Global ETD Search

321	Dynamic Redundancy Management of Multisource Multipath Routing Integrated with Voting-based Intrusion Detection in Wireless Sensor Networks Al-Hamadi, Hamid Helal 24 April 2014 (has links) Wireless sensor networks (WSNs) are frequently deployed unattended and can be easily captured or compromised. Once compromised, intrusion prevention methods such as encryption can no longer provide any protection, as a compromised node is considered a legitimate node and possesses the secret key for decryption. Compromised nodes are essentially inside attackers and can perform various attacks to break the functionality of the system. Thus, for safety-critical WSNs, intrusion detection techniques must be used to detect and remove inside attackers and fault tolerance techniques must be used to tolerate inside attackers to prevent security failure. In this dissertation research, we develop a class of dynamic redundancy management algorithms for redundancy management of multisource multipath routing for fault and intrusion tolerance, and majority voting for intrusion detection, with the goal of maximizing the WSN lifetime while satisfying application quality-of-service and security requirements, for base station based WSNs, homogeneous clustered WSNs, and heterogeneous clustered WSNs. By means of a novel model-based analysis methodology based on probability theory, we model the tradeoff between energy consumption vs. reliability, timeliness and security gain, and identify the optimal multisource multipath redundancy level and intrusion detection settings for maximizing the lifetime of the WSN while satisfying application quality-of-service requirements. A main contribution of our research dissertation is that our dynamic redundancy management protocol design addresses the issues of "how many paths to use" and "what paths to use" in multisource multipath routing for intrusion tolerance. Another contribution is that we take an integrated approach combining intrusion detection and tolerance in the protocol design to address the issue of "how much intrusion detection is enough" to prevent security failure and prolong the WSN lifetime time. We demonstrate resiliency of our dynamic redundancy management protocol design for intrusion detection and tolerance against sophisticated attacker behaviors, including selective and random capture, as well as persistent, random, opportunistic and insidious attacks, by model-based performance analysis with results supported by extensive simulation based on ns3. / Ph. D. Wireless sensor networks multisource multipath routing dynamic redundancy management energy conservation reliability security intrusion detection intrusion tolerance performance analysis.
322	Efficient Key Management, and Intrusion Detection Protocols for Enhancing Security in Mobile Ad Hoc Networks Maity, Soumyadev January 2014 (has links) (PDF) Security of communications is a major requirement for Mobile Adhoc NETworks(MANETs) since they use wireless channel for communications which can be easily tapped, and physical capture of MANET nodes is also quite easy. From the point of view of providing security in MANETs, there are basically two types of MANETs, viz., authoritarian MANETs, in which there exist one or more authorities who decide the members of the network, and self-organized MANETs, in which there is no such authority. Ensuring security of communications in the MANETs is a challenging task due to the resource constraints and infrastructure-less nature of these networks, and the limited physical security of MANET nodes. Attacks on security in a MANET can be launched by either the external attackers which are not legitimate members of the MANET or the internal attackers which are compromised members of the MANET and which can hold some valid security credentials or both. Key management and authentication protocols(KM-APs)play an important role in preventing the external attackers in a MANET. However, in order to prevent the internal attackers, an intrusion detection system(IDS) is essential. The routing protocols running in the network layer of a MANET are most vulnerable to the internal attackers, especially to the attackers which launch packet dropping attack during data packet forwarding in the MANET. For an authoritarian MANET, an arbitrated KM-AP protocol is perfectly suitable, where trusts among network members are coordinated by a trusted authority. Moreover, due to the resource constraints of a MANET, symmetric key management protocols are more efficient than the public key management protocols in authoritarian MANETs. The existing arbitrated symmetric key management protocols in MANETs, that do not use any authentication server inside the network are susceptible to identity impersonation attack during shared key establishments. On the other hand, the existing server coordinated arbitrated symmetric key management protocols in MANETs do not differentiate the role of a membership granting server(MGS) from the role of an authentication server, and so both are kept inside the network. However, keeping the MGS outside the network is more secure than keeping it inside the network for a MANET. Also, the use of a