching Vagrant Bare metal Infrastructure as Code
406	Utvärdering av den upplevda användbarheten hos CySeMoL och EAAT med hjälp av ramverk för ändamålet och ISO/IEC 25010:2011 Frost, Per January 2013 (has links) This report describes a study aimed at uncovering flaws and finding potential improvements from when the modelling tool EAAT is used in conjunction with the modelling language CySeMoL. The study was performed by developing a framework and applying it on CySeMoL and EAAT in real life context networks. The framework was developed in order to increase the number of flaws uncovered as well as gather potential improvements to both EAAT and CySeMoL. The basis of the framework is a modified version of the Quality in use model from ISO/IEC 25010:2011 standard. Upon the characteristics and sub characteristics of this modified model different values for measuring usability where attached. The purpose of these values is to measure usability from the perspectives of both creating and interpreting models. Furthermore these values are based on several different sources on how to measure usability. The complete contents of the framework and the underlying ideas, upon which the framework is based, are presented in this report. The framework in this study was designed in order to enable it to be used universally with any modelling language in conjunction with a modelling tool. Its design is also not limited to the field of computer security and computer networks, although that is the intended context of CySeMoL as well as the context described in this report. However, utilization outside the intended area of usage will most likely require some modifications, in order to work in a fully satisfying. Several flaws where uncovered regarding the usability of CySeMoL and EAAT, but this is also accompanied by several recommendations on how to improve both CySeMoL and EAAT. Because of the outline of the framework, the most severe flaws have been identified and recommendations on how to rectify these shortcomings have been suggested. Enterprise Architecture Model Measurement Model usability Usability Framework Computer Network Network Security Security Analysis Meta Model Analysis Model Interpretability Quality in Use Elektroteknik och elektronik
407	Utvärdering av nätverkssäkerheten på J Bil AB / Evaluation of the network security at J Bil AB Ahmed, Olfet, Saman, Nawar January 2013 (has links) Detta examensarbete är en utvärdering av nätverkssäkerheten hos J BiL AB, både på social och teknisk nivå. Företaget är beroende av säkra Internet-anslutningar för att nå externa tjänster och interna servrar lokaliserade på olika geografiska platser. Företaget har ingen IT-ansvarig som aktivt underhåller och övervakar nätverket, utan konsulterar ett externt dataföretag. Syftet med examensarbetet är att utvärdera säkerheten, upptäcka brister, ge förbättringsförslag och till viss del implementera lösningar. För att undersöka säkerheten har observationer och intervjuer med personalen gjorts och ett flertal attacker mot nätverket har utförts. Utifrån den data som samlats in kunde slutsatsen dras att företaget har brister vad gäller IT-säkerheten. Framförallt den sociala säkerheten visade sig ha stora luckor vilket till stor del beror på att de anställda varken har blivit utbildade eller fått någon information om hur de ska hantera lösenord, datorer och IT-frågor i allmänt. Förbättringsförslag har getts och viss implementation har genomförts för att eliminera bristerna. De anställda har även med hjälp av en IT-policy och föreläsning blivit utbildade i hur de ska agera och tänka kring IT-relaterade säkerhetsfrågor. / The aim of this project is to evaluate the network security at J Bil AB. The focus will be on both social and technical issues. For the employees to be able to con-nect to remote servers and external services and perform their daily work tasks, secure connections is needed. J Bil Ab has no IT manager who actively maintains and monitors the network; rather they consult a computer company when changes and implementations are required. The projects’ goal is to identify gaps, come up with suggestions for improvement and to some extent implement so-lutions. To do this, an observation of the employees hav been made, an inter-view have been held, and several attacks on the network have been performed. Based on the data collected, it was concluded that the company has shortcom-ings in IT security. Above all, the social security appeared to have major gaps in it and that is mainly because the lack of knowledge among the employees and they have never been informed of how to manage their passwords, computers and IT issues in general. Suggestions for improvement have been given and some implementations have been performed to eliminate the deficiencies. Network security brute-force attack dictionary attack encryption VPN wirelsess networks servers phishing IT Policies Säkerhet social säkerhet brute force ordboksattack kryptering trådlösa nätverk servrar VPN IT-policy phishing Computer Engineering Datorteknik
