An agent-based Bayesian method for network intrusion detection

Pikoulas, John

January 2003

Security is one of the major issues in any network and on the Internet. It encapsulates many different areas, such as protecting individual users against intruders, protecting corporate systems against damage, and protecting data from intrusion. It is obviously impossible to make a network totally secure, as there are so many areas that must be protected. This thesis includes an evaluation of current techniques for internal misuse of computer systems, and tries to propose a new way of dealing with this problem. This thesis proposes that it is impossible to fully protect a computer network from intrusion, and shows how different methods are applied at differing levels of the OSI model. Most systems are now protected at the network and transport layer, with systems such as firewalls and secure sockets. A weakness, though, exists in the session layer that is responsible for user logon and their associated password. It is thus important for any highly secure system to be able to continually monitor a user, even after they have successfully logged into the system. This is because once an intruder has successfully logged into a system, they can use it as a stepping-stone to gain full access (often right up to the system administrator level). This type of login identifies another weakness of current intrusion detection systems, in that they are mainly focused on detecting external intrusion, whereas a great deal of research identifies that one of the main problems is from internal intruders, and from staff within an organisation. Fraudulent activities can often he identified by changes in user behaviour. While this type of behaviour monitoring might not be suited to most networks, it could be applied to high secure installations, such as in government, and military organisations. Computer networks are now one of the most rapidly changing and vulnerable systems, where security is now a major issue. A dynamic approach, with the capacity to deal with and adapt to abrupt changes, and be simple, will provide an effective modelling toolkit. Analysts must be able to understand how it works and be able to apply it without the aid of an expert. Such models do exist in the statistical world, and it is the purpose of this thesis to introduce them and to explain their basic notions and structure. One weakness identified is the centralisation and complex implementation of intrusion detection. The thesis proposes an agent-based approach to monitor the user behaviour of each user. It also proposes that many intrusion detection systems cannot cope with new types of intrusion. It thus applies Bayesian statistics to evaluate user behaviour, and predict the future behaviour of the user. The model developed is a unique application of Bayesian statistics, and the results show that it can improve future behaviour prediction than existing ARIMA models. The thesis argues that the accuracy of long-term forecasting questionable, especially in systems that have a rapid and often unexpected evolution and behaviour. Many of the existing models for prediction use long-term forecasting, which may not be the optimal type for intrusion detection systems. The experiments conducted have varied the number of users and the time interval used for monitoring user behaviour. These results have been compared with ARIMA, and an increased accuracy has been observed. The thesis also shows that the new model can better predict changes in user behaviour, which is a key factor in identifying intrusion detection. The thesis concludes with recommendations for future work, including how the statistical model could be improved. This includes research into changing the specification of the design vector for Bayesian. Another interesting area is the integration of standard agent communication agents, which will make the security agents more social in their approach and be able to gather information from other agents

