• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 252
  • 34
  • 11
  • 10
  • 8
  • 6
  • 4
  • 2
  • 2
  • 1
  • Tagged with
  • 450
  • 167
  • 151
  • 149
  • 126
  • 89
  • 73
  • 67
  • 65
  • 59
  • 57
  • 56
  • 52
  • 51
  • 51
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
11

Cybersecurity Management System: Defense and Response

Huang, Chenxiang 19 January 2023 (has links)
Cybersecurity attacks such as phishing, malware, and ransomware have become a major concern in recent years, with many individuals and organizations suffering financial losses as a result. Most people are unaware of the different types of cybersecurity attacks and have not seen examples of them. To address this problem, we developed the Cybersecurity Management System: Defense and Response (CMSDR) cloud software application. It provides both the "Defense" and "Response" to cybersecurity attacks, with educational materials and examples to help users learn about different types of cybersecurity attacks, and a computer-aided reporting and notification system to help organizations respond to ongoing incidents. CMSDR is a universal application that can be used on any platform with a web browser. Any company or organization can effectively run CMSDR on their own server computer for cybersecurity defense and response. / Master of Science / Cybersecurity has become a major concern in recent years as many individuals and organizations have suffered financially from cybersecurity attacks like phishing, malware, and ransomware. This thesis seeks to provide a solution to the emerging number of cybersecurity breaches by introducing Cybersecurity Management System: Defense and Response (CMSDR) cloud software application that features "Defense" and "Response" to cybersecurity attacks. For "Defense", it aims to guide the users of the common types of cybersecurity attacks following the pedagogy "Learning by Examples" by providing cybersecurity examples to support the learning. For "Response", it aims to provide a system that features computer-aided reporting and notification of cybersecurity breaches in a company or organization. The software application is universally usable on any platform with a web browser. With the help of CMSDR, users receive proper education of the types of cybersecurity attacks to raise awareness. Organizations can report and notify ongoing cybersecurity breach incidents to their members easily and effectively.
12

Towards eXplainable Artificial Intelligence (XAI) in cybersecurity

Lopez, Eduardo January 2024 (has links)
A 2023 cybersecurity research study highlighted the risk of increased technology investment not being matched by a proportional investment in cybersecurity, exposing organizations to greater cyber identity compromise vulnerabilities and risk. The result is that a survey of security professionals found that 240\% expected growth in digital identities, 68\% were concerned about insider threats from employee layoffs and churn, 99\% expect identity compromise due to financial cutbacks, geopolitical factors, cloud adoption and hybrid work, while 74\% were concerned about confidential data loss through employees, ex-employees and third party vendors. In the light of continuing growth of this type of criminal activity, those responsible for keeping such risks under control have no alternative than to use continually more defensive measures to prevent them from happening and causing unnecessary businesses losses. This research project explores a real-life case study: an Artificial Intelligence (AI) information systems solution implemented in a mid-size organization facing significant cybersecurity threats. A holistic approach was taken, where AI was complemented with key non-technical elements such as organizational structures, business processes, standard operating documentation and training - oriented towards driving behaviours conducive to a strong cybersecurity posture for the organization. Using Design Science Research (DSR) guidelines, the process for conceptualizing, designing, planning and implementing the AI project was richly described from both a technical and information systems perspective. In alignment with DSR, key artifacts are documented in this research, such as a model for AI implementation that can create significant value for practitioners. The research results illustrate how an iterative, data-driven approach to development and operations is essential, with explainability and interpretability taking centre stage in driving adoption and trust. This case study highlighted how critical communication, training and cost-containment strategies can be to the success of an AI project in a mid-size organization. / Thesis / Doctor of Science (PhD) / Artificial Intelligence (AI) is now pervasive in our lives, intertwined with myriad other technology elements in the fabric of society and organizations. Instant translations, complex fraud detection and AI assistants are not the fodder of science fiction any longer. However, realizing its bene fits in an organization can be challenging. Current AI implementations are different from traditional information systems development. AI models need to be trained with large amounts of data, iteratively focusing on outcomes rather than business requirements. AI projects may require an atypical set of skills and significant financial resources, while creating risks such as bias, security, interpretability, and privacy. The research explores a real-life case study in a mid-size organization using Generative AI to improve its cybersecurity posture. A model for successful AI implementations is proposed, including the non-technical elements that practitioners should consider when pursuing AI in their organizations.
13

