Global ETD Search

51	Detekce Útoků v Síťovém Provozu / Intrusion Detection in Network Traffic Homoliak, Ivan Unknown Date (has links) Tato práce se zabývá problematikou anomální detekce síťových útoků s využitím technik strojového učení. Nejdříve jsou prezentovány state-of-the-art datové kolekce určené pro ověření funkčnosti systémů detekce útoků a také práce, které používají statistickou analýzu a techniky strojového učení pro nalezení síťových útoků. V další části práce je prezentován návrh vlastní kolekce metrik nazývaných Advanced Security Network Metrics (ASNM), který je součástí konceptuálního automatického systému pro detekci průniků (AIPS). Dále jsou navrženy a diskutovány dva různé přístupy k obfuskaci - tunelování a modifikace síťových charakteristik - sloužících pro úpravu provádění útoků. Experimenty ukazují, že použité obfuskace jsou schopny předejít odhalení útoků pomocí klasifikátoru využívajícího metriky ASNM. Na druhé straně zahrnutí těchto obfuskací do trénovacího procesu klasifikátoru může zlepšit jeho detekční schopnosti. Práce také prezentuje alternativní pohled na obfuskační techniky modifikující síťové charakteristiky a demonstruje jejich použití jako aproximaci síťového normalizéru založenou na vhodných trénovacích datech.
52	Methods for Multisensory Detection of Light Phenomena on the Moon as a Payload Concept for a Nanosatellite Mission Maurer, Andreas January 2020 (has links) For 500 years transient light phenomena (TLP) have been observed on the lunar surface by ground-based observers. The actual physical reason for most of these events is today still unknown. Current plans of NASA and SpaceX to send astronauts back to the Moon and already successful deep-space CubeSat mission will allow in the future research nanosatellite missions to the cislunar space. This thesis presents a new hardware and software concept for a future payload on such a nanosatellite. The main task was to develop and implement a high-performance image processing algorithm which task is to detect short brightening flashes on the lunar surface. Based on a review of historic reported phenomena, possible explanation theories for these phenomena and currently active and planed ground- or space-based observatories possible reference scenarios were analyzed. From the presented scenarios one, the detection of brightening events was chosen and requirements for this scenario stated. Afterwards, possible detectors, processing computers and image processing algorithms were researched and compared regarding the specified requirements. This analysis of available algorithm was used to develop a new high-performance detection algorithm to detect transient brightening events on the Moon. The implementation of this algorithm running on the processor and the internal GPU of a MacMini achieved a framerate of 55 FPS by processing images with a resolution of 4.2 megapixel. Its functionality and performance was verified on the remote telescope operated by the Chair of Space Technology of the University of Würzburg. Furthermore, the developed algorithm was also successfully ported on the Nvidia Jetson Nano and its performance compared with a FPGA based image processing algorithm. The results were used to chose a FPGA as the main processing computer of the payload. This concept uses two backside illuminated CMOS image sensor connected to a single FPGA. On the FPGA the developed image processing algorithm should be implemented. Further work is required to realize the proposed concept in building the actual hardware and porting the developed algorithm onto this platform. Moon TLP Transient Lunar Phenomena Image Processing GPU Nanosatellite CubeSat Nvidia Jetson Nano OpenCL CUDA Telescope Payload Concept C/C++ background subtraction connected component labelling FPGA Computer Systems Datorsystem Embedded Systems Inbäddad systemteknik Aerospace Engineering Rymd- och flygteknik
53	Caractérisation radioélectrique des satellites de télécommunications du futur / Radioelectric measurements of future telecommunication satellites Balma, Téegwendé Serge 29 January 2018 (has links) Les paramètres radioélectriques des satellites sont actuellement mesurés directement, à l’aide d’une base compacte. Cependant, les li-mites de ces bases sont atteintes à cause de l’augmentation des dimensions des satellites, du nombre et de la complexité des antennes qu’ils comportent.Les techniques de champ proche constituent une solution prometteuse sous la forme de base pla-naire. Ces techniques consistent à mesurer le champ rayonné à proximité de la source pour en déduire, par traitement mathématique, le champ à grande distance.Ce travail de thèse porte sur l’adaptation des techniques de champ proche au test des satellites de télécommunications. La caractérisation du rayonnement des antennes par ces techniques estaujourd’hui largement utilisée. Toutefois, un développement théorique doit être complété et des méthodes de mesures proposées pour le test de l’ensemble des paramètres de la charge utile. Des difficultés spécifiques liées à la fonction du satellite (transpondeur) et à l’accès limité aux antennes et à l’électronique du satellite doivent être prise en compte dans la mise en oeuvre