Global ETD Search

1	Incident prioritisation for intrusion response systems Jumaat, Nor Badrul Anuar January 2012 (has links) The landscape of security threats continues to evolve, with attacks becoming more serious and the number of vulnerabilities rising. To manage these threats, many security studies have been undertaken in recent years, mainly focusing on improving detection, prevention and response efficiency. Although there are security tools such as antivirus software and firewalls available to counter them, Intrusion Detection Systems and similar tools such as Intrusion Prevention Systems are still one of the most popular approaches. There are hundreds of published works related to intrusion detection that aim to increase the efficiency and reliability of detection, prevention and response systems. Whilst intrusion detection system technologies have advanced, there are still areas available to explore, particularly with respect to the process of selecting appropriate responses. Supporting a variety of response options, such as proactive, reactive and passive responses, enables security analysts to select the most appropriate response in different contexts. In view of that, a methodical approach that identifies important incidents as opposed to trivial ones is first needed. However, with thousands of incidents identified every day, relying upon manual processes to identify their importance and urgency is complicated, difficult, error-prone and time-consuming, and so prioritising them automatically would help security analysts to focus only on the most critical ones. The existing approaches to incident prioritisation provide various ways to prioritise incidents, but less attention has been given to adopting them into an automated response system. Although some studies have realised the advantages of prioritisation, they released no further studies showing they had continued to investigate the effectiveness of the process. This study concerns enhancing the incident prioritisation scheme to identify critical incidents based upon their criticality and urgency, in order to facilitate an autonomous mode for the response selection process in Intrusion Response Systems. To achieve this aim, this study proposed a novel framework which combines models and strategies identified from the comprehensive literature review. A model to estimate the level of risks of incidents is established, named the Risk Index Model (RIM). With different levels of risk, the Response Strategy Model (RSM) dynamically maps incidents into different types of response, with serious incidents being mapped to active responses in order to minimise their impact, while incidents with less impact have passive responses. The combination of these models provides a seamless way to map incidents automatically; however, it needs to be evaluated in terms of its effectiveness and performances. To demonstrate the results, an evaluation study with four stages was undertaken; these stages were a feasibility study of the RIM, comparison studies with industrial standards such as Common Vulnerabilities Scoring System (CVSS) and Snort, an examination of the effect of different strategies in the rating and ranking process, and a test of the effectiveness and performance of the Response Strategy Model (RSM). With promising results being gathered, a proof-of-concept study was conducted to demonstrate the framework using a live traffic network simulation with online assessment mode via the Security Incident Prioritisation Module (SIPM); this study was used to investigate its effectiveness and practicality. Through the results gathered, this study has demonstrated that the prioritisation process can feasibly be used to facilitate the response selection process in Intrusion Response Systems. The main contribution of this study is to have proposed, designed, evaluated and simulated a framework to support the incident prioritisation process for Intrusion Response Systems. 621.382
2	Policies Based Intrusion Response System for DBMS Nayeem, Fatima, Vijayakamal, M. 01 December 2012 (has links) Relational databases are built on Relational Model proposed by Dr. E. F. Codd. The relational model has become a consistent and widely used DBMS in the world. The databases in this model are efficient in storing and retrieval of data besides providing authentication through credentials. However, there might be many other attacks apart from stealing credentials and intruding database. Adversaries may always try to intrude into the relational database for monetary or other gains [1]. The relational databases are subjected to malicious attacks as they hold the valuable business data which is sensitive in nature. Monitoring such database continuously is a task which is inevitable keeping the importance of database in mind. This is a strategy that is in top five database strategies as identified by Gartner research which are meant for getting rid of data leaks in organizations [2]. There are regulations from governments like US with respect to managing data securely. The data management like HIAPP, GLBA, and PCI etc. is mentioned in the regulations as examples. / Intrusion detection systems play an important role in detecting online intrusions