Global ETD Search

251	Analysis of Security Findings and Reduction of False Positives through Large Language Models Wagner, Jonas 18 October 2024 (has links) This thesis investigates the integration of State-of-the-Art (SOTA) Large Language Models (LLMs) into the process of reassessing security findings generated by Static Application Security Testing (SAST) tools. The primary objective is to determine whether LLMs are able to detect false positives (FPs) while maintaining a high true positive (TP) rate, thereby enhancing the efficiency and effectiveness of security assessments. Four consecutive experiments were conducted, each addressing specific research questions. The initial experiment, using a dataset of security findings extracted from the OWASP Bench- mark, identified the optimal combination of context items provided by the SAST tool Spot- Bugs, which, when used with GPT-3.5 Turbo, reduced FPs while minimizing the loss of TPs. The second experiment, conducted on the same dataset, demonstrated that advanced prompting techniques, particularly few-shot Chain-of-Thought (CoT) prompting combined with Self-Consistency (SC), further improved the reassessment process. The third experiment compared both proprietary and open-source LLMs on an OWASP Benchmark dataset about one-fourth the size of the previously used dataset. GPT-4o achieved the highest performance, detecting 80 out of 128 FPs without missing any TPs, resulting in a perfect TPR of 100% and a decrease in FPR by 41.27 percentage points. Meanwhile, Llama 3.1 70B detected 112 out of the 128 FPs but missed 10 TPs, resulting in a TPR of 94.94% and a reduction in FPR by 56.62 percentage points. To validate these findings in a real-world context, the approach was applied to a dataset generated from the open-source project Mnestix using multiple SAST tools. GPT-4o again emerged as the top performer, detecting 26 out of 68 FPs while only missing one TP, resulting in a TPR decreased by 2.22 percentage points but simultaneously an FPR decreased 37.57 percentage points.:Table of Contents IV List of Figures VI List of Tables VIII List of Source Codes IX List of Abbreviations XI 1. Motivation 1 2. Background 3 3. Related Work 17 4. Concept 31 5. Preparing a Security Findings Dataset 39 6. Implementing a Workflow 51 7. Identifying Context Items 67 8. Comparing Prompting Techniques 85 9. Comparing Large Language Models 101 10.Evaluating Developed Approach 127 11.Discussion 141 12.Conclusion 145 A. Appendix: Figures 147 A.1. Repository Directory Tree 148 A.2. Precision-Recall Curve of Compared Large Language Models 149 A.3. Performance Metrics Self-Consistency on Mnestix Dataset 150 B. Appendix: Tables 151 B.1. Design Science Research Concept 151 C. Appendix: Code 153 C.1. Pydantic Base Config Documentation 153 C.2. Pydantic LLM Client Config Documentation 155 C.3. LLM BaseClient Class 157 C.4. Test Cases Removed From Dataset 158
252	Možnosti zlepšení strategií pro kybernetickou bezpečnost / The potential improvement of the cyber security strategies Jandura, Lukáš January 2016 (has links) The thesis focusses on central nodes' dynamics in cyberspace, representing its key elements. Such approach derives from the theory of networks developed by Albert-László Barabási and it is conceptualised along with cyberspace in security studies and the role of a state in cyberspace. Main question, which is how to improve cybersecurity strategies, is answered by well-structured package of possible positions of a state towards central nodes. It asses the level of involvement in cyberspace, boundaries of intrusion into central nodes and acceptable tools usable against those which are not directly accessible. Powered by TCPDF (www.tcpdf.org)
253	Možnosti zlepšení strategií pro kybernetickou bezpečnost / The potential improvement of the cyber security strategies Jandura, Lukáš January 2016 (has links) The thesis is focused on central nodes' dynamics in cyberspace, representing its key elements. This approach is derived from the theory of networks developed by Albert-László Barabási and applied on different aspects of cyberspace, which brings different views at known events and issues and discovers relationship between central and common nodes. Cyberspace is perceived in its broadest shape as a fluid result of social constructivism influenced by behaviour of its users. Final outcomes are summarised to recommendations for a new approach to a cybersecurity strategy. Powered by TCPDF (www.tcpdf.org)
