• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 214
  • 61
  • 32
  • 11
  • 6
  • 5
  • 3
  • 3
  • 3
  • 2
  • 1
  • 1
  • Tagged with
  • 438
  • 438
  • 222
  • 177
  • 144
  • 141
  • 121
  • 94
  • 87
  • 84
  • 69
  • 63
  • 59
  • 59
  • 58
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
101

An Intrusion Detection Scheme for Wireless Mobile Ad hoc Networks based on DSDV Protocol

Nadkarni, Ketan Milind 16 September 2003 (has links)
Wireless mobile ad-hoc networks (MANETs) have come into prominence due to potentially rapid and infrastructure-less deployment in military operations and also in emergency and disaster-relief situations. However, the unreliability of wireless links between nodes, possibility of mobile nodes being captured or compromised, break down of cooperative algorithms, all lead to increased vulnerability. No matter how supposedly secure a system is, unrelenting attackers eventually succeed in infiltrating it. This underscores the need to monitor what is taking place in a system and look for suspicious behavior. An Intrusion Detection System (IDS) does just that: monitors audit data, looks for intrusions in the system, and initiates a proper response. Bandwidth constraints of MANETs necessitate the need for efficiency of any security scheme in order to prevent the overloading of the network. In this thesis, we have proposed an effective and efficient IDS for MANETs that aims to combine misuse detection with anomaly detection. Experimental validation has provided significant results about not only the accuracy and robustness of the scheme but also the non-degradability of network performance upon induction of our security scheme. It is not affected by factors such as node density, node mobility, traffic load and percentage of malicious nodes. On an average, our IDS, implemented using Destination-Sequenced Distance-Vector (DSDV) protocol, detects intrusions with an accuracy of over 90% and is generally insensitive to false alarms. Moreover, performance metrics such as end-to-end delay, packet delivery ratio and normalized routing load are only marginally affected (about 2% decrease in performance). / Master of Science
102

Analysis of detection systems in a Software-Defined Network

Fakolujo, Oluwapelumi, Qureshi, Amna 16 August 2024 (has links)
Yes / Software-Defined Networking (SDN), a novel and innovative networking technology, offers programmability and flexibility within networks and centralized control of those networks. The separation of data and control planes, as well as the concentration of all control provisioning options within a SDN controller, are two of the most significant ways in which SDN improves on traditional network deployments. However, because different planes in an SDN network are separated, the network contains several attack vectors that malicious users could exploit. Distributed Denial-of-Service (DDoS) attacks pose a unique threat to SDN because they can disrupt connections between the controller and data plane devices. Therefore, developing and implementing intrusion detection systems (IDS) in SDN is necessary. This paper investigates IDS in software-defined networks for effectively detecting DDoS attacks using signature-based and machine learning (ML)-based approaches. Mininet and OpenDayLight are used to simulate an SDN environment in which normal and attack traffic is generated to assess intrusion detection techniques. The Snort IDS is employed as the signature-based IDS in this study, while the ML algorithms, Random Forest (RF), J48, Naive Bayes (NB), and Support Vector Machine (SVM) are used to implement the ML-based IDS. The IDS are examined using SDN-generated traffic, with the InSDN-NB model surpassing all other ML models and Snort IDS with 98.86% prediction accuracy and a train time of 1.46s.
103

Intrusion Detection System for Electronic Communication Buses: A New Approach

Spicer, Matthew William 18 January 2018 (has links)
With technology and computers becoming more and more sophisticated and readily available, cars have followed suit by integrating more and more microcontrollers to handle tasks ranging from controlling the radio to the brakes and steering. Handling all of these separate processors is a communication system and protocol known as Controller Area Network (CAN) bus. While the CAN bus is a robust system for sending messages, allowing control of the car through the CAN bus presents an opportunity for an outside party to interfere with the operations of a car. Any number of different methods could be used to hack the bus and take control of a car, including hacking into the bus remotely, plugging a small device into the on-board diagnostics port to the CAN bus, or swapping an existing node on the CAN bus for one that has been tampered with. This presents obvious safety risks, so to guard against this possibility, this paper will present an algorithm designed to recognize nodes based on the noise content of their signal so that any messages coming from an improper source can be flagged as suspicious. The algorithm makes use of MATLAB and Python to perform various transformations on the data and calculate features of the noise in a signal. These features are then passed through a statistical analysis which provides each one a score for how much useful information it contains. The best performing features are run through both a multilayer perceptron neural network and a support vector machine, and the results are compared. Each algorithm gives strong prediction performance, with prediction accuracies of 99.9% and 99.8% for the neural network and support vector machine, respectively. / Master of Science / With technology and computers becoming more and more sophisticated and readily available, cars have followed suit by integrating more and more microcontrollers to handle tasks ranging from controlling the radio to the brakes. Handling all of these separate processors is a communication system and protocol known as Controller Area Network (CAN) bus. However, this presents an opportunity for an outside party to interfere with the operations of a car. An existing node for the CAN bus could be swapped out for one that has been tampered with, causing potentially fatal accidents. To guard against this possibility, this paper will present an algorithm designed to recognize nodes based on the noise content of their signal so that any new hardware will trigger a flag that an unrecognized source is trying to interfere. The algorithm makes use of the MATLAB and Python programming languages to calculate certain characteristics of the noise in the signal and pass those through a machine learning algorithm. This algorithm is able to learn through mathematical means what each node ”sounds like”. With over 99% accuracy, we were able to predict which node sent a given signal.
104

An Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computers

Nash, Daniel Charles 15 June 2005 (has links)
Mobile personal computing devices continue to proliferate and individuals' reliance on them for day-to-day needs necessitate that these platforms be secure. Mobile computers are subject to a unique form of denial of service attack known as a battery exhaustion attack, in which an attacker attempts to rapidly drain the battery of the device. Battery exhaustion attacks greatly reduce the utility of the mobile devices by decreasing battery life. If steps are not taken to thwart these attacks, they have the potential to become as widespread as the attacks that are currently mounted against desktop systems. This thesis presents steps in the design of an intrusion detection system for detecting these attacks, a system that takes into account the performance, energy, and memory constraints of mobile computing devices. This intrusion detection system uses several parameters, such as CPU load and disk accesses, to estimate the power consumption of two test systems using multiple linear regression models, allowing us to find the energy used on a per process basis, and thus identifying processes that are potentially battery exhaustion attacks. / Master of Science
105

Multi-Vector Portable Intrusion Detection System

Moyers, Benjamin 18 August 2009 (has links)
This research describes an intrusion detection system designed to fulfill the need for increased mobile device security. The Battery-Sensing Intrusion Protection System (B-SIPS) [1] initially took a non-conventional approach to intrusion detection by recognizing attacks based on anomalous Instantaneous Current (IC) drainage. An extension of B-SIPS, the Multi-Vector Portable Intrusion Detection System (MVP-IDS) validates the idea of recognizing attacks based on anomalous IC drain by correlating the detected anomalies with wireless attack traffic from both the Wi-Fi and Bluetooth mediums. To effectively monitor the Wi-Fi and Bluetooth mediums for malicious packet streams, the Snort-Based Wi-Fi and Bluetooth Attack Detection and Signature System (BADSS) modules were introduced. MVP-IDS illustrates that IC anomalies, representing attacks, can be correlated with wireless attack traffic through a collaborative and multi-module approach. Furthermore, MVP-IDS not only correlates wireless attacks, but mitigates them and defends its clients using an administrative response mechanism. This research also provides insight into the ramifications of battery exhaustion Denial of Service (DoS) attacks on battery-powered mobile devices. Several IEEE 802.11 Wi-Fi, IEEE 802.15.1 Bluetooth, and blended attacks are studied to understand their effects on device battery lifetimes. In the worst case, DoS attacks against mobile devices were found to accelerate battery depletion as much as 18.5%. However, if the MVP-IDS version of the B-SIPS client was allowed to run in the background during a BlueSYN flood attack, it could mitigate the attack and preserve as much as 16% of a mobile device's battery lifetime as compared with an unprotected device. / Master of Science
106

A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment

Pagna Disso, Jules Ferdinand January 2010 (has links)
Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes.
107

Abstracting and correlating heterogeneous events to detect complex scenarios

Panichprecha, Sorot January 2009 (has links)
The research presented in this thesis addresses inherent problems in signaturebased intrusion detection systems (IDSs) operating in heterogeneous environments. The research proposes a solution to address the difficulties associated with multistep attack scenario specification and detection for such environments. The research has focused on two distinct problems: the representation of events derived from heterogeneous sources and multi-step attack specification and detection. The first part of the research investigates the application of an event abstraction model to event logs collected from a heterogeneous environment. The event abstraction model comprises a hierarchy of events derived from different log sources such as system audit data, application logs, captured network traffic, and intrusion detection system alerts. Unlike existing event abstraction models where low-level information may be discarded during the abstraction process, the event abstraction model presented in this work preserves all low-level information as well as providing high-level information in the form of abstract events. The event abstraction model presented in this work was designed independently of any particular IDS and thus may be used by any IDS, intrusion forensic tools, or monitoring tools. The second part of the research investigates the use of unification for multi-step attack scenario specification and detection. Multi-step attack scenarios are hard to specify and detect as they often involve the correlation of events from multiple sources which may be affected by time uncertainty. The unification algorithm provides a simple and straightforward scenario matching mechanism by using variable instantiation where variables represent events as defined in the event abstraction model. The third part of the research looks into the solution to address time uncertainty. Clock synchronisation is crucial for detecting multi-step attack scenarios which involve logs from multiple hosts. Issues involving time uncertainty have been largely neglected by intrusion detection research. The system presented in this research introduces two techniques for addressing time uncertainty issues: clock skew compensation and clock drift modelling using linear regression. An off-line IDS prototype for detecting multi-step attacks has been implemented. The prototype comprises two modules: implementation of the abstract event system architecture (AESA) and of the scenario detection module. The scenario detection module implements our signature language developed based on the Python programming language syntax and the unification-based scenario detection engine. The prototype has been evaluated using a publicly available dataset of real attack traffic and event logs and a synthetic dataset. The distinct features of the public dataset are the fact that it contains multi-step attacks which involve multiple hosts with clock skew and clock drift. These features allow us to demonstrate the application and the advantages of the contributions of this research. All instances of multi-step attacks in the dataset have been correctly identified even though there exists a significant clock skew and drift in the dataset. Future work identified by this research would be to develop a refined unification algorithm suitable for processing streams of events to enable an on-line detection. In terms of time uncertainty, identified future work would be to develop mechanisms which allows automatic clock skew and clock drift identification and correction. The immediate application of the research presented in this thesis is the framework of an off-line IDS which processes events from heterogeneous sources using abstraction and which can detect multi-step attack scenarios which may involve time uncertainty.
108

