Global ETD Search

51	BotDet: a system for real time Botnet command and control traffic detection Ghafir, Ibrahim, Prenosil, V., Hammoudeh, M., Baker, T., Jabbar, S., Khalid, S., Jaf, S. 24 January 2020 (has links) Yes / Over the past decade, the digitization of services transformed the healthcare sector leading to a sharp rise in cybersecurity threats. Poor cybersecurity in the healthcare sector, coupled with high value of patient records attracted the attention of hackers. Sophisticated advanced persistent threats and malware have significantly contributed to increasing risks to the health sector. Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware. Machines infected with bot malware can be used as tools for remote attack or even cryptomining. This paper presents a novel approach, called BotDet, for botnet Command and Control (C&C) traffic detection to defend against malware attacks in critical ultrastructure systems. There are two stages in the development of the proposed system: 1) we have developed four detection modules to detect different possible techniques used in botnet C&C communications and 2) we have designed a correlation framework to reduce the rate of false alarms raised by individual detection modules. Evaluation results show that BotDet balances the true positive rate and the false positive rate with 82.3% and 13.6%, respectively. Furthermore, it proves BotDet capability of real time detection. Critical infrastructure security Healthcare cyber attacks Malware Botnet Command and control server Intrusion detection system Alert correlation
52	Unsupervised Learning for Feature Selection: A Proposed Solution for Botnet Detection in 5G Networks Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 01 August 2022 (has links) Yes / The world has seen exponential growth in deploying Internet of Things (IoT) devices. In recent years, connected IoT devices have surpassed the number of connected non-IoT devices. The number of IoT devices continues to grow and they are becoming a critical component of the national infrastructure. IoT devices' characteristics and inherent limitations make them attractive targets for hackers and cyber criminals. Botnet attack is one of the serious threats on the Internet today. This article proposes pattern-based feature selection methods as part of a machine learning (ML) based botnet detection system. Specifically, two methods are proposed: the first is based on the most dominant pattern feature values and the second is based on Maximal Frequent Itemset (MFI) mining. The proposed feature selection method uses Gini Impurity (GI) and an unsupervised clustering method to select the most influential features automatically. The evaluation results show that the proposed methods have improved the performance of the detection system. The developed system has a True Positive Rate (TPR) of 100% and a False Positive Rate (FPR) of 0% for best performing models. In addition, the proposed methods reduce the computational cost of the system as evidenced by the detection speed of the system. Botnet attack Internet of Things Network security Intrusion detection system Machine learning Feature selection
53	RSU-Based Intrusion Detection and Autonomous Intersection Response Systems Yurkovich, Peter Joseph 10 March 2022 (has links) Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such, it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks. This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) located on Roadside Units (RSU) was developed to detect misbehavior nodes. This model maintains a 98%-100% accuracy while reducing system overhead by removing the need for edge or cloud computing. A resilient Intrusion Response System (IRS) for a autonomous intersection was developed to protect again sybil attacks. The IRS utilizes adaptive switching between several intersection types to reduce delay by up to 78% compared to intersections without these defenses. / Master of Science / Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks. This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) was created to detect vehicles misbehaving or conducting cyberattacks. The IDS is installed on off-road computers, called Roadside Units (RSU) which prevents the need for a separate server to be created to hold the IDS. The IDS is able to identify misbehavior and attacks at a 98% to 100% accuracy. An autonomous intersection is an intersection where all directions for driving through the intersection are transmitted through wireless communication. A Intrusion Response System (IRS) was developed for an autonomous intersection, to defend against vehicles making multiple reservation requests to pass through the intersection. The IRS reduces vehicle delay through the intersection by 78% compared to an intersection without defenses. Vehicle ad hoc Network Intrusion Detection System Autonomous Intersection Intrusion Response System
54	Sequential Pattern Mining: A Proposed Approach for Intrusion Detection Systems Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 19 December 2023 (has links) No / Technological advancements have played a pivotal role in the rapid proliferation of the fourth industrial revolution (4IR) through the deployment of Internet of Things (IoT) devices in large numbers. COVID-19 caused serious disruptions across many industries with lockdowns and travel restrictions imposed across the globe. As a result, conducting business as usual became increasingly untenable, necessitating the adoption of new approaches in the workplace. For instance, virtual doctor consultations, remote learning, and virtual private network (VPN) connections for employees working from home became more prevalent. This paradigm shift has brought about positive benefits, however, it has also increased the attack vectors and surfaces, creating lucrative opportunities for cyberattacks. Consequently, more sophisticated attacks have emerged, including the Distributed Denial of Service (DDoS) and Ransomware attacks, which pose a serious threat to businesses and organisations worldwide. This paper proposes a system for detecting malicious activities in network traffic using sequential pattern mining (SPM) techniques. The proposed approach utilises SPM as an unsupervised learning technique to extract intrinsic communication patterns from network traffic, enabling the discovery of rules for detecting malicious activities and generating security alerts accordingly. By leveraging this approach, businesses and organisations can enhance the security of their networks, detect malicious activities including emerging ones, and thus respond proactively to potential threats. Scanning detection Sequential pattern mining Unsupervised learning Intrusion detection system Network security
