• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 151
  • 29
  • 21
  • 6
  • 6
  • 6
  • 1
  • 1
  • Tagged with
  • 277
  • 277
  • 99
  • 78
  • 64
  • 61
  • 48
  • 48
  • 40
  • 39
  • 34
  • 30
  • 29
  • 28
  • 28
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
51

Prevention of cybercrimes in smart cities of India: from a citizen's perspective

Chatterjee, S., Kar, A.K., Dwivedi, Y.K., Kizgin, Hatice 10 July 2019 (has links)
Yes / Purpose: The purpose of this paper is to identify the factors influencing the citizens of India to prevent cybercrimes in the proposed Smart Cities of India. Design/methodology/approach: A conceptual model has been developed for identifying factors preventing cybercrimes. The conceptual model was validated empirically with a sample size of 315 participants from India. Data were analyzed using structural equation modeling with SPSS and AMOS softwares. Findings: The study reveals that the “awareness of cybercrimes” significantly influences the actual usage of technology to prevent cybercrimes in Smart Cities of India. The study reveals that government initiative (GI) and legal awareness are less influential in spreading of the awareness of cybercrimes (AOC) to the citizens of the proposed smart cities. Research limitations/implications: The conceptual model utilizes two constructs from the technology adoption model, namely, perceived usefulness and ease of use. The study employs other factors such as social media, word of mouth, GIs, legal awareness and organizations constituting entities spreading awareness from different related literature works. Thereby, a comprehensive theoretical conceptual model has been proposed which helps to identify the factors that may help in preventing cybercrimes. Practical implications: This study provides an insight to the policy maker to understand several factors influencing the AOC of the citizens of the proposed Smart Cities of India for the prevention of cybercrimes. Originality/value: There are few existing studies analyzing the effect of AOC to mitigate cybercrimes. Thus, this study offers a novel contribution.
52

Cyber Risk Perception and Risk Prioritization Among Cyber Security Professionals

Naenfeldt, Christine January 2024 (has links)
Cyber security is a fast-paced field, and it is important to understand what factors might drive the cyber professionals’ perception of risk when prioritizing risks. While gender differences have been previously observed in risk perception of cyber risks among non-professionals, this thesis will also look at years of experience as another aspect. The purpose of this thesis is to explore the subjective risk perception and risk prioritization among cyber security professionals. It seeks to study their risk perception and prioritization when they are assessing two specific risks on a risk assessment scale (risk matrix) even if the risks are assigned the same risk score. In this thesis, two specific types of risks (Social Engineering and System Intrusion) have been chosen for the risk descriptions, due to their common nature of cyber-attacks. To answer the thesis’ formulated questions, a quantitative study in the form of a questionnaire has been distributed to cyber security professionals (n=70) through professional networking channels. The results in this thesis revealed no significant relationship between risk prioritization and gender, nor between risk prioritization and years of experience. Risk perception was measured by the method of Walpole and Wilson (2021). For three of the four subscales (Affect, Exposure, Susceptibility) the cyber professionals perceived Risk A (Social Engineering) as statistically significantly higher than Risk B (System Intrusion). The results also showed that for both women and men, Risk A was perceived statistically significantly higher/larger than Risk B. There are some results in this thesis that align with previous research, however some are also indicating opposing findings. Traditionally, risk perception studies have focused on non-experts, and it is important to further explore the risk perception among professionals within a field since risk perception in general and in cyber security could be influenced by knowledge, expertise, and experience.
53

Collaboration platform for penetration tests enhanced with machine learning

Henareh, Roni, Höglund, Hjalmar January 2024 (has links)
Penetration tests are designed to assess the security of systems, requiring testers to efficiently share information and document findings. A collaboration platform that utilizes machine learning is hypothesized to enhance this process by automating data collection and reporting. We evaluate computer vision for data collection and analysis of penetration testing tools, aiming to alleviate manual reporting burdens and improve the effectiveness in penetration testing teams. The proposed solution integrates computer vision, neural networks and large language models to understand and analyze outputs from various penetration testing tools without manual log parsing. By comparing different tools and methods, this study aims to streamline collaboration during penetration tests and automate the collection of actionable data for penetration testers.
54

