Global ETD Search

61	Detecting Unauthorized Activity in Lightweight IoT Devices January 2020 (has links) abstract: The manufacturing process for electronic systems involves many players, from chip/board design and fabrication to firmware design and installation. In today's global supply chain, any of these steps are prone to interference from rogue players, creating a security risk. Manufactured devices need to be verified to perform only their intended operations since it is not economically feasible to control the supply chain and use only trusted facilities. It is becoming increasingly necessary to trust but verify the received devices both at production and in the field. Unauthorized hardware or firmware modifications, known as Trojans, can steal information, drain the battery, or damage battery-driven embedded systems and lightweight Internet of Things (IoT) devices. Since Trojans may be triggered in the field at an unknown instance, it is essential to detect their presence at run-time. However, it isn't easy to run sophisticated detection algorithms on these devices due to limited computational power and energy, and in some cases, lack of accessibility. Since finding a trusted sample is infeasible in general, the proposed technique is based on self-referencing to remove any effect of environmental or device-to-device variations in the frequency domain. In particular, the self-referencing is achieved by exploiting the band-limited nature of Trojan activity using signal detection theory. When the device enters the test mode, a predefined test application is run on the device repetitively for a known period. The periodicity ensures that the spectral electromagnetic power of the test application concentrates at known frequencies, leaving the remaining frequencies within the operating bandwidth at the noise level. Any deviations from the noise level for these unoccupied frequency locations indicate the presence of unknown (unauthorized) activity. Hence, the malicious activity can differentiate without using a golden reference or any knowledge of the Trojan activity attributes. The proposed technique's effectiveness is demonstrated through experiments with collecting and processing side-channel signals, such as involuntarily electromagnetic emissions and power consumption, of a wearable electronics prototype and commercial system-on-chip under a variety of practical scenarios. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2020 Electrical engineering Computer engineering Engineering Flexible Electronic Security Hardware/Firmware Trojan Detection IoT Security Malicious Activity Detection Side-Channel Analysis Wearable Electronic Device Security
62	Plusieurs axes d'analyse de sites web compromis et malicieux / A multidimensional analysis of malicious and compromised websites Canali, Davide 12 February 2014 (has links) L'incroyable développement du World Wide Web a permis la création de nouveaux métiers, services, ainsi que de nouveaux moyens de partage de connaissance. Le web attire aussi des malfaiteurs, qui le considèrent comme un moyen pour gagner de l'argent en exploitant les services et la propriété d'autrui. Cette thèse propose une étude des sites web compromis et malicieux sous plusieurs axes d'analyse. Même si les attaques web peuvent être de nature très compliquées, on peut quasiment toujours identifier quatre acteurs principaux dans chaque cas. Ceux sont les attaquants, les sites vulnérables hébergés par des fournisseurs d'hébergement, les utilisateurs (souvent victimes des attaques), et les sociétés de sécurité qui parcourent Internet à la recherche de sites web compromis à être bloqués. Dans cette thèse, nous analysons premièrement les attaques web du point de vue des hébergeurs, en montrant que, même si des outils gratuits permettent de détecter des signes simples de compromission, la majorité des hébergeurs échouent dans cette épreuve. Nous passons en suite à l'analyse des attaquants et des leurs motivations, en étudiant les attaques web collectés par des centaines de sites web vulnérables. Ensuite, nous étudions le comportement de milliers de victimes d'attaques web, en analysant leurs habitudes pendant la navigation, pour estimer s'il est possible de créer des "profils de risque", de façon similaire à ce que les compagnies d'assurance font aujourd'hui. Enfin, nous adoptons le point de vue des sociétés de sécurité, en proposant une solution efficace pour la détection d'attaques web convoyées par sites web compromis / The incredible growth of the World Wide Web has allowed society to create new jobs, marketplaces, as well as new ways of sharing information and money. Unfortunately, however, the web also attracts miscreants who see it as a means of making money by abusing services and other people's property. In this dissertation, we perform a multidimensional analysis of attacks involving malicious or compromised websites, by observing that, while web attacks can be very complex in nature, they generally involve four main actors. These are the attackers, the vulnerable websites hosted on the premises of hosting providers, the web users who end up being victims