41 |
Evaluating the Effects of Denial-of-Service Attacks from IoT DevicesLernefalk, Marcus January 2021 (has links)
Internet växer idag konstant och det förväntas finnas fler än 50 miljarder enheter anslutna till internet efter år 2020. Flertalet av dessa enheter kommer vara små, inbäddade enheter som är anslutna och kommunicerar via Internet of Things. Att försäkra att dessa enheter är säkra och skyddade från obehörig åtkomst har varit något som väckt oro ända sedan så kallade botnets visat sig kapabla till att ta över och utnyttja hundratusentals Internet of Things anslutna enheter för att utföra Distributed Denial-of-Service attacker. Målet med denna studie har varit att ställa frågan samt svara på hur stor påverkan Internet of Things enheter har när de utnyttjas för att utföra en Distributed Denial-of-Service attack i ett lokalt trådlöst nätverk. För att besvara denna fråga har denna avhandling forskat kring områden som rör cybersäkerhet, Internet of Things, samt metoder för att utföra Distributed Denial-of-Service attacker. Denna studie har implementerat ett scenario som mäter påverkan vid en Distributed Denial-of-Service attack när upp till sex emulerade Internet of Things enheter som attackerar en ensam offerdator via TCP, UDP och HTTP flood metoder i ett lokalt nätverk. Flertalet test har utförts samt analyserats. Resultatet från denna studie presenteras och jämförs vilket visar att offerdatorn är relativt kapabel till att försvara sig mot TCP och HTTP floods med upp till sex Internet of Things enheter vid respektive attack. Det implementerade scenariot och metoden är huruvida kapabel till att tungt överbelasta offerdatorn när UDP flood används för samtliga sex Internet of Things enheter. / The internet is constantly growing, we are expecting there to be more than 50 billion devices on the internet past 2020. Many of these devices will be small, embedded devices connected and communicating using the Internet of Things. Keeping these devices secure and protected from unauthorized access has been a raising concern in part due to botnets that have proven capable of exploiting hundreds of thousands of Internet of Things devices to carry out Distributed Denial-of-Service attacks in the past. The objective of this study has been to answer how big of an impact compromised IoT devices might have when exploited to carry out a Distributed Denial-of-Service attack in a Wireless Local Area Network. To answer this question this thesis has done research in the fields concerning cyber-security, the Internet of Things, and methods of distributing Denial-of-Service attacks. This study implements a scenario that measures the impact of a Distributed Denial-of-Service attack utilizing up to six emulated IoT devices that attack a single victim computer using a TCP, UDP or HTTP flood. Several tests have been performed and analyzed. The results from this work are presented and compared and shows that the victim computer is relatively capable of mitigating and defending against the TCP and HTTP flood with up to six utilized IoT devices in each attack. In the implemented scenario and method are however capable of heavily congesting and overwhelming a single victim computer when utilizing a UDP flood with all six IoT devices simultaneously attacking.
|
42 |
AI-driven Techniques for Malware and Malicious Code DetectionHou, Shifu 26 August 2022 (has links)
No description available.
|
43 |
Towards An Enterprise Self-healing System against Botnets AttacksAlhomoud, Adeeb M., Awan, Irfan U., Pagna Disso, Jules F. 05 1900 (has links)
no / Protecting against cyber attacks is no longer a
problem of organizations and home users only. Cyber security
programs are now a priority of most governments. Cyber
criminals have been using botnets to gain control over millions of
computer, steel information and commit other malicious
activities. In this paper we propose a self-healing architecture
that was originally inspired from a nature paradigm and applied
in the computer field. Our solution is designed to work within a
network domain. We present the initial design of our solution
based on the principles of self healing systems and the analysis of
botnet behaviour. We discuss how to either neutralize or reverse
(correct) their actions ensuring that network operations continue
without disruption.
|
44 |
A Next Generation Approach to Combating BotnetsAlhomoud, Adeeb M., Awan, Irfan U., Pagna Disso, Jules F., Younas, M. 04 1900 (has links)
no / As part of a defense-in-depth security solution for domain-controlled enterprise networks, a proposed self-healing system architecture is designed to increase resiliency against botnets with minimal disruption to network services.
