Global ETD Search

101	Adaptation in Reputation Management Systems for Ad hoc Networks Refaei, Mohamed Tamer 09 May 2007 (has links) An ad hoc network adopts a decentralized unstructured networking model that depends on node cooperation for key network functionalities such as routing and medium access. The significance of node cooperation in ad hoc networks makes network survival particularly sensitive to insider node behavior. The presence of selfish or malicious nodes in an ad hoc network could greatly degrade the network performance and might even result in a total communication breakdown. Consequently, it is important for both security and performance reasons to discourage, expose, and react to such damaging misbehavior. Reputation management systems have been proposed to mitigate against such misbehavior in ad hoc networks. The functions of a reputation management system are to evaluate nodes' quality of behavior based on their cooperation (evaluation), distinguish between well-behaved and misbehaving nodes (detection), and appropriately react to misbehaving nodes (reaction). A significant number of reputation management systems have been proposed for ad hoc networks to date. However, there has been no attempt to consolidate all current research into a formal framework for reputation management systems. The lack of a formal framework is a potential weakness of the research field. For example, a formal comparison of proposed reputation management systems has remained difficult, mainly due to the lack of a formal framework upon which the comparison could be based. There is also a lack of formal metrics that could be used for quantitative evaluation and comparison of reputation management systems. Another major shortcoming in this research field is the assumption that the functions of reputation management (evaluation, detection, and reaction) are carried out homogeneously across time and space at different nodes. The dynamic nature of ad hoc networks causes node behavior to vary spatially and temporally due to changes in the local and network-wide conditions. Reputation management functions do not adapt to such changes, which may impact the system accuracy and promptness. We herein recognize an adaptive reputation management system as one where nodes carry out the reputation management functions heterogeneously across time and space according to the instantaneous perception of each of its surrounding network conditions. In this work, we address the above concerns. We develop a formal framework for reputation management systems upon which design, evaluation, and comparison of reputation management systems can be based. We define and discuss the different components of the framework and the interactions among them. We also define formal metrics for evaluation of reputation management systems. The metrics assess both, the effectiveness (security issues) of a reputation management system in detecting misbehavior and limiting its negative impact on the network, and its efficiency (performance issues) in terms of false positives and overhead exerted by the reputation management system on the network. We also develop ARMS, an autonomous reputation management system, based on the formal framework. The theoretical foundation of ARMS is based on the theory of Sequential Probability Ratio Test introduced by Wald. In ARMS, nodes independently and without cooperation manage their reputation management system functions. We then use ARMS to investigate adaptation in reputation management systems. We discuss some of the characteristics of an adaptive reputation management system such as sensitivity, adaptability, accuracy, and promptness. We consider how the choice of evaluation metric, typically employed by the evaluation function for assessment of node behavior, may impact the sensitivity and accuracy of node behavior evaluation. We evaluate the sensitivity and accuracy of node behavior evaluation using a number of metrics from the network and medium access layer. We then introduce a time-slotted approach to enhance the sensitivity of the evaluation function and show how the duration of an evaluation slot can adapt according to the network activity to enhance the system accuracy and promptness. We also show how the detection function can adapt to the network conditions by using the node's own behavior as a benchmark to set its detection parameters. To the best of our knowledge, this is the first work to explore the adaptation of the reputation management functions in ad hoc networks. / Ph. D. reputation management ad hoc network security node misbehavior
102	Security Architecture for the TEAMDEC System Wang, Haiyuan 06 August 1999 (has links) The prevalence of the Internet, client/server applications, Java, e-commerce, and electronic communications offers tremendous opportunities for business, education and communication, while simultaneously presenting big challenges to network security. In general, the web was designed with little concern for security. Thus, the issue of security is important in the design of network-based applications. The software architecture proposed in this thesis allows for the secure and efficient running of a team-based decision support system, specifically TEAMDEC. Based on the system's requirements and architecture, three types of possible attacks to the system are identified and a security solution is proposed that allows for user authentication, secure communication, and script access control. The implementation of these features will reduce security risk and allow effective use of the valuable system information data. / Master of Science Network Security Cryptography Authentication Digital Signature Key Agreement Java TEAMDEC
