Global ETD Search

21	Metadata Foundations for the Life Cycle Management of Software Systems Mr David Hyland-Wood Unknown Date (has links) No description available.
22	Model of detection of phishing URLsbased on machine learning Burbela, Kateryna January 2023 (has links) Background: Phishing attacks continue to pose a significant threat to internetsecurity. One of the most common forms of phishing is through URLs, whereattackers disguise malicious URLs as legitimate ones to trick users into clickingon them. Machine learning techniques have shown promise in detecting phishingURLs, but their effectiveness can vary depending on the approach used.Objectives: The objective of this research is to propose an ensemble of twomachine learning techniques, Convolutional Neural Networks (CNN) and MultiHead Self-Attention (MHSA), for detecting phishing URLs. The goal is toevaluate and compare the effectiveness of this approach against other methodsand models.Methods: a dataset of URLs was collected and labeled as either phishing orlegitimate. The performance of several models using different machine learningtechniques, including CNN and MHSA, to classify these URLs was evaluatedusing various metrics, such as accuracy, precision, recall, and F1-score.Results: The results show that the ensemble of CNN and MHSA outperformsother individual models and achieves an accuracy of 98.3%. Which comparing tothe existing state-of-the-art techniques provides significant improvements indetecting phishing URLs.Conclusions: In conclusion, the ensemble of CNN and MHSA is an effectiveapproach for detecting phishing URLs. The method outperforms existing state-ofthe-art techniques, providing a more accurate and reliable method for detectingphishing URLs. The results of this study demonstrate the potential of ensemblemethods in improving the accuracy and reliability of machine learning-basedphishing URL detection. Phishing URL address Deep learning Convolutional layer Multi-head self-attention. Computer Sciences Datavetenskap (datalogi)
23	iOS vs Android: Security of Inter-App Communication Holmberg, Albin January 2022 (has links) Android and iOS are the world leading mobile operating systems in today’s growing market of handheld devices. Third-party applications are an important aspect of these systems but can also provide an attack-vector for exploiting other installed applications. Previous studies have shown that the Android inter- app communication (IAC) mechanism Intent can be used for causing harm to other apps. In contrast, research involving iOS app communication have been sparse because of the closed nature of the iOS ecosystem. One of the previous studies showed the possibility of using Android Intents for hijacking and forging payments between a company application providing payments via the Swedish payment application Swish and their App2App API. This study extends this previous work by creating an artifact that performs the same exploit on the iOS platform. iOS uses a URL-scheme for opening and sending data between applications. This mechanism is used for creating the communication between apps and finding out if payment information sent via the URL- scheme can be hijacked instead of arriving at the intended Swish application. The experiences drawn from the exploit were used in combination with the previous work to find differences between the IAC mechanisms. Finally, a literature study is presented with the latest mitigation techniques for IAC vulnerabilities. iOS Security Android Security URL-scheme Hijack Intent Hijack Swish Software Engineering Programvaruteknik
24	Evaluation of machine learning models for classifying malicious URLs Abad, Shayan, Gholamy, Hassan January 2023 (has links) Millions of new websites are created daily, making it challenging to determine which ones are safe. Cybersecurity involves protecting companies and users from cyberattacks. Cybercriminals exploit various methods, including phishing attacks, to trick users into revealing sensitive information. In Australia alone, there were over 74,000 reported phishing attacks in 2022, resulting in a financial loss of over $24 million. Artificial intelligence (AI) and machine learning are effective tools in various domains, such as cancer detection, financial fraud detection, and chatbot development. Machine learning models, such as Random Forest and Support Vector Machines, are commonly used for classification tasks. With the rise of cybercrime, it is crucial to use machine learning to identify both known and new malicious URLs. The purpose of the study is to compare different instance selection methods and machine learning models for classifying malicious URLs. In this study, a dataset containing approximately 650,000 