Relevant bibliographies by topics / Computer network security / Dissertations / Theses
To see the other types of publications on this topic, follow the link: Computer network security.

Dissertations / Theses on the topic 'Computer network security'

Author: Grafiati
Published: 4 June 2021
Last updated: 14 March 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 dissertations / theses for your research on the topic 'Computer network security.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.

1

Burchett, Ian. "Quantifying Computer Network Security." TopSCHOLAR®, 2011. http://digitalcommons.wku.edu/theses/1118.

Full text
Abstract:
Simplifying network security data to the point that it is readily accessible and usable by a wider audience is increasingly becoming important, as networks become larger and security conditions and threats become more dynamic and complex, requiring a broader and more varied security staff makeup. With the need for a simple metric to quantify the security level on a network, this thesis proposes: simplify a network’s security risk level into a simple metric. Methods for this simplification of an entire network’s security level are conducted on several characteristic networks. Identification of computer network port vulnerabilities from NIST’s Network Vulnerability Database (NVD) are conducted, and via utilization of NVD’s Common Vulnerability Scoring System values, composite scores are created for each computer on the network, and then collectively a composite score is computed for the entire network, which accurately represents the health of the entire network. Special concerns about small numbers of highly vulnerable computers or especially critical members of the network are confronted.
APA, Harvard, Vancouver, ISO, and other styles
2

Skaria, Sherin, and Fazely Hamedani Amir Reza. "Network Security Issues, Tools for Testing Security in Computer Network and Development Solution for Improving Security in Computer Network." Thesis, Halmstad University, Halmstad University, Halmstad University, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-4396.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Lomas, Thomas Mark Angus. "Aspects of computer network security." Thesis, University of Cambridge, 1992. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.241051.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Holtje, Carl. "Security in serverless network environments /." Link to online version, 2004. https://ritdml.rit.edu/dspace/handle/1850/439.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Deccio, Casey T. "Network-layer Selective Security." Diss., CLICK HERE for online access, 2004. http://contentdm.lib.byu.edu/ETD/image/etd560.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Ali, Dana, and Goran Kap. "Statistical Analysis of Computer Network Security." Thesis, KTH, Matematisk statistik, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-129948.

Full text
Abstract:
In this thesis it isshown how to measure the annual loss expectancy of computer networks due to therisk of cyber attacks. With the development of metrics for measuring theexploitation difficulty of identified software vulnerabilities, it is possibleto make a measurement of the annual loss expectancy for computer networks usingBayesian networks. To enable the computations, computer net-work vulnerabilitydata in the form of vulnerability model descriptions, vulnerable dataconnectivity relations and intrusion detection system measurements aretransformed into vector based numerical form. This data is then used to generatea probabilistic attack graph which is a Bayesian network of an attack graph.The probabilistic attack graph forms the basis for computing the annualizedloss expectancy of a computer network. Further, it is shown how to compute anoptimized order of vulnerability patching to mitigate the annual lossexpectancy. An example of computation of the annual loss expectancy is providedfor a small invented example network
APA, Harvard, Vancouver, ISO, and other styles
7

Dalwadi, Chintan. "Network and data security." Birmingham, Ala. : University of Alabama at Birmingham, 2006. http://www.mhsl.uab.edu/dt/2006m/dalwadi.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Hausrath, Nathaniel L. "Methods for Hospital Network and Computer Security." University of Cincinnati / OhioLINK, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Mohammed, Ali, Sachin Sama, and Majeed Mohammed. "Enhancing Network Security in Linux Environment." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-17144.

Full text
Abstract:
Designing a secured network is the most important task in any enterprise or organization development. Securing a network mainly involves applying policies and procedures to protect different network devices from unauthorized access. Servers such as web servers, file servers, mail servers, etc., are the important devices in a network. Therefore, securing these servers is the first and foremost step followed in every security implementation mechanism. To implement this, it is very important to analyse and study the security mechanisms provided by the operating system. This makes it easier for security implementation in a network. This thesis work demonstrates the tasks needed to enhance the network security in Linux environment. The various security modules existing in Linux makes it different from other operating systems. The security measures which are mainly needed to enhance the system security are documented as a baseline for practical implementation. After analysing the security measures for implementing network security, it is important to understand the role of network monitoring tools and Linux inbuilt log management in maintaining the security of a network. This is accomplished by presenting a detailed discussion on network monitoring tools and log management in Linux. In order to test the network security, a network is designed using Linux systems by configuring different servers and application firewall for packet filtering. The security measures configured on each server to enhance its security are presented as part of the implementation. The results obtained while an unauthorized user accessing the servers from the external network are also documented along with attack information retrieved by different network monitoring tools and Linux inbuilt log messages.
APA, Harvard, Vancouver, ISO, and other styles
10

Dobson, Lucas E. "Security analysis of session initiation protocol." Thesis, Monterey, California : Naval Postgraduate School, 2010. http://edocs.nps.edu/npspubs/scholarly/theses/2010/Jun/10Jun%5FDobson.pdf.

