Global ETD Search

1	Early detection of malicious web content with applied machine learning Likarish, Peter F. 01 July 2011 (has links) This thesis explores the use of applied machine learning techniques to augment traditional methods of identifying and preventing web-based attacks. Several factors complicate the identification of web-based attacks. The first is the scale of the web. The amount of data on the web and the heterogeneous nature of this data complicate efforts to distinguish between benign sites and attack sites. Second, an attacker may duplicate their attack at multiple, unexpected locations (multiple URLs spread across different domains) with ease. Third, attacks can be hosted nearly anonymously; there is little cost or risk associated with hosting or publishing a web-based attack. In combination, these factors lead one to conclude that, currently, the webs threat landscape is unfavorably tilted towards the attacker. To counter these advantages this thesis describes our novel solutions to web se- curity problems. The common theme running through our work is the demonstration that we can detect attacks missed by other security tools as well as detecting attacks sooner than other security responses. To illustrate this, we describe the development of BayeShield, a browser-based tool capable of successfully identifying phishing at- tacks in the wild. Progressing from specific to a more general approach, we next focus on the detection of obfuscated scripts (one of the most commonly used tools in web-based attacks). Finally, we present TopSpector, a system we've designed to forecast malicious activity prior to it's occurrence. We demonstrate that by mining Top-Level DNS data we can produce a candidate set of domains that contains up to 65% of domains that will be blacklisted. Furthermore, on average TopSpector flags malicious domains 32 days before they are blacklisted, allowing the security community ample time to investigate these domains before they host malicious activity. applied machine learning Computer security Domain Name System javascript phishing web-based attacks Computer Sciences
2	On Fault-based Attacks and Countermeasures for Elliptic Curve Cryptosystems Dominguez Oviedo, Agustin January 2008 (has links) For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. Unfortunately, cryptosystems including those based on elliptic curves have been subject to attacks. For example, fault-based attacks have been shown to be a real threat in today’s cryptographic implementations. In this thesis, we consider fault-based attacks and countermeasures for ECC. We propose a new fault-based attack against the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. We deal with protections to fault attacks against ECSM at two levels: module and algorithm. For protections at the module level, where the underlying scalar multiplication algorithm is not changed, a number of schemes and hardware structures are presented based on re-computation or parallel computation. It is shown that these structures can be used for detecting errors with a very high probability during the computation of ECSM. For protections at the algorithm level, we use the concepts of point verification (PV) and coherency check (CC). We investigate the error detection coverage of PV and CC for the Montgomery ladder ECSM algorithm. Additionally, we propose two algorithms based on the double-and-add-always method that are resistant to the safe error (SE) attack. We demonstrate that one of these algorithms also resists the sign change fault (SCF) attack. elliptic curve cryptography fault-based attacks error-detection fault-tolerance Electrical and Computer Engineering
3	On Fault-based Attacks and Countermeasures for Elliptic Curve Cryptosystems Dominguez Oviedo, Agustin January 2008 (has links) For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. Unfortunately, cryptosystems including those based on elliptic curves have been subject to attacks. For example, fault-based attacks have been shown to be a real threat in today’s cryptographic implementations. In this thesis, we consider fault-based attacks and countermeasures for ECC. We propose a new fault-based attack against the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. We deal with protections to fault attacks against ECSM at two levels: module and algorithm. For protections at the module level, where the underlying scalar multiplication algorithm is not changed, a number of schemes and hardware structures are presented based on re-computation or parallel computation. It is shown that these structures can be used for detecting errors with a very high probability during the computation of ECSM. For protections at the algorithm level, we use the concepts of point verification (PV) and coherency check (CC). We investigate the error detection coverage of PV and CC for the Montgomery ladder ECSM algorithm. Additionally, we propose two algorithms based on the double-and-add-always method that are resistant to the safe error (SE) attack. We demonstrate that one of these algorithms also resists the sign change fault (SCF) attack. elliptic curve cryptography fault-based attacks error-detection fault-tolerance Electrical and Computer Engineering
