Spelling suggestions: "subject:"networksecurity"" "subject:"keyword:security""
21 |
Privacy Preserving Network Security Data AnalyticsDeYoung, Mark E. 24 April 2018 (has links)
The problem of revealing accurate statistics about a population while maintaining privacy of individuals is extensively studied in several related disciplines. Statisticians, information security experts, and computational theory researchers, to name a few, have produced extensive bodies of work regarding privacy preservation.
Still the need to improve our ability to control the dissemination of potentially private information is driven home by an incessant rhythm of data breaches, data leaks, and privacy exposure. History has shown that both public and private sector organizations are not immune to loss of control over data due to lax handling, incidental leakage, or adversarial breaches. Prudent organizations should consider the sensitive nature of network security data and network operations performance data recorded as logged events. These logged events often contain data elements that are directly correlated with sensitive information about people and their activities -- often at the same level of detail as sensor data.
Privacy preserving data publication has the potential to support reproducibility and exploration of new analytic techniques for network security. Providing sanitized data sets de-couples privacy protection efforts from analytic research. De-coupling privacy protections from analytical capabilities enables specialists to tease out the information and knowledge hidden in high dimensional data, while, at the same time, providing some degree of assurance that people's private information is not exposed unnecessarily.
In this research we propose methods that support a risk based approach to privacy preserving data publication for network security data. Our main research objective is the design and implementation of technical methods to support the appropriate release of network security data so it can be utilized to develop new analytic methods in an ethical manner. Our intent is to produce a database which holds network security data representative of a contextualized network and people's interaction with the network mid-points and end-points without the problems of identifiability. / Ph. D. / Network security data is produced when people interact with devices (e.g., computers, printers, mobile telephones) and networks (e.g., a campus wireless network). The network security data can contain identifiers, like user names, that strongly correlate with real world people. In this work we develop methods to protect network security data from privacy-invasive misuse by the ’honest-but-curious’ authorized data users and unauthorized malicious attackers. Our main research objective is the design and implementation of technical methods to support the appropriate release of network security data so it can be utilized to develop new analytic methods in an ethical manner. Our intent is to produce a data set which holds network security data representative of people’s interaction with a contextualized network without the problems of identifiability.
|
22 |
Security risk prioritization for logical attack graphsAlmohri, Hussain January 1900 (has links)
Master of Science / Department of Computing and Information Sciences / William H. Hsu / Xinming (Simon) Ou / To prevent large networks from potential security threats, network administrators need
to know in advance what components of their networks are under high security risk. One
way to obtain this knowledge is via attack graphs. Various types of attack graphs based on
miscellaneous techniques has been proposed. However, attack graphs can only make
assertion about different paths that an attacker can take to compromise the network. This
information is just half the solution in securing a particular network. Network administrators
need to analyze an attack graph to be able to identify the associated risk. Provided that
attack graphs can get very large in size, it would be very difficult for them to perform the
task. In this thesis, I provide a security risk prioritization algorithm to rank logical attack
graphs produced by MulVAL (A vulnerability analysis system) . My proposed method
(called StepRank) is based on a previously published algorithm called AssetRank that
generalizes over Google's PageRank algorithm. StepRank considers a forward attack
graph that is a reversed version of the original MulVAL attack graph used by AssetRank.
The result of the ranking algorithm is a rank value for each node that is relative to every
other rank value and shows how difficult it is for an attacker to satisfy a node.
|
23 |
A host-based security assessment architecture for effective leveraging of shared knowledgeRakshit, Abhishek January 1900 (has links)
Master of Science / Department of Computing and Information Sciences / Xinming (Simon) Ou / Security scanning performed on computer systems is an important step to identify and
assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate knowledge from multiple security knowledge sources to discover all the security problems present
on a host. Legitimate concerns arise since host-based security scanners typically need to
run at administrative privileges, and takes input from external knowledge sources for the
analysis. Intentionally or otherwise, ill-formed input may compromise the scanner and the
whole system if the scanner is susceptible to, or carries one or more vulnerability itself.
It is not easy to incorporate new security analysis tools and/or various security knowlege-
bases in the conventional approach, since this would entail installing new agents on every
host in the enterprise network. This report presents an architecture where a host-based
security scanner's code base can be minimized to an extent where its correctness can be
verified by adequate vetting. At the same time, the architecture also allows for leveraging
third-party security knowledge more efficiently and makes it easier to incorporate new security tools. In our work, we implemented the scanning architecture in the context of an
enterprise-level security analyzer. The analyzer finds security vulnerabilities present on a
host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). We empirically show that the proposed architecture is potent
in its ability to comprehensively leverage third-party security knowledge, and is
flexible to
support various higher-level security analysis.
|
24 |
Proposed iNET Network Security ArchitectureDukes, Renata 10 1900 (has links)
ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Morgan State University's iNET effort is aimed at improving existing telemetry networks by developing more efficient operation and cost effectiveness. This paper develops an enhanced security architecture for the iNET environment in order to protect the network from both inside and outside adversaries. This proposed architecture addresses the key security components of confidentiality, integrity and authentication. The security design for iNET is complicated by the unique features of the telemetry application. The addition of encryption is complicated by the need for robust synchronization needed for real time operation in a high error environment.
