Global ETD Search

171	Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logic Virti, Émerson Salvadori January 2007 (has links) Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism. Seguranca : Computadores Seguranca : Redes : Computadores Detecção : Intrusão Intrusion detection systems Security Fuzzy logic SNMP
172	Système de détection d'intrusion adapté au système de communication aéronautique ACARS / Intrusion detection system for ACARS communications Asselin, Eric 28 June 2017 (has links) L’aviation civile moderne dépend de plus en plus sur l’interconnexion de tous les acteurs qu’il soit avionneur, équipementier, contrôleur aérien, pilote, membre d’équipage ou compagnie aérienne. Ces dernières années, de nombreux travaux ont été réalisés dans le but de proposer des méthodes pour simplifier la tache des pilotes, de mieux contrôler et optimiser l’espace aérien, de faciliter la gestion des vols par les compagnies aériennes et d’optimiser les taches de maintenance entre les vols. De plus, les compagnies aériennes cherchent non seulement a offrir a ses passagers, de plus en plus exigeants, des services de divertissements, de messagerie et de navigation sur le Web mais également des services de connexion a Internet pour leurs propres appareils. Cette omniprésence de connectivité dans le domaine aéronautique a ouvert la voie a un nouvel ensemble de cyber-menaces. L’industrie doit donc être en mesure de déployer des mécanismes de sécurité qui permettent d’offrir les mêmes garanties que la sûreté de fonctionnement tout en permettant de répondre aux nombreux besoins fonctionnels de tous les acteurs. Malgré tout, il existe peu de solutions permettant l’analyse et la détection d’intrusion sur les systèmes avioniques embarqués. La complexité des mises a jour sur de tel système rend difficile l’utilisation de mécanismes strictement a base de signatures alors il est souhaitable que des mécanismes plus "intelligents", a l’abri de l’évolution des menaces, puissent être développés et mis en place. Cette thèse s’inscrit dans une démarche de mise en place de mécanismes de sécurité pour les communications entre le sol et l’avion, et plus particulièrement un système de détection d’intrusion pour le système de communication aéronautique ACARS visant a protéger les fonctions Air Traffic Control (ATC) et Aeronautical Operational Control (AOC) embarquées dans l’avion. Fonde sur la détection d’anomalie, un premier modèle propose permet de discriminer les messages ACARS anormaux a l’aide d’une technique empruntée a la classification de texte, les n-grammes. Un second modèle propose, également fonde sur la détection d’anomalie, permet de modéliser, a l’aide des chaines de Markov, l’ensemble des messages échanges entre le bord et le sol durant un vol complet permettant de détecter des messages ne faisant pas partie d’une communication normale. Une dernière contribution consiste en une alternative a la courbe ROC pour évaluer les performances d’un système de détection d’intrusion lorsque le jeu de données disponible contient seulement des instances normales. / Modern civil aviation is increasingly dependent on the interconnection of all players, be it aircraft manufacturers, air traffic controllers, pilots, crew members or airlines. In recent years, much work has been done to propose methods to simplify the task of pilots, to better control and optimize airspace, to facilitate the management of flights by airlines and to optimize the maintenance tasks between flights. In addition, airlines are seeking not only to provide more demanding passengers with entertainment, messaging and web browsing services, but also Internet connection services for their own devices. This omnipresence of connectivity in the aeronautical field has paved the way for a new set of cyber threats. The industry must therefore be able to deploy security mechanisms inline with safety requirements while allowing the many functional needs of all actors. Despite this, there are few solutions for intrusion detection and analysis on avionics systems. The complexity of updates on such a system makes it difficult to use strictly signature-based mechanisms, so it is desirable that more "smart" mechanisms, threats evolution proof, be developed and deployed. This thesis is part of an approach to put in place security mechanisms for communications between the ground and the airplane, and more particularly an intrusion detection system for the aeronautical communication system ACARS to protect the Air Traffic Control (ATC) and Aeronautical Operational Control (AOC) functions. Based on anomaly detection technique, a first proposed model makes it possible to discriminate the abnormal ACARS messages using a technique borrowed from the text classification, n-grams. A second proposed model, also based on anomaly detection technique, allows to model a sequence of messages, using Markov chains, exchanged between the ground and the airplane during a flight, allowing to detect messages not taking part of a normal communication. The last contribution consists of an alternative to the ROC curve to evaluate the performance of an intrusion detection system when the available data set contains only normal instances. Détection d’intrusion Aéronautique ACARS Systèmes embarqués Journalisation Sécurité Intrusion detection Avionics ACARS Embedded Logging Security
