• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 6
  • 2
  • 1
  • Tagged with
  • 11
  • 11
  • 3
  • 3
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Agentless endpoint security monitoring framework

Ghaleb, Asem 28 May 2019 (has links)
Existing endpoint security monitors use agents that must be installed on every computing host or endpoint. However, as the number of monitored hosts increases, agents installation, con figuration and maintenance become arduous and requires more efforts. Moreover, installed agents can increase the security threat footprint and several companies impose restrictions on using agents on every computing system. This work provides a generic agentless endpoint framework for security monitoring of computing systems. The computing hosts are accessed by the monitoring framework running on a central server. Since the monitoring framework is separate from the computing hosts for which the monitoring is being performed, the various security models of the framework can perform data retrieval and analysis without utilizing agents executing within the computing hosts. The monitoring framework retrieves transparently raw data from the monitored computing hosts that are then fed to the security modules integrated with the framework. These modules analyze the received data to perform security monitoring of the target computing hosts. As a use case, a real-time intrusion detection model has been implemented to detect abnormal behaviors on computing hosts based on the data collected using the introduced framework. / Graduate

Towards Better Kernel and Network Monitoring of Software Actions

Lei, Yunsen 15 May 2020 (has links)
Monitoring software actions is one of the most studied approaches to help security researchers understand how software interacts with the system or network. In many cases, monitoring is an important component to help detect attacks that use software vulnerabilities as a vector to compromise endpoints. Attacks are becoming more sophisticated and network use is growing dramatically. Both host-based and network-based monitoring are facing different challenges. A host-based approach has more insight into software's actions but puts itself at the risk of compromise. When deployed on the server endpoint, the lack of separation between different clients only further complicates the monitoring scope. Compared to network-based approaches, host-based monitoring usually loses control of a software's network trace once the network packet leaves the endpoint. On the other hand, network-based monitoring usually has full control of a software's network packets but confronts scalability problems as the network grows. This thesis focuses on the limitations of the current monitoring approaches and technologies and proposes different solutions to mitigate the current problem. For software-defined networking, we design and implement a host-based SDN system that achieves the same forwarding path control and packet rewriting functionality as a switch-based SDN. Our implementation empower the host-based SDN with more control in the network even without using any SDN-enabled middleboxes, allowing SDN adoption in large-scale deployments. We further corroborate flow reports from different host SDN agents to address the endpoint compromise problem. On the server endpoint, we leverage containers as a light-weight environment to separate different clients and build monitoring infrastructures to narrow down the monitoring scope that have the potential to facilitate further forensic analysis.

Optimal Cyber Security Placement Schemes for Smart City Infrastructures

Hasan, Md Mahmud January 2017 (has links)
The conceptual evolution of smart cities is highly motivated by the advancement of information and communication technologies (ICTs). The purpose of a smart city is to facilitate the best quality of life to its inhabitants. Its implementation has to be supported by the compliant utilities and networked infrastructures. In the current world, it can only be achieved by applying ICTs in an extensive manner. The move towards the smart city's seamless connectivity widens the scope of cyber security concerns. Smart city infrastructures to face a high risk of targeted attacks due to extended cyber-physical vulnerabilities. This creates many challenging research issues relevant to the design and implementation of cyber security solutions. Networks associated with city infrastructures vary from a small indoor one to a large geographically distributed one. The context of a network is an essential consideration for security solutions. This thesis investigates a set of optimal security placement problems for enhancing monitoring in smart city infrastructures. It develops solutions to such placement problems from a resource management perspective. Economy and quality-of-security service (QoSS) are two major design goals. Such goals are translated into three basic performance metrics: (i) coverage, (ii) tolerance, and (iii) latency. This thesis studies security placement problems pertaining to three different types of networks: (i) wireless sensor network (WSN), (ii) supervisory control and data acquisition (SCADA) backbone, and (iii) advanced metering infrastructure (AMI) wide area network (WAN). In a smart city, WSNs are deployed to support real time monitoring and safety alert (RTMSA) applications. They are highly resource constrained networks. For WSNs, placement problems for an internally configured security monitor named watchdog have been studied. On the other hand, a smart grid is a key driver for smart cities. SCADA and AMI are two major components of a smart grid. They are associated with two different types of geographically distributed networks. For SCADA backbones, placement problems for a specially designed security device named trust system have been studied. For AMI-WANs, placement problems for a cloud-based managed security service have been studied. This thesis proposes a number of promising solution schemes to such placement problems. It includes evaluation results that demonstrate the enhancements of the proposed schemes.

