Masquerader Detection via 2fa Honeytokens

Wiklund, Anton

January 2021

Detection of insider threats is vital within cybersecurity. Techniques for detection include honeytokens, which most often are resources that, through deception, seek to expose intruders. One kind of insider that is detectable via honeytokens is the masquerader. This project proposes implementing a masquerader detection technique where honeytokens are placed within users’ filesystems in such a way that they also provide Two Factor Authentication(2fa) functionality. If a user’s second factor – the honeytoken –is not accessed within a specified timeframe after login, this indicates a potential intrusion, and only a “fake” filesystem will remain available. An alert is also triggered. The intention is to deter insiders from masquerading since they are aware that they must access a uniquely located honeytokena fter logging in to the legitimate user’s account. The technique was evaluated via user-testing that included interviews, a checklist with requirements for feasibility, and a cyber-security expert’s opinion on the technique’s feasibility. The main question evaluated during the project was the feasibility of adding the proposed technique to a computer system’s protective capabilities. The results of the project indicated that the proposed technique is feasible. The project’s results were also compared with the results of prior related research. The project’s scope was limited to a Linux system accessed via SSH into a Bash terminal(non-GUI-compatible), and the implemented technique was also evaluated within such an environment.

Cyber security deception

two-factor authentication(2fa)

honeytoken

misinformation

intrusion detection

Other Engineering and Technologies

Annan teknik

Implementing Honeypots to Build Risk Profiles for IoT Devices in a Home-Based Environment

Kula, Michal Damian

January 2021

Honeypots have been implemented in network security for years now, from the simplesystems where they could only mimic one vulnerable service and gather information aboutan intruder they have morphed in to advanced and complicated environments.Unfortunately, hackers have not left that untouched, and constantly try to detect honeypotsbefore being caught. This ongoing battle can be damaging to unexperienced internet users,who have no idea about securing devices in their small home-based network environment.The purpose of this research is to perform a technical study using IoT devices placed in a homeenvironment in a specially separated segment, and capture traffic between them and externalagents. This data is then analysed and used to build risk profiles of tested IoT devices aimingto provide security recommendations.The results indicate creating risk profiles for IoT devices could be used to gather more preciseinformation about external attacks and provide instant answer to what type of attacks couldbe generated against a selected IoT device. More development would be required to improvethis process, this includes redesign of the network and an automatic software-based toolcapable of generating risk profiles.

IoT

Honeypots

Cyber Security

Home-Based Honeypots

Security Profiles

Information Systems

A Novel Approach for Analyzing and Classifying Malicious Web Pages

Hiremath, Panchakshari N

18 May 2021

No description available.

Computer Science

Computer Engineering

Information Science

Information Technology

Informační bezpečnost jako ukazatel výkonnosti podniku / Information Security as an Indicator of Business Performance

Gancarčik, Rastislav

January 2017

The content of this thesis is a proposal of methodology for evaluating company's performance in areas of information security, while their performance will be judged based on compliance with standard ISO/IEC 27001:2013, Act no. 181/2014 Coll., Regulation 2016/679 of European Parliament and Directive 2016/1148 of the European Parliament. The proposal of this methodology is designed in a particular company which operates in the Czech Republic.

Návrh monitoringu kritické komunikační infrastruktury pro energetickou společnost / A concept of monitoring critical information infrastructure for energetic company

Ševčík, Michal

January 2018

Diploma thesis deals with monitoring critical infrastructure, critical information infrastructure and network monitoring in energetic industry. The goal is to create analytical environment for processing logs from the network, to map the most critical segments of the network and implementation of monitoring and network devices, that increase security and mitigate risks of security events or security incidents

Informační a kybernetické hrozby v roce 2019 / Information and Cyber Threats in 2019

Bača, Jonatán

January 2020

Diploma thesis focuses on information and cyber threats in 2019. It comprises theoretical basis for better understanding of the issue. Afterward the thesis describes the analysis of the current situation which combined several analyses primarily aimed on Czech companies. In the last part draft measures is created which contain predictions and preventive actions and recommendations for companies.

