A learning-based approach to false alarm reduction for signature-based intrusion detection systems /

Cheung, Chun-Hom.

January 2004

Thesis (M. Phil.)--Hong Kong University of Science and Technology, 2004. / Includes bibliographical references (leaves 100-106). Also available in electronic version. Access restricted to campus users.

Computer security. Computer networks

The impact of population mixing rules on epidemic communication /

Lin, Meng-jang,

January 1999

Thesis (Ph. D.)--University of Texas at Austin, 1999. / Vita. Includes bibliographical references (leaves 127-132). Available also in a digital version from Dissertation Abstracts.

Computer viruses. Computer security.

The extent to which sensitive information is secured by institutions that donate computers to educational settings

Murandu, Ngoni.

January 2003

Thesis (M.A.)--West Virginia University, 2003. / Title from document title page. Document formatted into pages; contains ix, 67 p. Vita. Includes abstract. Includes bibliographical references (p. 53-57).

On the application of locality to network intrusion detection working-set analysis of real and synthetic network server traffic /

Lee, Robert.

January 2009

Thesis (Ph.D.)--University of Central Florida, 2009. / Adviser: Sheau-Dong Lang. Includes bibliographical references (p. 117-119).

Computer networks Computer security.

Technical solutions for conducting investigations in digital age

Ho, Sze-lok., 何思樂.

January 2012

Confidentiality has always been a concern in secret operation. In this thesis, we consider the situation of legitimate data request and transfer between investigator and database owner who provides intelligence, where the identity of the investigation subject and the records in the database are both confidential. Current practice of secret investigation solely relies on the integrity and carefulness of the involved individuals to resist data leakage, but regulations, policy, agreement, such human means cannot give a promising solution, thus a technical means is needed. As appropriate solution for this confidential data request and transfer problem cannot be found from related research, our goal is to offer a means that can help keeping the investigation secret and protecting irrelevant data at the same time. We present a technical solution for preserving two-way confidentiality between the investigator (legitimate data requester) and the database owner (legitimate data holder), which can accommodate the concerns of both sides during the specific information request and transfer. Two schemes, Sender-Based Scheme and Receiver-Based Scheme, have been proposed to solve the problem under different conditions, and illustration of executing our schemes is given through an example situation “Investigator and Private hospital” which is an ordinary scenario during investigation. Furthermore, a practical cost reduction methodology on the schemes and sensible proposals for extensions are suggested and discussed. The direction of future work is also considered. / published_or_final_version / Computer Science / Master / Master of Philosophy

Computer security.

Database security.

Secure multi-party protocol using modern cryptographic technique and tamper resistant hardware

Zhang, Ping, Echo., 张萍.

January 2012

Secure Multi-party Computation (SMC) is one significant research area in information security. In SMC, multiple parties jointly work on some function and no parties take the risk of revealing their private data. Since A.C. Yao first proposed this problem in 1982, there have been a lot of researchers working on different versions of SMC. In this thesis, we address three different researches in this setting, including the Privacy-Preserving Cooperative Scientific Computation, Privacy Preserving Data Mining (PPDM), and PPDM in cloud environment. In Privacy-Preserving Cooperative Scientific Computation, we propose a solution to the Privacy Preserving Weighted Average Problem (PPWAP) under the hybrid security model, which guarantees the malicious parties will not get the correct final result if they behalf maliciously. Later, the extended version of our scheme is shown as a highly efficient and secure PPWAP solution under the malicious model, a stronger security model requiring more resource. Privacy reserving data mining is one important branch of SMC, where all participants want to get the same and correct mining result from collaborated data mining without any threat of disclosing their private data. In another word, each party refuses to review its individual private database while carrying out collaborated data mining. We propose a PPDM solution of building up a decision tree from a hybrid distributed database, which is a quite common situation in real life but has not been solved before. Previous research works only focus on horizontally or vertically distributed database. With the great development of cloud computing, it provides a much more flexible and efficient platform for Internet service providers and users. However, the privacy issues of cloud service has become the bottleneck of its further development, and this problem also draw a lot of researchers' attention in recent decade. In this thesis, we propose the first solution to cloud-based PPDM. The cloud server carries out data mining on encrypted databases, and our solution can guarantee the privacy of each client. This scheme can protect client from malicious users. With aid of a hardware box, our design can also protect clients from untrusted cloud server. Another novel feature of this solution is that it works even when the databases from different parties share overlapped parts. Furthermore, with the help of homomorphic encryption and black box, our scheme can carry out the calculation on the overlapped data. This kind of problem has never been resolved by previous works as far as we know. / published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy

Computer security.

Cryptography.

Information security deviant behavior: its typology, measures, and causes

Chu, Man-ying., 朱文英.

