Graybox-baserade säkerhetstest : Att kostnadseffektivt simulera illasinnade angrepp

Linnér, Samuel

January 2008

Att genomföra ett penetrationstest av en nätverksarkitektur är komplicerat, riskfyllt och omfattande. Denna rapport utforskar hur en konsult bäst genomför ett internt penetrationstest tidseffektivt, utan att utelämna viktiga delar. I ett internt penetrationstest får konsulten ofta ta del av systemdokumentation för att skaffa sig en bild av nätverksarkitekturen, på så sätt elimineras den tid det tar att kartlägga hela nätverket manuellt. Detta medför även att eventuella anomalier i systemdokumentationen kan identifieras. Kommunikation med driftansvariga under testets gång minskar risken för missförstånd och systemkrascher. Om allvarliga sårbarheter identifieras meddelas driftpersonalen omgå-ende. Ett annat sätt att effektivisera testet är att skippa tidskrävande uppgifter som kommer att lyckas förr eller senare, t.ex. lösenordsknäckning, och istället påpeka att orsaken till sårbarheten är att angriparen har möjlighet att testa lösenord obegränsat antal gånger. Därutöver är det lämpligt att simulera vissa attacker som annars kan störa produktionen om testet genomförs i en driftsatt miljö. Resultatet av rapporten är en checklista som kan tolkas som en generell metodik för hur ett internt penetrationstest kan genomföras. Checklistans syfte är att underlätta vid genomförande av ett test. Processen består av sju steg: förberedelse och planering, in-formationsinsamling, sårbarhetsdetektering och analys, rättighetseskalering, penetrationstest samt summering och rapportering. / A network architecture penetration test is complicated, full of risks and extensive. This report explores how a consultant carries it out in the most time effective way, without overlook important parts. In an internal penetration test the consultant are often allowed to view the system documentation of the network architecture, which saves a lot of time since no total host discovery is needed. This is also good for discovering anomalies in the system documentation. Communication with system administrators during the test minimizes the risk of misunderstanding and system crashes. If serious vulnerabilities are discovered, the system administrators have to be informed immediately. Another way to make the test more effective is to skip time consuming tasks which will succeed sooner or later, e.g. password cracking, instead; point out that the reason of the vulnerability is the ability to brute force the password. It is also appropriate to simulate attacks which otherwise could infect the production of the organization. The result of the report is a checklist by means of a general methodology of how in-ternal penetration tests could be implemented. The purpose of the checklist is to make it easier to do internal penetration tests. The process is divided in seven steps: Planning, information gathering, vulnerability detection and analysis, privilege escalation, pene-tration test and final reporting.

Penetration test

black box

gray box

white box

vulnerabilities

exploit

methodology

checklist

nmap

metasploit

xss

sql-injection

security

Penetrationstest

internt

blackbox

graybox

whitebox

sårbarheter

exploit

metodik

checklista

nmap

metasploit

xss

sql-injection

säkerhet

Computer Sciences

Datavetenskap (datalogi)

Analysis of Randomized Adaptive Algorithms for Black-Box Continuous Constrained Optimization / Analyse d'algorithmes stochastiques adaptatifs pour l'optimisation numérique boîte-noire avec contraintes

Atamna, Asma

25 January 2017

On s'intéresse à l'étude d'algorithmes stochastiques pour l'optimisation numérique boîte-noire. Dans la première partie de cette thèse, on présente une méthodologie pour évaluer efficacement des stratégies d'adaptation du step-size dans le cas de l'optimisation boîte-noire sans contraintes. Le step-size est un paramètre important dans les algorithmes évolutionnaires tels que les stratégies d'évolution; il contrôle la diversité de la population et, de ce fait, joue un rôle déterminant dans la convergence de l'algorithme. On présente aussi les résultats empiriques de la comparaison de trois méthodes d'adaptation du step-size. Ces algorithmes sont testés sur le testbed BBOB (black-box optimization benchmarking) de la plateforme COCO (comparing continuous optimisers). Dans la deuxième partie de cette thèse, sont présentées nos contributions dans le domaine de l'optimisation boîte-noire avec contraintes. On analyse la convergence linéaire d'algorithmes stochastiques adaptatifs pour l'optimisation sous contraintes dans le cas de contraintes linéaires, gérées avec une approche Lagrangien augmenté adaptative. Pour ce faire, on étend l'analyse par chaines de Markov faite dans le cas d'optimisation sans contraintes au cas avec contraintes: pour chaque algorithme étudié, on exhibe une classe de fonctions pour laquelle il existe une chaine de Markov homogène telle que la stabilité de cette dernière implique la convergence linéaire de l'algorithme. La convergence linéaire est déduite en appliquant une loi des grands nombres pour les chaines de Markov, sous l'hypothèse de la stabilité. Dans notre cas, la stabilité est validée empiriquement. / We investigate various aspects of adaptive randomized (or stochastic) algorithms for both constrained and unconstrained black-box continuous optimization. The first part of this thesis focuses on step-size adaptation in unconstrained optimization. We first present a methodology for assessing efficiently a step-size adaptation mechanism that consists in testing a given algorithm on a minimal set of functions, each reflecting a particular difficulty that an efficient step-size adaptation algorithm should overcome. We then benchmark two step-size adaptation mechanisms on the well-known BBOB noiseless testbed and compare their performance to the one of the state-of-the-art evolution strategy (ES), CMA-ES, with cumulative step-size adaptation. In the second part of this thesis, we investigate linear convergence of a (1 + 1)-ES and a general step-size adaptive randomized algorithm on a linearly constrained optimization problem, where an adaptive augmented Lagrangian approach is used to handle the constraints. To that end, we extend the Markov chain approach used to analyze randomized algorithms for unconstrained optimization to the constrained case. We prove that when the augmented Lagrangian associated to the problem, centered at the optimum and the corresponding Lagrange multipliers, is positive homogeneous of degree 2, then for algorithms enjoying some invariance properties, there exists an underlying homogeneous Markov chain whose stability (typically positivity and Harris-recurrence) leads to linear convergence to both the optimum and the corresponding Lagrange multipliers. We deduce linear convergence under the aforementioned stability assumptions by applying a law of large numbers for Markov chains. We also present a general framework to design an augmented-Lagrangian-based adaptive randomized algorithm for constrained optimization, from an adaptive randomized algorithm for unconstrained optimization.