MARCS: Mobile Augmented Reality for Cybersecurity

Mattina, Brendan Casey 19 June 2017 (has links)
Network analysts have long used two-dimensional security visualizations to make sense of network data. As networks grow larger and more complex, two-dimensional visualizations become more convoluted, potentially compromising user situational awareness of cyber threats. To combat this problem, augmented reality (AR) can be employed to visualize data within a cyber-physical context to restore user perception and improve comprehension; thereby, enhancing cyber situational awareness. Multiple generations of prototypes, known collectively as Mobile Augmented Reality for Cyber Security, or MARCS, were developed to study the impact of AR on cyber situational awareness. First generation prototypes were subjected to a formative pilot study of 44 participants, to generate user-centric performance data and feedback, which motivated the design and development of second generation prototypes and provided initial insight into the potentially beneficial impact of AR on cyber situational awareness. Second generation prototypes were subjected to a summative secondary study by 50 participants, to compare the impact of AR and non-AR visualizations on cyber situational awareness. Results of the secondary study suggest that employing AR to visualize cyber threats in a cyber-physical context collectively improves user threat perception and comprehension, indicating that, in some cases, AR security visualizations improve user cyber situational awareness over non-AR security visualizations. / Master of Science / Augmented Reality can be a powerful medium with which to communicate visual information to human beings. By overlaying digital projections on the visual world, augmented reality can leverage the context of the natural world to intuitively communicate information to people who may not have an innate understanding of the underlying data. Mobile augmented reality for cybersecurity (MARCS) visualizes cybersecurity information using augmented reality to give users a unique perspective of cybersecurity information. Experimentation yielded quantitative and qualitative data that suggest that MARCS positively impacted user awareness of cybersecurity data implicating augmented reality as a viable visualization strategy for cyber and network security data.
14

Ataques adversarios en redes neuronales: análisis de transferabilidad y generación de imágenes adversarias mediante modelos difusos

Álvarez Keskinen, Enrique 12 July 2024 (has links)
La seguridad informática siempre ha ido asociada a los avances tecnológicos, desde los años 60 protegiendo los sistemas de forma física impidiendo su acceso hasta nuestros días en los que se utiliza la inteligencia artificial para detectar comportamientos anómalos en redes, detectar malware o dar soporte a sistemas de acceso restringido. Según Cybercrime Magazine, el impacto económico que tendrá el cibercrimen en el mundo en cinco años (2020-2025) será de aproximadamente 10 billones de dólares anuales aumentando un 15% anual. Así mismo, se espera un gasto en defensa mayor con un incremento anual de un 13 %. La IA ha tomado un papel fundamental en la detección, protección y predicción de incidentes a medida que los modelos han ido mejorando y la potencia de sistemas de cómputo han permitido un volumen mayor de datos para el entrenamiento. Actualmente la inteligencia artificial está logrando resultados sorprendentes, podemos ver como ChatGPT es capaz de generar textos, responder a preguntas complejas o generar código de programación. Dall E 2 genera imágenes de alta resolución respondiendo a complejos prompts, desde dibujos animados a todo tipo de representaciones realistas. Existen otros tipos de modelos, quizás menos mediáticos, que también han alcanzado resultados notables. Los modelos de clasificación de imágenes, detección de malware, detección de objetos o identificación biométrica son algunos ejemplos. Si bien es cierto que la IA no está exenta de polémicas relacionadas con la protección de datos o sobre su uso ético. Numerosos países y organizaciones han mostrado sus preocupaciones de cómo estas tecnologías pueden afectar a las sociedades debido a los sesgos que introducen y sobre cómo pueden impactar en los derechos humanos. En este contexto de IA y seguridad se desarrolla esta tesis. Los modelos de inteligencia artificial son vulnerables a distintos tipos ataques como Data Poisoning, Model Stealing, Model Inversion o Adversarial Attacks. En este trabajo nos enfocamos en analizar las vulnerabilidades presentes en los modelos de clasificación de imágenes y concretamente en los ataques adversarios. Dichos ataques fueron descubiertos en 2013 y desde entonces se han desarrollado múltiples técnicas y tipos de algoritmos, así como defensas o métodos para crear modelos más robustos y resistentes. En esta tesis analizamos la capacidad de los ataques adversarios para afectar a un modelo de inteligencia artificial específico y luego transferir ese conocimiento para atacar con éxito a otros modelos similares.
15

