Global ETD Search

81	An agent-based Bayesian method for network intrusion detection Pikoulas, John January 2003 (has links) Security is one of the major issues in any network and on the Internet. It encapsulates many different areas, such as protecting individual users against intruders, protecting corporate systems against damage, and protecting data from intrusion. It is obviously impossible to make a network totally secure, as there are so many areas that must be protected. This thesis includes an evaluation of current techniques for internal misuse of computer systems, and tries to propose a new way of dealing with this problem. This thesis proposes that it is impossible to fully protect a computer network from intrusion, and shows how different methods are applied at differing levels of the OSI model. Most systems are now protected at the network and transport layer, with systems such as firewalls and secure sockets. A weakness, though, exists in the session layer that is responsible for user logon and their associated password. It is thus important for any highly secure system to be able to continually monitor a user, even after they have successfully logged into the system. This is because once an intruder has successfully logged into a system, they can use it as a stepping-stone to gain full access (often right up to the system administrator level). This type of login identifies another weakness of current intrusion detection systems, in that they are mainly focused on detecting external intrusion, whereas a great deal of research identifies that one of the main problems is from internal intruders, and from staff within an organisation. Fraudulent activities can often he identified by changes in user behaviour. While this type of behaviour monitoring might not be suited to most networks, it could be applied to high secure installations, such as in government, and military organisations. Computer networks are now one of the most rapidly changing and vulnerable systems, where security is now a major issue. A dynamic approach, with the capacity to deal with and adapt to abrupt changes, and be simple, will provide an effective modelling toolkit. Analysts must be able to understand how it works and be able to apply it without the aid of an expert. Such models do exist in the statistical world, and it is the purpose of this thesis to introduce them and to explain their basic notions and structure. One weakness identified is the centralisation and complex implementation of intrusion detection. The thesis proposes an agent-based approach to monitor the user behaviour of each user. It also proposes that many intrusion detection systems cannot cope with new types of intrusion. It thus applies Bayesian statistics to evaluate user behaviour, and predict the future behaviour of the user. The model developed is a unique application of Bayesian statistics, and the results show that it can improve future behaviour prediction than existing ARIMA models. The thesis argues that the accuracy of long-term forecasting questionable, especially in systems that have a rapid and often unexpected evolution and behaviour. Many of the existing models for prediction use long-term forecasting, which may not be the optimal type for intrusion detection systems. The experiments conducted have varied the number of users and the time interval used for monitoring user behaviour. These results have been compared with ARIMA, and an increased accuracy has been observed. The thesis also shows that the new model can better predict changes in user behaviour, which is a key factor in identifying intrusion detection. The thesis concludes with recommendations for future work, including how the statistical model could be improved. This includes research into changing the specification of the design vector for Bayesian. Another interesting area is the integration of standard agent communication agents, which will make the security agents more social in their approach and be able to gather information from other agents 005.8
82	Aplicação de transformação conforme em codificação e decodificação de imagens / Conformal mapping applied to images encoding and decoding Silva, Alan Henrique Ferreira 31 March 2016 (has links) Submitted by JÚLIO HEBER SILVA (julioheber@yahoo.com.br) on 2017-03-24T17:48:37Z No. of bitstreams: 2 Dissertação - Alan Henrique Ferreira Silva - 2016.pdf: 10881029 bytes, checksum: 1c411277f8b103cc8a55709053ed7f9b (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Approved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2017-03-27T15:13:01Z (GMT) No. of bitstreams: 2 Dissertação - Alan Henrique Ferreira Silva - 2016.pdf: 10881029 bytes, checksum: 1c411277f8b103cc8a55709053ed7f9b (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Made available in DSpace on 2017-03-27T15:13:01Z (GMT). No. of bitstreams: 2 Dissertação - Alan Henrique Ferreira Silva - 2016.pdf: 10881029 bytes, checksum: 1c411277f8b103cc8a55709053ed7f9b (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2016-03-31 / This work proposes method to encode and decode imas using conformal mapping. Conformal mapping modifies domains without modifyung physical characteristics between them. Real images are processed between these domains using encoding keys, also called transforming functions. The advantage of this methodology is the ability to carry the message as an encoded image in printed media for posterior-decoding. / Este trabalho propõe método que utiliza transformações conformes para codificar e decodificar imagens. As transformações conformes modificam os domínios em estudos sem modificar as características físicas entre eles. As imagens reais são transformadas entre estes domínios utilizando chaves, que são funções transformadoras. o diferencial desta metodologia é a capacidade de transportar a mensagem contida na imagem em meio impresso codificado e depois, decodificá-la. Transformação conforme Criptografia visual Decodificação de imagem impressa Segurança de dados Conformal mapping Image encode and decoding Visual cryptography Decoding printed image Data security ENGENHARIAS::ENGENHARIA ELETRICA
