Global ETD Search

1	Deployment of Low Interaction Honeypots in University Campus Network Chairetakis, Eleftherios, Alkudhir, Bassam, Mystridis, Panagiotis January 2013 (has links) Large scale networks face daily thousands of network attacks. No matter the strength of the existing security defending mechanisms, these networks remain vulnerable, as new tools and techniques are being constantly developed by hackers. A new promising technology that lures the attackers in order to monitor their malicious activities and divulge their intentions is emerging with Virtual Honeypots. In the present thesis, we examine an extensive security mechanism based on three different open source low interaction honeypots. We implement this mechanism at our university campus network in an attempt to identify the potential threats and methods used against our network. The data gathered by our honeypots reveal valuable information regarding the types of attacks, the vulnerable network services within the network and the malicious activities launched by attackers. low interaction honeypots deception university campus network network attacks
2	Intrusion Detection and Prevention in IP Based Mobile Networks Tevemark, Jonas January 2008 (has links) <p>Ericsson’s Packet Radio Access Network (PRAN) is a network solution for packet transport in mobile networks, which utilizes the Internet Protocol (IP). The IP protocol offers benefits in responsiveness and performance adaptation to data bursts when compared to Asynchronous Transfer Mode (ATM), which is still often used. There are many manufacturers / operators providing IP services, which reduce costs. The IP’s use on the Internet brings greater end-user knowledge, wider user community and more programs designed for use in IP environments. Because of this, the spectrum of possible attacks against PRAN broadens. This thesis provides information on what protection an Intrusion Prevention System (IPS) can add to the current PRAN solution.</p><p>A risk analysis is performed to identify assets in and threats against PRAN, and to discover attacks that can be mitigated by the use of an IPS. Information regarding placement of an IPS in the PRAN network is given and tests of a candidate system are performed. IPS features in hardware currently used by Ericsson as well as missing features are pinpointed . Finally, requirements for an IPS intended for use in PRAN are concluded.</p> Computer security Computer networks Network attacks Intrusion detection Intrusion prevention Information technology Informationsteknologi
3	Intrusion Detection and Prevention in IP Based Mobile Networks Tevemark, Jonas January 2008 (has links) Ericsson’s Packet Radio Access Network (PRAN) is a network solution for packet transport in mobile networks, which utilizes the Internet Protocol (IP). The IP protocol offers benefits in responsiveness and performance adaptation to data bursts when compared to Asynchronous Transfer Mode (ATM), which is still often used. There are many manufacturers / operators providing IP services, which reduce costs. The IP’s use on the Internet brings greater end-user knowledge, wider user community and more programs designed for use in IP environments. Because of this, the spectrum of possible attacks against PRAN broadens. This thesis provides information on what protection an Intrusion Prevention System (IPS) can add to the current PRAN solution. A risk analysis is performed to identify assets in and threats against PRAN, and to discover attacks that can be mitigated by the use of an IPS. Information regarding placement of an IPS in the PRAN network is given and tests of a candidate system are performed. IPS features in hardware currently used by Ericsson as well as missing features are pinpointed . Finally, requirements for an IPS intended for use in PRAN are concluded. Computer security Computer networks Network attacks Intrusion detection Intrusion prevention Information Systems
4	Metody klasifikace síťového provozu / Methods for Network Traffic Classification Jacko, Michal January 2017 (has links) This paper deals with a problem of detection of network traffic anomaly and classification of network flows. Based on existing methods, paper describes proposal and implementaion of a tool, which can automatically classify network flows. The tool uses CUDA platform for network data processing and computation of network flow metrics using graphics processing unit. Processed flows are subsequently classified by proposed methods for network anomaly detection.
5	Analýza útoků na bezdrátové sítě / Analysis of wireless network attacks Kačic, Matej Unknown Date (has links) This work describes security mechanisms of wireless network based on 802.11 standard and security enhancement 802.11i of these networks known as WPA2, where the analysis of vulnerabilities and attacks on these networks were performed. The work discusses two major security issues. The first is unsecure management frames responsible for vulnerability with direct impact on availability and the other is the vulnerability that allows executing the impersonalize type of attacks. The system for generation attacks was designed to realize any attack very fast and efficient. The core of the thesis is the design of a system for attack analysis using the principle of trust and reputation computation. The conclusion of the work is devoted to experimenting with the proposed system, especially with the selection of suitable metrics for calculating the trust value.