173	Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logic Virti, Émerson Salvadori January 2007 (has links) Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism. Seguranca : Computadores Seguranca : Redes : Computadores Detecção : Intrusão Intrusion detection systems Security Fuzzy logic SNMP
174	iGen: Toward Automatic Generation and Analysis of Indicators of Compromise (IOCs) using Convolutional Neural Network January 2017 (has links) abstract: Field of cyber threats is evolving rapidly and every day multitude of new information about malware and Advanced Persistent Threats (APTs) is generated in the form of malware reports, blog articles, forum posts, etc. However, current Threat Intelligence (TI) systems have several limitations. First, most of the TI systems examine and interpret data manually with the help of analysts. Second, some of them generate Indicators of Compromise (IOCs) directly using regular expressions without understanding the contextual meaning of those IOCs from the data sources which allows the tools to include lot of false positives. Third, lot of TI systems consider either one or two data sources for the generation of IOCs, and misses some of the most valuable IOCs from other data sources. To overcome these limitations, we propose iGen, a novel approach to fully automate the process of IOC generation and analysis. Proposed approach is based on the idea that our model can understand English texts like human beings, and extract the IOCs from the different data sources intelligently. Identification of the IOCs is done on the basis of the syntax and semantics of the sentence as well as context words (e.g., ``attacked'', ``suspicious'') present in the sentence which helps the approach work on any kind of data source. Our proposed technique, first removes the words with no contextual meaning like stop words and punctuations etc. Then using the rest of the words in the sentence and output label (IOC or non-IOC sentence), our model intelligently learn to classify sentences into IOC and non-IOC sentences. Once IOC sentences are identified using this learned Convolutional Neural Network (CNN) based approach, next step is to identify the IOC tokens (like domains, IP, URL) in the sentences. This CNN based classification model helps in removing false positives (like IPs which are not malicious). Afterwards, IOCs extracted from different data sources are correlated to find the links between thousands of apparently unrelated attack instances, particularly infrastructures shared between them. Our approach fully automates the process of IOC generation from gathering data from different sources to creating rules (e.g. OpenIOC, snort rules, STIX rules) for deployment on the security infrastructure. iGen has collected around 400K IOCs till now with a precision of 95\%, better than any state-of-art method. / Dissertation/Thesis / Masters Thesis Computer Science 2017 Computer science CNN Indicators of Compromise Intrusion Detection Machine Learning NLP Security
175	Método de interrogação de fibra óptica para detecção de intrusão / Optic fiber interrogation method for intrusion detection Maurino de Febbo 24 June 2016 (has links) Neste trabalho é proposto um método de interrogação de fibra óptica com arquitetura reduzida, que pode ser empregado em sistemas distribuídos de detecção de intrusão de médias e longas distâncias, como para proteção de perímetros, divisas, faixa de dutos, plantas industriais, ou outras instalações, usando uma fibra óptica comum como elemento sensor. O método é baseado na técnica Brillouin Optical Time Domain Analysis (BOTDA), porém dispensando-se a varredura sequencial com diferentes frequências, o que simplifica o sistema, reduz custos e melhora o tempo de resposta. O trabalho consiste de uma abordagem geral sobre o tema, sendo apresentada a teoria básica dos fenômenos de espalhamento não linear em fibras ópticas, o detalhamento do método de interrogação proposto e a descrição dos experimentos realizados em laboratório, seguida de uma analise e comentários quanto ao desempenho alcançado, bem como de algumas de sugestões para melhor explorar o potencial do método. / In this research work is proposed an optic fiber interrogation method with reduced architecture, that can be applied in distributed intrusion detection systems of medium and long distances, such as for the protection of pipeline\'s right of way, perimeters, boundaries, industrial plants or others installations, using a standard optic fiber as a sensor. The proposed method is based on a Brillouin Time Domain Analysis (BOTDA), however dispensing the sequential frequency sweeping, what simplifies the system, reduce its costs and improve the response time. The work comprehends a general discussion of the subject, being presented the basic theory of the nonlinear scattering phenomena in optic fibers, the description of the proposed interrogation method and the conducted in lab experiments, followed by an analysis and comments on the achieved performance, as well as a few suggestions to better explore the potential of the method. BOTDA Detecção de intrusão Sensor Brillouin Sensor distribuído BOTDA Brillouin sensor Distributed sensing Intrusion detection