4	Measuring the Impact of email Headers on the Predictive Accuracy of Machine Learning Techniques Tout, Hicham Refaat 01 January 2013 (has links) The majority of documented phishing attacks have been carried by email, yet few studies have measured the impact of email headers on the predictive accuracy of machine learning techniques in detecting email phishing attacks. Research has shown that the inclusion of a limited subset of email headers as features in training machine learning algorithms to detect phishing attack did increase the predictive accuracy of these learning algorithms. The same research also recommended further investigation of the impact of including an expanded set of email headers on the predictive accuracy of machine learning algorithms. In addition, research has shown that the cost of misclassifying legitimate emails as phishing attacks--false positives--was far higher than that of misclassifying phishing emails as legitimate--false negatives, while the opposite was true in the case of fraud detection. Consequently, they recommended that cost sensitive measures be taken in order to further improve the weighted predictive accuracy of machine learning algorithms. Motivated by the potentially high impact of the inclusion of email headers on the predictive accuracy of machines learning algorithms and the significance of enabling cost-sensitive measures as part of the learning process, the goal of this research was to quantify the impact of including an extended set of email headers and to investigate the impact of imposing penalty as part of the learning process on the number of false positives. It was believed that if email headers were included and cost-sensitive measures were taken as part of the learning process, than the overall weighted, predictive accuracy of the machine learning algorithm would be improved. The results showed that adding email headers as features did improve the overall predictive accuracy of machine learning algorithms and that cost-sensitive measure taken as part of the learning process did result in lower false positives. email based attacks information security logistic regression machine learning phishing privacy and security Computer Sciences
5	Méthodologie et outils pour la mise en pratique des attaques par collision et attaques horizontales sur l'exponentiation modulaire / From theory to practice of collision based attacks and horizontal attacks applied on protected implementation of modular exponentiation. Diop, Ibrahima 11 April 2017 (has links) Dans cette thèse, nous étudions deux sous-familles d'attaques par canaux cachés sur l'exponentiation modulaire appelées respectivement attaques par collision et attaques horizontales. Cette étude est faite selon deux axes : leurs mises en pratique et les possibles contremesures.Dans un premier temps, nous étudions les attaques par canaux cachés sur un simulateur développé durant cette thèse. Ce simulateur permet de vérifier la bonne implémentation d'une attaque par canaux cachés avant sa mise en pratique dans un environnement réel. Dans un deuxième temps, nous étudions les attaques par collision dans un environnement réel. Pour cela, nous nous sommes intéressés à l'automatisation de la détection effective de collision. Ainsi, nous proposons un nouveau critère de détection de collision.Dans un troisième temps, nous étudions l'estimation du rapport signal à bruit d'un jeu de traces dans le contexte des attaques par canaux cachés. Ainsi, nous proposons une nouvelle façon d'estimer le rapport signal à bruit lors d'une attaque par canaux cachés. En outre, nous montrons que cette estimation du rapport signal à bruit peut être exploitéepour l'analyse des fuites d'un canal caché mais aussi pour effectuer un filtrage adaptatif ne nécessitant pas la connaissance de certains paramètres du composant analysé.Dans un quatrième temps, au travers d'une étude détaillée des principales étapes d'une attaque horizontale, nous montrons les problèmes pouvant intervenir dans la pratique et comment les résoudre. Ainsi des solutions génériques sont proposées. Nous proposons finalement de possibles contremesures aux attaques horizontales sur l'exponentiation modulaire / This thesis is focused on the study of two sub-families of side channel attacks applied on modular exponentiation called respectively, collision based attacks and horizontal (or single shot) attacks. This study is made according to two axes: their applications and the possible countermeasures.Firstly, we study side channel attacks on a simulator developed during this thesis. This simulator allows to validate the good implementation of a any side channel attack before its application in a real environment.Secondly, we study collision based attacks in a real environment. For this purpose, we study the automation of collision detection in practice. Then, we introduce a new collision detection criterion and show its practical interest. Afterwards, we study the estimation of the signal to noise ratio in the context of side channel attacks. So, we introduce a fast and accurate method for its estimation during a side channel analysis. From our method we derive pragmatic and efficient methods for the daily tasks of evaluators. Among them the analysis of the electrical activity of integrated circuit or the identification of the frequencies carrying usable information or information leakage.Finally, through a detailed description of the main stages of an horizontal attack, we propose effective and practical solutions to improve secret information extraction in real environment and on the other hand possible countermeasures against the horizontal attacks applied on modular exponentiation. Analyse par canaux cachés Attaques par collision Attaques horizontales Side channel analysis Collision based attacks Horizontal attacks
6	Design of Mobility Cyber Range and Vision-Based Adversarial Attacks on Camera Sensors in Autonomous Vehicles Ramayee, Harish Asokan January 2021 (has links) No description available. Computer Engineering Electrical Engineering 2D Semantic segmentation Vision-based attacks Adversarial images Cyber Range Autonomous Vehicles machine learning computer vision Cyber security Traffic sign recognition Neural network optimization