single authentication server inside the network cannot ensure robustness against authentication server compromise. In self-organized MANETs, public key management is more preferable over symmetric key management, since the distribution of public keys does not require a pre-established secure channel. The main problem for the existing self-organized public key management protocols in MANETs is associated with the use of large size certificate chains. Besides, the proactive certificate chaining based approaches require each member of a MANET to maintain an updated view of the trust graph of the entire network, which is highly resource consuming. Maintaining a hierarchy of trust relationships among members of a MANET is also problematic for the same reason. Evaluating the strength of different alternative trust chains and restricting the length of a trust chain used for public key verification is also important for enhancing the security of self-organized public key management protocols. The existing network layer IDS protocols in MANETs that try to defend against packet dropping attack use either a reputation based or an incentive based approach. The reputation based approaches are more effective against malicious principals than the incentive based approaches. The major problem associated with the existing reputation based IDS protocols is that they do not consider the protocol soundness issue in their design objectives. Besides, most of the existing protocols incorporate no mechanism to fight against colluding principals. Also, an IDS protocol in MANETs should incorporate some secure and efficient mechanism to authenticate the control packets used by it. In order to mitigate the above mentioned problems in MANETs, we have proposed new models and designed novel security protocols in this thesis that can enhance the security of communications in MANETs at lesser or comparable cost. First, in order to perform security analysis of KM-AP protocols, we have extended the well known strand space verification model to overcome some of its limitations. Second, we have proposed a model for the study of membership of principals in MANETs with a view to utilize the concept for analyzing the applicability and the performance of KM-AP protocols in different types of MANETs. Third and fourth, we have proposed two novel KM-AP protocols, SEAP and CLPKM, applicable in two different types of MANET scenarios. The SEAP protocol is an arbitrated symmetric key management protocol designed to work in an authoritarian MANET, whereas the CLPKM protocol is a self-organized public key management protocol designed for self-organized MANETs. Fifth, we have designed a novel reputation based network layer IDS protocol, named EVAACK protocol, for the detection of packet dropping misbehavior in MANETs. All of the three proposed protocols try to overcome the limitations of the existing approaches in their respective categories. We have provided rigorous mathematical proofs for the security properties of the proposed protocols. Performance of the proposed protocols have been compared with those of the other existing similar approaches using simulations in the QualNet simulator. In addition, we have also implemented the proposed SEAP and CLPKM protocols on a real MANET test bed to test their performances in real environments. The analytical, simulation and experimentation results confirm the effectiveness of the proposed schemes. Mobile Ad Hoc Networks (MANET) Mobile Ad Hoc Network Security Intrusion Detection Systems (IDSs) Extended Strand Space Model Intrusion Detection Protocols MANETs Strand Space Model Intrusion Detection Systems (IDSs) Communication Engineering
323	Visualising network security attacks with multiple 3D visualisation and false alert classification Musa, Shahrulniza January 2008 (has links) Increasing numbers of alerts produced by network intrusion detection systems (NIDS) have burdened the job of security analysts especially in identifying and responding to them. The tasks of exploring and analysing large quantities of communication network security data are also difficult. This thesis studied the application of visualisation in combination with alerts classifier to make the exploring and understanding of network security alerts data faster and easier. The prototype software, NSAViz, has been developed to visualise and to provide an intuitive presentation of the network security alerts data using interactive 3D visuals with an integration of a false alert classifier. The needs analysis of this prototype was based on the suggested needs of network security analyst's tasks as seen in the literatures. The prototype software incorporates various projections of the alert data in 3D displays. The overview was plotted in a 3D plot named as "time series 3D AlertGraph" which was an extension of the 2D histographs into 3D. The 3D AlertGraph was effectively summarised the alerts data and gave the overview of the network security status. Filtering, drill-down and playback of the alerts at variable speed were incorporated to strengthen the analysis. Real-time visual observation was also included. To identify true alerts from all alerts represents the