Global ETD Search

301	ARROS: Distributed Adaptive Real-Time Network Intrusion Response Karunanidhi, Karthikeyan 14 April 2006 (has links) No description available. Computer Science NETWORK INTRUSION RESPONSE AUTOMATED, AUTOMATIC RESPONSE COMPUTER SECURITY NETWORK SECURITY ACTIVE INTRUSION RESPONSE ARROS, IRS, IR
302	Web-Based Intrusion Detection System Ademi, Muhamet January 2013 (has links) Web applications are growing rapidly and as the amount of web sites globallyincreases so do security threats. Complex applications often interact with thirdparty services and databases to fetch information and often interactions requireuser input. Intruders are targeting web applications specifically and they are ahuge security threat to organizations and a way to combat this is to haveintrusion detection systems. Most common web attack methods are wellresearched and documented however due to time constraints developers oftenwrite applications fast and may not implement the best security practices. Thisreport describes one way to implement a intrusion detection system thatspecifically detects web based attacks. intrusion detection system ids web application security web application network security web security Engineering and Technology Teknik och teknologier
303	Privacy Ensuring SRTP for Cloud Conferencing Haider, Maria January 2016 (has links) Multimedia conferences held using services provided by clouds owned by third party companies are becoming increasingly popular. While using such services, end users will want to keep their audio/video data private when they pass through the servers situated in the cloud. Application of SRTP (Secure Real-time Transport Protocol) in such use cases fail to provide the desired privacy because it leads to sharing the master keys for encryption and authentication of the media content with the semi trusted media servers of the cloud. As a solution, modifications of SRTP are proposed in this thesis with the result of redesigning the security mechanisms of RTP header extensions and RTCP packets by separating the cryptographic contexts and keying materials for protecting end-to-end sensitive data. A couple of design choices for key management through DTLS-SRTP for Cloud conferencingare also proposed. Moreover, analysis of existing solutions for modifying SRTP packets for cloud conferences have also been carried out in this project. The solutions are found by studying related protocols, understating the problems and analyzing current solutions if there were any. The proposed solutions show different alternatives to solve a specific problem and their tradeoffs in terms of complexity and compatibility with current standards. Network Security Semi trusted cloud conference Server SRTP RTP DTLS-SRTP Communication Systems Kommunikationssystem Engineering and Technology Teknik och teknologier
304	A Visualization Framework for SiLK Data exploration and Scan Detection El-Shehaly, Mai Hassan 21 September 2009 (has links) Network packet traces, despite having a lot of noise, contain priceless information, especially for investigating security incidents or troubleshooting performance problems. However, given the gigabytes of flow crossing a typical medium sized enterprise network every day, spotting malicious activity and analyzing trends in network behavior becomes a tedious task. Further, computational mechanisms for analyzing such data usually take substantial time to reach interesting patterns and often mislead the analyst into reaching false positives, benign traffic being identified as malicious, or false negatives, where malicious activity goes undetected. Therefore, the appropriate representation of network traffic data to the human user has been an issue of concern recently. Much of the focus, however, has been on visualizing TCP traffic alone while adapting visualization techniques for the data fields that are relevant to this protocol's traffic, rather than on the multivariate nature of network security data in general, and the fact that forensic analysis, in order to be fast and effective, has to take into consideration different parameters for each protocol. In this thesis, we bring together two powerful tools from different areas of application: SiLK (System for Internet-Level Knowledge), for command-based network trace analysis; and ComVis, a generic information visualization tool. We integrate the power of both tools by aiding simplified interaction between them, using a simple GUI, for the purpose of visualizing network traces, characterizing interesting patterns, and fingerprinting related activity. To obtain realistic results, we applied the visualizations on anonymized packet traces from Lawrence Berkley National Laboratory, captured on selected hours across three months. We used a sliding window approach in visually examining traces for two transport-layer protocols: ICMP and UDP. The main contribution of this research is a protocol-specific framework of visualization for ICMP and UDP data. We explored relevant header fields and the visualizations that worked best for each of the two protocols separately. The resulting views led us to a number of guidelines that can be vital in the creation of "smart books" describing best practices in using visualization and interaction techniques to maintain network security; while creating visual fingerprints which were found unique for individual types of scanning activity. Our visualizations use a multiple-views approach that incorporates the power of two-dimensional scatter plots, histograms, parallel coordinates, and dynamic queries. / Master of Science Scan Detection Network Security Visualization Network Traffic Visualization Network Traffic Analysis Visualization tools Traffic Analysis Tools Information Visualization
