Global ETD Search

61	Lightweight Portable Intrusion Detection System for Auditing Applications : Implementation and evaluation of a lightweight portable intrusion detection system using Raspberry Pi and Wi-Fi Pineapple Nykvist, Carl, Larsson, Martin January 2019 (has links) The goal of this thesis was to develop, deploy and evaluate a lightweight portable intrusion detection system (LPIDS) over wireless networks. The LPIDS was developed by adopting two different string matching algorithms: Aho-Corasick algorithm and Knuth–Morris–Pratt algorithm (KMP). The LPIDS was implemented and tested on the hardware platforms Wi-Fi Pineapple and Raspberry Pi. To evaluate and test the LPIDS as well as the algorithms, performance metrics such as throughput, response time and power consumption are considered. The experimental results reveal that Aho-Corasick performed better than KMP throughout the majority of the process, but KMP was typically faster in the beginning with fewer rules. Similarly, Raspberry Pi shows remarkably higher performance than Wi-Fi Pineapple in all of the measurements. Moreover, we compared the throughput between LPIDS and Snort. It was concluded that the throughput was significantly higher for LPIDS when most of the rules do not include content parameters. This thesis concludes that due to computational complexity and slow hardware processing capabilities of Wi-Fi Pineapple, it could not become suitable IDS in the presence of different pattern matching strategies. Finally, we propose a modification of Snort to increase the throughput of the system. IDS LPIDS KMP Raspberry Pi Aho-Corasick Wi-Fi Pineapple Engineering and Technology Teknik och teknologier
62	A Study on the Adaptability of Immune System Principles to Wireless Sensor Network and IoT Security Alaparthy, Vishwa 14 November 2018 (has links) Network security has always been an area of priority and extensive research. Recent years have seen a considerable growth in experimentation with biologically inspired techniques. This is a consequence of our increased understanding of living systems and the application of that understanding to machines and software. The mounting complexity of telecommunications networks and the need for increasing levels of security have been the driving factor. The human body can act as a great role model for its unique abilities in protecting itself from external, foreign entities. Many abnormalities in the human body are similar to that of the attacks in wireless sensor networks (WSN). This paper presents basic ideas drawn from human immune system analogies that can help modelling a system to counter the attacks on a WSN by monitoring parameters such as energy, frequency of data transfer, data sent and received. This is implemented by exploiting two immune concepts, namely danger theory and negative selection. Danger theory aggregates the anomalies based on the weights of the anomalous parameters. The objective is to design a cooperative intrusion detection system (IDS) based on danger theory. Negative selection differentiates between normal and anomalous strings and counters the impact of malicious nodes faster than danger theory. We also explore other human immune system concepts and their adaptability to Wireless Sensor Network Security. Human Immune System IoT's IDS Negative Selection RPL WSN's Danger Theory Electrical and Computer Engineering
63	Intrusion Detection Systems : Technologies, Weaknesses and Trends / Intrångsdetekteringssystem : Teknologier, Svagheter och Trender Arvidson, Martin, Carlbark, Markus January 2003 (has links) <p>Traditionally, firewalls and access control have been the most important components used in order to secure servers, hosts and computer networks. Today, intrusion detection systems (IDSs) are gaining attention and the usage of these systems is increasing. This thesis covers commercial IDSs and the future direction of these systems. A model and taxonomy for IDSs and the technologies behind intrusion detection is presented. </p><p>Today, many problems exist that cripple the usage of intrusion detection systems. The decreasing confidence in the alerts generated by IDSs is directly related to serious problems like false positives. By studying IDS technologies and analyzing interviews conducted with security departments at Swedish banks, this thesis identifies the major problems within IDSs today. The identified problems, together with recent IDS research reports published at the RAID 2002 symposium, are used to recommend the future direction of commercial intrusion detection systems.</p> Informationsteknik computer security IDS intrusion detection taxonomy weaknesses Informationsteknik Information technology Informationsteknik