de ces méthodes de mesure.Enfin les mesures en champ proche sont affectées par plusieurs causes d’erreurs. L’identification des sources de ces erreurs et l’évaluation de leurs contributions au résultat final constituent une partie importante du travail de thèse. L’étude globale permet de dimensionner un système de mesure complet bénéficiant d’un bon niveau d’optimisation. / Nowadays, the radioelectric charac-teristics of satellites are directly measured by means of a com-pact range basis. However, the limits of these bases are affected by the growth of the satellite dimensions, in addition to the number and the complexity of the integrated an-tennas.On the other hand, near field techniques formed a promising solution under the planar range form. These techniques consist of measuring the radiated field near the source and accordingly deduce the far field by the means of mathemati-cal analysis.The purpose of this thesis is to adapt near field techniques for testing telecommunication satel-lites. In fact, these techniques are widelyused for antenna pattern measurements. However, a theoretical development has to be completed and measurement methods need to be proposed for testing all payload parameters. Unfortunately, specific difficulties related to the satellite function (transponder) and the limited access to antennas and satellite electronics have to be taken into account in the implementation of these measurement methodologies.Finally, the near field measurements are affected by many causes of errors. The identification of the error sources and the evaluation of their contribution to the final results constitute an important part of the thesis work. The global study allows dimensioning a complete measurement system with a good optimization. Satellites Mesure d'antennes et de charge utile Analyse d'incertitude et précision Base compacte Satellites Near Field to Far Field Transformation Antenna and Payload Measurement Compact range
54	Malicious Entity Categorization using Graph modelling / Skadlig Entity Kategorisering med användning graf modellering Srinivaasan, Gayathri January 2016 (has links) Today, malware authors not only write malicious software but also employ obfuscation, polymorphism, packing and endless such evasive techniques to escape detection by Anti-Virus Products (AVP). Besides the individual behavior of malware, the relations that exist among them play an important role for improving malware detection. This work aims to enable malware analysts at F-Secure Labs to explore various such relationships between malicious URLs and file samples in addition to their individual behavior and activity. The current detection methods at F-Secure Labs analyze unknown URLs and file samples independently without taking into account the correlations that might exist between them. Such traditional classification methods perform well but are not efficient at identifying complex multi-stage malware that hide their activity. The interactions between malware may include any type of network activity, dropping, downloading, etc. For instance, an unknown downloader that connects to a malicious website which in turn drops a malicious payload, should indeed be blacklisted. Such analysis can help block the malware infection at its source and also comprehend the whole infection chain. The outcome of this proof-of-concept study is a system that detects new malware using graph modelling to infer their relationship to known malware as part of the malware classification services at F-Secure. / Idag, skadliga program inte bara skriva skadlig programvara men också använda förvirring, polymorﬁsm, packning och ändlösa sådana undan tekniker för att ﬂy detektering av antivirusprodukter (AVP). Förutom individens beteende av skadlig kod, de relationer som ﬁnns mellan dem spelar en viktig roll för att förbättra detektering av skadlig kod. Detta arbete syftar till att ge skadliga analytiker på F-Secure Labs att utforska olika sådana relationer mellan skadliga URL: er och ﬁl prover i Förutom deras individuella beteende och aktivitet. De aktuella detektionsmetoder på F-Secure Labs analysera okända webbadresser och ﬁl prover oberoende utan med beaktande av de korrelationer som kan ﬁnnas mellan dem. Sådan traditionella klassiﬁceringsmetoder fungerar bra men är inte effektiva på att identiﬁera komplexa ﬂerstegs skadlig kod som döljer sin aktivitet. Interaktioner mellan malware kan innefatta någon typ av nätverksaktivitet, släppa, nedladdning, etc. Till exempel, en okänd loader som ansluter till en skadlig webbplats som i sin tur släpper en skadlig nyttolast, bör verkligen vara svartlistad. En sådan analys kan hjälpa till att blockera malware infektion vid källan och även förstå hela infektion kedja. Resultatet av denna proof-of-concept studien är ett system som upptäcker ny skadlig kod med hjälp av diagram modellering för att sluta deras förhållande till kända skadliga program som en del av de skadliga klassiﬁcerings tjänster på F-Secure. malware classification graph modelling graph mining downloader payload URL file sample graph traversal malware klassificering graf modellering graf gruvdrift dataöverföring nyttolast URL fil prov graf traverse Computer and Information Sciences Data- och informationsvetenskap