|
45 |
A Study On API Security PentestingAsemi, Hadi 01 October 2023 (has links) (PDF)
Application Programming Interfaces (APIs) are essential in the digital realm as the bridge enabling seamless communication and collaboration between diverse software applications. Their significance lies in simplifying the integration of different systems, allowing them to work together effortlessly and share data. APIs are used in various applications, for example, healthcare, banks, authentication, etc. Ensuring the security of APIs is critical to ensure data security, privacy, and more. Therefore, the security of APIs is not only urgent but mandatory for pentesting APIs at every stage of development and to catch vulnerabilities early. The primary purpose of this research is to provide guidelines to help apply existing tools for reconnaissance and authentication pentesting. To achieve this goal, we first introduce the basics of API and OWASP's Top 10 API security vulnerabilities. Secondly, we propose deployable scripts developed for Ubuntu Debian Systems to install pentesting tools automatically. These scripts allow future students to participate in API security courses and conduct API security pentesting. API security pentesting, regarding reconnaissance and authentication, is discussed based on the configured system. For reconnaissance, passive and active approaches are introduced with different tools for authentication, including password-based authentication brute-forcing, one-time password (OTP) brute-forcing, and JSON web token brute force.
|
46 |
The social production of vulnerabilities online : A Tale about digitalised disasterNilsson, Emma January 2023 (has links)
This thesis aims to display how disastrous events in the cyber domain can be understood to have root causes attributed to non-technical vulnerabilities. The goal is to show the accelerating importance in understanding the cyber domain as any other societal arena. Further, the European Union and reports about the threat landscape from the European Union Agency for Cybersecurity will be analysed. Theoretical assumption from the field of disaster risk reduction about vulnerabilities will be used to understand how vulnerabilities are understood in the empirical material. The first report which was released in the year of 2012 and the most current one from the year of 2022 will be compared to understand patterns and correlations in the development during the last decade. The results shows that the reports have multiple features that can be interpreted as understanding of how events offline relate to threats online. Further the comparison shows that even if superficial factors and their appearance have changed, the underlying vulnerabilities have much in common.
|
47 |
A proposed framework that enhances the quality of cyber security auditsMatsikidze, Hezel 23 March 2023 (has links) (PDF)
The need to protect information systems or assets remains crucial today. Innovations in technology have led to rapid developments and as technology continues to advance, so is the need to protect information systems. Amongst numerous effects of cyber-attacks on organizations, huge financial losses which in turn affect the economy have since been reported. Cyber security audits need to be strengthened to tighten the protection of information systems. The importance of cybersecurity audits is widely endorsed in literature. Nonetheless, frameworks used to audit cybersecurity are viewed as‘sometimes' weak links to cybersecurity due to their drawbacks in auditing cyber security. A review of literature indicated that cyber-attacks are more rampant in the African continent with the financial sector being the most targeted. Literature also highlighted that the use of relevant frameworks for auditing cyber security improves the quality and effectiveness of audits thereby enhancing cyber security. Studies in information systems have mostly looked at the adoption of frameworks, types of cyber threats and tools needed to audit. Nonetheless, it is important to note that few scholars have examined the applicability and effectiveness of the existing frameworks in auditing cyber security. Furthermore, previous studies emphasize on enhancing cyber security without a particular focus on auditing cyber security including assessing the role of the auditor during the process. As a result, this study looked at cyber security from an auditing perspective with a particular focus on the strengths and weaknesses of the current frameworks that are being used to audit cyber security including. The study also looked at the factors that enhance the effectiveness of cyber security audits. The study draws from different theories, literature and from the strengths and drawbacks of existing frameworks to create an explanatory model. To statistically test and evaluate the model, a quantitative research approach was employed to collect, analyze, and interpret data from South Africa. Data was collected using a questionnaire which was distributed to IT auditors and cyber security professionals from the Information Systems Audit and Control Association (ISACA) South African chapter members. The National Institute of Standards and Technology (NIST) cyber security framework was found to be the widely adopted framework followed by the International Organization for Standardization (ISO) standards, with the Control Objectives for Information Technologies (COBIT) being the least employed framework. The COBIT framework was found to be more aligned to Information Technology governance rather than cyber security. Furthermore, results of this study indicate that effectiveness of cyber security audits is dependent upon competencies of auditors including their ethics and integrity. Results further indicate that frameworks used for auditing are effective to some extent if properly implemented. A proper alignment of an auditor's competencies which include ethics and integrity, and an adoption of a relevant framework will result in effective cyber security audits that reduce the risks of cyber-attacks. Concerning the contribution to practice, results from this study can help organizations to determine and review focus areas of cyber security auditing that they need to emphasize and develop on. Furthermore, the developed model can be used by auditors to develop an audit plan and conduct audits that are effective in identifying, protecting, detecting, preventing, and recovering information systems or assets. The methodological, theoretical, and practical contributions are further discussed in this thesis along with limitations, recommendations, and areas for future research.
|
48 |
The Effects of Inhibitory Control and Perceptual Attention on Cyber SecurityPearson, Ed 03 May 2019 (has links)
This dissertation recommends research to investigate the effects inhibitory control and perceptual attention have on the cyber security decision-making process. Understanding the effects that inhibitory control and perceptual attention have on the security decision- making process will allow for better defenses to be developed against social engineering and phishing. A survey and review of previous research in the area of Human Computer- Interaction and Security is presented. An experiment is performed to evaluate inhibitory control, which is composed of prepotent response inhibition, resistance to distractor interference, and resistance to proactive interference (PI). Additionally, the experiment evaluates perceptual attention and the security decision-making process.