Kybernetická bezpečnost a legislativa ČR / Cyber security and legislation of the Czech Republic

Kratochvíl, David January 2012 (has links)
Contemporary society is increasingly influenced by computers and internet environment and it meets with issues related to cybercrime. There are already a number of laws, whether at EU or national governments, which are trying to reduce or prevent risks associated with hackers, cyber terrorism or any other illegal activities in cyberspace. Thesis "Cyber security and legislation of the Czech Republic", is divided into two main parts. In the first theoretical part, the reader apprise with cybercrime in general. You can read about methods of investigation, types of illegal activities and how to prevent such practices. The second part consists of an analysis of the current legislation of the Czech Republic, EU and Legislative intent of the law on cyber security. I will describe the bill, analyze and appraise its benefits to society. In conclusion of this thesis, I will summarize the achievement of results and objectives of the work.
55

Monitoring of Cyber Security Exercise Environments in Cyber Ranges : with an implementation for CRATE / Övervakning av spelmiljöer i cyberanläggningar : med en implementation för CRATE

Sjöstedt, Matildha January 2021 (has links)
In a world where much of society is dependent on digital infrastructure, various cyber threats can pose a great risk to businesses, critical infrastructure and potentially entire nations. For this reason, research and education as well as the preparation of strategies,  training of personnel etc., is imperative. Cyber ranges can provide ''safe environments'' in which for example cyber security exercises and experiments can be conducted. While easier to deploy and configure than ''real'' infrastructures, monitoring of such environments during ongoing exercises/experiments poses a number of challenges. During this thesis work, the question of what types of data and information could be relevant to provide in a monitoring system for this context was investigated, with regard to aspects such as providing technical support or gaining situational awareness during exercises. Results gained from a survey with participants from relevant organizations, contributed greatly to this question. The survey and literature study also provided insights into challenges and potential problems of developing and running such monitoring. CRATE is a cyber range developed and maintained by the Swedish Defence Research Agency (FOI). In this thesis work, some of the challenges and potential problems found are tackled with a suggested design and an implemented monitoring system prototype for CRATE. Apart from providing functionality to retrieve information about accounts and privileges as well as status of services, the design of the prototype also lays the foundation for a flexible and extensible monitoring system -- fully adapted for use within a cyber range. With cyber exercises becoming both more prevalent and extensive, the need for capable monitoring of exercise environments will naturally arise. While the developed prototype may facilitate future cyber exercises/experiments in CRATE, the results of this thesis work are also ready to be used as a source of inspiration for other cyber range operators.
56