408	Bayesian Reinforcement Learning Methods for Network Intrusion Prevention Nesti Lopes, Antonio Frederico January 2021 (has links) A growing problem in network security stems from the fact that both attack methods and target systems constantly evolve. This problem makes it difficult for human operators to keep up and manage the security problem. To deal with this challenge, a promising approach is to use reinforcement learning to adapt security policies to a changing environment. However, a drawback of this approach is that traditional reinforcement learning methods require a large amount of data in order to learn effective policies, which can be both costly and difficult to obtain. To address this problem, this thesis investigates ways to incorporate prior knowledge in learning systems for network security. Our goal is to be able to learn security policies with less data compared to traditional reinforcement learning algorithms. To investigate this question, we take a Bayesian approach and consider Bayesian reinforcement learning methods as a complement to current algorithms in reinforcement learning. Specifically, in this work, we study the following algorithms: Bayesian Q-learning, Bayesian REINFORCE, and Bayesian Actor-Critic. To evaluate our approach, we have implemented the mentioned algorithms and techniques and applied them to different simulation scenarios of intrusion prevention. Our results demonstrate that the Bayesian reinforcement learning algorithms are able to learn more efficiently compared to their non-Bayesian counterparts but that the Bayesian approach is more computationally demanding. Further, we find that the choice of prior and the kernel function have a large impact on the performance of the algorithms. / Ett växande problem inom cybersäkerhet är att både attackmetoder samt system är i en konstant förändring och utveckling: å ena sidan så blir attackmetoder mer och mer sofistikerade, och å andra sidan så utvecklas system via innovationer samt uppgraderingar. Detta problem gör det svårt för mänskliga operatörer att hantera säkerhetsproblemet. En lovande metod för att hantera denna utmaning är förstärkningslärande. Med förstärkningslärande kan en autonom agent automatiskt lära sig att anpassa säkerhetsstrategier till en föränderlig miljö. En utmaning med detta tillvägagångsätt är dock att traditionella förstärkningsinlärningsmetoder kräver en stor mängd data för att lära sig effektiva strategier, vilket kan vara både kostsamt och svårt att erskaffa. För att lösa detta problem så undersöker denna avhandling Bayesiska metoder för att inkorporera förkunskaper i inlärningsalgoritmen, vilket kan möjliggöra lärande med mindre data. Specifikt så studerar vi följande Bayesiska algoritmer: Bayesian Q-learning, Bayesian REINFORCE och Bayesian Actor- Critic. För att utvärdera vårt tillvägagångssätt har vi implementerat de nämnda algoritmerna och utvärderat deras prestanda i olika simuleringsscenarier för intrångsförebyggande samt analyserat deras komplexitet. Våra resultat visar att de Bayesiska förstärkningsinlärningsalgoritmerna kan användas för att lära sig strategier med mindre data än vad som kravs vid användande av icke-Bayesiska motsvarigheter, men att den Bayesiska metoden är mer beräkningskrävande. Vidare finner vi att metoden för att inkorporera förkunskap i inlärningsalgoritmen, samt val av kernelfunktion, har stor inverkan på algoritmernas prestanda. Network Security Reinforcement Learning Bayesian Q-Learning Bayesian Policy Gradient Bayesian Actor-Critic Markov Security Games Nätverkssäkerhet förstärkningslärande Bayesian Q-Learning Bayesian Policy Gradient Bayesian Actor-Critic Markov Security Games Computer and Information Sciences Data- och informationsvetenskap
409	MPLS-based mitigation technique to handle cyber attacks / Technique de mitigation des cyber-attaques basée sur MPLS Hachem, Nabil 04 July 2014 (has links) Les cyber-attaques pourraient engendrer des pertes qui sont de plus en plus importantes pour les utilisateurs finaux et les fournisseurs de service. Ces attaques sont, en outre, élevées par une myriade des ressources infectées et comptent surtout sur les réseaux pour être contrôlées, se propager ou endommager. Face à ces risques, il y a un besoin essentiel qui se manifeste dans la réponse à ces nombreuses attaques par des stratégies de défense efficaces. Malgré les multitudes efforts dévouées pour mettre en œuvre des techniques de défense complètes afin de se protéger contre les attaques réseaux; les approches proposées n’ont pas parvenus à satisfaire toutes les exigences. Les stratégies de défense impliquent un processus de détection complété par des actions de mitigation. Parallèlement à l’importance accordée à la conception des stratégies de détection, il est essentiel de fermer la boucle de sécurité avec des techniques efficaces permettant d’atténuer les impacts des différentes attaques. Dans cette thèse, nous proposons une technique pour réagir aux attaques qui abusent les ressources du réseau, par exemple, DDoS, botnet, distribution des vers, etc. La technique proposée s’appuie sur des approches de gestion du trafic et utilise le standard Multiprotocol Label Switching (MPLS) pour gérer le trafic diagnostiqué comme abusant du réseau, tout en invoquant les processus de détection. Les objectifs de notre technique peuvent être résumés comme suit: d’une part, fournir les moyens — par la qualité de service et schémas de routage — à séparer les flux suspects des légitimes, et d’autre part de prendre le contrôle des flux suspects. Nous bénéficions de l’extension du MPLS au niveau d’inter-domaine pour permettre une coopération entre les fournisseurs, permettant par suite la construction d’un mécanisme de défense à grande échelle. Nous développons un système afin de compléter les aspects de gestion de la technique proposée. Ce système effectue plusieurs tâches telles que l’extraction de données d’alerte, l’adaptation de la stratégie et la configuration des équipements. Nous modélisons le système en utilisant une approche de regroupement et un langage de politiques de sécurité afin de gérer de manière cohérente et automatique le contexte et l’environnement dans lequel la technique de mitigation est exécutée. Enfin, nous montrons l’applicabilité de la technique et du système à travers des différentes simulations tout en évaluant la qualité de service dans des réseaux MPLS. L’application de la technique a démontré son efficacité dans non seulement la mitigation des impacts des attaques mais aussi dans l’offre des avantages financiers aux acteurs de la chaîne de sécurité, à savoir les fournisseurs de service / Cyber attacks cause considerable losses not only for end-users but also