41 |
Generation of cyber attack data using generative techniquesNidhi Nandkishor Sakhala (6636128) 15 May 2019 (has links)
<div><div><div><p>The presence of attacks in day-to-day traffic flow in connected networks is considerably less compared to genuine traffic flow. Yet, the consequences of these attacks are disastrous. It is very important to identify if the network is being attacked and block these attempts to protect the network system. Failure to block these attacks can lead to loss of confidential information and reputation and can also lead to financial loss. One of the strategies to identify these attacks is to use machine learning algorithms that learn to identify attacks by looking at previous examples. But since the number of attacks is small, it is difficult to train these machine learning algorithms. This study aims to use generative techniques to create new attack samples that can be used to train the machine learning based intrusion detection systems to identify more attacks. Two metrics are used to verify that the training has improved and a binary classifier is used to perform a two-sample test for verifying the generated attacks.</p></div></div></div>
|
42 |
PERCEPTIONS OF PURPLE TEAMS AMONG CYBERSECURITY PROFESSIONALSSiddharth Chowdhury (6613439) 15 May 2019 (has links)
With constant technological advancements, the attacks against existing infrastructure is constantly increasing and causing more damage. The current Red and Blue team approach to cybersecurity assessments is used to test the effectiveness of security defenses and in identifying vulnerabilities before they are exploited. Due to a lack of collaboration and inherently contradicting natures of these teams, the credibility of audits is impacted. While this has led to the synergistic and collaborative Purple team, it is important to understand how cybersecurity professionals perceive this new concept and its function. Analyzing perceptions of self-reported cybersecurity professionals via an online survey showed most believed Purple teams were beneficial and should be created from and collaborate with Red and Blue teams. However, past Red team experience was negatively linked to perceived benefit. Those who had more years of experience or had been on Red teams were more likely to believe Purple teams may have ownership or learning issues. Furthermore, professionals identified active managerial involvement and project clarity as critical success factors for Purple teams. Alongside these, management could help find the right skillset, provide resources, and offer active direction in order to avoid issues and maximize outcomes. Based on assessment relevance, a collaborative agreed-upon methodology for Red, Blue, and Purple teams was provided.
|
43 |
Nasazení DNSSEC na klientské straně / Client side DNSSEC deploymentNekuža, Karel January 2018 (has links)
Diplomová práce se zabývá problémem přístupu koncového uživatele k odpovědím ověřeným pomocí protokolu DNSSEC. Práce posuzuje možnosti nasazení a nastavování resolveru za účelem zlepšení bezpečnosti pro koncové uživatele. V práci je navrhnuto řešení problému pro operační systém Fedora Workstation. Navrhnuté řešení je realizováno a porovnáno s již existujícím řesením.
|
44 |
Návrh zabezpečení průmyslového řídícího systému / Industrial control system security designStrnad, Matěj January 2019 (has links)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
|
45 |
Usage of Dynamic Analysis to Strengthen Control-Flow AnalysisPriyam Biswas (9761951) 14 December 2020 (has links)
<div>System programming languages such as C and C++ are ubiquitously used for systems software such as browsers and servers due to their flexibility and high performance. However, this flexibility comes with a price of lack of memory and type safety.</div><div><br></div><div>Control-Flow Hijacking (CFH), by taking advantage of the inherent lack of memory and type safety, has become one of the most common attack vectors against C/C++ programs. In such attacks, an attacker attempts to divert the normal control flow of the program to an attacker-controlled location. The most prominent defense against these kind of attacks is Control-Flow Integrity (CFI), which restricts the attack surface by limiting the set of possible targets for each indirect control-flow transfer. However, current analyses for the CFI target sets are highly conservative. Due to the ambiguity and imprecision in the analyses, CFI restricts adversaries to an over-approximation of the possible targets of individual indirect call sites. State-of-the-art CFI approaches fail to protect against special attack classes such as over-writing variadic function arguments. Furthermore, mitigation of control-flow attacks is not explored to its full potential in the context of language boundaries in current literature. Hence, we need effective solution to improve the precision of the CFI approaches as well as strong protection mechanisms against commonly abused corner cases.</div><div><br></div><div>We leverage the effectiveness of dynamic analysis in deriving a new approach to efficiently mitigate control-flow hijacking attacks. We present Ancile, a novel mechanism to improve the precision of the CFI mechanism by debloating any extraneous targets from the indirect control-flow transfers. We replaced the traditional static analysis approach for target discovery with seed demonstrated fuzzing. We have evaluated the effectiveness of our proposed mechanism with standard SPEC CPU benchmarks and other popular C and C++ applications.</div><div><br></div><div>To ensure complete security of C and C++ programs, we need to shield commonly exploited corners of C/C++ such as variadic functions. We performed extensive case studies to show the prevalence of such functions and their exploits. We also developed a sanitizer, HexVASAN, to effectively type-check and prevent any attack via variadic functions. CFH attacks, by abusing the difference of managed languages and their underlying system languages, are very frequent in client and server side programs. In order to safe-guard the control-flows in language boundaries, we propose a new mechanism, FitJit, to enforce type integrity. Finally, to understand the effectiveness of the dynamic analysis, we present Artemis, a comprehensive study of binary analysis on real world applications.</div>