Service-Level Monitoring of HTTPS Traffic / Identification des Services dans le Trafic HTTPS

Shbair, Wazen M. 03 May 2017 (has links)
Dans cette thèse, nous dressons tout d'abord un bilan des différentes techniques d'identification de trafic et constatons l'absence de solution permettant une identification du trafic HTTPS à la fois précise et respectueuse de la vie privée des utilisateurs. Nous nous intéressons dans un premier temps à une technique récente, néanmoins déjà déployée, permettant la supervision du trafic HTTPS grâce à l'inspection du champ SNI, extension du protocole TLS. Nous montrons que deux stratégies permettent de contourner cette méthode. Comme remédiation, nous proposons une procédure de vérification supplémentaire basée sur un serveur DNS de confiance. Les résultats expérimentaux montrent que cette solution pragmatique est efficace. Ensuite, nous proposons une architecture qui permet l'identification des services dans le trafic HTTPS, en se basant sur l'apprentissage automatique. Nous avons ainsi défini un nouvel ensemble de caractéristiques statistiques combinées avec une identification à deux niveaux, identifiant d'abord le fournisseur de services, puis le service, selon notre évaluation à partir de trafic réel. Enfin, nous améliorons cette architecture afin de permettre l'identification du trafic en temps réel en ne considérant que les premiers paquets des flux plutôt que leur totalité. Pour évaluer notre approche, nous avons constitué un dataset comportant les flux complets de chargement des principaux sites web et l'avons rendu public pour comparaison. Nous présentons également un prototype de logiciel reconstituant les flux HTTPS en temps réel puis les identifiant / In this thesis, we provide a privacy preserving for monitoring HTTPS services. First, we first investigate a recent technique for HTTPS services monitoring that is based on the Server Name Indication (SNI) field of the TLS handshake. We show that this method has many weakness, which can be used to cheat monitoring solutions.To mitigate this issue, we propose a novel DNS-based approach to validate the claimed value of SNI. The evaluation show the ability to overcome the shortage. Second, we propose a robust framework to identify the accessed HTTPS services from a traffic dump, without relying neither on a header field nor on the payload content. Our evaluation based on real traffic shows that we can identify encrypted HTTPS services with high accuracy. Third, we have improved our framework to monitor HTTPS services in real-time. By extracting statistical features over the TLS handshake packets and a few application data packets, we can identify HTTPS services very early in the session. The obtained results and a prototype implementation show that our method offers good identification accuracy, high HTTPS flow processing throughput, and a low overhead delay

Security monitoring for network protocols and applications / Monitorage des aspects sécuritaires pour les protocoles de réseaux et applications

La, Vinh Hoa 21 October 2016 (has links)
La sécurité informatique, aussi connue comme la cyber-sécurité, est toujours un sujet d'actualité dans la recherche en sciences informatiques. Comme les cyber-attaques grandissent de plus en plus en volume et en sophistication, la protection des systèmes ou réseaux d'information devient une tâche difficile. Les chercheurs dans la communauté de recherche prêtent une attention constante à la sécurité, en particulier ils s'orientent vers deux directions principales: (i) - la conception des infrastructures sécurisées avec des protocoles de communication sécurisés et (ii) - surveillance / supervision des systèmes ou des réseaux afin de trouver et de remédier des vulnérabilités. La dernière vérifie que tout ce qui a été conçu dans la première fonctionne correctement et en toute sécurité, ainsi détectant les violations de sécurité. Ceci étant le sujet principal de cette thèse.Cette dissertation présente un cadre de surveillance de la sécurité en tenant en compte des différents types de jeu de données d'audit y compris le trafic de réseaux et les messages échangés dans les applications. Nous proposons également des approches innovantes fondées sur l'apprentissage statistique, la théorie de l'information et de l'apprentissage automatique pour prétraiter et analyser l'entrée de données. Notre cadre est validé dans une large gamme des études de cas, y compris la surveillance des réseaux traditionnels TCP / IP (v4) (LAN, WAN, la surveillance de l'Internet), la supervision des réseaux de objets connectés utilisant la technologie 6LoWPAN (IPv6), et également, l’analyse des logs d'autres applications. Enfin, nous fournissons une étude sur la tolérance d’intrusion par conception et proposons une approche basée sur l’émulation pour détecter et tolérer l’intrusion simultanément.Dans chaque étude de cas, nous décrivons comment nous collectons les jeux de données d'audit, extrayons les attributs pertinents, traitons les données reçues et décodons leur signification de sécurité. Pour attendre ces objectifs, l'outil MMT est utilisé comme le cœur de notre approche. Nous évaluons également la performance de la solution et sa possibilité de marcher dans les systèmes “à plus grande échelle” avec des jeux de données plus volumineux / Computer security, also known as cyber-security or IT security, is always an emerging topic in computer science research. Because cyber attacks are growing in both volume and sophistication, protecting information systems or networks becomes a difficult task. Therefore, researchers in research community give an ongoing attention in security including two main directions: (i)-designing secured infrastructures with secured communication protocols and (ii)-monitoring/supervising the systems or networks in order to find and re-mediate vulnerabilities. The former assists the later by forming some additional monitoring-supporting modules. Whilst, the later verifies whether everything designed in the former is correctly and securely functioning as well as detecting security violations. This is the main topic of this thesis.This dissertation presents a security monitoring framework that takes into consideration different types of audit dataset including network traffic and application logs. We propose also some novel approaches based on supervised machine learning to pre-process and analyze the data input. Our framework is validated in a wide range of case studies including traditional TCP/IPv4 network monitoring (LAN, WAN, Internet monitoring), IoT/WSN using 6LoWPAN technology (IPv6), and other applications' logs. Last but not least, we provide a study regarding intrusion tolerance by design and propose an emulation-based approach to simultaneously detect and tolerate intrusion.In each case study, we describe how we collect the audit dataset, extract the relevant attributes, handle received data and decode their security meaning. For these goals, the tool Montimage Monitoring Tool (MMT) is used as the core of our approach. We assess also the solution's performance and its possibility to work in "larger scale" systems with more voluminous dataset

