131 |
Reasoning about Cyber Threat ActorsJanuary 2018 (has links)
abstract: Reasoning about the activities of cyber threat actors is critical to defend against cyber
attacks. However, this task is difficult for a variety of reasons. In simple terms, it is difficult
to determine who the attacker is, what the desired goals are of the attacker, and how they will
carry out their attacks. These three questions essentially entail understanding the attacker’s
use of deception, the capabilities available, and the intent of launching the attack. These
three issues are highly inter-related. If an adversary can hide their intent, they can better
deceive a defender. If an adversary’s capabilities are not well understood, then determining
what their goals are becomes difficult as the defender is uncertain if they have the necessary
tools to accomplish them. However, the understanding of these aspects are also mutually
supportive. If we have a clear picture of capabilities, intent can better be deciphered. If we
understand intent and capabilities, a defender may be able to see through deception schemes.
In this dissertation, I present three pieces of work to tackle these questions to obtain
a better understanding of cyber threats. First, we introduce a new reasoning framework
to address deception. We evaluate the framework by building a dataset from DEFCON
capture-the-flag exercise to identify the person or group responsible for a cyber attack.
We demonstrate that the framework not only handles cases of deception but also provides
transparent decision making in identifying the threat actor. The second task uses a cognitive
learning model to determine the intent – goals of the threat actor on the target system.
The third task looks at understanding the capabilities of threat actors to target systems by
identifying at-risk systems from hacker discussions on darkweb websites. To achieve this
task we gather discussions from more than 300 darkweb websites relating to malicious
hacking. / Dissertation/Thesis / Doctoral Dissertation Computer Engineering 2018
|
132 |
O comprometimento asiático com o desenvolvimento cibernético da região e a utilização sínica do ciberespaço como extensão de sua estratégia tradicional / Asian commitment to cybernetic development in the region and the use of cyberspace as an extension of its traditional strategyOliveira, Ahmina Raiara Solsona 01 June 2015 (has links)
Submitted by Elesbão Santiago Neto (neto10uepb@cche.uepb.edu.br) on 2018-04-25T18:03:35Z
No. of bitstreams: 1
PDF - Ahmina Raiara Solsona Oliveira.pdf: 31428777 bytes, checksum: 2df7c3a6815e0074c38a709a4b1d5904 (MD5) / Made available in DSpace on 2018-04-25T18:03:35Z (GMT). No. of bitstreams: 1
PDF - Ahmina Raiara Solsona Oliveira.pdf: 31428777 bytes, checksum: 2df7c3a6815e0074c38a709a4b1d5904 (MD5)
Previous issue date: 2015-06-01 / CAPES / The Asian presence is constant in cyber conflicts and theses countries are appearing as victims or alleged perpetrators. The high rate of participation in such models of war, added to the fact that countries like Russia, China, India, Japan, Pakistan and the Koreas are considered by the Pentagon as possessor of a cyber-army makes feasible the possibility of strong involvement and Asian commitment to the development of cyber capabilities in the region. Despite the strong technological gap between the states of the Asian Pacific, common threats fostered cooperation and united the continent in search for cybersecurity in the region. Therefore, this master's thesis aims to show the Asian commitment to the regional cyber development and the Chinese use of cyberspace as an extension of its national strategic thinking. The methodology is qualitative, with the case study method applied to China. This academic work is organized in three chapters, plus introduction and closing remarks. The first chapter has concepts and definitions we need to understand the discussions surrounding cyber terms. The second chapter sets out some of the cyber conflicts with Asian participation and highlights three Asian organizations working in pursuit of regional cybersecurity. The third chapter expresses the Chinese perception of cyber warfare, explains the use of cyberspace as a strategic tool for its military and economic development, and reveals their actions in order to prepare for the Cyber Age. The main result of this work has been that the Asian Pacific region is gradually getting involved in cyber conflicts and committing to cooperation for a common cyber security – including through the development of measuring tools for the cyber maturity – and that China sees in cyber warfare the possibility to block out impositions by militarily stronger powers and, through technology transfer, to achieve a military level similar to that of the great powers. / A presença asiática se faz constante nos conflitos cibernéticos com seus países aparecendo como vítimas ou supostos responsáveis. O alto índice de participação em tais modelos de guerra, somado ao fato de países como Rússia, China, Índia, Japão, Paquistão e as Coreias serem considerados possuidores de exército cibernético pelo Pentágono, torna fatível a hipótese de forte envolvimento e compromisso asiático com o desenvolvimento das suas capacidades cibernéticas. Apesar da