A MACHINE LEARNING BASED WEB SERVICE FOR MALICIOUS URL DETECTION IN A BROWSER

Hafiz Muhammad Junaid Khan (8119418)

12 December 2019

Malicious URLs pose serious cyber-security threats to the Internet users. It is critical to detect malicious URLs so that they could be blocked from user access. In the past few years, several techniques have been proposed to differentiate malicious URLs from benign ones with the help of machine learning. Machine learning algorithms learn trends and patterns in a data-set and use them to identify any anomalies. In this work, we attempt to find generic features for detecting malicious URLs by analyzing two publicly available malicious URL data-sets. In order to achieve this task, we identify a list of substantial features that can be used to classify all types of malicious URLs. Then, we select the most significant lexical features by using Chi-Square and ANOVA based statistical tests. The effectiveness of these feature sets is then tested by using a combination of single and ensemble machine learning algorithms. We build a machine learning based real-time malicious URL detection system as a web service to detect malicious URLs in a browser. We implement a chrome extension that intercepts a browser’s URL requests and sends them to web service for analysis. We implement the web service as well that classifies a URL as benign or malicious using the saved ML model. We also evaluate the performance of our web service to test whether the service is scalable.

Computer System Security

Machine learning in cyber-security

Real time malicious URL detection

Generic features for malicious URLs

Cybersecurity

cybersecurity engineering

Dr. Polopoly - IntelligentSystem Monitoring : An Experimental and Comparative Study ofMultilayer Perceptrons and Random Forests ForError Diagnosis In A Network of Servers

Djupfeldt, Petter

January 2016

This thesis explores the potential of using machine learning to superviseand diagnose a computer system by comparing how Multilayer Perceptron(MLP) and Random Forest (RF) perform at this task in a controlledenvironment. The base of comparison is primarily how accurate theyare in their predictions, but some thought is given to how cost effectivethey are regarding time. The specific system used is a content management system (CMS)called Polopoly. The thesis details how training samples were collectedby inserting Java proxys into the Polopoly system in order to time theinter-server method calls. Errors in the system were simulated by limitingindividual server’s bandwith, and a normal use case was simulatedthrough the use of a tool called Grinder. The thesis then delves into the setup of the two algorithms andhow the parameters were decided upon, before comparing their finalimplementations based on their accuracy. The accuracy is noted to bepoor, with both being correct roughly 20% of the time, but discussesif there could still be a use case for the algorithms with this level ofaccuracy. Finally, the thesis concludes that there is no significant difference(p 0.05) in the MLP and RF accuracies, and in the end suggeststhat future work should focus either on comparing the algorithms or ontrying to improve the diagnosing of errors in Polopoly. / Denna uppsats utforskar potentialen i att använda maskininlärning föratt övervaka och diagnostisera ett datorsystem genom att jämföra hureffektivt Multilayer Perceptron (MLP) respektive Random Forest (RF)gör detta i en kontrollerad miljö. Grunden för jämförelsen är främst hurträffsäkra MLP och RF är i sina klassifieringar, men viss tanke ges ocksååt hur kostnadseffektiva de är med hänseende till tid. Systemet som används är ett “content management system” (CMS)vid namn Polopoly. Uppsatsen beskriver hur träningsdatan samlades invia Java proxys, som injicerades i Polopoly systemet för att mäta hurlång tid metodanrop mellan servrarna tar. Fel i systemet simulerades genomatt begränsa enskilda servrars bandbredd, och normalt användandesimulerades med verktyget Grinder. Uppsatsen går sedan in på hur de två algoritmerna användes ochhur deras parametrar sattes, innan den fortsätter med att jämföra detvå slutgiltiga implementationerna baserat på deras träffsäkerhet. Detnoteras att träffsäkerheten är undermålig; både MLP:n och RF:n gissarrätt i ca 20% av fallen. En diskussion förs om det ändå finns en användningför algoritmerna med denna nivå av träffsäkerhet. Slutsatsen drasatt det inte finns någon signifikant skillnad (p 0.05) mellan MLP:nsoch RF:ns träffsäkerhet, och avslutningsvis så föreslås det att framtidaarbete borde fokusera antingen på att jämföra de två algoritmerna ellerpå att försöka förbättra feldiagnosiseringen i Polopoly.

