Global ETD Search

101	Policy-driven autonomic cyberdefense using software-defined networking / Cyberdefense autonome pilotée par règles à l'aide d'un réseau défini par logiciel Sahay, Rishikesh 14 November 2017 (has links) Les attaques cybernétiques causent une perte importante non seulement pour les utilisateurs finaux, mais aussi pour les fournisseurs de services Internet (FAI). Récemment, les clients des FAI ont été la cible numéro un de cyber-attaques telles que les attaques par déni de service distribué (DDoS). Ces attaques sont favorisées par la disponibilité généralisée outils pour lancer les attaques. Il y a donc un besoin crucial de contrer ces attaques par des mécanismes de défense efficaces. Les chercheurs ont consacré d’énormes efforts à la protection du réseau contre les cyber-attaques. Les méthodes de défense contiennent d’abord un processus de détection, complété par l’atténuation. Le manque d’automatisation dans tout le cycle de détection à l’atténuation augmente les dégâts causés par les cyber-attaques. Cela provoque des configurations manuelles de périphériques l’administrateur pour atténuer les attaques affectent la disponibilité du réseau. Par conséquent, il est nécessaire de compléter la boucle de sécurité avec un mécanisme efficace pour automatiser l’atténuation. Dans cette thèse, nous proposons un cadre d’atténuation autonome pour atténuer les attaques réseau qui visent les ressources du réseau, comme par les attaques exemple DDoS. Notre cadre fournit une atténuation collaborative entre le FAI et ses clients. Nous utilisons la technologie SDN (Software-Defined Networking) pour déployer le cadre d’atténuation. Le but de notre cadre peut se résumer comme suit : d’abord, les clients détectent les attaques et partagent les informations sur les menaces avec son fournisseur de services Internet pour effectuer l’atténuation à la demande. Nous développons davantage le système pour améliorer l’aspect gestion du cadre au niveau l’ISP. Ce système effectue l’extraction d’alertes, l’adaptation et les configurations d’appareils. Nous développons un langage de politique pour définir la politique de haut niveau qui se traduit par des règles OpenFlow. Enfin, nous montrons l’applicabilité du cadre par la simulation ainsi que la validation des tests. Nous avons évalué différentes métriques QoS et QoE (qualité de l’expérience utilisateur) dans les réseaux SDN. L’application du cadre démontre son efficacité non seulement en atténuant les attaques pour la victime, mais aussi en réduisant les dommages causés au trafic autres clients du FAI / Cyber attacks cause significant loss not only to end-users, but also Internet Service Providers (ISP). Recently, customers of the ISP have been the number one target of the cyber attacks such as Distributed Denial of Service attacks (DDoS). These attacks are encouraged by the widespread availability of tools to launch the attacks. So, there is a crucial need to counter these attacks (DDoS, botnet attacks, etc.) by effective defense mechanisms. Researchers have devoted huge efforts on protecting the network from cyber attacks. Defense methodologies first contains a detection process, completed by mitigation. Lack of automation in the whole cycle of detection to mitigation increase the damage caused by cyber attacks. It requires manual configurations of devices by the administrator to mitigate the attacks which cause the network downtime. Therefore, it is necessary to close the security loop with an efficient mechanism to automate the mitigation process. In this thesis, we propose an autonomic mitigation framework to mitigate attacks that target the network resources. Our framework provides a collaborative mitigation strategy between the ISP and its customers. The implementation relies on Software-Defined Networking (SDN) technology to deploy the mitigation framework. The contribution of our framework can be summarized as follows: first the customers detect the attacks and share the threat information with its ISP to perform the on-demand mitigation. We further develop the system to improve the management aspect of the framework at the ISP side. This system performs the alert extraction, adaptation and device configurations. We develop a policy language to define the high level policy which is translated into OpenFlow rules. Finally, we show the applicability of the framework through simulation as well as testbed validation. We evaluate different QoS and QoE (quality of user experience) metrics in SDN networks. The application of the framework demonstrates its effectiveness in not only mitigating attacks for the victim, but also reducing the damage caused to traffic of other customers of the ISP Cyberdéfense autonome Réseau défini par logiciel Attaques par déni de service Gestion de réseau à base de règles OpenFlow Autonomic cyberdefense Software defined networking Denial of service attacks Policy based network management OpenFlow
