Global ETD Search

121	Cyber Profiling for Insider Threat Detection Udoeyop, Akaninyene Walter 01 August 2010 (has links) Cyber attacks against companies and organizations can result in high impact losses that include damaged credibility, exposed vulnerability, and financial losses. Until the 21st century, insiders were often overlooked as suspects for these attacks. The 2010 CERT Cyber Security Watch Survey attributes 26 percent of cyber crimes to insiders. Numerous real insider attack scenarios suggest that during, or directly before the attack, the insider begins to behave abnormally. We introduce a method to detect abnormal behavior by profiling users. We utilize the k-means and kernel density estimation algorithms to learn a user’s normal behavior and establish normal user profiles based on behavioral data. We then compare user behavior against the normal profiles to identify abnormal patterns of behavior. insider threat cyber crime insider cyber security anomaly detection data breach Computer and Systems Architecture Digital Communications and Networking
122	Cyber Profiling for Insider Threat Detection Udoeyop, Akaninyene Walter 01 August 2010 (has links) Cyber attacks against companies and organizations can result in high impact losses that include damaged credibility, exposed vulnerability, and financial losses. Until the 21st century, insiders were often overlooked as suspects for these attacks. The 2010 CERT Cyber Security Watch Survey attributes 26 percent of cyber crimes to insiders. Numerous real insider attack scenarios suggest that during, or directly before the attack, the insider begins to behave abnormally. We introduce a method to detect abnormal behavior by profiling users. We utilize the k-means and kernel density estimation algorithms to learn a user’s normal behavior and establish normal user profiles based on behavioral data. We then compare user behavior against the normal profiles to identify abnormal patterns of behavior. insider threat cyber crime insider cyber security anomaly detection data breach Computer and Systems Architecture Digital Communications and Networking
123	Mexico’s national security framework in the context of an interdependent world : a comparative architecture approach Martinez Espinosa, Cesar Alfredo 04 February 2014 (has links) In a more complex and interdependent world, nations face new challenges that threaten their national security. National security should not be understood exclusively in the way of military threats by adversarial states but in a broader way: how old and new sectoral threats affect not only a state and its institutions but a nation as a whole, physically and economically. This dissertation looks into how the nature of security threats and risks has evolved in recent years. This dissertation then explores how different nations have decided to publish national security strategy documents and analyzes the way in which they include this broadened understanding of security: it finds that there is evidence of international policy diffusion related to the publication of such security strategies and that nations are evolving towards a broader understanding of security that includes models like whole-of-government, and whole-of-society. In the second half, this dissertation analyzes the route through which Mexico has reformed its national security framework since the year 2000 through a policy streams approach. After looking at the path that led to the creation of Mexico’s modern national security institutions, it analyzes the way in which Mexico national interests can be determined and how these interests inform the way in which Mexico understands national security threats and risks in the 21st Century. / text Mexico National security International security Public safety National security strategy Cyber security Disaster preparedness Security risks Security threats Interdependency Globalization
124	Toward Cyber-Secure and Resilient Networked Control Systems Teixeira, André January 2014 (has links) Resilience is the ability to maintain acceptable levels of operation in the presence of abnormal conditions. It is an essential property in industrial control systems, which are the backbone of several critical infrastructures. The trend towards using pervasive information technology systems, such as the Internet, results in control systems becoming increasingly vulnerable to cyber threats. Traditional cyber security does not consider the interdependencies between the physical components and the cyber systems. On the other hand, control-theoretic approaches typically deal with independent disturbances and faults, thus they are not tailored to handle cyber threats. Theory and tools to analyze and build control system resilience are, therefore, lacking and in need to be developed. This thesis contributes towards a framework for analyzing and building resilient control systems. First, a conceptual model for networked control