polopoly

atex

random forest

multilayer perceptron

mlp

machine learning

content management system

cms

system

computer system

server

server system

system

Computer Sciences

Datavetenskap (datalogi)

EMULATION FOR MULTIPLE INSTRUCTION SET ARCHITECTURES

Christopher M Wright (10645670)

07 May 2021

<p>System emulation and firmware re-hosting are popular techniques to answer various security and performance related questions, such as, does a firmware contain security vulnerabilities or meet timing requirements when run on a specific hardware platform. While this motivation for emulation and binary analysis has previously been explored and reported, starting to work or research in the field is difficult. Further, doing the actual firmware re-hosting for various Instruction Set Architectures(ISA) is usually time consuming and difficult, and at times may seem impossible. To this end, I provide a comprehensive guide for the practitioner or system emulation researcher, along with various tools that work for a large number of ISAs, reducing the challenges of getting re-hosting working or porting previous work for new architectures. I layout the common challenges faced during firmware re-hosting and explain successive steps and survey common tools to overcome these challenges. I provide emulation classification techniques on five different axes, including emulator methods, system type, fidelity, emulator purpose, and control. These classifications and comparison criteria enable the practitioner to determine the appropriate tool for emulation. I use these classifications to categorize popular works in the field and present 28 common challenges faced when creating, emulating and analyzing a system, from obtaining firmware to post emulation analysis. I then introduce a HALucinator [1 ]/QEMU [2 ] tracer tool named HQTracer, a binary function matching tool PMatch, and GHALdra, an emulator that works for more than 30 different ISAs and enables High Level Emulation.</p>

Computer Engineering

Computer Software

Computer System Security

emulation

firmware

re-hosting

ghidra

GHALdra

HQ-Tracer

PMatch

vxworks

Re-hosting Support Layer

High Level Emulation

Efficient and Secure Equality-based Two-party Computation

Javad Darivandpour (11190051)

27 July 2021

<div>Multiparty computation refers to a scenario in which multiple distinct yet connected parties aim to jointly compute a functionality. Over recent decades, with the rapid spread of the internet and digital technologies, multiparty computation has become an increasingly important topic. In addition to the integrity of computation in such scenarios, it is essential to ensure that the privacy of sensitive information is not violated. Thus, secure multiparty computation aims to provide sound approaches for the joint computation of desired functionalities in a secure manner: Not only must the integrity of computation be guaranteed, but also each party must not learn anything about the other parties' private data. In other words, each party learns no more than what can be inferred from its own input and its prescribed output.</div><div><br></div><div> This thesis considers secure two-party computation over arithmetic circuits based on additive secret sharing. In particular, we focus on efficient and secure solutions for fundamental functionalities that depend on the equality of private comparands. The first direction we take is providing efficient protocols for two major problems of interest. Specifically, we give novel and efficient solutions for <i>private equality testing</i> and multiple variants of <i>secure wildcard pattern matching</i> over any arbitrary finite alphabet. These problems are of vital importance: Private equality testing is a basic building block in many secure multiparty protocols; and, secure pattern matching is frequently used in various data-sensitive domains, including (but not limited to) private information retrieval and healthcare-related data analysis. The second direction we take towards a performance improvement in equality-based secure two-party computation is via introducing a generic functionality-independent secure preprocessing that results in an overall computation and communication cost reduction for any subsequent protocol. We achieve this by providing the first precise functionality formulation and secure protocols for replacing original inputs with much smaller inputs such that this replacement neither changes the outcome of subsequent computations nor violates the privacy of sensitive inputs. Moreover, our input-size reduction opens the door to a new approach for efficiently solving Private Set Intersection. The protocols we give in this thesis are typically secure in the semi-honest adversarial threat model.</div>