102	Threats and Mitigation of DDoS Cyberattacks Against the U.S. Power Grid via EV Charging Morrison, Glenn Sean 30 August 2018 (has links) No description available. Computer Engineering Computer Science DDoS Distributed Denial of Service DDoS Cyberattacks United States power grid electric vehicle EV EV Charging cyberattack cyber threat
103	Adaptive Counteraction Against Denial of Service Attack / Adaptiv Motverkan mot Denial of Service Attack Atiiq, Syafiq Al January 2017 (has links) The Internet of Things (IoT) is the next generation of networked society where billions of, everyday-life, devices are directly connected to the Internet and able to communicate with each other. In particular, the Constrained Application Protocol (CoAP) has become the de-facto IoT standard for communication at the application layer, as a lightweight web transfer protocol affordable also for resource-constrained platforms. However, as IoT devices are directly connected to the Internet, they are especially vulnerable to a number of security attacks including Denial of Service (DoS), which can seriously worsen their performance and responsiveness, and even make them totally unavailable to serve legitimate requests. In this Master's Thesis project, we have developed a cross-layer and context-aware approach that adaptively counteracts DoS attacks against CoAP server devices, by dynamically adjusting their operative state according to the attack intensity. This considerably limits the impact of DoS attacks and preserves service availability of victim devices to the best possible extent. The proposed approach leverages a trusted Proxy that adaptively shields victim devices, while effectively forwarding and caching messages if needed. We have made a proof-of-concept implementation of our solution for the Californium framework and the CoAP protocol, and experimentally evaluated its effectiveness in counteracting DoS and preserving availability of devices under attack. This Master's Thesis project has been conducted in collaboration with RISE SICS, a research institute for applied information and communication technology in Sweden. / Sakernas Internet (IoT) är nästa generations nätverkssamhälle där miljarder av, vardagliga, enheter är direkt anslutna till Internet och har möjlighet att kommunicera med varandra. Särskilt har CoAP, ett lättviktsprotokoll för webbtrafik som även fungerar för plattformar med begränsade resurser, blivit Sakernas Internets standard för kommunikation på applikationslagret. Men eftersom IoT-enheter är direkt anslutna till Internet så är de också speciellt utsatta för ett antal säkerhetsattacker, inklusive DoS, som kan försämra deras prestanda och mottaglighet avsevärt och i värsta fall göra dem helt otillgängliga för legitima förfrågningar. I detta examensarbete har vi utvecklat en lageröverskridande och kontextmedveten metod som adaptivt motverkar DoS attacker mot CoAP serverenheter genom att dynamiskt anpassa enhetens operativa tillstånd i enlighet med attackintensiteten. Detta begränsar DoS-attackers påverkan på enheterna avsevärt samtidigt som det bibehåller tillgänglighet för tjänster på utsatta enheter till största möjliga utsträckning. Den föreslagna metoden utnyttjar en betrodd proxy som adaptivt skyddar utsatta enheter, samtidigt som den effektivt vidarebefordrar och sparar meddelanden om så behövs. I detta arbete har vi skapat en proof of concept-implementation av vår lösning för Californium-ramverket och CoAP protokollet. Arbetet har utvärderats experimentellt för att undersöka lösningens effektivitet när det gäller att motarbeta DoS-attacker samt hur den bibehåller enheters tillgänglighet under attacker. Detta uppsatsprojekt har utförts i samarbete med RISE SICS som är ett forskningsinstitut för tillämpad informations- och kommunikationsteknik i Sverige. Security Denial of Service Adaptive Counteraction Cross-Layer CoAP Internet of Things. Säkerhet Överbelastningsattacker Adaptiv Motverkan Lageröverskridande CoAP Sakernas Internet Communication Systems Kommunikationssystem Telecommunications Telekommunikation
