361 |
Online Analogies: The Legal Uncertainities of Cyberspace : A Study on Cyber Operations and the Jus ad BellumMunck af Rosenschöld, Henrietta January 2023 (has links)
No description available.
|
362 |
Defending against Adversarial MalwareNair, Rohit January 2022 (has links)
No description available.
|
363 |
An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of PhishingSalem, Omran S.A. January 2012 (has links)
Hacking information systems is continuously on the increase. Social engineering
attacks is performed by manipulating the weakest link in the security chain; people.
Consequently, this type of attack has gained a higher rate of success than a technical
attack.
Based in Expert Systems, this study proposes a proactive and integrated
Intelligent Social Engineering Security Model to mitigate the human risk and reduce the
impact of social engineering attacks.
Many computer users do not have enough security knowledge to be able to
select a strong password for their authentication. The author has attempted to implement
a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is
being developed to evaluate password strength and measures the password strength
based on dictionary attack, time crack and shoulder surfing attack (social engineering).
A comparative study of existing tools used by major companies such as Microsoft,
Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and
tool.
A comprehensive literature survey and analytical study performed on phishing
emails representing social engineering attacks that are directly related to financial fraud
are presented and compared with other security threats. This research proposes a novel
approach that successfully addresses social engineering attacks. Another intelligent tool
is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source
code and providing an in-line awareness security feedback.
|
364 |
The Chemical Ecology of Rapid Ohia DeathKylle Alohilani Minei Roy (17538252) 02 December 2023 (has links)
<p dir="ltr">Rapid ʻōhiʻa death (ROD) is a disease complex caused by two <i>Ceratocystis fungi</i>, <i>C. lukuohia</i> and <i>C. huliohia</i>, that is devastating the keystone tree of the Hawaiian Islands, ʻōhiʻa lehua (<i>Metrosideros polymoropha</i>). The causal agents of ROD were identified in 2015 and I began researching entomological aspects of the complex in 2016. Much like other <i>Ceratocystis</i> diseases, my colleagues and I suspected that beetles and frass might be involved in the system. Together, we identified four species of invasive ambrosia beetles (Coleoptera: Curculionidae) that contribute to the spread of ROD: <i>Xyleborinus saxesenii, Xyleborus affinis, Xyleborus ferrugineus</i>, and <i>Xyleborus perforans</i>. Both ROD-<i>Ceratocystis</i> fungi and the ambrosia beetles inhabit the xylem of ʻōhiʻa. When these beetles create their home galleries, they produce frass particles infested with resting chlamydospores that can be transported in the environment through the soil, wind, and water. Secondly, the beetles are capable of vectoring the fungi directly to stressed trees via viable propagules attached to their exoskeleton. The natural progression of this research was to investigate the chemical ecology of the system, therefore building the foundations for management strategies to reduce the spread of ROD. In addition, I satisfied my curiosity to explore the fungal mutualisms of these beetles through the use of phylogenetics.</p><p dir="ltr">In Chapter 1, I review the literature describing ROD and the four ROD-associated ambrosia beetle species. I report all of the research to date regarding ROD, including current monitoring and management strategies. Then, I introduce ambrosia beetles and the Xyleborini tribe, focusing on the life history of the ROD-associated beetles and current literature describing the use of semiochemicals to control them.</p><p dir="ltr">In Chapter 2, I determine the volatile organic compounds associated with the ROD <i>Ceratocystis</i> – ʻōhiʻa pathosystem and the response of the associated beetles to those compounds. I investigated the volatiles produced by <i>C. lukuohia</i> and <i>C. hulihia</i> in culture in addition to when inoculated into ʻōhiʻa seedlings. Then, I describe olfactometer assays to determine if the ROD-associated beetles are attracted to the volatiles emitted from ROD-<i>Ceratocysti</i>s in culture.</p><p dir="ltr">In Chapter 3, I investigate semiochemicals for attracting and repelling ambrosia beetles in ʻōhiʻa forests. I describe separate trapping experiments, first, testing the attraction of beetles to 100% ethanol and 1:1 methanol ethanol. Second, we investigate the use of two beetle repellent products, one with verbenone and the other with verbenone + methyl salicylate active ingredients.</p><p dir="ltr">In Chapter 4, I describe the testing of the repellent, verbenone, in the SPLAT<sup>®</sup> Verb formulation, to deter ambrosia beetle attack from both healthy ʻōhiʻa trees and trees infested with ROD-<i>Ceratocystis</i>. Over two field seasons, we monitored ambrosia beetle attacks on trees treated with verbenone and measured the abundance of verbenone released from the repellents over time during the first season.</p><p dir="ltr">In Chapter 5, I investigate the ambrosia fungi of the ROD-associated beetles and native Hawaiian ambrosia beetles on the Island of Hawaiʻi. We isolated a dozen fungal symbionts from the mycetangia of ambrosia beetles, most of which are first reports in Hawaiʻi, and use phylogenetics to investigate putative new species of <i>Raffaelea</i> and <i>Ambrosiozyma.</i></p><p dir="ltr">Finally, in Chapter 6, I synthesize the results and future directions of the aforementioned chapters. Together, these dissertation chapters provide insights into ambrosia beetle monitoring and management strategies in Hawaiʻi and beyond. I describe the groundwork for understanding the pathosystem from a chemical ecology perspective and touch on the understudied world of Hawaiʻi fungi and potential pathogens.</p>
|
365 |