URLs from Kaggle was used. The dataset consisted of four categories: phishing, defacement, malware, and benign URLs. Three datasets, each consisting of around 170,000 URLs, were generated using instance selection methods (DRLSH, BPLSH, and random selection) implemented in MATLAB. Machine learning models, including SVM, DT, KNNs, and RF, were employed. The study applied these instance selection methods to a dataset of malicious URLs, trained the machine learning models on the resulting datasets, and evaluated their performance using 16 features and one output feature. In the process of hyperparameter tuning, the training dataset was used to train four models with different hyperparameter settings. Bayesian optimization was employed to find the best hyperparameters for each model. The classification process was then conducted, and the results were compared. The study found that the random instance selection method outperformed the other two methods, BPLSH and DRLSH, in terms of both accuracy and elapsed time for data selection. The lower accuracies achieved by the DRLSH and BPLSH methods may be attributed to the imbalanced dataset, which led to poor sample selection. Machine learning Cyber security Classification Malicious URL Instance selection Computer Engineering Datorteknik
25	Event-related Collections Understanding and Services Li, Liuqing 18 March 2020 (has links) Event-related collections, including both tweets and webpages, have valuable information, and are worth exploring in interdisciplinary research and education. Unfortunately, such data is noisy, so this variety of information has not been adequately exploited. Further, for better understanding, more knowledge hidden behind events needs to be unearthed. Regarding these collections, different societies may have different requirements in particular scenarios. Some may need relatively clean datasets for data exploration and data mining. Social researchers require preprocessing of information, so they can conduct analyses. General societies are interested in the overall descriptions of events. However, few systems, tools, or methods exist to support the flexible use of event-related collections. In this research, we propose a new, integrated system to process and analyze event-related collections at different levels (i.e., data, information, and knowledge). It also provides various services and covers the most important stages in a system pipeline, including collection development, curation, analysis, integration, and visualization. Firstly, we propose a query likelihood model with pre-query design and post-query expansion to rank a webpage corpus by query generation probability, and retrieve relevant webpages from event-related tweet collections. We further preserve webpage data into WARC files and enrich original tweets with webpages in JSON format. As an application of data management, we conduct an empirical study of the embedded URLs in tweets based on collection development and data curation techniques. Secondly, we develop TwiRole, an integrated model for 3-way user classification on Twitter, which detects brand-related, female-related, and male-related tweeters through multiple features with both machine learning (i.e., random forest classifier) and deep learning (i.e., an 18-layer ResNet) techniques. As guidance to user-centered social research at the information level, we combine TwiRole with a pre-trained recurrent neural network-based emotion detection model, and carry out tweeting pattern analyses on disaster-related collections. Finally, we propose a tweet-guided multi-document summarization (TMDS) model, which generates summaries of the event-related collections by using tweets associated with those events. The TMDS model also considers three aspects of named entities (i.e., importance, relatedness, and diversity) as well as topics, to score sentences in webpages, and then rank selected relevant sentences in proper order for summarization. The entire system is realized using many technologies, such as collection development, natural language processing, machine learning, and deep learning. For each part, comprehensive evaluations are carried out, that confirm the effectiveness and accuracy of our proposed approaches. Regarding broader impact, the outcomes proposed in our study can be easily adopted or extended for further event analyses and service development. / Doctor of Philosophy / Event-related collections, including both tweets and webpages, have valuable information. They are worth exploring in interdisciplinary research and education. Unfortunately, such data is noisy. Many tweets and webpages are not relevant to the events. This leads to difficulties during data analysis of the