103	Scaling and Visualizing Network Data to Facilitate in Intrusion Detection Tasks Abdullah, Kulsoom B. 07 April 2006 (has links) As the trend of successful network attacks continue to rise, better forms of intrusion, detection and prevention are needed. This thesis addresses network traffic visualization techniques that aid administrators in recognizing attacks. A view of port statistics and Intrusion Detection System (IDS) alerts has been developed. Each help to address issues with analyzing large datasets involving networks. Due to the amount of traffic as well as the range of possible port numbers and IP addresses, scaling techniques are necessary. A port-based overview of network activity produces an improved representation for detecting and responding to malicious activity. We have found that presenting an overview using stacked histograms of aggregate port activity, combined with the ability to drill-down for finer details allows small, yet important details to be noticed and investigated without being obscured by large, usual traffic. Another problem administrators face is the cumbersome amount of alarm data generated from IDS sensors. As a result, important details are often overlooked, and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview from which system administrators can get a general sense of network activity and easily detect anomalies. They additionally have the option of then zooming and drilling down for details. Based on our system administrator requirements study, this graphical layout addresses what system administrators need to see, is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data. With this design, we have built a tool that effectively uses operational alarm log data generated on the Georgia Tech campus network. For both of these systems, we describe the input data, the system design, and examples. Finally, we summarize potential future work. Intrusion detection Alarm visualization Network security visualization Network security Port visualization Network visualization Visualization Computer networks Security measures Computer security
104	<b>SECURE AUTHENTICATION AND PRIVACY-PRESERVING TECHNIQUES IN VEHICULAR AD-HOC NETWORKS</b> Aala Oqab Alsalem (17075812) 28 April 2024 (has links) <p dir="ltr">VANET is formed by vehicles, road units, infrastructure components, and various con- nected objects.It aims mainly to ensure public safety and traffic control. New emerging applications include value-added and user-oriented services. While this technological ad- vancement promises ubiquitous deployment of the VANET, security and privacy challenges must be addressed. Thence, vehicle authentication is a vital process to detect malicious users and prevent them from harming legitimate communications. Hover, the authentication pro- cess uses sensitive information to check the vehicle’s identity. Sharing this information will harm vehicle privacy. In this thesis, we aim to deal with this issues:</p><ul><li>How can we ensure vehicle authentication and avoid sensitive and identity information leaks simultaneously?</li><li>When nodes are asked to provide identity proof, how can we ensure that the shared information is only used by an authorized entity?</li><li>Can we define an effective scheme to distinguish between legitimate and malicious network nodes?This dissertation aims to address the preservation of vehicle private information used within the authentication mechanism in VANET communications.The VANET characteristics are thoroughly presented and analyzed. Security require- ments and challenges are identified. Additionally, we review the proposed authentication techniques and the most well-known security attacks while focusing on the privacy preser- vation need and its challenges.To fulfill, the privacy preservation requirements, we proposed a new solution called Active Bundle AUthentication Solution based on SDN for Vehicular Networks (ABAUS). We intro- duce the Software Defined Networks (SDN) as an authentication infrastructure to guarantee the authenticity of each participant. Furthermore, we enhance the preservation of sensitive data by the use of an active data Bundle (ADB) as a self-protecting security mechanism. It ensures data protection throughout the whole data life cycle. ABAUS defines a dedicated registration protocol to verify and validate the different members of the network.</li></ul><p dir="ltr">first solution focused on legitimate vehicle identification and sensitive data pro- tection. A second scheme is designed to recognize and eliminate malicious users called BEhaviour-based REPutation scheme for privacy preservation in VANET using blockchain technology (BEREP). Dedicated public blockchains are used by a central trust authority to register vehicles and store their behavior evaluation and a trust scoring system allows nodes to evaluate the behavior of their communicators and detect malicious infiltrated users.</p><p dir="ltr">By enhancing sensitive data preservation during the authentication process and detect- ing malicious attempts, our proposed work helps to tackle serious challenges in VANET communications.</p> Data security and protection System and network security Vehicular Ad hoc Networks Software Defined Networks Privacy Preservation Network Security Authentication
105	<strong>Deep Learning-Based Anomaly Detection in TLS Encrypted Traffic</strong> Kehinde Ayano (16650471) 03 August 2023 (has links) <p> The growing trend of encrypted network traffic is changing the cybersecurity threat scene. Most critical infrastructures and organizations enhance service delivery by embracing digital platforms and applications that use encryption to ensure that data and Information are moved across networks in an encrypted form to improve security. While this protects data confidentiality, hackers are also taking advantage of encrypted network traffic to hide malicious software known as malware that will easily bypass the conventional detection mechanisms on the system because the traffic is not transparent for the monitoring mechanism on the system to analyze. Cybercriminals leverage encryption using cryptographic protocols such as SSL/TLS to launch malicious attacks. This hidden threat exists because of the SSL encryption of benign traffic. Hence, there is a need for visibility in encrypted traffic. This research was conducted to detect malware in encrypted network traffic without decryption. The existing solution involves bulk decryption, analysis, and re-encryption. However, this method is prone to privacy issues, is not cost-efficient, and is time-consuming, creating huge overhead on the network. In addition, limited research exists on detecting malware in encrypted traffic without decryption. There is a need to strike a balance between security and privacy by building an intelligent framework that can detect malicious activity in encrypted network traffic without decrypting the traffic prior to inspection. With the payload still encrypted, the study focuses on extracting metadata from flow features to train the machine-learning model. It further deployed this set of features as input to an autoencoder, leveraging the construction error of the autoencoder for anomaly detection. </p> Data and information privacy Data security and protection System and network security Cybersecurity Privacy Encrypted Traffic Network Security Machine Learning Deep Learning
106	Energy-aware encryption mechanism for m-commerce devices Hamad, F. M. January 2010 (has links) With the wide spread of mobile phones, PDAs, and Smartphones, M-Commerce has become a major application domain for mobile devices, unlike conventional wired networks, mobile devices allow the user to conduct online transactions regardless of the time and the place as long as there is mobile network coverage. However, online transactions require adequate level of security to insure the confidentiality, the integrity, and the availability of the user’s information. Security measures consume a considerable amount of energy and require more time in processing. The aim of this thesis is to optimise the energy and the resources consumption of mobile phones when applying variant symmetric and asymmetric schemes. This aim can be achieved through developing A System State Security Management Framework, SSSM, which will implement encryption schemes, symmetric and asymmetric, and will provide different options to enable the user to choose the type of encryption, the key size, and number of rounds of computation to optimise the energy consumption level of the mobile phone. This thesis compares the power and the resources consumed by the most commonly used encryption algorithms such as CAST, IDEA, Triple-DES, RSA, and AlGamal. This comparison helps to draw the advantages and disadvantages of each algorithm scheme used in reference to the security level it provides and the power it consumes. Implementing this mechanism will enhance the performance of mobile phones by increasing the security levelsprovided by the encryption schemes and utilising the limited power and resources efficiency. Therefore, confidentiality will be presented in mobile phones and variant encryption schemes, symmetric and asymmetric, and changeable key sizes and rounds, will ensure the authenticity of both senders and recipients depending on their needs as well as resources available. This research makes contributions in two major areas; the first area consists of the novel Energy Aware Encryption polices generated by this work, the second area of contribution is the energy measurements and experimental results which validate the approach presented in the research. 658.8
107	Understanding and defending against internet infrastructures supporting cybecrime operations Konte, Maria 07 January 2016 (has links) Today's cybercriminals must carefully manage their network resources to evade detection and maintain profitable businesses. For example, a rogue online enterprise has to have multiple technical and business components in place, to provide the necessary infrastructure to keep the business available. Often, cybercriminals in their effort to protect and maintain their valuable network resources (infrastructures), they manipulate two fundamental Internet protocols; the Domain Name System (DNS) and the Border Gateway Protocol (BGP). A popular countermeasure against cybercriminal infrastructures are Autonomous Systems (AS) reputation systems. Past research efforts have developed several AS reputation systems that monitor the traffic for illicit activities. Unfortunately, these systems have severe limitations; (1) they cannot distinguish between malicious and legitimate but abused ASes, and thus it is not clear how to use them in practice, (2) require direct observation of malicious activity, from many different vantage points and for an extended period of time, thus delaying detection. This dissertation presents empirical studies and a system that help to counteract cybecriminal infrastructures. First, we perform empirical studies that help to advance our understanding, about how these infrastructures operate. We study two representative types of infrastructures: (1) fast-flux service networks which are infrastructures based on DNS manipulation, (b) malicious ASes (hubs of cybercriminal activities) which are infrastructures that are primarily based on BGP manipulation. Second, we build on our observations from these studies, and we design and implement, ASwatch; an AS reputation system that, unlike existing approaches, monitors exclusively the routing level behavior of ASes, to expose malicious ASes sooner. We build ASwatch based on the intuition that, in an attempt to evade possible detection and remediation efforts, malicious ASes exhibit agile routing behavior (e.g. short-lived routes, aggressive re-wiring). We evaluate ASwatch on known malicious ASes, and we compare its performance to a state of the art AS reputation system. Network security AS reputation Bulletproof hosting Cybercrime Network operations Cybercrime infrastructures
108	An Anomaly Behavior Analysis Intrusion Detection System for Wireless Networks Satam, Pratik January 2015 (has links) Wireless networks have become ubiquitous, where a wide range of mobile devices are connected to a larger network like the Internet via wireless communications. One widely used wireless communication standard is the IEEE 802.11 protocol, popularly called Wi-Fi. Over the years, the 802.11 has been upgraded to different versions. But most of these upgrades have been focused on the improvement of the throughput of the protocol and not enhancing the security of the protocol, thus leaving the protocol vulnerable to attacks. The goal of this research is to develop and implement an intrusion detection system based on anomaly behavior analysis that can detect accurately attacks on the Wi-Fi networks and track the location of the attacker. As a part of this thesis we present two architectures to develop an anomaly based intrusion detection system for single access point and distributed Wi-Fi networks. These architectures can detect attacks on Wi-Fi networks, classify the attacks and track the location of the attacker once the attack has been detected. The system uses statistical and probability techniques associated with temporal wireless protocol transitions, that we refer to as Wireless Flows (Wflows). The Wflows are modeled and stored as a sequence of n-grams within a given period of analysis. We studied two approaches to track the location of the attacker. In the first approach, we use a clustering approach to generate power maps that can be used to track the location of the user accessing the Wi-Fi network. In the second approach, we use classification algorithms to track the location of the user from a Central Controller Unit. Experimental results show that the attack detection and classification algorithms generate no false positives and no false negatives even when the Wi-Fi network has high frame drop rates. The Clustering approach for location tracking was found to perform highly accurate in static environments (81% accuracy) but the performance rapidly deteriorates with the changes in the environment. While the classification algorithm to track the location of the user at the Central Controller/RADIUS server was seen to perform with lesser accuracy then the clustering approach (76% accuracy) but the system's ability to track the location of the user deteriorated less rapidly with changes in the operating environment. Intrusion Detection Machine Learning Network Security Wi-Fi Electrical & Computer Engineering Anomaly Behavior Analysis
109	Prototyping and evaluation of TCAPsec Chung, Kang January 2007 (has links) <p>Today, the most frequently used signaling system for telecommunication is called Signaling System No. 7 (SS7). The growing usage of mobile telephones and mobile data communica-tion, and the development of new services mean that the risk of intrusion and exploitation of the SS7 signaling networks increases. The increasing problem with unauthorized access to sensitive information and the operators’ growing demand for security is the origin of our work. This thesis presents a prototype design and implementation of a Security Gateway (SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec is a security concept for introducing security mechanisms to the signaling system. The proto-type includes three different protection modes that provide security services, ranging from almost no protection to full protection with the use of encryption algorithms. The thesis also contains an evaluation study of the delay penalties caused by the use of these security services. With regards to the restrictions on the prototype, the conclusion drawn from the evaluation results was that the protection mechanisms in the different protection modes did not inflict any significant time penalties. Instead, the results of the study indicate that the routing process of messages in the network is a more significant delaying part in the communication between different nodes. This result implies that the routing process takes longer time than the security services. The thesis also presents a number of discovered features that will require further investigation and development before the TCAPsec concept can be realized.</p> prototyping evaluation TCAPsec concept telecommunication SS7 network security encryption cryptography Computer science Datavetenskap
110	Detecting known host security flaws over a network connection Andersson, Martin January 2007 (has links) <p>To test if a host contains any known security flaws over a network connection a Vulnerability Assessment (VA) could be made. This thesis describes different techniques used by VA tools over a network connection to detect known security flaws. To decrease the risk of flaws not being detected, several VA tools could be used.</p><p>There is no common way of merging information from different VA tools. Therefore the Vulnerability Assessment Information Handler (VAIH) has been developed. The VAIH system consists of three parts. First, a intermediate language format defined in XML. Second, modules that converts the output of VA tools to the intermediate language format. Third, a program for reading and displaying the intermediate language format.</p><p>The VAIH system makes it possible to merge the results from vulnerability assessment tools into one file that can be displayed and edited through a GUI.</p> Vulnerability assessment computer security host security network security detecting security flaws Computer science Datalogi

Search results