Návrh zabezpečení průmyslového řídícího systému / Industrial control system security design

Strnad, Matěj January 2019 (has links)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.

A Framework Based On Continuous Security Monitoring

Erturk, Volkan 01 December 2008 (has links) (PDF)
Continuous security monitoring is the process of following up the IT systems by collecting measurements, reporting and analysis of the results for comparing the security level of the organization on continuous time axis to see how organizational security is progressing in the course of time. In the related literature there is very limited work done to continuously monitor the security of the organizations. In this thesis, a continuous security monitoring framework based on security metrics is proposed. Moreover, to decrease the burden of implementation a software tool called SecMon is introduced. The implementation of the framework in a public organization shows that the proposed system is successful for building an organizational memory and giving insight to the security stakeholders about the IT security level in the organization.


Schal, Stacey L 01 January 2013 (has links)
Water distribution systems are vulnerable to intentional, along with accidental, contamination of the water supply. Contamination warning systems (CWS) are strategies to lessen the effects of contamination by delivering early indication of an event. Online quality monitoring, a network of sensors that can assess water quality and alert an operator of contamination, is a critical component of CWS, but utilities are faced with the decision of what locations are optimal for deployment of sensors. A sensor placement algorithm was developed and implemented in a commercial network distribution model (i.e. KYPIPE) to aid small utilities in sensor placement. The developed sensor placement tool was then validated using 12 small distribution system models and multiple contamination scenarios for the placement of one and two sensors. This thesis also addresses the issue that many sensor placement algorithms require calibrated hydraulic/water quality models, but small utilities do not always possess the financial resources or expertise to build calibrated models. Because of such limitations, a simple procedure is proposed to recommend optimal placement of a sensor without the need for a model or complicated algorithm. The procedure uses simple information about the geometry of the system and does not require explicit information about flow dynamics.

Architecture and design requirements forEnterprise Security Monitoring Platform : Addressing security monitoring challenges in the financial services industry

Wierzbieniec, Gabriel January 2018 (has links)
Security Monitoring Platform (SMP) represents multiple detective controls applied inthe enterprise to protect against cyberattacks. Building SMP is a challenging task, as itconsists of multiple systems that require integration. This paper introduces a framework thatcompiles various aspects of Security Monitoring and presents respective requirements sets.SMP framework provides guidance for establishing a risk-based detection platform,augmented with automation, threat intelligence and analytics capabilities. It provides morebroad view on the problem of Security Monitoring in the enterprise context and can assist inthe platform creation. The proposed solution has been built using Design Science ResearchMethodology and contains of twenty requirements for building SMP. Expert evaluation andcomparison with similar frameworks show potential value in holistic approach to the problem,as well as indicate the need for further research.

Monitorování bezpečnosti firemní počítačové sítě / Company network security monitoring

Kališ, Martin January 2009 (has links)
Main focus of this work is on computer network security monitoring. In first part basic definitions for the area are formed and it also offers different ways to encompass monitoring into company security. Next part defines main functions of monitoring systems and provides guidelines for its implementation in organization. Practical part consists of defining key conditions for selection of monitoring solution and it also applies them when comparing several products available on the market. Then it presents author's view on future trends and development in this area based on facts from previous chapters. Whole work provides complete approach to security monitoring and offers definition of all key concepts and competencies for monitoring systems.

Page generated in 0.114 seconds