Global ETD Search

231	Thwarting Network Stealth Worms in Computer Networks through Biological Epidemiology Hall, Kristopher Joseph 12 June 2006 (has links) This research developed a system, Rx, to provide early identification and effective control of network stealth worms in digital networks through techniques based on biological epidemiology. Network stealth worms comprise a class of surreptitious, self-propagating code that spread over network connections by exploiting security vulnerabilities in hosts. Past outbreaks due to traditional worms subverted hundreds of thousands of machines. Network stealth worms exacerbate that threat by using clandestine methods to maintain a persistent presence in the network. Biological epidemiology was shown to support the real-time detection, characterization, forecasting, and containment of network stealth worms. Epidemiology describes a scientific methodology in biology that seeks to understand, explain, and control disease. Bio-mathematical modeling led to the development of a mechanism for digital networks to identify worm infection behavior buried in anomaly data, to characterize a worm, and to forecast the temporal spread of a worm. Demographic analysis of the infected hosts revealed the subset of vulnerable machines within the population. The automated response of advanced quarantine used this information to control the spread of an identified worm by isolating both infected and vulnerable machines. The novel contributions of this research included the identification of a network stealth worm at the network-level based on end-host reports while simultaneously characterizing and forecasting the spread of the worm. Additionally, this task offered the technique of advanced quarantine through demographic analysis of the population. This work resulted in a scalable, fault-tolerant strategy that dramatically enhanced the survival rate of network hosts under attack by a stealth worm. Moreover, this approach did not require new hardware, changes to existing protocols, or participation outside the implementing organization. This research showed application to a wider range of challenges. The bio-mathematical models are extensible, allowing Rx to respond to variations on the self-propagating code presented here. The approach is applicable to other forms of malware beyond self-propagating code by interchanging the epidemic model with one more appropriate. Lastly, the strategy allowed anomaly detectors to be sensitive to lower reporting thresholds and a variety of often benign yet potentially useful events. / Ph. D. Network Stealth Worms Demographic Analysis Bio-mathematical Modeling Epidemiology Network Security
232	Exploring the Evolution of the TLS Certificate Ecosystem Farhan, Syed Muhammad 01 June 2022 (has links) A vast majority of popular communication protocols for the internet employ the use of TLS (Transport Layer Security) to secure communication. As a result, there have been numerous efforts including the introduction of Certificate Transparency logs and Free Automated CAs to improve the SSL certificate ecosystem. Our work highlights the effectiveness of these efforts using the Certificate Transparency dataset as well as certificates collected via full IPv4 scans. We show that a large proportion of invalid certificates still exists and outline reasons why these certificates are invalid and where they are hosted. Moreover, we show that the incorrect use of template certificates has led to incorrect SCTs being embedded in the certificates. Taken together, our results emphasize continued involvement for the research community to improve the web's PKI ecosystem. / Master of Science / Security and Privacy for communication over the internet is increasingly important. TLS (Transport Layer Security) is the most popular protocol used to secure communications over the internet today. This work explores how this protocol has evolved over the past 9 years and how effective the measures undertaken by the community have been to improve the adherence to best practices in the wild. TLS employs the use of certificates to initialize secure communication and make sure the other party is indeed who they say they are. We show that while security has improved over the years, a majority of certificates are invalid and outline reasons why. We also observe the growth of Certificate Transparency logs and show how the use of template certificates cause unexpected issues. Taken together, our results emphasize a continued involvement for the research community to improve the TLS certificate ecosystem. Security TLS Certificates Network Security Cryptography Public Key Cryptography Web Security Protocol Measurement
233	Sequential Pattern Mining: A Proposed Approach for Intrusion Detection Systems Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 19 December 2023 (has links) No / Technological advancements have played a pivotal role in the rapid proliferation of the fourth industrial revolution (4IR) through the deployment of Internet of Things (IoT) devices in large numbers. COVID-19 caused serious disruptions across many industries with lockdowns and travel restrictions imposed across the globe. As a result, conducting business as usual became increasingly untenable, necessitating the adoption of new approaches in the workplace. For instance, virtual doctor consultations, remote learning, and virtual private network (VPN) connections for employees working from home became more prevalent. This paradigm shift has brought about positive benefits, however, it has also increased the attack vectors and surfaces, creating lucrative opportunities for cyberattacks. Consequently, more sophisticated attacks have emerged, including the Distributed Denial of Service (DDoS) and Ransomware attacks, which pose a serious threat to businesses and organisations worldwide. This paper proposes a system for detecting malicious activities in network traffic using sequential pattern mining (SPM) techniques. The proposed approach utilises SPM as an unsupervised learning technique to extract intrinsic communication patterns from network traffic, enabling the discovery of rules for detecting malicious activities and generating security alerts accordingly. By leveraging this approach, businesses and organisations can enhance the security of their networks, detect malicious activities including emerging ones, and thus respond proactively to potential threats. Scanning detection Sequential pattern mining Unsupervised learning Intrusion detection system Network security