Reconnaissance de forme dans cybersécurité

Vashaee, Ali January 2014 (has links)
Résumé : L’expansion des images sur le Web a provoqué le besoin de mettre en œuvre des méthodes de classement d’images précises pour plusieurs applications notamment la cybersécurité. L’extraction des caractéristiques est une étape primordiale dans la procédure du classement des images vu son impact direct sur la performance de la catégorisation finale des images et de leur classement. L’objectif de cette étude est d’analyser l’état de l’art des différents espaces de caractéristiques pour évaluer leur efficacité dans le contexte de la reconnaissance de forme pour les applications de cybersécurité. Les expériences ont montré que les descripteurs de caractéristiques HOG et GIST ont une performance élevée. Par contre, cette dernière se dégrade face aux transformations géométriques des objets dans les images. Afin d’obtenir des systèmes de classement d’image plus fiables basés sur ces descripteurs, nous proposons deux méthodes. Dans la première méthode (PrMI) nous nous concentrons sur l’amélioration de la propriété d’invariance du système de classement par tout en maintenant la performance du classement. Dans cette méthode, un descripteur invariant par rapport à la rotation dérivé de HOG est utilisé (RIHOG) dans une technique de recherche "top-down" pour le classement des images. La méthode (PrMI) proposée donne non seulement une robustesse face aux transformations géométriques des objets, mais aussi une performance élevée similaire à celle de HOG. Elle est aussi efficace en terme de coût de calcul avec une complexité de l’ordre de O(n). Dans la deuxième méthode proposée (PrMII), nous nous focalisons sur la performance du classement en maintenant la propriété d’invariance du système de classement. Les objets sont localisés d’une façon invariante aux changement d’échelle dans l’espace de caractéristiques de covariance par région. Ensuite elles sont décrites avec les descripteurs HOG et GIST. Cette méthode procure une performance de classement meilleure en comparaison avec les méthodes implémentées dans l’étude et quelques méthodes CBIR expérimentées sur les données Caltech-256 dans les travaux antérieurs. // Abstract : The tremendous growth of accessible online images (Web images), provokes the need to perform accurate image ranking for applications like cyber-security. Fea­ture extraction is an important step in image ranking procedures due to its direct impact on final categorization and ranking performance. The goal of this study is to analyse the state of the art feature spaces in order to evaluate their efficiency in the abject recognition context and image ranking framework for cyber-security applications. Experiments show that HOG and GIST feature descriptors exhibit high ranking performance. Whereas, these features are not rotation and scale invariant. In order to obtain more reliable image ranking systems based on these feature spaces, we proposed two methods. In the first method (PrMI) we focused on improving the invariance property of the ranking system while maintaining the ranking perfor­mance. In this method, a rotation invariant feature descriptor is derived from HOC (RIHOC). This descriptor is used in a top-down searching technique to caver the scale variation of the abjects in the images. The proposed method (PrMI) not only pro­ vides robustness against geometrical transformations of objects but also provides high ranking performance close to HOC performance. It is also computationally efficient with complexity around O(n). In the second proposed method (PrMII) we focused on the ranking performance while maintaining the invariance property of the ranking system. Objects are localized in a scale invariant fashion under a Region Covariance feature space, then they are described using HOC and CIST features. Finally to ob­ tain better evaluation over the performance of proposed method we compare it with existing research in the similar domain(CBIR) on Caltech-256. Proposed methods provide highest ranking performance in comparison with implemented methods in this study, and some of the CBIR methods on Caltech-256 dataset in previous works.
57

The use of Big Data Analytics to protect Critical Information Infrastructures from Cyber-attacks

Oseku-Afful, Thomas January 2016 (has links)
Unfortunately, cyber-attacks, which are the consequence of our increasing dependence on digital technology, is a phenomenon that we have to live with today. As technology becomes more advanced and complex, so have the types of malware that are used in these cyber-attacks. Currently, targeted cyber-attacks directed at CIIs such as financial institutions and telecom companies are on the rise. A particular group of malware known as APTs, which are used for targeted attacks, are very difficult to detect and prevent due to their sophisticated and stealthy nature. These malwares are able to attack and wreak havoc (in the targeted system) within a matter of seconds; this is very worrying because traditional cyber security defence systems cannot handle these attacks. The solution, as proposed by some in the industry, is the use of BDA systems. However, whilst it appears that BDA has achieved greater success at large companies, little is known about success at smaller companies. Also, there is scarcity of research addressing how BDA is deployed for the purpose of detecting and preventing cyber-attacks on CII. This research examines and discusses the effectiveness of the use of BDA for detecting cyber-attacks and also describes how such a system is deployed. To establish the effectiveness of using a BDA, a survey by questionnaire was conducted. The target audience of the survey were large corporations that were likely to use such systems for cyber security. The research concludes that a BDA system is indeed a powerful and effective tool, and currently the best method for protecting CIIs against the range of stealthy cyber-attacks. Also, a description of how such a system is deployed is abstracted into a model of meaningful practice.
58