Full text
Abstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, June 2010.
Thesis Advisor(s): Dinolt, George ; Eagle, Chris. "June 2010." Description based on title screen as viewed on July 13, 2010. Author(s) subject terms: Session initiation protocol, voice over IP, information security, siproxd, linphone, Qutecom, osip, eXosip Includes bibliographical references (p. 77-78). Also available in print.
APA, Harvard, Vancouver, ISO, and other styles
11

El, Salamouny Ehab. "Probabilistic trust models in network security." Thesis, University of Southampton, 2011. https://eprints.soton.ac.uk/179163/.

Full text
Abstract:
One of the dominant properties of a global computing network is the incomplete information available to principals about each other. This was the motivation of using the notion of probabilistic trust as an approach to security sensitive decision making in modern open and global computing systems. In such systems any principal A uses the outcomes of past interactions with another principal B to construct a probabilistic model approximating the behaviour of B. Using this model, the principal A can take decisions regarding interactions with B by estimating its future actions. Many existing frameworks adopt the so-called ‘Beta model’. The main limitation of these frameworks is that they assume the behaviour of any principal to be fixed, which is not realistic in many cases. In this thesis, we first address the application of probabilistic trust to optimise security protocols, and specifically give an example where the Crowds anonymity protocol is extended to use trust information. We then address the problem of evaluating probabilistic trust in principals exhibiting dynamic behaviours. In this respect, we formally analyse the ‘exponential decay’ technique as an approach to coping with principals’ dynamic behaviours. Given the identified limitations of this technique, a more general framework for trust and reputation is introduced. In this framework, Hidden Markov Models (HMMs) are used for modelling the dynamic behaviours of principals. This framework is formally analysed in terms of a notion of ‘estimation error’. Using an experimental approach based on Monte-Carlo methods to evaluate the expected estimation error, the introduced HMM-based framework for trust and reputation is compared to the existing Beta framework. The results show in general that the latter is getting more promising in evaluating trust in principals (‘trustees’) having dynamic behaviours as longer sequences of observations are available about such trustees.
APA, Harvard, Vancouver, ISO, and other styles
12

Baratz, Joshua W. (Joshua William) 1981. "Regions Security Policy (RSP) : applying regions to network security." Thesis, Massachusetts Institute of Technology, 2004. http://hdl.handle.net/1721.1/17933.

Full text
Abstract:
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.
Includes bibliographical references (p. 51-54).
The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly.
by Joshua W. Baratz.
M.Eng.and S.B.
APA, Harvard, Vancouver, ISO, and other styles
13

Teoh, Soon Tee. "Interactive visualization techniques for computer network security /." For electronic version search Digital dissertations database. Restricted to UC campuses. Access is free to UC campus dissertations, 2004. http://uclibs.org/PID/11984.

Full text
APA, Harvard, Vancouver, ISO, and other styles
14

Umeh, Njideka Adaku. "Security architecture methodology for large net-centric systems." Diss., Rolla, Mo. : University of Missouri-Rolla, 2007. http://scholarsmine.mst.edu/thesis/Umeh_09007dcc8049b3f0.pdf.

Full text
Abstract:
Thesis (M.S.)--University of Missouri--Rolla, 2007.
Vita. The entire thesis text is included in file. Title from title screen of thesis/dissertation PDF file (viewed December 6, 2007) Includes bibliographical references (p. 60-63).
APA, Harvard, Vancouver, ISO, and other styles
15

Ortwein, Michael T. "Establishing Regis network security policy." [Denver, Colo.] : Regis University, 2005. http://165.236.235.140/lib/MOrtwein2005.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Lessner, Dirk. "Network security for embedded systems /." [St. Lucia, Qld.], 2005. http://adt.library.uq.edu.au/public/adt-QU20060215.160952/index.html.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

Hsu, Yating. "Formal Analysis of Network Protocol Security." The Ohio State University, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=osu1317230784.

Full text
APA, Harvard, Vancouver, ISO, and other styles
18

O'Donnell, Adam J. Sethu Harish. "Security through network-wide diversity assignment /." Philadelphia, Pa. : Drexel University, 2005. http://dspace.library.drexel.edu/handle/1860/551.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Wong, Chung Kei. "Network security services for flows and multicasts /." Digital version accessible at:, 1999. http://wwwlib.umi.com/cr/utexas/main.

Full text
APA, Harvard, Vancouver, ISO, and other styles
20

Gunderson, Renee M. "Network security for a communications company." Online version, 2002. http://www.uwstout.edu/lib/thesis/2002/2002gundersonr.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
21

Akkaya, Deniz, and Fabien Thalgott. "Honeypots in network security." Thesis, Linnaeus University, School of Computer Science, Physics and Mathematics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-6600.

Full text
Abstract:

Day by day, more and more people are using internet all over the world. It is becoming apart of everyone’s life. People are checking their e-mails, surfing over internet, purchasinggoods, playing online games, paying bills on the internet etc. However, while performingall these things, how many people know about security? Do they know the risk of beingattacked, infecting by malicious software? Even some of the malicious software arespreading over network to create more threats by users. How many users are aware of thattheir computer may be used as zombie computers to target other victim systems? Astechnology is growing rapidly, newer attacks are appearing. Security is a key point to getover all these problems. In this thesis, we will make a real life scenario, using honeypots.Honeypot is a well designed system that attracts hackers into it. By luring the hackerinto the system, it is possible to monitor the processes that are started and running on thesystem by hacker. In other words, honeypot is a trap machine which looks like a realsystem in order to attract the attacker. The aim of the honeypot is analyzing, understanding,watching and tracking hacker’s behaviours in order to create more secure systems.Honeypot is great way to improve network security administrators’ knowledge and learnhow to get information from a victim system using forensic tools. Honeypot is also veryuseful for future threats to keep track of new technology attacks.

