A study of Centralized Network Intrusion Detection System using low end single board computers

Andersson, Michael, Mickols, Andreas

January 2017

The use of Intrusion Detection Systems is a normal thing today in bigger companies, butthe solutions that are to be found in market is often too expensive for the smallercompany. Therefore, we saw the need in investigating if there is a more affordablesolution. In this report, we will show that it is possible to use low cost single boardcomputers as part of a bigger centralized Intrusion Detection System. To investigate this,we set up a test system including 2 Raspberry Pi 3 Model B, a cloud server and the use oftwo home networks, one with port mirroring implemented in firmware and the other withdedicated span port. The report will show how we set up the environment and the testingwe have done to prove that this is a working solution.

IDS

NIDS

Network Intrusion Detection System

Raspberry Pi

Distributed NIDS

Single Board Computer

Computer and Information Sciences

Data- och informationsvetenskap

A HUB-CI MODEL FOR NETWORKED TELEROBOTICS IN COLLABORATIVE MONITORING OF AGRICULTURAL GREENHOUSES

Ashwin Sasidharan Nair (6589922)

15 May 2019

Networked telerobots are operated by humans through remote interactions and have found applications in unstructured environments, such as outer space, underwater, telesurgery, manufacturing etc. In precision agricultural robotics, target monitoring, recognition and detection is a complex task, requiring expertise, hence more efficiently performed by collaborative human-robot systems. A HUB is an online portal, a platform to create and share scientific and advanced computing tools. HUB-CI is a similar tool developed by PRISM center at Purdue University to enable cyber-augmented collaborative interactions over cyber-supported complex systems. Unlike previous HUBs, HUB-CI enables both physical and virtual collaboration between several groups of human users along with relevant cyber-physical agents. This research, sponsored in part by the Binational Agricultural Research and Development Fund (BARD), implements the HUB-CI model to improve the Collaborative Intelligence (CI) of an agricultural telerobotic system for early detection of anomalies in pepper plants grown in greenhouses. Specific CI tools developed for this purpose include: (1) Spectral image segmentation for detecting and mapping to anomalies in growing pepper plants; (2) Workflow/task administration protocols for managing/coordinating interactions between software, hardware, and human agents, engaged in the monitoring and detection, which would reliably lead to precise, responsive mitigation. These CI tools aim to minimize interactions’ conflicts and errors that may impede detection effectiveness, thus reducing crops quality. Simulated experiments performed show that planned and optimized collaborative interactions with HUB-CI (as opposed to ad-hoc interactions) yield significantly fewer errors and better detection by improving the system efficiency by between 210% to 255%. The anomaly detection method was tested on the spectral image data available in terms of number of anomalous pixels for healthy plants, and plants with stresses providing statistically significant results between the different classifications of plant health using ANOVA tests (P-value = 0). Hence, it improves system productivity by leveraging collaboration and learning based tools for precise monitoring for healthy growth of pepper plants in greenhouses.

Control Systems, Robotics and Automation

Adaptive Agents and Intelligent Robotics

Human robot/agent interaction

Agricultural robotics

robot collaboration

anomaly detection system

A risk analysis and risk management methodology for mitigating wireless local area networks (WLANs) intrusion security risks

Abdullah, Hanifa

12 October 2006

Every environment is susceptible to risks and Wireless Local Area Networks (WLANs) based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard are no exception. The most apparent risk of WLANs is the ease with which itinerant intruders obtain illicit entry into these networks. These intrusion security risks must therefore be addressed which means that information security risk analysis and risk management need to be considered as integral elements of the organisation’s business plan. A well-established qualitative risk analysis and risk management methodology, the Operationally Critical Threat Asset and Vulnerability Evaluation (OCTAVE) is selected for conducting the WLAN intrusion security risk analysis and risk management process. However, the OCTAVE risk analysis methodology is beset with a number of problems that could hamper a successful WLAN intrusion security risk analysis. The ultimate deliverable of this qualitative risk analysis methodology is the creation of an organisation-wide protection strategy and risk mitigation plan. Achieving this end using the OCTAVE risk analysis methodology requires an inordinate amount of time, ranging from months to years. Since WLANs are persistently under attack, there is a dire need for an expeditious risk analysis methodology. Furthermore, the OCTAVE risk analysis methodology stipulates the identification of assets and corresponding threat scenarios via a brainstorming session, which may be beyond the scope of a person who is not proficient in information security issues. This research was therefore inspired by the pivotal need for a risk analysis and risk management methodology to address WLAN intrusion attacks and the resulting risks they pose to the confidentiality, integrity and availability of information processed by these networks. Copyright / Dissertation (MSc (Computer Science))--University of Pretoria, 2006. / Computer Science / unrestricted

