Global ETD Search

111	Dynamic Programming under Parametric Uncertainty with Applications in Cyber Security and Project Management Hou, Chengjun 01 October 2015 (has links) No description available. Industrial Engineering Operations Research Cyber security Dynamic programming Markov decision processes Parametric uncertainty Project management
112	Cyber Security Threat Analysis and Attack Simulation for Unmanned Aerial Vehicle Network Javaid, Ahmad Yazdan January 2015 (has links) No description available. Computer Engineering Cyber-Security Attack simulation Simulation testbed development Unmanned aerial network
113	Asserting password crackers ability to target Swedish passwords : An analysis / Lösenordsknäckares förmåga att attackera svenska lösenord Jensen, Casper January 2023 (has links) In today's digital world, passwords are the keys that unlock our online lives, keeping our social media, financial accounts, and streaming services secure. Unfortunately, this makes password information a prime target for hackers, who can gain access to our entire digital existence. One significant vulnerability is that an individual's language and cultural background often influence password creation. This master's thesis explores the realm of password security by examining the ability of popular password cracking and mangling tools to target passwords created by Swedish speakers. The study compares attacks on passwords created by Swedish speakers to those created by international users. The tools under scrutiny include Probabilistic Context Free Grammar (PCFG), Ordered Markov Enumerator (OMEN), Odinn, and Hashcat. The study also examines a method for measuring the quality of the tools' password guesses. The findings revealed a noteworthy trend: all the tools demonstrated better performance when attacking passwords created by Swedish speakers compared to their international counterparts. PCFG, in particular, was nearly twice as effective against Swedish passwords after just 10,000 guesses, while OMEN outperformed significantly against Swedish targets after 1-5 million guesses. The quality measurements, gauged by the percentage of cracked passwords after specific guess increments of 10,000, 1-5 million, and 1 billion were used to evaluate the effectiveness of the tools. This research highlights the nuanced dynamics of password security, emphasizing the impact of linguistic and cultural factors on the vulnerability of passwords. cyber security passwords it-security swedish passwords Engineering and Technology Teknik och teknologier
114	Approximation-based monitoring of ongoing model extraction attacks : model similarity tracking to assess the progress of an adversary / Approximationsbaserad monitorering av pågående modelextraktionsattacker : modellikhetsövervakning för att uppskatta motståndarens framsteg Gustavsson, Christian January 2024 (has links) Many organizations turn to the promise of artificial intelligence and machine learning (ML) as its use gains traction in many disciplines. However, developing high-performing ML models is often expensive. The design work can be complicated. Collecting large training datasets is often costly and can contain sensitive or proprietary information. For many reasons, machine learning models make for an appetizing target to an adversary interested in stealing data, model properties, or model behavior. This work explores model extraction attacks and aims at designing an approximation-based monitor for tracking the progress of a potential adversary. When triggered, action can be taken to address the threat. The proposed monitor utilizes the interaction with a targeted model, continuously training a monitor model as a proxy for what the attacker could achieve, given the data gathered from the target. The usefulness of the proposed monitoring approach is shown for two experimental attack scenarios. One explores the use of parametric and Bayesian models for a regression case, while the other explores commonly used neural network architectures for image classification. The experiments expand current monitoring research to include ridge regression, Gaussian process regression, and a set of standard variants of convolutional neural networks: ResNet, VGG, and DenseNet. It also explores model and dataset similarity using metrics from statistical analysis, linear algebra, optimal transport, and a rank score. / Många organisationer vänder sig till löftet om artificiell intelligens och maskininlärning (ML) då dess användning vinner mark inom allt fler discipliner. Att utveckla högpresterande ML-modeller är dock ofta kostsamt. Designarbetet kan vara komplicerat. Att samla in stora träningsdataset är ofta dyrt och kan innehålla känslig eller proprietär information. Det finns många skäl till att maskininlärningsmodeller kan vara lockande mål för en motståndare som är ute efter att stjäla data, modellparametrar eller modellbeteende. Det här arbetet utforskar modellextraktionsattacker och syftar till att utforma en approximationsbaserad monitorering som följer framstegen för en potentiell motståndare. När en attack är konstaterad kan åtgärder vidtas för att hantera hotet. Den föreslagna monitorn utnyttjar interaktionen med målmodellen. Den tränar kontinuerligt en monitor-modell som en fungerar som en approximation för vad angriparen skulle kunna uppnå med de data som samlats in från målmodellen. Nyttan av den föreslagna övervakningsansatsen visas för två experimentella attackscenarier. Det ena utforskar användningen av parametriska och Bayesianska modeller för ett regressionsfall, medan det andra utforskar vanligt använda neurala nätverksarkitekturer för ett bildklassificeringsfall. Experimenten utvidgar aktuell forskning kring monitorer till att att inkludera Ridge regression, Gauassian process regression och en uppsättning standardvarianter av convolutional neural networks: ResNet, VGG och DenseNet. Experimenten utforskar även likhet mellan ML-modeller och dataset med hjälp av mått från statistisk analys, linjär algebra, optimal transport samt rangapproximation. machine learning cyber security model extraction attack Engineering and Technology Teknik och teknologier
