Zvýšení bezpečnosti nasazením SIEM systému v prostředí malého poskytovatele internetu / Security Enhancement Deploying SIEM in a Small ISP Environment

Bělousov, Petr

January 2019

Diplomová práce se zaměřuje na zvýšení bezpečnosti v prostředí malého poskytovatele internetu nasazením SIEM systému. Dostupné systémy jsou porovnány a zhodnoceny v souladu s požadavky zadávající firmy. Projekt nasazení systému SIEM je navržen, implementován a zhodnocen v souladu s unikátním prostředím firmy.

Bezpečnostní cvičení pro etický hacking / Security exercises for ethical hacking

Paučo, Daniel

January 2020

This master thesis deals with penetration testing and ethical hacking. Regarding to the layout of the thesis there was prepared appropiate enviroment to realize Red/Blue team exercise, where Red team is in a role of the attacker and Blue team is in a role of defender of the network infrastructure. Whole infrastructure is implemented in a cloud virtual enviroment of VMware vSphere. Second part of the thesis consists of preparation and creation of the exercise to test web application security. Third part of the thesis is dedicating to the automatization of redteaming. Main focus of this master thesis is to demonstrate different attack vectors how to attack the network infrastructure and web applications and use of the defense mechanisms to avoid this kinds of attacks.

Zvýšení bezpečnostního povědomí ve společnosti / Increasing security awareness in the company

Novák, Petr

January 2021

The master’s thesis is focused on increasing security awareness in the company. The first chapter contains the theoretical background, which is necessary for creating a security education system. The second chapter deals with the analysis of the current situation, which is needed for determinating the need to increase security awareness. The third and last chapter contains the design of the education system itself.

A Hacker-Centric Perspective to Empower Cyber Defense

January 2020

abstract: Malicious hackers utilize the World Wide Web to share knowledge. Previous work has demonstrated that information mined from online hacking communities can be used as precursors to cyber-attacks. In a threatening scenario, where security alert systems are facing high false positive rates, understanding the people behind cyber incidents can help reduce the risk of attacks. However, the rapidly evolving nature of those communities leads to limitations still largely unexplored, such as: who are the skilled and influential individuals forming those groups, how they self-organize along the lines of technical expertise, how ideas propagate within them, and which internal patterns can signal imminent cyber offensives? In this dissertation, I have studied four key parts of this complex problem set. Initially, I leverage content, social network, and seniority analysis to mine key-hackers on darkweb forums, identifying skilled and influential individuals who are likely to succeed in their cybercriminal goals. Next, as hackers often use Web platforms to advertise and recruit collaborators, I analyze how social influence contributes to user engagement online. On social media, two time constraints are proposed to extend standard influence measures, which increases their correlation with adoption probability and consequently improves hashtag adoption prediction. On darkweb forums, the prediction of where and when hackers will post a message in the near future is accomplished by analyzing their recurrent interactions with other hackers. After that, I demonstrate how vendors of malware and malicious exploits organically form hidden organizations on darkweb marketplaces, obtaining significant consistency across the vendors’ communities extracted using the similarity of their products in different networks. Finally, I predict imminent cyber-attacks correlating malicious hacking activity on darkweb forums with real-world cyber incidents, evidencing how social indicators are crucial for the performance of the proposed model. This research is a hybrid of social network analysis (SNA), machine learning (ML), evolutionary computation (EC), and temporal logic (TL), presenting expressive contributions to empower cyber defense. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020

Computer science

Artificial Intelligence

Cybersecurity

Darkweb

Machine Learning

Online Hacking Communities

Social Network Analysis

"More dangerous than guns and tanks" : How cybersecurity is framed by the EU and Sweden

Lindvall, Erik

January 2020

The purpose of this thesis is to study the way the European Union and Sweden respectively frame the subject of cybersecurity, to see whether their framing differs and what consequences that may have. In order to study this, the thesis will study the cybersecurity strategies of the European Union and Sweden through a discourse analysis according to the Copenhagen school’s theory of securitization. The purpose is to see what the two actors define as the object that needs to be secured, what threatens said object and what measures should be taken to secure it. To study the cybersecurity strategies, data will be gathered from the European Union’s Cybersecurity Act of 2019 and Sweden’s six cybersecurity priorities, alongside other policy papers deemed relevant. The two points will then be compared in order to see how the framing align or contrast, to see what consequences that may bring.