Ooda cycle

Risk

Risk analysis

Risk management

Octave

Risk assessment

Wireless intrusion detection system

Wireless local area network (WLAN)

UCTD

Negative attitudes towards cyclists influence the acceptance of an in-vehicle cyclist detection system

De Angelis, Marco, Puchades, Víctor Marín, Fraboni, Federico, Pietrantoni, Luca, Prati, Gabriele

21 December 2020

The shift towards automation and safer vehicles will increasingly involve use of technological advancements such as Advanced Driver Assistance Systems (ADAS). Nevertheless, these technologies need to meet users’ perceived needs to be effectively implemented and purchased. Based on an updated version of the Technology Acceptance Model (TAM), this study analyses the main determinants of drivers’ intention to use an ADAS aimed at detecting cyclist and preventing potential collision with them through an auto-braking system. Even if the relevance of perceived usefulness, perceived ease of use and trust on the acceptance of a new system has been already discussed in literature, we considered the role of an external variable such as attitudes towards cyclists in the prediction of an ADAS aimed to improve the safety of cyclists. We administered a questionnaire measuring negative attitudes towards cyclists, trust, perceived usefulness, perceived ease of use and the behavioural intention to use the system to 480 Italian drivers. Path analysis using Bayesian estimation showed that perceived usefulness, trust in the system, and negative attitudes towards cyclists have a direct effect on the intention to use the ADAS. Considering the role of attitudes towards other road users in the intention to use new ADAS aimed to improve their safety could foster the user’s acceptance, especially for those people who express a negative representation of cyclists and are even more unlikely to accept the technology.

info:eu-repo/classification/ddc/380

ddc:380

Theoretical design of an XRF system for environmental measurements of Mercury in fiber banks

Yu, Runpeng

January 2020

This thesis demonstrates the advantages of using the Energy-dispersive X-ray fluorescence (ED-XRF) system to quantify the mercury content in fiber banks at first. The Monte Carlo N-Particle (MCNP) code was then used to simulate the XRF system model with suitable parameters such as the input X-ray energy level, the detector material, and the environmental factor (water depth). The SNR results of the mercury spectrum when applying different parameters were obtained. Then, the limit of detection (LOD) and limit of quantification (LOQ) based on the SNR approach are considered. Finally, system parameters were determined in order to obtain more accurate qualitative and quantitative analysis results for future environmental measurements.

XRF detection system

MCNP modelling

Mercury

Fiber bank

Annan elektroteknik och elektronik

Intrusion Detection System in Smart Home Network Using Artificial Immune System and Extreme Learning Machine

Alalade, Emmanuel

16 June 2020

No description available.

Information Technology

Intrusion detection system

smart home

artificial immune system

Extreme learning machine

Artificial Immune System

Internet of Things

A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment.

Pagna Disso, Jules F.

January 2010

Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker¿s actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes.