Theoretical Computer Science

Applied Computer Science

Computer System Security

secure two-party computation (S2PC)

Secure Multiparty Computation

Cryptography,

Pattern matching

Algorithm Design

Protocol Design

Software-defined Buffer Management and Robust Congestion Control for Modern Datacenter Networks

Danushka N Menikkumbura (12208121)

20 April 2022

<p>  Modern datacenter network applications continue to demand ultra low latencies and very high throughputs. At the same time, network infrastructure keeps achieving higher speeds and larger bandwidths. We still need better network management solutions to keep these two demand and supply fronts go hand-in-hand. There are key metrics that define network performance such as flow completion time (the lower the better), throughput (the higher the better), and end-to-end latency (the lower the better) that are mainly governed by how effectively network application get their fair share of network resources. We observe that buffer utilization on network switches gives a very accurate indication of network performance. Therefore, network buffer management is important in modern datacenter networks, and other network management solutions can be efficiently built around buffer utilization. This dissertation presents three solutions based on buffer use on network switches.</p> <p>  This dissertation consists of three main sections. The first section is on a specification language for buffer management in modern programmable switches. The second section is on a congestion control solution for Remote Direct Memory Access (RDMA) networks. The third section is on a solution to head-of-the-line blocking in modern datacenter networks.</p>

Computer System Architecture

Networking and Communications

Switch Buffering Architectures

Network Programmability

Datacenter Networks

Congestion Control

Remote Direct Memory Access (RDMA)

Head-of-line Blocking

Routing Deadlocks

Failure recovery techniques over an MPLS network using OPNET

Nemtur, Aamani

January 2014

Indiana University-Purdue University Indianapolis (IUPUI) / Multi-Protocol Label Switching (MPLS) is an emerging technology which is the initial step for the forthcoming generation of communication. It uses Labels in order to identify the packets unlike the conventional IP Routing Mechanism which uses the routing table at each router to route the packet. MPLS uses the techniques of FRR with the help of RSVP/CR-LDP to overcome the link and/or node failures in the network. On the other hand there are certain limitations/drawbacks of using the above mechanisms for Failure Detection and Recovery which are multiple protocols such as RSVP/CR-LDP over OSPF/IS-IS and complex algorithms to generate backup paths since each router works individually in order to create a backup tunnel. So to overcome the listed limitations, this paper discusses a new technique for MPLS Networks which is Source Routing \cite{48}. Source Routing is the technique in which the source plays the role of directing the packet to the destination and no other router plays the role of routing the packet in the network. Using the OPNET Modeler 17.5 tool for implementing source routing when there is a network failure is performed and the results are compared by implementing RSVP/CR-LDP over the same failed network. The comparative results show that the network performance is best in the case of Source Routing implementation as compared to the RSVP and CR-LDP signaling over the MPLS Networks.

MPLS networks

RSVP

CR-LDP

Opnet modeler

Source routing

MPLS standard

Computer network protocols

Telecommunication -- Switching systems

Routers (Computer networks)

Multiplexed network commnication for secure operating systems

Ciccarelli, Eugene Charles.

January 1978

Thesis: Elec. E., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 1978 / Bibliography: leaves 247-251. / by Eugene Charles Ciccarelli, IV. / Elec. E. / Elec. E. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science

Computers Access control.

Multics (Electronic computer system)

Computer networks.

Telephone Multiplex systems.

