Global ETD Search

11	A Quantitative Security Assessment of Modern Cyber Attacks. A Framework for Quantifying Enterprise Security Risk Level Through System's Vulnerability Analysis by Detecting Known and Unknown Threats Munir, Rashid January 2014 (has links) Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically
12	Activity-Based Target Acquisition Methods for Use in Urban Environments Myles, Kimberly 06 August 2009 (has links) Many military conflicts are fought in urban environments that subject the U.S. soldier to a number of challenges not otherwise found in traditional battle. In the urban environment, the soldier is subject to threatening attacks not only from the organized army but also from civilians who harbor hostility. U.S. enemies use the civilian crowd as an unconventional tactic to blend in and look like civilians, and in response to this growing trend, soldiers must detect and identify civilians as a threat or non-threat. To identify a civilian as a threat, soldiers must familiarize themselves with behavioral cues that implicate threatening individuals. This study elicited expert strategies regarding how to use nonverbal cues to detect a threat and evaluated the best medium for distinguishing a threat from a non-threat to develop a training guide of heuristics for training novices (i.e., soldiers) in the threat detection domain. Forty experts from the threat detection domain were interviewed to obtain strategies regarding how to use nonverbal cues to detect a threat (Phase 1). The use of nonverbal cues in context and learning from intuitive individuals in the domain stood out as strategies that would promote the efficient use of nonverbal cues in detecting a threat. A new group of 14 experts judged scenarios presented in two media (visual, written) (Phase 2). Expert detection accuracy rates of 61% for the visual medium and 56% for the written medium were not significantly different, F (1, 13) = .44, p = .52. For Phase 3 of the study, a training development guide of heuristics was developed and eight different experts in the threat detection domain subjectively rated the heuristics for their importance and relevance in training novices. Nine heuristics were included in the training guide, and overall, experts gave all heuristics consistently high ratings for importance and relevance. The results of this study can be used to improve accuracy rates in the threat detection domain and other populations: 1) the soldier, 2) the average U.S. citizen, and 3) employees of the Transportation Security Administration. / Ph. D. covert mischievous intentions threat detection urban environment MOUT judgment and decision making nonverbal behavior
13	Design and Development of Intelligent Security Management Systems: Threat Detection and Response in Cyber-based Infrastructures Yahya Javed (11792741) 19 December 2021 (has links) <div>Cyber-based infrastructures and systems serve as the operational backbone of many industries and resilience of such systems against cyber-attacks is of paramount importance. As the complexity and scale of the Cyber-based Systems (CBSs) has increased many folds over the years, the attack surface has also been widened, making CBSs more vulnerable to cyber-attacks. This dissertation addresses the challenges in post intrusion security management operations of threat detection and threat response in the networks connecting CBSs. In threat detection, the increase in scale of cyber networks and the rise in sophistication of cyber-attacks has introduced several challenges. The primary challenge is the requirement to detect complex multi-stage cyber-attacks in realtime by processing the immense amount of traffic produced by present-day networks. In threat response, the issue of delay in responding to cyber-attacks and the functional interdependencies among different systems of CBS has been observed to have catastrophic effects, as a cyber attack that compromises one constituent system of a CBS can quickly disseminate to others. This can result in a cascade effect that can impair the operability of the entire CBS. To address the challenges in threat detection, this dissertation proposes PRISM, a hierarchical threat detection architecture that uses a novel attacker behavior model-based sampling technique to minimize the realtime traffic processing overhead. PRISM has a unique multi-layered architecture that monitors network traffic distributedly to provide efficiency in processing and modularity in design. PRISM employs a Hidden Markov Model-based prediction mechanism to identify multi-stage attacks and ascertain the attack progression for a proactive response. Furthermore, PRISM introduces a stream management procedure that rectifies the issue of alert reordering when collected from distributed alert reporting systems. To address the challenges in threat response, this dissertation presents TRAP, a novel threat response and recovery architecture that localizes the cyber-attack in a timely manner, and simultaneously recovers the affected system functionality. The dissertation presents comprehensive performance evaluation of PRISM and TRAP through extensive experimentation, and shows their effectiveness in identifying threats and responding to them while achieving all of their design objectives.</div> Computer Engineering Security Architecture threat detection threat response sampling algorithms Distributed computing prediction models cyber situation awareness Proactive responses System recovery
14	Analýza protokolů pro komunikaci v energetických sítích / An Analysis of Smart Grid Communication Protocols Sobotka, Lukáš January 2019 (has links) This work deals security of SCADA industry systems which are used in energetic networks. It describes architecture of those systems and also analyze in details two communication protocols -- DNP3 and IEC 60870-5-104. Next part is devoted to the analysis of anomaly and security threats which can be happen in SCADA systems. The main goal of this work is design and implementation of system which will be able to detect some of threats or anomalies. Also is necessary to propose simulation environment for testing.