55	On the (in)security of behavioral-based dynamic anti-malware techniques Ersan, Erkan 21 April 2017 (has links) The Internet has become the primary vector for the delivery of malicious code in cyber attacks, and malware has rapidly become a pervasive critical threat. Anti- malware products offer effective protection from malware threats for servers and endpoint devices using a variety of techniques. Advanced enterprise-level anti-malware products rely on state-of-art behavioral-based detection algorithms, in addition to traditional signature-based mechanisms. These dynamic detection techniques have been around for more than a decade and in response hackers have developed methods to evade them. However, currently known bypass methods require intensive manual labor. Moreover, this manual work has to be repeated whenever a parameter of the environment (such as the payload, operating system, Antivirus version, etc) changes, making these methods impractical. This may lead to the belief that dynamic techniques provide a good deterrence, and hence good protection. In this thesis we evaluate dynamic techniques. Specifically, we build tools to implement generic unhooking and funneling, and using these tools we show how dynamic techniques can be bypassed with considerably less effort than by fully manual methods. We also extend the repertoire of existing bypass methods and introduce a new malicious function call technique which exploits detection techniques that monitor a limited collection of critical system functions, as well as a method for bypassing guard-page protections. We demonstrate the effectiveness of all our techniques by conducting attacks against two enterprise antivirus products. Our results lead us to conclude that that dynamic techniques do not provide sufficient protection. / Graduate / 2018-02-07 / 0984 / erkanersan@gmail.com Malware Malware Detection Computer Security Anti-malware Antivirus Cyber Attacks Behavioral-based Detection EMET Hooking Unhooking Guard Pages Bypassing Techniques Evasion Techniques Evasion funneling Control Flow Integrity CFI Web-based malware ROP Return-Oriented Programming Shellcode Payload Windows Anti-malware Evaluation Antivirus Evaluation Anti-malware Effectiveness Antivirus Effectiveness
56	Design and control of collaborative, cross and carry mobile robots : C3Bots / Conception et commande des robots mobiles, manipulateurs, collaboratifs et tous terrains Hichri, Bassem 05 October 2015 (has links) L'objectif du travail proposé est de concevoir et commander un groupe des robots mobiles similaires et d'architecture simple appelés m-bots (mono-robots). Plusieurs m-bots ont la capacité de saisir ensemble un objet afin d'assurer sa co-manipulation et son transport quelle que soit sa forme et sa masse. Le robot résultant est appelé p-bot (poly-robot) et est capable d'effectuer des tâches de déménageur pour le transport d'objets génériques. La reconfigurabilité du p-bot par l'ajustement du nombre des m-bots utilisés permet de manipuler des objets lourds et des objets de formes quelconques (particulièrement s'ils sont plus larges qu'un seul m-bot). Sont considérés dans ce travail l'évitement d'obstacle ainsi que la stabilité du p-bot incluant la charge à transporter. Une cinématique pour un mécanisme de manipulation a été proposée et étudiée. Ce dernier assure le levage de la charge et son dépôt sur le corps des robots pour la transporter. Plusieurs variantes d'actionnement ont été étudiées : passif, avec compliance et actionné. Un algorithme de positionnement optimal des m-bots autour de l'objet à manipuler a été proposé afin d'assurer la réussite de la tâche à effectuer par les robots. Cet algorithme respecte le critère de "Force Closure Grasping" qui assure la stabilité de la charge durant la phase de manipulation. Il maintient aussi une marge de stabilité statique qui assure la stabilité de l'objet durant la phase de transport. Enfin, l'algorithme respecte le critère des zones inaccessibles qui ne peuvent pas être atteintes par les m-bots. Une loi de commande a été utilisée afin d'atteindre les positions désirées pour les m-bots et d'assurer la navigation en formation, durant la phase du transport, durant laquelle chaque robot élémentaire doit maintenir une position désirée par rapport à l'objet transporté. Des résultats de simulation pour un objet de forme quelconque, décrite par une courbe paramétrique, sont présentés. Des simulations 3D en dynamique multi-corps ainsi que des expériences menées sur les prototypes réalisés ont permis de valider nos propositions. / Our goal in the proposed work is to design and control a group of similar mobile robots with a simple architecture, called m-bot. Several m-bots can grip a payload, in order to co-manipulate and transport it, whatever its shape and mass. The resulting robot is called a p-bot andis capable to solve the so-called "removal-man task" to transport a payload. Reconfiguring the p-bot by adjusting the number of m-bots allows to manipulate heavy objects and to manage objects with anyshape, particularly if they are larger than a single m-bot. Obstacle avoidance is addressed and mechanical stability of