Automatické shlukování regulárních výrazů / Automatic Grouping of Regular Expressions

Stanek, Timotej

January 2011

This project is about security of computer networks using Intrusion Detection Systems. IDS contain rules for detection expressed with regular expressions, which are for detection represented by finite-state automata. The complexity of this detection with non-deterministic and deterministic finite-state automata is explained. This complexity can be reduced with help of regular expressions grouping. Grouping algorithm and approaches for speedup and improvement are introduced. One of the approches is Genetic algorithm, which can work real-time. Finally Random search algorithm for grouping of regular expressions is presented. Experiment results with these approches are shown and compared between each other.

PROGRAM ANOMALY DETECTION FOR INTERNET OF THINGS

Akash Agarwal (13114362)

01 September 2022

<p>Program anomaly detection — modeling normal program executions to detect deviations at runtime as cues for possible exploits — has become a popular approach for software security. To leverage high performance modeling and complete tracing, existing techniques however focus on subsets of applications, e.g., on system calls or calls to predefined libraries. Due to limited scope, it is insufficient to detect subtle control-oriented and data-oriented attacks that introduces new illegal call relationships at the application level. Also such techniques are hard to apply on devices that lack a clear separation between OS and the application layer. This dissertation advances the design and implementation of program anomaly detection techniques by providing application context for library and system calls making it powerful for detecting advanced attacks targeted at manipulating intra- and inter-procedural control-flow and decision variables. </p> <p><br></p> <p>This dissertation has two main parts. The first part describes a statically initialized generic calling context program anomaly detection technique LANCET based on Hidden Markov Modeling to provide security against control-oriented attacks at program runtime. It also establishes an efficient execution tracing mechanism facilitated through source code instrumentation of applications. The second part describes a program anomaly detection framework EDISON to provide security against data-oriented attacks using graph representation learning and language models for intra and inter-procedural behavioral modeling respectively.</p> <p><br> This dissertation makes three high-level contributions. First, the concise descriptions demonstrates the design, implementation and extensive evaluation of an aggregation-based anomaly detection technique using fine-grained generic calling context-sensitive modeling that allows for scaling the detection over entire applications. Second, the precise descriptions show the design, implementation, and extensive evaluation of a detection technique that maps runtime traces to the program’s control-flow graph and leverages graphical feature representation to learn dynamic program behavior. Finally, this dissertation provides details and experience for designing program anomaly detection frameworks from high-level concepts, design, to low-level implementation techniques.</p>

Software and application security

System and network security

Deep learning

Neural networks

Semi- and unsupervised learning

Application Security

Software security

Anomaly detection (Computer security)

Software instrumentation

Cyber-physical systems (CPS)

Deep Learning Applications

IoT Security

data-oriented attacks

control-oriented attacks

Memory Corruption

Hidden Markov model, HMM

An Image-based ML Approach for Wi-Fi Intrusion Detection System and Education Modules for Security and Privacy in ML

Rayed Suhail Ahmad (18476697)

02 May 2024

<p dir="ltr">The research work presented in this thesis focuses on two highly important topics in the modern age. The first topic of research is the development of various image-based Network Intrusion Detection Systems (NIDSs) and performing a comprehensive analysis of their performance. Wi-Fi networks have become ubiquitous in enterprise and home networks which creates opportunities for attackers to target the networks. These attackers exploit various vulnerabilities in Wi-Fi networks to gain unauthorized access to a network or extract data from end users' devices. The deployment of an NIDS helps detect these attacks before they can cause any significant damages to the network's functionalities or security. Within the scope of our research, we provide a comparative analysis of various deep learning (DL)-based NIDSs that utilize various imaging techniques to detect anomalous traffic in a Wi-Fi network. The second topic in this thesis is the development of learning modules for security and privacy in Machine Learning (ML). The increasing integration of ML in various domains raises concerns about its security and privacy. In order to effectively address such concerns, students learning about the basics of ML need to be made aware of the steps that are taken to develop robust and secure ML-based systems. As part of this, we introduce a set of hands-on learning modules designed to educate students on the importance of security and privacy in ML. The modules provide a theoretical learning experience through presentations and practical experience using Python Notebooks. The modules are developed in a manner that allows students to easily absorb the concepts regarding privacy and security of ML models and implement it in real-life scenarios. The efficacy of this process will be obtained from the results of the surveys conducted before and after providing the learning modules. Positive results from the survey will demonstrate the learning modules were effective in imparting knowledge to the students and the need to incorporate security and privacy concepts in introductory ML courses.</p>