|
25 |
Requirements for a secure and efficientAuthentication System for a large organizationJuan CarlosCrespo, Juan Carlos January 2010 (has links)
<p>In this thesis, a full review on what are the minimum requirements needed to perform an Authentication System is explained. While building the system we have in consideration the users of it, the security needed for each of the resources that must be accessed by the users and what methods can be applied to access to these resources.</p><p>In basics, an Authentication System is built when we need to keep track to who is entering on an organization, the bigger the organization is and the more information must be keep safe the more complex the system will be.</p><p>Although there are other methods, I tried to keep it easy and understandable for all the possible readers. With this, the reader will understand the basics that he need to keep in mind when implementing such a system like this. The organization in mind for the system is a University that consist between twenty two thousand (22.000) and twenty five thousand (25.000) users.</p>
|
26 |
A new approach to dynamic internet risk analysis18 August 2009 (has links)
D.Econ.
|
27 |
Parameter assignment for improved connectivity and security in randomly deployed wireless sensor networks via hybrid omni/uni-directional antennasShankar, Sonu 15 May 2009 (has links)
Conguring a network system to operate at optimal levels of performance re-quires a comprehensive understanding of the eects of a variety of system parameterson crucial metrics like connectivity and resilience to network attacks. Traditionally,omni-directional antennas have been used for communication in wireless sensor net-works. In this thesis, a hybrid communication model is presented where-in, nodes ina network are capable of both omni-directional and uni-directional communication.The eect of such a model on performance in randomly deployed wireless sensor net-works is studied, specically looking at the eect of a variety of network parameterson network performance.The work in this thesis demonstrates that, when the hybrid communication modelis employed, the probability of 100% connectivity improves by almost 90% and thatof k-connectivity improves by almost 80% even at low node densities when comparedto the traditional omni-directional model. In terms of network security, it was foundthat the hybrid approach improves network resilience to the collision attack by almost85% and the cost of launching a successful network partition attack was increased byas high as 600%. The gains in connectivity and resilience were found to improve withincreasing node densities and decreasing antenna beamwidths.
|
28 |
Requirements for a secure and efficientAuthentication System for a large organizationJuan CarlosCrespo, Juan Carlos January 2010 (has links)
In this thesis, a full review on what are the minimum requirements needed to perform an Authentication System is explained. While building the system we have in consideration the users of it, the security needed for each of the resources that must be accessed by the users and what methods can be applied to access to these resources. In basics, an Authentication System is built when we need to keep track to who is entering on an organization, the bigger the organization is and the more information must be keep safe the more complex the system will be. Although there are other methods, I tried to keep it easy and understandable for all the possible readers. With this, the reader will understand the basics that he need to keep in mind when implementing such a system like this. The organization in mind for the system is a University that consist between twenty two thousand (22.000) and twenty five thousand (25.000) users.
|
29 |
Parameter assignment for improved connectivity and security in randomly deployed wireless sensor networks via hybrid omni/uni-directional antennasShankar, Sonu 15 May 2009 (has links)
Conguring a network system to operate at optimal levels of performance re-quires a comprehensive understanding of the eects of a variety of system parameterson crucial metrics like connectivity and resilience to network attacks. Traditionally,omni-directional antennas have been used for communication in wireless sensor net-works. In this thesis, a hybrid communication model is presented where-in, nodes ina network are capable of both omni-directional and uni-directional communication.The eect of such a model on performance in randomly deployed wireless sensor net-works is studied, specically looking at the eect of a variety of network parameterson network performance.The work in this thesis demonstrates that, when the hybrid communication modelis employed, the probability of 100% connectivity improves by almost 90% and thatof k-connectivity improves by almost 80% even at low node densities when comparedto the traditional omni-directional model. In terms of network security, it was foundthat the hybrid approach improves network resilience to the collision attack by almost85% and the cost of launching a successful network partition attack was increased byas high as 600%. The gains in connectivity and resilience were found to improve withincreasing node densities and decreasing antenna beamwidths.
|
30 |
Localization for Vulnerability ScannerLai, Kun-Ye 15 July 2004 (has links)
With the popularization of Internet, and the vulnerabilities found continuously, network hosts meet more and more risks of being attacked. If we don¡¦t secure them well, they will become the targets of the hackers. In addition to the protection of firewalls, vulnerability scanners can also help us to find out the weekness of our network hosts.
Nessus is an open source freeware which has the capability of vulnerability assessment. Nessus has very powerful scanning ability and is very easy to use. Nessus provides detailed result reports from the messages in the plugins. However, like many other freeware and software, Nessus is an English software. For this reason, Nessus provides English result reports. For those who do not use English as their first language, it costs a lot of time to read a lot of English result reports.
In this research, we develop a localizational system of the Nessus scanner and provide the result reports in users¡¦ local language. We develop an automatic mechanism to extract the messages and infomations in the plugins, and put them into the vulnerability databases. We also develop two subsystems, one of them makes translators translates the message in the vulnerability database into their local language, and the other replaces the English result with those translated messages.
This research proposes the design above and actually implements a localizational system of the Nessus scanner. It attempts to reduce the time and labor consumption while translating, automate the update process of vulnerability database, and avoid the modification of source code as possible.
|
Page generated in 0.0572 seconds