254	Personality Traits and Resistance to Online Trust Exploitation Vaishnavi Mahindra (16642734) 07 August 2023 (has links) <p>Social engineering attacks, especially trust exploitation, have become a focus of attention</p> <p>for cybercriminals attempting to manipulate or deceive users to take actions that further</p> <p>expose their vulnerabilities. This has also become a budding field for researchers as these</p> <p>interactions are based on complex social equations that are constantly taken advantage of.</p> <p>Identifying the "weakest link" is a popular method of identifying how these exploits take</p> <p>place, generally by observing when individuals fall for a social engineering attack. However,</p> <p>valuable insights may be used to harden security by observing patterns in users resistant</p> <p>or vigilant to these attacks. Primarily, this trend may be discovered in resistant users’</p> <p>personality traits. This has been found to be a more accurate indicator of behavior than</p> <p>self-reported intentions. Survey responses (n=120) indicate correlations between high test</p> <p>scores in trust exploitation exercises and Conscientiousness in the Big 5 Personality Model</p> <p>(p<0.001). No significant correlation was seen between self-reported cybersecurity habits</p> <p>and actual security behavior.</p> Human-computer interaction Information security management Personality and individual differences Personality assessment -- Research Cybersecurity Social Engineering Survey Five Factor Model (FFM) of personality Phishing Information Security
255	ASSESSING COMMON CONTROL DEFICIENCIES IN CMMC NON-COMPLIANT DOD CONTRACTORS Vijayaraghavan Sundararajan (12980984) 05 July 2022 (has links) <p> As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model has been developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. These partners or contractors are obligated by the Defense Federal Acquisition Regulations (DFARS) to be compliant with the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC), and it is built upon existing DFARS 252.204-7012 and the NIST SP 800-171 controls. As of 2020, the DoD has incorporated DFARS and the National Institute of Standards and Technology (NIST) recommended security practices into what is now the CMMC. This thesis examines the most commonly identified security control deficiencies faced, the attacks mitigated by addressing these deficiencies, and suggested remediations, to 127 DoD contractors in order to bring them into compliance with the CMMC guidelines. By working with a compliance service provider, an analysis is done on how companies are undergoing and implementing important changes in their processes, to protect crucial information from ever-growing and looming cyber threats. </p> Data security and protection Hardware security Software and application security System and network security Information security management Security Control Deficiency Mitigation CMMC NIST SP 800-171 Assessment Control Family Cybersecurity Remediation Cyber-attacks Vulnerabilities
256	Diffusion of Cybersecurity Technology - Next Generation, Powered by Artificial Intelligence / Diffusion av Cybersäkerhetsteknologi: Nästa Generation Drivet av Artificiell Intelligens Kang, Johan, Westskytte, Sebastian January 2018 (has links) The cyber world is growing as more information is converted from analogue to digital form. While convenience has been the main driver for this change little effort has been made on securing the data. Data breaches are growing in number and each breach is growing in severity. Combined with regulatory pressure organizations are starting to realize the importance of security. The increased threat level is also driving the security market for more potent solutions and artificial intelligence (AI) have in recent years been implemented to enhance the capabilities of security technologies. The thesis aims to investigate the adoption of AI enabled cybersecurity technologies within the financial industry which is often perceived as the market leader regarding security. Using a qualitative method through a multiple case study, valuable insights were gained regarding how firms are working with security and what needs they have. To identify factors that influence the rate of diffusion of AI enabled security technologies the diffusion of innovation theory combined with the TOE framework was used in this study. The thesis has contributed to the field of innovation management by enriching an area within IT innovation management by bridging the gap between security innovation and AI innovation. The study revealed that environmental factors, such as regulations and threat