Intrusion Detection System (IDS)

Visibility of attacks

Performance evaluation

Snort

Computer network security

Cyberbullying Detection System On Multimodal Data / System för upptäckt av nätmobbning med hjälp av multimodal data

Nikolskaya, Anna

January 2022

Cyberbullying has become a significant societal concern as people increasingly use computing technology to mediate all elements of their life. Cyberbullying can cause serious psychological and emotional problems for people who are impacted. Hence, developing automated ways for detecting cyberbullying is critical. While recent efforts to identify cyberbullying have specified advanced text processing approaches, the area of visual data processing has received significantly less attention.  This thesis presents multimodal approach on cyberbullying detection in social media by using a combination of visual and textual features. The work presents the prototype of cyberbullying detection system alongside its design and implementation details.  The foundings of this work prove that visual features can be used for the improvement of the textual approach. The results show that visual features is a best performing approach according to Naive Bayes and Random Forest algorithms and combination of textual and visual features reached the highest performance according to Support Vector Classification model. Furthermore, the result reveal that feature combination leading to the highest performance of Support Vector Classification is a combination of text description, text sentiment and image tags. The strongest feature performance with Random Forest and Naive Bayes model has been demonstrated by image tags. / Cybermobbning har blivit ett stort samhällsproblem i takt med att människor i allt högre grad använder datorteknik i alla delar av sitt liv. Cybermobbning kan orsaka allvarliga psykologiska och känslomässiga problem för de personer som drabbas. Därför är det viktigt att utveckla automatiserade metoder för att upptäcka cybermobbning. Medan de senaste insatserna för att identifiera cybermobbning har specificerat avancerade metoder för textbearbetning, har visuell databehandling fått betydligt mindre uppmärksamhet.  I den här avhandlingen presenteras en multimodal metod för att upptäcka cybermobbning i sociala medier med hjälp av en kombination av visuella och textuella element. I arbetet presenteras prototypen av ett system för upptäckt av cybermobbning tillsammans med detaljer om dess utformning och genomförande.  Resultaten av detta arbete visar att visuella funktioner kan användas för att förbättra den textuella modellen. Resultaten visar att visuella funktioner är det bästa tillvägagångssättet enligt Naive Bayes - och Random Forest­algoritmerna och att kombinationen av text- och visuella funktioner uppnådde den högsta prestandan enligt Support Vector Classification - modellen. Dessutom visar resultatet att kombinationen av funktioner som leder till den högsta prestandan för Support Vector Classification ar en kombination av textbeskrivning, textkänsla och bildtaggar. Den starkaste prestandan med Random Forest - och Naive Bayes -modellen däremot, har visats med bildtaggar.

Multimodality

Machine Leaming

Cyberbullying

Detection system

Social Media.

Multimodalitet

maskininlärning

cybermobbning

detektionssystem

sociala medier

Computer and Information Sciences

Data- och informationsvetenskap

Web-Based Intrusion Detection System

Ademi, Muhamet

January 2013

Web applications are growing rapidly and as the amount of web sites globallyincreases so do security threats. Complex applications often interact with thirdparty services and databases to fetch information and often interactions requireuser input. Intruders are targeting web applications specifically and they are ahuge security threat to organizations and a way to combat this is to haveintrusion detection systems. Most common web attack methods are wellresearched and documented however due to time constraints developers oftenwrite applications fast and may not implement the best security practices. Thisreport describes one way to implement a intrusion detection system thatspecifically detects web based attacks.

intrusion detection system

ids

web application security

web application

network security

web security

Engineering and Technology

Teknik och teknologier

Network Traffic Analysis and Anomaly Detection : A Comparative Case Study

Babu, Rona

January 2022

Computer security is to protect the data inside the computer, relay the information, expose the information, or reduce the level of security to some extent. The communication contents are the main target of any malicious intent to interrupt one or more of the three aspects of the information security triad (confidentiality, integrity, and availability). This thesis aims to provide a comprehensive idea of network traffic analysis, various anomaly or intrusion detection systems, the tools used for it, and finally, a comparison of two Network Traffic Analysis (NTA) tools available in the market: Splunk and Security Onion and comparing their finding to analyse their feasibility and efficiency on Anomaly detection. Splunk and Security Onion were found to be different in the method of monitoring, User Interface (UI), and the observations noted. Further scope for future works is also suggested from the conclusions made.

Computer security

Network Traffic Analysis (NTA)

SIEM

Splunk

Security Onion

Engineering and Technology

Teknik och teknologier