NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 212
  • 61
  • 32
  • 11
  • 6
  • 5
  • 3
  • 3
  • 3
  • 2
  • 1
  • 1
  • Tagged with
  • 433
  • 433
  • 219
  • 177
  • 139
  • 137
  • 118
  • 91
  • 87
  • 81
  • 69
  • 62
  • 59
  • 59
  • 57
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 201 to 210 of 433 (0.081 seconds)
201

Security in low power wireless networks : Evaluating and mitigating routing attacks in a reactive, on demand ad-hoc routing protocol / Säkerheten i trådlösa lågenerginätverk : Utvärdering och begränsning av routing attacker i ett reaktivt ad-hoc routing protokoll

Fredriksson, Tony, Ljungberg, Niklas January 2017 (has links)
Using low energy devices to communicate over the air presents many challenges to reach security as resources in the world of Internet Of Things (IoT) are limited. Any extra overhead of computing or radio transmissions that extra security might add affects cost of both increased computing time and energy consumption which are all scarce resources in IoT. This thesis details the current state of security mechanisms built into the commercially available protocol stacks Zigbee, Z-wave, and Bluetooth Low Energy, and collects implemented and proposed solutions to common ways of attacking systems built on these protocol stacks. Attacks evaluated are denial of service/sleep, man-in-the-middle, replay, eavesdropping, and in mesh networks, sinkhole, black hole, selective forwarding, sybil, wormhole, and hello flood. An intrusion detection system is proposed to detect sinkhole, selective forwarding, and sybil attacks in the routing protocol present in the communication stack Rime implemented in the operating system Contiki. The Sinkhole and Selective forwarding mitigation works close to perfection in larger lossless networks but suffers an increase in false positives in lossy environments. The Sybil Detection is based on Received Signal Strength and strengthens the blacklist used in the sinkhole and selective forwarding detection, as a node changing its ID to avoid the blacklist will be detected as in the same geographical position as the blacklisted node.
IoT
Security
Ad-hoc Routing
RIME
Sinkhole
Selective Forwarding
Sybil
Intrusion Detection System
Computer Systems
Datorsystem
202

HYBRID FEATURE SELECTION IN NETWORK INTRUSION DETECTION USING DECISION TREE

Chenxi Xiong (9028061) 27 June 2020 (has links)
The intrusion detection system has been widely studied and deployed by researchers for providing better security to computer networks. The increasing of the attack volume and the dramatic advancement of the machine learning make the cooperation between the intrusion detection system and machine learning a hot topic and a promising solution for the cybersecurity. Machine learning usually involves the training process using huge amount of sample data. Since the huge input data may cause a negative effect on the training and detection performance of the machine learning model. Feature selection becomes a crucial technique to rule out the irrelevant and redundant features from the dataset. This study applied a feature selection approach that combines the advanced feature selection algorithms and attacks characteristic features to produce the optimal feature subset for the machine learning model in network intrusion detection. The optimal feature subset was created using the CSE-CIC-IDS2018 dataset, which is the most up-to-date benchmark dataset with comprehensive attack diversity and features. The result of the experiment was produced using machine learning models with decision tree classifier and analyzed with respect to the accuracy, precision, recall, and f1 score.
Pattern Recognition and Data Mining
Networking and Communications
Network intrusion detection
machine learning
Feature selection
203