main task of the network security analyst. This prototype software was integrated with a false alert classifier using a classification tree based on C4.5 classification algorithm to classify the alerts into true and false. Users can add new samples and edit the existing classifier training sample. The classifier performance was measured using k-fold cross-validation technique. The results showed the classifier was able to remove noise in the visualisation, thus making the pattern of the true alerts to emerge. It also highlighted the true alerts in the visualisation. Finally, a user evaluation was conducted to find the usability problems in the tool and to measure its effectiveness. The feed backs showed the tools had successfully helped the task of the security analyst and increased the security awareness in their supervised network. From this research, the task of exploring and analysing a large amount of network security data becomes easier and the true attacks can be identified using the prototype visualisation tools. Visualisation techniques and false alert classification are helpful in exploring and analysing network security data. 005.8
324	A framework for correlation and aggregation of security alerts in communication networks : a reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspective Alserhani, Faeiz January 2011 (has links) The tremendous increase in usage and complexity of modern communication and network systems connected to the Internet, places demands upon security management to protect organisations' sensitive data and resources from malicious intrusion. Malicious attacks by intruders and hackers exploit flaws and weakness points in deployed systems through several sophisticated techniques that cannot be prevented by traditional measures, such as user authentication, access controls and firewalls. Consequently, automated detection and timely response systems are urgently needed to detect abnormal activities by monitoring network traffic and system events. Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) are technologies that inspect traffic and diagnose system behaviour to provide improved attack protection. The current implementation of intrusion detection systems (commercial and open-source) lacks the scalability to support the massive increase in network speed, the emergence of new protocols and services. Multi-giga networks have become a standard installation posing the NIDS to be susceptible to resource exhaustion attacks. The research focuses on two distinct problems for the NIDS: missing alerts due to packet loss as a result of NIDS performance limitations; and the huge volumes of generated alerts by the NIDS overwhelming the security analyst which makes event observation tedious. A methodology for analysing alerts using a proposed framework for alert correlation has been presented to provide the security operator with a global view of the security perspective. Missed alerts are recovered implicitly using a contextual technique to detect multi-stage attack scenarios. This is based on the assumption that the most serious intrusions consist of relevant steps that temporally ordered. The pre- and post- condition approach is used to identify the logical relations among low level alerts. The alerts are aggregated, verified using vulnerability modelling, and correlated to construct multi-stage attacks. A number of algorithms have been proposed in this research to support the functionality of our framework including: alert correlation, alert aggregation and graph reduction. These algorithms have been implemented in a tool called Multi-stage Attack Recognition System (MARS) consisting of a collection of integrated components. The system has been evaluated using a series of experiments and using different data sets i.e. publicly available datasets and data sets collected using real-life experiments. The results show that our approach can effectively detect multi-stage attacks. The false positive rates are reduced due to implementation of the vulnerability and target host information. 621.382
325	Assessment and enforcement of wireless sensor network-based SCADA systems security / Évaluation et mise en oeuvre de la sécurité dans les systèmes SCADA à base de réseaux de capteurs sans fil Bayou, Lyes 19 June 2018 (has links) La sécurité des systèmes de contrôle industriel est une préoccupation majeure. En effet, ces systèmes gèrent des installations qui jouent un rôle économique important. En outre, attaquer ces systèmes peut non seulement entraîner des pertes économiques, mais aussi menacer des vies humaines. Par conséquent, et comme ces systèmes dépendent des données collectées, il devient évident qu’en plus des exigences de temps réel, il est important de sécuriser les canaux de communication entre ces capteurs et les contrôleurs principaux. Ces problèmes sont plus difficiles à résoudre dans les réseaux de capteurs sans fil (WSN). Cette thèse a pour but d’aborder les questions de sécurité des WSN. Tout d’abord, nous effectuons une étude de sécurité approfondie du protocole WirelessHART. Ce dernier est le protocole leader pour les réseaux de capteurs sans fil industriels (WISN). Nous évaluons ses forces