005.8

Seamless speaker recognition

Chatzaras, Anargyros, Savvidis, Georgios

January 2015

In a technologically advanced society, the average person manages dozens of accounts for e-mail, social networks, e-banking, and other electronic services. As the number of these accounts increases, the need for automatic user identification becomes more essential. Biometrics have long been used to identify people and are the most common (if not the only) method to achieve this task. Over the past few years, smartphones have become frequently used gadgets.  These devices have built-in microphones and are commonly used by a single user or a small set of users, such as a couple or a family. This thesis uses a smartphone’s microphone to capture user’s speech and identify him/her. Existing speaker recognition systems typically prompt the user to provide long voice samples in order to provide accurate results. This results in a poor user experience and discourages users who do not have the patience to go through such a process.  The main idea behind the speaker recognition approach presented in this thesis is to provide a seamless user experience where the recording of the user’s voice takes place in the background. An Android application is developed which silently collects voices samples and performs speaker recognition without requiring extensive user interaction.  Two variants of the proposed tool have been developed and are described in depth in this thesis. The open source framework Recognito is used to perform the speaker recognition task. The analysis of Recognito showed that it is not capable of achieving high accuracy especially when the voice samples contain background noise. Finally, the comparison between the two architectures showed that they do not differ significantly in terms of performance. / I ett teknologiskt avancerat samhälle så hanterar den genomsnittliga personen dussintals konton för e-post, sociala nätverk, internetbanker, och andra elektroniska tjänster. Allt eftersom antalet konton ökar, blir behovet av automatisk identifiering av användaren mer väsentlig. Biometri har länge använts för att identifiera personer och är den vanligaste (om inte den enda) metoden för att utföra denna uppgift. Smartphones har under de senaste åren blivit allt mer vanligt förekommande, de ger användaren tillgång till de flesta av sina konton och, i viss mån, även personifiering av enheterna baserat på deras profiler på sociala nätverk. Dessa enheter har inbyggda mikrofoner och används ofta av en enskild användare eller en liten grupp av användare, till exempel ett par eller en familj. Denna avhandling använder mikrofonen i en smartphone för att spela in användarens tal och identifiera honom/henne. Befintliga lösningar för talarigenkänning ber vanligtvis användaren om att ge långa röstprover för att kunna ge korrekta resultat.  Detta resulterar i en dålig användarupplevelse och avskräcker användare som inte har tålamod att gå igenom en sådan process. Huvudtanken bakom den strategi för talarigenkänningen som presenteras i denna avhandling är att ge en sömlös användarupplevelse där inspelningen av användarens röst sker i bakgrunden. En Android-applikation har utvecklats som, utan att märkas, samlar in röstprover och utför talarigenkänning på dessa utan att kräva omfattande interaktion av användaren. Två varianter av verktyget har utvecklats och dessa beskrivs ingående i denna avhandling. Öpen source-ramverket Recognito används för att utföra talarigenkänningen. Analysen av Recognito visade att det inte klarar av att uppnå tillräckligt hög noggrannhet, speciellt när röstproverna innehåller bakgrundsbrus. Dessutom visade jämförelsen mellan de två arkitekturerna att de inte skiljer sig nämnvärt i fråga om prestanda.

speaker recognition

user authentication

seamless operation

biometrics

standalone

client-server

Android

talarigenkänning

användarautentisering

sömlös drift

biometri

fristående

klient-server

Android

Communication Systems

Kommunikationssystem

Women's perceived security in shared autonomous vehicles : The impact of identifying co-passengers

Sundin, Emma

January 2022

The present thesis aims to establish ideas and technical solutions that can have a positive impact on women's perceived safety while traveling in autonomous vehicles, made for sharing with strangers. The method follows the Design Thinking model which contributes to a user-centered design approach. Initial literature research was performed to understand the problem area, which included women's issues in public transportation, the development of autonomous vehicles, the foundation of a trusting behavior and authentication technologies for identifying users. Following ideation workshops with eight potential users of the service contributed with ideas based on the female perspective and their expectations of traveling in a shared mobility alternative. These results provide a foundation that contributes to a specific purpose of the thesis to create and evaluate strategies for authentication of co-passengers due to being advocated by the participants. Two versions of a high-fidelity mobile application prototype were created in Figma with different strategies for how to interact with the service and authentication methods to align with the autonomous vehicle prototype provided by NEVS during the following tests.  The final user tests, with 14 participants, indicate that an identification method should be included in the service, especially during the night. Six of seven female participants appreciate a combination of Bank ID while requesting a ride and facial recognition when boarding the vehicle. However, the results of the male participants vary to a larger extent. The results do not indicate where the identification technology should be implemented, in the private phone or the vehicle doors. To create a solution available to a larger target group, the mobile application need to adopt and provide option alternatives regarding identification methods due to individual differences and previous experiences which lays a foundation for the users' ability to contribute to a trusting behavior. Furthermore, an onboarding process for the first-time user is proposed to prepare the user and describe how the service could be used and what is expected by them.

Shared Autonomous Vehicles

Ride-sharing

Women's Security

Trust

User Authentication

Mobility

Interaction Technologies

Interaktionsteknik

Robotics

Robotteknik och automation

Transport Systems and Logistics

Transportteknik och logistik

Wireless Sensing in Vehicular Networks:Road State Inference and User Authentication

Tulay, Halit Bugra

27 September 2022

No description available.

Electrical Engineering

Engineering

Computer Engineering

Computer Science

wireless sensing

vehicular ad hoc networks

VANET

road state inference

traffic monitoring

user authentication

Sybil attack detection

cybersecurity

pyhsical layer security

intelligent transportation systems

DSRC

Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications : multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications

Mapoka, Trust Tshepo

January 2015

Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.

Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications. Multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications

Mapoka, Trust Tshepo

January 2015

Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.