6	Attacking and securing Network Time Protocol Malhotra, Aanchal 14 February 2020 (has links) Network Time Protocol (NTP) is used to synchronize time between computer systems communicating over unreliable, variable-latency, and untrusted network paths. Time is critical for many applications; in particular it is heavily utilized by cryptographic protocols. Despite its importance, the community still lacks visibility into the robustness of the NTP ecosystem itself, the integrity of the timing information transmitted by NTP, and the impact that any error in NTP might have upon the security of other protocols that rely on timing information. In this thesis, we seek to accomplish the following broad goals: 1. Demonstrate that the current design presents a security risk, by showing that network attackers can exploit NTP and then use it to attack other core Internet protocols that rely on time. 2. Improve NTP to make it more robust, and rigorously analyze the security of the improved protocol. 3. Establish formal and precise security requirements that should be satisfied by a network time-synchronization protocol, and prove that these are sufficient for the security of other protocols that rely on time. We take the following approach to achieve our goals incrementally. 1. We begin by (a) scrutinizing NTP's core protocol (RFC 5905) and (b) statically analyzing code of its reference implementation to identify vulnerabilities in protocol design, ambiguities in specifications, and flaws in reference implementations. We then leverage these observations to show several off- and on-path denial-of-service and time-shifting attacks on NTP clients. We then show cache-flushing and cache-sticking attacks on DNS(SEC) that leverage NTP. We quantify the attack surface using Internet measurements, and suggest simple countermeasures that can improve the security of NTP and DNS(SEC). 2. Next we move beyond identifying attacks and leverage ideas from Universal Composability (UC) security framework to develop a cryptographic model for attacks on NTP's datagram protocol. We use this model to prove the security of a new backwards-compatible protocol that correctly synchronizes time in the face of both off- and on-path network attackers. 3. Next, we propose general security notions for network time-synchronization protocols within the UC framework and formulate ideal functionalities that capture a number of prevalent forms of time measurement within existing systems. We show how they can be realized by real-world protocols (including but not limited to NTP), and how they can be used to assert security of time-reliant applications-specifically, cryptographic certificates with revocation and expiration times. Our security framework allows for a clear and modular treatment of the use of time in security-sensitive systems. Our work makes the core NTP protocol and its implementations more robust and secure, thus improving the security of applications and protocols that rely on time. Computer science Cryptography Domain name system (DNS) Network attacks Network protocols Network Time Protocol Security
7	Using Supervised Learning and Data Fusion to Detect Network Attacks Hautsalo, Jesper January 2021 (has links) Network attacks remain a constant threat to organizations around the globe. Intrusion detection systems provide a vital piece of the protection needed in order to fend off these attacks. Machine learning has become a popular method for developing new anomaly-based intrusion detection systems, and in recent years, deep learning has followed suit. Additionally, data fusion is often applied to intrusion detection systems in research, most often in the form of feature reduction, which can improve the accuracy and training times of classifiers. Another less common form of data fusion is decision fusion, where the outputs of multipe classifiers are fused into a more reliable result. Recent research has produced some contradictory results regarding the efficiency of traditional machine learning algorithms compared to deep learning algorithms. This study aims to investigate this problemand provide some clarity about the relative performance of a selection of classifier algorithms, namely artificial neural network, long short-term memory and random forest. Furthermore, two feature selection methods, namely correlation coefficient method and principal component analysis, as well as one decision fusion method in D-S evidence theory are tested. The majority of the feature selection methods fail to increase the accuracy of the implemented models, although the accuracy is not drastically reduced. Among the individual classifiers, random forest shows the best performance, obtaining an accuracy of 87,87%. Fusing the results with D-S evidence theory further improves this result, obtaining an accuracy of 88,56%, and proves particularly useful for reducing the number of false positives. Network intrusion detection IDS network attacks supervised learning Computer Sciences Datavetenskap (datalogi)