115	Strengthening the Cyber-Physical Resilience of Active Distribution Systems Gao, Xue 01 January 2024 (has links) (PDF) Inverter-based Distributed Energy Resources (DERs) have experienced a significant rise in popularity due to their distinct advantages, such as improved power quality, advanced functionalities, and rapid response capabilities. These attributes make them particularly well-suited for modern power systems, where the growing demand for efficiency, flexibility, and reliability is crucial. As a result, the integration of inverter-based DERs into distribution networks has been steadily increasing, as they play a critical role in enhancing system performance and meeting the evolving requirements of contemporary power infrastructures. However, the integration of inverter-based DERs presents several challenges that must be addressed for effective implementation. One significant challenge is the accurate modeling of DERs. Currently, these resources are generally represented as traditional PQ or PV buses at the system level. This approach, however, fails to capture their dynamic characteristics and capabilities, potentially leading to a failure in reflecting the actual behavior of DERs during system-level analysis. Therefore, it is essential to develop models that are able to accurately represent the functionality of inverter-based DERs to enhance the effectiveness of system analysis. Another major challenge involves the cybersecurity of DER communication networks. These networks rely on numerous sensors and actuators for real-time monitoring and control, which increases their vulnerability to cyber threats. Given the low inertia of inverters, such threats can result in severe consequences, including disconnections of DERs or even large-scale outages. Consequently, it is crucial to assess the cyber risks associated with DER cyber networks and implement robust security measures to ensure reliable operation and enhance the overall resilience of distribution systems. This dissertation presents a series of research works aimed at addressing the challenges discussed previously. The first work develops a hierarchical restoration framework that integrates grid-edge DERs, clarifying DER control functionality from the system level down to the device level. The second work proposes a risk assessment framework specifically designed for networks with high DER penetration. This framework assesses attack probability based on component vulnerability and criticality, and quantifies the potential impact according to DER control applications and the communication network’s propagation patterns. This work identifies the most vulnerable components and provides guidelines for future security enhancements. The third work creates a co-simulation platform for cyber-physical power systems, facilitating security analyses of these systems. Finally, the fourth work introduces a post-attack restoration model that manages system recovery while accounting for potential compromises within the cyber network. Simulation results demonstrate the effectiveness of these proposed approaches, indicating their functionality in strengthening the cyber-physical resilience of active distribution systems. Distributed Energy Resource risk assessment post-attack restoration co-simulation platform cyber security resilience
116	Zákon o kybernetické bezpečnosti a jeho dopady na povinné subjekty / The Cyber Security Act and its impacts on obliged entities Draganov, Vojtěch January 2016 (has links) The thesis looks into the act No. 181/2014 Coll. Cyber Security Act (hereinafter referred to as "CSA") and its impact on obliged entities with focus on the regional authorities of the Czech Republic. The thesis starts with introduction into the issue of the CSA and cybersecurity from the point of view of the state, subsequently it refocuses on the level of regulated organizations. The main pillar and contribution of the thesis is the CSA analysis with the aim to identify impact of the CSA in the obliged entities. Based on this analysis author designed the questionnaire survey of the CSA impact on the regional authorities. The survey relates to information security management system, kinds of burden stemmed from the CSA implementation, willingness to use funding from the European Regional Development Fund (ERDF) to implement the CSA, a possibility to outsource the cybersecurity and also opinions of the county council staff about the CSA. The survey shows that in spite of a pressure on standardization stemming from legal framework, county councils differs significantly in regard to information security management systems. On the other hand, respondents agreed on positive impact of the CSA on improvement of information and the cyber security although the CSA brings significant financial and organizational load to the organization. The survey also shows that some regional authorities only start to implement cybersecurity currently. The cybersecurity evolves in the researched organization quite dynamically and it would be beneficial to repeat the impact analyses again, after first wave of the CSA implementation will be finished.