and provide necessary alerts. Intrusion detection can also be done for relational databases. Intrusion response system for a relational database is essential to protect it from external and internal attacks. We propose a new intrusion response system for relational databases based on the database response policies. We have developed an interactive language that helps database administrators to determine the responses to be provided by the response system based on the malicious requests encountered by relational database. We also maintain a policy database that maintains policies with respect to response system. For searching the suitable policies algorithms are designed and implemented. Matching the right policies and policy administration are the two problems that are addressed in this paper to ensure faster action and prevent any malicious changes to be made to policy objects. Cryptography is also used in the process of protecting the relational database from attacks. The experimental results reveal that the proposed response system is effective and useful. Intrusion detection intrusion response system policies relational database
3	Endpoint Intrusion Detection and Response Agents in Embedded RAN Products : A suitability and performance evaluation / Intrångsdetektering och respons inom ändpunkter i inbyggda RAN produkter : En studie kring lämplighet och prestanda Hashem, Yousef, Zildzic, Elmedin January 2022 (has links) Endpoint detection and response is an integral part of the security of large-scale networks. Embedded hardware, such as those found at Ericsson Radio Access Network endpoints, have strict performance requirements that need to be met. This fact makes implementing intrusion detection non-trivial, as intrusion detection software often generate a lot of processing overhead. Wazuh, an established open-source distributed and centralized intrusion detection and response system, shows a lot of promise as a large-scale intrusion detection system. It is very modular and has various capabilities that can be utilized in different ways to minimize processing overhead. One of these capabilities is native support for the native Linux syscall monitoring tool AuditD. While AuditD is very capable, it can introduce severe performance penalties in certain scenarios. Falco is another syscall monitoring tool that shows promise with regards to performance, and also has more features than AuditD; which is why Falco is included as a direct comparison to AuditD. This study evaluates Wazuh, AuditD, and Falco based on a set of requirements set by Ericsson, including flexibility, scalability and reliability, by enacting performance benchmarks with normal background operations active. The results of this study show that, with the correct configuration, Wazuh can be used as an intrusion detection system in embedded systems with limited hardware, where AuditD and Falco can serve as a great addition to detecting indicators of compromise. The solution is to use a minimal intrusion detection ruleset, and in the event of suspicious activity, activate more modules to increase threat detection at the cost of CPU overhead and execution time for normal system operation. intrusion detection wazuh security edr intrusion response Computer Engineering Datorteknik
4	ARROS: Distributed Adaptive Real-Time Network Intrusion Response Karunanidhi, Karthikeyan 14 April 2006 (has links) No description available. Computer Science NETWORK INTRUSION RESPONSE AUTOMATED, AUTOMATIC RESPONSE COMPUTER SECURITY NETWORK SECURITY ACTIVE INTRUSION RESPONSE ARROS, IRS, IR
5	Building Secure Systems using Mobile Agents Shibli, Muhammad Awais January 2006 (has links) <p>The progress in the field of computer networks and Internet is increasing with tremendous volume in recent years. This raises important issue with regards to security. Several solutions emerged in the past which provide security at host or network level. These traditional solutions like antivirus, firewall, spy-ware, and authentication mechanisms provide security to some extends, but they still face the challenge of inherent system flaws, OS bugs and social engineering attacks. Recently, some interesting solution emerged like Intrusion Detection and Prevention systems, but these too have some problems, like detecting and responding in real time, because they mostly require inputs from system administrator. Optimistically, we have succeeded in protecting the hosts to some extent by applying the reactive approach, such as antivirus, firewall and intrusion detection and response systems, But, if we critically analyze this approach, we will reach the conclusion that it has inherent flaws, since the number of penetrations, Internet crime cases, identity and financial data thefts, etc. are rising exponentially in recent years. The main reason is that we are using only reactive approach, i.e. protection system is activated only when some security breach occurs. Secondly, current techniques try to fix the overall huge problem of security using only small remedies (firewall, antivirus and intrusion detection and preventions system) – “point solutions”. Therefore, there is a need to develop a strategy using Mobile Agents in order to operate in reactive and proactive manners, what requires providing security on the principle of defense in depth. So, that ultimate goal of securing a system as a whole can be achieved. System is assumed to be secure if unauthorized access (penetrations) is not possible and system is safe against damages. This strategy will include three aspects: (a) autonomously detect vulnerabilities on different hosts (in a distributed network) before an attacker can exploit (b) protect hosts by detecting attempts of intrusions and responding to them in real time; and finally (c) perform tasks related to security management.</p> Mobile Agents Intrusion Detection Intrusion Response Security Management Information technology Informationsteknik