the p-bot and its payload is permanently guaranteed. A proposed kinematic architecture for a manipulation mechanism is studied. This mechanism allows to lift a payload and put it on them-bot body in order to be transported. The mobile platform has a free steering motion allowing the system maneuver in any direction. An optimal positioning of the m-bots around the payload ensures a successful task achievement without loss of stability for the overall system. The positioning algorithm respects the Force Closure Grasping (FCG) criterion which ensures the payload stability during the manipulation phase. It respects also the Static Stability Margin (SSM) criterion which guarantees the payload stability during the transport. Finally, it considers also the Restricted Areas (RA) that could not be reached by the robots to grab the payload. A predefined control law is then used to ensure the Target Reaching (TR) phase of each m-bot to its desired position around the payload and to track a Virtual Structure (VS), during the transportation phase, in which each elementary robot has to keep the desired position relative to the payload. Simulation results for an object of any shape, described by aparametric curve, are presented. Additional 3D simulation results with a multi-body dynamic software and experiments by manufactured prototypes validate our proposal. Robots mobiles coopératifs Architecture de contrôle/commande Co-manipulation et transport de charge Mécanisme de levage Synthèse dimensionnelle Force Closure Grasping Marge de stabilité statique Évitement d'obstacles Atteinte des cibles Navigation en formation Cooperative mobile robots Control architecture Payload transport and co- manipulation Lifting mechanism Force closure grasping Static stability margin Restricted areas Obstacle avoidance Target reaching Virtual structure navigation
57	An Extension Of Multi Layer IPSec For Supporting Dynamic QoS And Security Requirements Kundu, Arnab 02 1900 (has links) (PDF) Governments, military, corporations, financial institutions and others exchange a great deal of confidential information using Internet these days. Protecting such confidential information and ensuring their integrity and origin authenticity are of paramount importance. There exist protocols and solutions at different layers of the TCP/IP protocol stack to address these security requirements. Application level encryption viz. PGP for secure mail transfer, TLS based secure TCP communication, IPSec for providing IP layer security are among these security solutions. Due to scalability, wide acceptance of the IP protocol, and its application independent character, the IPSec protocol has become a standard for providing Internet security. The IPSec provides two protocols namely the Authentication header (AH) and the Encapsulating Security Payload (ESP). Each protocol can operate in two modes, viz. transport and tunnel mode. The AH provides data origin authentication, connectionless integrity and anti replay protection. The ESP provides all the security functionalities of AH along with confidentiality. The IPSec protocols provide end-to-end security for an entire IP datagram or the upper layer protocols of IP payload depending on the mode of operation. However, this end-to-end model of security restricts performance enhancement and security related operations of intermediate networking and security devices, as they can not access or modify transport and upper layer headers and original IP headers in case of tunnel mode. These intermediate devices include routers providing Quality of Service (QoS), TCP Performance Enhancement Proxies (PEP), Application level Proxy devices and packet filtering firewalls. The interoperability problem between IPSec and intermediate devices has been addressed in literature. Transport friendly ESP (TF-ESP), Transport Layer Security (TLS), splitting of single IPSec tunnel into multiple tunnels, Multi Layer IPSec (ML-IPSec) are a few of the proposed solutions. The ML-IPSec protocol solves this interoperability problem without violating the end-to-end security for the data or exposing some important header fields unlike the other solutions. The ML-IPSec uses a multilayer protection model in place of the single end-to-end model. Unlike IPSec where the scope of encryption and authentication applies to the entire IP datagram, this scheme divides the IP datagram into zones. It applies different protection schemes to different zones. When ML-IPSec protects a traffic stream from its source to its destination, it first partitions the IP datagram into zones and applies zone-specific cryptographic protections. During the flow of the ML-IPSec protected datagram through an authorized intermediate gateway, certain type I zones of the datagram may be decrypted and re-encrypted, but the other zones will remain untouched. When the datagram reaches its destination, the ML-IPSec will reconstruct the entire datagram. The ML-IPSec protocol, however suffers from the problem of static configuration of zones and zone specific cryptographic parameters before the commencement of the communication. Static configuration requires a priori knowledge of routing infrastructure and manual configuration