176	Sistema de coleta, análise e detecção de código malicioso baseado no sistema imunológico humano Oliveira, Isabela Liane [UNESP] 26 March 2012 (has links) (PDF) Made available in DSpace on 2014-06-11T19:24:01Z (GMT). No. of bitstreams: 0 Previous issue date: 2012-03-26Bitstream added on 2014-06-13T19:26:53Z : No. of bitstreams: 1 oliveira_il_me_sjrp.pdf: 432754 bytes, checksum: d67c9dc954bf3fa2db823177db9151a6 (MD5) / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES) / Fundação de Amparo à Pesquisa do Estado de São Paulo (FAPESP) / Os códigos maliciosos (malware) podem causar danos graves em sistemas de computação e dados. O mecanismo que o sistema imunológico humano utiliza para proteger e detectar os organismos que ameaçam o corpo humano demonstra ser eficiente e pode ser adaptado para a detecção de malware atuantes na Internet. Neste contexto, propõe-se no presente trabalho um sistema que realiza coleta distribuída, análise e detecção de programas maliciosos, sendo a detecção inspirada no sistema imunológico humano. Após a coleta de amostras de malware da Internet, as amostras são analisadas de forma dinâmica de modo a proporcionar rastros de execução em nível do sistema operacional e dos fluxos de rede que são usados para criar um modelo comportamental e para gerar uma assinatura de detecção. Essas assinaturas servem como entrada para o detector de malware e atuam como anticorpos no processo de detecção de antígenos realizado pelo sistema imunológico humano. Isso permite entender o ataque realizado pelo malware e auxilia nos processos de remoção de infecções / Malicious programs (malware) can cause severe damages on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this context, we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process performed by immune human system. This allows us to understand the malware attack and aids in the infection removal procedures Computação Internet Virus de computador Malware Computer systems - Intrusion detection Artificial immune system
177	Intrusion Detection and Prevention in IP Based Mobile Networks Tevemark, Jonas January 2008 (has links) Ericsson’s Packet Radio Access Network (PRAN) is a network solution for packet transport in mobile networks, which utilizes the Internet Protocol (IP). The IP protocol offers benefits in responsiveness and performance adaptation to data bursts when compared to Asynchronous Transfer Mode (ATM), which is still often used. There are many manufacturers / operators providing IP services, which reduce costs. The IP’s use on the Internet brings greater end-user knowledge, wider user community and more programs designed for use in IP environments. Because of this, the spectrum of possible attacks against PRAN broadens. This thesis provides information on what protection an Intrusion Prevention System (IPS) can add to the current PRAN solution. A risk analysis is performed to identify assets in and threats against PRAN, and to discover attacks that can be mitigated by the use of an IPS. Information regarding placement of an IPS in the PRAN network is given and tests of a candidate system are performed. IPS features in hardware currently used by Ericsson as well as missing features are pinpointed . Finally, requirements for an IPS intended for use in PRAN are concluded. Computer security Computer networks Network attacks Intrusion detection Intrusion prevention Information Systems
178	Implementação de um IDS utilizando SNMP e lógica difusa / Implementation of an IDS using SNMP and fuzzy logic Virti, Émerson Salvadori January 2007 (has links) Este trabalho busca o estudo da segurança em redes de computadores através da implementação de um sistema detector de intrusão embasado na captura de informações pela utilização do protocolo SNMP. Para alcançar-se a diminuição no número de falsos positivo e negativo, problema peculiar à maioria dos IDS, utiliza-se a lógica difusa para, com o auxilio dos administradores de segurança de cada rede, possibilitar a construção de um sistema detector de intrusão que melhor se adeque às características das redes monitoradas. Posteriormente, utilizando o monitoramento de uma rede de produção, avalia-se a melhora na segurança obtida com o uso do IDS implementado por esse trabalho que, atuando quase em tempo real, propicia sua adoção como mecanismo complementar à segurança de redes. / This work develops a study about Computer Network Security through the implementation of an Instruction Detection System (IDS) based on system information captured by the SNMP protocol. To reach a reduction in the number of false positive and false negative, a peculiar problem to the majority of the IDS, it is used fuzzy logic and the assistance of Network Security Administrators. Thus it is possible to build an Intrusion Detection System better adjusted to the network characteristics that must be monitored. At last, by monitoring a production network, it is evaluated the overall security improvement obtained by the IDS proposed in this work and considers its adoption as a complementary network security mechanism. Seguranca : Computadores Seguranca : Redes : Computadores Detecção : Intrusão Intrusion detection systems Security Fuzzy logic SNMP