15	A Multi-Modal Insider Threat Detection and Prevention based on Users' Behaviors Hashem, Yassir 08 1900 (has links) Insider threat is one of the greatest concerns for information security that could cause more significant financial losses and damages than any other attack. However, implementing an efficient detection system is a very challenging task. It has long been recognized that solutions to insider threats are mainly user-centric and several psychological and psychosocial models have been proposed. A user's psychophysiological behavior measures can provide an excellent source of information for detecting user's malicious behaviors and mitigating insider threats. In this dissertation, we propose a multi-modal framework based on the user's psychophysiological measures and computer-based behaviors to distinguish between a user's behaviors during regular activities versus malicious activities. We utilize several psychophysiological measures such as electroencephalogram (EEG), electrocardiogram (ECG), and eye movement and pupil behaviors along with the computer-based behaviors such as the mouse movement dynamics, and keystrokes dynamics to build our framework for detecting malicious insiders. We conduct human subject experiments to capture the psychophysiological measures and the computer-based behaviors for a group of participants while performing several computer-based activities in different scenarios. We analyze the behavioral measures, extract useful features, and evaluate their capability in detecting insider threats. We investigate each measure separately, then we use data fusion techniques to build two modules and a comprehensive multi-modal framework. The first module combines the synchronized EEG and ECG psychophysiological measures, and the second module combines the eye movement and pupil behaviors with the computer-based behaviors to detect the malicious insiders. The multi-modal framework utilizes all the measures and behaviors in one model to achieve better detection accuracy. Our findings demonstrate that psychophysiological measures can reveal valuable knowledge about a user's malicious intent and can be used as an effective indicator in designing insider threat monitoring and detection frameworks. Our work lays out the necessary foundation to establish a new generation of insider threat detection and mitigation mechanisms that are based on a user's involuntary behaviors, such as psychophysiological measures, and learn from the real-time data to determine whether a user is malicious. Computer Science Computer crimes -- Investigation.
16	Building a secure infrastructure for IoT systems in distributed environments / Une infrastructure sécurisée pour les systèmes IdO dans les environnements distribués Zhu, Xiaoyang 24 June 2019 (has links) Le principe de l'Internet des objets (IdO) est d'interconnecter non seulement les capteurs, les appareils mobiles et les ordinateurs, mais aussi les particuliers, les maisons, les bâtiments intelligents et les villes, ainsi que les réseaux électriques, les automobiles et les avions, pour n'en citer que quelques-uns. Toutefois, la réalisation de la connectivité étendue de l'IdO tout en assurant la sécurité et la confidentialité des utilisateurs reste un défi. Les systèmes IdO présentent de nombreuses caractéristiques non conventionnelles, telles que l'évolutivité, l'hétérogénéité, la mobilité et les ressources limitées, qui rendent les solutions de sécurité Internet existantes inadaptées aux systèmes basés sur IdO. En outre, l'IdO préconise des réseaux peer-to-peer où les utilisateurs, en tant que propriétaires, ont l'intention d'établir des politiques de sécurité pour contrôler leurs dispositifs ou services au lieu de s'en remettre à des tiers centralisés. En nous concentrant sur les défis scientifiques liés aux caractéristiques non conventionnelles de l'IdO et à la sécurité centrée sur l'utilisateur, nous proposons une infrastructure sécurisée de l'IdO activée par la technologie de la chaîne de blocs et pilotée par des réseaux peer-to-peer sans confiance. Notre infrastructure sécurisée IoT permet non seulement l'identification des individus et des collectifs, mais aussi l'identification fiable des objets IoT par leurs propriétaires en se référant à la chaîne de blocage des réseaux peer-to-peer sans confiance. La chaîne de blocs fournit à notre infrastructure sécurisée de l'IdO une base de données fiable, immuable et publique qui enregistre les identités individuelles et collectives, ce qui facilite la conception du protocole d'authentification simplifié de l'IdO sans dépendre des fournisseurs d'identité tiers. En outre, notre infrastructure sécurisée pour l'IdO adopte un paradigme d'IdO socialisé qui permet à toutes les entités de l'IdO (à savoir les individus, les collectifs, les choses) d'établir des relations et rend l'IdO extensible et omniprésent les réseaux où les propriétaires peuvent profiter des relations pour définir des politiques d'accès pour leurs appareils ou services. En outre, afin de protéger les opérations de notre infrastructure sécurisée de l'IdO contre les menaces de sécurité, nous introduisons également un mécanisme autonome de détection des menaces en complément de notre cadre de contrôle d'accès, qui peut surveiller en permanence le comportement anormal