of all intermediate nodes. While this may not be an issue in a geo-stationary satellite environment using TCP-PEP, it could pose problems in a mobile or distributed environment, where many stations may be in concurrent use. The ML-IPSec endpoints may not be trusted by all intermediate nodes in a mobile environment for manual configuration without any prior arrangement providing the mutual trust. The static zone boundary of the protocol forces one to ignore the presence of TCP/IP datagrams with variable header lengths (in case of TCP or IP headers with OPTION fields). Thus ML-IPSec will not function correctly if the endpoints change the use of IP or TCP options, especially in case of tunnel mode. The zone mapping proposed in ML-IPSec is static in nature. This forces one to configure the zone mapping before the commencement of the communication. It restricts the protocol from dynamically changing the zone mapping for providing access to intermediate nodes without terminating the existing ML-IPSec communication. The ML-IPSec endpoints can off course, configure the zone mapping with maximum number of zones. This will lead to unnecessary overheads that increase with the number of zones. Again, static zone mapping could pose problems in a mobile or distributed environment, where communication paths may change. Our extension to the ML-IPSec protocol, called Dynamic Multi Layer IPSec (DML-IPSec) proposes a multi layer variant with the capabilities of dynamic zone configuration and sharing of cryptographic parameters between IPSec endpoints and intermediate nodes. It also accommodates IP datagrams with variable length headers. The DML-IPSec protocol redefines some of the IPSec and ML-IPSec fundamentals. It proposes significant modifications to the datagram processing stage of ML-IPSec and proposes a new key sharing protocol to provide the above-mentioned capabilities. The DML-IPSec supports the AH and ESP protocols of the conventional IPSec with some modifications required for providing separate cryptographic protection to different zones of an IP datagram. This extended protocol defines zone as a set of non-overlapping and contiguous partitions of an IP datagram, unlike the case of ML-IPSec where a zone may consist of non-contiguous portions. Every zone is provided with cryptographic protection independent of other zones. The DML-IPSec categorizes zones into two separate types depending on the accessibility requirements at the intermediate nodes. The first type of zone, called type I zone, is defined on headers of IP datagram and is required for examination and modification by intermediate nodes. One type I zone may span over a single header or over a series of contiguous headers of an IP datagram. The second type of zone, called type II zone, is meant for the payload portion and is kept secure between endpoints of IPSec communications. The single type II zone starts immediately after the last type I zone and spans till the end of the IP datagram. If no intermediate processing is required during the entire IPSec session, the single type II zone may cover the whole IP datagram; otherwise the single type II zone follows one or more type I zones of the IP datagram. The DML-IPSec protocol uses a mapping from the octets of the IP datagram to different zones, called zone map for partitioning an IP datagram into zones. The zone map contains logical boundaries for the zones, unlike physical byte specific boundaries of ML-IPSec. The physical boundaries are derived on-the-fly, using either the implicit header lengths or explicit header length fields of the protocol headers. This property of the DML-IPSec zones, enables it to accommodate datagrams with variable header lengths. Another important feature of DML-IPSec zone is that the zone maps need not remain constant through out the entire lifespan of IPSec communication. The key sharing protocol may modify any existing zone map for providing service to some intermediate node. The DML-IPSec also redefines Security Association (SA), a relationship between two endpoints of IPSec communication that describes how the entities will use security services to communicate securely. In the case of DML-IPSec, several intermediate nodes may participate in defining these security protections to the IP datagrams. Moreover, the scope of one particular set of security protection is valid on a single zone only. So a single SA is defined for each zone of an IP datagram. Finally all these individual zonal SA’s are combined to represent the security relationship of the entire IP datagram. The intermediate nodes can have the cryptographic information of the relevant type I zones. The cryptographic information related to the type II zone is, however, hidden from any intermediate node. The key sharing protocol is responsible for selectively sharing this zone information with the intermediate nodes. The DML-IPSec protocol has two basic components. The first one is for processing of datagrams at the endpoints as well as intermediate nodes. The second component is the key sharing protocol. The endpoints of a DML-IPSec communication involves two types of processing. The first one, called Outbound processing, is responsible