7	Cryptanalyse des algorithmes de type Even-Mansour / Cryptanalysis of Even-Mansour type algorithms Mavromati, Chrysanthi 24 January 2017 (has links) Les algorithmes cryptographiques actuels se répartissent en deux grandes familles : les algorithmes symétriques et les algorithmes asymétriques. En 1991, S. Even et Y. Mansour ont proposé une construction simple d'un algorithme de chiffrement par blocs en utilisant une permutation aléatoire. Récemment, surtout pour répondre aux nouveaux enjeux de la cryptographie à bas coût, plusieurs algorithmes ont été proposés dont la construction est basée sur le schéma Even-Mansour. Les travaux réalisés dans cette thèse ont pour objet l'analyse de ce type d'algorithmes. À cette fin, nous proposons une nouvelle attaque générique sur le schéma Even-Mansour. Ensuite, afin de montrer l'importance particulière du modèle multi-utilisateurs, nous appliquons cette attaque générique dans ce modèle. Ces deux attaques sur Even-Mansour introduisent deux nouvelles idées algorithmiques : les chaînes parallèles et la construction d'un graphe qui illustre les liens entre les clés des utilisateurs du modèle multi-utilisateurs. Finalement, basés sur ces idées, nous proposons des attaques sur les algorithmes de chiffrement par blocs DESX et PRINCE et sur le code d'authentification de message Chaskey. / Current cryptographic algorithms are divided into two families: secret-key algorithms (or symmetric algorithms) and public-key algorithms. Secret-key cryptography is characterized by the sharing of the same key K used by both legitimate users of the cryptosystem. Bloc ciphers are one of the main primitives of symmetric cryptography. In 1991, S. Even and Y. Mansour proposed a minimal construction of a bloc cipher which uses a random permutation. Recently, in the context of lightweight cryptography, many algorithms based on the Even-Mansour scheme have been proposed. In this thesis, we focus on the analysis of this type of algorithms. To this purpose, we propose a generic attack on the Even-Mansour scheme. To show the particular importance of the multi-user model, we adapt our attack to this context. With these attacks, we introduce two new algorithmic ideas: the parallel chains and the construction of graph which represents the relations between the keys of the users of the multi-user model. Finally, we use these ideas and we present attacks on the bloc ciphers DESX and PRINCE and on the message authentication code (MAC) Chaskey. Chiffrement par bloc Even-Mansour Mac PRINCE Chaskey Attaques par collision Bloc cipher Even-Mansour Mac PRINCE Chaskey Collision based attacks 005.82
8	Vers des communications de confiance et sécurisées dans un environnement véhiculaire / Towards trusted and secure communications in a vehicular environment Tan, Heng Chuan 13 September 2017 (has links) Le routage et la gestion des clés sont les plus grands défis dans les réseaux de véhicules. Un comportement de routage inapproprié peut affecter l’efficacité des communications et affecter la livraison des applications liées à la sécurité. D’autre part, la gestion des clés, en particulier en raison de l’utilisation de la gestion des certificats PKI, peut entraîner une latence élevée, ce qui peut ne pas convenir à de nombreuses applications critiques. Pour cette raison, nous proposons deux modèles de confiance pour aider le protocole de routage à sélectionner un chemin de bout en bout sécurisé pour le transfert. Le premier modèle se concentre sur la détection de noeuds égoïstes, y compris les attaques basées sur la réputation, conçues pour compromettre la «vraie» réputation d’un noeud. Le second modèle est destiné à détecter les redirecteurs qui modifient le contenu d’un paquet avant la retransmission. Dans la gestion des clés, nous avons développé un système de gestion des clés d’authentification et de sécurité (SA-KMP) qui utilise une cryptographie symétrique pour protéger la communication, y compris l’élimination des certificats pendant la communication pour réduire les retards liés à l’infrastructure PKI. / Routing and key management are the biggest challenges in vehicular networks. Inappropriate routing behaviour may affect the effectiveness of communications and affect the delivery of safety-related applications. On the other hand, key management, especially due to the use of PKI certificate management, can lead to high latency, which may not be suitable for many time-critical applications. For this reason, we propose two trust models to assist the routing protocol in selecting a secure end-to-end path for forwarding. The first model focusses on detecting selfish nodes, including reputation-based attacks, designed to compromise the “true” reputation of a node. The second model is intended to detect forwarders that modify the contents of a packet before retransmission. In key management, we have developed a Secure and Authentication Key Management Protocol (SA-KMP) scheme that uses symmetric cryptography to protect communication, including eliminating certificates during communication to reduce PKI-related delays. Règle de combinaison de Dempster Fusion d’informations Attaques par paquets Attaques basées sur la réputation Attaques à transmission limitée VANET WMN PKI sans certificat Cryptosystèmes hybrides Proverif Accord de clé 3D basé sur un réseau Dempster’s rule of combination Information fusion Packet dropping attacks Recommendation-based trust model Reputation-based attacks Limited transmission power attacks Merkle tree authentication mechanism VANET WMN Certificate-less PKI Hybrid cryptosystems Proverif 3D grid-based key agreement

Search results