The institutionalization of cybersecurity management at the EU-Level : 2013-2016

Backman, Sarah January 2016 (has links)
International cybersecurity is arguably one of the most serious, complex and recent security-issues of our time. The connectivity between EU member states regarding cybersecurity due to the borderless nature of cyber, together with increasing threat-levels, has made the need for a common response widely acknowledged in the EU for several years. Even so, a common EU cybersecurity response involves problems such as reluctance of member states to share information, that cybersecurity management is linked to national security and therefore touches upon sovereignty, and different levels of cybersecurity development between member states. Despite this, the Network and Information Security Directive was adopted by the European Council in May 2016, involving EU-wide binding rules on cybersecurity. This thesis examines and explains, through a neo-functionalistic approach, how and why this development towards supranational management of cybersecurity in the EU has happened. The author finds that cybersecurity management seems to have institutionalized from a nascent phase during 2013, moving towards an ascendant phase during the end of 2013 and 2014, to end up between an ascendant and a mature phase during 2015 and 2016 – which makes the adoption of the NIS-directive logical. The neo-functionalistic explanation to the development of supranational cybersecurity management in the EU highlights the role of the Commission as a ‘policy entrepreneur’ and the publication of the EU cybersecurity strategy, accompanied by the proposal for the NISdirective in 2013. These regulatory outputs sparked further institutionalization by providing many opportunities and venues for member states to interact and build networks on cybersecurity issues, by initiatives with normative impact to foster an EU ‘cybersecurity community’, by the continuous strengthening of supranational cybersecurity actors such as ENISA, and by supranational cybersecurity cooperation platforms, such as the NIS-platform and the European Private Public Partnership on cybersecurity. Between 2013 and 2016, 21 EU Member States published national cybersecurity strategies, almost all referring clearly to their commitment to EU cybersecurity initiatives. This provides an indicator of a high level of legitimacy of supranational cybersecurity management. However, the thesis also finds that the strongest supporters of EU cybersecurity management are not the most powerful member states but rather the smaller ones. While not expressing a strong commitment to EU initiatives in cyber policy documents, the most powerful member states still agreed to the NIS-directive. This supports the neo-functionalist notion about the “stickiness” of an institutionalization-process, and the possibility that powerful states might have double paths, committing to EU regulation and institutionalization while still continuing their own way.
16

THE RELATIONSHIP BETWEEN ENGAGMENT LEVELS AND PLAYERS’ INTENDED BEHAVIORS IN GAME-BASED TRAINING FOR CYBERSECURITY.