APA, Harvard, Vancouver, ISO, and other styles
22

Chen, Cheng S. M. Massachusetts Institute of Technology. "Security of substitution-permutation network." Thesis, Massachusetts Institute of Technology, 2015. http://hdl.handle.net/1721.1/101582.

Full text
Abstract:
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015.
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 43-44).
In this thesis, we study the security of a block cipher design called substitution-permutation network (SPN). We prove that when S-box is chosen uniformly at random as a permutation, the resulting SPN is a strong pseudorandom permutation even against an adversary having oracle access to that S-box. We then examine some special cases of SPN for a fixed S-box and prove two special cases of SPN inspired by AES are 2-wise independent.
by Cheng Chen.
S.M.
APA, Harvard, Vancouver, ISO, and other styles
23

Martina, Jean Everson. "Verification of security protocols based on multicast communication." Thesis, University of Cambridge, 2011. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.609650.

Full text
APA, Harvard, Vancouver, ISO, and other styles
24

Gopalakrishnan, Aravind. "Network and Middleware Security for Enterprise Network Monitoring." The Ohio State University, 2012. http://rave.ohiolink.edu/etdc/view?acc_num=osu1339742304.

Full text
APA, Harvard, Vancouver, ISO, and other styles
25

Atkins, William Dee. "Design and implementation of a hardened distributed network endpoint security system for improving the security of internet protocol-based networks." Diss., Rolla, Mo. : University of Missouri-Rolla, 2007. http://scholarsmine.umr.edu/thesis/pdf/Final_Thesis_09007dcc8031d3b0.pdf.

Full text
Abstract:
Thesis (M.S.)--University of Missouri--Rolla, 2007.
Vita. The entire thesis text is included in file. Title from title screen of thesis/dissertation PDF file (viewed April 11, 2007) Includes bibliographical references (p. 54-55).
APA, Harvard, Vancouver, ISO, and other styles
26

Luse, Andrew William. "Exploring utilization of visualization for computer and network security." [Ames, Iowa : Iowa State University], 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
27

Timbs, Nathan H. "Physical Security Assessment of a Regional University Computer Network." Digital Commons @ East Tennessee State University, 2013. https://dc.etsu.edu/etd/2280.

Full text
Abstract:
Assessing a network's physical security is an essential step in securing its data. This document describes the design, implementation, and validation of PSATool, a prototype application for assessing the physical security of a network's intermediate distribution frames, or IDFs (a.k.a. "wiring closets"). PSATool was created to address a lack of tools for IDF assessment. It implements a checklist-based protocol for assessing compliance with 52 security requirements compiled from federal and international standards. This checklist can be extended according to organizational needs. PSATool was validated by using it to assess physical security at 135 IDFs at East Tennessee State University. PSATool exposed 95 threats, hazards, and vulnerabilities in 82 IDFs. A control was recommended for each threat, hazard, and vulnerability discovered. The administrators of ETSU's network concluded that PSATool's results agreed with their informal sense of these IDFs' physical security, while providing documented support for improvements to IDF security.
APA, Harvard, Vancouver, ISO, and other styles
28

Davis, Jonathan J. "Machine learning and feature engineering for computer network security." Thesis, Queensland University of Technology, 2017. https://eprints.qut.edu.au/106914/1/Jonathan_Davis_Thesis.pdf.

Full text
Abstract:
This thesis studies the application of machine learning to the field of Cyber security. Machine learning algorithms promise to enhance Cyber security by identifying malicious activity based only on provided examples. However, a major difficulty is the unsuitability of raw Cyber security data as input. In an attempt to address this problem, this thesis presents a framework for automatically constructing relevant features suitable for machine learning directly from network traffic. We then test the effectiveness of the framework by applying it to three Cyber security problems: HTTP tunnel detection, DNS tunnel detection, and traffic classification.
APA, Harvard, Vancouver, ISO, and other styles
29

Artz, Michael Lyle 1979. "NetSPA : a Network Security Planning Architecture." Thesis, Massachusetts Institute of Technology, 2002. http://hdl.handle.net/1721.1/29899.

Full text
Abstract:
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002.
Includes bibliographical references (leaves 93-96).
Attack scenario graphs provide a concise way of displaying all possible sequences of attacks a malicious user can execute to obtain a desired goal, such as remotely achieving root undetected on a critical host machine. NETSPA, the Network Security Planning Architecture, is a C++ system that quickly generates worst-case attack graphs using a forward-chaining depth-first search of the possible attack space using actions modeled with REM, a simple attack description language. NETSPA accepts network configuration information from a database that includes host and network software types and versions, intrusion detection system placement and types, network connectivity, and firewall rulesets. It is controlled by command line inputs that determine a critical goal state, trust relationships between hosts, and maximum recursive depth. NETSPA was shown to efficiently provide easily understood attack graphs that revealed non-obvious security problems against a realistic sample network of 17 representative hosts using 23 REM defined actions. The largest useful graph was generated within 1.5 minutes of execution. NETSPA-executes faster and handles larger networks than any existing graph generation system. This allows NETSPA to be practically used in combination with other security components to develop and analyze secure networks.
by Michael Lyle Artz.
M.Eng.
APA, Harvard, Vancouver, ISO, and other styles
30

Benbrook, Jimmie Glen 1943. "A SYSTEM ANALYSIS OF A MULTILEVEL SECURE LOCAL AREA NETWORK (COMPUTER)." Thesis, The University of Arizona, 1986. http://hdl.handle.net/10150/275531.