305	HE-MT6D: A Network Security Processor with Hardware Engine for Moving Target IPv6 Defense (MT6D) over 1 Gbps IEEE 802.3 Ethernet Sagisi, Joseph Lozano 28 July 2017 (has links) Traditional static network addressing allows attackers the incredible advantage of taking time to plan and execute attacks against a network. To counter, Moving Target IPv6 Defense (MT6D) provides a network host obfuscation technique that dynamically obscures network and transport layer addresses. Software driven implementations have posed many challenges, namely, constant code maintenance to remain compliant with all library and kernel dependencies, less than optimal throughput, and the requirement for a dedicated general purpose hardware. The work of this thesis presents Network Security Processor and Hardware Engine for MT6D (HE-MT6D) to overcome these challenges. HE-MT6D is a soft core Intellectual Property (IP) block developed in full Register Transfer Level (RTL) and is the first hardware-oriented design of MT6D. Major contributions of HE-MT6D include the complete separation of the data and control planes, development of a nonlinear Complex Instruction Set Computer (CISC) Network Security Processor for in-flight packet modification, a specialized Packet Assembly language, a configurable and a parallelized memory search through tag-based Hybrid Content Addressable Memory (HCAM) L1 write-through cache, full RTL Network Time Protocol version 4 hardware module, and a modular crypto engine. HE-MT6D supports multiple nodes and provides 1,025% throughput performance increase over earlier C-based MT6D at 863 Mbps with full encapsulation and decapsulation, and it matches bare wire throughput performance for all other traffic. The HE-MT6D IP block can be configured as an independent physical gateway device, built as embedded Application Specific Integrated Circuit (ASIC), or serve as a System on Chip (SoC) integrated submodule. / Master of Science IPv6 Security Moving Target Defense Network Security Processor Field programmable gate arrays Moving Target IPv6 Defense System on Chip Packet Processor
306	Telemetry Post-Processing in the Clouds: A Data Security Challenge Kalibjian, J. R. 10 1900 (has links) ITC/USA 2011 Conference Proceedings / The Forty-Seventh Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2011 / Bally's Las Vegas, Las Vegas, Nevada / As organizations move toward cloud [1] computing environments, data security challenges will begin to take precedence over network security issues. This will potentially impact telemetry post processing in a myriad of ways. After reviewing how data security tools like Enterprise Rights Management (ERM), Enterprise Key Management (EKM), Data Loss Prevention (DLP), Database Activity Monitoring (DAM), and tokenization are impacting cloud security, their effect on telemetry post-processing will also be examined. An architecture will be described detailing how these data security tools can be utilized to make telemetry post-processing environments in the cloud more robust. Data security network security cloud computing Enterprise Rights Management (ERM) Enterprise Key Management (EKM) Data Loss Prevention (DLP) Database Activity Monitoring (DAM) tokenization
307	Visualising network security attacks with multiple 3D visualisation and false alert classification Musa, Shahrulniza January 2008 (has links) Increasing numbers of alerts produced by network intrusion detection systems (NIDS) have burdened the job of security analysts especially in identifying and responding to them. The tasks of exploring and analysing large quantities of communication network security data are also difficult. This thesis studied the application of visualisation in combination with alerts classifier to make the exploring and understanding of network security alerts data faster and easier. The prototype software, NSAViz, has been developed to visualise and to provide an intuitive presentation of the network security alerts data using interactive 3D visuals with an integration of a false alert classifier. The needs analysis of this prototype was based on the suggested needs of network security analyst's tasks as seen in the literatures. The prototype software incorporates various projections of the alert data in 3D displays. The overview was plotted in a 3D plot named as "time series 3D AlertGraph" which was an extension of the 2D histographs into 3D. The 3D AlertGraph was effectively summarised the alerts data and gave the overview of the network security status. Filtering, drill-down and playback of the alerts at variable speed were incorporated to strengthen the analysis. Real-time visual observation was also included. To identify true alerts from all alerts represents the main task of the network security analyst. This prototype software was integrated with a false alert classifier using a classification tree based on C4.5 classification algorithm to classify the alerts into true and false. Users can add new samples and edit the existing classifier training sample. The classifier performance was measured using k-fold cross-validation technique. The results showed the classifier was able to remove noise in the visualisation, thus making the pattern of the true alerts to emerge. It also highlighted the true alerts in the visualisation. Finally, a user evaluation was conducted to find the usability problems in the tool and to measure its effectiveness. The feed backs showed the tools had successfully helped the task of the security analyst and increased the security awareness in their supervised network. From this research, the task of exploring and analysing a large amount of network security data becomes easier and the true attacks can be identified using the prototype visualisation tools. Visualisation techniques and false alert classification are helpful in exploring and analysing network security data. 005.8