83	Data Security Architecture Considerations for Telemetry Post Processing Environments Kalibjian, Jeff 10 1900 (has links) Telemetry data has great value, as setting up a framework to collect and gather it involve significant costs. Further, the data itself has product diagnostic significance and may also have strategic national security importance if the product is defense or intelligence related. This potentially makes telemetry data a target for acquisition by hostile third parties. To mitigate this threat, data security principles should be employed by the organization to protect telemetry data. Data security is in an important element of a layered security strategy for the enterprise. The value proposition centers on the argument that if organization perimeter/internal defenses (e.g. firewall, IDS, etc.) fail enabling hostile entities to be able to access data found on internal company networks; they will be unable to read the data because it will be encrypted. After reviewing important encryption background including accepted practices, standards, and architectural considerations regarding disk, file, database and application data protection encryption strategies; specific data security options applicable to telemetry post processing environments will be discussed providing tangible approaches to better protect organization telemetry data. encryption key management data security disk encryption file encryption database encryption application encryption Hardware Security Module FIPS 140-2 Common Criteria tokenization Format Preserving Encryption (FPE)
84	Náklady na zabezpečení dat ve firemním prostředí / The Cost of Data Security in a Business Environment Gottwald, Matěj January 2013 (has links) The thesis focuses on the benefits of company data security in Czech environment calculation based on the additional total cost of ownership for the full disk data encryption and the average expected cost for data breach. In addition to the history of encryption, basics of cryptography, information breach statistics and company data encryption common routine, the theoretical part of the thesis above all introduces the method of company data encryption cost and benefits calculation. Within the practical part of the thesis, each step of the method is customized to match the Czech environment, modified by the organization headcount and applied to three virtual companies. The results are then evaluated, the benefits of data encryption compared by the company size in the Czech environment and also the critical discussion is carried out.
85	Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT Modification Kubala, Michal January 2013 (has links) This Master's thesis deals with appraising information system of a company and suggesting its changes. In theoretical part are described basic issues and terms related to information systems. In analytic part is the information system assessed by methods for detecting actual situation. Proposal part is based on the analytic part and its main objective is to design changes to improve current situation with subsequent economic evaluation.
86	Molnbaserade affärssystem och SME-företag: Betydelsefulla trygghetsaspekter för extern datalagring : En kvalitativ studie om vilka aspekter som är betydelsefulla för att SME-företag ska känna trygghet med datalagring i molnbaserade affärssystem Heverius, Andreas, Hugander, Hanna January 2021 (has links) Molnbaserade affärssystem blir allt mer populära och fördelarna är många. Däremot är den mest återkommande utmaningen datasäkerheten eftersom företag lämnar över kontrollen av datalagring till molnleverantören. Det krävs därmed förtroende och trygghet mellan molnleverantören och företagen. Otrygghet kring datalagring och säkerhet är en av huvudanledningarna till att företag betvivlar att investera i molnbaserade affärssystem. Syftet med studien var därmed att identifiera betydelsefulla aspekter som frambringar trygghet för SME-företag med datalagring i molnbaserade affärssystem och besvara studiens frågeställning:“Vilka aspekter är betydelsefulla för att SME-företag ska känna trygghet med datalagring i molnbaserade affärssystem?”. En kvalitativ ansats har tillämpats i studien för att besvara forskningsfrågan. Genom semistrukturerade intervjuer undersöktes området på djupet och vid analys av resultatet framkom betydelsefulla teman som låg till grund för studiens diskussion och slutsats. Trygghetsaspekterna som identifierades var följande: logghantering, tvåfaktorsautentisering, segmentering, krypterad data, backuper, datalagring inom EU, avtal och standarder, etablerad molnleverantör och transparent molnleverantör. Studiens slutsatser kan vara till stöd för molnleverantörer och SME-företag om vilka aspekter som är betydelsefulla för att skapa ökad upplevd trygghet med extern datalagring. Det kan då generera i en tryggare och mer förtroendegivande relation mellan båda parter när SME-företag överlämnar ansvaret över data till molnleverantören. / Cloud-based enterprise resource planning system (ERP-system) is becoming increasingly popular and the benefits are many. The most recurrent challenge is data security because the enterprises left the control of data storage to the cloud supplier. For that reason, trust and safety are required between the cloud supplier and the enterprise. Data storage and security are one of the main reasons why enterprises are hesitant to invest in cloud-based ERP-systems. The purpose of the research was thus to identify significant aspects that create safety for SMEenterprises with data storage in cloud-based ERP-systems and answer the research question:“Which aspects are significant for SME-enterprises to feel safe with data storage in cloudbased ERP-systems?”