of attacks, and the security companies who scan the Internet trying to block malicious or compromised websites. In particular, we first analyze web attacks from a hosting provider's point of view, showing that, while simple and free security measures should allow to detect simple signs of compromise on customers' websites, most hosting providers fail to do so. Second, we switch our point of view on the attackers, by studying their modus operandi and their goals in a distributed experiment involving the collection of attacks performed against hundreds of vulnerable web sites. Third, we observe the behavior of victims of web attacks, based on the analysis of their browsing habits. This allows us to understand if it would be feasible to build risk profiles for web users, similarly to what insurance companies do. Finally, we adopt the point of view of security companies and focus on finding an efficient solution to detecting web attacks that spread on compromised websites, and infect thousands of web users every day Sécurité Analyse de données Attaques web Drive-by download Profil utilisateur Site web malveillant Sécurity Data analysis Web attacks Drive-by download User profiling Malicious website
63	Increased evasion resilience in modern PDF malware detectors : Using a more evasive training dataset / När surnar filen? : Obfuskeringsresistens vid detektion av skadliga PDF-filer Ekholm, Oscar January 2022 (has links) The large scale usage of the PDF coupled with its versatility has made the format an attractive target for carrying and deploying malware. Traditional antivirus software struggles against new malware and PDF's vast obfuscation options. In the search of better detection systems, machine learning based detectors have been developed. Although their approaches vary, some strictly examine structural features of the document whereas other examine the behavior of embedded code, they generally share high accuracy against the evaluation data they have been tested against. However, structural machine learning based PDF malware detectors have been found to be weak against targeted evasion attempts that may be found in more sophisticated malware. Such evasion attempts typically exploit knowledge of what the detection system associates with 'benign' and 'malicious' to emulate benign features or exploit a bug in the implementation, with the purpose of evading the detector. Since the introduction of such evasion attacks more structural detectors have been developed, without introducing mitigations against such evasion attacks. This thesis aggregates the existing knowledge of evasion strategies and applies them against a reproduction of a recent, not previously evasion tested, detection system and finds that it is susceptible to various evasion techniques. Additionally, the produced detector is experimentally trained with a combination of the standard data and the recently published CIC-Evasive-PDFMal2022 dataset which contains malware samples which display evasive properties. The evasive-trained detector is tested against the same set of evasion attacks. The results of the two detectors are compared, concluding that supplementing the training data with evasive samples results in a more evasion resilient detector. / Flexibiliteten och mångsidigheten hos PDF-filer har gjort dessa till attraktiva attackvektorer, där en användare eller ett system riskerar att utsättas för skadlig kod vid läsning av dessa filer. Som åtgärd har formatsspecifika, vanligtvis maskininlärningsbaserade, detektorer utvecklats. Dessa detektorer ämnar att, givet en PDF-fil, ge ett svar: skadlig eller oskadlig, ofta genom att inspektera strukturella egenskaper hos dokumentet. Strukturella detektorer har påvisats sårbara mot riktade undvikningsattacker som, genom att efterlikna egenskaper hos oskadliga dokument, lyckas smuggla skadliga dokument förbi sådana detektorer. Trots detta har liknande detektorer fortsatt utvecklas, utan att implementera försvar mot sådana attacker. Detta arbete testar en modern strukturell detektor med undvikningsattacker bestående av attackfiler av olika obfuskeringsnivåer och bekräftar att dessa svagheter kvarstår. Dessutom prövas en experimentell försvarsåtgärd i form av att tillsätta typiskt normavvikande PDF-filer (från datasetet CIC-Evasive-PDFMal2022) till träningssteget under konstruktionen av detektorn, för att identifiera hur detta påverkar resistensen mot undvikningsattacker. Detektorvarianterna prövas mot samma attackfiler för att jämföras mot varandra. Resultaten från detta påvisar en ökad resistens i detektorn med tillskottet av avikande träningsdata. Malware Analysis Malicious PDF Malware Detection Machine Learning Evasion Analys av skadlig programvara Skadlig PDF Detektion av skadlig programvara Maskininlärning Undanflykt Computer Sciences Datavetenskap (datalogi)