6	RSU-Based Intrusion Detection and Autonomous Intersection Response Systems Yurkovich, Peter Joseph 10 March 2022 (has links) Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such, it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks. This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) located on Roadside Units (RSU) was developed to detect misbehavior nodes. This model maintains a 98%-100% accuracy while reducing system overhead by removing the need for edge or cloud computing. A resilient Intrusion Response System (IRS) for a autonomous intersection was developed to protect again sybil attacks. The IRS utilizes adaptive switching between several intersection types to reduce delay by up to 78% compared to intersections without these defenses. / Master of Science / Vehicular safety and efficiency has been an ongoing research topic since the creation of the automobile. Despite this, deaths due to vehicular accidents are still extremely common, with driver issues and errors causing a vast majority of them. In order to combat the safety risks, Connected and Autonomous Vehicles (CAV) and other smart solutions have been heavily researched. CAVs provide the means to increase the safety of travel as well as its efficiency. However, before connected vehicles can be deployed and utilized, safe and secure communication and standards need to be created and evaluated to ensure that the introduction of a new safety threat does not overshadow the one that is already being faced. As such it is integral for Intelligent Transportation Systems (ITS) to prevent, detect and respond to cyberattacks. This research focuses on the detection and response of ITS components to cyberattacks. An Intrusion Detection System (IDS) was created to detect vehicles misbehaving or conducting cyberattacks. The IDS is installed on off-road computers, called Roadside Units (RSU) which prevents the need for a separate server to be created to hold the IDS. The IDS is able to identify misbehavior and attacks at a 98% to 100% accuracy. An autonomous intersection is an intersection where all directions for driving through the intersection are transmitted through wireless communication. A Intrusion Response System (IRS) was developed for an autonomous intersection, to defend against vehicles making multiple reservation requests to pass through the intersection. The IRS reduces vehicle delay through the intersection by 78% compared to an intersection without defenses. Vehicle ad hoc Network Intrusion Detection System Autonomous Intersection Intrusion Response System
7	Building Secure Systems using Mobile Agents Shibli, Muhammad Awais January 2006 (has links) The progress in the field of computer networks and Internet is increasing with tremendous volume in recent years. This raises important issue with regards to security. Several solutions emerged in the past which provide security at host or network level. These traditional solutions like antivirus, firewall, spy-ware, and authentication mechanisms provide security to some extends, but they still face the challenge of inherent system flaws, OS bugs and social engineering attacks. Recently, some interesting solution emerged like Intrusion Detection and Prevention systems, but these too have some problems, like detecting and responding in real time, because they mostly require inputs from system administrator. Optimistically, we have succeeded in protecting the hosts to some extent by applying the reactive approach, such as antivirus, firewall and intrusion detection and response systems, But, if we critically analyze this approach, we will reach the conclusion that it has inherent flaws, since the number of penetrations, Internet crime cases, identity and financial data thefts, etc. are rising exponentially in recent years. The main reason is that we are using only reactive approach, i.e. protection system is activated only when some security breach occurs. Secondly, current techniques try to fix the overall huge problem of security using only small remedies (firewall, antivirus and intrusion detection and preventions system) – “point solutions”. Therefore, there is a need to develop a strategy using Mobile Agents in order to operate in reactive and proactive manners, what requires providing security on the principle of defense in depth. So, that ultimate goal of securing a system as a whole can be achieved. System is assumed to be secure if unauthorized access (penetrations) is not possible and system is safe against damages. This strategy will include three aspects: (a) autonomously detect vulnerabilities on different hosts (in a distributed network) before an attacker can exploit (b) protect hosts by detecting attempts of intrusions and responding to them in real time; and finally (c) perform tasks related to security management. Mobile Agents Intrusion Detection Intrusion Response Security Management Computer and Information Sciences Data- och informationsvetenskap