Optimisation blackbox continue

Stratégies d'évolution

Gestion de contraintes

Adaptation du step-Size

Chaînes de Markov

Convergence linéaire

Continuous black-Box optimization

Evolution strategies

Constraint handling

Step-Size adaptation

Markov chain analysis

Linear convergence

Best way to go? Intriguing citizens to investigate what is behind smart city technologies

Tachtler, Franziska Maria

January 2016

The topic of smart cities is growing in importance. However, a field study in the city of Malmö, Sweden shows that there is a discrepancy between the ongoing activities of urban planners and companies using analytical and digital tools to interpret humans’ behavior and preferences on the one hand, and the visibility of these developments in public spaces on the other. Citizens are affected by the invisible data and software not only when they use an application, but also when their living space is transformed. By Research through Design, this thesis examines ways of triggering discussion about smart city issues, which are hidden in software and code. In this thesis, a specific solution is developed: a public, tangible, and interactive visualization in the form of an interactive signpost. The final, partly functioning prototype is mountable in public places and points in the direction of the most beautiful walking path. The design refers to a smart city application that analyzes geo-tagged locative media and thereby predicts the beauty and security of a place.The aim is to trigger discussion about the contradictory issue of software interpreting the beauty of a place. Through its tangible, non-digital, and temporary character, the interactive representation encourages passers-by to interact with the prototype.

Smart city

Blackbox

Public visualization

Interaction design

Tangible design

Transparency

Contradictory issues

Invisible data

Locative media

Data based decision making

Crowdsourcing

Urban flow

Urban design

Urban computing

Research through Design

Engineering and Technology

Teknik och teknologier

Sequence-to-sequence learning of financial time series in algorithmic trading / Sekvens-till-sekvens-inlärning av finansiella tidsserier inom algoritmiskhandel

Arvidsson, Philip, Ånhed, Tobias

January 2017

Predicting the behavior of financial markets is largely an unsolved problem. The problem hasbeen approached with many different methods ranging from binary logic, statisticalcalculations and genetic algorithms. In this thesis, the problem is approached with a machinelearning method, namely the Long Short-Term Memory (LSTM) variant of Recurrent NeuralNetworks (RNNs). Recurrent neural networks are artificial neural networks (ANNs)—amachine learning algorithm mimicking the neural processing of the mammalian nervoussystem—specifically designed for time series sequences. The thesis investigates the capabilityof the LSTM in modeling financial market behavior as well as compare it to the traditionalRNN, evaluating their performances using various measures. / Prediktion av den finansiella marknadens beteende är i stort ett olöst problem. Problemet hartagits an på flera sätt med olika metoder så som binär logik, statistiska uträkningar ochgenetiska algoritmer. I den här uppsatsen kommer problemet undersökas medmaskininlärning, mer specifikt Long Short-Term Memory (LSTM), en variant av rekurrentaneurala nätverk (RNN). Rekurrenta neurala nätverk är en typ av artificiellt neuralt nätverk(ANN), en maskininlärningsalgoritm som ska efterlikna de neurala processerna hos däggdjursnervsystem, specifikt utformat för tidsserier. I uppsatsen undersöks kapaciteten hos ett LSTMatt modellera finansmarknadens beteenden och jämförs den mot ett traditionellt RNN, merspecifikt mäts deras effektivitet på olika vis.

deep learning

machine learning

quantitative finance

algorithmic trading

blackbox trading

lstm

rnn

time series forecasting

prediction

tensorflow

keras

forex

neural network

econometrics

finans

algoritmisk handel

tidsserier

prediktion

maskininlärning

forex

neurala nätverk

tensorflow

keras

kvantitativ finans

lstm

rnn

ekonometri

Information Systems