Cybersecurity

cyberattacks

cyberthreats

cyberspace

European Union

Sweden

securitization

discourse analysis

Political Science

Statsvetenskap

Explainable Neural Networks based Anomaly Detection for Cyber-Physical Systems

Amarasinghe, Kasun

01 January 2019

Cyber-Physical Systems (CPSs) are the core of modern critical infrastructure (e.g. power-grids) and securing them is of paramount importance. Anomaly detection in data is crucial for CPS security. While Artificial Neural Networks (ANNs) are strong candidates for the task, they are seldom deployed in safety-critical domains due to the perception that ANNs are black-boxes. Therefore, to leverage ANNs in CPSs, cracking open the black box through explanation is essential. The main objective of this dissertation is developing explainable ANN-based Anomaly Detection Systems for Cyber-Physical Systems (CP-ADS). The main objective was broken down into three sub-objectives: 1) Identifying key-requirements that an explainable CP-ADS should satisfy, 2) Developing supervised ANN-based explainable CP-ADSs, 3) Developing unsupervised ANN-based explainable CP-ADSs. In achieving those objectives, this dissertation provides the following contributions: 1) a set of key-requirements that an explainable CP-ADS should satisfy, 2) a methodology for deriving summaries of the knowledge of a trained supervised CP-ADS, 3) a methodology for validating derived summaries, 4) an unsupervised neural network methodology for learning cyber-physical (CP) behavior, 5) a methodology for visually and linguistically explaining the learned CP behavior. All the methods were implemented on real-world and benchmark datasets. The set of key-requirements presented in the first contribution was used to evaluate the performance of the presented methods. The successes and limitations of the presented methods were identified. Furthermore, steps that can be taken to overcome the limitations were proposed. Therefore, this dissertation takes several necessary steps toward developing explainable ANN-based CP-ADS and serves as a framework that can be expanded to develop trustworthy ANN-based CP-ADSs.

Explainable Artificial Intelligence

Machine Learning

Artificial Neural Networks

Safety-Critical Systems

Cybersecurity

Artificial Intelligence and Robotics

NATO and Offensive Cybersecurity: A Strategic Analysis / NATO and Offensive Cybersecurity: A Strategic Analysis

Lopes Carvalho Viana, André

January 2018

This thesis presents a strategic analysis on the possibility of use of offensive cyber capabilities by NATO in its defensive efforts. There is a vast array of academic literature regarding the strategic value of the use of offensive capabilities in cybersecurity, and NATO's cyber posture, however, there is little available regarding the relationship between both. Through the use of tools borrowed from Strategic Studies, this thesis attempts to determine whether it is possible to formulate valid cybersecurity strategies for the use of offensive cyber capabilities from the combination of known academic concepts with current NATO capabilities. The thesis also analyzes the possible implications of using such strategies as well as the underlying causes of their potential success or failure. Viana, André Lopes C. NATO and Offensive Cybersecurity: A Strategic Analysis, [number of pages]p. Master Thesis. Charles University, Faculty of Social Sciences, Institute of Political Studies. Supervisor PhDr. Vít Střítecký, M.Phil., Ph.D.

Blockchain v národní bezpečnosti / Blockchain in National Security

Pavliv, Katerina

January 2020

The given work is dedicated to the provision of the evaluation on the effectiveness of Blockchain if applied within national security. The research is done through the summative evaluation approach, which allows to estimate the studied phenomenon in one realm in terms of its level of usefulness and transfer the findings to the framework of the thesis on the basis of the main methodological hypothesis. The research comprises the analysis and evaluation of the Blockchain environment, levels of operation, existing normative clash, the componential issues of the latter, provision of the final perspectives of the potential incorporation of the Blockchain technologies into national security with the discussion on the possible application, benefits of the platform, its social and technical vulnerabilities, and limitations.

Är gymnasieskolans digitala säkerhet tillräcklig? : Risk- och sårbarhetsanalys, ur ett informationssäkert perspektiv / Is the Swedish highschooldigital security adequate? : Risk and Vulnerability assesment

Rahimi, Farhad, Isufi, Mevlyde

January 2020

This work presents a study of how information security has been implemented in the municipal high school. The study covers applications' resistance to intrusion, hardware security, students & the IT department's overall competence, also requirements for confidentiality in relation to municipal and state guidelines. The study includes field visits that have been carried out at two municipal high schools with technical vulnerabilities in focus. Based on this study, a risk and vulnerability analysis and an action plan for identified risks are presented.

Cybersecurity

Highschool

Phishing

Pentesting

Vulnerability

Cloud

Informationssäkerhet

Gymnasieskola

Sårbarhet

Molnet

Engineering and Technology

Teknik och teknologier

Performance of DevOps compared to DevSecOps : DevSecOps pipelines benchmarked!

Björnholm, Jimmy

January 2020

This paper examines how adding security tools to a software pipeline affect the build time. Software development is an ever-changing field in a world where computers are trusted with almost everything society does. Meanwhile keeping build time low is crucial, and some aspects of quality assurance have therefore been left on the cutting room floor, security being one of the most vital and time-consuming. The time taken to scan for vulnerabilities has been suggested as a reason for the absence of security tests. By implementing nine different security tools into a generic DevOps pipeline, this paper aimed to examine the build times quantitatively.              The tools were selected using the OWASP Top Ten, coupled with an ISO standard, as a guideline. OWASP Juice Shop was used as the testing environment, and the scans managed to find most of the vulnerabilities in the Vulnerable Web Application. The pipeline was set up in Microsoft Azure and was configured in .yaml files. The resulting scan durations show that adding security measures to a build pipeline can add as little as 1/3 of the original build time.

Software Engineering

Programvaruteknik

Computer Engineering

Datorteknik