et soulignons ses faiblesses et ses limites. En particulier, nous décrivons deux vulnérabilités de sécurité dangereuses dans son schéma de communication et proposons des améliorations afin d’y remédier. Ensuite, nous présentons wIDS, un système de détection d’intrusion (IDS) multicouches qui se base sur les spécifications, spécialement développé pour les réseaux de capteurs sans fil industriels. L’IDS proposé vérifie la conformité de chaque action effectuée par un noeud sans fil sur la base d’un modèle formel du comportement normal attendu. / The security in Industrial Control Systems is a major concern. Indeed, these systems manage installations that play an important economical role. Furthermore, targeting these systems can lead not only to economical losses but can also threaten human lives. Therefore, and as these systems depend on sensing data, it becomes obvious that additionally to real-time requirement, it is important to secure communication channels between these sensors and the main controllers. These issues are more challenging inWireless Sensor Networks (WSN) as the use of wireless communications brings its own security weaknesses. This thesis aims to address WSN-based security issues. Firstly, we conduct an in-deep security study of the WirelessHART protocol. This latter is the leading protocol for Wireless Industrial Sensor Networks (WISN) and is the first international approved standard. We assess its strengths and emphasize its weaknesses and limitations. In particular, we describe two harmful security vulnerabilities in the communication scheme of WirelessHART and propose improvement in order to mitigate them. Secondly, we present wIDS, a multilayer specification based Intrusion Detection System (IDS) specially tailored for Wireless Industrial Sensor Networks. The proposed IDS checks the compliance of each action performed by a wireless node based on a formal model of the expected normal behavior. Systèmes industriels Réseaux de capteurs sans fil WirelessHART Analyse de protocoles Détection d’intrusions Industrial Control Systems Wireless Sensor Networks WirelessHART Protocol analysis Intrusion Detection 004
326	ABIDS-WSN: UM FRAMEWORK DE DETECÇÃO DE INTRUSÃO EM REDES DE SENSORES SEM FIO ORIENTADO POR AGENTES INTELIGENTES. / ABIDS-WSN: A Framework of Intrusion Detection in Wireless Sensor Networks Driven by Intelligent Agents. PIRES, Higo Fellipe Silva 26 January 2017 (has links) Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-01T14:53:33Z No. of bitstreams: 1 Higo Felipe.pdf: 3289455 bytes, checksum: 294f49f96fd41d35ca0024df16006292 (MD5) / Made available in DSpace on 2017-08-01T14:53:33Z (GMT). No. of bitstreams: 1 Higo Felipe.pdf: 3289455 bytes, checksum: 294f49f96fd41d35ca0024df16006292 (MD5) Previous issue date: 2017-01-26 / CAPES / Lately, there has been a significant advance in several technologies directly or indirectly related to Ubiquitous Computing. Among them, the technology of Wireless Sensor Networks (WSNs) can be mentioned. Having its space in the current scenario, the use of wireless sensors extends into various branches of human activity: industrial monitoring, smart houses, medical and military applications. However, several shortcomings and limitations in wireless sensors can be noted: limited hardware, energy and computational capacity are points that are always treated by those who work with such devices. As for these devices, there is, besides the factors already mentioned, an important concern regarding their safety. As with other devices, for these threats to be at least mitigated, it is necessary to create layers of security. One of these layers may be formed by Intrusion Detection Systems (IDS). However, due to the aforementioned hardware restriction of the sensors, the development of IDSs - as well as any other application - for such devices should assume such characteristics. As for IDSs, there are some aspects that need to be taken into account, especially flexibility, efficiency and adaptability to new situations. A paradigm that facilitates the implementation of such capabilities is the Intelligent Agents. Therefore, this paper describes the proposition of a framework for intrusion detection in WSNs based on intelligent agents. / Ultimamente, houve um avanço significativo em várias tecnologias direta ou indiretamente correlatas à Computação Ubíqua. Entre elas, pode-se citar a tecnologia das Redes de Sensores sem Fio (WSN s). Tendo já o seu espaço no atual cenário, o uso dos sensores sem fio se estende em vários ramos da atividade humana: monitoramento industrial, smart houses, aplicações médicas e militares. Entretanto, várias deficiências e limitações em sensores sem fio podem ser notadas: recursos limitados de hardware, energia e capacidade computacional são pontos a sempre serem tratados por quem trabalha com tais dispositivos. Quanto a esses dispositivos há, além dos fatores já citados, uma preocupação importante referente á sua segurança. Assim como em outros dispositivos, para que essas ameaças sejam, ao menos, mitigadas é necessário criar camadas de segurança. Uma dessas camadas pode ser formada pelos Sistemas de Detecção de Intrusão (IDS). No entanto, devido à já mencionada restrição de hardware dos sensores, o desenvolvimento de IDSs bem como qualquer outra aplicação para esses dispositivos deve supor tais características. No que se refere, ainda, aos IDSs, há alguns aspectos que devem ser levados em conta, sobretudo flexibilidade, a eficiência e a capacidade de adaptação a novas situações. Um paradigma que facilita a implementação de tais capacidades são os Agentes Inteligentes. Sendo assim, este trabalho descreve a proposta de um framework para detecção de intrusões em WSNs baseado em agentes inteligentes. Engenharia de Software