64	<strong>Countermeasures for Preventing Malicious Infiltration on the Information Technology Supply Chain</strong> Leah Michelle Roberts (15952769) 31 May 2023 (has links) <p> </p> <p>Supply chain security continues to be an overlooked field with consequences that can disrupt industrial complexes, cause irreparable harm to critical infrastructure services, and bring unparalleled devastation to human lives. These risks, once constrained to physical tactics, have advanced to undetectable cyber strategies as in the case of the infamous third-party attacks on Target and SolarWinds (Wright, 2021). Moreover, no one sector appears to be immune, as a study by the Government Accountability Office (GAO) found that federal agencies also lag in complying with their own standards as published by the National Institute of Standards and Technology (NIST) (Eyadema, 2021). Throughout this research study, malicious infiltrations propagated by nefarious actors were explored to identify countermeasures and best practices that can be deployed to protect organizations. Often, the lack of defense strategies is not from an absence of information, but from overly complex procedures and a lack of concise requirements. In a recent survey of Department of Defense (DoD) suppliers, 46% of respondents claimed that the supply chain requirements were too difficult to understand, thus reaffirming the importance of creating tools and techniques that are pragmatic and easily implementable (Boyd, 2020).</p> <p><br></p> <p>The research study presented offered notable safeguards through a literature review of prior studies, standards, and a document analysis of three prominent Information Technology (IT) companies who have made considerable advances in the field of IT supply chain. The results of the research led to the creation of the <em>Roberts Categorization Pyramid </em>which follows a zero-trust framework of “never trust, always verify” (Pavana & Prasad, 2022, p. 2). The pyramid is then further broken down into a formidable six-layer support structure consisting of governance, physical security, sourcing security, manufacturing, hardware security, and software security best practices. Finally, the importance of persistent vigilance throughout the life cycle of IT is highlighted through a continuous monitoring defense strategy layer that engulfs the entirety of the pyramid. Through this compilation of pragmatic countermeasures, supply chain practitioners can become more informed, leading to more mindful decisions and protective requirements in future solicitations and supplier flow-downs. </p> Supply chains supply chain security cyber supply chain IT supply chain countermeasures IT infiltration zero trust embedded hardware devices malicious code cyber
65	Data-Driven Network-Centric Threat Assessment Kim, Dae Wook 19 May 2017 (has links) No description available. Computer Science network security fake anti-virus software intrusion detection web document analysis statistical classification Domain Name System behavioral fingerprints privacy online social networks virtual currency malicious accounts
66	Context-Aware Malicious Code Detection Gu, Boxuan 19 December 2012 (has links) No description available. Computer Science intrusion detection malicious code detection web security javascript security smartphone security android security information flow tracking information leaking worm detection shellcode shellcode detection
67	Malicious Activity Detection in Encrypted Network Traffic using A Fully Homomorphic Encryption Method Adiyodi Madhavan, Resmi, Sajan, Ann Zenna January 2022 (has links) Everyone is in need for their own privacy and data protection, since encryption transmission was becoming common. Fully Homomorphic Encryption (FHE) has received increased attention because of its capability to execute calculations over the encoded domain. Through using FHE approach, model training can be properly outsourced. The goal of FHE is to enable computations on encrypted files without decoding aside from the end outcome. The CKKS scheme is used in FHE.Network threats are serious danger to credential information, which enable an unauthorised user to extract important and sensitive data by evaluating the information of computations done on raw data. Thus the study provided an efficient solution to the problem of privacy protection in data-driven applications using Machine Learning. The study used an encrypted NSL KDD dataset. Machine learning-based techniques have emerged as a significant trend for detecting malicious attack. Thus, Random Forest (RF) is proposed for the detection of malicious attacks on Homomorphic encrypted data in the cloud server. Logistic Regression (LR) machine learning model is used to predict encrypted data on cloud server. Regardless of the distributed setting, the technique may retain the accuracy and integrity of the previous methods to obtain the final results. Malicious Activity Detection Cloud Computing Network Traffic Fully Homomorphic Encryption (FHE) Machine Learning Random Forest(RF) Logistic Regession (LR) Engineering and Technology Teknik och teknologier
68	A framework for the protection of mobile agents against malicious hosts Biermann, Elmarie 30 September 2004 (has links) The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performance / Computing / D.Phil. Computer security Communication networks Countermeasure classification Mobile agent security framework Security framework requirements Threats classification Malicious hosts Mobile agent security 005.8 Mobile agents (Computer software) Computer security Computer networks -- Security measures