Full text
APA, Harvard, Vancouver, ISO, and other styles
31

Hall, Kristopher Joseph. "Thwarting Network Stealth Worms in Computer Networks through Biological Epidemiology." Diss., Virginia Tech, 2006. http://hdl.handle.net/10919/27726.

Full text
Abstract:
This research developed a system, Rx, to provide early identification and effective control of network stealth worms in digital networks through techniques based on biological epidemiology. Network stealth worms comprise a class of surreptitious, self-propagating code that spread over network connections by exploiting security vulnerabilities in hosts. Past outbreaks due to traditional worms subverted hundreds of thousands of machines. Network stealth worms exacerbate that threat by using clandestine methods to maintain a persistent presence in the network. Biological epidemiology was shown to support the real-time detection, characterization, forecasting, and containment of network stealth worms. Epidemiology describes a scientific methodology in biology that seeks to understand, explain, and control disease. Bio-mathematical modeling led to the development of a mechanism for digital networks to identify worm infection behavior buried in anomaly data, to characterize a worm, and to forecast the temporal spread of a worm. Demographic analysis of the infected hosts revealed the subset of vulnerable machines within the population. The automated response of advanced quarantine used this information to control the spread of an identified worm by isolating both infected and vulnerable machines. The novel contributions of this research included the identification of a network stealth worm at the network-level based on end-host reports while simultaneously characterizing and forecasting the spread of the worm. Additionally, this task offered the technique of advanced quarantine through demographic analysis of the population. This work resulted in a scalable, fault-tolerant strategy that dramatically enhanced the survival rate of network hosts under attack by a stealth worm. Moreover, this approach did not require new hardware, changes to existing protocols, or participation outside the implementing organization. This research showed application to a wider range of challenges. The bio-mathematical models are extensible, allowing Rx to respond to variations on the self-propagating code presented here. The approach is applicable to other forms of malware beyond self-propagating code by interchanging the epidemic model with one more appropriate. Lastly, the strategy allowed anomaly detectors to be sensitive to lower reporting thresholds and a variety of often benign yet potentially useful events.
Ph. D.
APA, Harvard, Vancouver, ISO, and other styles
32

Irwin, Barry Vivian William. "A framework for the application of network telescope sensors in a global IP network." Thesis, Rhodes University, 2011. http://hdl.handle.net/10962/d1004835.

Full text
Abstract:
The use of Network Telescope systems has become increasingly popular amongst security researchers in recent years. This study provides a framework for the utilisation of this data. The research is based on a primary dataset of 40 million events spanning 50 months collected using a small (/24) passive network telescope located in African IP space. This research presents a number of differing ways in which the data can be analysed ranging from low level protocol based analysis to higher level analysis at the geopolitical and network topology level. Anomalous traffic and illustrative anecdotes are explored in detail and highlighted. A discussion relating to bogon traffic observed is also presented. Two novel visualisation tools are presented, which were developed to aid in the analysis of large network telescope datasets. The first is a three-dimensional visualisation tool which allows for live, near-realtime analysis, and the second is a two-dimensional fractal based plotting scheme which allows for plots of the entire IPv4 address space to be produced, and manipulated. Using the techniques and tools developed for the analysis of this dataset, a detailed analysis of traffic recorded as destined for port 445/tcp is presented. This includes the evaluation of traffic surrounding the outbreak of the Conficker worm in November 2008. A number of metrics relating to the description and quantification of network telescope configuration and the resultant traffic captures are described, the use of which it is hoped will facilitate greater and easier collaboration among researchers utilising this network security technology. The research concludes with suggestions relating to other applications of the data and intelligence that can be extracted from network telescopes, and their use as part of an organisation’s integrated network security systems
APA, Harvard, Vancouver, ISO, and other styles
33

Mukantabana, Beatrice. "Ethernet sniffing : a big threat to network security." Virtual Press, 1994. http://liblink.bsu.edu/uhtbin/catkey/897495.

Full text
Abstract:
Networks play an important role in today's information age. The need to share information and resources makes networks a necessity in almost any computing environment. In many cases, the network can be thought of as a large, distributed computer, with disks and other resources on big systems being shared by smaller workstations on people's desks.Security has long been an object of concern and study for both data processing systems and communications facilities. With computer networks, these concerns are combined, and for local networks, the problems may be more acute. Consider a fullcapacity local network, with direct terminal access to the network, data files, and applications distributed among a variety of processors. This network may also provide access to and from long-haul communications and be part of an internet. Clearly, the task of providing security in such a complex environment is quite involved.The subject of security is a broad one and encompasses physical and administrative controls. The aim of this research is to explore the security problems pertaining to Ethernet networks. Different approaches to obtain a secure Ethernet environment are also discussed.
Department of Computer Science
APA, Harvard, Vancouver, ISO, and other styles
34

Pepakayala, Sagar. "Contributions of honeyports to network security." Thesis, Linköping University, Department of Computer and Information Science, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-9177.