Dynamic Trust Management for Mobile Networks and Its Applications

Bao, Fenye 05 June 2013 (has links)
Trust management in mobile networks is challenging due to dynamically changing network environments and the lack of a centralized trusted authority. In this dissertation research, we design and validate a class of dynamic trust management protocols for mobile networks, and demonstrate the utility of dynamic trust management with trust-based applications. Unlike existing work, we consider social trust derived from social networks in addition to traditional quality-of-service (QoS) trust derived from communication networks to obtain a composite trust metric as a basis for evaluating trust of nodes in mobile network applications. Untreated in the literature, we design and validate trust composition, aggregation, propagation, and formation protocols for dynamic trust management that can learn from past experiences and adapt to changing environment conditions to maximize application performance and enhance operation agility. Furthermore, we propose, explore and validate the design concept of application-level trust optimization in response to changing conditions to maximize application performance or best satisfy application requirements. We provide formal proof for the convergence, accuracy, and resiliency properties of our trust management protocols. To achieve the goals of identifying the best trust protocol setting and optimizing the use of trust for trust-based applications, we develop a novel model-based analysis methodology with simulation validation for analyzing and validating our dynamic trust management protocol design. The dissertation research provides new understanding of dynamic trust management for mobile wireless networks. We gain insight on the best trust composition and trust formation out of social and QoS trust components, as well as the best trust aggregation and propagation protocols for optimizing application performance. We gain insight on how a modeling and analysis tool can be built, allowing trust composition, aggregation, propagation, and formation designs to be incorporated, tested and validated. We demonstrate the utility of dynamic trust management protocol for mobile networks including mobile ad-hoc networks, delay tolerant networks, wireless sensor networks, and Internet of things systems with practical applications including misbehaving node detection, trust-based survivability management, trust-based secure routing, and trust-based service composition. Through model-based analysis with simulation validation, we show that our dynamic trust management based protocols outperform non-trust-based and Bayesian trust-based protocols in the presence of malicious, erroneous, partly trusted, uncertain and incomplete information, and are resilient to trust related attacks. / Ph. D.
mobile networks
trust management
adaptive control
Optimization
secure routing
intrusion detection
performance analysis
204

Anomaly Detection in a SQL database: A Retrospective Investigation

Naserinia, Vahid, Beremark, Mikael January 2022 (has links)
Insider attacks aiming at stealing data are highly common, according to recent studies, and they are carried out in precise patterns. In order to protect against these threats, additional security measures, such as access control and encryption, must be used in conjunction with tools and methods that can detect anomalies in data access. By analyzing the input query syntax and the amount of data returned in the responses, we can deduce individuals' access patterns. Our method is based on SQL queries in database log files, which allow us to build profiles of ordinary users' access behavior by their doctors. Anomalies that deviate from these characteristics are deemed anomalous and thus indicative of possible data exfiltration or misuse. This paper uses machine learning techniques in existing algorithms to detect outliers and aggregate related data into clusters. Due to the sensitivity of the real-world data and restricting access to such datasets, we have developed our logfiles that groups log lines sequentially based on time and access intervals. Generated log files containing known abnormalities are used to demonstrate the use of real datasets. Our findings demonstrate that our method can effectively detect these anomalies, albeit more research by specialists is required to ensure whether the abnormalities detected were appropriately recognized.
Anomaly Detection
Machine Learning
Data Mining
Database Security
Intrusion Detection.
Computer and Information Sciences
Data- och informationsvetenskap
205

