Global ETD Search

1	Representing attacks in a cyber range / Representation av attacker i en cyber range Hätty, Niklas January 2019 (has links) Trained security experts can be a mitigating factor to sophisticated cyberattacks that aim to violate the confidentiality, integrity, and availability of information. Reproducible sessions in a safe training environment is an effective way of increasing the excellence of security experts. One approach to achieving this is by using cyber ranges, which essentially is a set of hardware nodes that can virtually represent a large organization or system. The Swedish Defense Research Agency (FOI) develops and maintains a fully functioning cyber range and has the ability to automatically deploy sophisticated attacks against organizations and systems represented in this cyber range through a system called SVED. In this thesis, the capability to deploy different types of cyberattacks through SVED against virtual organizations in a cyber range, CRATE, is investigated. This is done by building a dataset of publicly disclosed security incidents from a database and attempting to represent each of them in SVED, and subsequently instantiating these attack representations against organizations in CRATE. The results show that the prevalence of at least one CVE-entry (Common Vulnerabilities and Exposures) in the incident description is a key factor to be able to represent an attack in SVED. When such an entry does exist, SVED is likely able to implement a representation of the attack. However, for certain type of attacks a CVE-entry is not enough to determine how an attack was carried out, which is why some attacks are harder to implement in SVED. This was the case for Denial of Service (DoS) attacks, which are too reliant on infrastructure rather than one or more vulnerabilities, and SQL injections, which are more reliant on the implementation of database access. Finally, CRATE is able to handle almost all attacks implemented in SVED, given that the correct vulnerable application software is installed on at least one machine in one of the organizations in CRATE. it-security cyber range information security penetration testing SVED CRATE cyber range it-säkerhet informationssäkerherhet penetrationstestning SVED CRATE Computer Sciences Datavetenskap (datalogi)
2	Virtualizace energetické infrastruktury / Virtualization of energy infrastructure Hraboš, Šimon January 2021 (has links) This work describes the virtualization process, virtualization tools and virtualization automation. The work also deals with the description of energy infrastructure, KYPO cyber range platform and DLMS/COSEM protocol used in energy. The practical part deals with the virtualization of energy infrastructure using OpenStack and KYPO cyber range platforms. A virtual environment was created using Vagrant application. The OpenStack and KYPO cyber range platforms were subsequently installed in this environment. Next, a sandbox definition was created. The sandbox definition creates a scenario with an energy infrastructure using KYPO platform. The functionality of the energy infrastructure was verified using the Gurux DLMS library.
3	Design of Mobility Cyber Range and Vision-Based Adversarial Attacks on Camera Sensors in Autonomous Vehicles Ramayee, Harish Asokan January 2021 (has links) No description available. Computer Engineering Electrical Engineering 2D Semantic segmentation Vision-based attacks Adversarial images Cyber Range Autonomous Vehicles machine learning computer vision Cyber security Traffic sign recognition Neural network optimization
4	Monitoring of Cyber Security Exercise Environments in Cyber Ranges : with an implementation for CRATE / Övervakning av spelmiljöer i cyberanläggningar : med en implementation för CRATE Sjöstedt, Matildha January 2021 (has links) In a world where much of society is dependent on digital infrastructure, various cyber threats can pose a great risk to businesses, critical infrastructure and potentially entire nations. For this reason, research and education as well as the preparation of strategies, training of personnel etc., is imperative. Cyber ranges can provide ''safe environments'' in which for example cyber security exercises and experiments can be conducted. While easier to deploy and configure than ''real'' infrastructures, monitoring of such environments during ongoing exercises/experiments poses a number of challenges. During this thesis work, the question of what types of data and information could be relevant to provide in a monitoring system for this context was investigated, with regard to aspects such as providing technical support or gaining situational awareness during exercises. Results gained from a survey with participants from relevant organizations, contributed greatly to this question. The survey and literature study also provided insights into challenges and potential problems of developing and running such monitoring. CRATE is a cyber range developed and maintained by the Swedish Defence Research Agency (FOI). In this thesis work, some of the challenges and potential problems found are tackled with a suggested design and an implemented monitoring system prototype for CRATE. Apart from providing functionality to retrieve information about accounts and privileges as well as status of services, the design of the prototype also lays the foundation for a flexible and extensible monitoring system -- fully adapted for use within a cyber range. With cyber exercises becoming both more prevalent and extensive, the need for capable monitoring of exercise environments will naturally arise. While the developed prototype may facilitate future cyber exercises/experiments in CRATE, the results of this thesis work are also ready to be used as a source of inspiration for other cyber range operators. cyber range monitoring CRATE cyber security cyber security exercises virtual machine cyberanläggning övervakning CRATE cybersäkerhet cybersäkerhetsövningar virtuell maskin Information Systems Software Engineering Programvaruteknik