104	Improved performance high speed network intrusion detection systems (NIDS). A high speed NIDS architectures to address limitations of Packet Loss and Low Detection Rate by adoption of Dynamic Cluster Architecture and Traffic Anomaly Filtration (IADF). Akhlaq, Monis January 2011 (has links) Intrusion Detection Systems (IDS) are considered as a vital component in network security architecture. The system allows the administrator to detect unauthorized use of, or attack upon a computer, network or telecommunication infrastructure. There is no second thought on the necessity of these systems however; their performance remains a critical question. This research has focussed on designing a high performance Network Intrusion Detection Systems (NIDS) model. The work begins with the evaluation of Snort, an open source NIDS considered as a de-facto IDS standard. The motive behind the evaluation strategy is to analyze the performance of Snort and ascertain the causes of limited performance. Design and implementation of high performance techniques are considered as the final objective of this research. Snort has been evaluated on highly sophisticated test bench by employing evasive and avoidance strategies to simulate real-life normal and attack-like traffic. The test-methodology is based on the concept of stressing the system and degrading its performance in terms of its packet handling capacity. This has been achieved by normal traffic generation; fussing; traffic saturation; parallel dissimilar attacks; manipulation of background traffic, e.g. fragmentation, packet sequence disturbance and illegal packet insertion. The evaluation phase has lead us to two high performance designs, first distributed hardware architecture using cluster-based adoption and second cascaded phenomena of anomaly-based filtration and signature-based detection. The first high performance mechanism is based on Dynamic Cluster adoption using refined policy routing and Comparator Logic. The design is a two tier mechanism where front end of the cluster is the load-balancer which distributes traffic on pre-defined policy routing ensuring maximum utilization of cluster resources. The traffic load sharing mechanism reduces the packet drop by exchanging state information between load-balancer and cluster nodes and implementing switchovers between nodes in case the traffic exceeds pre-defined threshold limit. Finally, the recovery evaluation concept using Comparator Logic also enhance the overall efficiency by recovering lost data in switchovers, the retrieved data is than analyzed by the recovery NIDS to identify any leftover threats. Intelligent Anomaly Detection Filtration (IADF) using cascaded architecture of anomaly-based filtration and signature-based detection process is the second high performance design. The IADF design is used to preserve resources of NIDS by eliminating large portion of the traffic on well defined logics. In addition, the filtration concept augment the detection process by eliminating the part of malicious traffic which otherwise can go undetected by most of signature-based mechanisms. We have evaluated the mechanism to detect Denial of Service (DoS) and Probe attempts based by analyzing its performance on Defence Advanced Research Projects Agency (DARPA) dataset. The concept has also been supported by time-based normalized sampling mechanisms to incorporate normal traffic variations to reduce false alarms. Finally, we have observed that the IADF has augmented the overall detection process by reducing false alarms, increasing detection rate and incurring lesser data loss. / National University of Sciences & Technology (NUST), Pakistan Intrusion Detection Systems (IDS) Dynamic Cluster Architecture Low detection rate Packet loss Network security Telecommunication infrastructure Network performance Traffic Anomaly Filtration (IADF) Denial of Service (DoS) Increasing detection rate
105	Detection of Denial of Service Attacks on the Open Radio Access Network Intelligent Controller through the E2 Interface Radhakrishnan, Vikas Krishnan 03 July 2023 (has links) Open Radio Access Networks (Open RANs) enable flexible cellular network deployments by adopting open-source software and white-box hardware to build reference architectures customizable to innovative target use cases. The Open Radio Access Network (O-RAN) Alliance defines specifications introducing new Radio Access Network (RAN) Intelligent Controller (RIC) functions that leverage open interfaces between disaggregated RAN elements to provide precise RAN control and monitoring capabilities using applications called xApps and rApps. Multiple xApps targeting novel use cases have been developed by the O-RAN Software Community (OSC) and incubated on the Near-Real-Time RIC (Near-RT RIC) platform. However, the Near-RT RIC has, so far, been demonstrated to support only a single xApp capable