Spelling suggestions: "subject:"networksecurity"" "subject:"keyword:security""
101 |
Security Architecture for the TEAMDEC SystemWang, Haiyuan 06 August 1999 (has links)
The prevalence of the Internet, client/server applications, Java, e-commerce, and electronic communications offers tremendous opportunities for business, education and communication, while simultaneously presenting big challenges to network security. In general, the web was designed with little concern for security. Thus, the issue of security is important in the design of network-based applications. The software architecture proposed in this thesis allows for the secure and efficient running of a team-based decision support system, specifically TEAMDEC. Based on the system's requirements and architecture, three types of possible attacks to the system are identified and a security solution is proposed that allows for user authentication, secure communication, and script access control. The implementation of these features will reduce security risk and allow effective use of the valuable system information data. / Master of Science
|
102 |
Machine Learning for Botnet Detection: An Optimized Feature Selection ApproachLefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U. 05 April 2022 (has links)
Yes / Technological advancements have been evolving for so long, particularly
Internet of Things (IoT) technology that has seen an increase
in the number of connected devices surpass non IoT connections.
It has unlocked a lot of potential across different organisational
settings from healthcare, transportation, smart cities etc. Unfortunately,
these advancements also mean that cybercriminals are
constantly seeking new ways of exploiting vulnerabilities for malicious
and illegal activities. IoT is a technology that presents a
golden opportunity for botnet attacks that take advantage of a
large number of IoT devices and use them to launch more powerful
and sophisticated attacks such as Distributed Denial of Service
(DDoS) attacks. This calls for more research geared towards the detection
and mitigation of botnet attacks in IoT systems. This paper
proposes a feature selection approach that identifies and removes
less influential features as part of botnet attack detection method.
The feature selection is based on the frequency of occurrence of the
value counts in each of the features with respect to total instances.
The effectiveness of the proposed approach is tested and evaluated
on a standard IoT dataset. The results reveal that the proposed
feature selection approach has improved the performance of the
botnet attack detection method, in terms of True Positive Rate (TPR)
and False Positive Rate (FPR). The proposed methodology provides
100% TPR, 0% FPR and 99.9976% F-score.
|
103 |
Scaling and Visualizing Network Data to Facilitate in Intrusion Detection TasksAbdullah, Kulsoom B. 07 April 2006 (has links)
As the trend of successful network attacks continue to rise, better forms of intrusion, detection and prevention are needed. This thesis addresses network traffic visualization techniques that aid administrators in recognizing attacks. A view of port statistics and Intrusion Detection System (IDS) alerts has been developed. Each help to address issues with analyzing large datasets involving networks. Due to the amount of traffic as well as the range of possible port numbers and IP addresses, scaling techniques are necessary.
A port-based overview of network activity produces an improved representation for detecting and responding to malicious activity. We have found that presenting an overview using stacked histograms of aggregate port activity, combined with the ability to drill-down for finer details allows small, yet important details to be noticed and investigated without being obscured by large, usual traffic.
Another problem administrators face is the cumbersome amount of alarm data generated from IDS sensors. As a result, important details are often overlooked, and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview from which system administrators can get a general sense of network activity and easily detect anomalies. They additionally have the option of then zooming and drilling down for details. Based on our system administrator requirements study, this graphical layout addresses what system administrators need to see, is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data. With this design, we have built a tool that effectively uses operational alarm log data generated on the Georgia Tech campus network.
For both of these systems, we describe the input data, the system design, and examples. Finally, we summarize potential future work.
|
104 |
<b>SECURE AUTHENTICATION AND PRIVACY-PRESERVING TECHNIQUES IN VEHICULAR AD-HOC NETWORKS</b>Aala Oqab Alsalem (17075812) 28 April 2024 (has links)
<p dir="ltr">VANET is formed by vehicles, road units, infrastructure components, and various con- nected objects.It aims mainly to ensure public safety and traffic control. New emerging applications include value-added and user-oriented services. While this technological ad- vancement promises ubiquitous deployment of the VANET, security and privacy challenges must be addressed. Thence, vehicle authentication is a vital process to detect malicious users and prevent them from harming legitimate communications. Hover, the authentication pro- cess uses sensitive information to check the vehicle’s identity. Sharing this information will harm vehicle privacy. In this thesis, we aim to deal with this issues:</p><ul><li>How can we ensure vehicle authentication and avoid sensitive and identity information leaks simultaneously?</li><li>When nodes are asked to provide identity proof, how can we ensure that the shared information is only used by an authorized entity?</li><li>Can we define an effective scheme to distinguish between legitimate and malicious network nodes?This dissertation aims to address the preservation of vehicle private information used within the authentication mechanism in VANET communications.The VANET characteristics are thoroughly presented and analyzed. Security require- ments and challenges are identified. Additionally, we review the proposed authentication techniques and the most well-known security attacks while focusing on the privacy preser- vation need and its challenges.To fulfill, the privacy preservation requirements, we proposed a new solution called Active Bundle AUthentication Solution based on SDN for Vehicular Networks (ABAUS). We intro- duce the Software Defined Networks (SDN) as an authentication infrastructure to guarantee the authenticity of each participant. Furthermore, we enhance the preservation of sensitive data by the use of an active data Bundle (ADB) as a self-protecting security mechanism. It ensures data protection throughout the whole data life cycle. ABAUS defines a dedicated registration protocol to verify and validate the different members of the network.