des opérations des dispositifs ou services. / The premise of the Internet of Things (IoT) is to interconnect not only sensors, mobile devices, and computers but also individuals, homes, smart buildings, and cities, as well as electrical grids, automobiles, and airplanes, to mention a few. However, realizing the extensive connectivity of IoT while ensuring user security and privacy still remains a challenge. There are many unconventional characteristics in IoT systems such as scalability, heterogeneity, mobility, and limited resources, which render existing Internet security solutions inadequate to IoT-based systems. Besides, the IoT advocates for peer-to-peer networks where users as owners intend to set security policies to control their devices or services instead of relying on some centralized third parties. By focusing on scientific challenges related to the IoT unconventional characteristics and user-centric security, we propose an IoT secure infrastructure enabled by the blockchain technology and driven by trustless peer-to-peer networks. Our IoT secure infrastructure allows not only the identification of individuals and collectives but also the trusted identification of IoT things through their owners by referring to the blockchain in trustless peer-to-peer networks. The blockchain provides our IoT secure infrastructure with a trustless, immutable and public ledger that records individuals and collectives identities, which facilitates the design of the simplified authentication protocol for IoT without relying on third-party identity providers. Besides, our IoT secure infrastructure adopts socialized IoT paradigm which allows all IoT entities (namely, individuals, collectives, things) to establish relationships and makes the IoT extensible and ubiquitous networks where owners can take advantage of relationships to set access policies for their devices or services. Furthermore, in order to protect operations of our IoT secure infrastructure against security threats, we also introduce an autonomic threat detection mechanism as the complementary of our access control framework, which can continuously monitor anomaly behavior of device or service operations. Informatique Internet des Objets Infrastructure sécurisée Sécurité informatique Réseau pair à pair Identitification Détection menaces Connectique étentue Blockchain Information Technology Internet of Things Secure infrastructure IT security Peer-To-Peer Networks Identification Threat detection Extensive connectivity Blockchain 004.678 207 2
17	Méthodes d'Analyse et de Recalage d'images radiographiques de fret et de Véhicules / Image Analysis and Registration Methods for Cargo and vehicles X-Ray Imaging Marciano, Abraham 03 July 2018 (has links) La société contemporaine fait face à un niveau de menace sans précédent depuis la seconde guerre mondiale. La lutte contre le trafic illicite mobilise aussi l’ensemble desorganes de police, visant à endiguer le financement du crime organisé. Dans cet effort, les autorités s’engagent à employer des moyens de plus en plus modernes, afin notamment d’automatiser les processus d’inspection. L’objectif de cette étude est de développer des outils de vision par ordinateur afin d’assister les officiers de douanes dans la détection d’armes et de narcotiques. Letravail présenté examine l’emploi de techniques avancées de classification et de recalage d’images pour l’identification d’irrégularités dans des acquisitions radiographiques de fret. Plutôt que de recourir à la reconnaissance par apprentissage, nos méthodes revêtent un intérêt particulier lorsque les objets ciblés présentent des caractéristiques visuelles variées. De plus, elles augmentent notablement la détectabilité d’éléments cachés dans des zones denses, là où même les algorithmes de reconnaissance n’identifieraient pas d’anomalie. Nos travaux détaillent l’état de l’art des méthodes de classification et de recalage, explorant aussi diverses pistes de résolution. Les algorithmes sont testés sur d’importantes bases de données pour apprécier visuellement et numériquement leurs performances / Our societies, faced with an unprecedented level of security threat since WWII, must provide fast and adaptable solutions to cope with a new kind of menace. Illicit trade also, oftencorrelated with criminal actions, is viewed as a defining stake by governments and agencies. Enforcement authorities are thus very demandingin terms of technological features, asthey explicitly aim at automating inspection processes. The main objective of our research is to develop assisting tools to detect weapons and narcotics for lawenforcement officers. In the present work, we intend to employ and customize both advanced classification and image registration techniques for irregularity detection in X-ray cargo screening scans. Rather than employing machine-learning recognition techniques, our methods prove to be very efficient while targeting a very diverse type of threats from which no specific features can be extracted. Moreover, the proposed techniques significantly enhance the detection capabilities for law-enforcement officers, particularly in dense regions where both humans or trained learning models would probably fail. Our work reviews state-of-the art methods in terms of classification and image registration. Various numerical solutions are also explored. The proposed algorithms are tested on a very large number ofimages, showing their necessity and performances both visually and numerically. Recalage d'images Méthodes variationelles Classification Analyse d’Images Images Radiographiques Détection de Menaces Méthodes de Minimisation d’Énergie Image registration Variational methods Classification Image Analysis X-ray Images Threat Detection Energy Minimization Methods 519