January 2012

Although information security is important to all organizations, little behavioral research has been carried out in this area. Particularly lacking is research on negative forms of behavior involved in information security. The aim of this thesis is to fill this research gap by conducting three related studies on information security deviant behavior (ISDB), which refers to the voluntary behavior of employees within organizations that differs markedly from the information security norms of the organizations and that is normally considered by other employees to be wrong. Prior research work on this topic is insufficient, and the information security deviance concept remains unclear. This thesis explores the topic by considering three fundamental research questions: 1) What is ISDB? 2) How can ISDB be measured? 3) Why do employees commit ISDB? Study I addresses the first question—“What is ISDB?”—by identifying and organizing ISDB using a typology. A four-step method, comprising content analysis, multidimensional scaling, expert judgmental analysis, and empirical testing, is proposed for the development of typologies, which can fulfill the criteria for being a theory. The findings of this study suggest that ISDB can be organized into four ideal types that are interrelated along two dimensions—severity and frequency. Four constructs are identified from this typology. They are resource misuse (“high frequency, high severity” deviance), security carelessness (“high frequency, low severity” deviance), access control deviance (“low frequency, low severity” deviance), and system protection deviance (“low frequency, high severity” deviance). Study I not only develops an organized and theoretical framework for systematic research on ISDB and constitutes a critical starting point for the development of measures of the behavior, but also makes an important theoretical contribution by demonstrating the development of a typology, which is a unique form of theory building for an underdeveloped topic. Study II focuses on the second research question—“How can ISDB be measured?”—by developing valid and reliable scales to measure ISDB. My target is to develop scales to measure commonly found types of ISDB using an empirical method. Accordingly, the two “low frequency” types of deviance, access control and system protection deviance, are omitted from consideration. A rigorous measurement development process which includes three surveys and a number of tests is adopted. A four-item scale of resource misuse and a three-item scale of security carelessness are developed. The development of these two scales makes an important contribution to future ISDB research by providing a means to measure two types of information security deviance, thus facilitating the empirical study of ISDB. Study III is aimed at answering the third research question—“Why do employees commit ISDB?”—through construction of a causal model. Rather than consider “intention” as existing behavioral research on information security commonly does, Study III investigates actual behavior and employs resource misuse (“high frequency, high severity” deviance) as the dependent variable. Data from a Web-based survey are analyzed using the partial least squares approach. Considering the dual-process approach in the theory of planned behavior, the findings suggest that resource misuse may be both an intentional type of behavior and an unreasoned action. Perceived behavioral control influences employees’ resource misuse actions via their desires or intentions, whereas attitude toward resource misuse affects these actions via employees’ desires alone. Subjective norm is found not to affect employees’ resource misuse via either desires or intentions. In terms of the theoretical contributions, Study III takes steps to consider information security deviance by incorporating the dual-process approach and the theory of planned behavior. In terms of managerial significance, the results of Study III can help managers to better understand why employees commit resource misuse. In conclusion, this thesis provides a number of significant insights into ISDB and useful guidelines for further research on the topic. In addition, the findings of the three studies can help managers to develop better company strategies and policies to reduce internal security threats. / published_or_final_version / Business / Doctoral / Doctor of Philosophy

Computer security.

Deviant behavior.

A theory for the design and analysis of firewalls

Liu, Xiang-Yang Alexander

28 August 2008

Not available / text

Firewalls (Computer security)

Identitying vulnerabilities and controls in complex composite security architectures

Taylor, Barry

January 2014

The ability to design and reason about architectures (here understood as organisations which are designed according to hierarchies of roles and those processes that link them) which co-exist and interact within complex environments is of increasing importance. With the introduction of more interconnected technology affecting the way in which stakeholders manage information and conduct their operations, the need for such a capability is clear. Current approaches either address this issue with a mathematical approach which presents an obstacle to most non-specialist analysts, or they choose not to incorporate the full spread of factors that fall within the scope of this thesis. This thesis aims to develop a capability that provides those decision-makers who have information security management responsibilities with the means to analyse isolated, as well as interacting, security and business architectures. It aims to provide this capability at a level of modelling abstraction that is accessible to such non-technical specialists. The first stage of the thesis builds on earlier work on hierarchical structures by Beautement and Pym (2010b). It is dedicated to the development of a suitable conceptual framework which is both general and flexible enough to embody the required properties of a system, as well as their method of implementation spread across hierarchies of rˆoles describing organisations. This concept is expanded to describe how such architectures may interact with one another, and notation which is helpful in discussing these operations carefully is also developed. The framework is then applied to three broad areas within information security, those of trust (which is interpreted as a specific property within a given domain), heuristics (which are broadly treated as actions that should be undertaken during certain conditions), and access control. In each case the suitability of the framework is investigated, leading to refinements in the model which support the common goal of providing a novel view on these approaches to security analysis. This view is characterised by a unified consideration of the underlying architectures, to properties and policies applied across organisations. A key driver in conducting this analysis is to enable the description of how properties, fundamental to the legitimacy of systems, may firstly be established and then by how they may be compromised—providing a view on system vulnerabilities in that controls may fail or be circumvented. Following this, the framework is also intended as a tool to address such vulnerabilities, and to provide a means by which to scope measures designed to mitigate them.

004

Computer security

SNAP : a distributed authentication protocol

Al Shahri, Aied Fayez

January 2003

The explosive growth in network based applications and distributed systems allows the deployment of critical applications such as e-commerce, tele-banking, electronic government, etc. On the other hand, attacking networks and distributed systems becomes easier with the support of public cracking tools and the information sharing between hackers. Consequently, security is a crucial topic. Authentication is considered as one of the major components in security and, in fact, represents the front door for any secure system. It is an important requirement to ensure that the network resources are accessed only by authorized users, meanings that strong access control mechanisms are needed. Most existing authentication protocols are centralized such that a single authentication entity controls the authentication process. These traditional authentication protocols suffer from certain drawbacks pertaining to security, availability and trust. This thesis proposes and evaluates a novel authentication protocol: Secure Network Access Protocol (SNAP) that attempts to overcome some of the drawbacks of centralized authentication protocols. SNAP is a distributed authentication protocol and is based on secret sharing schemes which have a quorum access structure. Another significant contribution of this thesis has been to consider not only the security analysis of SNAP but also the implementation issues. SNAP is studied and found to be robust in term of its security, availability, overhead and performance. The implementation of SNAP is considered and the application of SNAP to a wireless networks undertaken. The research conducted has shown the need for distributed authentication protocols and the importance of studying the network implementation issues for any novel security protocol.

005

Computer security