</li></ul><p dir="ltr">first solution focused on legitimate vehicle identification and sensitive data pro- tection. A second scheme is designed to recognize and eliminate malicious users called BEhaviour-based REPutation scheme for privacy preservation in VANET using blockchain technology (BEREP). Dedicated public blockchains are used by a central trust authority to register vehicles and store their behavior evaluation and a trust scoring system allows nodes to evaluate the behavior of their communicators and detect malicious infiltrated users.</p><p dir="ltr">By enhancing sensitive data preservation during the authentication process and detect- ing malicious attempts, our proposed work helps to tackle serious challenges in VANET communications.</p>
|
105 |
<strong>Deep Learning-Based Anomaly Detection in TLS Encrypted Traffic</strong>Kehinde Ayano (16650471) 03 August 2023 (has links)
<p> The growing trend of encrypted network traffic is changing the cybersecurity threat scene. Most critical infrastructures and organizations enhance service delivery by embracing digital platforms and applications that use encryption to ensure that data and Information are moved across networks in an encrypted form to improve security. While this protects data confidentiality, hackers are also taking advantage of encrypted network traffic to hide malicious software known as malware that will easily bypass the conventional detection mechanisms on the system because the traffic is not transparent for the monitoring mechanism on the system to analyze. Cybercriminals leverage encryption using cryptographic protocols such as SSL/TLS to launch malicious attacks. This hidden threat exists because of the SSL encryption of benign traffic. Hence, there is a need for visibility in encrypted traffic. This research was conducted to detect malware in encrypted network traffic without decryption. The existing solution involves bulk decryption, analysis, and re-encryption. However, this method is prone to privacy issues, is not cost-efficient, and is time-consuming, creating huge overhead on the network. In addition, limited research exists on detecting malware in encrypted traffic without decryption. There is a need to strike a balance between security and privacy by building an intelligent framework that can detect malicious activity in encrypted network traffic without decrypting the traffic prior to inspection. With the payload still encrypted, the study focuses on extracting metadata from flow features to train the machine-learning model. It further deployed this set of features as input to an autoencoder, leveraging the construction error of the autoencoder for anomaly detection. </p>
|
106 |
Energy-aware encryption mechanism for m-commerce devicesHamad, F. M. January 2010 (has links)
With the wide spread of mobile phones, PDAs, and Smartphones, M-Commerce has become a major application domain for mobile devices, unlike conventional wired networks, mobile devices allow the user to conduct online transactions regardless of the time and the place as long as there is mobile network coverage. However, online transactions require adequate level of security to insure the confidentiality, the integrity, and the availability of the user’s information. Security measures consume a considerable amount of energy and require more time in processing. The aim of this thesis is to optimise the energy and the resources consumption of mobile phones when applying variant symmetric and asymmetric schemes. This aim can be achieved through developing A System State Security Management Framework, SSSM, which will implement encryption schemes, symmetric and asymmetric, and will provide different options to enable the user to choose the type of encryption, the key size, and number of rounds of computation to optimise the energy consumption level of the mobile phone. This thesis compares the power and the resources consumed by the most commonly used encryption algorithms such as CAST, IDEA, Triple-DES, RSA, and AlGamal. This comparison helps to draw the advantages and disadvantages of each algorithm scheme used in reference to the security level it provides and the power it consumes. Implementing this mechanism will enhance the performance of mobile phones by increasing the security levelsprovided by the encryption schemes and utilising the limited power and resources efficiency. Therefore, confidentiality will be presented in mobile phones and variant encryption schemes, symmetric and asymmetric, and changeable key sizes and rounds, will ensure the authenticity of both senders and recipients depending on their needs as well as resources available. This research makes contributions in two major areas; the first area consists of the novel Energy Aware Encryption polices generated by this work, the second area of contribution is the energy measurements and experimental results which validate the approach presented in the research.
|
107 |
Understanding and defending against internet infrastructures supporting cybecrime operationsKonte, Maria 07 January 2016 (has links)
Today's cybercriminals must carefully manage their network resources to evade detection and
maintain profitable businesses. For example, a rogue online enterprise has to have multiple
technical and business components in place, to provide the necessary infrastructure to keep the business available. Often, cybercriminals in their effort to protect and maintain their valuable network resources (infrastructures), they manipulate two fundamental Internet protocols; the Domain Name System (DNS) and the Border Gateway Protocol (BGP).
A popular countermeasure against cybercriminal infrastructures are Autonomous Systems (AS) reputation systems. Past research efforts have developed several AS reputation systems that monitor the traffic for illicit activities. Unfortunately, these systems have severe limitations; (1) they cannot distinguish between malicious and legitimate but abused ASes, and thus it is not clear how to use them in practice, (2) require direct observation of malicious activity, from many different vantage points and for an extended period of time, thus delaying detection.