. A qualitative approach has been applied to answer the research question. Semi-structured interviews have been used to investigate the area in depth. With analysis of the results, significant themes emerged which underlies this paper discussion and conclusion chapters. The safety aspects that was identified were the following: log management, two-factor authentication, segmentation, encrypted data, backups, data storage within the EU, agreements and standards, established cloud supplier and transparent cloud supplier. The conclusions of the research can support cloud suppliers and SME-enterprises about which aspects that are significant to create a perceived security with external data storage. It can generate in a more secure and trusting relationship between both parties when SME-enterprises hand over responsibility for data to the cloud supplier. SME-enterprises safety cloud-based ERP data storage data security SME-företag trygghet molnbaserade affärssystem datalagring datasäkerhet Information Systems
87	Analyzing Small Businesses' Adoption of Big Data Security Analytics Mathias, Henry 01 January 2019 (has links) Despite the increased cost of data breaches due to advanced, persistent threats from malicious sources, the adoption of big data security analytics among U.S. small businesses has been slow. Anchored in a diffusion of innovation theory, the purpose of this correlational study was to examine ways to increase the adoption of big data security analytics among small businesses in the United States by examining the relationship between small business leaders' perceptions of big data security analytics and their adoption. The research questions were developed to determine how to increase the adoption of big data security analytics, which can be measured as a function of the user's perceived attributes of innovation represented by the independent variables: relative advantage, compatibility, complexity, observability, and trialability. The study included a cross-sectional survey distributed online to a convenience sample of 165 small businesses. Pearson correlations and multiple linear regression were used to statistically understand relationships between variables. There were no significant positive correlations between relative advantage, compatibility, and the dependent variable adoption; however, there were significant negative correlations between complexity, trialability, and the adoption. There was also a significant positive correlation between observability and the adoption. The implications for positive social change include an increase in knowledge, skill sets, and jobs for employees and increased confidentiality, integrity, and availability of systems and data for small businesses. Social benefits include improved decision making for small businesses and increased secure transactions between systems by detecting and eliminating advanced, persistent threats. adoption of security analytics big data analytics big data security analytics security small business small business adoption of technology Computer Sciences Databases and Information Systems Library and Information Science
88	Reducing Internal Theft and Loss in Small Businesses Luster, Eric L 01 January 2018 (has links) Every year, several documented data breaches happen in the United States, resulting in the exposure of millions of electronic records. The purpose of this single-case study was to explore strategies some information technology managers used to monitor employees and reduce internal theft and loss. The population for this study consisted of 5 information technology managers who work within the field of technology in the southwestern region of the United States. Participants were selected using purposeful sampling. The conceptual framework for this study included elements from information and communication boundary theories. Data were collected from semistructured interviews, company standard operating procedures, and policy memorandums, which provided detailed information about technology managers' experiences with data security. The collected data were transcribed, member checked, and triangulated to validate credibility and trustworthiness. Two themes emerged from data analysis: the development of policies, procedures, and standards on internal theft and loss, and the use of technology-driven systems to monitor employees and control theft and loss. Technology-based interventions allow leaders within an organization to protect the integrity of systems and networks while monitoring employee actions and behaviors. Study findings could be used by leaders of business organizations to identify and respond to theft and fraud in the workplace. Business leaders may also be able to use study findings to develop employee monitoring programs that help to prevent the loss of both organizational and customers' data, enhancing public trust as a potential implication for positive social change. Data breach Data exchange data security internal data breach Internal theft Loss Business Databases and Information Systems