179	Modeling and simulation of intrusion detection system in mobile ad-hoc networks Jarmal, Piotr January 2008 (has links) The thesis investigates the process of modeling and simulation of the mobile ad-hoc networks. It provides a overview of the actual state of art together with a literature survey. Basic ideas of both security issues in mobile ad-hoc networks as well as intrusion detection systems are presented. Additionally some new ideas for improvements - like the AGM mobility model - are proposed, and tested during the simulation proces. As an addition a set of applications designer for automating the simulation processes were created. mobile ad-hoc networks intrusion detection systems mobility models Computer Sciences Datavetenskap (datalogi)
180	Performance study of security mechanism for mobile agent domain Kolli, Manoj Kumar, Arimanda, Srikanth Reddy January 2011 (has links) Context: Mobile agents are considered quite challenging and provide scope for developing innovative applications in distributed computing domain. One important area where there is a scope to employ mobile agents successfully is the Network security domain. There are plethora of mobile agent based security mechanisms proposed till now. But the successful deployment of the security mechanism is effected by the parameters like performance, efficiency, ability to identify the intruders, and the models vulnerability to direct attacks and so-on which make the successful deployment of the mobile agents in the security domain more challenging. Therefore it’s often demanding to identify a security mechanism that entails the performance by making use of the mobile agents in the security domain on the contrary the mechanism need to be generic and support all kinds of the environments. As a result performing vulnerability analysis in mobile agent security domain is often required. Objectives: The main objective of this study is to provide the report that incorporates the empirical analysis of the selected mobile agent based security mechanism from the perspective of performance that could be useful in defining the standards for development of the security modules for mobile agents. The secondary aim of this study is to characterize the issues related to the performance of the security mechanism in the mobile agents environment. And finally to identify the model specific barriers that will effect the performance of the security mechanism for mobile agents. Methods: This thesis performs the vulnerability analysis on the selected mobile agent based security mechanism and uses a direct implementation method to study the performance of the security mechanism. The factors considered from the performance perspective are the round trip time or can also be termed as total response time. The effect of the performance is studied with respect to the scalability of the network parameters like the number of packets and the size of the network. This thesis focuses on implementing four different modules which are individual agents communicating with each other in the network when deployed while performing a combing on the network for vulnerabilities. The four different modules implemented in the thesis are the Information Gathering Agent, Tracing Agent, Manager or Managing agent, Monitor or Monitoring agent. The performance of the mechanism is studied in three phases. The agents of the selected mechanism are implemented in the first phase and in the second phase a shear testing is done on those implemented agents of the security mechanism by collecting the round trip times of the agents as a whole with respect to the number of increasing packets (with a % increase in the number of illegitimate packets and also with the change in the number of nodes). A close monitoring on the model for the performance is performed to identify the pit falls of the model. Finally in the third phase the collected results are analyzed and presented as a set of findings from this study. Results: The results collected from this experimental study are analyzed from the motive that the security mechanism is being monitored from the perspective of identifying as many intrusions efficiently as an elusive goal rather than identifying as many intrusions precisely. The results from this thesis prove that the mechanism considered is more efficient rather than precise. Even though the results obtained from this study can be seen as efficient but there is a set of residue packets which takes a bit more time than the other packets as can be seen when one progresses the results from top to bottom this is primarily because of the factors associated with the inter networking environment like the network traffic with respect to the size of the network or the number of nodes in the network. Conclusions: After analyzing the results and providing the answers to the research questions, a conclusion can be made that the selected security mechanism is proved efficient rather than precise. This mechanism is proved to be useful only to reduce the number of intruders in the networking domain. On the contrary the mechanism also helps the deployment of the security mechanism easy this is because the advantage associated with the selected security mechanism which uses the less number of agents. Mobile agents security mechanism response time intrusion detection. Computer Sciences Datavetenskap (datalogi)

Search results