for generating a DML-IPSec datagram from an IP datagram. It first derives the zone boundaries using the zone map and individual header field lengths. After this partitioning of IP datagram, zone wise encryption is applied (in case of ESP). Finally zone specific authentication trailers are calculated and appended after each zone. The other one, Inbound processing, is responsible for generating the original IP datagram from a DML-IPSec datagram. The first step in the inbound processing, the derivation of zone boundary, is significantly different from that of outbound processing as the length fields of zones remain encrypted. After receiving a DML-IPSec datagram, the receiver starts decrypting type I zones till it decrypts the header length field of the header/s. This is followed by zone-wise authentication verification and zone-wise decryption. The intermediate nodes processes an incoming DML-IPSec datagram depending on the presence of the security parameters for that particular DML-IPSec communication. In the absence of the security parameters, the key sharing protocol gets executed; otherwise, all the incoming DML-IPSec datagrams get partially decrypted according to the security association and zone mapping at the inbound processing module. After the inbound processing, the partially decrypted IP datagram traverses through the networking stack of the intermediate node . Before the IP datagram leaves the intermediate node, it is processed by the outbound module to reconstruct the DML-IPSec datagram. The key sharing protocol for sharing zone related cryptographic information among the intermediate nodes is the other important component of the DML-IPSec protocol. This component is responsible for dynamically enabling intermediate nodes to access zonal information as required for performing specific services relating to quality or security. Whenever a DML-IPSec datagram traverses through an intermediate node, that requires access to some of the type I zones, the inbound security database is searched for cryptographic parameters. If no entry is present in the database, the key sharing protocol is invoked. The very first step in this protocol is a header inaccessible message from the intermediate node to the source of the DML-IPSec datagram. The intermediate node also mentions the protocol headers that it requires to access in the body portion of this message. This first phase of the protocol, called the Zone reorganization phase, is responsible for deciding the zone mapping to provide access to intermediate nodes. If the current zone map can not serve the header request, the DML-IPSec endpoint reorganizes the existing zone map in this phase. The next phase of the protocol, called the Authentication Phase is responsible for verifying the identity of the intermediate node to the source of DML-IPSec session. Upon successful authentication, the third phase, called the Shared secret establishment phase commences. This phase is responsible for the establishment of a temporary shared secret between the source and intermediate nodes. This shared secret is to be used as key for encrypting the actual message transfer of the DML-IPSec security parameters at the next phase of the protocol. The final phase of the protocol, called the Security parameter sharing phase, is solely responsible for actual transfer of the security parameters from the source to the intermediate nodes. This phase is also responsible for updation of security and policy databases of the intermediate nodes. The successful execution of the four phases of the key sharing protocol enables the DML-IPSec protocol to dynamically modify the zone map for providing access to some header portions for intermediate nodes and also to share the necessary cryptographic parameters required for accessing relevant type I zones without disturbing an existing DML-IPSec communication. We have implemented the DML-IPSec for ESP protocol according to the definition of zones along with the key sharing algorithm. RHEL version 4 and Linux kernel version 2.6.23.14 was used for the implementation. We implemented the multi-layer IPSec functionalities inside the native Linux implementation of IPSec protocol. The SA structure was updated to hold necessary SA information for multiple zones instead of single SA of the normal IPSec. The zone mapping for different zones was implemented along with the kernel implementation of SA. The inbound and outbound processing modules of the IPSec endpoints were re-implemented to incorporate multi-layer IPSec capability. We also implemented necessary modules for providing partial IPSec processing capabilities at the intermediate nodes. The key sharing protocol consists of some user space utilities and corresponding kernel space components. We use ICMP protocol for the communications required for the execution of the protocol. At the kernel level, pseudo character device driver was implemented to update the kernel space data structures and necessary modifications were made to relevant kernel space functions. User space utilities and corresponding kernel space interface were provided for updating the security databases. As DML-IPSec ESP uses same Security Policy mechanism as IPSec