234	Statistical Analysis of Wireless Communication Systems Using Hidden Markov Models Rouf, Ishtiaq 06 August 2009 (has links) This thesis analyzes the use of hidden Markov models (HMM) in wireless communication systems. HMMs are a probabilistic method which is useful for discrete channel modeling. The simulations done in the thesis verified a previously formulated methodology. Power delay profiles (PDP) of twelve wireless receivers were used for the experiment. To reduce the computational burden, binary HMMs were used. The PDP measurements were sampled to identify static receivers and grid-based analysis. This work is significant as it has been performed in a new environment. Stochastic game theory is analyzed to gain insight into the decision-making process of HMMs. Study of game theory is significant because it analyzes rational decisions in detail by attaching risk and reward to every possibility. Network security situation awareness has emerged as a novel application of HMMs in wireless networking. The dually stochastic nature of HMMs is applied in this process for behavioral analysis of network intrusion. The similarity of HMMs to artificial neural networks makes it useful for such applications. This application was performed using simulations similar to the original works. / Master of Science Stochastic Games Position Location Hidden Markov Model Network Security Situation Awareness
235	Analyzing Wireless LAN Security Overhead McCarter, Harold Lars 16 May 2006 (has links) Wireless local area networks (WLAN) are beginning to play a much larger role in corporate network environments and are already very popular for home networking applications. This increase in accessibility has created large security holes for hackers and thieves to abuse, which is finally being addressed by stronger security methods such as advanced encryption algorithms and efficient authentication processes. However, these security methods often hamper network performance unbeknownst to engineers and users. This research examines the effects of Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and Counter Mode/CBC-MAC Protocol (CCMP) encryption algorithms on throughput rates for IEEE 802.11 networks as well as the authentication times for Lightweight Extensible Authentication Protocol (LEAP) and Protected Extensible Authentication Protocol (PEAP). The research shows that today's wireless hardware is capable of reducing overhead of even the most advanced encryption schemes to less than five percent of the total bandwidth. / Master of Science TKIP Wireless Network Security Encryption Overhead Authentication Delay CCMP PEAP WEP LEAP
236	Side-Channel Attacks on Encrypted 5G/4G Voice Calls Shaan Shekhar (18463575) 01 May 2024 (has links) <p dir="ltr">5G/4G voice calls are encrypted for the purpose of confidentiality, secrecy and privacy. Although protected by well-examined security measures we unveil several vulnerabilities previously unreported in the 5G/4G voice calls that unintentionally leak 5G/4G call state information despite encryption protection and device proof of concept attacks in this thesis. Unlike existing attacks, these new attacks are significantly more threatening because they are completely contactless without requiring any malware, access or compromise on the victim's phones, the 5G/4G network and the other call party. Instead, the attacker only needs to deploy a radio sniffer to eavesdrop on 5G/4G communication and infer confidential call information.</p><p dir="ltr">Interestingly, such confidentiality breaches are technically feasible due to recent 5G/4G call enhancement technologies standardized in the 3GPP specifications and adopted by mobile network operators. While effective in enhancing 5G/4G call quality and efficiency, they, unfortunately, expose extra call information, which can be exploited to infer call states and launch side-channel attacks precisely. Another major contributor to this attack is the IVR technology, which uses a computer-operated telephone system to help companies answer customer calls. In this thesis, we focus on snooping Pay-over-the-Phone transactions done over IVR calls and optionally inferring the company involved in the transaction. The attacks exploit technologies designed to enhance the call quality and efficiency and develop several attack modules to (1) detect voice calls over encrypted 5G/4G traffic, (2) infer the use of IVR over limited call information leaked in the air, and (3) spy on sensitive payment transactions in real-time. We have implemented this proof-of-concept attack using an SDR-based sniffer only. We have validated its effectiveness and assessed damages in various experiments with 5G operators in the US. Lastly, we have discussed the lessons learned from the attacks and the future work that can be done to improve the efficiency of the attacks and make them more threatening.</p> System and network security Voice Call Security Phone Call Security Side Channel Attacks Inference Attacks
237	Detecting k-Balanced Trusted Cliques in Signed Social Networks Hao, F., Yau, S.S., Min, Geyong, Yang, L.T. January 2014 (has links) No / k-Clique detection enables computer scientists and sociologists to analyze social networks' latent structure and thus understand their structural and functional properties. However, the existing k-clique-detection approaches are not applicable to signed social networks directly because of positive and negative links. The authors' approach to detecting k-balanced trusted cliques in such networks bases the detection algorithm on formal context analysis. It constructs formal contexts using the modified adjacency matrix after converting a signed social network into an unweighted one. Experimental results demonstrate that their algorithm can efficiently identify the trusted cliques. Signed social networks FCA Equiconcept Trusted cliques Trust managements Network security