8	Design and Implementation of an Efficient Intrusion Response System for 5G RAN Baseband Units / Design och implementering av ett effektivt intrångsresponssystem för 5G RAN-basbandsenheter Ghazzawi, Mirna, Imran, Adil January 2023 (has links) The 5G Radio Access Network (RAN) is a critical system that must be secured against potential attacks, particularly its Base-Band Unit (BBU), which is a common target for intrusions. Ericsson, which is a big provider of such systems, has placed significant emphasis on implementing Intrusion Detection Systems (IDS) to detect threats. However, the attention given to Intrusion Response Systems (IRS) in general is limited, with current challenges including false alarms, response cost, response time and reliability. Also, the hardware limitations of the BBU present difficulties in designing an effective IRS. To address these challenges, a semi-automated IRS was implemented with a dynamic and cost-based response selection approach. Open Source SECurity (OSSEC), which is a free, open-source endpoint detection and response tool, was employed to execute the selected responses. The effectiveness of the IRS was assessed based on Ericsson's requirements, reliability, response time, response cost and false alarms. The results obtained show that the proposed IRS is reliable as it can handle a huge number of intrusions and has negligible performance overhead in less extreme attack cases. These findings offer valuable insights into addressing intrusions within a system with constrained hardware resources. Intrusion Response System Security OSSEC Radio Access Network Baseband Units Computer Systems Datorsystem
9	Autonomous Cyber Defense for Resilient Cyber-Physical Systems Zhang, Qisheng 09 January 2024 (has links) In this dissertation research, we design and analyze resilient cyber-physical systems (CPSs) under high network dynamics, adversarial attacks, and various uncertainties. We focus on three key system attributes to build resilient CPSs by developing a suite of the autonomous cyber defense mechanisms. First, we consider network adaptability to achieve the resilience of a CPS. Network adaptability represents the network ability to maintain its security and connectivity level when faced with incoming attacks. We address this by network topology adaptation. Network topology adaptation can contribute to quickly identifying and updating the network topology to confuse attacks by changing attack paths. We leverage deep reinforcement learning (DRL) to develop CPSs using network topology adaptation. Second, we consider the fault-tolerance of a CPS as another attribute to ensure system resilience. We aim to build a resilient CPS under severe resource constraints, adversarial attacks, and various uncertainties. We chose a solar sensor-based smart farm as one example of the CPS applications and develop a resource-aware monitoring system for the smart farms. We leverage DRL and uncertainty quantification using a belief theory, called Subjective Logic, to optimize critical tradeoffs between system performance and security under the contested CPS environments. Lastly, we study system resilience in terms of system recoverability. The system recoverability refers to the system's ability to recover from performance degradation or failure. In this task, we mainly focus on developing an automated intrusion response system (IRS) for CPSs. We aim to design the IRS with effective and efficient responses by reducing a false alarm rate and defense cost, respectively. Specifically, We build a lightweight IRS for an in-vehicle controller area network (CAN) bus system operating with DRL-based autonomous driving. / Doctor of Philosophy / In this dissertation research, we design and analyze resilient cyber-physical systems (CPSs) under high network dynamics, adversarial attacks, and various uncertainties. We focus on three key system attributes to build resilient CPSs by developing a suite of the autonomous cyber defense mechanisms. First, we consider network adaptability to achieve the resilience of a CPS. Network adaptability represents the network ability to maintain its security and connectivity level when faced with incoming attacks. We address this by network topology adaptation. Network topology adaptation can contribute to quickly identifying and updating the network topology to confuse attacks by changing attack paths. We leverage deep reinforcement learning (DRL) to develop CPSs using network topology adaptation. Second, we consider the fault-tolerance of a CPS as another attribute to ensure system resilience. We aim to build a resilient CPS under severe resource constraints, adversarial attacks, and various uncertainties. We chose a solar sensor-based smart farm as one example of the CPS applications and develop a resource-aware monitoring