grande discrepância tecnológica entre os Estados do pacífico asiático, as ameaças comuns fomentaram a cooperação e uniram o continente em busca da sua segurança cibernética. Esta dissertação tem como objetivo explicitar o compromisso asiático com o desenvolvimento cibernético regional e a utilização sínica do espaço cibernético como extensão de seu pensamento estratégico nacional. A metodologia utilizada foi de natureza qualitativa, acrescida do método de estudo de caso aplicado à China. O trabalho está organizado em três capítulos, além de introdução e considerações finais. O primeiro capítulo traz conceitos e definições necessários à compreensão das discussões que circundam o termo cibernético. O segundo capítulo expõe alguns dos conflitos cibernéticos com participação asiática e evidencia três organizações asiáticas que trabalham em busca da segurança cibernética regional. O terceiro capítulo expressa a percepção sínica sobre a guerra cibernética, explica a utilização do espaço cibernético como ferramenta estratégica para seu desenvolvimento militar e econômico e revela suas ações de modo a se preparar para a Era Cibernética. Como resultado principal deste trabalho tem-se que a região pacífico asiática vem gradualmente se envolvendo em conflitos cibernéticos e se comprometendo com a cooperação por uma segurança cibernética comum – inclusive através da elaboração de instrumentos medidores de maturidade cibernética – e que a China vê na guerra cibernética a possibilidade de frustrar ações imperativas por parte de potências militarmente mais fortes e de, por meio da transferência tecnológica, alcançar nível militar similar ao das grandes potências.
|
133 |
Comparison of Security and Risk awareness between different age groupsBjörneskog, Amanda, Goniband Shoshtari, Nima January 2017 (has links)
The Internet have become a 'necessity' in the everyday life of just below 50\% of the world population. With the growth of the Internet and it creating a great platform to help people and making life easier, it has also brought a lot of malicious situations. Now a days people hack or uses social engineering on other people for a living, scamming and fraud is part of their daily life. Therefore security awareness is truly important and sometimes vital.We wanted to look at the difference in security awareness depending on which year you were born, in relation to the IT-boom and growth of the Internet. Does it matter if you lived through the earlier stages of the Internet or not? We found that the security awareness did increase with age, but if it was due to the candidates growing up before or after the IT-boom or due to the fact that younger people tend to be more inattentive is hard to tell. Our result is that the age group, 16-19, were more prone to security risks, due to an indifferent mindset regarding their data and information.
|
134 |
A Hierarchical Architectural Framework for Securing Unmanned Aerial SystemsLeccadito, Matthew 01 January 2017 (has links)
Unmanned Aerial Systems (UAS) are becoming more widely used in the new era of evolving technology; increasing performance while decreasing size, weight, and cost. A UAS equipped with a Flight Control System (FCS) that can be used to fly semi- or fully-autonomous is a prime example of a Cyber Physical and Safety Critical system. Current Cyber-Physical defenses against malicious attacks are structured around security standards for best practices involving the development of protocols and the digital software implementation. Thus far, few attempts have been made to embed security into the architecture of the system considering security as a holistic problem. Therefore, a Hierarchical, Embedded, Cyber Attack Detection (HECAD) framework is developed to provide security in a holistic manor, providing resiliency against cyber-attacks as well as introducing strategies for mitigating and dealing with component failures. Traversing the hardware/software barrier, HECAD provides detection of malicious faults at the hardware and software level; verified through the development of an FPGA implementation and tested using a UAS FCS.
|
135 |
Modeling Security and Resource Allocation for Mobile Multi-hop Wireless Neworks Using Game TheoryNjilla, Laurent L. Y. 09 September 2015 (has links)
This dissertation presents novel approaches to modeling and analyzing security and resource allocation in mobile ad hoc networks (MANETs). The research involves the design, implementation and simulation of different models resulting in resource sharing and security’s strengthening of the network among mobile devices. Because of the mobility, the network topology may change quickly and unpredictably over time. Moreover, data-information sent from a source to a designated destination node, which is not nearby, has to route its information with the need of intermediary mobile nodes. However, not all intermediary nodes in the network are willing to participate in data-packet transfer of other nodes. The unwillingness to participate in data forwarding is because a node is built on limited resources such as energy-power and data. Due to their limited resource, nodes may not want to participate in the overall network objectives by forwarding data-packets of others in fear of depleting their energy power.
