Global ETD Search

291	Generátor záznamů o síťových útocích / Generator of Network Attack Traces Daněk, Jakub January 2014 (has links) The thesis describes a design and implementation of Nemea system module purposed on generation of records about simulated network attacks. This thesis also contains brief description of Nemea system and several network attacks. Finally, part of this work is description of simulated attacks and methods of simulations.
292	Analýza síťových útoků pomocí honeypotů / Network Attack Analysis Using Honeypots Galetka, Josef January 2010 (has links) This text deals with computer network security using honeypot technology, as a tool of intentional trap for attackers. It closely describes basic thoughts, together with advantages and disadvantages of this concept. The main aim is a low interaction honeypot Honeyd, its functionality and possible extensional features. As a practical part of the text there is a description of principles of implementation Honeyd service scripts, which are represented as a simulation of behavior of computer worm Conficker. Further it describes creation of automated script used for analysis and processing of gathered data, captured during actual deployment of Honeyd in Internet network.
293	Robust Defense Scheme Against Selective Drop Attack in Wireless Ad Hoc Networks Poongodi, T., Khan, Mohammed S., Patan, Rizwan, Gandomi, Amir H., Balusamy, Balamurugan 01 January 2019 (has links) Performance and security are two critical functions of wireless ad-hoc networks (WANETs). Network security ensures the integrity, availability, and performance of WANETs. It helps to prevent critical service interruptions and increases economic productivity by keeping networks functioning properly. Since there is no centralized network management in WANETs, these networks are susceptible to packet drop attacks. In selective drop attack, the neighboring nodes are not loyal in forwarding the messages to the next node. It is critical to identify the illegitimate node, which overloads the host node and isolating them from the network is also a complicated task. In this paper, we present a resistive to selective drop attack (RSDA) scheme to provide effective security against selective drop attack. A lightweight RSDA protocol is proposed for detecting malicious nodes in the network under a particular drop attack. The RSDA protocol can be integrated with the many existing routing protocols for WANETs such as AODV and DSR. It accomplishes reliability in routing by disabling the link with the highest weight and authenticate the nodes using the elliptic curve digital signature algorithm. In the proposed methodology, the packet drop rate, jitter, and routing overhead at a different pause time are reduced to 9%, 0.11%, and 45%, respectively. The packet drop rate at varying mobility speed in the presence of one gray hole and two gray hole nodes are obtained as 13% and 14% in RSDA scheme. network security resistive to selective drop attack wireless ad-hoc networks Computing
294	An Artificial Neural Network based Security Approach of Signal Verification in Cognitive Radio Network Farhat, Md Tanzin January 2018 (has links) No description available. Computer Science Electrical Engineering Cognitive Radio Network Software Defined Radio Wireless Network Security Artificial Neural Network Machine Learning
295	Honeypot study of threats targeting critical infrastructure / Honeypot studie av cyberhot riktade mot kritisk infrastruktur Alberto Scola, Carlo January 2023 (has links) Honeypots are systems with the intent of gathering information about potential threats and, at the same time, shifting part of the attention away from the real targets. In industrial control system environments, honeypots play a significant role and can lead to further threat study while distracting potential attackers away from critical physical systems. Low-interaction honeypots are emulated systems that try to recreate a real environment by simulating applications and protocols. These types of honeypots still need improvements to be efficient, and during this thesis work the focus has been on the Conpot open-source ICS honeypot. Due to their nature, low-interaction honeypots are less appealing to potential attackers than high-interaction honeypots since they do not provide the same level of realism and can be easier discovered. Earlier works showed ways to increase the ability to attract more visitors and an improved setup of Conpot has been evaluated. Its results have been analyzed and compared with the default installation. Several advancements have been implemented as well as custom features and working functionalities, such as a customized industrial system design, improved logging, and a web API proxy. The goal of this work is to answer the investigated hypothesis which consists in finding out if an improved version of the low-interaction honeypot can yield more significant results. By evaluating the network traffic received, the outcome has been insightful