238	Unsupervised Learning for Feature Selection: A Proposed Solution for Botnet Detection in 5G Networks Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 01 August 2022 (has links) Yes / The world has seen exponential growth in deploying Internet of Things (IoT) devices. In recent years, connected IoT devices have surpassed the number of connected non-IoT devices. The number of IoT devices continues to grow and they are becoming a critical component of the national infrastructure. IoT devices' characteristics and inherent limitations make them attractive targets for hackers and cyber criminals. Botnet attack is one of the serious threats on the Internet today. This article proposes pattern-based feature selection methods as part of a machine learning (ML) based botnet detection system. Specifically, two methods are proposed: the first is based on the most dominant pattern feature values and the second is based on Maximal Frequent Itemset (MFI) mining. The proposed feature selection method uses Gini Impurity (GI) and an unsupervised clustering method to select the most influential features automatically. The evaluation results show that the proposed methods have improved the performance of the detection system. The developed system has a True Positive Rate (TPR) of 100% and a False Positive Rate (FPR) of 0% for best performing models. In addition, the proposed methods reduce the computational cost of the system as evidenced by the detection speed of the system. Botnet attack Internet of Things Network security Intrusion detection system Machine learning Feature selection
239	Latent Dirichlet Allocation for the Detection of Multi-Stage Attacks Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 19 December 2023 (has links) No / The rapid shift and increase in remote access to organisation resources have led to a significant increase in the number of attack vectors and attack surfaces, which in turn has motivated the development of newer and more sophisticated cyber-attacks. Such attacks include Multi-Stage Attacks (MSAs). In MSAs, the attack is executed through several stages. Classifying malicious traffic into stages to get more information about the attack life-cycle becomes a challenge. This paper proposes a malicious traffic clustering approach based on Latent Dirichlet Allocation (LDA). LDA is a topic modelling approach used in natural language processing to address similar problems. The proposed approach is unsupervised learning and therefore will be beneficial in scenarios where traffic data is not labeled and analysis needs to be performed. The proposed approach uncovers intrinsic contexts that relate to different categories of attack stages in MSAs. These are vital insights needed across different areas of cybersecurity teams like Incident Response (IR) within the Security Operations Center (SOC), the insights uncovered could have a positive impact in ensuring that attacks are detected at early stages in MSAs. Besides, for IR, these insights help to understand the attack behavioural patterns and lead to reduced time in recovery following an incident. The proposed approach is evaluated on a publicly available MSAs dataset. The performance results are promising as evidenced by over 99% accuracy in identified malicious traffic clusters. Multi-stage attack Network security Intrusion detection system Latent dirichlet allocation Topic modelling
240	Adversarial Attacks Against Network Intrusion Detection Systems Sanidhya Sharma (19203919) 26 July 2024 (has links) <p dir="ltr">The explosive growth of computer networks over the past few decades has significantly enhanced communication capabilities. However, this expansion has also attracted malicious attackers seeking to compromise and disable these networks for personal gain. Network Intrusion Detection Systems (NIDS) were developed to detect threats and alert users to potential attacks. As the types and methods of attacks have grown exponentially, NIDS have struggled to keep pace. A paradigm shift occurred when NIDS began using Machine Learning (ML) to differentiate between anomalous and normal traffic, alleviating the challenge of tracking and defending against new attacks. However, the adoption of ML-based anomaly detection in NIDS has unraveled a new avenue of exploitation due to the inherent inadequacy of machine learning models - their susceptibility to adversarial attacks.</p><p dir="ltr">In this work, we explore the application of adversarial attacks from the image domain to bypass Network Intrusion Detection Systems (NIDS). We evaluate both white-box and black-box adversarial attacks against nine popular ML-based NIDS models. Specifically, we investigate Projected Gradient Descent (PGD) attacks on two ML models, transfer attacks using adversarial examples generated by the PGD attack, the score-based Zeroth Order Optimization attack, and two boundary-based attacks, namely the Boundary and HopSkipJump attacks. Through comprehensive experiments using the NSL-KDD dataset, we find that logistic regression and multilayer perceptron models are highly vulnerable to all studied attacks, whereas decision trees, random forests, and XGBoost are moderately vulnerable to transfer attacks or PGD-assisted transfer attacks with approximately 60 to 70% attack success rate (ASR), but highly susceptible to targeted HopSkipJump or Boundary attacks with close to a 100% ASR. Moreover, SVM-linear is highly vulnerable to both transfer attacks and targeted HopSkipJump or Boundary attacks achieving around 100% ASR, whereas SVM-rbf is highly vulnerable to transfer attacks with a 77% ASR but only moderately to targeted HopSkipJump or Boundary attacks with a 52% ASR. Finally, both KNN and Label Spreading models exhibit robustness against transfer-based attacks with less than 30% ASR but are highly vulnerable to targeted HopSkipJump or Boundary attacks with a 100% ASR with a large perturbation. Our findings may provide insights for designing future NIDS that are robust against potential adversarial attacks.</p> Data security and protection System and network security Machine Learning Deep Learning Network Intrusion Detection Systems

Search results