327	Mitigando Ataques de Negação de Serviço em Infraestruturas de Computação em Nuvem. / Mitigating denial-of-service attacks on infrastructure Cloud computing. MEDEIROS, Gleison de Oliveira 04 September 2014 (has links) Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-09-04T14:37:04Z No. of bitstreams: 1 Gleison.pdf: 3054404 bytes, checksum: 11aa5497fadacc31dbe5c2817f241266 (MD5) / Made available in DSpace on 2017-09-04T14:37:04Z (GMT). No. of bitstreams: 1 Gleison.pdf: 3054404 bytes, checksum: 11aa5497fadacc31dbe5c2817f241266 (MD5) Previous issue date: 2014-09-04 / Cloud computing has been widely used as an ultimate solution for the growing demands of users of Information Technology services. Concomitant to the rapid development of this technology, new forms of intrusion (and intruders) have emerged. In this context, it is proposed in this dissertation, an architecture of intrusion detection system based on Multi-agent systems associated with the use of techniques for encryption and digital signature to detect and treat the attempted denial of service attacks in an Infrastructure Service. The partial results obtained with the implementation of a prototype are considered satisfactory in view of the performance presented by the tool. / A Computação em Nuvem tem sido bastante utilizada como uma solução recente para as demandas crescentes de usuários de serviços de Tecnologia da Informação. Concomitante ao desenvolvimento acelerado desta tecnologia, novas formas de intrusão (e de intrusos) acabam emergindo. Nesse contexto, é proposta nesta dissertação, uma arquitetura de sistema de detecção de intrusão, baseada em sistemas Multiagentes, associadas ao uso de técnicas de criptografia e assinatura digital, para detectar e tratar as tentativas de ataques de DoS (Denial of Service) em uma Infraestrutura de Nuvem IaaS (Infrastructure as a Service). Os resultados parciais obtidos com a implementação de um protótipo são considerados satisfatórios, tendo em vista o desempenho apresentado pela ferramenta. Sistemas de Informação.
328	A one-class NIDS for SDN-based SCADA systems / Um NIDS baseado em OCC para sistemas SCADA baseados em SDN Silva, Eduardo Germano da January 2007 (has links) Sistemas elétricos possuem grande influência no desenvolvimento econômico mundial. Dada a importância da energia elétrica para nossa sociedade, os sistemas elétricos frequentemente são alvos de intrusões pela rede causadas pelas mais diversas motivações. Para minimizar ou até mesmo mitigar os efeitos de intrusões pela rede, estão sendo propostos mecanismos que aumentam o nível de segurança dos sistemas elétricos, como novos protocolos de comunicação e normas de padronização. Além disso, os sistemas elétricos estão passando por um intenso processo de modernização, tornando-os altamente dependentes de sistemas de rede responsáveis por monitorar e gerenciar componentes elétricos. Estes, então denominados Smart Grids, compreendem subsistemas de geração, transmissão, e distribuição elétrica, que são monitorados e gerenciados por sistemas de controle e aquisição de dados (SCADA). Nesta dissertação de mestrado, investigamos e discutimos a aplicabilidade e os benefícios da adoção de Redes Definidas por Software (SDN) para auxiliar o desenvolvimento da próxima geração de sistemas SCADA. Propomos também um sistema de detecção de intrusões (IDS) que utiliza técnicas específicas de classificação de tráfego e se beneficia de características das redes SCADA e do paradigma SDN/OpenFlow. Nossa proposta utiliza SDN para coletar periodicamente estatísticas de rede dos equipamentos SCADA, que são posteriormente processados por algoritmos de classificação baseados em exemplares de uma única classe (OCC). Dado que informações sobre ataques direcionados à sistemas SCADA são escassos e pouco divulgados publicamente por seus mantenedores, a principal vantagem ao utilizar algoritmos OCC é de que estes não dependem de assinaturas de ataques para detectar possíveis tráfegos maliciosos. Como prova de conceito, desenvolvemos um protótipo de nossa proposta. Por fim, em nossa avaliação experimental, observamos a performance e a acurácia de nosso protótipo utilizando dois tipos de algoritmos OCC, e considerando eventos anômalos na rede SCADA, como um ataque de negação de serviço (DoS), e a falha de diversos dispositivos de campo. / Power grids have great influence on the development of the world economy. Given the importance of the electrical energy to our society, power grids are often target of network intrusion motivated by several causes. To minimize or even to mitigate the aftereffects of network