Salameh, Rana 01 December 2019 (has links)
The purpose of this quantitative exploratory experimental design study was to examine the effects of end-user’s multi-dimension engagement (cognitive, affective, and behavioral) on their cybersecurity intended behaviors (coping and threat appraisals). Additionally, this study is an effort to understand how end-users’ engagement levels changed over multiple playing sessions. There were two research questions: (1) “Do engagement levels have a relationship with the players’ intended behaviors in a cybersecurity serious game?” and (2) “Does playing more sessions of cybersecurity serious game affect players’ engagement?” The protection motivation theory (PMT) was used to assess users’ intended behaviors for two factors: (a) coping appraisal, and (b) threat appraisal. While, the multi-dimension factors of engagement (MDFE) instrument was used to assess users’ multi-dimensions engagement levels (cognitive, affective, and behavior).A total of 122 participants fully completed the (a) pre_knowledge initial survey, (b) assigned training sessions, and (c) post-training surveys (MDFE and PMT). Descriptive analysis was used to assess participants’ background as age, gender, and pre-knowledge. A multiple linear regression analysis was conducted to determine whether a linear combination of the multi-dimensional engagement factors: cognitive, affective, and behavior (as predictors) could predict coping appraisal and threat appraisal as factors of intended behaviors. Also, an independent samples t-test was used to determine whether there would be statistically significant differences in the engagement levels (cognitive, affective, and behavior) between group A and group B that underwent three and five training sessions of gameplay, respectively.The result showed cognitive engagement (i.e., challenge, graphics, and attainable goals) was as significant predictor for end-users’ intended behaviors for both coping and threat appraisals. However, affective and behavioral engagement were not significant predictors for end-users’ intended behaviors (for both coping and threat appraisals). Moreover, the analysis showed that end-users’ engagement levels changed over multiple playing sessions. Group B, who underwent more training sessions, showed more engagement levels. These results have implications on cybersecurity serious game design to include cognitive activities (i.e., challenge, graphics, attainable goals) to assure participants’ engagement levels remain high. Similarly, incorporate activities to enhance players’ confidence and autonomy to assure participants are affectively engaged. And finally, multiple-players game design is recommended to achieve social engagement. Also, findings would be helpful in implementing how often to prescribe the training session. Finally, several implications have been suggested to serious games designers.
17

Impacts of Cybersecurity Practices on Cyberattack Damage and Protection Among Small and Medium Enterprises in Thailand

Thamrongthanakit, Thanintorn January 2023 (has links)
Small and medium enterprises (SMEs) are a significant factor that drives the global economy, especially in developing countries such as Thailand, where SMEs contribute more than one-third of the Thai GDP. With digital transformation allowing businesses to access new technologies easily, most SMEs have shifted from traditional businesses to digital businesses. However, adopting technologies without any protections could make SMEs become a target of cyberattacks. This study, therefore, aims to explore cyber securities that are used to protect against cyberattacks in Thai SMEs and also the challenges of implementing cybersecurity frameworks and controls in SMEs. The research questions of this study are “How do SMEs in Thailand protect their organization from cyberattacks?” and “What challenges do SMEs in Thailand face during implementing cybersecurity frameworks or controls?” A mixed method combining surveys for quantitative data and interviews for qualitative data was used in this study. The online survey questionnaires were used to find out the overview of cybersecurity in SMEs, followed by the semi-structured interview to investigate the challenges of implementing cybersecurity in SMEs. There were 75 SMEs participating in the survey along with three respondents working for SMEs and an IT consultant for SMEs participating in in-depth interviews. The quantitative data were analyzed with descriptive statistics, while the thematic analysis was used to analyze the quantitative data. The findings indicate that SMEs in Thailand implement some cybersecurity controls to protect their organization instead of complying with the cybersecurity standards or frameworks, such as ISO2700X series, NIST, and PCI DSS. However, SMEs are also concerned about the laws, including Thailand’s PDPA, Computer Crime Act, and Personal Information Act, to which they have to comply. In addition, the biggest challenge of implementing cybersecurity frameworks and controls in SMEs is lack of financial resources, as cybersecurity frameworks and controls require a lot of budget, tools, and also experts or consultants to implement.
18

Evaluating LLM based web application penetration testing: How does AI improve efficiency?