and showcased a distinguished improvement over the original version of the honeypot. The ICS protocols displayed a more considerable number of interactions along with an increased amount of attacks. In conclusion, further development for the Conpot honeypot is desirable which would largely improve its performance and practicality in real-world deployments. / Honeypots är ett system med avsikten att samla information om potentiella hot och samtidigt avleda uppmärksamheten från de verkliga målen. I industriella kontrollsystemsmiljöer spelar honungskrukor en viktig roll och kan leda till ytterligare hotstudier samtidigt som potentiella angripare distraheras från viktiga fysiska system. Honeypots med låg interaktion är emulerade system som försöker återskapa verkliga miljöer genom att simulera applikationer och protokoll. Dessa typer av honeypots behöver fortfarande förbättringar för att vara effektiva, och under detta examensarbete har fokus legat på Conpot open source ICS honeypots. På grund av designbegränsningar är honeypots med låg interaktion mindre tilltalande för potentiella angripare än honeypots med hög interaktion. Tidigare arbeten har visat sätt att öka möjligheten att locka fler besökare och en förbättrad installation av Conpot har utvärderats och dess resultat har analyserats och jämförts med standardinstallationen. Flera framsteg har implementerats samt anpassade funktioner och fungerande funktioner, såsom en anpassad industriell systemdesign, förbättrad loggning och en webb-API-proxy. Målet med detta arbete är att svara på den undersökta hypotesen som går ut på att ta reda på om en förbättrad version av honungskrukan med låg interaktion kan ge mer signifikanta resultat. Genom att utvärdera den mottagna nätverkstrafiken har resultatet varit insiktsfullt och visat upp en stor förbättring jämfört med den ursprungliga versionen av honeypot. ICS-protokollen visade ett större antal interaktioner tillsammans med en ökad mängd attacker. Sammanfattningsvis är det önskvärt med en vidareutveckling av Conpot honeypot som avsevärt skulle förbättra dess prestanda och praktiska användning i den verkliga världen. ICS Honeypots Modbus SCADA Enip Conpot Bacnet FTP IPMI Network security Cyber attacks Computer and Information Sciences Data- och informationsvetenskap
296	The Challenges of Network Security Remediation at a Regional University. Simons, William R 07 May 2005 (has links) (PDF) This thesis describes challenges encountered during a year-long effort to improve the security of the 3,300 node administrative computer network at East Tennessee State University. The key remediation strategies used included employing the vulnerability scanner Nessus to profile the network, analyzing the scan results, and attempting to remove the most critical vulnerabilities found. The project succeeded in decreasing known “high” criticality vulnerabilities on campus by 26.1%, and confirmed four standard observations about the challenges of network administration: Vulnerability scanning is a lengthy task best performed in parallel and supported by automated data analysis.Securing a network is like trying to hit a moving target, due to an ever-increasing proliferation of networked hosts, services enabled by default install and lists of vulnerabilities to address.Failures of common sense are still among the primary threats to network security.Failing to retain management support for the security hardening process can jeopardize the project. Nmap Nessus security hardening security audit network security system security computer vulnerability remediation Computer Sciences Physical Sciences and Mathematics
297	The Role of Firewalls in Network Security : A Prestudy for Firewall Threat Modeling / Brandväggars roll i nätverkssäkerhet : En förstudie för hotmodel- lering av brandväggar Bonnevier, Jani, Heimlén, Sebastian January 2018 (has links) Firewalls help protect computer networks from intrusions and malware by enforcing restrictions on what network traffic is allowed to pass through the firewall into the network. This thesis explores the role of firewalls in network security, with the ultimate goal of advancing attempts to create a threat model for firewalls. Five areas are explored, namely: Definitions of Concepts Firewalls vs. Services as Targets for Direct Attack The Past and Future of Firewalls Approach to Estimating Firewall Security Firewall Configuration and Security Policies These areas are explored using a questionnaire survey. Each question in the questionnaire is either tied to a particular area, or is used to evaluate the respondents’ credibility. The questionnaire has 15 questions, many of which ask for free text answers. The group of potential respondents consists of 209 individuals, of whom about 75 % are authors of scientific articles that discuss firewalls, penetration testing, and other relevant topics. The rest are information security professionals, journalists or bloggers of varying merit that were found online. 