of controlling the RAN elements. This work studies the scalability of the OSC Near-RT RIC to support simultaneous control signaling by multiple xApps targeting the RAN element. We particularly analyze its internal message routing mechanism and experimentally expose the design limitations of the OSC Near-RT RIC in supporting simultaneous xApp control. To this end, we extend an existing open-source RAN slicing xApp and prototype a slice-aware User Equipment (UE) admission control xApp implementing the RAN Control E2 Service Model (E2SM) to demonstrate a multi-xApp control signaling use case and assess the control routing capability of the Near-RT RIC through an end-to-end O-RAN experiment using the OSC Near-RT RIC platform and an open-source Software Defined Radio (SDR) stack. We also propose and implement a tag-based message routing strategy for disambiguating multiple xApps to enable simultaneous xApp control. Our experimental results prove that our routing strategy ensures 100% delivery of control messages between multiple xApps and E2 Nodes while guaranteeing control scalability and xApp non-repudiation. Using the improved Near-RT RIC platform, we assess the security posture and resiliency of the OSC Near-RT RIC in the event of volumetric application layer Denial of Service (DoS) attacks exploiting the E2 interface and the E2 Application Protocol (E2AP). We design a DoS attack agent capable of orchestrating a signaling storm attack and a high-intensity resource exhaustion DoS attack on the Near-RT RIC platform components. Additionally, we develop a latency monitoring xApp solution to detect application layer signaling storm attacks. The experimental results indicate that signaling storm attacks targeting the E2 Terminator on the Near-RT RIC cause control loop violations over the E2 interface affecting service delivery and optimization for benign E2 Nodes. We also observe that a high-intensity E2 Setup DoS attack results in unbridled memory resource consumption leading to service interruption and application crash. Our results also show that the E2 interface at the Near-RT RIC is vulnerable to volumetric application layer DoS attacks, and robust monitoring, load-balancing, and DoS mitigation strategies must be incorporated to guarantee resiliency and high reliability of the Near-RT RIC. / Master of Science / Telecommunication networks need sophisticated controllers to support novel use cases and applications. Cellular base stations can be managed and optimized for better user experience through an intelligent radio controller called the Near-Real-Time Radio Access Network (RAN) Intelligent Controller (RIC) (Near-RT RIC), defined by the Open Radio Access Network (O-RAN) Alliance. This controller supports simultaneous connections to multiple base stations through the E2 interface and allows simple radio applications called xApps to control the behavior of those base stations. In this research work, we study the performance and behavior of the Near-RT RIC when a malicious or compromised base station tries to overwhelm the controller through a Denial of Service (DoS) attack. We develop a solution to determine the application layer communication delay between the controller and the base station to detect potential attacks trying to compromise the functionality and availability of the controller. To implement this solution, we also upgrade the controller to support multiple radio applications to interact and control one or more base stations simultaneously. Through the developed solution, we prove that the O-RAN Software Community (OSC) Near-RT RIC is highly vulnerable to DoS attacks from malicious base stations targeting the controller over the E2 interface. srsRAN Denial of Service Open Source Radio Access Network Open RAN RAN Control Kubernetes SCTP USRP SDR UE 4G LTE 5G eNB gNB EPC
106	Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined Network Ikusan, Ademola A. January 2017 (has links) No description available. Computer Science Computer Engineering Information Technology Information Systems Information Science Software Defined Networking Distributed Denial of Service Attack HTTP-GET Attack Flow rule OpenFlow Low-Rate Attacks
107	HASH STAMP MARKING SCHEME FOR PACKET TRACEBACK NEIMAN, ADAM M. January 2005 (has links) No description available. Computer Science hash message authentication code MAC hash-keyed message authentication HMAC Internet Protocol IP spoofing packet stamping packet marking traceback computer network security denial of service DoS
