Global ETD Search

111	Intrusion detection techniques in wireless local area networks Gill, Rupinder S. January 2009 (has links) This research investigates wireless intrusion detection techniques for detecting attacks on IEEE 802.11i Robust Secure Networks (RSNs). Despite using a variety of comprehensive preventative security measures, the RSNs remain vulnerable to a number of attacks. Failure of preventative measures to address all RSN vulnerabilities dictates the need for a comprehensive monitoring capability to detect all attacks on RSNs and also to proactively address potential security vulnerabilities by detecting security policy violations in the WLAN. This research proposes novel wireless intrusion detection techniques to address these monitoring requirements and also studies correlation of the generated alarms across wireless intrusion detection system (WIDS) sensors and the detection techniques themselves for greater reliability and robustness. The specific outcomes of this research are: A comprehensive review of the outstanding vulnerabilities and attacks in IEEE 802.11i RSNs. A comprehensive review of the wireless intrusion detection techniques currently available for detecting attacks on RSNs. Identification of the drawbacks and limitations of the currently available wireless intrusion detection techniques in detecting attacks on RSNs. Development of three novel wireless intrusion detection techniques for detecting RSN attacks and security policy violations in RSNs. Development of algorithms for each novel intrusion detection technique to correlate alarms across distributed sensors of a WIDS. Development of an algorithm for automatic attack scenario detection using cross detection technique correlation. Development of an algorithm to automatically assign priority to the detected attack scenario using cross detection technique correlation.
112	An Ensemble Learning Based Multi-level Network Intrusion Detection System for Wi-Fi Dominant Networks Francisco D. Vaca (6790182) 03 June 2019 (has links) <div>Today, networks contribute signicantly to everyone's life. The enormous usefulness of networks for various services and data storage motivates adversaries to launch attacks on them. Network Intrusion Detection Systems (NIDSs) are used as security measure inside the organizational networks to identify any intrusions and generate alerts for them. The idea of deploying an NIDS is quite known and has been studied and adopted in both academia and industry. However, most of the NIDS literature have emphasized to detect the attacks that originate externally in a wired network infrastructure. In addition, Wi-Fi and wired networks are treated the same for the NIDSs. The open infrastructure in Wi-Fi network makes it different from the wired network. Several internal attacks that could happen in a Wi-Fi network are not pos-</div><div>sible in a wired network. The NIDSs developed using traditional approaches may fail to identify these internal attacks.</div><div><br></div><div><div>The thesis work attempts to develop a Multi-Level Network Intrusion Detection System (ML-NIDS) for Wi-Fi dominant networks that can detect internal attacks specic to Wi-Fi networks as well as the generic network attacks that are independent of network infrastructure. In Wi-Fi dominant networks, Wi-Fi devices (stations) are prevalent at the edge of campus and enterprise networks and integrated with the fixed wired infrastructure at the access. The implementation is proposed for Wi-Fi dominant networks; nevertheless, it aims to work for the wired network as well. We develop the ML-NIDS using an ensemble learning method that combines several weak</div><div>learners to create a strong learner.</div></div><div><br></div> Computer Engineering Wi-Fi
113	Key distribution and distributed intrusion detection system in wireless sensor network Techateerawat, Piya, piyat33@yahoo.com January 2008 (has links) This thesis proposes a security solution in key management and Intrusion Detection System (IDS) for wireless sensor networks. It addresses challenges of designing in energy and security requirement. Since wireless communication consumes the most energy in sensor network, transmissions must be used efficiently. We propose Hint Key Distribution (HKD) for key management and Adaptive IDS for distributing activated IDS nodes and cooperative operation of these two protocols. HKD protocol focuses on the challenges of energy, computation and security. It uses a hint message and key chain to consume less energy while self-generating key can secure the secret key. It is a proposed solution to key distribution in sensor networks. Adaptive IDS uses threshold and voting algorithm to distribute IDS through the network. An elected node is activated IDS to monitor its network and neighbors. A threshold is used as a solution to reduce number of repeated activations of the same node. We attempt to distribute the energy use equally across the network. In a cooperative protocol, HKD and Adaptive IDS exchange information in order to adjust to the current situation. The level of alert controls the nature of the interaction between the two protocols. Wireless Sensor Network Sensor network Security Key Distribution Intrusion Detection System Hint Key Distribution Adaptive Intrusion Detection System HKD IDS Adaptive IDS