systems with malicious adversaries is introduced. In this model, the adversary aims at disrupting the system behavior while remaining undetected by an anomaly detector The adversary is constrained in terms of the available model knowledge, disclosure resources, and disruption capabilities. These resources may correspond to the anomaly detector’s algorithm, sniffers of private data, and spoofers of control commands, respectively. Second, we address security and resilience under the perspective of risk management, where the notion of risk is defined in terms of a threat’s scenario, impact, and likelihood. Quantitative tools to analyze risk are proposed. They take into account both the likelihood and impact of threats. Attack scenarios with high impact are identified using the proposed tools, e.g., zero-dynamics attacks are analyzed in detail. The problem of revealing attacks is also addressed. Their stealthiness is characterized, and how to detect them by modifying the system’s structure is also described. As our third contribution, we propose distributed fault detection and isolation schemes to detect physical and cyber threats on interconnected second-order linear systems. A distributed scheme based on unknown input observers is designed to jointly detect and isolate threats that may occur on the network edges or nodes. Additionally, we propose a distributed scheme based on local models and measurements that is resilient to changes outside the local subsystem. The complexity of the proposed methods is decreased by reducing the number of monitoring nodes and by characterizing the minimum amount of model information and measurements needed to achieve fault detection and isolation. Finally, we tackle the problem of distributed reconfiguration under sensor and actuator faults. In particular, we consider a control system with redundant sensors and actuators cooperating to recover from the removal of individual nodes. The proposed scheme minimizes a quadratic cost while satisfying a model-matching condition, which maintains the nominal closed-loop behavior after faults. Stability of the closed-loop system under the proposed scheme is analyzed. / Ett resilient system har förmågan att återhämta sig efter en kraftig och oväntad störning. Resiliens är en viktig egenskap hos industriella styrsystem som utgör en viktig komponent i många kritiska infrastrukturer, såsom processindustri och elkraftnät. Trenden att använda storskaliga IT-system, såsom Internet, inom styrsystem resulterar i en ökad sårbarhet för cyberhot. Traditionell IT-säkerhet tar inte hänsyn till den speciella koppling mellan fysikaliska komponenter och ITsystem som finns inom styrsystem. Å andra sidan så brukar traditionell reglerteknik fokusera på att hantera naturliga fel och inte cybersårbarheter. Teori och verktyg för resilienta och cybersäkra styrsystem saknas därför och behöver utvecklas. Denna avhandling bidrar till att ta fram ett ramverk för att analysera och konstruera just sådana styrsystem. Först så tar vi fram en representativ abstrakt modell för nätverkade styrsystem som består av fyra komponenter: den fysikaliska processen med sensorer och ställdon, kommunikationsnätet, det digitala styrsystemet och en feldetektor. Sedan införs en konceptuell modell för attacker gentemot det nätverkade styrsystemet. I modellen så beskrivs attacker som försöker undgå att skapa alarm i feldetektorn men ändå stör den fysikaliska processen. Dessutom så utgår modellen ifrån att den som utför attacken har begränsade resurser i fråga om modellkännedom och kommunikationskanaler. Det beskrivna ramverket används sedan för att studera resilens gentemot attackerna genom en riskanalys, där risk definieras utifrån ett hots scenario, konsekvenser och sannolikhet. Kvantitativa metoder för att uppskatta attackernas konsekvenser och sannolikheter tas fram, och speciellt visas hur hot med hög risk kan identifieras och motverkas. Resultaten i avhandlingen illustreras med ett flertal numeriska och praktiska exempel. / <p>QC 20141016</p> Cyber Security Resilience Industrial Control Systems Fault-Tolerant Systems Risk Management Cyber säkerhet Resiliens Industriella Styrsystem Riskanalys
125	Coordinated Variable Structure Switching Attacks for Smart Grid Liu, Shan 02 October 2013 (has links) The effective modeling and analysis of large-scale power system disturbances especially those stemming from intentional attack represents an open engineering and research problem. Challenges stem from the need to develop intelligent models of cyber-physical attacks that produce salient disruptions and appropriately describe meaningful cyber-physical interdependencies such that they balance precision, scale and complexity. In our research, we present a foundation for the development of a class of intelligent cyber-physical attacks termed coordinated variable structure switching attacks whereby opponents aim to destabilize the power grid through con- trolled