Data and information privacy

Data security and protection

System and network security

Adversarial machine learning

Deep learning

adversarial machine learning (AdvML)

Adversarial Machine Learning

Privacy Preserving Machine Learning

PPML

AML

Cyber Security

AWID

AWID3

Cybersecurity Education

Intrusion Detection

Wi-Fi Networks

Deep Learning

Wireless Intrusion Detection

Security and Privacy

The management of an information technology infrastructure in schools in the Western Cape Province / Bestuur van rekenaar tegnologie in skole van die Wes Kaapse Onderwys Departement

Perkins, Catharina Elizabetha

11 1900

This research conceptualises IT infrastructure management at secondary schools in the WCED (Western Cape Education Department). This includes whether or not secondary schools in the WCED make use of a full time, on-site network administrator or whether a teacher acts as on-site network administrator. The literature review studied the effectiveness of IT infrastructure management which includes hardware, software, policies, computer network, security; staff management and BYOD (bring your own device). The management of IT infrastructure at secondary schools within the WCED differs widely from school to school, and its functionality depends on many factors. The quantitative study revealed problem areas within IT infrastructure management at secondary schools in the WCED. Furthermore the quantitative study also revealed that there is a need for best practice guidelines with regards to IT infrastructure management in order to improve service delivery. The literature review provided sources for best practice IT infrastructure management. / Rekenaar infrastruktuur by sekondere skole in die WKOD (Wes Kaapse Onderwys Departement) word in die navorsing beskryf. Die studie ondersoek verskillende strukture naamlike skole wat 'n voltydse netwerk administrateur het en skole waar 'n onderwyser die verantwoordelikheid aanneem van 'n netwerk administrateur. Die effektiewe beheer van rekenaar infrastrukture word bespreek. Dit sluit hardeware, sagteware, beleid formulasie, rekenaar netwerk, sekuriteit, personeel bestuur, en BYOD (bring jou eie toestel). Die bestuur van rekenaar infrastruktuur verskil van skool tot skool en die effektiewe bestuur daarvan word deur baie faktore beinvloed. Die kwantitatiewe studie het probleem areas vir die bestuur van rekenaar infrastruktuur by sekondere skole in die WKOD uitgewys. Die kwantitatiewe studie het verder die behoefte vir beste praktyk riglyne uitgewys om sodoende better dienslewering te verseker. Die literere studie het beste praktyk riglyne vir rekenaar infrastruktuur bestuur genoem. / Educational Leadership and Management

Best Practice

BYOD

Cloud

Computer

Computer lab

Facebook

FITS

Framework

Guidelines

Hardware

Head of department

ICT

Infrastructure

Information communication technology

Information technology

Infrastructure

IT

IT Infrastructure Management

ITIL

Management

Computer network

Network administrator

Online survey

Policies

Principal

Secondary school

Network security

Senior management team

Software

Teacher

WCED

Western Cape Education Department

373.0285

The management of an information technology infrastructure in schools in the Western Cape Province / Bestuur van rekenaar tegnologie in skole van die Wes Kaapse Onderwys Departement