55	Latent Dirichlet Allocation for the Detection of Multi-Stage Attacks Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 19 December 2023 (has links) No / The rapid shift and increase in remote access to organisation resources have led to a significant increase in the number of attack vectors and attack surfaces, which in turn has motivated the development of newer and more sophisticated cyber-attacks. Such attacks include Multi-Stage Attacks (MSAs). In MSAs, the attack is executed through several stages. Classifying malicious traffic into stages to get more information about the attack life-cycle becomes a challenge. This paper proposes a malicious traffic clustering approach based on Latent Dirichlet Allocation (LDA). LDA is a topic modelling approach used in natural language processing to address similar problems. The proposed approach is unsupervised learning and therefore will be beneficial in scenarios where traffic data is not labeled and analysis needs to be performed. The proposed approach uncovers intrinsic contexts that relate to different categories of attack stages in MSAs. These are vital insights needed across different areas of cybersecurity teams like Incident Response (IR) within the Security Operations Center (SOC), the insights uncovered could have a positive impact in ensuring that attacks are detected at early stages in MSAs. Besides, for IR, these insights help to understand the attack behavioural patterns and lead to reduced time in recovery following an incident. The proposed approach is evaluated on a publicly available MSAs dataset. The performance results are promising as evidenced by over 99% accuracy in identified malicious traffic clusters. Multi-stage attack Network security Intrusion detection system Latent dirichlet allocation Topic modelling
56	A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment Pagna Disso, Jules Ferdinand January 2010 (has links) Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes. 004
57	Evaluation of and Mitigation against Malicious Traffic in SIP-based VoIP Applications in a Broadband Internet Environment Wulff, Tobias January 2010 (has links) Voice Over IP (VoIP) telephony is becoming widespread, and is often integrated into computer networks. Because of his, it is likely that malicious software will threaten VoIP systems the same way traditional computer systems have been attacked by viruses, worms, and other automated agents. While most users have become familiar with email spam and viruses in email attachments, spam and malicious traffic over telephony currently is a relatively unknown threat. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. A novel security architecture is being developed which improves the security of a large VoIP network with many inexperienced users, such as non-IT office workers or telecommunication service customers. The new architecture establishes interaction between the VoIP backend and the end users, thus providing information about ongoing and unknown attacks to all users. An evaluation of the effectiveness and performance of different implementations of this architecture is done using virtual machines and network simulation software to emulate vulnerable clients and servers through providing apparent attack vectors. Voice over IP (VoIP) Session Initiation Protocol (SIP) Denial of Service (DoS) malware Intrusion Detection System (IDS) event correlation security architecture
58	Sécurisation de capteurs/actionneurs sur réseau industriel / Actuator Sensor Securing over Industrial Network Toublanc, Thomas 18 December 2018 (has links) De nos jours, les systèmes de production sont confrontés à leur 4e révolution. Celle-ci est numérique avec des réseaux toujours plus denses et complexes s’ouvrant sur l’extérieur. Cette ouverture rend ces systèmes plus vulnérables. Les menaces sur ces Systèmes Cyber-Physiques de Production (SCPP) ne sont plus seulement théoriques. L’attaque sur l’aciérie allemande ou le cryptovirus Wannacry en sont de parfaits exemples. Ce travail propose un outil contribuant à la sécurité des SCPP. Nos contributions sont triples : La conception d'un Système de Détection et Réaction aux Anomalies (SDRA) placé sur le réseau de terrain. Celui-ci intègre des méthodes de détection comportementales et informationnelles. Il comprend également des capacités de réaction à la fois passives, mettant en œuvre de la remontée d'information vers l'humain ou vers des systèmes de niveaux supérieurs, et actives intégrant du filtrage d'ordre ou de la mise en repli. L'application des méthodes proposées entraîne naturellement un effort de conception supplémentaire qui doit être réduit. Nous avons donc mis au point une démarche permettant d’assister les concepteurs pour la configuration de notre SDRA. Cette dernière se base sur une approche hybride (composant/opération) et étend un flot de conception existant. Plusieurs transformations raffinent des vues surveillance/supervision des composants alors que d’autres génèrent la configuration du SDRA. Une troisième contribution propose un démonstrateur réaliste basé sur un environnement virtuel de test. Ce dernier intègre la simulation conjointe de la partie opérative et de la partie commande et permet de montrer les qualités fonctionnelles des solutions face à des scénarios d’attaque ou de défaillance. / Today, production systems are facing their 4th revolution. This revolution is digital with increasingly dense and complex networks opening on the outside. This openness makes these systems more vulnerable. The threats on these Cyber-Physical Production Systems (CPPS) are no longer just theoretical. The attacks on