64	An implementation of a DNS-based malware detection system Fors, Markus, Grahn, Christian January 2010 (has links) <p>Today’s wide usage of the Internet makes malicious software (malware) and botnets a big problem. While anti-virus software is commonplace today, malware is constantly evolving to remain undetected. Passively monitoring DNS traffic on a network can present a platform for detecting malware on multiple computers at a low cost and low complexity. To explore this avenue for detecting malware we decided it was necessary to design an extensible system where the framework was separate from the actual detection methods. We wanted to divide the system into three parts, one for logging, one for handling modules for detection and one for taking action against suspect traffic. The system we implemented in C collects DNS traffic and processes it with modules that are compiled separately and can be plugged in or out during runtime. Two proof of concept modules have been implemented. One based on a blacklist and one based on geolocation of requested servers. The system is complete to the point of being ready for field testing and implementation of more advanced detection modules.</p> DNS malware implementation IDS Botnet DMDS detection system spyware. Computer science Datavetenskap
65	Enhancing Performance of Vulnerability-based Intrusion Detection Systems Farroukh, Amer 31 December 2010 (has links) The accuracy of current intrusion detection systems (IDSes) is hindered by the limited capability of regular expressions (REs) to express the exact vulnerability. Recent advances have proposed vulnerability-based IDSes that parse traffic and retrieve protocol semantics to describe the vulnerability. Such a description of attacks is analogous to subscriptions that specify events of interest in event processing systems. However, the matching engine of state-of-the-art IDSes lacks efficient matching algorithms that can process many signatures simultaneously. In this work, we place event processing in the core of the IDS and propose novel algorithms to efficiently parse and match vulnerability signatures. Also, we are among the first to detect complex attacks such as the Conficker worm which requires correlating multiple protocol data units (MPDUs) while maintaining a small memory footprint. Our approach incurs neglibile overhead when processing clean traffic, is resilient to attacks, and is faster than existing systems. Security Intrusion Detection Matching MPDU Vulnerability Conficker IDS Snort 0544 0984
66	Enhancing Performance of Vulnerability-based Intrusion Detection Systems Farroukh, Amer 31 December 2010 (has links) The accuracy of current intrusion detection systems (IDSes) is hindered by the limited capability of regular expressions (REs) to express the exact vulnerability. Recent advances have proposed vulnerability-based IDSes that parse traffic and retrieve protocol semantics to describe the vulnerability. Such a description of attacks is analogous to subscriptions that specify events of interest in event processing systems. However, the matching engine of state-of-the-art IDSes lacks efficient matching algorithms that can process many signatures simultaneously. In this work, we place event processing in the core of the IDS and propose novel algorithms to efficiently parse and match vulnerability signatures. Also, we are among the first to detect complex attacks such as the Conficker worm which requires correlating multiple protocol data units (MPDUs) while maintaining a small memory footprint. Our approach incurs neglibile overhead when processing clean traffic, is resilient to attacks, and is faster than existing systems. Security Intrusion Detection Matching MPDU Vulnerability Conficker IDS Snort 0544 0984
67	An Extensible Framework For Automated Network Attack Signature Generation Kenar, Serkan 01 January 2010 (has links) (PDF) The effectiveness of misuse-based intrusion detection systems (IDS) are seriously broken, with the advance of threats in terms of speed and scale. Today worms, trojans, viruses and other threats can spread all around the globe in less than thirty minutes. In order to detect these emerging threats, signatures must be generated automatically and distributed to intrusion detection systems rapidly. There are studies on automatically generating signatures for worms and attacks. However, either these systems rely on Honeypots which are supposed to receive only suspicious traffic, or use port-scanning outlier detectors. In this study, an open, extensible system based on an network IDS is proposed to identify suspicious traffic using anomaly detection methods, and to automatically generate signatures of attacks out of this suspicious traffic. The generated signatures are classified and fedback into the IDS either locally or distributed. Design and proof-of-concept implementation are described and developed system is tested on both synthetic and real network data. The system is designed as a framework to test different methods and evaluate the outcomes of varying configurations easily. The test results show that, with a properly defined attack detection algorithm, attack signatures could be generated with high accuracy and efficiency. The resulting system could be used to prevent early damages of fast-spreading worms and other threats. QA Computer Software 76.75-76.765