|
49 |
Open-Source Testbed to Evaluate the Cybersecurity of Phasor Measurement UnitsZimmermann, Markus Kenneth 22 June 2022 (has links)
The Phasor Measurement Unit provides clear data for ease of grid visibility. A major component of the device is the Global Positioning System (GPS) for time synchronization across the board. However, this device has become more susceptible to cyber-attacks such as spoofing. This paper constructs an opensource testbed for the playback of PMU data and testing of cyberattacks on PMUs. Using a local GPS device to simulate what is done in the PMU, MATLAB for data conversion, and Linux operating system running on Ubuntu, the simulator can be constructed. The spoofing attack is done by adding a phase shift of the incoming data to simulate that the data is coming from a different time stamp and shifts between the original. Finally, it is all brought together by viewing the output in an open source Phasor Data Concentrator (PDC) to validate the process. / Master of Science / To monitor the bulk electrical grid, devices used to calculate at what level the grid is at and what point in time as well. These devices that are called Phasor Measurement Units and send this data to the control center for engineers to process and make decisions. Within each device is a Global Positioning System (GPS) to tell which device is sending data and at what time. The GPS device is what is susceptible to be entered by malicious individuals. To better prepare and prevent this, a testbed would be a good solution to test if the preventative measure works. However, the best of the best costs too much money, so the next best solution is an open source test bed that could be implemented anyway. The work in this paper constructs an opensource testbed and simulates a full GPS spoofing attack.
|
50 |
Mining Security Risks from Massive DatasetsLiu, Fang 09 August 2017 (has links)
Cyber security risk has been a problem ever since the appearance of telecommunication and electronic computers. In the recent 30 years, researchers have developed various tools to protect the confidentiality, integrity, and availability of data and programs.
However, new challenges are emerging as the amount of data grows rapidly in the big data era. On one hand, attacks are becoming stealthier by concealing their behaviors in massive datasets. One the other hand, it is becoming more and more difficult for existing tools to handle massive datasets with various data types.
This thesis presents the attempts to address the challenges and solve different security problems by mining security risks from massive datasets. The attempts are in three aspects: detecting security risks in the enterprise environment, prioritizing security risks of mobile apps and measuring the impact of security risks between websites and mobile apps. First, the thesis presents a framework to detect data leakage in very large content. The framework can be deployed on cloud for enterprise and preserve the privacy of sensitive data. Second, the thesis prioritizes the inter-app communication risks in large-scale Android apps by designing new distributed inter-app communication linking algorithm and performing nearest-neighbor risk analysis. Third, the thesis measures the impact of deep link hijacking risk, which is one type of inter-app communication risks, on 1 million websites and 160 thousand mobile apps. The measurement reveals the failure of Google's attempts to improve the security of deep links. / Ph. D. / Cyber security risk has been a problem ever since the appearance of telecommunication and electronic computers. In the recent 30 years, researchers have developed various tools to prevent sensitive data from being accessed by unauthorized users, protect program and data from being changed by attackers, and make sure program and data to be available whenever needed.
However, new challenges are emerging as the amount of data grows rapidly in the big data era. On one hand, attacks are becoming stealthier by concealing their attack behaviors in massive datasets. On the other hand, it is becoming more and more difficult for existing tools to handle massive datasets with various data types.
This thesis presents the attempts to address the challenges and solve different security problems by mining security risks from massive datasets. The attempts are in three aspects: detecting security risks in the enterprise environment where massive datasets are involved, prioritizing security risks of mobile apps to make sure the high-risk apps being analyzed first and measuring the impact of security risks within the communication between websites and mobile apps. First, the thesis presents a framework to detect sensitive data leakage in enterprise environment from very large content. The framework can be deployed on cloud for enterprise and avoid the sensitive data being accessed by the semi-honest cloud at the same time. Second, the thesis prioritizes the inter-app communication risks in large-scale Android apps by designing new distributed inter-app communication linking algorithm and performing nearest-neighbor risk analysis. The algorithm runs on a cluster to speed up the computation. The analysis leverages each app’s communication context with all the other apps to prioritize the inter-app communication risks. Third, the thesis measures the impact of mobile deep link hijacking risk on 1 million websites and 160 thousand mobile apps. Mobile deep link hijacking happens when a user clicks a link, which is supposed to be opened by one app but being hijacked by another malicious app. Mobile deep link hijacking is one type of inter-app communication risks between mobile browser and apps. The measurement reveals the failure of Google’s attempts to improve the security of mobile deep links.
|
Page generated in 0.0422 seconds