Perkins, Catharina Elizabetha

11 1900

This research conceptualises IT infrastructure management at secondary schools in the WCED (Western Cape Education Department). This includes whether or not secondary schools in the WCED make use of a full time, on-site network administrator or whether a teacher acts as on-site network administrator. The literature review studied the effectiveness of IT infrastructure management which includes hardware, software, policies, computer network, security; staff management and BYOD (bring your own device). The management of IT infrastructure at secondary schools within the WCED differs widely from school to school, and its functionality depends on many factors. The quantitative study revealed problem areas within IT infrastructure management at secondary schools in the WCED. Furthermore the quantitative study also revealed that there is a need for best practice guidelines with regards to IT infrastructure management in order to improve service delivery. The literature review provided sources for best practice IT infrastructure management. / Rekenaar infrastruktuur by sekondere skole in die WKOD (Wes Kaapse Onderwys Departement) word in die navorsing beskryf. Die studie ondersoek verskillende strukture naamlike skole wat 'n voltydse netwerk administrateur het en skole waar 'n onderwyser die verantwoordelikheid aanneem van 'n netwerk administrateur. Die effektiewe beheer van rekenaar infrastrukture word bespreek. Dit sluit hardeware, sagteware, beleid formulasie, rekenaar netwerk, sekuriteit, personeel bestuur, en BYOD (bring jou eie toestel). Die bestuur van rekenaar infrastruktuur verskil van skool tot skool en die effektiewe bestuur daarvan word deur baie faktore beinvloed. Die kwantitatiewe studie het probleem areas vir die bestuur van rekenaar infrastruktuur by sekondere skole in die WKOD uitgewys. Die kwantitatiewe studie het verder die behoefte vir beste praktyk riglyne uitgewys om sodoende better dienslewering te verseker. Die literere studie het beste praktyk riglyne vir rekenaar infrastruktuur bestuur genoem. / Educational Leadership and Management

Best Practice

BYOD

Cloud

Computer

Computer lab

Facebook

FITS

Framework

Guidelines

Hardware

Head of department

ICT

Infrastructure

Information communication technology

Information technology

Infrastructure

IT

IT Infrastructure Management

ITIL

Management

Computer network

Network administrator

Online survey

Policies

Principal

Secondary school

Network security

Senior management team

Software

Teacher

WCED

Western Cape Education Department

373.0285

Distribution multi-contenus sur Internet / Content distribution over Internet

Mnie Filali, Imane

27 September 2016

Dans cette thèse, nous nous sommes intéressés aux protocoles pair-à-pair (P2P), qui représentent une solution prometteuse pour la diffusion et le partage de données à faible coût sur Internet. Nous avons mené, dans un premier temps, une étude comportementale de différents protocoles P2P pour le partage de fichier (distribution de contenus sans contrainte de temps) puis le live. Dans la première étude centréesur le partage de fichier, nous avons montré l’impact d’Hadopi sur le comportement des utilisateurs et discuté l’efficacité des protocoles en fonction du contenu et l’efficacité protocolaire, en se basant sur les choix des utilisateurs. BitTorrent s’est nettement démarqué au cours de cette étude, notamment pour les grands contenus. En ce qui concerne le live, nous nous sommes intéressés à la qualité de servicedu réseau de distribution live Sopcast, car plus de 60% des événements live diffusés en P2P le sont sur ce réseau. Notre analyse approfondie de ces deux modes de distribution nous a fait nous recentrer sur BitTorrent, qui est à la base de tous les protocoles P2P Live, et est efficace en partage de fichier et complètement open source. Dans la seconde partie de la thèse, nous avons proposé et implémenté dansun environnement contrôlé un nouveau protocole sur la base de BitTorrent avec des mécanismes protocolaires impliquant tous les pairs dans la gestion du réseau. Ces nouveaux mécanismes permettent d’augmenter l’efficacité du protocole via une meilleure diffusion, tant pour le live que le partage de fichier, de métadonnées (la pièce la plus rare) et via une méthode dite de push, par laquelle un client va envoyer du contenu aux pairs les plus dans le besoin / In this study, we focused on peer-to-peer protocols (P2P), which represent a promising solution for data dissemination and content delivery at low-cost in the Internet. We performed, initially, a behavioral study of various P2P protocols for file sharing (content distribution without time constraint) and live streaming. Concerning file sharing, we have shown the impact of Hadopi on users’ behavior and discussed the effectiveness of protocols according to content type, based on users’ choice. BitTorrent appeared as the most efficient approach during our study, especially when it comes to large content. As for streaming, we studied the quality of service of Sopcast, a live distribution network that accounts for more than 60% of P2P broadcast live events. Our in-depth analysis of these two distributionmodes led us to focus on the BitTorrent protocol because of its proven efficiency in file sharing and the fact that it is open source. In the second part of the thesis, we proposed and implemented a new protocol based on BitTorrent, in a controlled environment. The modifications that we proposed allow to increase the efficiency of the protocol through improved dissemination of metadata (the rarest piece), both for live and file sharing. An enhanced version is introduced with a push method, where nodes that lag behind receive an extra service so as to improve the overall performance