Zavedení standardu ISO 27701 do firmy využitím Gap analýzy / Implementation of standard ISO 27701 in the company using Gap analysis

Vicen, Šimon

January 2020

This thesis analyses current state of the system for implementation of standard ISO 27701: 2019 extention. This standard extends already established standard ISO 27001. The thesis evaluates set of controls to the requirements of standard ISO 27701: 2019. Theoretical part contains information regarding the information security, describes a set of ISO 27000 standards as well as European and Czech legal acts related to information security. Following analysis of the company is performed with the application of security measures while implementing the extension standard ISO 27701. Contribution of this thesis is evaluation of the analysis which results from implementation of recommended standard to address the increased number of security threats and the protection of security information.

Technika SQL injection - její metody a způsoby ochrany / SQL Injection Technique - its Methods and Methods of Protection

Bahureková, Beáta

January 2020

SQL injection is a technique directed against web applications using an SQL database, which can pose a huge security risk. It involves inserting code into an SQL database, and this attack exploits vulnerabilities in the database or application layer. The main goal of my thesis is to get acquainted with the essence of SQL injection, to understand the various methods of this attack technique and to show ways to defend against it. The work can be divided into these main parts, which I will discuss as follows.In the introductory part of the work I mention the theoretical basis concerning SQL injection issues. The next chapter is focused on individual methods of this technique. The analytical part is devoted to mapping the current state of test subjects, scanning tools, which form the basis for optimal research and testing of individual SQL methods, which are discussed in this part from a practical point of view along with the analysis of commands. In the last part I will implement SQL methods on selected subjects and based on the outputs I will create a universal design solution how to defend against such attacks.

Detecting Insider and Masquerade Attacks by Identifying Malicious User Behavior and Evaluating Trust in Cloud Computing and IoT Devices

Kambhampaty, Krishna Kanth

January 2019

There are a variety of communication mediums or devices for interaction. Users hop from one medium to another frequently. Though the increase in the number of devices brings convenience, it also raises security concerns. Provision of platform to users is as much important as its security. In this dissertation we propose a security approach that captures user behavior for identifying malicious activities. System users exhibit certain behavioral patterns while utilizing the resources. User behaviors such as device location, accessing certain files in a server, using a designated or specific user account etc. If this behavior is captured and compared with normal users’ behavior, anomalies can be detected. In our model, we have identified malicious users and have assigned trust value to each user accessing the system. When a user accesses new files on the servers that have not been previously accessed, accessing multiple accounts from the same device etc., these users are considered suspicious. If this behavior continues, they are categorized as ingenuine. A trust value is assigned to users. This value determines the trustworthiness of a user. Genuine users get higher trust value and ingenuine users get a lower trust value. The range of trust value varies from zero to one, with one being the highest trustworthiness and zero being the lowest. In our model, we have sixteen different features to track user behavior. These features evaluate users’ activities. From the time users’ log in to the system till they log out, users are monitored based on these sixteen features. These features determine whether the user is malicious. For instance, features such as accessing too many accounts, using proxy servers, too many incorrect logins attribute to suspicious activity. Higher the number of these features, more suspicious is the user. More such additional features contribute to lower trust value. Identifying malicious users could prevent and/or mitigate the attacks. This will enable in taking timely action against these users from performing any unauthorized or illegal actions. This could prevent insider and masquerade attacks. This application could be utilized in mobile, cloud and pervasive computing platforms.

cloud computing

cyber attacks

cyber security

machine learning

network security

user behavior trust

Posouzení a návrh informační bezpečnosti v organizaci / Assessment and a Proposal for Information Security in the Organization

Rybáková, Alena

January 2015

This diploma thesis deals with the issue of information security in the organization. Author's effort is to gain a broad overview of connections, which will then be evaluated in the final section, providing concrete recommendations. In this thesis it is discussed information security management system, service management system and cyber security, both in theory and in terms of real application in a particular organization. The aim is to provide own recommendations for improvement.