|
46 |
ADVANCED LOW-COST ELECTRO-MAGNETIC AND MACHINE LEARNING SIDE-CHANNEL ATTACKSJosef A Danial (9520181) 16 December 2020 (has links)
Side-channel analysis (SCA) is a prominent tool to break mathematically secure cryptographic engines, especially on resource-constrained devices. SCA attacks utilize physical leakage vectors like the power consumption, electromagnetic (EM) radiation, timing, cache hits/misses, that reduce the complexity of determining a secret key drastically, going from 2<sup>128</sup> for brute force attacks to 2<sup>12</sup> for SCA in the case of AES-128. Additionally, EM SCA attacks can be performed non-invasively without any modifications to the target under attack, unlike power SCA. To develop defenses against EM SCA, designers must evaluate the cryptographic implementations against the most powerful side-channel attacks. In this work, systems and techniques that improve EM side-channel analysis have been explored, making it lower-cost and more accessible to the research community to develop better countermeasures against such attacks. The first chapter of this thesis presents SCNIFFER, a platform to perform efficient end-to-end EM SCA attacks. SCNIFFER introduces leakage localization – an often-overlooked step in EM attacks – into the loop of an attack. Following SCNIFFER, the second chapter presents a practical machine learning (ML) based EM SCA attack on AES-128. This attack addresses issues dealing with low signal-to-noise ratio (SNR) EM measurements, proposing training and pre-processing techniques to perform an efficient profiling attack. In the final chapter, methods for mapping from power to EM measurements, are analyzed, which can enable training a ML model with much lower number of encryption traces. Additionally, SCA evaluation of high-level synthesis (HLS) based cryptographic algorithms is performed, along with the study of futuristic neural encryption techniques.
|
47 |
Privacy Preserving Systems With Crowd BlendingMohsen Minaei (9525917) 16 December 2020 (has links)
<p>Over the years, the Internet has become a platform where individuals share their thoughts and personal information. In some cases, these content contain some damaging or sensitive information, which a malicious data collector can leverage to exploit the individual. Nevertheless, what people consider to be sensitive is a relative matter: it not only varies from one person to another but also changes through time. Therefore, it is hard to identify what content is considered sensitive or damaging, from the viewpoint of a malicious entity that does not target specific individuals, rather scavenges the data-sharing platforms to identify sensitive information as a whole. However, the actions that users take to change their privacy preferences or hide their information assists these malicious entities in discovering the sensitive content. </p><p><br></p><p>This thesis offers Crowd Blending techniques to create privacy-preserving systems while maintaining platform utility. In particular, we focus on two privacy tasks for two different data-sharing platforms— i) concealing content deletion on social media platforms and ii) concealing censored information in cryptocurrency blockchains. For the concealment of the content deletion problem, first, we survey the users of social platforms to understand their deletion privacy expectations. Second, based on the users’ needs, we propose two new privacy-preserving deletion mechanisms for the next generation of social platforms. Finally, we compare the effectiveness and usefulness of the proposed mechanisms with the current deployed ones through a user study survey. For the second problem of concealing censored information in cryptocurrencies, we present a provably secure stenography scheme using cryptocurrencies. We show the possibility of hiding censored information among transactions of cryptocurrencies.</p>
|
48 |
On Cyber-Physical Forensics, Attacks, and DefensesRohit Bhatia (8083268) 06 December 2019 (has links)
<div>Cyber-physical systems, through various sensors and actuators, are used to handle interactions of the cyber-world with the physical-world. Conventionally, the temporal component of the physical-world has been used only for estimating real-time deadlines and responsiveness of control-loop algorithms. However, there are various other applications where the relationship of the temporal component and the cyber-world are of interest. An example is the ability to reconstruct a sequence of past temporal activities from the current state of the cyber-world, which is of obvious interest to cyber-forensic investigators. Another example is the ability to control the temporal components in broadcast communication networks, which leads to new attack and defense capabilities. These relationships have not been explored traditionally.