8	UMA ONTOLOGIA DE APLICAÇÃO PARA APOIO À TOMADA DE DECISÕES EM SITUAÇÕES DE AMEAÇA À SEGURANÇA DA INFORMAÇÃO. / AN ONTOLOGY OF INFORMATION FOR DECISION SUPPORT IN SITUATIONS OF THREAT TO INFORMATION SECURITY. SILVA, Rayane Meneses da 24 June 2015 (has links) Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-31T14:44:32Z No. of bitstreams: 1 Rayane.pdf: 4026589 bytes, checksum: 7e6066416420555456030ab6db3a1231 (MD5) / Made available in DSpace on 2017-08-31T14:44:32Z (GMT). No. of bitstreams: 1 Rayane.pdf: 4026589 bytes, checksum: 7e6066416420555456030ab6db3a1231 (MD5) Previous issue date: 2015-06-24 / Many security mechanisms, such as Intrusion Detection Systems (IDSs) have been developed to approach the problem of information security attacks but most of them are traditional information systems in which their threats repositories are not represented semantically. Ontologies are knowledge representation structures that enable semantic processing of information and the construction of knowledge-based systems, which provide greater effectiveness compared to traditional systems. This paper proposes an application ontology called “Application Ontology for the Development of Case-based Intrusion Detection Systems” that formally represents the concepts related to information security domain of intrusion detection systems and “Case Based Reasoning”. The “Case Based Reasoning” is an approach for problem solving in which you can reuse the knowledge of past experiences to solve new problems. The evaluation of the ontology was performed by the development of an Intrusion Detection System that can detect attacks on computer networks and recommend solutions to these attacks. The ontology was specified using the “Ontology Web Language” and the Protégé ontology editor and. It was also mapped to a cases base in Prolog using the “Thea” tool. The results have shown that the developed Intrusion Detection System presented a good effectiveness in detecting attacks that the proposed ontology conceptualizes adequately the domain concepts and tasks. / Muitos mecanismos de segurança, como os Sistemas de Detecção de Intrusão têm sido desenvolvidos para abordar o problema de ataques à Segurança da Informação. Porém, a maioria deles são sistemas de informação tradicionais nos quais seus repositórios de ameaças não são representados semanticamente. As ontologias são estruturas de representação do conhecimento que permitem o processamento semântico das informações bem como a construção dos sistemas baseados em conhecimento, os quais fornecem uma maior efetividade em relação aos sistemas tradicionais. Neste trabalho propõe-se uma ontologia de aplicação denominada “Application Ontology for the Development of Case-based Intrusion Detection Systems” que representa formalmente os conceitos relacionados ao domínio de Segurança da Informação, dos sistemas de detecção de intrusão e do “Case-Based Reasoning”. O “Case-Based Reasoning” é uma abordagem para resolução de problemas nos quais é possível reutilizar conhecimentos de experiências passadas para resolver novos problemas. A avaliação da ontologia foi realizada por meio do desenvolvimento de um Sistema de Detecção de Intrusão que permite detectar ataques a redes de computadores e recomendar soluções a esses ataques. A ontologia foi especificada na linguagem “Ontology Web Language” utilizando o editor de ontologias Protegé e, logo após, mapeada a uma base de casos em Prolog utilizando o ferramenta “Thea”. Os resultados mostraram que o Sistema de Detecção de Intrusão desenvolvido apresentou boa efetividade na detecção de ataques e portanto, conclui-se que a ontologia proposta conceitualiza de forma adequada os conceitos de domínio e tarefa abordados. Sistemas de Informação
9	Enhanced Prediction of Network Attacks Using Incomplete Data Arthur, Jacob D. 01 January 2017 (has links) For years, intrusion detection has been considered a key component of many organizations’ network defense capabilities. Although a number of approaches to intrusion detection have been tried, few have been capable of providing security personnel responsible for the protection of a network with sufficient information to make adjustments and respond to attacks in real-time. Because intrusion detection systems rarely have complete information, false negatives and false positives are extremely common, and thus valuable resources are wasted responding to irrelevant events. In order to provide better actionable information for security personnel, a mechanism for quantifying the confidence level in predictions is needed. This work presents an approach which seeks to combine a primary prediction model with a novel secondary confidence level model which provides a measurement of the confidence in a given attack prediction being made. The ability to accurately identify an attack and quantify the confidence level in the prediction could serve as the basis for a new generation of intrusion detection devices, devices that provide earlier and better alerts for administrators and allow more proactive response to events as they are occurring. artificial intelligence continuous layered confusion matrix intrusion confidence level intrusion detection network attacks real time detection Computer Sciences
10	Nätverkssäkerhet med IPS : Förbättrad nätverkssäkerhet med Intrusion Prevention Systems Dubell, Michael, Johansson, David January 2013 (has links) Att skydda sin IT-miljö mot olika typer av intrång och attacker som till exempel trojaner,skadliga Java applets eller DoS attacker med hjälp av brandväggar och antivirusprogramär två viktiga lager i skalskyddet. I den här uppsatsen undersöks hur väl ett Intrusion Prevention System skulle kunna fungera som ett ytterligare lager i skalskyddet. Fokus ligger på hur väl IPS-systemet klarar av att avvärja attacker, hur mycket tid som går åt till konfigurering och drift för att få ett fungerande IPS samt hur prestandan i nätverket påverkas av implementationen. För att mäta hur väl IPS systemet klarar av att upptäcka och blockera attacker utförs två experiment där ett mindre nätverk attackeras på olika sätt. I det första experimentet skyddas infrastrukturen av en brandvägg och klienterna är utrustade med antivirusprogram. I det andra experimentet genomförs samma attacker igen fast med ett Snort IPS implementerat i nätverket. Resultatet av de genomförda experimenten visar att en IPS klarar att blockera ca 87% av attackerna, men nätverksprestandan påverkas negativt. Slutsatsen är att endast brandväggar och antivirusprogram inte ger ett fullgott skydd. network security network attacks virus trojans snort nätverkssäkerhet ips trojan nätverk Intrusion Prevention System snort attacker Computer Sciences Datavetenskap (datalogi)

Search results