Telephone fast

Computer networks. fast

Computers fast

Data Protection in Transit and at Rest with Leakage Detection

Denis A Ulybyshev (6620474)

15 May 2019

<p>In service-oriented architecture, services can communicate and share data among themselves. This thesis presents a solution that allows detecting several types of data leakages made by authorized insiders to unauthorized services. My solution provides role-based and attribute-based access control for data so that each service can access only those data subsets for which the service is authorized, considering a context and service’s attributes such as security level of the web browser and trust level of service. My approach provides data protection in transit and at rest for both centralized and peer-to-peer service architectures. The methodology ensures confidentiality and integrity of data, including data stored in untrusted cloud. In addition to protecting data against malicious or curious cloud or database administrators, the capability of running a search through encrypted data, using SQL queries, and building analytics over encrypted data is supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to Encrypted Data Processing in Untrusted Environments) project, funded by Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is illustrated in this thesis for two use cases, including a Hospital Information System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything communication system with secure exchange of vehicle’s and drivers’ data, as well as data on road events and road hazards. </p><p>To help with investigating data leakage incidents in service-oriented architecture, integrity of provenance data needs to be guaranteed. For that purpose, I integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every data access, transfer or update is recorded in a public blockchain ledger, is non-repudiatable and can be verified at any time in the future. The work on this project, called “Blockhub,” is in progress.</p>

Computer System Security

Database Management

Data Privacy

data protection mechanism

role-based access control

attribute-based encryption scheme

Leakage Detection

encrypted search queries

identity management

authentication scheme

blockchain technology application

Desenvolvimento de um modelo para previsão de ocorrência de Ecdytolopha aurantiana (Lima, 1927) (Lepidoptera: Tortricidae) e um Sistema WEB Integrado de Apoio ao Citricultor. / Development of a model to predict the occurrence of Ecdytolopha aurantiana (Lima, 1927) (Lepidoptera: Tortricidae) and an integrated web system to support citrus producers.

Reis Junior, Ronaldo

19 April 2004

Os frutos cítricos são uma das principais fontes de exportação do Brasil, sendo que São Paulo responde por cerca de 80% da produção total. Dentre os fatores que limitam a produção citrícola brasileira, especialmente no estado de São Paulo, vem se sobressaindo nos últimos anos, a clorose variegada dos citros (CVC), a podridão floral, o minador-dos-citros e o bicho-furão-dos-citros, Ecdytolopha aurantiana (Lima, 1927) (Lepidoptera: Tortricidae), além dos ácaros, moscas-das-frutas, pinta preta e mais recentemente a morte súbita. O presente trabalho teve como objetivo desenvolver um modelo para previsão de ocorrência de E. aurantiana, baseado em dados de monitoramento através de armadilhas de feromônio sexual e desenvolver um sistema computacional que possa utilizar este modelo para gerar as previsões de ocorrência, além de fornecer um local de troca de informações entre o citricultor e a comunidade científica. O tipo de solo, temperatura do local, variedade de citros, idade das plantas e uso de agroquímicos para controle de E. aurantiana, influenciaram na dinâmica populacional deste inseto. A maior influência sobre a flutuação do bicho-furão foi exercida pelo tipo de solo, seguido pela temperatura local, variedade de citros, idade das plantas e uso de agroquímicos para controle de E. aurantiana. A ocorrência de E. aurantiana em função da temperatura é diferente para cada combinação de tipo de solo, variedade de citros, idade das plantas e uso de agroquímicos. O modelo desenvolvido pode prever o potencial de ocorrência de E. aurantiana em função da temperatura ou dos meses do ano, levando-se em consideração o tipo de solo, variedade de citros, idade das plantas e aplicação de agroquímicos. O programa (BF) elaborado na linguagem R conta com equações para simular as diversas situações de ocorrência de E. aurantiana. O SIAC (Sistema Integrado de Apoio ao Citricultor) é um sistema que facilita o uso do modelo, sem a necessidade de conhecimento de R e fornece uma gama de recursos que visa facilitar o acesso do citricultor às informações e ao pesquisador aos problemas do citricultor, criando com isto uma maior interação de ambos. O modelo de previsão de ocorrência de bicho-furão pode ser aperfeiçoado com coleta de dados mais regulares e de forma contínua. / Citrus fruits are Brazil’s major exporting sources, and São Paulo is accountable for approximately 80% of the total production. Among the factors that limit the Brazilian citriculture, especially in the state of São Paulo, one points in the past few years the citrus variegated chlorosis (CVC), flower rot, citrus leaf miner and citrus fruit borer, Ecdytolopha aurantiana (Lima, 1927) (Lepidoptera: Tortricidae), in addition to mites, fruit flies, black spot, and more recently, sudden death. The goal of this work was to develop a model to predict the occurrence of E. aurantiana, based on monitoring data collected through sexual pheromone traps, and to develop a computer system capable of using such model to generate occurrence predictions and to provide a place for information exchange between citriculturists and the scientific community. Soil type, site temperature, citrus variety, age of plants and use of chemicals to control E. aurantiana influenced the population dynamics of the insect. The highest influence on the citrus fruit borer dynamics was exerted by the soil type, followed by site temperature, citrus variety, age of plants and use of chemicals for E. aurantiana control. The occurrence of E. aurantiana according to temperature is different for each combination of soil type, citrus variety, age of plants and use of chemicals. The model developed can predict the occurrence potential of E. aurantiana according to temperature or months of the year, taking into account soil type, citrus variety, age of plants and chemicals spraying. The elaborated software (BF), designed in R language, includes equations that simulate the various situations of E. aurantiana occurrence. SIAC ("Sistema Integrado de Apoio ao Citricultor") is a system that simplifies the use of the model, does not require previous knowledge on R, and provides a wide range of resources to facilitates the access of citriculturists to information and that of researchers to citriculturists’ problems, thus creating a better interaction between them. The predicting model of citrus fruit borer occurrence can be improved with more frequent and continuous data collecting.