landscape, are forcing organizations to take action and control both how organizations work with security but also what technological attributes are perceived as advantageous. Detection and automation are two technological attributes that the companies are looking for to fill their needs. AI solutions are already being implemented to increase detection and automation we believe that the rate of adoption for AI enabled security innovation will only continue to grow. The results and findings contribute to an expanded understanding on the factors that affect adoption of AI security innovations within the financial industry. / Den digitala världen fortsätter att växa eftersom mer information omvandlas från analog till digital form. Medan bekvämlighet har varit den viktigaste drivkraften för denna förändring, så har lite ansträngning gjorts för att säkra upp den data som företagen besitter. Dataintrången växer i antal, och varje ny incident får allvarligare konsekvenser än den förra. Detta faktum kombinerat med strängare regelverk har fått företagen att inse vikten av att säkra sin miljö. Den förstärkta hotbilden driver också säkerhetsmarknaden framåt med nya lösningar, och artificiell intelligens (AI) har under de senaste åren i allt större utsträckning implementerats i säkerhetslösningar för att förstärka skyddet. Uppsatsens syfte är att undersöka spridningen av AI-säkerhetsinnovationer inom finansbranschen, som ofta uppfattas som marknadsledande när det gäller säkerhet. Med hjälp av en kvalitativ metod genom en fallstudie på tre företag erhölls värdefulla insikter om hur företagen arbetar med säkerhet och vilka behov de har. För att identifiera faktorer som påverkar spridningshastigheten för AI-säkerhetslösningar användes ”diffusion of innovation”-teorin i kombination med TOE-ramverket i denna studie. Uppsatsen har bidragit till innovation management-området genom att berika ett område inom IT-innovation genom att brygga mellan säkerhetsinnovation och AI-innovation. Studien visade att miljöfaktorer, såsom regelverk och hotbild, kontrollerar både hur organisationer arbetar med säkerhet och vilka tekniska egenskaper som uppfattas som fördelaktiga. Detektion och automatisering är två tekniska egenskaper som företagen har stora behov av. AI-lösningar implementeras redan för att öka de egenskaperna. Vi argumenterar för att, utifrån de behoven som företagen har kombinerat med miljöfaktorerna, kommer spridningstakten att öka för AI-säkerhetsinnovation. Cybersecurity IT-security Artificial Intelligence Diffusion of Innovation Technology Adoption IT innovation Security Strategy Cybersecurity IT-security Artificial Intelligence Diffusion of Innovation Technology Adoption IT innovation Security Strategy Economics and Business Ekonomi och näringsliv
257	Modelization and identification of multi-step cyberattacks in sets of events / Modélisation et identification de cyberattaques multi-étapes dans des ensembles d'événements Navarro Lara, Julio 14 March 2019 (has links) Une cyberattaque est considérée comme multi-étapes si elle est composée d’au moins deux actions différentes. L’objectif principal de cette thèse est aider l’analyste de sécurité dans la création de modèles de détection à partir d’un ensemble de cas alternatifs d’attaques multi-étapes. Pour répondre à cet objectif, nous présentons quattre contributions de recherche. D’abord, nous avons réalisé la première bibliographie systématique sur la détection d’attaques multi-étapes. Une des conclusions de cette bibliographie est la manque de méthodes pour confirmer les hypothèses formulées par l’analyste de sécurité pendant l’investigation des attaques multi-étapes passées. Ça nous conduit à la deuxième de nos contributions, le graphe des scénarios d’attaques abstrait ou AASG. Dans un AASG, les propositions alternatives sur les étapes fondamentales d’une attaque sont répresentées comme des branches pour être évaluées avec l’arrivée de nouveaux événements. Pour cette évaluation, nous proposons deux modèles, Morwilog et Bidimac, qui font de la détection au même temps que l’identification des hypothèses correctes. L’évaluation des résultats par l’analyste permet l’évolution des modèles.Finalement, nous proposons un modèle pour l’investigation visuel des scénarios d’attaques sur des événements non traités. Ce modèle, qui s’appelle SimSC, est basé sur la similarité entre les adresses IP, en prenant en compte la distance temporelle entre les événements. / A cyberattack is considered as multi-step if it is composed of at least two distinct actions. The main goal of this thesis is to help