Brüsemeister, Patrick 10 May 2024 (has links)
Die vorliegende Arbeit untersucht die Verwendung von Large Language Models (LLMs) in Penetrationstests von Web-Anwendungen. Ziel ist es, die Arbeit von Penetrationstestern zu unterstützen und den Prozess zu beschleunigen, um Sicherheitslücken in Web-Anwendungen effektiver aufzudecken und zu beheben. Die Arbeit vergleicht verschiedene Ansätze und prüft, wie LLMs wie ChatGPT und andere die Effizienz des Penetrationstests verbessern können. Es wird evaluiert, ob durch die Anwendung von LLMs der notwendige Aufwand für Penetrationstests reduziert werden kann, um Sicherheitslücken in Web-Anwendungen effektiver aufzudecken und zu beheben. Die Arbeit leistet einen Beitrag zum Thema, indem sie die Möglichkeiten und Grenzen von LLMs im Kontext der Penetrationstestung untersucht, bewertet und den aktuellen Stand skizziert.:1 Intro 2 Basics 2 1 Web Application Security 2 2 Penetration Testing 2 3 Penetration Testing Standards 2 4 Penetration Testing Tools 2 5 Artificial Intelligence 2 6 Large Language Models 2 7 LLM prompting techniques 2 8 AI’s Growing Role in Cybersecurity 2 9 Penetration Testing and AI 2 10 Research Objectives and Scope 2 11 Significance of the Study and Research Question 2 12 Structure of the Thesis 3 Literature Review 4 Market Analysis 4 1 Use of LLMs in Combination with Existing Penetration Testing Software 4 2 Open-Source Solutions Leveraging LLMs 4 3 Commercial Solutions Leveraging LLMs for Cybersecurity purposes 4 4 ChatGPT-GPTs 4 5 Identifying the Need for Optimization in Penetration Testing Processes 4 6 Opinions of Penetration Testers on Generative AI Use 5 Methodology 5 1 Research Methods and Approaches 5 2 Benchmarks Used for Evaluation 6 Concept and Implementation 6 1 Limitations of LLMs 6 2 Deciding Which LLM Models to Use 6 3 Identifying and Executing Tasks with LLMs 6 4 Tailoring the LLM for Penetration Testing 6 5 Resource Requirements 7 Evaluation of LLMs for Penetration Testing 7 1 Interviews: Identifying the use of LLMs for Pentesting 7 2 Preparing the Test Environment 7 3 Evaluation of Command Generation 7 4 ChatGPT Assistant GPT 7 5 Google Gemini Advanced 7 6 Discussion of results 7 7 Answering the Research Question 7 8 Resulting Penetration Testing Workflow 8 Conclusion / The thesis examines the use of Large Language Models (LLMs) in web application penetration testing. The goal is to support penetration testers and accelerate the process, to identify and fix security vulnerabilities in web applications more effectively. The thesis compares different approaches and evaluates how LLMs, such as ChatGPT and others, can improve the efficiency of penetration testing. It is evaluated whether the application of LLMs can reduce the necessary effort for penetration testing, to more effectively identify and fix security vulnerabilities in web applications. The research contributes to the topic by investigating, evaluating, and outlining the possibilities and limitations of LLMs in the context of penetration testing.:1 Intro 2 Basics 2 1 Web Application Security 2 2 Penetration Testing 2 3 Penetration Testing Standards 2 4 Penetration Testing Tools 2 5 Artificial Intelligence 2 6 Large Language Models 2 7 LLM prompting techniques 2 8 AI’s Growing Role in Cybersecurity 2 9 Penetration Testing and AI 2 10 Research Objectives and Scope 2 11 Significance of the Study and Research Question 2 12 Structure of the Thesis 3 Literature Review 4 Market Analysis 4 1 Use of LLMs in Combination with Existing Penetration Testing Software 4 2 Open-Source Solutions Leveraging LLMs 4 3 Commercial Solutions Leveraging LLMs for Cybersecurity purposes 4 4 ChatGPT-GPTs 4 5 Identifying the Need for Optimization in Penetration Testing Processes 4 6 Opinions of Penetration Testers on Generative AI Use 5 Methodology 5 1 Research Methods and Approaches 5 2 Benchmarks Used for Evaluation 6 Concept and Implementation 6 1 Limitations of LLMs 6 2 Deciding Which LLM Models to Use 6 3 Identifying and Executing Tasks with LLMs 6 4 Tailoring the LLM for Penetration Testing 6 5 Resource Requirements 7 Evaluation of LLMs for Penetration Testing 7 1 Interviews: Identifying the use of LLMs for Pentesting 7 2 Preparing the Test Environment 7 3 Evaluation of Command Generation 7 4 ChatGPT Assistant GPT 7 5 Google Gemini Advanced 7 6 Discussion of results 7 7 Answering the Research Question 7 8 Resulting Penetration Testing Workflow 8 Conclusion
19