Full text
Abstract:

A honeypot is an attractive computer target placed inside a network to lure the attackers into it. There are many advantages of this technology, like, information about attacker's tools and techniques can be fingerprinted, malicious traffic can be diverted away from the real target etc. With the increased activity from the blackhat community day by day, honeypots could be an effective weapon in the

network security administrator's armor. They have been studied rigorously during the past few years as a part of the security

industry's drive to combat malicious traffic. While the whitehats are trying to make honeypots stealthier, blackhats are coming up with techniques to identify them (therefore nullifying any

further use) or worse, use them in their favor. The game is on. The goal of this thesis is to study different architectural issues regarding honeypot deployment, various stages in utilizing honeypots like forensic analysis etc. Other concepts like IDSs and firewalls which are used in conjunction with honeypots are also discussed, because security is about cooperation among different security components. In the security industry, it is customary for whitehats to watch what blackhats are doing and vice versa. So the thesis

discusses recent techniques to defeat honeypots and risks involved in deploying honeypots. Commercial viability of honeypots and business cases for outsourcing honeypot maintenance are presented. A great interest from the security community about honeypots has propelled the research and resulted in various new and innovative applications of honeypots. Some of these applications, which made an impact, are discussed. Finally, future directions in research in honeypot technology are perused.

APA, Harvard, Vancouver, ISO, and other styles
35

Zhao, Li. "Enhance communication security in wireless ad hoc networks through multipath routing." Online access for everyone, 2007. http://www.dissertations.wsu.edu/Dissertations/Summer2007/L_Zhao_072407.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
36

Årnes, Andre. "Risk, Privacy, and Security in Computer Networks." Doctoral thesis, Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-1725.

Full text
Abstract:

With an increasingly digitally connected society comes complexity, uncertainty, and risk. Network monitoring, incident management, and digital forensics is of increasing importance with the escalation of cybercrime and other network supported serious crimes. New laws and regulations governing electronic communications, cybercrime, and data retention are being proposed, continuously requiring new methods and tools.

This thesis introduces a novel approach to real-time network risk assessment based on hidden Markov models to represent the likelihood of transitions between security states. The method measures risk as a composition of individual hosts, providing a precise, fine-grained model for assessing risk and providing decision support for incident response. The approach has been integrated with an existing framework for distributed, large-scale intrusion detection, and the results of the risk assessment are applied to prioritize the alerts produced by the intrusion detection sensors. Using this implementation, the approach is evaluated on both simulated and real-world data.

Network monitoring can encompass large networks and process enormous amounts of data, and the practice and its ubiquity can represent a great threat to the privacy and confidentiality of network users. Existing measures for anonymization and pseudonymization are analyzed with respect to the trade-off of performing meaningful data analysis while protecting the identities of the users. The results demonstrate that most existing solutions for pseudonymization are vulnerable to a range of attacks. As a solution, some remedies for strengthening the schemes are proposed, and a method for unlinkable transaction pseudonyms is considered.

Finally, a novel method for performing digital forensic reconstructions in a virtual security testbed is proposed. Based on a hypothesis of the security incident in question, the testbed is configured with the appropriate operating systems, services, and exploits. Attacks are formulated as event chains and replayed on the testbed. The effects of each event are analyzed in order to support or refute the hypothesis. The purpose of the approach is to facilitate reconstruction experiments in digital forensics. Two examples are given to demonstrate the approach; one overview example based on the Trojan defense and one detailed example of a multi-step attack. Although a reconstruction can neither prove a hypothesis with absolute certainty, nor exclude the correctness of other hypotheses, a standardized environment combined with event reconstruction and testing can lend credibility to an investigation and can be a valuable asset in court.

APA, Harvard, Vancouver, ISO, and other styles
37

Lee, Robert. "ON THE APPLICATION OF LOCALITY TO NETWORK INTRUSION DETECTION: WORKING-SET ANALYSIS OF REAL AND SYNTHETIC NETWORK SERVER TRAFFIC." Doctoral diss., Orlando, Fla. : University of Central Florida, 2009. http://purl.fcla.edu/fcla/etd/CFE0002718.

Full text
APA, Harvard, Vancouver, ISO, and other styles
38

Konstantaras, Dimitrios, and Mustafa Tahir. "Securing Network Connected Applications with Proposed Security Models." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-2022.

Full text
Abstract:

In today’s society, serious organizations need protection against both internal and external attacks. There are many different technologies available that organizations can incorporate into their organization in order to enhance security for their networking applications. Unfortunately, security is way to often considered as an afterthought and therefore implemented as an external part of the applications. This is usually performed by introducing general security models and technologies.

However, an already developed, well structured and considered security approach – with proper implementation of security services and mechanisms – different security models can be used to apply security

within the security perimeter of an organization. It can range from built into the application to the edge of a private network, e.g. an appliance. No matter the choice, the involved people must possess security expertise to deploy the proposed security models in this paper, that have the soul purpose to secure applications.