</div><div><br></div><div>To address this gap, this dissertation proposes three systems that cast light on the effect of temporal component of the physical-world on the cyber-world. First, we present Timeliner, a smartphone cyber-forensics technique that recovers past actions from a single static memory image. Following that, we present work on CAN (Controller Area Network), a broadcast communication network used in automotive applications. We show in DUET that the ability to control communication temporally allows two compromised ECUs, an attacker and an accomplice, to stealthily suppress and impersonate a victim ECU, even in the presence of a voltage-based intrusion detection system. In CANDID, we show that the ability to temporally control CAN communication opens up new defensive capabilities that make the CAN much more secure.</div><div><br></div><div>The evaluation results show that Timeliner is very accurate and can reveal past evidence (up to an hour) of user actions across various applications on Android devices. The results also show that DUET is highly effective at impersonating victim ECUs while evading both message-based and voltage-based intrusion detection systems, irrespective of the features and the training algorithms used. Finally, CANDID is able to provide new defensive capabilities to CAN environments with reasonable communication and computational overheads.</div><div><br></div>
|
49 |
Detection of IoT Botnets using Decision TreesMeghana Raghavendra (10723905) 29 April 2021 (has links)
<p>International Data Corporation<sup>[3]</sup> (IDC) data estimates that 152,200 Internet of things (IoT) devices will be connected to the Internet every minute by the year 2025. This rapid expansion in the utilization of IoT devices in everyday life leads to an increase in the attack surface for cybercriminals. IoT devices are frequently compromised and used for the creation of botnets. However, it is difficult to apply the traditional methods to counteract IoT botnets and thus calls for finding effective and efficient methods to mitigate such threats. In this work, the network snapshots of IoT traffic infected with two botnets, i.e., Mirai and Bashlite, are studied. Specifically, the collected datasets include network traffic from 9 different IoT devices such as baby monitor, doorbells, thermostat, web cameras, and security cameras. Each dataset consists of 115 stream aggregation feature statistics like weight, mean, covariance, correlation coefficient, standard deviation, radius, and magnitude with a timeframe decay factor, along with a class label defining the traffic as benign or anomalous.</p><p>The goal of the research is to identify a proper machine learning method that can detect IoT botnet traffic accurately and in real-time on IoT edge devices with low computation power, in order to form the first line of defense in an IoT network. The initial step is to identify the most important features that distinguish between benign and anomalous traffic for IoT devices. Specifically, the Input Perturbation Ranking algorithm<sup>[12]</sup> with XGBoost<sup>[26]</sup>is applied to find the 9 most important features among the 115 features. These 9 features can be collected in real time and be applied as inputs to any detection method. Next, a supervised predictive machine learning method, i.e., Decision Trees, is proposed for faster and accurate detection of botnet traffic. The advantage of using decision trees over other machine learning methodologies, is that it achieves accurate results with low computation time and power. Unlike deep learning methodologies, decision trees can provide visual representation of the decision making and detection process. This can be easily translated into explicit security policies in the IoT environment. In the experiments conducted, it can be clearly seen that decision trees can detect anomalous traffic with an accuracy of 99.997% and takes 59 seconds for training and 0.068 seconds for prediction, which is much faster than the state-of-art deep-learning based detector, i.e., Kitsune<sup>[4]</sup>. Moreover, our results show that decision trees have an extremely low false positive rate of 0.019%. Using the 9 most important features, decision trees can further reduce the processing time while maintaining the accuracy. Hence, decision trees with important features are able to accurately and efficiently detect IoT botnets in real time and on a low performance edge device such as Raspberry Pi<sup>[9]</sup>.</p>
|
50 |
ASSESSING AND IMPROVING SECURITY AWARENESS AND CONCERNS IN TELEWORKINGBiliangyu Wu (10716789) 29 April 2021 (has links)
<p>The unexpected
and unprecedented global pandemic of COVID-19 has brought dramatic changes to
the whole world. As a result of social distancing instituted to slow the pandemic,
teleworking has become the new norm in many organizations. The prevalence of
teleworking has brought not only benefits to organizations, but also security
risks. Although teleworking has existed for decades and many security related
issues have been studied by previous research, the researcher didn’t find any studies
that have assessed organization employee’s security awareness and concerns in
teleworking. Considering the vital importance of human security awareness in
protecting information security, it is necessary to learn the security
awareness situation in teleworking. Furthermore, employees with low security
awareness should be trained to improve the awareness level. Therefore, this
research intends to examine the current teleworking security awareness and
concerns in organizations by conducting a survey of workers. Through the survey
answers, the researcher found that the security awareness varies in groups of
teleworkers who are at different ages, from different industries and
different-sized organizations. Meanwhile, the researcher also found that
COVID-19 pandemic does not have much impact on people’s security concern in
teleworking scenarios. <br></p>
|
Page generated in 0.0733 seconds