308	An investigation into financial fraud in online banking and card payment systems in the UK and China Sun, Yan January 2011 (has links) This doctoral thesis represents an investigation into financial fraud in online banking and card payment systems in the UK and China, involving network security, online financial transactions, internet fraud, card payment systems and individuals' perception of and behaviours towards electronic environments. In contrast to previous studies, the research questions were tackled by survey questionnaires both in the UK and China, with a particular interest in fraud and attempted fraud. The main findings from the UK respondents were that those with higher IT skill and younger respondents are more likely to be defrauded on the internet. Certain types of online activities are associated with higher risks of fraud, these being internet banking; online shopping and media downloading. Furthermore, four predictors (internet banking, online education services, downloading media and length of debit card usage) provided significant effects in the logistic regression model to explain fraud occurrence in the UK. Based on the data collected in China, younger respondents were more likely to have higher general IT skill and higher educational qualifications. However, online shopping was the only online activity which was significantly correlated to fraud occurrence. Finally, two predictors (frequency of usage of online shopping and number of debit cards) were selected in the logistic regression model to explain fraud occurrence in China. 364.163
309	A CyberCIEGE scenario illustrating multilevel secrecy issues in an air operations center environment Meyer, Marc K. 06 1900 (has links) Approved for public release; distribution is unlimited / CyberCIEGE provides an addition to traditional Information Assurance (IA) education in the form of an interactive, entertaining, commercial-grade PC-based computer game. Educational objectives are contained in scenarios that serve to teach particular IA concepts. The details of a scenario are contained in a Scenario Definition File (SDF), which is written in the CyberCIEGE Scenario Definition Language. This language is rich enough to express a range of information security policies and operational data access requirements, resulting in a nearly limitless pool of possible scenarios. This thesis developed a playable scenario illustrating confidentiality protection concepts in an open storage environment modeled after an Air Operations Center. Educational goals include physical protection of high value assets and use of strong authentication policies to protect moderate value assets. The major work of this thesis was designing an SDF to reflect a military information security policy and work flow environment contained in the educational goals. The confirmation of the proper operation of selected aspects of the CyberCIEGE game engine, and the assurance that the SDF confronts the player with the security trade-offs occurred through the application of a testing methodology. The creation of detailed solutions and incorrect gameplay examples constitute this testing process. / Captain, United States Air Force Computer games Programming Computer users United States Computer networks Security measures Computer security CyberCIEGE Information assurance IA Scenario definition file SDF Network security training
310	CyberCIEGE scenario illustrating secrecy issues through mandatory and discretionary access control policies in a multi-level security network LaMore, Robert L. 06 1900 (has links) Approved for public release, distribution is unlimited / User training in computer and network security is crucial to the survival of modern networks, yet the methods employed to train users often seem ineffective. One possible reason is that users are not fully engaged during these training sessions and thus they tend to forget the lessons being taught. The CyberCIEGE game introduces a new method of training in computer and network security. The player engages in a simulation-based network security game, that reflects real-world security principles. Each time the CyberCIEGE game runs, it loads a Scenario Definition File (SDF) written to teach specific security concepts. This thesis developed such a scenario definition file for the CyberCIEGE game. The educational purpose of the scenario is to illustrate secrecy issues in the context of mandatory and discretionary access control in a multilevel networked environment. The primary work of this thesis was to construct the scenario definition file such that playing the resulting game would achieve this educational purpose. This thesis also resulted in the construction of scenario definition files to test the CyberCIEGE game engine for expected results. These tests resulted in several recommendations for improvement in the game engine. / First Lieutenant, United States Air Force Computer networks Security measures Computer security Computer users United States Computer games Programming Information assurance CyberCIEGE Scenario definition file Network security training

Search results