intrusions, more secure protocols and standardization norms to enhance the security of power grids have been proposed. In addition, power grids are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage power components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this Masters dissertation, we investigate and discuss the applicability and benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also propose an Intrusion Detection System (IDS) that relies on specific techniques of traffic classification and takes advantage of the characteristics of SCADA networks and of the adoption of SDN/OpenFlow. Our proposal relies on SDN to periodically gather statistics from network devices, which are then processed by One- Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. As a proof-of-concept, we developed a prototype of our proposal. Finally, in our experimental evaluation, we observed the performance and accuracy of our prototype using two OCC-based Machine Learning (ML) algorithms, and considering anomalous events in the SCADA network, such as a Denial-of-Service (DoS), and the failure of several SCADA field devices. Redes : Computadores Seguranca : Redes : Computadores Supervisory control and data acquisition Software-defined networking Smart grids Network-based intrusion detection system One-class classification
329	Risk monitoring with intrusion detection for industrial control systems / Surveillance des risques avec détection d'intrusion pour les systèmes de contrôle industriels Muller, Steve 26 June 2018 (has links) Les cyberattaques contre les infrastructures critiques telles que la distribution d'électricité, de gaz et d'eau ou les centrales électriques sont de plus en plus considérées comme une menace pertinente et réaliste pour la société européenne. Alors que des solutions éprouvées comme les applications antimalware, les systèmes de détection d'intrusion (IDS) et même les systèmes de prévention d'intrusion ou d'auto-cicatrisation ont été conçus pour des systèmes informatiques classiques, ces techniques n'ont été que partiellement adaptées au monde des systèmes de contrôle industriel. En conséquence, les organisations et les pays font recours à la gestion des risques pour comprendre les risques auxquels ils sont confrontés. La tendance actuelle est de combiner la gestion des risques avec la surveillance en temps réel pour permettre des réactions rapides en cas d'attaques. Cette thèse vise à fournir des techniques qui aident les responsables de la sécurité à passer d'une analyse de risque statique à une plateforme de surveillance des risques dynamique et en temps réel. La surveillance des risques comprend trois étapes, chacune étant traitée en détail dans cette thèse : la collecte d'informations sur les risques, la notification des événements de sécurité et, enfin, l'inclusion de ces informations en temps réel dans une analyse des risques. La première étape consiste à concevoir des agents qui détectent les incidents dans le système. Dans cette thèse, un système de détection d'intrusion est développé à cette fin, qui se concentre sur une menace persistante avancée (APT) qui cible particulièrement les infrastructures critiques. La deuxième étape consiste à traduire les informations techniques en notions de risque plus abstraites, qui peuvent ensuite être utilisées dans le cadre d'une analyse des risques. Dans la dernière étape, les informations collectées auprès des différentes sources sont corrélées de manière à obtenir le risque auquel l'ensemble du système est confronté. Les environnements industriels étant caractérisés par de nombreuses interdépendances, un modèle de dépendance est élaboré qui prend en compte les dépendances lors de l'estimation du risque. / Cyber-attacks on critical infrastructure such as electricity, gas, and water distribution, or power plants, are more and more considered to be a relevant and realistic threat to the European society. Whereas mature solutions like anti-malwareapplications, intrusion detection systems (IDS) and even intrusion prevention or self-healing systems have been designed for classic computer systems, these techniques have only been partially adapted to the world of Industrial ControlSystems (ICS). As a consequence, organisations and nations fall back upon risk management to understand the risks that they are facing. Today's trend is to combine risk management with real-time monitoring to enable prompt reactions in case of attacks. This thesis aims at providing techniques that assist security managers in migrating from a static risk analysis to areal-time and dynamic risk monitoring platform. Risk monitoring encompasses three steps, each being addressed in detail in this thesis: the collection of risk-related information, the reporting of security events, and finally the inclusion of this real time information into a risk analysis. The first step consists in designing agents that detect incidents in the system. In this thesis, an intrusion detection system is developed to this end, which focuses on an advanced persistent threat (APT) that particularly targets critical infrastructures. The second step copes with the translation of the obtained technical information in more abstract notions of risk, which can then be used in the context of a risk analysis. In the final step, the information collected from the various sources is correlated so as to obtain the risk faced by the entire system. Since industrial environments are characterised by many interdependencies, a dependency model is elaborated which takes dependencies into account when the risk is estimated. Gestion de risque en temps réel Surveillance des risques Modélisation de dépendances Systèmes industriels Détection d'intrusions Real-Time risk management Risk monitoring Dependency modelling Industrial control systems Intrusion detection 004