system for the smart farms. We leverage DRL and uncertainty quantification using a belief theory, called Subjective Logic, to optimize critical tradeoffs between system performance and security under the contested CPS environments. Lastly, we study system resilience in terms of system recoverability. The system recoverability refers to the system's ability to recover from performance degradation or failure. In this task, we mainly focus on developing an automated intrusion response system (IRS) for CPSs. We aim to design the IRS with effective and efficient responses by reducing a false alarm rate and defense cost, respectively. Specifically, We build a lightweight IRS for an in-vehicle controller area network (CAN) bus system operating with DRL-based autonomous driving. Cyber-physical systems network resilience network security network adaptation software diversity deep reinforcement learning fault-tolerance recoverability intrusion prevention intrusion response
10	RESPOSTAS AUTOMÁTICAS PARA MELHORIA DA SEGURANÇA EM SISTEMAS DE DETECÇÃO DE INTRUSOS / AUTOMATIC ANSWERS FOR IMPROVEMENT OF THE SECURITY IN DETECTION SYSTEMS OF INTRUDERS SANTOS, Glenda de Lourdes Ferreira dos 21 November 2003 (has links) Made available in DSpace on 2016-08-17T14:52:54Z (GMT). No. of bitstreams: 1 Glenda de Lourdes Ferreira dos Santos.pdf: 972743 bytes, checksum: 111a2522d029325d266db2465a430638 (MD5) Previous issue date: 2003-11-21 / The development of approaches for proving fast reactions against intruders and attackers have been one of the most important requirements in the critical defense of computer networks, since the intrusion occur quickly, demanding reactions without human intervention. These approaches should be able to, autonomously, respond to attacks and deal with several important aspects of the computer security problem in order to reduce the system administrator s workload Such approaches can offer larger reliability and effectiveness in the detection and response processes, a higher rate of security to private networks, better defense possibilities and, in addition, minimize the intruder's change of success. This research work deals with the specification of a society of intelligent agents for assessment and enhancement of intrusion response systems in computer networks. The proposal of the model of intrusion response system (IRS) be based on in several available architectures, in order to look for better solutions for the problems faced in the modelling of a system of that level. With that, was modeled a system to approach the main desirable functionalities for a system of active answers. The system, as part of the NIDIA (Network Intrusion Detection System based on Intelligent Agents) (Lima, 2001), is formed by a society of agents that are responsible for the functions of identification of the characteristic of the attack, choice of the best reaction strategy and for the execution of the response.The society is composed by agents able to determine and apply automatically corrective actions against attacks classified according to a given severity taxonomic model. In the proposed model was looked for to define response to intrusions for abuse and for anomaly to guarantee a lower robustness to the system. / O desenvolvimento de mecanismos para reações rápidas contra intrusos tem sido um dos mais importantes requisitos na defesa crítica de redes de computador, visto que estes agem rapidamente exigindo reações sem intervenção humana. Tais mecanismos devem estar habitas a, automaticamente, responder um ataque e lidar com o vários aspectos do problema de seguança de computadores, e com isso reduzir a carga de trabalho do administrador do sistema. Semelhantes características podem oferecer confiança e efetividade no processo de detecção e resposta, alta taxa de segunça a redes privadas, melhores possibilidades de defesa e, ainda, minimizar as chances do intruso. Essa dissertação trata da especificação de uma sociedade de agentes para a avaliação e aprimoramento de sistema de resposta de intrusão em redes de computadores. A proposta de um modelo de sistema de resposta de intrusao(IRS) é baseada em várias arquiteturas disponíveis na procura da melhor solução para os problemas encontrados na modelagem de um sistema deste nível. Com isso, foi modelado um sistema que contenha as principais funcionalidades desejáveis para um de respostas ativas. O sistema, que faz parte do NIDIA(Network Intrusion Detection System based on Intelligent Agents) (Lima, 2001), é formado por uma sociedade de agentes que são responsáveis pelas funções de identificação das características do ataque, escolha da melhor estratégia de reação a pela execução resposta.A sociedade é composta por agentes artificiais aptos em determinar e aplicar automaticamente ações, corretivas e preventivas, contra ataques classificados de acordo com um modelo taxonômico de severidade. No modelo proposto procurou-se definir respostas de intrusoes por abuso e por anomalia para garantir maior robustes ao sistema. sistema de resposta de intrusão detecção de intrusos segurança de redes de computadores sistemas multiagentes redes neurais intrusion response system intrusion detection multi-agents systems neural networks

Search results