End-User Security & Privacy Behaviour on Social Media: Exploring Posture, Proficiency & Practice

Akbari Koochaksaraee, Amir 14 June 2019 (has links)
Security and privacy practices of end-users on social media are an important area of research, as well as a top-of-mind concern for individuals as well as organizations. In recent years, we have seen a sharp increase in data breaches and cyber security threats that have targeted social media users. Hence, it is imperative that we try to better understand factors that affect an end-user’s adoption of effective security safeguards and privacy protection practices. In this research, we propose and validate a theoretical model that posits several determinants of end-user security and privacy practices on social media. We hypothesize relationships among various cognitive, affective and behavioral factors identified under the themes of posture, proficiency, and practices. These constructs and hypotheses are validated through empirical research comprising an online survey questionnaire, and structural equation modeling (SEM) analysis. The key findings of this study highlight the importance of cyber threat awareness and social media security and privacy self-efficacy, which have a direct impact on end-user security and privacy practices. Additionally, our research shows that use of general technology applications for security and privacy impacts the adoption of security and privacy practices on social media. In totality, our research findings indicate that proficiency is a better predictor or security and privacy practices as compared to the posture of an end-user. Factors such as privacy disposition, privacy concerns, and perceived risk of privacy violations do not have as significant or direct effect on security and privacy practices. Based on our research findings, we provide some key take-aways in the form of theoretical contributions, suggestions for future research, as well as recommendations for organizational security awareness training programs.
20

In search of a cyber Manhattan Project : assorted thoughts on U.S. cyberattack by

Civins, Braden Eph 21 December 2011 (has links)
National discourse on cyberconflict has largely focused on defensive concerns, or protecting “critical infrastructure” from cyber threats. By contrast, the U.S. government’s employment of cyberattack is shrouded in secrecy and receives scant public attention. The seminal study on U.S. cyberattack, published by the National Academy of Sciences in 2009, noted that the clandestine nature of U.S. cyber operations hinders “widespread understanding and debate about the nature and implications of U.S. cyberattack.” This secrecy has contributed to a policy and legal framework for cyberattack that the NRC-NAS Report called “ill-formed, underdeveloped and highly uncertain.” Since the NRC-NAS Report was published, the U.S. government has signaled an unprecedented seriousness of purpose in addressing cyberconflict. It has marshaled its cyber resources under the leadership of a single “Cyber Command” and attempted to articulate formal “cyberstrategy.” Media reports from 2010-11 provide rare insight into cyberattack decision-making, and describe gradual development of policy and process for a specific type of cyberattack. The topic of U.S. cyberattack merits revisiting. This Report surveys the current international environment regarding cyberconflict, traces the development of “cyberstrategy” by the Executive Office of the President (EoP) and the Department of Defense (DoD) to make general points about the U.S. approach to cyberattack, and examines the statutory framework applicable to U.S. cyberattack in a narrow set of cases. This Report draws on news media reports about a series of cyberattack incidents to examine the dynamics of the cyberattack policy-making process, discusses recent attempts to address these issues, and summarizes lessons learned. / text

Page generated in 0.058 seconds