Improving Email Security in Organizations : Solutions and GuidelinesAndrén, Axel, Kashlan, Ghaith, Nantarat, Atichoke January 2023 (has links)
Data breaches from email attacks have been an issue since email was first implemented. Common attack methods like phishing are still a threat to organizations to this very day. That is because it never seems to stop evolving and keeps becoming more and more convincing. Email compromises have caused billions of dollars in damage worldwide, and it shows no sign of stopping. The purpose and research questions of this thesis are formulated to find guidelines or solutions that organizations can follow to improve their overall email security and awareness. In this thesis, both a systematic literature review and interviews are methods used to conduct the research. That way, both the technical portion of the subject, as well as the human perspective are covered. We found that the most common and significant email threats to organizations are phishing, BEC, and APT attacks. This thesis provides methods to mitigate these threats. What has also become clear is that human mistakes are a large portion of the problem concerning email attacks.
|
366 |
Ranking Social Engineering Attack Vectors in The Healthcare and Public Health SectorGaurav Sachdev (14563787) 06 February 2023 (has links)
<p>The National Institute of Standards and Technology defines social engineering as an attack vector that deceives an individual into divulging confidential information or performing unwanted actions. Different methods of social engineering include phishing, pretexting, tailgating, baiting, vishing, SMSishing, and quid pro quo. These attacks can have devastating effects, especially in the healthcare sector, where there are budgetary and time constraints. To address these issues, this study aimed to use cybersecurity experts to identify the most important social engineering attacks to the healthcare sector and rank the underlying factors in terms of cost, success rate, and data breach. By creating a ranking that can be updated constantly, organizations can provide more effective training to users and reduce the overall risk of a successful attack. This study identified phishing attacks via email, voice and SMS to be the most important to defend against primarily due to the number of attacks. Baiting and quid pro quo consistently ranked as lower in priority and ranking.</p>
|
367 |
Survey of ongoing and NextGeneration Cybersecurity of Maritime Communication Systems / Undersökning av dagens och nästa generations cybersäkerhetför sjöfartskommunikationssytemBjörnlund, Pontus, Faqiri, Feraidon January 2023 (has links)
The maritime industry is growing more and more for every year that passes. As the industry grows it also becomes a more attractive target for cyber criminals. The amount ofcyberattacks in the industry are few, but it is growing at an alarming rate. This literaturestudy identifies the most common datacom systems and infrastructure in the maritimeindustry and their vulnerabilities. This paper also identifies possible solutions and improvements that can be made to existing datacom systems to make them less susceptible tocyber attacks. The results show that there are many solutions that could be implementedthat would increase the cyber security in the industry, but many of them require international cooperation to implement. Therefore standards are suggested to be implemented inorder to push organisations to update their systems. Additionally, this paper delves intothe aviation industry to examine how the datacom infrastructure utilized in the maritimeindustry could be adopted to enhance both efficiency and security
|
368 |
Securing SDN Data Plane:Investigating the effects of IP SpoofingAttacks on SDN Switches and its Mitigation : Simulation of IP spoofing using MininetJABBU, SHIVAKUMAR YADAV, MADIRAJU, ANIRUDH SAI January 2023 (has links)
Background:Software-Defined Networking (SDN) represents a network architecture that offers a separate control and data layer, facilitating its rapid deployment and utilization for diverse purposes. However, despite its ease of implementation, SDN is susceptible to numerous security attacks, primarily stemming from its centralized nature. Among these threats, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks pose the most substantial risks. In the event of a successful attack on the SDNcontroller, the entire network may suffer significant disruption. Hence, safe guarding the controller becomes crucial to ensure the integrity and availability of the SDN network. Objectives:This thesis focuses on examining the IP spoofing attack and its impact on the Data Plane, particularly concerning the metrics of an SDN switch. The investigation centers around attacks that manipulate flow-rules to amplify the number of rules and deplete the resources of a switch within the Data Plane of an SDN network. To conduct the study, a software-defined network architecture was constructed using Mininet, with a Ryu controller employed for managing network operations. Various experiments were carried out to observe the response of the SDN system when subjected to an IP spoofing attack, aiming to identify potential mitigation strategies against such threats. Method and Results: To simulate the resource exhaustion scenario on the SDN network’s Data Plane,we deliberately triggered an escalation in the number of flow-rules installed in the switch. This was achieved by sending packets with spoofed IP addresses, there by exploiting the switch’s limited resources. Specifically, we focused on monitoring the impact on CPU utilization, storage memory, latency, and throughput within the switch. Detailed findings were presented in the form of tables, accompanied by graphical representations to visually illustrate the effects of increasing flow rules on the switches. Furthermore, we explored potential mitigation measures by developing an application that actively monitors the flow rules on the Ryu controller, aiming to detect and counteract such resource-exhausting effects.