The MaRiQ model: A quantitative approach to risk management

Carlsson, Elin, Mattsson, Moa January 2019 (has links)
In recent years, cyber attacks and data fraud have become major issues to companies, businesses and nation states alike. The need for more accurate and reliable risk management models is therefore substantial. Today, cybersecurity risk management is often carried out on a qualitative basis, where risks are evaluated to a predefined set of categories such as low, medium or high. This thesis aims to challenge that practice, by presenting a model that quantitatively assesses risks - therefore named MaRiQ (Manage Risks Quantitatively). MaRiQ was developed based on collected requirements and contemporary literature on quantitative risk management. The model consists of a clearly defined flowchart and a supporting tool created in Excel. To generate scientifically validated results, MaRiQ makes use of a number of statistical techniques and mathematical functions, such as Monte Carlo simulations and probability distributions. To evaluate whether our developed model really was an improvement compared to current qualitative processes, we conducted a workshop at the end of the project. The organization that tested MaRiQexperienced the model to be useful and that it fulfilled most of their needs. Our results indicate that risk management within cybersecurity can and should be performed using more quantitative approaches than what is praxis today. Even though there are several potential developments to be made, MaRiQ demonstrates the possible advantages of transitioning from qualitative to quantitative risk management processes.
59

Advanced applications for state estimators in smart grids : identification, detection and correction of simultaneous measurement, parameter and topology cyber-attacks

Klas, Juliana January 2018 (has links)
Growing demand and concern over climate change are key drivers for renewable sources of electricity and grid modernization. Grid modernization, or the so called smart grid, not only enables renewable sources but also opens the door to new applications with far-reaching impacts such as preventing or restoring outages (self-healing capabilities), and enabling consumers to have greater control over their electricity consumption and to actively participate in the electricity market. According to the Electric Power Research Institute (EPRI), one of the biggest challenges facing smart grid deployment is related to the cyber security of the systems. The current cyber-security landscape is characterized by rapidly evolving threats and vulnerabilities that pose challenges for the reliability, security, and resilience of the electricity sector. Power system state estimators (PSSE) are critical tools for grid reliability, under a system observable scenario, they allow power flow optimization and detection of incorrect data. In this work cyber-attacks are modeled as malicious data injections on system measurements, parameters and topology. The contributions of this work are twofold. First, a model for cyber-attack as a false data injection detection and identification is presented. The presented model considers the minimization of the composed measurement error while applying the Lagrangian relaxation. The presented contribution, enables false data injection attacks detection even if this belongs to the subspace spanned by the columns of the Jacobian matrix and in network areas with low measurement redundancy Second, state-of-the-art solutions consider correction of parameters or topology when measurements are free of error. However, how may one correct measurements if parameters or topology might be simultaneously in error? To solve this problem, a relaxed model is presented and solved iteratively in a continuous manner. Once identified and detected, cyber-attacks in parameters, topology and measurements are corrected. The proposed solution is based on a Taylor series relaxed, composed normalized error (CNE) hybrid approach with Lagrange multipliers. Validation is made on the IEEE-14 and IEEE-57 bus systems. Comparative results highlight the proposed methodology’s contribution to the current state-of-the-art research on this subject. Providing mitigation, response and system recovery capabilities to the state estimator with reduced computational burden, the proposed model and methodology have strong potential to be integrated into SCADA state estimators for real-world applications. / O aumento da demanda e a preocupação com as mudanças climáticas são importantes motivadores para as fontes de energia renováveis e a modernização da rede elétrica. A modernização da rede elétrica inteligentes (REI) ou smart grid, não somente possibilita as fontes de energia renováveis mas também abre portas à novas aplicações de grande impacto como a prevenção e restauração automática de falhas e a possibilidade dos consumidores terem grande controle sobre o consumo de eletricidade e atuação participativa no mercado de energia. De acordo com o Instituto Norte Americano de Pesquisas do Setor Elétrico, um dos principais desafios a ser enfrentado no desenvolvimento das REIs é relacionado a segurança cibernética dos sistemas. O cenário da segurança cibernética atual é caracterizado pela rápida evolução dos riscos e vulnerabilidades que impõe desafios para a confiabilidade, segurança e resiliência do setor elétrico. Neste contexto, estimadores de estado do sistema de potência são ferramentas críticas para a confiabilidade da rede, sob um cenário de observabilidade do sistema eles possibilitam o fluxo de potência do sistema e a análise de dados incorretos. Neste trabalho, ataques cibernéticos são modelados como injeção de dados incorretos em medidas, parâmetros e topologia do sistema. A metodologia proposta possibilita detecção de ataques mesmo se eles pertencerem ao subespaço ortogonal formado pelas colunas da matriz Jacobiana e em áreas do sistema com reduzida redundância de medidas. A solução proposta pelo estado da arte considera correções em parâmetros ou topologia quando medidas estão livres de erros. Porém, como pode-se corrigir medidas se parâmetros ou a topologia estão simultaneamente com erros? Para resolver este problema um modelo relaxado é proposto e resolvido iterativamente. Assim que detectado e identificado, ataques cibernéticos em parâmetros, topologia e/ou medidas são corrigidos. As contribuições específicas do trabalho são: cálculo do desvio padrão para pseudomedidas (iguais à zero) e medidas de baixa magnitude baseado em medidas correlatas e propriedades da covariância; modelo baseado em relaxação lagrangiana e erro composto de medida para identificação e detecção de ataques cibernéticos; estratégia hibrida de relaxamento iterativo (EHRI) para correção de ataque cibernético em parâmetros da rede de modo contínuo e com reduzido esforço computacional e metodologia baseada em ciclo holístico de resiliência para estimadores de estado sob ataques cibernéticos simultâneos em parâmetros, topologia e medidas. A validação é feita através dos sistemas de teste do IEEE de 14 e 57 barras, testes comparativos elucidam as contribuições da metodologia proposta ao estado da arte nesta área de pesquisa. Trazendo as capacidades de mitigação, resposta e recuperação ao estimador de estado com esforço computacional reduzido, o modelo e metodologia propostos tem grande potencial de ser integrado em SCADAs para aplicação em casos reais.
60