datasets, as well as explanation of the results. Further, for better understanding, more knowledge hidden behind events needs to be unearthed. Regarding these collections, different groups of people may have different requirements. Some may need relatively clean datasets for data exploration. Some require preprocessing of information, so they can conduct analyses, e.g., based on tweeter type or content topic. General societies are interested in the overall descriptions of events. However, few systems, tools, or methods exist to support the flexible use of event-related collections. Accordingly, we describe our new framework and integrated system to process and analyze event-related collections. It provides varied services and covers the most important stages in a system pipeline. It has sub-systems to clean, manage, analyze, integrate, and visualize event-related collections. It takes an event-related tweet collection as input and generates an event-related webpage corpus by leveraging Wikipedia and the URLs embedded in tweets. It also combines and enriches original tweets with webpages. As an application of data management, we conduct an empirical study of tweets and their embedded URLs. We developed TwiRole for 3-way user classification on Twitter. It detects brand-related, female-related, and male-related tweeters through their profiles, tweets, and images. To aid user-centered social research, we combine TwiRole with an existing emotion detection tool, and carry out tweeting pattern analyses on disaster-related collections. Finally, we propose a tweet-guided multi-document summarization (TMDS) model and service, which generates summaries of the event-related collections by using tweets associated with those events. It extracts important sentences across different topics from webpages, and organizes them in proper order. The entire system is realized using many technologies, such as collection development, natural language processing, machine learning, and deep learning. For each part, comprehensive evaluations help confirm the effectiveness and accuracy of our proposed approaches. Regarding broader impact, our methods and system can be easily adopted or extended for further event analyses and service development. Event-related Collections Collection Development Curation URL Analysis User Classification Tweeting Pattern Analysis Webpages Text Summarization
26	Avtalslicensens förhållande till konkurrensrätten : När strider utövandet av en avtalslicens mot konkurrenslagstiftningen? Palmroos, Jenny January 2012 (has links) Abstract Copyright is designed to not interfere with society's general and overriding interest of effective competition. An effective market competition benefits consumers by lowering prices, raising the quality and expands the range of goods and services. The purpose of the paper is to investigate if the collecting societies licensing violates competition laws. On the basis of the investigation regarding the bill for a new Swedish copyright law (URL), mainly the new wording that regulates the license agreement, corresponds to the EU competition rules and customs within the area. The collecting societies licensing violates the competition laws in the following cases • Discrimination of members because of nationality • Authors transferring their sole rights to global exploitation • The collecting society have the right to manage the rights after the author have left as a member • Users that are established abroad do not get access to the repertoire of the collecting societies, the same goes for concerted practice if this is the purpose or result • Parallel behaviours that cannot be explained objectively • Dividing the market • Fixed Prices • Refusal to sign multi-territorial licenses • Apply different conditions for equivalent transactions resulting in competition disadvantages for a company that cannot be justified by reasonable causes Currently there are no indications that the new bill to a new URL violates EU law. The author of the paper thinks this may change if the collective management extends, so that other member states get the extended license agreements, then the single market is affected by the competition restriction that the new bill to the URL mean. The author of the paper thinks that the bill for a new URL should be changed so that a collective society will not get monopoly to sign licenses with extended license agreements. / Sammanfattning Upphovsrätten är utformad i syfte att inte inkräkta på samhällets generella och överordnade intresse av en effektiv konkurrens. En effektiv marknadskonkurrens gynnar konsumenterna genom att den pressar priserna, höjer kvaliteten och ökar utbudet av varor och tjänster. Syftet med uppsatsen är att utreda