114	Applications Of Machine Learning To Anomaly Based Intrusion Detection Phani, B 07 1900 (has links) This thesis concerns anomaly detection as a mechanism for intrusion detection in a machine learning framework, using two kinds of audit data : system call traces and Unix shell command traces. Anomaly detection systems model the problem of intrusion detection as a problem of self-nonself discrimination problem. To be able to use machine learning algorithms for anomaly detection, precise deﬁnitions of two aspects namely, the learning model and the dissimilarity measure are required. The audit data considered in this thesis is intrinsically sequential. Thus the dissimilarity measure must be able to extract the temporal information in the data which in turn will be used for classiﬁcation purposes. In this thesis, we study the application of a set of dissimilarity measures broadly termed as sequence kernels that are exclusively suited for such applications. This is done in conjunction with Instance Based learning algorithms (IBL) for anomaly detection. We demonstrate the performance of the system under a wide range of parameter settings and show conditions under which best performance is obtained. Finally, some possible future extensions to the work reported in this report are considered and discussed. Intrusion Detection Cryptography Computer Access Control Machine Learning Sequence Kernel Anomaly Detection Data Mining System Call Traces Intrusion Detection Systems (IDS) Computer Science
115	A Low-Complexity Intrusion Detection Algorithm For Surveillance Using PIR Sensors In A Wireless Sensor Network Sajana, Abu R 05 1900 (has links) (PDF) A Wireless Sensor Network (WSN) is a dense network of autonomous devices (or motes) with sensors that cooperatively monitor some physical or environmental conditions. These devices are resource constrained -limited memory, power and computational resources. Thus, any algorithm developed for WSN should be deigned such that the algorithm consumes the resources as minimal as possible. The problem addressed in this thesis is developing a low-complexity algorithm for intrusion detection in the presence of clutter arising from moving vegetation, using Passive Infra-Red (PIR) sensors. The algorithm is based on a combination of Haar Transform (HT) and Support-Vector-Machine (SVM) based training. The spectral signature of the waveforms is used to separate between the intruder and clutter waveforms. The spectral signature is computed using HT and this is fed to SVM which returns an optimal hyperplane that separates the intruder and clutter signatures. This hyperplane obtained by offline training is used online in the mote for surveillance. The algorithm is field-tested in the Indian Institute of Science campus. Based on experimental observations about the PIR sensor and the lens system, an analytical model for the waveform generated by an intruder moving along a straight line with uniform velocity in the vicinity of the sensor is developed. Analysis on how this model can be exploited to track the intruder path by optimally positioning multiple sensor nodes is provided. Algorithm for tracking the intruder path using features of the waveform from three sensors mounted on a single mote is also developed. Wireless Sensor Networks Algorithms Intrusion Detection Passive Infra-Red Sensors PIR Sensors Wireless Networks Sensors Intrusion Detection Algorithm Intrusion Signature Clutter Signature WSN Communication Engineering
116	Obfuskace síťového provozu pro zabránění jeho detekce pomocí IDS / Network Traffic Obfuscation for IDS Detection Avoidance Ovšonka, Daniel January 2013 (has links) This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.
117	Hypervisor-based cloud anomaly detection using supervised learning techniques Nwamuo, Onyekachi 23 January 2020 (has links) Although cloud network flows are similar to conventional network flows in many ways, there are some major differences in their statistical characteristics. However, due to the lack of adequate public datasets, the proponents of many existing cloud intrusion detection systems (IDS) have relied on the DARPA dataset which was obtained by simulating a conventional network environment. In the current thesis, we show empirically that the DARPA dataset by failing to meet important statistical characteristics of real-world cloud traffic data centers is inadequate for evaluating cloud IDS. We analyze, as an alternative, a new public dataset collected through cooperation between our lab and a non-profit cloud service provider, which contains benign data and a wide variety of attack data. Furthermore, we present a new hypervisor-based cloud IDS using an instance-oriented feature model and supervised machine learning techniques. We investigate 3 different classifiers: Logistic Regression (LR), Random Forest (RF), and Support Vector Machine (SVM) algorithms. Experimental evaluation on a diversified dataset yields a detection rate of 92.08% and a false-positive rate of 1.49% for the random forest, the best performing of the three classifiers. / Graduate Cloud Anomaly Detection ISOT-CID CLoud Network vs Conventional Network DARPA 1998 IDS Dataset Hypervisor-Based Intrusion Detection