ESP, existing utilities (viz. setkey) are used for the updation of security policy. However, the configuration of the SA is significantly different as it depends on the DML-IPSec zones. The DML-IPSec ESP implementation uses the existing utilities (setkey and racoon) for configuration of the sole type II zone. The type I zones are configured using the DML-IPSec application. The key sharing protocol also uses this application to reorganize the zone mapping and zone-wise cryptographic parameters. The above feature enables one to use default IPSec mechanism for the configuration of the sole type II zone. For experimental validation of DML-IPSec, we used the testbed as shown in the above figure. An ESP tunnel is configured between the two gateways GW1 and GW2. IN acts as an intermediate node and is installed with several intermediate applications. Clients C11 and C21 are connected to GW1 and GW2 respectively. We carried out detailed experiments for validating our solution w.r.t firewalling service. We used stateful packet filtering using iptables along with string match extension at IN. First, we configured the firewall to allow only FTP communication (using port information of TCP header and IP addresses of Inner IP header ) between C11 and C21. In the second experiment, we configured the firewall to allow only Web connection between C11 and C21 using the Web address of C11 (using HTTP header, port information of TCP header and IP addresses of Inner IP header ). In both experiments, we initiated the FTP and WEB sessions before the execution of the key sharing protocol. The session could not be established as the access to upper layer headers was denied. After the execution of the key sharing protocol, the sessions could be established, showing the availability of protocol headers to the iptables firewall at IN following the successful key sharing. We use record route option of ping program to validate the claim of handling datagrams with variable header lengths. This option of ping program records the IP addresses of all the nodes traversed during a round trip path in the IP OPTION field. As we used ESP in tunnel mode between GW1 and GW2, the IP addresses would be recorded inside the encrypted Inner IP header. We executed ping between C11 and C21 and observed the record route output. Before the execution of the key sharing protocol, the IP addresses of IN were absent in the record route output. After the successful execution of key sharing protocol, the IP addresses for IN were present at the record route output. The DML-IPSec protocol introduces some processing overhead and also increases the datagram size as compared to IPSec and ML-IPSec. It increases the datagram size compared to the standard IPSec. However, this increase in IP datagram size is present in the case of ML-IPSec as well. The increase in IP datagram length depends on the number of zones. As the number of zone increases this overhead also increases. We obtain experimental results about the processing delay introduced by DML-IPSec processing. For this purpose, we executed ping program from C11 to C21 in the test bed setup for the following cases: 1.ML-IPSec with one type I and one type II zone and 2. DML-IPSec with one type I and one type II zone. We observe around 10% increase in RTT in DML-IPSec with two dynamic zones over that of ML-IPSec with two static zones. This overhead is due to on-the-fly derivation of the zone length and related processing. The above experiment analyzes the processing delay at the endpoints without intermediate processing. We also analyzed the effect of intermediate processing due to dynamic zones of DML-IPSec. We used iptables firewall in the above mentioned experiment. The RTT value for DML-IPSec with dynamic zones increases by less than 10% over that of ML-IPSec with static zones. To summarize our work, we have proposed an extension to the multilayer IPSec protocol, called Dynamic Multilayer IPSec (DML-IPSec). It is capable of dynamic modification of zones and sharing of cryptographic parameters between endpoints and intermediate nodes using a key sharing protocol. The DML-IPSec also accommodates datagrams with variable header lengths. The above mentioned features enable any intermediate node to dynamically access required header portions of any DML-IPSec protected datagrams. Consequently they make the DML-IPSec suited for providing IPSec over mobile and distributed networks. We also provide complete implementation of ESP protocol and provide experimental validation of our work. We find that our work provides the dynamic support for QoS and security services without any significant extra overhead compared to that of ML-IPSec. The thesis begins with an introduction to communication security requirements in TCP/IP networks. Chapter 2 provides an overview of communication security protocols at different layers. It also describes the details of IPSec protocol suite. Chapter 3 provides a study on the interoperability issues between IPSec and intermediate devices and discusses about different solutions. Our proposed extension to the ML-IPSec protocol, called Dynamic ML-IPSec(DML-IPSec) is presented in Chapter 4. The design and implementation details of DML-IPSec in Linux environment is presented in Chapter 5. It also provides experimental validation of the protocol. In Chapter 6, we summarize the research work, highlight the contributions of the work and discuss the directions for further research. Computer Communication Protocols Internet Protocol Service Computer Security Internet Protocol Security Intermediate QoS and Security Service Multi Layer IPSec (ML-IPSec) Authentication Header (AH) Communication Security Protocols IP Security Encapsulating Security Payload (ESP) Quality of Service (QoS) Transport Friendly ESP (TF-ESP) Transport Layer Security (TLS) Computer Science