69	A boa-fé no processo civil e os mecanismos de repressão ao dolo processual Chiovitti, Ana Paula 18 August 2009 (has links) Made available in DSpace on 2016-04-26T20:29:48Z (GMT). No. of bitstreams: 1 Ana Paula Chiovitti.pdf: 1113806 bytes, checksum: a6e52fb193f36ec584bf7a3c9d9d7782 (MD5) Previous issue date: 2009-08-18 / The objective of this work is to first analyze the good faith on civil procedure and its applicability and later, abusive and unethical conduct from the parties, aimed to distort devoted procedural institutes (as the broad defense, or right of action, for example). On a second part, it seeks to examine the ways and means of prevention and prosecution of these actions drawbacks in the Brazilian civil procedure law. Thus, analysis of national and foreign doctrine and the study of judicial decisions homelands, which helped understand how the Brazilian judges are positioning on the subject. The subject is justified in the view of the problems that the Brazilian Judiciary goes through, with the load of demands and consequent delays regarding the proceedings, as well as little, sometimes any, are effective for which depends the judicial decisions, this theme that has been sanctioned by various authors and always gathers views of all shades. It is undeniable that there are effective means to contain unfair or unethical practices of litigants; however, the timidity by which the subject is seen by the judges in Brazil, just to make, in some situations, even with the subjectivity that the issue is viewed, safe means of repression to the procedural intent. Any possibility of punishing the party that wrongly uses the civil procedure techniques, blaming it by "marginal damage of the process", unethical conduct would certainly tend to diminish or even to be abolished in our judicial system. In this context, we find that good faith, viewed from the etimologic perspective, even with its undeniable subjectivism, still is the major milestone in both the actions of the parties as a model of conduct to be followed, and the means and methods by which the judiciary must combat frivolous practices, which only cause procedural turmoil or undue delays, and never contribute to the strengthening of the democratic state of law / O objetivo deste trabalho é analisar, primeiramente, a boa-fé no processo e sua aplicabilidade e depois as condutas abusivas e antiéticas das partes, tendentes a desvirtuar institutos processuais consagrados (como a ampla defesa, ou o direito de ação, por exemplo). Num segundo momento, pretende-se examinar os meios e formas de prevenção e repressão destas ações inconvenientes no processo civil brasileiro. Para tanto, foi feita análise de doutrina nacional e estrangeira, bem como o estudo das decisões jurisprudenciais pátrias, os quais permitiram compreender como os magistrados brasileiros vêm se posicionando a respeito do tema. A temática justifica-se à vista das mazelas pelas quais passa o Judiciário brasileiro, com toda carga de demandas e conseqüente morosidade na tramitação dos processos, bem como a pouca, ou por vezes nenhuma, eficácia pela qual se revestem as decisões judiciais, tema este que vem sendo referendado por diversos autores e sempre acoroçoa opiniões de todos os matizes. É inegável que existem remédios efetivos para conter as práticas abusivas ou antiéticas dos litigantes; contudo, a timidez pela qual o tema é encarado pelos juízes brasileiros, acaba por tornar, em algumas situações, até mesmo pela subjetividade com que a questão é vista, inócuos os meios de repressão ao dolo processual. Havendo possibilidade de punir a parte que utiliza indevidamente o processo, responsabilizando-a pelos denominados danos marginais do processo , certamente as condutas antiéticas tenderiam a diminuir ou mesmo a serem abolidas de nosso sistema judiciário. Neste contexto, percebe-se que a boa-fé, encarada sob a ótica etimológica, mesmo com seu inegável subjetivismo, ainda assim é o grande marco responsável tanto pelas ações das partes como modelo de conduta a ser seguido, como pelos meios e modos com que o Judiciário deve combater as práticas levianas, que apenas causam tumulto processual ou dilações indevidas, e nunca contribuem para o fortalecimento do Estado Democrático de Direito Dolo processual Mecanismos para repressão Boa-fe (Direito) Dolo (Direito civil) -- Brasil Processo civil -- Brasil Good faith Malicious fraud Fraudulent actions in civil procedure Mechanisms for repression
70	A framework for the protection of mobile agents against malicious hosts Biermann, Elmarie 30 September 2004 (has links) The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performance / Computing / D.Phil. Computer security Communication networks Countermeasure classification Mobile agent security framework Security framework requirements Threats classification Malicious hosts Mobile agent security 005.8 Mobile agents (Computer software) Computer security Computer networks -- Security measures

Search results