117	Metodika asistovaného zhodnocení / Methodology of a security audit Kroupová, Hana January 2019 (has links) The master‘s thesis is focused on security audit. The aim of this thesis is to create methodology, which might help with creating security audits and research current condition of cybernetic and information security in a business establishment. Theoretical part explains basic terms and concepts about cyber and information security. Own interpretation consist description of methodological areas of security audit.
118	Implementace nástroje pro řízení kybernetické bezpečnosti / Implementation of a tool for cyber security management Strachová, Zuzana January 2021 (has links) The thesis is focused on the implementation of a software tool to increase the effectiveness of cyber security management. The tool is implemented in a company preparing to be classified as a part of critical information infrastructure. Based on the customer's requirements, a suitable cyber security management tool is selected. Subsequently, I propose a methodology for implementing the tool, which I immediately apply. The output of the work is an implemented tool, risk analysis and security documentation required by law.
119	Cyber Supply Chain Security and the Swedish Security Protected Procurement with Security Protective Agreement Dios Falk, Carina January 2023 (has links) Digitalisation and globalisation are increasing the number of integrated and interconnected information technology (IT) systems worldwide. Consequently, these relationships and dependencies develop technological relationships through their services. Identifying all these relations is for organisations a challenge and complex since it involves millions of source code lines and global connections. For this reason, cyber supply chain risk management (C-SCRM) is becoming ever more critical for organisations to manage risks associated with information technology and operational technology (OT). At the same time, during a press conference, the Swedish Minister for Defense Peter Hultquist estimated that there are approx. 100.000 cyber activities against Swedish targets every year that targets both the Private and Public sector. In response to the evolving threat landscape, Sweden is experiencing a paradigm shift in protective security processes with new legislation entering into force that aims to protect Sweden's security against espionage, sabotage, terrorist offences and other crimes against national security. These rules on protective security, the Protective Security Act (2018:585) and Protective Security Ordinance (2021:955) apply to operators that are important for Sweden's national security and affect how public procurement processes are regulated. This thesis aims to study how the Swedish Security Protected Procurement with Security Protective Agreements (SUA) process and Cyber Supply Chain Risk Management (C-SCRM) relate and to understand what practices increase and decrease the level of C-SCRM in the current SUA process. The research questions are Q1) How does the SUA process relate to C-SCRM? and Q2) How does the SUA process affect the level of C-SCRM? This research paper contributes to understanding C-SCRM in the context of the Swedish Security Protected Procurement with Security Protective Agreements (SUA). To answer the research questions a Case study strategy was used, and interviews were conducted with eight key experts as well as a document analysis. The results showed that audit, regulation and people and processes are essential to managing C-SCRM and that processes within other international models, including the CMMC and Cyber Essential Plus, should be adopted to the SUA process to better manage cyber supply chain risks. Cyber Security Protective Security Public Procurement Cyber Supply Chain Security Swedish National Security Risk Management Cyber Security Risk Management NIST 800-161 ISO/IEC 27036 NISTIR 8276 Computer Sciences Datavetenskap (datalogi)
120	Evropská právní úprava kyberzločinů s porovnáním právní úpravy kyberzločinů ve Spojených státech amerických / European legal regulation of cybercrimes in a comparison with the legal regulation of cybercrimes in the USA Nováčková, Eliška January 2015 (has links) 6 Abstract Thesis title: European legal regulation of cybercrimes in a comparison with the legal regulation of cybercrimes in the USA The diploma thesis deals with the legislation of cybercrime and cyber security of the United States of America and the European Union. The introduction defines the basic concepts and important moments of history of related legislation and discusses key policy documents adopted in the transatlantic area. It also presents the politics of these two units and their key legislation and describes the international Convention on Cybercrime. Selected documents are subsequently compared and evaluated in the context of legal terminology, technological development and application of regulations in practice. The thesis is concluded by the basic steps of transatlantic cooperation on issues of cyber security. The conclusion summarizes the lessons learned by comparing documents, particularly international emphasis on ratification of the Convention on Cybercrime and adequate levels of awareness of cyber space, and highlights some terminological inaccuracies. Keywords Cyber threats * cyber security * cybercrime * international cooperation * strategic documents

Search results