switching sequence. Such switching is facilitated by cyber-attack and corruption of communication channels and control signals of the associated switch(es). We provide methods and theorems to construct such attack models and demonstrate their utility in the simulation of extensive system disturbances. Our proposed class of cyber-physical switching attacks for smart grid systems has the potential to disrupt large-scale power system operation within a short interval of time. Through successful cyber intrusion, an opponent can remotely apply a state- dependent coordinated switching sequence on one or more relays and circuit breakers of a power system to disrupt operation. Existence of this switching vulnerability is dependent on the local structure of the power grid. Variable structure systems theory is employed to effectively model the cyber-physical aspects of a smart grid and determine the existence of the vulnerability and construct the destabilizing switching attack sequence. We illustrate the utility of the attack approach assess its impact on the different power system test cases including the single machine infinite bus power system model and the Western Electricity Coordinating Council (WECC) 3-machine 9-bus system through MATLAB/Simulink and PSCAD simulation environment. The results demonstrate the potential of our approach for practical attack. Moreover, we build on our work in several ways. First, we extend the research to demonstrate an approach to mitigation within the variable structure system frame- work. We demonstrate via small signal analysis how through persistent switching a stable sliding mode can be used to disrupt a dynamical system that seems stable. We also design an approach to vulnerability analysis to assess the feasibility of co-ordinated variable structure switching attacks. Moreover, we study the performance of our attack construction approach when the opponent has imperfect knowledge of the local system dynamics and partial knowledge of the generator state. Based on the system with modeling errors, we study the performance of coordinated variable structure switching attacks in the presence of state estimation. Finally, we illustrate the concepts of attack model within the multiple switching framework, the cascading failure analysis is employed in the New-England 10-machine, 39-bus power system using MATLAB/Simulink and DSATools simulation environment. Our results demonstrate the potential for coordinated variable structure switching attacks to enable large-scale power system disturbances. coordinated switching attacks power system attacks cyber security smart grid modeling variable structure systems cyber-physical system theory
126	Tackling the barriers to achieving Information Assurance Simmons, Andrea C. January 2017 (has links) This original, reflective practitioner study researched whether professionalising IA could be successfully achieved, in line with the UK Cyber Security Strategy expectations. The context was an observed changing dominant narrative from IA to cybersecurity. The research provides a dialectical relationship with the past to improve IA understanding. The Academic contribution: Using archival and survey data, the research traced the origins of the term IA and its practitioner usage, in the context of the increasing use of the neologism of cybersecurity, contributing to knowledge through historical research. Discourse analysis of predominantly UK government reports, policy direction, legislative and regulatory changes, reviewing texts to explore the functions served by specific constructions, mainly Information Security (Infosec) vs IA. The Researcher studied how accounts were linguistically constructed in terms of the descriptive, referential and rhetorical language used, and the function that serves. The results were captured in a chronological review of IA ontology. The Practitioner contribution: Through an initial Participatory Action Research (PAR) public sector case study, the researcher sought to make sense of how the IA profession operates and how it was maturing. Data collection from self-professed IA practitioners provided empirical evidence. The researcher undertook evolutionary work analysing survey responses and developed theories from the analysis to answer the research questions. The researcher observed a need to implement a unified approach to Information Governance (IG) on a large organisation-wide scale. Using a constructivist grounded theory the researcher developed a new theoretical framework - i3GRC™ (Integrated and Informed Information Governance, Risk, and Compliance) - based on what people actually say and do within the IA profession. i3GRC™ supports the required Information Protection (IP) through maturation from IA to holistic IG. Again, using PAR, the theoretical framework was tested through a private sector case study, the resultant experience strengthening the bridge between academia and practitioners.