the security analyst in the creation of detection models from a set of alternative multi-step attack cases. To meet this goal, we present four research contributions. First of all, we have conducted the first systematic survey about multi-step attack detection. One of the conclusions of this survey is the lack of methods to confirm the hypotheses formulated by the security analyst during the investigation of past multi-step attacks. This leads us to the second of our contributions, the Abstract Attack Scenario Graph or AASG. In an AASG, the alternative proposals about the fundamental steps in an attack are represented as branches to be evaluated on new incoming events. For this evaluation, we propose two models, Morwilog and Bidimac, which perform detection and identification of correct hypotheses. The evaluation of the results by the analyst allows the evolution of the models. Finally, we propose a model for the visual investigation of attack scenarios in non-processed events. This model, called SimSC, is based on IP address similarity, considering the temporal distance between the events. Cybersécurité Attaque multi-étapes Correlation d’événements Détection d’attaques Cybersecurity Multi-step attack Event correlation Attack detection 005.8
258	MAnanA: A Generalized Heuristic Scoring Approach for Concept Map Analysis as Applied to Cybersecurity Education Blake Gatto, Sharon Elizabeth 06 August 2018 (has links) Concept Maps (CMs) are considered a well-known pedagogy technique in creating curriculum, educating, teaching, and learning. Determining comprehension of concepts result from comparisons of candidate CMs against a master CM, and evaluate "goodness". Past techniques for comparing CMs have revolved around the creation of a subjective rubric. We propose a novel CM scoring scheme called MAnanA based on a Fuzzy Similarity Scaling (FSS) score to vastly remove the subjectivity of the rubrics in the process of grading a CM. We evaluate our framework against a predefined rubric and test it with CM data collected from the Introduction to Computer Security course at the University of New Orleans (UNO), and found that the scores obtained via MAnanA captured the trend that we observed from the rubric via peak matching. Based on our evaluation, we believe that our framework can be used to objectify CM analysis. Cybersecurity Education Concept Map Analysis Fuzzy Set Theory and Logic Heuristic Scoring Membership Function Artificial Intelligence and Robotics Information Security Theory and Algorithms
259	Strategic Cyber-Risk Implications of Cloud Technology Adoption in the U.S. Financial Services Sector Arowolo, Olatunji Mujib 01 January 2017 (has links) According to research, the risks of adopting new technology and the technological and organizational factors that influence adopting it are not clear. Thus, many financial institutions have hesitated to adopt cloud-computing. The purpose of this quantitative, cross-sectional study was to evaluate the cyber-risk implications of cloud-computing adoption in the U.S. financial services sector. The study examined 6 technological and organizational factors: organization size, relative advantage, compliance, security, compatibility, and complexity within the context of cyber-risk. Using a combination of diffusion of innovation theory and technology-organization-environment framework as the foundation, a predictive cybersecurity model was developed to determine the factors that influence the intent to adopt cloud-computing in this sector. A random sample of 118 IT and business leaders from the U.S. financial services sector was used. Multiple regression analysis indicated that there were significant relationships between the intent to adopt cloud-computing by the leaders of financial organizations and only 2 of the 6 independent variables: compliance risk and compatibility risk. The predictive cybersecurity model proposed in this study could help close the gaps in understanding the factors that influence decisions to adopt cloud-computing. Once the rate of cloud-computing adoption increases, this study could yield social change in operational efficiency and cost improvement for both U.S. financial organizations and their consumers. cloud compliance Cybersecurity Financial Risk technology Computer Sciences Databases and Information Systems
260	Cryptography and computer communications security : extending the human security perimeter through a web of trust Adeka, Muhammad I. January 2015 (has links) This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work. 005.8

Search results