108	How Secure is Verisure’s Alarm System? Hamid, Lars-Eric, Möller, Simon January 2020 (has links) Security is a very important part of today’s society.Verisure is the leader in home alarm systems with 30 years ofexperience. In this project, we aim to evaluate how secure theiralarm system is from a software perspective. The system wasbought in January 2020. After an initial threat modeling, followedby penetration testing it turns out that the alarm system is not assecure as Verisure markets. We could find several security flawsin the system. Some of them let an attacker block the system,and others yield full control without the user’s knowledge. Thereare also a couple of vulnerabilities that could be exploited bypeople without any special knowledge regarding hacking or thesystem in general. / Säkerhet är en mycket viktig del i dagens samhälle. Verisure är ledande inom hemmalarmsystem med 30 års erfarenhet. I det här projektet utvärderar vi hur säkert deras larmsystem är från ett mjukvaruperspektiv. Systemet köptes i januari 2020. Efter en inledande hotmodellering och följande penetrationstester visar det sig att larmsystemet inte är lika säkert som Verisure marknadsför. Vi kunde under projektets gång hitta flera säkerhetsbrister i systemet. Några av dessa gör att en angripare kan blockera systemet och andra ger full kontroll utan användarnas vetskap. Det finns också ett par sårbarheter som kan utnyttjas av människor utan någon speciell kunskap om hacking eller systemet i allmänhet. / Kandidatexjobb i elektroteknik 2020, KTH, Stockholm Alarm system Cross-site request forgery Cyber-security Denial of Service Hacking Internet of Things Verisure Elektroteknik och elektronik
109	Intrusion Detection of Flooding DoS Attacks on Emulated Smart Meters Akbar, Yousef M. A. H. 11 May 2020 (has links) The power grid has changed a great deal from what has been generally viewed as a traditional power grid. The modernization of the power grid has seen an increase in the integration and incorporation of computing and communication elements, creating an interdependence of both physical and cyber assets of the power grid. The fast-increasing connectivity has transformed the grid from what used to be primarily a physical system into a Cyber- Physical System (CPS). The physical elements within a power grid are well understood by power engineers; however, the newly deployed cyber aspects are new to most researchers and operators in this field. The new computing and communications structure brings new vulnerabilities along with all the benefits it provides. Cyber security of the power grid is critical due to the potential impact it can make on the community or society that relies on the critical infrastructure. These vulnerabilities have already been exploited in the attack on the Ukrainian power grid, a highly sophisticated, multi-layered attack which caused large power outages for numerous customers. There is an urgent need to understand the cyber aspects of the modernized power grid and take the necessary precautions such that the security of the CPS can be better achieved. The power grid is dependent on two main cyber infrastructures, i.e., Supervisory Control And Data Acquisition (SCADA) and Advanced Metering Infrastructure (AMI). This thesis investigates the AMI in power grids by developing a testbed environment that can be created and used to better understand and develop security strategies to remove the vulnerabilities that exist within it. The testbed is to be used to conduct and implement security strategies, i.e., an Intrusion Detections Systems (IDS), creating an emulated environment to best resemble the environment of the AMI system. A DoS flooding attack and an IDS are implemented on the emulated testbed to show the effectiveness and validate the performance of the emulated testbed. / M.S. / The power grid is becoming more digitized and is utilizing information and communication technologies more, hence the smart grid. New systems are developed and utilized in the modernized power grid that directly relies on new communication networks. The power grid is becoming more efficient and more effective due to these developments, however, there are some considerations to be made as for the security of the power grid. An important expectation of the power grid is the reliability of power delivery to its customers. New information and communication technology integration brings rise to new cyber vulnerabilities that can inhibit the functionality of the power grid. A coordinated cyber-attack was conducted against the Ukrainian power grid in 2015 that targeted the cyber vulnerabilities of the system. The attackers made sure that the grid operators were unable to observe their system being attacked