127	Information Pooling Bias in Collaborative Cyber Forensics January 2014 (has links) abstract: Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of cyber defense. Human teamwork in cyber defense analysis has been overlooked even though it has been identified as an important predictor of cyber defense performance. Also, to detect advanced forms of threats effective information sharing and collaboration between the cyber defense analysts becomes imperative. Therefore, through this dissertation work, I took a cognitive engineering approach to investigate and improve cyber defense teamwork. The approach involved investigating a plausible team-level bias called the information pooling bias in cyber defense analyst teams conducting the detection task that is part of forensics analysis through human-in-the-loop experimentation. The approach also involved developing agent-based models based on the experimental results to explore the cognitive underpinnings of this bias in human analysts. A prototype collaborative visualization tool was developed by considering the plausible cognitive limitations contributing to the bias to investigate whether a cognitive engineering-driven visualization tool can help mitigate the bias in comparison to off-the-shelf tools. It was found that participant teams conducting the collaborative detection tasks as part of forensics analysis, experience the information pooling bias affecting their performance. Results indicate that cognitive friendly visualizations can help mitigate the effect of this bias in cyber defense analysts. Agent-based modeling produced insights on internal cognitive processes that might be contributing to this bias which could be leveraged in building future visualizations. This work has multiple implications including the development of new knowledge about the science of cyber defense teamwork, a demonstration of the advantage of developing tools using a cognitive engineering approach, a demonstration of the advantage of using a hybrid cognitive engineering methodology to study teams in general and finally, a demonstration of the effect of effective teamwork on cyber defense performance. / Dissertation/Thesis / Doctoral Dissertation Applied Psychology 2014 Cognitive psychology Computer science Agent Based Model Cognitive Bias Cyber Forensics Cyber Security Team Cognition Team Psychology
128	Vulnerability Analysis of False Data Injection Attacks on Supervisory Control and Data Acquisition and Phasor Measurement Units January 2017 (has links) abstract: The electric power system is monitored via an extensive network of sensors in tandem with data processing algorithms, i.e., an intelligent cyber layer, that enables continual observation and control of the physical system to ensure reliable operations. This data collection and processing system is vulnerable to cyber-attacks that impact the system operation status and lead to serious physical consequences, including systematic problems and failures. This dissertation studies the physical consequences of unobservable false data injection (FDI) attacks wherein the attacker maliciously changes supervisory control and data acquisition (SCADA) or phasor measurement unit (PMU) measurements, on the electric power system. In this context, the dissertation is divided into three parts, in which the first two parts focus on FDI attacks on SCADA and the last part focuses on FDI attacks on PMUs. The first part studies the physical consequences of FDI attacks on SCADA measurements designed with limited system information. The attacker is assumed to have perfect knowledge inside a sub-network of the entire system. Two classes of attacks with different assumptions on the attacker's knowledge outside of the sub-network are introduced. In particular, for the second class of attacks, the attacker is assumed to have no information outside of the attack sub-network, but can perform multiple linear regression to learn the relationship between the external network and the attack sub-network with historical data. To determine the worst possible consequences of both classes of attacks, a bi-level optimization problem wherein the first level models the attacker's goal and the second level models the system response is introduced. The second part of the dissertation concentrates on analyzing the vulnerability of systems to FDI attacks from the perspective of the system. To this end, an off-line vulnerability analysis framework is proposed to identify the subsets of the test system that are more prone to FDI attacks. The third part studies the vulnerability of PMUs to FDI attacks. Two classes of more sophisticated FDI attacks that capture the temporal correlation of PMU data are introduced. Such attacks are designed with a convex optimization problem and can always bypass both the bad data detector and the low-rank decomposition (LD) detector. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2017 Electrical engineering Bi-level Optimization Cyber-Security Energy Management System False Data Injection Attacks Phasor Measurement Unit