68	An Evaluation of current IDS Fernandez, Maria del Mar, Porres, Ignacio January 2008 (has links) <p>With the possibility of connecting several computers and networks the necessity of protecting the whole data and machines from attackers (hackers) that try to get some confident information to use for their own benefit or just destroy or modify valuable information was born. At this point IDS appears to help users, companies or institutions to detect when they are getting compromised. This thesis will cover two main parts: the first one consists of an intense research study about the world of IDS and its environment. Subsequently, we will conclude this part with some points where IDS still needs to be questioned and show up desirable requirements for “the perfect” intrusion detection system. This “perfect” adjective can of course be discussed variously. The second part of the thesis approaches the implementation of the most used open source IDS: Snort. Some basic attacks on the machine where Snort is installed will be performed in order to make the future user see what kind of protection it ensures and the usability of this. There is a brief discussion about two of the main challenges in IDS will follow: analyzing big amounts of packets and encrypted traffic. Finally there are conclusions for a safe computer environment as well as the suggestion that some skilled programmer should give Snort a more friendly interface for every kind of users and a built in programme package which includes webserver, database and other libraries that are needed to run it properly with all its features.</p> IDS NIDS HIDS Snort False Positive Firewall Informatik, data- och systemvetenskap
69	Intrusion Management Olsson, Fredrik January 2006 (has links) <p>Information security is tasked with protecting the confidentiality, integrity, and availability of an organizations information resource. A key aspect in protecting these resources is developing an</p><p>understanding of the threats, vulnerabilities, and exposures that they face by using Risk Management.</p><p>The objective of Risk Management is to identify, quantify and manage information security risks to achieve organizations objectives through a number of tasks utilizing key Risk Management techniques.</p><p>Risk Management is a process that ensures that the impact of threats exploiting vulnerabilities is within acceptable limits and at an acceptable cost.</p><p>With the increased complexity of modern dynamic networks, traditional defence mechanisms are failing and as a result cyber crime is on the rise [FBI03]. This puts organizations and corporations at risk as the defences are ill-fitted and weak [KBM04].</p><p>No information system can be absolutely secure, especially large and complex systems. Embedded security works for isolated, dedicated systems with few users but does not offer cost effective security, and even worse does not always handle security based on a real threat (this is manly due to it inherent inflexibility). A military strategy within the field of information operations suggests a method of information superiority bases on the OODA-loop. This theses propose a method of information security protection based on a combination of risk management techniques and information operation (foremost the OODA-loop). This is in order to ensure a cost effective and a viable future for information security in large</p><p>and complex systems, where the war at least at present time is lost to the “black hats”, a term often used to describe a menaced hacker.</p> Information Security IT-Security Military strategy IDS Risk Management OODA-loop Computer science Datavetenskap
70	Network Forensics and Log Files Analysis : A Novel Approach to Building a Digital Evidence Bag and Its Own Processing Tool Qaisi, Ahmed Abdulrheem Jerribi January 2011 (has links) Intrusion Detection Systems (IDS) tools are deployed within networks to monitor data that is transmitted to particular destinations such as MySQL,Oracle databases or log files. The data is normally dumped to these destinations without a forensic standard structure. When digital evidence is needed, forensic specialists are required to analyse a very large volume of data. Even though forensic tools can be utilised, most of this process has to be done manually, consuming time and resources. In this research, we aim to address this issue by combining several existing tools to archive the original IDS data into a new container (Digital Evidence Bag) that has a structure based upon standard forensic processes. The aim is to develop a method to improve the current IDS database function in a forensic manner. This database will be optimised for future, forensic, analysis. Since evidence validity is always an issue, a secondary aim of this research is to develop a new monitoring scheme. This is to provide the necessary evidence to prove that an attacker had surveyed the network prior to the attack. To achieve this, we will set up a network that will be monitored by multiple IDSs. Open source tools will be used to carry input validation attacks into the network including SQL injection. We will design a new tool to obtain the original data in order to store it within the proposed DEB. This tool will collect the data from several databases of the different IDSs. We will assume that the IDS will not have been compromised. IDS snort barnyard snorby mysql intrusion detection systems multiple IDSs forensics digital evidence bags

Search results