Streamlining Certification Management with Automation and Certification Retrieval : System development using ABP Framework, Angular, and MongoDB / Effektivisering av certifikathantering med automatisering och certifikathämtning : Systemutveckling med ABP Framework, Angular och MongoDB

Hassan, Nour Al Dine

January 2024

This thesis examines the certification management challenge faced by Integrity360. The decentralized approach, characterized by manual processes and disparate data sources, leads to inefficient tracking of certification status and study progress. The main objective of this project was to construct a system that automates data retrieval, ensures a complete audit, and increases security and privacy.  Leveraging the ASP.NET Boilerplate (ABP) framework, Angular, and MongoDB, an efficient and scalable system was designed, developed, and built based on DDD (domain-driven design) principles for a modular and maintainable architecture. The implemented system automates data retrieval from the Credly API, tracks exam information, manages exam vouchers, and implements a credible authentication system with role-based access control.  With the time limitations behind the full-scale implementation of all the planned features, such as a dashboard with aggregated charts and automatic report generation, the platform significantly increases the efficiency and precision of employee certification management. Future work will include these advanced functionalities and integrations with external platforms to improve the system and increase its impact on operations in Integrity360.

Certification Management

Automation

Certification Retrieval

ABP Framework

Angular

MongoDB

Credly API

Exam Information

Exam Vouchers

Authentication

Role-Based Access Control

Data Retrieval

Audit

Security

Privacy

Efficiency

Accuracy

Scalability

Maintainability

Domain-Driven Design

Software Development

User Interface

Data Encryption

HTTPS

Input Validation

Identity Management

Audit Logging

Cybersecurity

Education

Training

Employee Certification

Study Progress

Centralized Platform

Data Integration

Consolidated View

Graphs

Bar Charts

Manual Data Entry

Information Silos

Decision Making

Compliance

Industry Standards

Partner Levels

Financial Penalties

Reputation Damage

Business Opportunities

NoSQL Database

Unstructured Data

Semi-structured Data

Software Architecture

Layered Architecture

Presentation Layer

Application Layer

Domain Layer

Entities

Value Objects

Aggregates

Repositories

Domain Services

Data Transfer Objects (DTOs)

Business Logic

Domain Semantics

Modern Web Applications

User Authentication

Authorization

Audit Logging

Dynamic Web Applications

Component-Based

TypeScript

Type Safety

Code Quality

Maintainability

Active Community

Charts

Graphs

Secure Submission

LeptonX Lite

Responsive Design

Navigation Sidebar

Menu Bar

Tabs

Table

Attributes

Properties

Buttons

Modal Dialogs

Profile Settings

System Admin Panel

Account Management

Permissions

System Settings

Certifikathantering

Automatisering

Certifikathämtning

ABP Framework

Angular

MongoDB

Credly API

Examinformation

Examenvouchers

Autentisering

Rollbaserad åtkomstkontroll

Datahämtning

Granskning

Säkerhet

Integritet

Effektivitet

Noggrannhet

Skalbarhet

Underhållbarhet

Domändriven design

Programvaruutveckling

Användargränssnitt

Datakryptering

HTTPS

Indata validering

Identitetshantering

Granskningsloggning

Cybersäkerhet

Utbildning

Träning

Medarbetarcertifiering

Studie Framsteg

Centraliserad plattform

Dataintegration

Konsoliderad vy

Grafer

Stapeldiagram

Manuell datainmatning

Informationssilos

Beslutsfattande

Efterlevnad

Branschstandarder

Partnernivåer

Ekonomiska påföljder

Ryktesskada

Affärsmöjligheter

NoSQL-databas

Ostrukturerad data

Semistrukturerad data

Programvaruarkitektur

Skiktad arkitektur

Presentationslager

Applikationslager

Domänlager

Entiteter

Värdeobjekt

Aggregat

Repositories

Domäntjänster

Dataöverföringsobjekt (DTO)

Affärslogik

Domänsemantik

Moderna webbapplikationer

Användarautentisering

Auktorisering

Granskningsloggning

Dynamiska webbapplikationer

Komponentbaserad

TypeScript

Typsäkerhet

Kodkvalitet

Underhållbarhet

Aktiv gemenskap

Diagram

Grafer

Säker inlämning

LeptonX Lite

Responsiv design

Navigering Sidofält

Menyrad

Flikar

Tabell

Attribut

Egenskaper

Knappar

Modala dialogrutor

Profilinställningar

Systemadministratörspanel

Kontohantering

Behörigheter

Systeminställningar

Software Engineering

Programvaruteknik