the German steel mill or the Wannacry crypto virus are perfect examples. This work proposes a tool contributing to the security of the SCPP. Our contributions are threefold: The design of an Anomaly Detection and Response System (ADRS) placed on the field network. It integrates behavioral and informational detection methods. It also includes passive response capabilities, implementing feedback to the human or to higher level systems, and active integrating order filtering or fallback. The application of the proposed methods naturally entails an additional design effort which must be reduced. We have therefore developed an approach to assist designers in the configuration of our ADRS. It is based on a hybrid approach (component / operation) and extends an existing design flow. Several transformations refine monitoring / supervision views of the components while others generate the configuration of the ADRS. A third contribution proposes a realistic demonstrator based on a virtual test environment. It integrates the joint simulation of the operative part and the control part and makes it possible to show the functional qualities of the solutions in the face of attack or failure scenarios. Système cyber physique Système de détection d'intrusion Sécurité industrielle Cyber Physical System Intrusion detection system 005.8 621.395 629.8
59	Avaliação de ambientes servidores para agentes móveis. / Evaluation of mobile agents server environments. Pereira Filho, Stenio Firmino 01 June 2001 (has links) Agentes móveis são programas que podem ser disparados de um computador (cliente) e transmitidos através de uma rede de comunicação para uma outra maquina (servidor) com o objetivo de executar tarefas a eles designadas. Esta dissertação apresenta uma avaliação de plataformas de desenvolvimento e servidores para agentes móveis. A tecnologia de agentes móveis tem sido alvo de grandes pesquisas, inclusive nos setores de Segurança da Informação e Comércio Eletrônico. Foram executados testes e com as informações foi feita uma análise comparativa, levando-se em consideração questões como características de desempenho dos agentes, desempenho e segurança. Para efetuar os testes foram necessários o entendimento do funcionamento do servidor e o desenvolvimento de seus agentes. Os testes de desempenho serviram para definir quais agentes são mais ágeis e quais são os gastos de processamento dos servidores. Já o teste de segurança teve a finalidade de classificar os servidores quanto à segurança. Os resultados obtidos serviram para indicar qual a melhor plataforma a ser utilizada no desenvolvimento do Sistema de Detecção de Intrusão (SDI) do ICMC. As plataformas que obtiveram destaques nos testes foram o ASDK 1.1 e Grasshopper. A plataforma escolhida para o SDI foi o ASDK 1.1. / Mobile agents are programs able to migrate from a client computer to a server computer through communication networks. There are several mobile agent technologis application, includind Information Security and Eletronic Commerce. This work describes the valuation of mobile agent plataforms. A test environment was desired and 5 plataforms were compared in terms of the security and performance provided. To make the assessment it was necessary to understand the server functionality an the methodologies to develop the agents. The test of performace helped to define which agents are more agile and what are their processing needs while in the server. The security test aimed to classify the servers in them security. The results were used to determine which is better mobile agente plataform to be used in the on going ICMCs Intrusion Detection System (IDS). The best performance plataforms were the ASDK 1.1 and the Grasshopper. The chosen plataform for the IDS was the ASDK 1.1. agentes móveis avaliação de desempenho distribuited systems information security intrusion detection system mobile agent segurança da informação sistemas de detecção de intrusos sistemas distribuidos
60	Um Sistema de Detecção de Intrusão para Detecção de Ataques de Negação de Serviço na Internet das Coisas. / An Intrusion Detection System for Detection of Attacks Service Denial on the Internet of Things. SOUSA, Breno Fabrício Lira Melo 21 December 2016 (has links) Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-01T15:17:20Z No. of bitstreams: 1 Breno Fabricio.pdf: 3022898 bytes, checksum: d3e376b3280034170ef737c756a8bb30 (MD5) / Made available in DSpace on 2017-08-01T15:17:20Z (GMT). No. of bitstreams: 1 Breno Fabricio.pdf: 3022898 bytes, checksum: d3e376b3280034170ef737c756a8bb30 (MD5) Previous issue date: 2016-12-21 / The paradigm of the Internet of Things (in english, Internet of Things - IoT) came to allow intercommunication between different objects via Internet, and thereby facilitate the form of how the end user will interact with a wide variety of devices that surround him in everyday life. The availability of features that these devices have is a factor that deserves great attention because the use of such resources inappropriately can cause serious damage. Therefore, since such devices are connected to the internet, they are vulnerable to various threats, such as, denial-of-service attack (DoS). In order to tackle DoS type threats in IoT, an Intrusion Detection System (IDS) is proposed for IoT, aiming at detecting some types of DoS attacks. / O paradigma da Internet das Coisas (em inglês, Internet of Things - IoT) surgiu para possibilitar a intercomunicação entre os diferentes objetos através da Internet, e, com isso, facilitar a forma de como o usuário final interagirá com a grande variedade de dispositivos que o cerca no dia a dia. A disponibilidade de recursos que estes dispositivos possuem é um fator que merece uma grande atenção, pois o uso de tais recursos de forma não apropriada pode gerar graves danos. Para tanto, uma vez que tais dispositivos estão conectados à Internet, estes estão vulneráveis a diversas ameaças, como, por exemplo, ataque de negação de serviço (DoS). A fim de enfrentar ameaças do tipo DoS em IoT, propõe-se um IDS (Intrusion Detection System) para IoT, objetivando a detecção de alguns ataques do tipo DoS. Arquitetura de Sistemas de Computação

Search results