DNS Traffic Analysis for Network-based Malware Detection

Vu Hong, Linh January 2012 (has links)
Botnets are generally recognized as one of the most challenging threats on the Internet today. Botnets have been involved in many attacks targeting multinational organizations and even nationwide internet services. As more effective detection and mitigation approaches are proposed by security researchers, botnet developers are employing new techniques for evasion. It is not surprising that the Domain Name System (DNS) is abused by botnets for the purposes of evasion, because of the important role of DNS in the operation of the Internet. DNS provides a flexible mapping between domain names and IP addresses, thus botnets can exploit this dynamic mapping to mask the location of botnet controllers. Domain-flux and fast-flux (also known as IP-flux) are two emerging techniques which aim at exhausting the tracking and blacklisting effort of botnet defenders by rapidly changing the domain names or their associated IP addresses that are used by the botnet. In this thesis, we employ passive DNS analysis to develop an anomaly-based technique for detecting the presence of a domain-flux or fast- flux botnet in a network. To do this, we construct a lookup graph and a failure graph from captured DNS traffic and decompose these graphs into clusters which have a strong correlation between their domains, hosts, and IP addresses. DNS related features are extracted for each cluster and used as input to a classication module to identify the presence of a domain-flux or fast-flux botnet in the network. The experimental evaluation on captured traffic traces veried that the proposed technique successfully detected domain-flux botnets in the traces. The proposed technique complements other techniques for detecting botnets through traffic analysis. / Botnets betraktas som ett av de svåraste Internet-hoten idag. Botnets har använts vid många attacker mot multinationella organisationer och även nationella myndigheters och andra nationella Internet-tjänster. Allt eftersom mer effektiva detekterings - och skyddstekniker tas fram av säkerhetsforskare, har utvecklarna av botnets tagit fram nya tekniker för att undvika upptäckt. Därför är det inte förvånande att domännamnssystemet (Domain Name System, DNS) missbrukas av botnets för att undvika upptäckt, på grund av den viktiga roll domännamnssystemet har för Internets funktion - DNS ger en flexibel bindning mellan domännamn och IP-adresser. Domain-flux och fast-flux (även kallat IP-flux) är två relativt nya tekniker som används för att undvika spårning och svartlistning av IP-adresser av botnet-skyddsmekanismer genom att snabbt förändra bindningen mellan namn och IP-adresser som används av botnets. I denna rapport används passiv DNS-analys för att utveckla en anomali-baserad teknik för detektering av botnets som använder sig av domain-flux eller fast-flux. Tekniken baseras på skapandet av en uppslagnings-graf och en fel-graf från insamlad DNS-traffik och bryter ned dessa grafer i kluster som har stark korrelation mellan de ingående domänerna, maskinerna, och IP-adresserna. DNSrelaterade egenskaper extraheras för varje kluster och används som indata till en klassifficeringsmodul för identiffiering av domain-flux och fast-flux botnets i nätet. Utvärdering av metoden genom experiment på insamlade traffikspår visar att den föreslagna tekniken lyckas upptäcka domain-flux botnets i traffiken. Genom att fokusera på DNS-information kompletterar den föreslagna tekniken andra tekniker för detektering av botnets genom traffikanalys.
DNS analysis
domain-flux
fast-flux
network-based malware detection
intrusion detection
Communication Systems
Kommunikationssystem
206

Using Supervised Learning and Data Fusion to Detect Network Attacks

Hautsalo, Jesper January 2021 (has links)
Network attacks remain a constant threat to organizations around the globe. Intrusion detection systems provide a vital piece of the protection needed in order to fend off these attacks. Machine learning has become a popular method for developing new anomaly-based intrusion detection systems, and in recent years, deep learning has followed suit. Additionally, data fusion is often applied to intrusion detection systems in research, most often in the form of feature reduction, which can improve the accuracy and training times of classifiers. Another less common form of data fusion is decision fusion, where the outputs of multipe classifiers are fused into a more reliable result. Recent research has produced some contradictory results regarding the efficiency of traditional machine learning algorithms compared to deep learning algorithms. This study aims to investigate this problemand provide some clarity about the relative performance of a selection of classifier algorithms, namely artificial neural network, long short-term memory and random forest. Furthermore, two feature selection methods, namely correlation coefficient method and principal component analysis, as well as one decision fusion method in D-S evidence theory are tested. The majority of the feature selection methods fail to increase the accuracy of the implemented models, although the accuracy is not drastically reduced. Among the individual classifiers, random forest shows the best performance, obtaining an accuracy of 87,87%. Fusing the results with D-S evidence theory further improves this result, obtaining an accuracy of 88,56%, and proves particularly useful for reducing the number of false positives.
Network intrusion detection
IDS
network attacks
supervised learning
Computer Sciences
Datavetenskap (datalogi)
207

A Machine Learning Approach for Uniform Intrusion Detection

Saurabh Devulapalli (11167824) 23 July 2021 (has links)
Intrusion Detection Systems are vital for computer networks as they protect against attacks that lead to privacy breaches and data leaks. Over the years, researchers have formulated intrusion detection systems (IDS) using machine learning and/or deep learning to detect network anomalies and identify four main attacks namely, Denial of Service (DoS), Probe, Remote to Local (R2L) and User to Root (U2R). However, the existing models are efficient in detecting just few of the aforementioned attacks while having inadequate detection rates for the rest. This deficiency makes it difficult to choose an appropriate IDS model when a user does not know what attacks to expect. Thus, there is a need for an IDS model that can detect, with uniform efficiency, all the four main classes of network intrusions. This research is aimed at exploring a machine learning approach to an intrusion detection model that can detect DoS, Probe, R2L and U2R attack classes with uniform and high efficiency. A multilayer perceptron was trained in an ensemble with J48 decision tree. The resultant ensemble learning model achieved over 85% detection rates for each of DoS, probe, R2L, and U2R attacks.
Pattern Recognition and Data Mining
Computer System Security
Machine Learning
Intrusion Detection
208