By using the Recommendation X.800 as a comparison framework, the proposed models will be analyzed in detail and evaluated of how they provide the security services concerned in X.800. By reasoning about what security services that ought to be implemented in order to prevent or detect diverse security attacks, the organization needs to carry out a security plan and have a common understanding of the defined security policies.

An interesting finding during our work was that, using a methodology that leads to low KLOC-values results in high security, though low KLOC-values and high security go hand-in-hand.

APA, Harvard, Vancouver, ISO, and other styles
39

Ekström, Dan. "Securing a wireless local area network : using standard security techniques." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5662.

Full text
Abstract:
Wireless equipment offers several possibilities which make it more attractive than the wired alternative. Meetings or temporary office spaces could be assigned with less consideration of the presence of permanent networking facilities. It also makes it possible for users to create ad-hoc networks simply by being within a certain range of each other, which facilitates information sharing. Since information is broadcasted in the air, it also requires stringent security measures. Vendors of wireless equipment have their non-standard security solutions which lock-in the acquirer. For this purpose I study standard security schemes which could be applied independent of the wireless device manufacturer. The techniques that I have chosen are IPSec, Kerberos and MS Passport. The study describes each technique from the perspectives of manageability, security, performance, compatibility, cost and ease of implementation. The result is a comparison of the studied techniques. I conclude with a recommendation to use a combination of IPSec and Kerberos to enhance the security of a wireless local area network and a reservation towards MS Passport.
APA, Harvard, Vancouver, ISO, and other styles
40

Agbeko, Joseph. "Evaluation and application of bloom filters in computer network security /." Connect to resource online, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=ysu1253733230.

Full text
APA, Harvard, Vancouver, ISO, and other styles
41

Alfini, Richard Ralph. "Personal computer Local Area Network security in an academic environment." Thesis, Monterey, California. Naval Postgraduate School, 1989. http://hdl.handle.net/10945/27204.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Agbeko, Joseph D. K. M. A. "Evaluation and Application of Bloom Filters in Computer Network Security." Youngstown State University / OhioLINK, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=ysu1253733230.

Full text
APA, Harvard, Vancouver, ISO, and other styles
43

Van, Heerden Renier Pelser. "A formalised ontology for network attack classification." Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011603.

Full text
Abstract:
One of the most popular attack vectors against computers are their network connections. Attacks on computers through their networks are commonplace and have various levels of complexity. This research formally describes network-based computer attacks in the form of a story, formally and within an ontology. The ontology categorises network attacks where attack scenarios are the focal class. This class consists of: Denial-of- Service, Industrial Espionage, Web Defacement, Unauthorised Data Access, Financial Theft, Industrial Sabotage, Cyber-Warfare, Resource Theft, System Compromise, and Runaway Malware. This ontology was developed by building a taxonomy and a temporal network attack model. Network attack instances (also know as individuals) are classified according to their respective attack scenarios, with the use of an automated reasoner within the ontology. The automated reasoner deductions are verified formally; and via the automated reasoner, a relaxed set of scenarios is determined, which is relevant in a near real-time environment. A prototype system (called Aeneas) was developed to classify network-based attacks. Aeneas integrates the sensors into a detection system that can classify network attacks in a near real-time environment. To verify the ontology and the prototype Aeneas, a virtual test bed was developed in which network-based attacks were generated to verify the detection system. Aeneas was able to detect incoming attacks and classify them according to their scenario. The novel part of this research is the attack scenarios that are described in the form of a story, as well as formally and in an ontology. The ontology is used in a novel way to determine to which class attack instances belong and how the network attack ontology is affected in a near real-time environment.
APA, Harvard, Vancouver, ISO, and other styles
44

Oh, Khoon Wee. "Wireless network security : design considerations for an enterprise network /." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Dec%5FOh.pdf.

Full text
APA, Harvard, Vancouver, ISO, and other styles
45

Nunnally, Troy J. "Advanced visualizations for network security." Diss., Georgia Institute of Technology, 2014. http://hdl.handle.net/1853/52993.

Full text
Abstract:
Monitoring volumes of malicious network data for across multiple sources can potentially be overwhelming. As a result, vital data is at a greater risk of being overlooked and the time span for analyzing it could be too lengthy. One way to address this issue is to employ network security visualization techniques to evaluate security risks and identify malicious activity to help mitigate compromised nodes on a network. The purpose of this thesis is to introduce a visualization framework to help reduce task-completion time, enhance situational awareness, and decrease user error of complex visualizations for network security applications. From the developed framework, three techniques are suggested as contributions using visualization and interaction: (1) Stereoscopic visualization technique aims to increase user awareness of vulnerabilities and malicious attacks, (2) the recommender system aims to ensure efficient navigation in complex 3D environments, and (3) an interaction system aims to assist in usability of visualization environments using Natural User Interfaces (NUIs). To investigate the aforementioned techniques, the following tools were created: 3D Stereoscopic Vulnerability Assessment Tool (3DSVAT), Parallel 3D Coordinate Visualization (P3D), NAVSEC recommender system, and Interaction System for Network Security (InterSec).
APA, Harvard, Vancouver, ISO, and other styles
46

Scully, Michael N. B. "Network and system security in an information age." Honors in the Major Thesis, University of Central Florida, 2000. http://digital.library.ucf.edu/cdm/ref/collection/ETH/id/204.