om upphovsrättsorganisationernas licensering strider mot konkurrenslagstiftningen. Utifrån den utredningen granskas om lagförslaget till en ny URL, framförallt den nya lydelsen som reglerar avtalslicenser, stämmer överens med EU:s konkurrensregler och praxis på området. I följande fall strider upphovsrättsorganisations licensering mot konkurrensrätten • Diskriminering av medlemmarna på grund av nationalitet • Upphovsmännen överlåter sina rättigheter med ensamrätt för en global exploatering • Upphovsrättsorganisationen har rätt att förvalta rättigheterna efter att upphovsmannen utträtt som medlem • Användare som är etablerade utomlands får inte tillgång till upphovsrättsorganisationens repertoar, gäller även samordnade förfaranden om detta är syftet eller resultatet • Parallella beteenden som inte kan förklaras objektivt • Uppdelning av marknaden • Prissamarbeten • Vägra teckna multi-territoriella licenser • Tillämpa olika villkor för likvärdiga transaktioner med följden att ena bolaget får en konkurrensnackdel som inte går att rättfärdiga genom sakliga skäl I nuläget finns inget som tyder på att det nya lagförslaget till en ny URL strider mot EU-rätten. Enligt uppsatsförfattarens åsikt kan detta ändras om den kollektiva förvaltningen utökas så att den får avtalslicensverkan även i andra medlemsländer varpå den inre marknaden påverkas av den konkurrensbegränsning som det nya lagförslaget till en ny URL innebär. Uppsatsförfattaren anser att lagförslaget till en ny URL bör ändras så att inte en upphovsrättsorganisation ges monopol att teckna licens med avtalslicensverkan. Copyright competition law abuse of dominant position Article 102 TFEU restrictive agreements Article 101 TFEU Upphovsrätt avtalslicens 3 a kap 42 a § URL konkurrensrätt
27	Detekce škodlivých webových stránek pomocí strojového učení / Detection of Malicious Websites using Machine Learning Šulák, Ladislav January 2018 (has links) Táto práca sa zaoberá problematikou škodlivého kódu na webe so zameraním na analýzu a detekciu škodlivého JavaScriptu umiestneného na strane klienta s využitím strojového učenia. Navrhnutý prístup využíva známe i nové pozorovania s ohľadom na rozdiely medzi škodlivými a legitímnymi vzorkami. Tento prístup má potenciál detekovať nové exploity i zero-day útoky. Systém pre takúto detekciu bol implementovaný a využíva modely strojového učenia. Výkon modelov bol evaluovaný pomocou F1-skóre na základe niekoľkých experimentov. Použitie rozhodovacích stromov sa podľa experimentov ukázalo ako najefektívnejšia možnosť. Najefektívnejším modelom sa ukázal byť Adaboost klasifikátor s dosiahnutým F1-skóre až 99.16 %. Tento model pracoval s 200 inštanciami randomizovaného rozhodovacieho stromu založeného na algoritme Extra-Trees. Viacvrstvový perceptrón bol druhým najlepším modelom s dosiahnutým F1-skóre 97.94 %.
28	Malicious Entity Categorization using Graph modelling / Skadlig Entity Kategorisering med användning graf modellering Srinivaasan, Gayathri January 2016 (has links) Today, malware authors not only write malicious software but also employ obfuscation, polymorphism, packing and endless such evasive techniques to escape detection by Anti-Virus Products (AVP). Besides the individual behavior of malware, the relations that exist among them play an important role for improving malware detection. This work aims to enable malware analysts at F-Secure Labs to explore various such relationships between malicious URLs and file samples in addition to their individual behavior and activity. The current detection methods at F-Secure Labs analyze unknown URLs and file samples independently without taking into account the correlations that might exist between them. Such traditional classification methods perform well but are not efficient at identifying complex multi-stage malware that hide their activity. The interactions between malware may include any type of network activity, dropping, downloading, etc. For instance, an unknown downloader that connects to a malicious website which in turn drops a malicious payload, should indeed be blacklisted. Such analysis can help block the malware infection at its source and also comprehend the whole infection chain. The outcome of this proof-of-concept study is a system that detects new malware using graph modelling to infer their relationship to known malware as part of the malware classification services at F-Secure. / Idag, skadliga program inte bara skriva skadlig programvara men också använda förvirring, polymorﬁsm, packning och ändlösa sådana undan tekniker för att ﬂy detektering av antivirusprodukter (AVP). Förutom individens beteende av skadlig kod, de relationer som ﬁnns mellan dem spelar en viktig roll för att förbättra detektering av skadlig