5	Automating software installation for cyber security research and testing public exploits in CRATE / Att automatisera mjukvaruinstallationer för cybersäkerhetsforskning och testandet av publika angreppskoder i CRATE Kahlström, Joakim, Hedlin, Johan January 2021 (has links) As cyber attacks are an ever-increasing threat to many organizations, the need for controlled environments where cyber security defenses can be tested against real-world attacks is increasing. These environments, called cyber ranges, exist across the world for both military and academic purposes of various scales. As the function of a cyber range involves having a set of computers, virtual or physical, that can be configured to replicate a corporate network or an industrial control system, having an automated method of configuring these can streamline the process of performing different exercises. This thesis aims to provide a proof of concept of how the installation of software with known vulnerabilities can be performed and examines if the software is vulnerable directly after installation. The Cyber Range And Training Environment (CRATE) developed by the Swedish Defence Research Agency (FOI) is used as a testbed for the installations and FOI-provided tools are used for launching automated attacks against the installed software. The results show that installations can be performed without Internet access and with minimal network traffic being generated and that our solution can rewrite existing software packages from the package manager Chocolatey to work with an on-premises repository with an 85% success rate. It is also shown that very few publicly available exploits succeed without any manual configuration of either the exploit or the targeted software. Our work contributes to making it easier to set up environments where cyber security research and training can be conducted by simplifying the process of installing vulnerable applications. cyber range software installation cyber security CRATE exploit testing automation cyberanläggning mjukvaruinstallation cybersäkerhet CRATE angreppstestning automatisering Software Engineering Programvaruteknik Computer Sciences Datavetenskap (datalogi)
6	An Attribution Method for Alerts in an Educational Cyber Range based on Graph Database Wang, Yang January 2023 (has links) Finding the source of events in a network is a critical problem in network security, and this process is called network attribution. This thesis develops a system to attribute alerts from the cyber range of the Ethical Hacking Course at KTH to students. The cyber range is an essential component of the Ethical Hacking course. It provides a platform for students to practice their hacking knowledge and skills while recording their actions for research or course purposes. To use the alerts generated by the cyber range to study student behavior, it is necessary to find which student triggered the alert. In this thesis, the system uses a method based on a graph database to attribute alerts to students. The system designed in this thesis use the log data recorded by the cyber range to create nodes and relationships and use the data related to the traffic between hosts to attribute the traffic. After the attribution is complete, the system uses the attributed student traffic to reconstruct the path from the student to the host that captured the alert. If the path from the student to the host is successfully constructed, the attribution of the alert is considered successful. In the end, the system was able to attribute 94% of the student traffic. Using the student traffic that is successfully attributed, the system can attribute 79.75% of the bad-samba alerts to students and build the path from the student to the host. The system designed in this thesis is helpful for understanding and managing the students’ hacking behavior in the cyber range of the Ethical Hacking course. / Att hitta källan till händelser i ett nätverk är ett kritiskt problem inom nätverkssäkerhet och denna process kallas för nätverksattribuering. Denna avhandling utvecklar ett system för att attribuera varningar från cyberrummet i kursen Etisk Hacking på KTH till studenter. Cyberrummet är en viktig komponent i Etisk Hacking-kursen och det ger en plattform för studenter att öva på sina hackningskunskaper och färdigheter samtidigt som deras handlingar spelas in för forsknings- eller kursändamål. För att använda de varningar som genereras av cyberrummet för att studera studenters beteende är det nödvändigt att hitta vilken student som utlöste varningen. I denna avhandling använder systemet en metod baserad på en grafisk databas för att attribuera varningar till studenter. Vi använder loggdata som registreras av cyberrummet för att skapa noder och relationer och använder data relaterade till trafiken mellan värdar för att attribuera trafiken. Efter att attribueringen är klar använder systemet den attribuerade studenttrafiken för att återkonstruera vägen från studenten till värdet som fångade varningen. Om vägen från studenten till värdet framgångsrikt konstrueras anses attribueringen av varningen vara lyckad. I slutändan kunde systemet attribuera 94% av studenttrafiken. Genom att använda den studenttrafik som framgångsrikt attribueras kan systemet attribuera 79,75% av de dåliga-samba varningarna till studenter och bygga vägen från studenten till värdet. Systemet som designats i denna avhandling är till hjälp för att förstå och hantera studenters hackningsbeteende i cyberrummet i kursen Etisk Hacking. Network Attribution. Cyber Range Ethical Hacking Course. Graph Database. Nätverksattribuering Cyberområde Etisk Hackningskurs Grafisk Databas Elektroteknik och elektronik

1

Page generated in 0.0717 seconds