118	The Resilience of Deep Learning Intrusion Detection Systems for Automotive Networks : The effect of adversarial samples and transferability on Deep Learning Intrusion Detection Systems for Controller Area Networks / Motståndskraften hos Deep Learning Intrusion Detection Systems för fordonsnätverk : Effekten av kontradiktoriska prover och överförbarhet på Deep Learning Intrusion Detection Systems för Controller Area Networks Zenden, Ivo January 2022 (has links) This thesis will cover the topic of cyber security in vehicles. Current vehicles contain many computers which communicate over a controller area network. This network has many vulnerabilities which can be leveraged by attackers. To combat these attackers, intrusion detection systems have been implemented. The latest research has mostly focused on the use of deep learning techniques for these intrusion detection systems. However, these deep learning techniques are not foolproof and possess their own security vulnerabilities. One such vulnerability comes in the form of adversarial samples. These are attacks that are manipulated to evade detection by these intrusion detection systems. In this thesis, the aim is to show that the known vulnerabilities of deep learning techniques are also present in the current state-of-the-art intrusion detection systems. The presence of these vulnerabilities shows that these deep learning based systems are still to immature to be deployed in actual vehicles. Since if an attacker is able to use these weaknesses to circumvent the intrusion detection system, they can still control many parts of the vehicles such as the windows, the brakes and even the engine. Current research regarding deep learning weaknesses has mainly focused on the image recognition domain. Relatively little research has investigated the influence of these weaknesses for intrusion detection, especially on vehicle networks. To show these weaknesses, firstly two baseline deep learning intrusion detection systems were created. Additionally, two state-of-the-art systems from recent research papers were recreated. Afterwards, adversarial samples were generated using the fast gradient-sign method on one of the baseline systems. These adversarial samples were then used to show the drop in performance of all systems. The thesis shows that the adversarial samples negatively impact the two baseline models and one state-of-the-art model. The state-of-the-art model’s drop in performance goes as high as 60% in the f1-score. Additionally, some of the adversarial samples need as little as 2 bits to be changed in order to evade the intrusion detection systems. / Detta examensarbete kommer att täcka ämnet cybersäkerhet i fordon. Nuvarande fordon innehåller många datorer som kommunicerar över ett så kallat controller area network. Detta nätverk har många sårbarheter som kan utnyttjas av angripare. För att bekämpa dessa angripare har intrångsdetekteringssystem implementerats. Den senaste forskningen har mestadels fokuserat på användningen av djupinlärningstekniker för dessa intrångsdetekteringssystem. Dessa djupinlärningstekniker är dock inte idiotsäkra och har sina egna säkerhetsbrister. En sådan sårbarhet kommer i form av kontradiktoriska prover. Dessa är attacker som manipuleras för att undvika upptäckt av dessa intrångsdetekteringssystem. I det här examensarbetet kommer vi att försöka visa att de kända sårbarheterna hos tekniker för djupinlärning också finns i de nuvarande toppmoderna systemen för intrångsdetektering. Förekomsten av dessa sårbarheter visar att dessa djupinlärningsbaserade system fortfarande är för omogna för att kunna användas i verkliga fordon. Eftersom om en angripare kan använda dessa svagheter för att kringgå intrångsdetekteringssystemet, kan de fortfarande kontrollera många delar av fordonet som rutorna, bromsarna och till och med motorn. Aktuell forskning om svagheter i djupinlärning har främst fokuserat på bildigenkänningsdomänen. Relativt lite forskning har undersökt inverkan av dessa svagheter för intrångsdetektering, särskilt på fordonsnätverk. För att visa dessa svagheter skapades först två baslinjesystem för djupinlärning intrångsdetektering. Dessutom återskapades två toppmoderna system från nya forskningsartiklar. Efteråt genererades motstridiga prover med hjälp av den snabba gradient-teckenmetoden på ett av baslinjesystemen. Dessa kontradiktoriska prover användes sedan för att visa nedgången i prestanda för alla system. Avhandlingen visar att de kontradiktoriska proverna negativt påverkar de två baslinjemodellerna och en toppmodern modell. Den toppmoderna modellens minskning av prestanda går så högt som 60% i f1-poängen. Dessutom behöver några av de kontradiktoriska samplen så lite som 2 bitar att ändras för att undvika intrångsdetekteringssystem. Vehicle Security Deep Learning Controller Area Network Intrusion Detection System Adversarial Samples Fordonssäkerhet Deep Learning Controller Area Network Intrusion Detection System kontradiktoriska prover Computer and Information Sciences Data- och informationsvetenskap