|
369 |
TASK, KNOWLEDGE, SKILL, AND ABILITY: EQUIPPING THE SMALL-MEDIUM BUSINESSES CYBERSECURITY WORKFORCEVijaya Raghavan, Aadithyan 11 July 2023 (has links)
No description available.
|
370 |
Fundamental Attacks on Ethereum Oracles and How to Prevent ThemJafari, Mikael January 2023 (has links)
Many applications and protocols on blockchain platforms are reliant on real-world data which exists outside the blockchain, something which is not directly accessible through these platforms. To bridge this gap, blockchain oracles help these applications and protocols by providing them with this data. As different data used by these applications and protocols can result in different outcomes occurring, one way for attackers to attack these applications and protocols is to attack the oracles they rely on. This thesis investigates what types of fundamental attacks are possible on oracles hosted on Ethereum, potential ways to protect against them and how these attacks can be categorized. It also investigates if the different attributes of Solana or Corda provides any protection against these attacks in some way. In order to answer these questions, the different blockchain platforms are researched and investigated, along with different oracles and attacks on oracles. A framework which describes the different states data in a oracle can be in was also created in order to help find attacks. In total, eleven different fundamental attacks on Ethereum oracles were found along with different methods to protect against them. A majority of these attacks were deemed to be able to be done in full capability by both independent and nation-state attackers. Both Solana and Corda were found to provide some inherent protection against some of these attacks. Solana was found to be able to almost fully eliminate one type of attack due to its execution environment. Corda was found to make many of the found attacks harder to execute for an attacker, mainly due to its lack of anonymity. / Många applikationer och protokoll på blockkedje-plattformar är beroende av verklig data som existerar utanför blockkedjan, något som inte är direkt nåbart genom dessa plattformar. I syfte att göra denna data nåbar, så hjälper orakel på blockkedjor dessa applikationer och protokoll genom att tillhandahålla dem denna data. Eftersom dessa applikationer och protokoll kan ha olika utfall beroende på vilken data de använder sig av, så är en metod att attackera dem genom att attackera dem orakel som de använder sig av. Denna avhandling undersöker vilka typer av fundamentala attacker som är möjliga mot orakel som körs på Ethereum, potentiella sätt att skydda mot attackerna samt hur dessa attacker kan kategoriseras. Den undersöker även ifall de olika attributen som finns hos Solana eller Corda ger något skydd mot dessa attacker på något sätt. För att besvara dessa frågor har de olika blockkedjeplattformarna undersökts. Även olika orakel samt attacker mot orakel har undersökts. Ett ramverk som beskriver de olika tillstånden som data i ett orakel kan befinna sig i skapades med syfte att underlätta hittandet av attacker. Totalt så hittades elva olika fundamentala attacker mot orakel som körs på Ethereum tillsammans med tillhörande skyddsmetoder. Majoriteten av dessa attacker bedömdes kunna genomföras i full förmåga av både självständiga angripare samt nationssponsrade angripare. Både Solana och Corda visade sig ge skydd mot vissa av de elva attackerna genom sina attribut. Solana kan genom sin exekveringsmiljö nästan helt eliminera möjligheten av en av attackerna. Corda visade sig göra flera av de olika attackerna svårare att genomföra för angripare, främst på grund av sin avsaknad av anonymitet i plattformen.
|
Page generated in 0.0561 seconds