Data augmentation for attack detection on IoT Telehealth Systems

Khan, Zaid A. 11 March 2022 (has links)
Telehealth is an online health care system that is extensively used in the current pandemic situation. Our proposed technique is considered a fog computing-based attack detection architecture to protect IoT Telehealth Networks. As for IoT Telehealth Networks, the sensor/actuator edge devices are considered the weakest link in the IoT system and are obvious targets of attacks such as botnet attacks. In this thesis, we introduce a novel framework that employs several machine learning and data analysis techniques to detect those attacks. We evaluate the effectiveness of the proposed framework using two publicly available datasets from real-world scenarios. These datasets contain a variety of attacks with different characteristics. The robustness of the proposed framework and its ability, to detect and distinguish between the existing IoT attacks that are tested by combining the two datasets for cross-evaluation. This combination is based on a novel technique for generating supplementary data instances, which employs GAN (generative adversarial networks) for data augmentation and to ensure that the number of samples and features are balanced. / Graduate
Internet of Things (IoT)
Machine Learning
Generative Adversarial Networks (GAN)
Intrusion detection systems (IDSs)
Cross dataset
Security
209

A Machine Learning Approach for Reconnaissance Detection to Enhance Network Security

Bakaletz, Rachel 01 May 2022 (has links)
Before cyber-crime can happen, attackers must research the targeted organization to collect vital information about the target and pave the way for the subsequent attack phases. This cyber-attack phase is called reconnaissance or enumeration. This malicious phase allows attackers to discover information about a target to be leveraged and used in an exploit. Information such as the version of the operating system and installed applications, open ports can be detected using various tools during the reconnaissance phase. By knowing such information cyber attackers can exploit vulnerabilities that are often unique to a specific version. In this work, we develop an end-to-end system that uses machine learning techniques to detect reconnaissance attacks on cyber networks. Successful detection of such attacks provides the target the time to devise plans on how to evade or mitigate the cyber-attack phases that supervene the reconnaissance phase.
Machine Learning
Reconnaissance
Intrusion Detection
Cybersecurity Analytics
Classification.
Artificial Intelligence and Robotics
Information Security
OS and Networks
210

A Kangaroo-Based Intrusion Detection System on Software-Defined Networks

Yazdinejadna, Abbas, Parizi, Reza M., Dehghantanha, Ali, Khan, Mohammad S. 15 January 2021 (has links)
In recent years, a new generation of architecture has emerged in the world of computer networks, known as software-defined networking (SDN), that aims to improve and remove the limitations of traditional networks. Although SDN provides viable benefits, it has faced many security threats and vulnerability-related issues. To solve security issues in the SDN, one of the most vital solutions is employing an intrusion detection system (IDS). Merging IDS into the SDN network remains efficient due to the unique features of SDN, such as high manageability, flexibility, and programmability. In this paper, we propose a new approach as a kangaroo-based intrusion detection system (KIDS), which is an SDN-based architecture for attack detection and malicious behaviors in the data plane. Designing a zone-based architecture in the KIDS assists us in achieving a distributed architecture which is scalable in both area and anomaly detection. In the KIDS architecture, the IDS module supplies the flow-based and packet-based intrusion detection components based on monitoring packet parser and Flow tables of the SDN switches. In the proposed approach, the IDS uses consecutive jumps like a kangaroo for announcing the attacks both to the SDN controller and other IDSs, contributing to improved scalability and efficiency. The evaluation of the proposed approach shows an enhanced performance against that of peer approaches in detecting malicious packets.
attack detection
flow table
IDS
intrusion detection system
KIDS
packet parser
SDN
software defined networking
Computing

Page generated in 0.1426 seconds