Full text
Abstract:
This item is only available in print in the UCF Libraries. If this is your Honors Thesis, you can help us make it available online for use by researchers around the world by following the instructions on the distribution consent form at http://library.ucf.edu/Systems/DigitalInitiatives/DigitalCollections/InternetDistributionConsentAgreementForm.pdf You may also contact the project coordinator, Kerri Bottorff, at kerri.bottorff@ucf.edu for more information.
Bachelors
Business Administration
Management Information Systems
APA, Harvard, Vancouver, ISO, and other styles
47

Andersson, Martin. "Detecting known host security flaws over a network connection." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-1051.

Full text
Abstract:

To test if a host contains any known security flaws over a network connection a Vulnerability Assessment (VA) could be made. This thesis describes different techniques used by VA tools over a network connection to detect known security flaws. To decrease the risk of flaws not being detected, several VA tools could be used.

There is no common way of merging information from different VA tools. Therefore the Vulnerability Assessment Information Handler (VAIH) has been developed. The VAIH system consists of three parts. First, a intermediate language format defined in XML. Second, modules that converts the output of VA tools to the intermediate language format. Third, a program for reading and displaying the intermediate language format.

The VAIH system makes it possible to merge the results from vulnerability assessment tools into one file that can be displayed and edited through a GUI.

APA, Harvard, Vancouver, ISO, and other styles
48

Tobler, Benjamin. "A Structured Approach to Network Security Protocol Implementation." Thesis, University of Cape Town, 2005. http://pubs.cs.uct.ac.za/archive/00000281/.

Full text
Abstract:
The implementation of network security protocols has not received the same level of attention in the literature as their analysis. Security protocol analysis has successfully used inference logics, like GNY and BAN, and attack analysis, employing state space examination techniques such as model checking and strand spaces, to verify security protocols. Tools, such as the multi-dimensional analysis environment SPEAR II, exist to help automate security protocol specification and verification, however actual implementation of the specification in executable code is a task still largely left to human programmers. Many vulnerabilities have been found in implementations of security protocols such as SSL, PPTP and RADIUS that are incorporated into widely used operating system software, web servers and other network aware applications. While some of these vulnerabilities may be a result of flawed or unclear specifications, many are the result of the failure of programmers to correctly interpret and implement them. The above indicates a gap between security protocol specifications and their concrete implementations, in that there are methodologies and tools that have been established for developing the former, but not the latter. This dissertation proposes an approach to bridging this gap, describes our implementation of that approach and attempts to evaluate its success. The approach is three-fold, providing different measures to improve current ad-hoc implementation approaches: 1. From Informal to Formal Specifications: If a security protocol has been specified using informal standard notation, it can be converted, using automatic translation, to a formal specification language with well defined semantics. The formal protocol specification can then be analysed using formal techniques, to verify that the desired security properties hold. The precise specification of the protocol behaviour further serves to facilitate the concrete implementation of the protocol in code. 2. Separate Implementation Concerns: When implementing security protocols, the what and the when of protocol actions are abstracted from the how. That is, protocol logic implementation concerns, such as when and what actions should be performed on messages, should be clearly and cleanly separated from the cryptographic and network communication implementation details that implement how the actions are performed. Such high level modularity allows code implementing protocol logic to be re-used with different cryptographic algorithm implementations and network communication protocols. It also allows errors in the implementation of the cryptography to be addressed by swapping cryptographic implementations without changing the protocol logic code. The abstraction of cryptographic and network implementation is analogous to the adoption of the Dolev-Yao style models by many analysis techniques, where the cryptography itself is viewed as a black box and assumed perfect, allowing the analysis to focus on the protocol logic. Finally, this separation allows the correctness of the protocol logic implementation and cryptographic primitives implementation to be addressed separately. 3. Automated Implementation Using Code Generation We use code generation to automate the security protocol implementation process, avoiding the risk of human error in interpreting the sometimes subtle semantics of security protocol specifications. The precise nature of formal specification languages provides a base from which to specify and implement an automatic code generation tool. Our approach follows requirements identified for high integrity code generation - where feasible - to give a high level of confidence in the correctness of the generated code. In implementing the approach, we adopt the Spi Calculus for the role of formal specification language. The Spi Calculus was developed by extending the -calculus, a process algebra for describing concurrent communicating systems, to cater for the special case of network security protocols. Spi Calculus specifications can be analysed manually, by developing correctness proofs by hand, and automatically, by using model checkers such as MMC. As Spi Calculus specifications explicitly describe the actions of a security protocol, they are also particularly suitable for use as input for code generation. The implementation of the approach is split across three components that correspond to each of the parts of the approach: 1. Sn2Spi is a translator that converts an informal standard notation specification to a Spi Calculus specification, thus implementing part 1 of our approach. The converted specification can be analysed using any of the formal techniques applicable to the Spi Calculus. Once verified, the specification can be used to generate a concrete implementation using Spi2Java. 2. The Security Protocol Primitives API abstracts cryptographic and network communication operations, decoupling code that implements protocol logic from code that implements cryptographic and network operations. It provides the basic cryptographic and network communications functionality required to implement a security protocol, including: symmetric and asymmetric encryption, message digest, nonce and timestamp generation, marshalling message component data and sending and receiving messages over a network. A provider model, much like that used in the Java Cryptography Extensions API, is employed to allow different implementations to be swapped without changing the SPP client code. 3. Spi2Java is a code generator, essentially implementing a compiler from the Spi Calculus to Java code. Spi2Java uses Prolog to implement a defined mapping from Spi Calculus constructs, i.e. terms and process actions, to Java code segments. These code segments call the SPP API to access cryptographic and network functionality where needed. The mapping was developed by refining Spi constructs to Java code segments that preserve the semantics of the Spi constructs In addition, assertions are made in the code segments to ensure certain conditions are met before the implementation can continue running. Part of evaluating the effectiveness of this automated approach to security protocol implementation, involved a case study where manual implementations of the CCITT Three Message X.509 Protocol, developed by 4th year Computer Science students, and a Spi2Java generated implementation are compared. The outcome of the study favoured the automatically generated implementation, indicating the potential of the approach. Further to demonstrating the utility of code generation, we describe an SPP provider implementation developed to allow a security protocol run, including legitimate and attacker roles, to be simulated in a controlled environment. Spi2Java allows the protocol engineer to quickly and automatically generate code for protocol roles. The code can be executed using this implementation allowing the protocol engineer to step through execution of all roles, both legitimate and attacker, to gain insight into the behaviour of the protocol. The approach is evaluated in terms of the class of attacks it prevents and how it meets the identified requirements for high integrity code generation. It is also compared to existing and current work in the field. Attack classes that exploit faulty protocol logic implementation, vulnerability to type flaws and buffer overflows are prevented. The Spi2Java code generator fully meets three of the five high integrity code generation requirements: formally defined source and target languages are used; the translation software is validated; and the generated code is well structured and documented and can be traced back to the specification. Spi2Java partially meets the requirement that the mapping from source to target language constructs be formally proven to preserve the specification semantics. However the arguments given are not strictly formal. The requirement related to rigorous testing are not met due to practical resource constraints. However, Spi2Java has been used to generate real world protocol implementations that have been verified by manual inspection. Sprite, incorporating the Sn2Spi translator and Spi2Java code generator, provides a structured approach to network security protocol implementation by implementing automated translation from informal to formal security protocol specifications, and by being able to automatically generate Java implementations of network security protocols in which the security protocol engineer can have a high degree of confidence.
APA, Harvard, Vancouver, ISO, and other styles
49