20 responses to the questionnaire were received. Responses to qualitative questions were codified to produce some quantitative data. The conclusions drawn based on the results include, among other things: Attackers tend to directly target network services rather than firewalls. Respondents disagreed on whether the role of firewalls is currently changing. A possible approach to estimating firewall security takes into account the network services that the firewall protects. Firewall configurations frequently do not match the security policies of the organizations in which the firewalls are deployed. / Brandväggar hjälper att skydda datornätverk från intrång och skadeprogram genom att begränsa den trafik som tillåts passera genom brandväggen in i nätverket. Denna uppsats utforskar brandväggars roll i nätverkssäkerhet med målet att göra framsteg i försök att skapa en hotmodell för brandväggar. Fem områden utforskas, nämligen: Definitioner av begrepp Brandväggar kontra tjänster som mål för direkta angrepp Brandväggens historia och framtid Tillvägagångssätt för att estimera brandväggssäkerhet Brandväggskonfiguration och säkerhetspolicyer Dessa områden utforskas via en enkätstudie. Varje fråga i enkäten tillhör antingen ett specifikt område, eller används för att evaluera respondenternas trovärdighet. Enkäten har 15 frågor, varav många efterfrågar fritextsvar. Gruppen potentiella respondenter består av 209 individer, varav cirka 75 % är författare av vetenskapliga artiklar som behandlar brandväggar, penetrationstestning och andra relevanta ämnen. Resten är professionella säkerhetskonsulter, journalister eller bloggare med olika meriter inom informationssäkerhet eller nätverk. 20 svar på enkäten togs emot. Svar på kvalitativa frågor klassificerades för att producera kvantitativ data. Slutsatserna som drogs baserat på resultaten inkluderar bl.a.: Angripare tenderar att ha nätverkstjänster som sina direkta mål, snarare än brandväggar. Respondenterna var oense om huruvida brandväggars roll just nu förändras. Ett möjligt tillvägagångssätt för att uppskatta brandväggssäkerhet tar hänsyn till de nätverkstjänster brandväggen skyddar. Brandväggskonfigurationer överrenstämmer ofta inte med säkerhetsriktlinjerna i de organisationer där brandväggarna är i bruk. Computer and Information Sciences Data- och informationsvetenskap
298	Dependable Wearable Systems Edgardo A Barsallo Yi (11656702) 09 December 2021 (has links) <div>As wearable devices, like smartwatches and fitness monitors, gain popularity and are being touted for clinical purposes, evaluating the resilience and security of wearable operating systems (OSes) and their corresponding ecosystems becomes essential. One of the most dominant OSes for wearable devices is Wear OS, created by Google. Wear OS and Android (its counterpart OS for mobile devices) share similar features, but the unique characteristics and uses of wearable devices posses new challenges. For example, wearable applications are generally more dependent on device sensors, have complex communication patterns (both intra-device and inter-device), and are context-aware. Current research efforts on the Wear OS are more focused on the efficiency and performance of the OS itself, overlooking the resilience or security of the OS or its ecosystem.</div><div> </div><div>This dissertation introduces a systematic analysis to evaluate the Wear OS's resilience and security. The work is divided into two main parts. First, we focus our efforts on developing novel tools to evaluate the robustness of the wearable OS and uncover vulnerabilities and failures in the wearable ecosystem. We provide an assessment and propose techniques to improve the system's overall reliability. Second, we turn our attention to the security and privacy of smart devices. We assess the privacy and security of highly interconnected devices. We demonstrate the feasibility of privacy attacks under these scenarios and propose a defense mechanism to mitigate these attacks.</div><div> </div><div>For the resilience part, we evaluate the overall robustness of the Wear OS ecosystem using a fuzz testing-based tool [DSN2018]. We perform an extensive fault injection study by mutating inter-process communication messages and UI events on a set of popular wearable and mobile applications. The results of our study show similarities in the root cause of failures between Wear OS and Android; however, the distribution of exception differ in both OSes. Further, our study evidence that input validation has improved in the Android ecosystem with respect to prior studies. Then, we study the impact of the state of a wearable device on the overall reliability of the applications running in Wear OS [MobiSys2020]. We use distinguishable characteristics of wearable apps, such as sensor activation and mobile-wearable communication patterns, to derive a state model and use this model to target specific fuzz injection campaigns against a set of popular wearable apps. Our experiments revealed an abundance of improper exception handling on wearable applications and error propagation across mobile and wearable devices. Furthermore, our results unveiled a flawed design of the wearable OS, which caused the device to reboot due to excessive sensor use.</div><div><br></div><div>For the security and privacy part, we assess user awareness toward privacy risks under scenarios with multiple interconnected devices. Our results show that a significant majority of the users have no reservation while granting permission to their devices. Furthermore, users tend to be more conservative while granting permission on their wearables. Based on the results of our study, we demonstrate the practicability of leaking sensitive information inferred from the user by orchestrating an attack using multiple devices. Finally, we introduce a tool based on NLP (Natural Language Processing) techniques that can aid the user in detecting this type of attack.</div> System and network security Mobile computing mobile wearable System Security robustness analysis Resiliency Computer System Security Mobile Technologies
299	MACsec in Classic AUTOSAR : MACsec Implementation PoC on Classic AUTOSAR ECUs Zahid, Hamna January 2022 (has links) Classic AUTOSAR provides a standardized architecture and guidelines for automotive development. However, it does not include specifications for securing Ethernet communication. The IEEE 802.1AE standard specifies a security standard called Media Access Control Security (MACsec) to protect Ethernet communication. MACsec protected communication requires key agreement between the network peers. IEEE has also standardized this as MACsec Key Agreement (MKA) protocol specified in the 802.1X-2020 standard. This thesis determines the feasibility of incorporating the MKA protocol and MACsec standard in Classic AUTOSAR. For this purpose, we designed and implemented a proof of concept (PoC), having an evaluation board running Classic AUTOSAR communicating via Ethernet with a virtual machine. Classic AUTOSAR has a layered architecture. The PoC developed in this thesis introduces a services module in its basic software layer, which performs MKA protocol and provides MACsec protection. It interacts with the Ethernet interface in the hardware abstraction layer and with the cryptographic service manager (CSM) in the services layer. Furthermore, this thesis evaluates the results to determine that the PoC meets the security requirements and does not violate the Classic AUTOSAR specifications. Based on the design and implementation of this proof of concept, we conclude that it is feasible to incorporate the MKA protocol and MACsec standard in Classic AUTOSAR. This work also mentions the limitations of the PoC and future work required to achieve the goal of having MKA protocol and MACsec standard as a part of Classic AUTOSAR specification. / Classic AUTOSAR tillhandahåller en standardiserad arkitektur och riktlinjer för fordonsutveckling. Den innehåller dock inga specifikationer för att säkra Ethernet-kommunikation. IEEE 802.1AE-standarden specificerar en säkerhetsstandard som kallas Media Access Control Security (MACsec) för att skydda Ethernet-kommunikation. MACsec-skyddad kommunikation kräver nyckelöverenskommelser mellan nätverkskollegorna. IEEE har också standardiserat detta som MACsec Key Agreement (MKA)-protokoll specificerat i 802.1X-2020-standarden. Denna avhandling bestämmer möjligheten att införliva MKA-protokollet och MACsec-standarden i Classic AUTOSAR. För detta ändamål designade och implementerade vi ett proof of concept (PoC), med ett utvärderingskort som kör Classic AUTOSAR som kommunicerar via Ethernet med en virtuell maskin. Classic AUTOSAR har en skiktad arkitektur. PoC som utvecklats i denna avhandling introducerar en tjänstemodul i sitt grundläggande mjukvarulager, som utför MKA-protokoll och ger MACsec-skydd. Den interagerar med Ethernet-gränssnittet i hårdvaruabstraktionslagret och med den kryptografiska tjänstehanteraren (CSM) i tjänsteskiktet. Dessutom utvärderar denna avhandling resultaten för att fastställa att PoC uppfyller säkerhetskraven och inte bryter mot Classic AUTOSAR-specifikationerna. Baserat på designen och implementeringen av detta proof of concept drar vi slutsatsen att det är möjligt att införliva MKA-protokollet och MACsec-standarden i Classic AUTOSAR. Detta arbete nämner också begränsningarna för PoC och framtida arbete som krävs för att uppnå målet att ha MKA-protokoll och MACsec-standard som en del av Classic AUTOSAR-specifikationen. Automotive Ethernet MKA MACsec Network security Classic AUTOSAR Automotive Ethernet MKA MACsec Nätverkssäkerhet Classic AUTOSAR Computer and Information Sciences Data- och informationsvetenskap
300	A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment. Pagna Disso, Jules F. January 2010 (has links) Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker¿s actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes. Intrusion Detection System (IDS) Visibility of attacks Performance evaluation Snort Computer network security

Search results