330	Distributed and cooperative intrusion detection in wireless mesh networks / Détection d'intrusion distribuée et coopérative dans les réseaux maillés sans fil Morais, Anderson 28 November 2012 (has links) Les réseaux maillés sans fil (WMNs - Wireless Mesh Networks) sont une technologie émergente qui prend de l'importance parmi les traditionnels systèmes de communication sans fil. Toutefois, WMNs sont particulièrement vulnérables à des attaques externes et internes en raison de leurs attributs inhérents tels que le moyen de communication ouverte et l'architecture décentralisée. Dans cette recherche, nous proposons un système complet de détection d'intrusion distribué et coopératif qui détecte efficacement et effectivement des attaques au WMN en temps réel. Notre mécanisme de détection d'intrusion est basé sur l'échange fiable des événements du réseau et la coopération active entre les nœuds participants. Dans notre approche distribuée, systèmes de détection d'intrusion (IDS - Intrusion Detection System,) sont indépendamment installé dans chaque nœud mesh pour surveiller passivement le comportement de routage du nœud et en même temps surveiller le comportement de son voisinage. Sur cette base, nous avons d'abord développé un Analyseur de Protocole de Routage (APR) qui génère avec précision des événements de routage à partir du trafic observée, qui sont ensuite traités par le propre nœud et échangés entre les nœuds voisins. Deuxièmement, nous proposons un Mécanisme de Détection d'Intrusion Distribué (MDID) pratique, qui calcule périodiquement des Métriques de mal comportement précises en faisant usage des événements de routage générés et des Contraintes de Routage prédéfinies qui sont extraites à partir du comportement du protocole. Troisièmement, nous proposons un Mécanisme de Consensus Coopérative, qui est déclenché parmi les nœuds voisins si tout comportement malveillant est détecté. Le Mécanisme de Consensus Coopérative analyse les Métriques de mal comportement et partage les Résultats de Détection d'Intrusion parmi les voisins pour traquer la source de l'intrusion. Pour valider notre recherche, nous avons mis en œuvre la solution de détection d'intrusion distribuée en utilisant une plate-forme de réseau mesh virtualisée composé de machines virtuelles (VM - Virtual Machines) interconnectés. Nous avons également implémenté plusieurs attaques de routage pour évaluer la performance des mécanismes de détection d'intrusion / Wireless Mesh Network (WMN) is an emerging technology that is gaining importance among traditional wireless communication systems. However, WMNs are particularly vulnerable to external and insider attacks due to their inherent attributes such as open communication medium and decentralized architecture. In this research, we propose a complete distributed and cooperative intrusion detection system for efficient and effective detection of WMN attacks in real-time. Our intrusion detection mechanism is based on reliable exchange of network events and active cooperation between the participating nodes. In our distributed approach, Intrusion Detection Systems (IDSs) are independently placed at each mesh node to passively monitor the node routing behavior and concurrently monitor the neighborhood behavior. Based on that, we first implement a Routing Protocol Analyzer (RPA) that accuracy generates Routing Events from the observed traffic, which are then processed by the own node and exchanged between neighboring nodes. Second, we propose a practical Distributed Intrusion Detection Engine (DIDE) component, which periodically calculates accurate Misbehaving Metrics by making use of the generated Routing Events and pre-defined Routing Constraints that are extracted from the protocol behavior. Third, we propose a Cooperative Consensus Mechanism (CCM), which is triggered among the neighboring nodes if any malicious behavior is detected. The CCM module analyzes the Misbehaving Metrics and shares Intrusion Detection Results among the neighbors to track down the source of intrusion. To validate our research, we implemented the distributed intrusion detection solution using a virtualized mesh network platform composed of virtual machines (VMs) interconnected. We also implemented several routing attacks to evaluate the performance of the intrusion detection mechanisms Réseaux maillés sans fil Détection d'intrusion Coopération Protocole de routage Machine virtuelle Attaque de routage Wireless mesh networks Intrusion detection Cooperation Routing protocol Virtual machine Routing attack

Search results