To enforce cooperation among autonomous nodes, we design, implement and simulate new incentive mechanisms that used game theoretic concepts to analyze and model the strategic interactions among rationale nodes with conflicting interests. Since there is no central authority and the network is decentralized, to address the concerns of mobility of selfish nodes in MANETs, a model of security and trust relationship was designed and implemented to improve the impact of investment into trust mechanisms. A series of simulations was carried out that showed the strengthening of security in a network with selfish and malicious nodes. Our research involves bargaining for resources in a highly dynamic ad-hoc network. The design of a new arbitration mechanism for MANETs utilizes the Dirichlet distribution for fairness in allocating resources. Then, we investigated the problem of collusion nodes in mobile ad-hoc networks with an arbitrator. We model the collusion by having a group of nodes disrupting the bargaining process by not cooperating with the arbitrator. Finally, we investigated the resource allocation for a system between agility and recovery using the concept of Markov decision process. Simulation results showed that the proposed solutions may be helpful to decision-makers when allocating resources between separated teams.
|
136 |
Cyber-security in the European region : anticipatory governance and practicesMunk, Tine Hojsgaard January 2015 (has links)
This thesis explores the nature of cyber-security at the beginning of the 21st century. In the current security paradigm, security strategies based on anticipatory governance have become essential in the management of the constantly changing cyber-security environment. Thus, this thesis aims to understand security strategies and governance introduced in the European region. The increased dependency on cyber-space is visible in all public-private sectors and governmental operations, as well as communications between groups and individuals. As a result, cyber-attacks on public and private entities are increasing. This requires a security framework that is flexible and establishes different types of security cooperation to manage the widespread cyber-risks. This is essential to the development of security strategies, governance forms, practices, and guidelines for enhancing resilience and preparedness towards cyber-risks. Therefore, I am examining cyber-security through the lenses of nodal governance and governmentality, which enables me to understand European cyber-security strategies and governance forms developed by the Council of Europe, the European Union, and the North-Atlantic Treaty Organization. To analyse existing strategies and governance forms, I have used two critical security schools, the Copenhagen School and the Paris School, which cover different aspects of the security agenda. The thesis develops a substantive analytical framework through two case studies, namely cyber-security and cyber-terrorism. The findings in this thesis identifies problem areas, such as the complexity of the nodal system, the legislative lacuna, reliance on different governance forms, transparency and accountability, and types of anticipatory governance and regulatory practices.
|
137 |
Training Security Professionals in Social Engineering with OSINT and SieveMeyers, Jared James 01 June 2018 (has links)
This research attempts to create a novel process, Social Engineering Vulnerability Evaluation, SiEVE, to use open source data and open source intelligence (OSINT) to perform efficient and effectiveness spear phishing attacks. It is designed for use by "œred teams" and students learning to conduct a penetration test of an organization, using the vector of their workforce. The SiEVE process includes the stages of identifying targets, profiling the targets, and creating spear phishing attacks for the targets. The contributions of this research include the following: (1) The SiEVE process itself was developed using an iterative process to identify and fix initial shortcomings; (2) Each stage of the final version of the SiEVE process was evaluated in an experiment that compared performance of students using SiEVE against performance of those not using SiEVE in order to test effectiveness of the SiEVE process in a learning environment; Specifically, the study showed that those using the SiEVE process (a) did not identify more targets, (b) did identify more information about targets, and (c) did lead to more effective spear phishing attacks. The findings, limitations, and future work are discussed in order to provide next steps in developing formalized processes for red teams and students learning penetration testing.