Réseaux P2P

Protocole P2P

Performance protocole

Loi anti-piraterie

Partage de fichier

Partage de données

Partage de ressources

Qualité des métadonnées

Pair actif

Pair intelligent

Gestion collaborative

Gestion réseau

Sécurité réseau

Vision locale

Vision globale

BitTorrent

Sopcast

EDonkey

Gnutella

Peer-to-peer computing

P2P network approach

P2P Protocols

Protocols performance

Protocol efficiency

Anti-piracy laws

File sharing

Streaming

Live sharing

Data sharing

Ressources sharing

Meta-data quality

Collaborative management

Active peer

Peer intelligent

Network management

Network security

Local vision

Global vision

BitTorrent

EDonkey

Sopcast

Gnutella

Deep Learning Based Models for Cognitive Autonomy and Cybersecurity Intelligence in Autonomous Systems

Ganapathy Mani (8840606)

21 June 2022

Cognitive autonomy of an autonomous system depends on its cyber module's ability to comprehend the actions and intent of the applications and services running on that system. The autonomous system should be able to accomplish this without or with limited human intervention. These mission-critical autonomous systems are often deployed in unpredictable and dynamic environments and are vulnerable to evasive cyberattacks. In particular, some of these cyberattacks are Advanced Persistent Threats where an attacker conducts reconnaissance for a long period time to ascertain system features, learn system defenses, and adapt to successfully execute the attack while evading detection. Thus an autonomous system's cognitive autonomy and cybersecurity intelligence depend on its capability to learn, classify applications (good and bad), predict the attacker's next steps, and remain operational to carryout the mission-critical tasks even under cyberattacks. In this dissertation, we propose novel learning and prediction models for enhancing cognitive autonomy and cybersecurity in autonomous systems. We develop (1) a model using deep learning along with a model selection framework that can classify benign and malicious operating contexts of a system based on performance counters, (2) a deep learning based natural language processing model that uses instruction sequences extracted from the memory to learn and profile the behavior of evasive malware, (3) a scalable deep learning based object detection model with data pre-processing assisted by fuzzy-based clustering, (4) fundamental guiding principles for cognitive autonomy using Artificial Intelligence (AI), (5) a model for privacy-preserving autonomous data analytics, and finally (6) a model for backup and replication based on combinatorial balanced incomplete block design in order to provide continuous availability in mission-critical systems. This research provides effective and computationally efficient deep learning based solutions for detecting evasive cyberattacks and increasing autonomy of a system from application-level to hardware-level. <br>

Private policing and security services

Knowledge representation and reasoning

Pattern recognition

System and network security

Data mining and knowledge discovery

Artificial Intelligence

Cybersecurity

Deep Learning

Machine Learning

Cryptomining

Cryptojacking

Natural Language Processing

Malware

Combinatorics

Autonomous Systems

Cognitive Autonomy

Applied Computer Science

Computer System Security

Private Policing and Security Services

Pattern Recognition and Data Mining