129	Prevention of Cyber Security Incidents within the Public Sector : A qualitative case study of two public organizations and their way towards a sustainable cyber climate / Förebyggandet av cybersäkerhetsincidenter inom offentlig sektor : En kvalitativ fallstudie av två offentliga organisationer och deras väg mot ett hållbart cyber klimat Enocson, Julia, Söderholm, Linnéa January 2018 (has links) Title: Prevention of Cyber Security Incidents within the Public Sector - A qualitative case study of two public organizations and their way towards a sustainable cyber climate Authors: Julia Enocson and Linnéa Söderholm Supervisor: Ida Lindgren Keywords: Cyber Security, Incident, Prevention, Public Sector, IT Security, Information Security Background: In today’s digital environment it has become crucial for organizations to protect themselves against cyber security attacks and incidents. Emerging technologies pose security risks and the number of cyber security incidents are increasing. Within the public sector it is considered as one of the most challenging phenomenons that governments face today, and awareness is limited. However, studies show that a majority of cyber security incidents could have been prevented. In addition, evidence indicates that incidents often occurs due to internal actions, and not external threats. Purpose: The purpose of our study is to identify factors that may impact public organizations’ capability to prevent cyber security incidents, and subsequently how they could work towards maintaining a proactive prevention. Methodology: This study has adopted a qualitative research strategy with the design of a case study of cyber security incident prevention in the public sector, examined through two organizations. In order to collect empirical data, semi-structured interviews were conducted. Conclusion: In this study we have, based on previous literature and empirical data, identified seven influential factors that may be of importance for public organizations to take into consideration when working with cyber security incident prevention. Our findings have subsequently resulted in insights that may inspire public organizations as to how they could work proactively towards preventing incidents. The identified factors revolve around the importance of performing internal and external analyses, defining roles and responsibilities, formulating goals and regulatory documents, educating and communicating to employees, the aspect of organizational culture, and consistent evaluation. How, and to what extent, public organizations work with these factors, indicate the level of preparation to prevent future cyber security incidents. Cyber Security Incident Prevention Public Sector IT Security Information Security Övrig annan samhällsvetenskap
130	Reasoning about Cyber Threat Actors January 2018 (has links) abstract: Reasoning about the activities of cyber threat actors is critical to defend against cyber attacks. However, this task is difficult for a variety of reasons. In simple terms, it is difficult to determine who the attacker is, what the desired goals are of the attacker, and how they will carry out their attacks. These three questions essentially entail understanding the attacker’s use of deception, the capabilities available, and the intent of launching the attack. These three issues are highly inter-related. If an adversary can hide their intent, they can better deceive a defender. If an adversary’s capabilities are not well understood, then determining what their goals are becomes difficult as the defender is uncertain if they have the necessary tools to accomplish them. However, the understanding of these aspects are also mutually supportive. If we have a clear picture of capabilities, intent can better be deciphered. If we understand intent and capabilities, a defender may be able to see through deception schemes. In this dissertation, I present three pieces of work to tackle these questions to obtain a better understanding of cyber threats. First, we introduce a new reasoning framework to address deception. We evaluate the framework by building a dataset from DEFCON capture-the-flag exercise to identify the person or group responsible for a cyber attack. We demonstrate that the framework not only handles cases of deception but also provides transparent decision making in identifying the threat actor. The second task uses a cognitive learning model to determine the intent – goals of the threat actor on the target system. The third task looks at understanding the capabilities of threat actors to target systems by identifying at-risk systems from hacker discussions on darkweb websites. To achieve this task we gather discussions from more than 300 darkweb websites relating to malicious hacking. / Dissertation/Thesis / Doctoral Dissertation Computer Engineering 2018 Computer engineering Computer science Artificial intelligence Artificial intelligence Cognitive models Cyber security Defeasible logic programming Machine Learning threat intelligence

Search results