kod. Detta arbete syftar till att ge skadliga analytiker på F-Secure Labs att utforska olika sådana relationer mellan skadliga URL: er och ﬁl prover i Förutom deras individuella beteende och aktivitet. De aktuella detektionsmetoder på F-Secure Labs analysera okända webbadresser och ﬁl prover oberoende utan med beaktande av de korrelationer som kan ﬁnnas mellan dem. Sådan traditionella klassiﬁceringsmetoder fungerar bra men är inte effektiva på att identiﬁera komplexa ﬂerstegs skadlig kod som döljer sin aktivitet. Interaktioner mellan malware kan innefatta någon typ av nätverksaktivitet, släppa, nedladdning, etc. Till exempel, en okänd loader som ansluter till en skadlig webbplats som i sin tur släpper en skadlig nyttolast, bör verkligen vara svartlistad. En sådan analys kan hjälpa till att blockera malware infektion vid källan och även förstå hela infektion kedja. Resultatet av denna proof-of-concept studien är ett system som upptäcker ny skadlig kod med hjälp av diagram modellering för att sluta deras förhållande till kända skadliga program som en del av de skadliga klassiﬁcerings tjänster på F-Secure. malware classification graph modelling graph mining downloader payload URL file sample graph traversal malware klassificering graf modellering graf gruvdrift dataöverföring nyttolast URL fil prov graf traverse Computer and Information Sciences Data- och informationsvetenskap
29	Automatizace spolupracujících modulů pro online podnikání / Automation of Cooperating Modules for e-Business Vaďura, Pavel January 2017 (has links) This thesis discusses the design of API interface for applications for IT STUDIO s.r.o. and of the e-commerce calendar, using the API. In the introduction, there is described the system of the World Wide Web and its most important parts, including the possible protocols for implementing interfaces. The next part deals with the specifcation, analysis, interface design and application design. The implementation section describes used libraries and chosen solutions, including the description of possible alternatives.
30	Longitudinal study of links, linkshorteners, and Bitly usage on Twitter / Longitudinella mätningar av länkar, länkförkortare och Bitly använding på Twitter Moström, Mathilda, Edberg, Alexander January 2020 (has links) Social networks attract millions of users who want to share information and connect with people. One of those platforms are Twitter,which has the power to greatly shape people's opinions and thoughts. It is therefore important to understand how information is shared among users. In this thesis, we characterize the link sharing usage on Twitter, placing particular focus on third-party link shortener services that hide the actual URL from the users until the users click on a generic, shortened URL, focusing mainly on the link management platform Bitly. The purpose of this thesis is to analyze link usage among users over a specific time period, the domains that different users and link shortens direct their users to and compare the click rates of such links with the corresponding retweet rates to see how this vary over time. We use a measurement framework that is developed by two other students from Linköping University to collect datasets over different time periods. First, we will compare a one-week-long dataset from the spring of 2019 to one that is gathered one year later in the spring of 2020. Two additional one-week-long datasets has also been collected during the spring of 2020. We use the two main datasets, separated by a year, to evaluate long-term differences, and the three datasets from the spring of 2020 to analyze shorter-term variations in the link usage. The study highlights with this approach is to be able to highlight significant patterns over time, including with regard to what domains that are tweeted. We have found that the usage of URL link shorterns has not decreased over the last year, though the usage of specifically Bitly has done so. The top domains with highest occurrences from 2019 did not get to keep their high rankings in 2020, this is especially true for facebook.com whose occurrence has dropped by 2.7 percentage points in 2020. Our conclusion is that the difference between the years is not huge but that there are some interesting trends and patterns. Given the prevailing pandemic Covid-19, we have also chosen to do a minor analysis of how many users of Twitter link to domains related to this. It turned out that the link sharing of Covid-19 related substances decreased quite sharply during our analysis period. Linkshortener Bilty Twitter Link usage URL-shortener Longitudinal study of links Engineering and Technology Teknik och teknologier Computer Sciences Datavetenskap (datalogi)

Search results