89	ENHANCING SECURITY IN DOCKER WEB SERVERS USING APPARMOR AND BPFTRACE Avigyan Mukherjee (15306883) 19 April 2023 (has links) <p>Dockerizing web servers has gained significant popularity due to its lightweight containerization approach, enabling rapid and efficient deployment of web services. However, the security of web server containers remains a critical concern. This study proposes a novel approach to enhance the security of Docker-based web servers using bpftrace to trace Nginx and Apache containers under attack, identifying abnormal syscalls, connections, shared library calls, and file accesses from normal ones. The gathered metrics are used to generate tailored AppArmor profiles for improved mandatory access control policies and enhanced container security. BPFtrace is a high-level tracing language allowing for real-time analysis of system events. This research introduces an innovative method for generating AppArmor profiles by utilizing BPFtrace to monitor system alerts, creating customized security policies tailored to the specific needs of Docker-based web servers. Once the profiles are generated, the web server container is redeployed with enhanced security measures in place. This approach increases security by providing granular control and adaptability to address potential threats. The evaluation of the proposed method is conducted using CVE’s found in the open source literature affecting nginx and apache web servers that correspond to the classification system that was created. The Apache and Nginx containers was attacked with Metasploit, and benchmark tests including ltrace evaluation in accordance with existing literature were conducted. The results demonstrate the effectiveness of the proposed approach in mitigating security risks and strengthening the overall security posture of Docker-based web servers. This is achieved by limiting memcpy and memset shared library calls identified using bpftrace and applying rlimits in 9 AppArmor to limit their rate to normal levels (as gauged during testing) and deny other harmful file accesses and syscalls. The study’s findings contribute to the growing body of knowledge on container security and offer valuable insights for practitioners aiming to develop more secure web server deployments using Docker. </p> Data security and protection System and network security Networking and communications Docker security Webserver Containerization
90	IS THE FUTURE OF BEAUTY PERSONALIZED? : CASE STUDY FOR MICROBIOME SKINCARE BRAND SKINOME Kanaska, Santa Daniela January 2022 (has links) The researcher takes a user-centric empirical approach to estimate different consumer group participant views on the personalization technology adoption within the skincare industry. In addition, the study aims to highlight the main identified opportunities and concerns that users associate with the personalized technology solutions within the industry, such as skincare and product quizzes, in-depth questionnaires, smart skin analysis tools, and others. The empirical study sample consists of 17 subjects who represent three different generation groups (Generations X, Y, and Z). For data analysis purposes, the author has performed content and discourse analysis, sentiment assessment, and word cloud visualizations using the Python word cloud library. The conducted sentiment analysis shows that the Gen X group’s users overall have a negative attitude towards personalization technology adoption for the skincare (average sentiment: 0.294) in comparison to Gen Y and Gen Z consumers whose sentiment analysis results showed neutral and positive tendencies. The content analysis showed that Gen Y and Gen Z consumers are more concerned about the data governance and its associated risks than Gen X consumers for whom the results and skin health-related improvements were indicated as having higher importance. According to the gathered data, the majority of Gen Y and Gen Z consumer group participants see personalization technology as the future of the skincare industry; nevertheless, Gen X consumers believe that personalization within the skincare will not be attached to one brand and will be more focussed on addressing specific skin conditions and concerns as well as will be more evidence-based. / Forskaren använder sig av en användarcentrerad empirisk metod för att uppskatta olika konsumentgruppers åsikter om hur tekniken för att ge personliga hudvårdsråd används inom hudvårdsbranschen. Dessutom syftar studien till att belysa de viktigaste identifierade möjligheterna och farhågorna som användarna förknippar med dessa tekniska lösningar inom branschen, såsom hudvårds- och produkttester, djupgående frågeformulär, smarta hudanalysverktyg och andra. Den empiriska studiens urval består av 17 personer som representerar tre olika generationsgrupper (generationerna X, Y och Z). Författaren har för analysen av datan genomfört en innehålls- och diskursanalys, en känsloutvärdering samt en ordmolnsanalys med hjälp av Pythons ordmolnsbibliotek. Den genomförda känslighetsanalysen visar att användare i gruppen Gen X överlag har en negativ inställning till att införa teknik för att erhålla personliga hudvårdsråd (genomsnittlig känsla: 0,294) i jämförelse med konsumenter i generationerna Y och Z, vars känslighetsanalysresultat visade neutrala och positiva tendenser. Innehållsanalysen visade att Gen Y- och Gen Z-konsumenterna är mer oroade över datastyrningen och de därmed förknippade riskerna än Gen X-konsumenterna, för vilka resultaten och förbättringarna av hudhälsan angavs ha större betydelse. Resultaten av studien visar att en majoritet av Gen Y- och Gen Z-konsumentgruppens deltagare ser att utvecklandet och användandet av teknik för att ge personliga hudvårdsråd är framtiden för hudvårdsbranschen. Gen Xkonsumenterna tror dock att tekniken för personliga hudvårdsråd inte kommer att vara knuten till ett märke och att den kommer att vara mer inriktad på att hantera specifika hudtillstånd och problem samt vara mer evidensbaserad. personalization beauty tech Artificial Intelligence Recommender systems AI ethics data security teknik för personliga hudvårdsråd skönhetsteknik Artificiell Intelligens Rekommendationssystem AI-etik datasäkerhet Computer and Information Sciences Data- och informationsvetenskap

Search results