58	Magnetorheological Strut for Vibration Isolation System of Space Launcher / Magnetorheological Strut for Vibration Isolation System of Space Launcher Macháček, Ondřej January 2018 (has links) Práce se zabývá návrhem magnetoreologické (MR) vzpěry vibroizolačního systému (VIS) pro kosmický nosič. V rešeršní části jsou popsány vybrané VIS a vzpěry těchto systémů, které byly v kosmických nosičích využity v minulosti. Každá z těchto vzpěr obsahující kapalinu byla těsněna pomocí statických těsnění a pružných vlnovců vyrobených z oceli. Důkladněji byla analyzována vzpěra pasivního systému VIS s označením ELVIS, jehož konstrukce se stala inspirací pro tuto práci. Jedná se o tříparametrický systém, v němž je tlumič uložen na pružině, jejíž tuhost přibližně odpovídá objemové tuhosti vlnovců respektive jejímu průmětu do axiálního směru (pressure thrust stiffness). V práci je představena metodika pro stanovení “pressure thrust stiffness” na základě geometrie vlnovce a také uvedeny parametry vlnovce díky kterým je možné měnit poměr mezi axiální a “pressure thrust stiffness” vlnovce. Tento poměr ovlivňuje v dané koncepci vzpěry její dynamické chování a tím i chování celého VIS. Pro predikci dynamického chování vzpěry byl vytvořen multi-body model VIS založeného na Stewartově plošině a detailnější model jediné vzpěry. Simulace provedené v tomto modelu odhalily parametry, které mají vliv na výkonost tlumiče ve VIS: časová odezva a dynamický rozsah. Díky modelu byl určen rozsah těchto parametrů, ve kterých bude zaručena efektivní funkce vzpěry ve VIS, konkrétně: časová odezva: 0-5ms, dynamický rozsah: 5-10. Před finálním návrhem vzpěry byla sestrojena vzpěra experimentální vzpěra, jejíž parametry byly přesně naměřeny a využity pro verifikaci jednotlivých modelů. Poznatky získané během experimentů byly využity při návrhu finální vzpěry. Jeden z nejdůležitějších poznatků byla nutnost náhrady feritového magnetického obvodu s ohledem na jeho křehkost. Proto byl odvozen tvarový přístup k navrhování rychlých magnetických obvodů z oceli s využitím 3D tisku, který byl následně patentován. Navržená vzpěra obsahuje magnetoreologický ventil jehož odezva je predikována na 1.2 ms a dynamický rozsah 10. V závěru práce je představena metodika, díky které byla vzpěra navržena.
59	Aircraft Fuel Consumption - Estimation and Visualization Burzlaff, Marcus January 2017 (has links) (PDF) In order to uncover the best kept secret in today's commercial aviation, this project deals with the calculation of fuel consumption of aircraft. With only the reference of the aircraft manufacturer's information, given within the airport planning documents, a method is established that allows computing values for the fuel consumption of every aircraft in question. The aircraft's fuel consumption per passenger and 100 flown kilometers decreases rapidly with range, until a near constant level is reached around the aircraft's average range. At longer range, where payload reduction becomes necessary, fuel consumption increases significantly. Numerical results are visualized, explained, and discussed. With regard to today's increasing number of long-haul flights, the results are investigated in terms of efficiency and viability. The environmental impact of burning fuel is not considered in this report. The presented method allows calculating aircraft type specific fuel consumption based on publicly available information. In this way, the fuel consumption of every aircraft can be investigated and can be discussed openly. ddc:620 info:eu-repo/classification/ddc/629.13 Luftfahrt Luftfahrzeug Flugmechanik Flugtriebwerk Aeronautics Airplanes Airplanes--Performance Airplanes--Fuel consumption aviation commercial aircraft passenger flight mechanics flight mechanics Breguet equation fuel consumption fuel consumption fuel burn payload range airport planning document long-haul environment saving
60	Application-Based Network Traffic Generator for Networking AI Model Development Alsulami, Khalil Ibrahim D 18 May 2021 (has links) No description available. Artificial Intelligence Communication Computer Engineering Computer Science Educational Software Educational Technology Electrical Engineering Information Science Information Systems Information Technology Systems Science Technical Communication Technology NS-3 Artificial Intelligent network traffic traffic generator traffic simulator LSTM AI classification PCAP traffic flow packets payload database traffic database AI network dataset AI-based network networking AI models AI algorithm Finding highest peaks

Search results