119	Anomaly-based intrusion detection using Tree Augmented Naive Bayes Classifier Wester, Philip January 2021 (has links) With the rise of information technology and the dependence on these systems, it becomes increasingly more important to keep the systems secure. The possibility to detect an intrusion with intrusion detection systems (IDS) is one of multiple fundamental technologies that may increase the security of a system. One of the bigger challenges of an IDS, is to detect types of intrusions that have previously not been encountered, so called unknown intrusions. These types of intrusions are generally detected by using methods collectively called anomaly detection methods. In this thesis I evaluate the performance of the algorithm Tree Augmented Naive Bayes Classifier (TAN) as an intrusion detection classifier. More specifically, I created a TAN program from scratch in Python and tested the program on two data sets containing data traffic. The thesis aims to create a better understanding of how TAN works and evaluate if it is a reasonable algorithm for intrusion detection. The results show that TAN is able to perform at an acceptable level with a reasonably high accuracy. The results also highlights the importance of using the smoothing operator included in the standard version of TAN. / Med informationsteknikens utveckling och det ökade beroendet av dessa system, blir det alltmer viktigt att hålla systemen säkra. Intrångsdetektionssystem (IDS) är en av många fundamentala teknologier som kan öka säkerheten i ett system. En av de större utmaningarna inom IDS, är att upptäcka typer av intrång som tidigare inte stötts på, så kallade okända intrång. Dessa intrång upptäcks oftast med hjälp av metoder som kollektivt kallas för avvikelsedetektionsmetoder. I denna uppsats utvärderar jag algoritmen Tree Augmented Naive Bayes Classifiers (TAN) prestation som en intrångsdetektionsklassificerare. Jag programmerade ett TAN-program, i Python, och testade detta program på två dataset som innehöll datatrafik. Denna uppsats ämnar att skapa en bättre förståelse för hur TAN fungerar, samt utvärdera om det är en lämplig algoritm för detektion av intrång. Resultaten visar att TAN kan prestera på en acceptabel nivå, med rimligt hög noggrannhet. Resultaten markerar även betydelsen av "smoothing operator", som inkluderas i standardversionen av TAN. Intrusion detection Anomaly detection Tree Augmented Naive Bayes Machine learning Network based intrusion detection. Intrångsdetektion Avvikelsedetektion Tree Augmented Naive Bayes Maskininlärning Nätverksbaserad intrångsdetektion Computer and Information Sciences Data- och informationsvetenskap
120	An autonomous host-based intrusion detection and prevention system for Android mobile devices. Design and implementation of an autonomous host-based Intrusion Detection and Prevention System (IDPS), incorporating Machine Learning and statistical algorithms, for Android mobile devices Ribeiro, José C.V.G. January 2019 (has links) This research work presents the design and implementation of a host-based Intrusion Detection and Prevention System (IDPS) called HIDROID (Host-based Intrusion Detection and protection system for andROID) for Android smartphones. It runs completely on the mobile device, with a minimal computation burden. It collects data in real-time, periodically sampling features that reflect the overall utilisation of scarce resources of a mobile device (e.g. CPU, memory, battery, bandwidth, etc.). The Detection Engine of HIDROID adopts an anomaly-based approach by exploiting statistical and machine learning algorithms. That is, it builds a data-driven model for benign behaviour and looks for the outliers considered as suspicious activities. Any observation failing to match this model triggers an alert and the preventive agent takes proper countermeasure(s) to minimise the risk. The key novel characteristic of the Detection Engine of HIDROID is the fact that it requires no malicious data for training or tuning. In fact, the Detection Engine implements the following two anomaly detection algorithms: a variation of K-Means algorithm with only one cluster and the univariate Gaussian algorithm. Experimental test results on a real device show that HIDROID is well able to learn and discriminate normal from anomalous behaviour, demonstrating a very promising detection accuracy of up to 0.91, while maintaining false positive rate below 0.03. Finally, it is noteworthy to mention that to the best of our knowledge, publicly available datasets representing benign and abnormal behaviour of Android smartphones do not exist. Thus, in the context of this research work, two new datasets were generated in order to evaluate HIDROID. / Fundação para a Ciência e Tecnologia (FCT-Portugal) with reference SFRH/BD/112755/2015, European Regional Development Fund (FEDER), through the Competitiveness and Internationalization Operational Programme (COMPETE 2020), Regional Operational Program of the Algarve (2020), Fundação para a Ciência e Tecnologia; i-Five .: Extensão do acesso de espectro dinâmico para rádio 5G, POCI-01-0145-FEDER-030500, Instituto de telecomunicações, (IT-Portugal) as the host institution. Security Intrusion detection Android 5G Prevention Host-based Malware detection Host-based IDS Statistical anomaly detection Machine learning

Search results