18	3D Object Detection Using Virtual Environment Assisted Deep Network Training Dale, Ashley S. 12 1900 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / An RGBZ synthetic dataset consisting of five object classes in a variety of virtual environments and orientations was combined with a small sample of real-world image data and used to train the Mask R-CNN (MR-CNN) architecture in a variety of configurations. When the MR-CNN architecture was initialized with MS COCO weights and the heads were trained with a mix of synthetic data and real world data, F1 scores improved in four of the five classes: The average maximum F1-score of all classes and all epochs for the networks trained with synthetic data is F1∗ = 0.91, compared to F1 = 0.89 for the networks trained exclusively with real data, and the standard deviation of the maximum mean F1-score for synthetically trained networks is σ∗ = 0.015, compared to σ_F1 = 0.020 for the networks trained exclusively with real F1 data. Various backgrounds in synthetic data were shown to have negligible impact on F1 scores, opening the door to abstract backgrounds and minimizing the need for intensive synthetic data fabrication. When the MR-CNN architecture was initialized with MS COCO weights and depth data was included in the training data, the net- work was shown to rely heavily on the initial convolutional input to feed features into the network, the image depth channel was shown to influence mask generation, and the image color channels were shown to influence object classification. A set of latent variables for a subset of the synthetic datatset was generated with a Variational Autoencoder then analyzed using Principle Component Analysis and Uniform Manifold Projection and Approximation (UMAP). The UMAP analysis showed no meaningful distinction between real-world and synthetic data, and a small bias towards clustering based on image background. Machine Learning MASK R-CNN ARTIFICIAL INTELLIGENCE IMAGE PROCESSING 3D IMAGE SIGNAL PROCESSING OBJECT DETECTION THREAT DETECTION VIRTUAL ENVIRONMENTS SYNTHETIC DATASET IMAGE SEGMENTATION RGBD RGBD VIDEO RGBZ ALGORITHM MS COCO TRANSFER LEARNING
19	3D OBJECT DETECTION USING VIRTUAL ENVIRONMENT ASSISTED DEEP NETWORK TRAINING Ashley S Dale (8771429) 07 January 2021 (has links) <div> <div> <div> <p>An RGBZ synthetic dataset consisting of five object classes in a variety of virtual environments and orientations was combined with a small sample of real-world image data and used to train the Mask R-CNN (MR-CNN) architecture in a variety of configurations. When the MR-CNN architecture was initialized with MS COCO weights and the heads were trained with a mix of synthetic data and real world data, F1 scores improved in four of the five classes: The average maximum F1-score of all classes and all epochs for the networks trained with synthetic data is F1∗ = 0.91, compared to F1 = 0.89 for the networks trained exclusively with real data, and the standard deviation of the maximum mean F1-score for synthetically trained networks is σ∗ <sub>F1 </sub>= 0.015, compared to σF 1 = 0.020 for the networks trained exclusively with real data. Various backgrounds in synthetic data were shown to have negligible impact on F1 scores, opening the door to abstract backgrounds and minimizing the need for intensive synthetic data fabrication. When the MR-CNN architecture was initialized with MS COCO weights and depth data was included in the training data, the net- work was shown to rely heavily on the initial convolutional input to feed features into the network, the image depth channel was shown to influence mask generation, and the image color channels were shown to influence object classification. A set of latent variables for a subset of the synthetic datatset was generated with a Variational Autoencoder then analyzed using Principle Component Analysis and Uniform Manifold Projection and Approximation (UMAP). The UMAP analysis showed no meaningful distinction between real-world and synthetic data, and a small bias towards clustering based on image background. </p></div></div></div> Computer Engineering Software Engineering Applied Computer Science Information Systems Signal Processing Computer Graphics Computer Vision Image Processing Pattern Recognition and Data Mining Simulation and Modelling Virtual Reality and Related Simulation Applied Discrete Mathematics Coding and Information Theory Conceptual Modelling Information Engineering and Theory Machine Learning Mask R-CNN Artificial Intelligence Image Processing 3D Image Multispectral Data Signal Processing CNN DNN Object Detection Threat Detection Virtual Environments Synthetic Dataset F1 score image segmentation methods Image Segmentation RGBD RGBD video RGBZ Algorithms MS COCO Microsoft Common Objects in Context Transfer Learning

Search results