Increasing the Trustworthiness ofAI-based In-Vehicle IDS usingeXplainable AI

Lundberg, Hampus January 2022 (has links)
An in-vehicle intrusion detection system (IV-IDS) is one of the protection mechanisms used to detect cyber attacks on electric or autonomous vehicles where anomaly-based IDS solution have better potential at detecting the attacks especially zero-day attacks. Generally, the IV-IDS generate false alarms (falsely detecting normal data as attacks) because of the difficulty to differentiate between normal and attack data. It can lead to undesirable situations, such as increased laxness towards the system, or uncertainties in the event-handling following a generated alarm. With the help of sophisticated Artificial Intelligence (AI) models, the IDS improves the chances of detecting attacks. However, the use of such a model comes at the cost of decreased interpretability, a trait that is argued to be of importance when ascertaining various other valuable desiderata, such as a model’s trust, causality, and robustness. Because of the lack of interpretability in sophisticated AI-based IV-IDSs, it is difficult for humans to trust such systems, let alone know what actions to take when an IDS flags an attack. By using tools found in the area of eXplainable AI (XAI), this thesis aims to explore what kind of explanations could be produced in accord with model predictions, to further increase the trustworthiness of AI-based IV-IDSs. Through a comparative survey, aspects related to trustworthiness and explainability are evaluated on a custom, pseudo-global, visualization-based explanation (”VisExp”), and a rule based explanation. The results show that VisExp increase the trustworthiness,and enhanced the  explainability of the AI-based IV-IDS.
109

Evaluating the efficiency of Host-based Intrusion Detection Systems protecting web applications

Willerton, Adam, Gustafsson, Rasmus January 2022 (has links)
Background. Web applications are a more significant part of our digital experience, and the number of users keeps continuously growing. Social media alone accounts for more than half of the world’s population. Therefore these applications have become a lucrative target for attackers, and we have seen several attacks against them. One such example saw attackers manage to compromise a twitter account [15], leading to false information being published, causing the New York stock exchange to drop 150 points, erasing 136 billion dollars in equity market value. There are methods to protect web applications, such as web application firewalls or content security policies. Still, another candidate for defending these applications is Host-based Intrusion Detection Systems (HIDS). This study aims to assess the efficiency of these HIDS when defending against web applications. Objectives. The main objective of the thesis is to create an efficiency evaluating model for a HIDS when protecting web applications. Additionally, we will test two open-source HIDS against web applications built to emulate a vulnerable environment and measure these HIDS efficiencies with the model mentioned above. Methods. To reach the objectives of our thesis, a literature review regarding what metrics to evaluate the efficiency of a HIDS was conducted. This allowed us to construct a model for which we evaluated the efficiency of our selected HIDS. In this model, we use 3 categories, each containing multiple metrics. Once completed, the environment hosting our vulnerable applications and their HIDS was set up, followed by the attacks of the applications. The data generated by the HIDS gave us the data required to make our efficiency evaluation which was performed through the lens of the previously mentioned model. Results. The result shows a low overall efficiency from the two HIDS when regarding the category attack detection. The most efficient of the two could be determined. Of the two evaluated, Wazuh and Samhain; we determined Wazuh to be the more efficient HIDS. We identified several components required to improve their attack detection. Conclusions. Through the use of our model, we concluded that the HIDS Wazuh had higher efficiency than the HIDS Samhain. However both HIDS had low performances regarding their ability to detect attacks. Some specific components need to be implemented within these systems before they can reliably be used for defending web applications.
110

A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment.

Pagna Disso, Jules F. January 2010 (has links)
Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker¿s actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes.

Page generated in 0.142 seconds