armadilha para inseto

bicho-furão

citric fruit

citrus fruit borer

computer system

feromônio sexual de inseto

frutas cítricas

generalized linear models

insect pheromone

insect trap

modelo linear generalizado

SIAC

SIAC

sistema de computador

Time Management In Partitioned Systems

Kodancha, A Hariprasad

10 1900

Time management is one of the critical modules of safety-critical systems. Applications need strong assurance from the operating system that their hard real-time requirements are met. Partitioned system has recently evolved as a means to provide protection to safety critical applications running on an Avionics computer resource. Each partition has an application running strictly for a specified duration. These applications use the CPU on a cyclic basis. Applications running on a real-time systems request the service of time management in one way or the other. An application may request for a time-out while waiting for a resource, may voluntarily relinquish the CPU for some delay time or may have deadline before which it is expected to complete its tasks. These requests must be handled in a deterministic and accurate way with lower overheads. Time management within an operating system uses the hardware timers to service the time-out requests. The three well-known approaches for handling timer requests are tick-based, one-shot and firm timer. Traditionally tick-based has been the most popular approach that relies on periodic interrupt timer, although it has a poor accuracy. One-shot timer approach provides better accuracy as the timer interrupt can be generated exactly when required. Firm timers use soft timers in combination with one-shot timer wherein the expired timers are checked at strategic points in the kernel. The thesis compares the performance of these three approaches for partitioned systems and provides an insight about the suitability of the approaches. The thesis presents tick-based and one-shot timer algorithms that handle time-out requests of real-time applications running on a partitioned system by adhering to time partitioning rules. It compares the performance of these algorithms. It presents an one-shot timer algorithm named hierarchical multiple linked lists and the experimental results proves that the algorithm performs better than other conventional linked list based one-shot timer algorithms. The thesis also analyzes the timing behavior of real-time applications for partitioned systems. The hard real-time system under consideration is avionics system and an indigenously developed ARINC-653 compliant real-time operating system has been used to measure the performance.

Operating System

Partitions

Time Management (Operating Systems)

Partitioned Systems - Time Management

Time Management - Algorithms

Tick-Based Timer Algorithms

One-Shot Timer Algorithms

Partitions (Computer System)

Firm Timer

ARINC-653

Computer Science