service providers. They are fostered by myriad of infected resources and mostly rely on network resources for whether propagating, controlling or damaging. There is an essential need to address these numerous attacks by efficient defence strategies. Researchers have dedicated large resources without reaching a comprehensive method to protect from network attacks. Defence strategies involve first a detection process, completed by mitigation actions. Research on detection is more active than on mitigation. Yet, it is crucial to close the security loop with efficient technique to mitigate counter attacks and their effects. In this thesis, we propose a novel technique to react to attacks that misuse network resources, e.g., DDoS, Botnet, worm spreading, etc. Our technique is built upon network traffic management techniques. We use the Multiprotocol Label Switching (MPLS) technology to manage the traffic diagnosed to be part of a network misuse by detection processes. The goals of our technique can be summarized as follows: first to provide the means — via QoS and routing schemes — to segregate the suspicious flows from the legitimate traffic; and second, to take control over suspicious flows. We profit from the enhancement on the inter-domain MPLS to permit a cooperation among providers building a large-scale defence mechanism. We develop a system to complete the management aspects of the proposed technique. This system performs tasks such as alert data extraction, strategy adaptation and equipments configurations. We model the system using a clustering method and a policy language in order to consistently and automatically manage the mitigation context and environment in which the proposed technique is running. Finally, we show the applicability of the technique and the system through simulation. We evaluate and analyse the QoS and financial impacts inside MPLS networks. The application of the technique demonstrates its effectiveness and reliability in not only alleviating attacks but also providing financial benefits for the different players in the mitigation chain, i.e., service providers Sécurité des réseaux Cybersécurité Cyberdéfense MPLS Qualité de service (QoS) Réponses aux attaques Gestion du trafic réseau Gestion des politiques de sécurité Network security Cyber security Cyber defence MPLS QoS (Quality of Service) Attacks responses Network traffic management Policy-based management
410	Detection of attacks against cyber-physical industrial systems / Détection des attaques contre les systèmes cyber-physiques industriels Rubio Hernan, Jose Manuel 18 July 2017 (has links) Nous abordons des problèmes de sécurité dans des systèmes cyber-physiques industriels. Les attaques contre ces systèmes doivent être traitées à la fois en matière de sûreté et de sécurité. Les technologies de contrôles imposés par les normes industrielles, couvrent déjà la sûreté. Cependant, du point de vue de la sécurité, la littérature a prouvé que l’utilisation de techniques cyber pour traiter la sécurité de ces systèmes n’est pas suffisante, car les actions physiques malveillantes seront ignorées. Pour cette raison, on a besoin de mécanismes pour protéger les deux couches à la fois. Certains auteurs ont traité des attaques de rejeu et d’intégrité en utilisant une attestation physique, p. ex., le tatouage des paramètres physiques du système. Néanmoins, ces détecteurs fonctionnent correctement uniquement si les adversaires n’ont pas assez de connaissances pour tromper les deux couches. Cette thèse porte sur les limites mentionnées ci-dessus. Nous commençons en testant l’efficacité d’un détecteur qui utilise une signature stationnaire afin de détecter des actions malveillantes. Nous montrons que ce détecteur est incapable d’identifier les adversaires cyber-physiques qui tentent de connaître la dynamique du système. Nous analysons son ratio de détection sous la présence de nouveaux adversaires capables de déduire la dynamique du système. Nous revisitons le design original, en utilisant une signature non stationnaire, afin de gérer les adversaires visant à échapper à la détection. Nous proposons également une nouvelle approche qui combine des stratégies de contrôle et de communication. Toutes les solutions son validées à l’aide de simulations et maquettes d’entraînement / We address security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not enough, since physical malicious actions are ignored. For this reason, cyber-physical systems have to be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes, f.i., physical watermarking to ensure the truthfulness of the process. However, these detectors work properly only if the adversaries do not have enough knowledge to mislead crosslayer data. This thesis focuses on the aforementioned limitations. It starts by testing the effectiveness of a stationary watermark-based fault detector, to detect, as well, malicious actions produced by adversaries. We show that the stationary watermark-based detector is unable to identify cyber-physical adversaries. We show that the approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection performance of the original design under the presence of adversaries that infer the system dynamics to evade detection. We revisit the original design, using a non-stationary watermark-based design, to handle those adversaries. We also propose a novel approach that combines control and communication strategies. We validate our solutions using numeric simulations and training cyber-physical testbeds Sécurité cyber-physique Théorie du contrôle Sécurité du réseau Systèmes contrôlés via un réseau Infrastructures critiques Détection d’attaques Modèle d’adversaire Adversaire cyber-physique Cyber-physical security Control theory Network security Networked-control system Critical infrastructures Attack detection Adversary model Cyber-physical adversary

Search results