via Denial of Service attacks. Smart meters are the digitized equivalent of a traditional energy meter, it wirelessly communicates with the grid operators. An increase in deployment of these smart meters makes it such that we are more dependent on them and hence creating a new vulnerability for an attack. The smart meter integration into the power grid needs to be studied and carefully considered for the prevention of attacks. A testbed is created using devices that emulate the smart meters and a network is established between the devices. The network was attacked with a Denial of Service attack to validate the testbed performance, and an Intrusion detection method was developed and applied onto the testbed to prove that the testbed created can be used to study and develop methods to cover the vulnerabilities present. Denial of Service (DoS) Advanced Metering Infrastructure (AMI) Wireless Mesh Network (WMN) Cyber-Physical System (CPS) Power Grid Cyber Security of Smart Meters
110	Security Analysis of OPC UA in Automation Systems for IIoT / Säkerhetsanalys av OPC UA inom automationssystem för IIoT. Varadarajan, Vaishnavi January 2022 (has links) Establishing secured communication among the different entities in an industrial environment is a major concern. Especially with the introduction of the Industrial Internet of Things (IIoT), industries have been susceptible to cyber threats, which makes security a critical requirement for the industries. Prevailing industrial communication standards were proven to meet the security needs to some extent, but the major issue which was yet to be addressed was interoperability. To achieve interoperability, Open Platform Communication Unified Architecture (OPC UA) was introduced as a communication protocol. OPC UA helped bridge the gap between Information Technology (IT) and Operational Technology (OT) security needs, but this also gives rise to new attack opportunities for the intruder. In this thesis, we have analysed the security challenges in OPC UA and the impact of two different cyberattacks on the OPC UA. First, we have implemented an OPC UA Network with the help of Raspberry Pis and open62541, an open-source implementation of the OPC UA client and server. Following this, to evaluate the performance of the network, we performed three cybersecurity attacks, Packet Sniffing, Man in the Middle Attack (MITM) and Denial of Service attack. We assessed the impact these attacks have on the OPC UA network. We have also discussed the detection mechanism for the same attacks. This analysis has helped us recognize the threats faced by OPC UA in an IIoT environment with respect to message flooding, packet sniffing and man in the middle attack and the countermeasures to this attack have been discussed / Att etablera en säker kommunikation mellan de olika enheterna i en industriell miljö är en stor utmaning. Speciellt efter introduktionen av Industrial Internet of Things (IIoT) har industrier varit mottagliga för cyberhot vilket gör cybersäkerhet en prioritet. Rådande industriella kommunikationsstandarder har visats att till viss del uppfylla säkerhets- behoven, men en av de största problemen var bristen på interoperabilitet. För att uppnå interoperabiliteten skapades Open Platform Communication Unified Architecture (OPC UA) som kommun- ikationsprotokoll. OPC UA hjälper till att överbrygga gapet mellan säkerhetsbehoven av information- steknologi (IT) och Operational Technology (OT), men detta ger också upphov till nya attackmöjligheter för inkräktare. I detta examensarbete har vi analyserat säkerhetsutmaningarna i OPC UA och effekten av två olika cyberattacker på OPC UA. Först har vi implementerat ett OPC UA Network med hjälp av Raspberry Pis och open62541 som är en öppen källkodsimplementering av OPC UA klient och server. Efter detta utförde vi tre cybersäkerhetsattacker för att utvärdera nätverkets prestanda, packet sniffing, Man in the Middle Attack (MITM) och Denial of Service attack. Vi bedömde vilken effekt dessa attacker har på OPC UA-nätverket. Vi har också diskuterat detektionsmekanismen för samma attacker. Denna analys har hjälpt oss att känna igen de hot som OPC UA står inför i en IIoT-miljö med avseende på dataflöde, packet sniffing och Man in the Middle attack och även försvar mot dessa attacker har diskuterats. Man in the Middle Attack Denial of Service (DoS) Industrial Internet of Things (IIoT) Time Sensitive Networking (TSN) Man in the Middle Attack Denial of Service (DoS) Industrial Internet of Things (IIoT) Time Sensitive Networking (TSN) Computer and Information Sciences Data- och informationsvetenskap

Search results