Ahmad, Nadeem, and M. Kashif Habib. "Analysis of Network Security Threats and Vulnerabilities by Development & Implementation of a Security Network Monitoring Solution." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5327.

Full text
Abstract:
Communication of confidential data over the internet is becoming more frequent every day. Individuals and organizations are sending their confidential data electronically. It is also common that hackers target these networks. In current times, protecting the data, software and hardware from viruses is, now more than ever, a need and not just a concern. What you need to know about networks these days? How security is implemented to ensure a network? How is security managed? In this paper we will try to address the above questions and give an idea of where we are now standing with the security of the network.
Konfidentiella uppgifter via Internet blir vanligare varje dag. Personer och organisationer skickar sina konfidentiella uppgifter elektroniskt. Det är också vanligt att hackare mot dessa nät. I dagens tider, skydd av data, programvara och hårdvara från virus är, nu mer än någonsin ett behov och inte bara en oro. Vad du behöver veta om nätverk i dessa dagar? Hur säkerheten genomförs för att säkerställa ett nätverk? Hur säkerheten hanteras? I denna skrift kommer vi att försöka ta itu med dessa frågor och ge en uppfattning om var vi nu står med säkerheten för nätet.
APA, Harvard, Vancouver, ISO, and other styles
50

Abdullah, Kulsoom B. "Scaling and Visualizing Network Data to Facilitate in Intrusion Detection Tasks." Diss., Georgia Institute of Technology, 2006. http://hdl.handle.net/1853/10509.

Full text
Abstract:
As the trend of successful network attacks continue to rise, better forms of intrusion, detection and prevention are needed. This thesis addresses network traffic visualization techniques that aid administrators in recognizing attacks. A view of port statistics and Intrusion Detection System (IDS) alerts has been developed. Each help to address issues with analyzing large datasets involving networks. Due to the amount of traffic as well as the range of possible port numbers and IP addresses, scaling techniques are necessary. A port-based overview of network activity produces an improved representation for detecting and responding to malicious activity. We have found that presenting an overview using stacked histograms of aggregate port activity, combined with the ability to drill-down for finer details allows small, yet important details to be noticed and investigated without being obscured by large, usual traffic. Another problem administrators face is the cumbersome amount of alarm data generated from IDS sensors. As a result, important details are often overlooked, and it is difficult to get an overall picture of what is occurring in the network by manually traversing textual alarm logs. We have designed a novel visualization to address this problem by showing alarm activity within a network. Alarm data is presented in an overview from which system administrators can get a general sense of network activity and easily detect anomalies. They additionally have the option of then zooming and drilling down for details. Based on our system administrator requirements study, this graphical layout addresses what system administrators need to see, is faster and easier than analyzing text logs, and uses visualization techniques to effectively scale and display the data. With this design, we have built a tool that effectively uses operational alarm log data generated on the Georgia Tech campus network. For both of these systems, we describe the input data, the system design, and examples. Finally, we summarize potential future work.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Computer network security' for other source types:
Journal articles Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography