Global ETD Search

71	Malware Analysis using Profile Hidden Markov Models and Intrusion Detection in a Stream Learning Setting Saradha, R January 2014 (has links) (PDF) In the last decade, a lot of machine learning and data mining based approaches have been used in the areas of intrusion detection, malware detection and classification and also traffic analysis. In the area of malware analysis, static binary analysis techniques have become increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In prior art, a number of clustering and classification techniques have been used to classify the malwares into families and to also identify new malware families, from the behavior reports. In this thesis, we have analysed in detail about the use of Profile Hidden Markov models for the problem of malware classification and clustering. The advantage of building accurate models with limited examples is very helpful in early detection and modeling of malware families. The thesis also revisits the learning setting of an Intrusion Detection System that employs machine learning for identifying attacks and normal traffic. It substantiates the suitability of incremental learning setting(or stream based learning setting) for the problem of learning attack patterns in IDS, when large volume of data arrive in a stream. Related to the above problem, an elaborate survey of the IDS that use data mining and machine learning was done. Experimental evaluation and comparison show that in terms of speed and accuracy, the stream based algorithms perform very well as large volumes of data are presented for classification as attack or non-attack patterns. The possibilities for using stream algorithms in different problems in security is elucidated in conclusion. Malware (Malicious Software) Malware, Cyber Attacks Malware Analysis Profile Hidden Markov Models Intrusion Detection Systems Data Mining Malware Classification and Clustering Machine Learning Malware Detection Cyber Attacks Stream-based Learning Polymorphic Malware Detection Huffman Encoding Stream Algorithms Computer Science
72	Grid Fault management techniques: the case of a Grid environment with malicious entities Akimana, Rachel 01 October 2008 (has links) <p>La tolérance et la gestion des fautes dans les grilles de données/calcul est d’une importance capitale. En effet, comme dans tout autre système distribué, les composants d’une grille sont susceptibles de tomber en panne à tout moment. Mais le risque de panne croît avec la taille du système, et est donc plus exacerbé dans un système de grille. En plus, tout en essayant de mettre à profit les ressources offertes par la grille, les applications tournant sur celle-ci sont de plus en plus complexes (ex. impliquent des interactions complexes, prennent des jours d’exécution), ce qui les rend plus vulnérables aux fautes. Le plus difficile dans la gestion des fautes dans une grille, c’est qu’il est difficile de savoir si une faute qui survient sur une entité de la grille est induite malicieusement ou accidentellement.<p><p>Dans notre travail de thèse, nous utilisons le terme faute, au sens large, pour faire référence à tout étant inattendu qui survient sur tout composant de la grille. Certains de ces états provoquent des comportements aussi inattendus et perceptibles au niveau de la grille tandis que d’autres passent inaperçues. De plus, certaines de ces fautes sont le résultat d’une action malveillante alors que d’autres surviennent accidentellement ou instantanément. Dans ce travail de thèse, nous avons traité le cas de ces fautes induites malicieusement, et qui généralement passent inaperçues. Nous avons considéré en particulier le problème de la confidentialité et de l’intégrité des données stockées à long-terme sur la grille.<p><p>L’étude de la confidentialité des données a été faite en deux temps dont la première partie concerne la confidentialité des données actives. Dans cette partie, nous avons considéré une application liée à la recherche des similitudes d’une séquence d’ADN dans une base de données contenant des séquences d’ADN et stockée sur la grille. Pour cela, nous avons proposé une méthode qui permet d’effectuer la comparaison sur un composant distant, mais tout en gardant confidentielle la séquence qui fait l’objet de la comparaison. <p>Concernant les données passives, nous avons proposé une méthode de partage des données confidentielles et chiffrés sur la grille.<p> <p>En rapport avec l’intégrité des données, nous avons considéré le cas des données anonymes dans le cadre de l’intégrité des données passives. Pour les données actives, nous avons considéré le problème de la corruption des jobs exécutés sur la grille. Pour chacune des cas, nous avons proposé des mécanismes permettant de vérifier l’authenticité des données utilisées ou produites par ces applications.<p> / Doctorat en Sciences / info:eu-repo/semantics/nonPublished Sciences exactes et naturelles Informatique générale Computer system failures Fault-tolerant computing Data protection Computational grids (Computer systems) Pannes système (Informatique) Tolérance aux fautes (Informatique) Grilles informatiques Grids Faults data integrity data confidentiality malicious entities
73	Emulátor byte kódu jazyka Java vhodný pro detekci a analýzu malware / Java Byte Code Emulator Suitable for Malware Detection and Analysis Kubernát, Tomáš January 2013 (has links) The goal of this thesis is to create a virtual machine that emulates a running programs written in Java programing language, which would be suitable for malware analysis and detection. The emulator is able to detect arguments of exploitable methods from Java standard classes, the order of calling these exploitable methods and also execution the test application. Overall functionality was tested on appropriate examples in which held its own measurements. At the end of the paper we describe testing of the emulator, which also contains tables and graphs for better results visualization.
74	Security issues in Address Autoconfiguration Protocols Langer, André, Kühnert, Tom 20 April 2007 (has links) Dynamic address assignment is one of the most important features in wireless ad hoc networks if nodes should be enabled to join and to work in the network by automatically configuring all necessary settings. Different approaches have been developed throughout the last years to achieve this objective of Dynamic Address Autoconfiguration but research primarily focused on efficiency and correctness, less on security issues. Whereas Duplicate Address Detection has become reliable in commonplace scenarios, it is still relatively easy to suspend the whole network functionality in extraordinary situations within the boundaries of a Dynamic Address Configuration Protocol. In this paper, we therefore want to point out shortcomings and weaknesses in existing protocol solutions which address dynamic IP address assignment. We concentrate on a leader-based approach called ODACP and want to propose several solutions which improve the original protocol in such a way that it is safer against malicious host activities. Finally, we will demonstrate the improvements of our solution in a separate test scenario. info:eu-repo/classification/ddc/000 ddc:000 info:eu-repo/classification/ddc/004 ddc:004 Computersicherheit DoS-Attacke Drahtloses lokales Netz Dynamic Host Configuration Protocol Konfiguration <Informatik> Malware Ad hoc networks Address Autoconfiguration ODACP malicious nodes
75	Ethical Hacking of Android Auto in the Context of Road Safety Palm, Alexander, Gafvelin, Benjamin January 2021 (has links) With a more than ever increasing demand to interconnect smartphones with infotainment systems, Android Auto has risen in popularity with its services used in modern vehicles worldwide. However, as users progressively connect their smartphones to in-vehicle infotainment systems, the opportunity for malicious actors to endanger and access private data of Android Auto users advances as well. The goal with this thesis is to determine how secure Android Auto is for road use. The main research question is to figure out if Android Auto is susceptible to attacks that exploit certain vulnerabilities in the Android operating system. The research question was answered by creating several proof-of-concept attacks on Android Auto using an emulated infotainment system with mobile devices. An investigation was also conducted regarding the application’s communication channel between the mobile device and infotainment display. Results of this thesis demonstrate that several attacks are substantially severe to endanger drivers on the road. There is a great risk of successful exploits when running Android Auto locally on the phone without a connection to the infotainment system, and a lesser risk when connected to the infotainment system. Intercepting communication in the USB channel revealed an encryption algorithm whose version has published exploits and can be cracked to potentially exploit Android Auto. / I takt med en evigt ökande efterfrågan på att sammankoppla smarttelefoner med infotainmentsystem, har allt fler börjat använda Android Auto i sina fordon världen över. En bieffekt av att allt fler sammankopplar sina mobiler till infotainmentsystem, är att det leder till fler möjligheter för illvilliga parter att stjäla privat data och sätta Android Autoanvändares liv i fara. Målet med denna avhandling är att fastställa hur säkert Android Auto är i avseende till vägsäkerhet. Den huvudsakliga forskningsfrågan är att lista ut om Android Auto kan attackeras av attacker som utnyttjar sårbarheter i Android operativsystemet. Forskningsfrågan besvarades genom att skapa flertal konceptattacker mot Android Auto användandes av ett emulerat infotainmentsystem och mobiltelefoner. En utredning utfördes även gällande applikationens kommunikationskanal mellan telefonen och infotainmentskärmen. Resultatet från denna avhandling demonstrerade att många attacker är tillräckligt allvarliga för att äventyra trafikanternas säkerhet. Det finns en avsevärd risk för framgångsrika attacker när Android Auto körs lokalt på telefonen utan en USB koppling till infotainmentsystemet, och en liten risk när telefonen är kopplad till infotainmentsystemet. Avlyssning och uppfångning av kommunikationen i USB kanalen visade att en krypteringsalgoritm vars version har existerande sårbarheter kan avkrypteras och utnyttjas för att potentiellt attackera Android Auto. Computer and Information Sciences Data- och informationsvetenskap
76	Combining Anomaly- and Signaturebased Algorithms for IntrusionDetection in CAN-bus : A suggested approach for building precise and adaptiveintrusion detection systems to controller area networks Andersson, Robin January 2021 (has links) With the digitalization and the ever more computerization of personal vehicles, new attack surfaces are introduced, challenging the security of the in-vehicle network. There is never such a thing as fully securing any computer system, nor learning all the methods of attack in order to prevent a break-in into a system. Instead, with sophisticated methods, we can focus on detecting and preventing attacks from being performed inside a system. The current state of the art of such methods, named intrusion detection systems (IDS), is divided into two main approaches. One approach makes its models very confident of detecting malicious activity, however only on activities that has been previously learned by this model. The second approach is very good at constructing models for detecting any type of malicious activity, even if never studied by the model before, but with less confidence. In this thesis, a new approach is suggested with a redesigned architecture for an intrusion detection system called Multi-mixed IDS. Where we take a middle ground between the two standardized approaches, trying to find a combination of both sides strengths and eliminating its weaknesses. This thesis aims to deliver a proof of concept for a new approach in the current state of the art in the CAN-bus security research field. This thesis also brings up some background knowledge about CAN and intrusion detection systems, discussing their strengths and weaknesses in further detail. Additionally, a brief overview from a handpick of research contributions from the field are discussed. Further, a simple architecture is suggested, three individual detection models are trained and combined to be tested against a CAN-bus dataset. Finally, the results are examined and evaluated. The results from the suggested approach shows somewhat poor results compared to other suggested algorithms within the field. However, it also shows some good potential, if better decision methods between the individual algorithms that constructs the model can be found. CAN Controller Area Network IDS Intrusion detection personal vehicles machine learning hybrid proof of concept embeded systems software architecture malicious security Engineering and Technology Teknik och teknologier Computer Systems Datorsystem Embedded Systems Inbäddad systemteknik
77	Practice-Oriented Cybersecurity Training Framework Podila, Laxmi Mounika January 2020 (has links) No description available. Academic Guidance Counseling Computer Engineering Computer Science Curriculum Development Education
78	The policing of road rage incidents in the Gauteng Province Mfusi, Boikhutso Florencia 12 1900 (has links) This study followed a qualitative research approach, and semi-structured interviews regarding the subject matter were conducted with the knowledgeable and experienced respondents in the Gauteng traffic-related departments. A literature review was also conducted to provide a comprehensive understanding of the research problem in both local and international context. The research stresses the fact that motorists are continuing to lose their lives on Gauteng province, as a result of violent traffic disputes, therefore people suffer financial, physical, psychological as well as social effects as a consequence of such actions. The findings revealed that all the traffic stakeholders are working cooperatively towards implementing the crime prevention strategic plans, but for policing road rage in particular there is no specific strategy in action. In addition, this study reveals that it is impossible for the traffic police to curb road rage incidents because the latter occur as a result of unpredictable human behavior. / Police Practice / M. Tech. (Policing) Road rage Aggressive driving Policing Assault Malicious damage to property Murder Anger Stress Road safety Violence 363.1251096822
79	The policing of road rage incidents in the Gauteng Province Mfusi, Boikhutso Florencia 12 1900 (has links) This study followed a qualitative research approach, and semi-structured interviews regarding the subject matter were conducted with the knowledgeable and experienced respondents in the Gauteng traffic-related departments. A literature review was also conducted to provide a comprehensive understanding of the research problem in both local and international context. The research stresses the fact that motorists are continuing to lose their lives on Gauteng province, as a result of violent traffic disputes, therefore people suffer financial, physical, psychological as well as social effects as a consequence of such actions. The findings revealed that all the traffic stakeholders are working cooperatively towards implementing the crime prevention strategic plans, but for policing road rage in particular there is no specific strategy in action. In addition, this study reveals that it is impossible for the traffic police to curb road rage incidents because the latter occur as a result of unpredictable human behavior. / Police Practice / M. Tech. (Policing) Road rage Aggressive driving Policing Assault Malicious damage to property Murder Anger Stress Road safety Violence 363.1251096822
80	Construction of Secure and Efficient Private Set Intersection Protocol Kumar, Vikas January 2013 (has links) (PDF) Private set intersection(PSI) is a two party protocol where both parties possess a private set and at the end of the protocol, one party (client) learns the intersection while other party (server) learns nothing. Motivated by some interesting practical applications, several provably secure and efficient PSI protocols have appeared in the literature in recent past. Some of the proposed solutions are secure in the honest-but-curious (HbC) model while the others are secure in the (stronger) malicious model. Security in the latter is traditionally achieved by following the classical approach of attaching a zero knowledge proof of knowledge (ZKPoK) (and/or using the so-called cut-and-choose technique). These approaches prevent the parties from deviating from normal protocol execution, albeit with significant computational overhead and increased complexity in the security argument, which includes incase of ZKPoK, knowledge extraction through rewinding. We critically investigate a subset of the existing protocols. Our study reveals some interesting points about the so-called provable security guarantee of some of the proposed solutions. Surprisingly, we point out some gaps in the security argument of several protocols. We also discuss an attack on a protocol when executed multiple times between the same client and server. The attack, in fact, indicates some limitation in the existing security definition of PSI. On the positive side, we show how to correct the security argument for the above mentioned protocols and show that in the HbC model the security can be based on some standard computational assumption like RSA and Gap Diﬃe-Hellman problem. For a protocol, we give improved version of that protocol and prove security in the HbC model under standard computational assumption. For the malicious model, we construct two PSI protocols using deterministic blind signatures i.e., Boldyreva’s blind signature and Chaum’s blind signature, which do not involve ZKPoK or cut-and-choose technique. Chaum’s blind signature gives a new protocol in the RSA setting and Boldyreva’s blind signature gives protocol in gap Diﬃe-Hellman setting which is quite similar to an existing protocol but it is efficient and does not involve ZKPoK. Data Protection Private Set Intersection (PSI) Simulation-based Proofs Malicious Model Secure Two-Party Computation Cryptographic Protocols Honest-But-Curious Model Data Security Models HbC Model Gap Diffie-Hellman Setting Computer Science

Search results