|
138 |
A CYBERSECURITY FRAMEWORK FOR WIRELESS-CONTROLLED SMART BUILDINGSFeng Wu (6313133) 12 October 2021 (has links)
<p>Due
to the rapid development of wireless communication and network technology, more
and more wireless devices (e.g., Siemens, Lutron, etc.) are used in residential
and commercial buildings. The wireless system has many advantages that
traditional wired-based systems do not have, such as time-saving deployment and
easy maintenance. However, the wireless system is also vulnerable to
cyber-attacks since the data packets are transmitted by radio waves rather than
by physical medium. The current cyber detection system (e.g., Intrusion
detection system) monitors the data traffic to identify the anomalies in the
network. However, it is unable to detect the attacks that tamper with the
control logic or operating parameters, which results in the malfunction of the
system. This thesis developed an integrated, cyber-security framework for
cyber-attack detection in smart buildings.</p>
<p>The
objective of this research is to develop an integrated cyber-security framework
for wireless-based smart building systems to protect buildings from the
cyber-attacks. The wireless-based smart building systems are operated and
controlled by either a two-position or continuous controlled approach. The
efforts in this study have developed a cyber-security framework to deal with both
two-position control and continuous control. For the two-position controlled
smart buildings, the developed cyber-security framework integrates the data and
models of both cyber and physical domains of building systems to detect faults,
abnormal operations, and cyber attacks. The cyber-security framework developed
for the continuous controlled system combines a data-driven model for detecting
the faults of sensor measurements and a physical model based on engineering
principle (e.g., laws of thermodynamics or control logic) to detect the anomaly
of system operation.</p>
<p>To
develop the cyber-security frameworks, the testbeds corresponding to the
two-position and continuous wireless systems were constructed for
attack-oriented tests. A wireless-based lighting system for smart homes was
used as the testbed for the study of the two-position control. It has a
wireless occupancy sensor, an actuator for the light switch, and an open-source
operating platform (OpenHAB) for system control and monitor. The platform of
the wireless is the ZigBee. An indoor shading system at a living lab in new
Herrick building at Purdue University was utilized as the testbed for the study
of the continuous controlled system. The indoor shading system exploits the roller
shades to block the excess daylighting to provide an acceptable illuminance
condition for occupants. The shading system uses the wireless illuminance
sensor, weather condition, and wire-based controller to automatically operate
the shades for the acceptable illuminance. </p>
<p>The
study implemented designed cyber-attacks to validate the effectiveness of the
developed frameworks. The final results show that the developed two models were
able to detect the attacks effectively (95-100% attacks identified and
isolated). The abnormal operations tested in two-position control system were
identified when an abnormal state was triggered, or the modelled state and real
state did not match in the finite state machine model developed. For continuous
control, the abnormal operations were detected when there is a significant
deviation between the modelled measurement and the actual measurement. The
cybersecurity framework developed in the thesis demonstrates an effective
approach for detecting system faults caused by attacks. The frameworks could be
widely used for other different building systems and beyond buildings, such as
transportation or industrial manufacturing systems.</p>
|
139 |
Návrh zavedení programu budování bezpečnostního povědomí na gymnáziu / Proposal for the implementation of security awareness program at grammar schoolHolásková, Marie January 2018 (has links)
The diploma thesis deals with the issue of building security awareness at grammar schools. The thesis can be divided into three main parts. The introductory part introduces the theoretical definition of basic concepts in the area of information security and a brief description of the legislative requirements to be followed in solving the work. The second part analyzes the current situation of selected grammar school, including risk analysis, HOS 8 analysis and SWOT analysis. In the practical part, the proposal to introduce a security awareness program adapted to the grammar school.
|
140 |
Budování bezpečnostního povědomí na základní škole / Increase of Security Awareness at the Primary SchoolKolajová, Jana January 2019 (has links)
This diploma thesis is focused on the development of informational environment safety awareness at primary schools. The thesis consists of three main parts. The introduction explains the basic safety terms and briefly describe the legislative essentials necessary for this proposal. The second part consists of the analysis of the current situation at the school chosen for this research, including SLEPT analysis, Porter´s analysis, 7S analysis, and SWOT analysis. The practical part introduces the proposal of implementation of the program which is tailored to the requirements and needs of the primary school. The final part evaluates the pros and cons of the implemented solution.
|
Page generated in 0.0415 seconds