This dissertation presents empirical studies and a system that help to counteract cybecriminal
infrastructures. First, we perform empirical studies that help to advance our understanding, about how these infrastructures operate. We study two representative types of infrastructures: (1) fast-flux service networks which are infrastructures based on DNS manipulation, (b) malicious ASes (hubs of cybercriminal activities) which are infrastructures that are primarily based on BGP manipulation. Second, we build on our observations from these studies, and we design and implement, ASwatch; an AS reputation system that, unlike existing approaches, monitors exclusively the routing level behavior of ASes, to expose malicious ASes sooner. We build ASwatch based on the intuition that, in an attempt to evade possible detection and remediation efforts, malicious ASes exhibit agile routing behavior (e.g. short-lived routes, aggressive re-wiring). We evaluate ASwatch on known malicious ASes, and we compare its performance to a state of the art AS reputation system.
|
108 |
An Anomaly Behavior Analysis Intrusion Detection System for Wireless NetworksSatam, Pratik January 2015 (has links)
Wireless networks have become ubiquitous, where a wide range of mobile devices are connected to a larger network like the Internet via wireless communications. One widely used wireless communication standard is the IEEE 802.11 protocol, popularly called Wi-Fi. Over the years, the 802.11 has been upgraded to different versions. But most of these upgrades have been focused on the improvement of the throughput of the protocol and not enhancing the security of the protocol, thus leaving the protocol vulnerable to attacks. The goal of this research is to develop and implement an intrusion detection system based on anomaly behavior analysis that can detect accurately attacks on the Wi-Fi networks and track the location of the attacker. As a part of this thesis we present two architectures to develop an anomaly based intrusion detection system for single access point and distributed Wi-Fi networks. These architectures can detect attacks on Wi-Fi networks, classify the attacks and track the location of the attacker once the attack has been detected. The system uses statistical and probability techniques associated with temporal wireless protocol transitions, that we refer to as Wireless Flows (Wflows). The Wflows are modeled and stored as a sequence of n-grams within a given period of analysis. We studied two approaches to track the location of the attacker. In the first approach, we use a clustering approach to generate power maps that can be used to track the location of the user accessing the Wi-Fi network. In the second approach, we use classification algorithms to track the location of the user from a Central Controller Unit. Experimental results show that the attack detection and classification algorithms generate no false positives and no false negatives even when the Wi-Fi network has high frame drop rates. The Clustering approach for location tracking was found to perform highly accurate in static environments (81% accuracy) but the performance rapidly deteriorates with the changes in the environment. While the classification algorithm to track the location of the user at the Central Controller/RADIUS server was seen to perform with lesser accuracy then the clustering approach (76% accuracy) but the system's ability to track the location of the user deteriorated less rapidly with changes in the operating environment.
|
109 |
Prototyping and evaluation of TCAPsecChung, Kang January 2007 (has links)
<p>Today, the most frequently used signaling system for telecommunication is called Signaling System No. 7 (SS7). The growing usage of mobile telephones and mobile data communica-tion, and the development of new services mean that the risk of intrusion and exploitation of the SS7 signaling networks increases. The increasing problem with unauthorized access to sensitive information and the operators’ growing demand for security is the origin of our work. This thesis presents a prototype design and implementation of a Security Gateway (SEG), which is a fundamental part of the TCAP user security (TCAPsec) concept. TCAPsec is a security concept for introducing security mechanisms to the signaling system. The proto-type includes three different protection modes that provide security services, ranging from almost no protection to full protection with the use of encryption algorithms. The thesis also contains an evaluation study of the delay penalties caused by the use of these security services. With regards to the restrictions on the prototype, the conclusion drawn from the evaluation results was that the protection mechanisms in the different protection modes did not inflict any significant time penalties. Instead, the results of the study indicate that the routing process of messages in the network is a more significant delaying part in the communication between different nodes. This result implies that the routing process takes longer time than the security services. The thesis also presents a number of discovered features that will require further investigation and development before the TCAPsec concept can be realized.</p>
|
110 |
Detecting known host security flaws over a network connectionAndersson, Martin January 2007 (has links)
<p>To test if a host contains any known security flaws over a network connection a Vulnerability Assessment (VA) could be made. This thesis describes different techniques used by VA tools over a network connection to detect known security flaws. To decrease the risk of flaws not being detected, several VA tools could be used.</p><p>There is no common way of merging information from different VA tools. Therefore the Vulnerability Assessment Information Handler (VAIH) has been developed. The VAIH system consists of three parts. First, a intermediate language format defined in XML. Second, modules that converts the output of VA tools to the intermediate language format. Third, a program for reading and displaying the intermediate language format.</p><p>The VAIH system makes it possible to merge the results from vulnerability assessment tools into one file that can be displayed and edited through a GUI.</p>
|
Page generated in 0.0532 seconds