Fall in Line or Fall Behind? : Cooperation in cyberspace between the North Atlantic Treaty Organisation and the European Union.

Rupp, Vendela January 2019 (has links)
This study explores the relationship between the North Atlantic Treaty Organisation and the European Union in cyberspace. The two organisations have differing approaches to combat threats from cyberspace but are continuously deepening their cooperative efforts. The former is arguably militarising the domain and is less inclined to share information with outside parties, while the latter is more willing in this respect but is struggling to balance a free and open Internet with a secure one. NATO’s focus on cyber defence and the EU’s focus on cyber security is connected to the organisations’ different identities as security actors. The difference is identifiable in the Joint Declaration on EU-NATO Cooperation established in 2016. While cyber defence and cyber security are notable in texts, it is yet to be determined how the respective organisations’ differing focus impacts their cooperation in cyberspace. The purpose of this study is thus to investigate the continuation of the Joint-Declaration given NATO and the EU’s different frameworks to combat cyberthreats. The study will use Michel Foucault’s Security Dispositive theory by looking at normalising discourses within the organisations’ respective agendas influenced by various cyberattacks in the 21st century. NATO focuses on developing offensive as well as defensive cyber capabilities while the EU primarily presents a more passive strategy. Considering the Alliance’s ability to set demands on partner actors, results suggested that the Joint Declaration is able to continue if the EU falls in line with the precedent set by NATO as the organisation continues to expand its militarising discourse of cyberspace.

Page generated in 0.0521 seconds