To see the other types of publications on this topic, follow the link: Cyber(in-)security.
Dissertations / Theses on the topic 'Cyber(in-)security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Cyber(in-)security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
LOBATO, LUÍSA CRUZ. "UNRAVELING THE CYBER SECURITY MARKET: THE STRUGGLES AMONG CYBER SECURITY COMPANIES AND THE PRODUCTION OF CYBER (IN)SECURITY." PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIRO, 2016. http://www.maxwell.vrac.puc-rio.br/Busca_etds.php?strSecao=resultado&nrSeq=27784@1.
Full textAbstract:
PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIROCONSELHO NACIONAL DE DESENVOLVIMENTO CIENTÍFICO E TECNOLÓGICO
A presente dissertação investiga o papel das companhias de segurança cibernética na produção da segurança cibernética contemporânea. A crescente pressão para securitizar o ciberespaço contribuiu para o crescimento de um lucrativo mercado voltado para a provisão de produtos e serviços para clientes comerciais e governamentais. Utilizando uma perspectiva inspirada em Bourdieu, o trabalho: analisa as condições históricas nas quais as tecnologias da informação ganharam terreno no debate de segurança; identifica as posições e investiga as práticas das companhias de segurança cibernética no campo da segurança cibernética e analisa as disputas em andamento pela produção da segurança cibernética. Abordagens voltadas ao risco são pilares na concepção e comercialização de produtos e serviços anunciados pelas companhias. Neste sentido, argumenta-se que ambas as abordagens voltadas ao risco e as práticas comerciais das companhias de segurança cibernética produzem formas específicas de segurança. O trabalho identifica três distintas formas de segurança produzidas no campo: segurança defensiva, segurança ofensiva e defesa ativa. Analisa-se as implicações de cada forma para a segurança, de um modo geral, e argumenta-se que, enquanto grande parte das companhias adota uma estratégia de defesa ativa em seus produtos e serviços, algumas tem se orientado para a adoção de medidas mais ofensivas para lidar com os atuais riscos. A análise é concluída com algumas reflexões a respeito das implicações das atuais dinâmicas do mercado de segurança cibernética para a segurança e governança da Internet.
This dissertation examines the role of cyber security companies in the production of contemporary cyber security. The increasing pressures to securitize cyberspace have contributed to the growth of a lucrative market oriented at providing cyber security products and services to commercial and government customers. Using a Bourdieu-inspired framework, the work: analyzes the historical conditions under which information technologies gained ground within security debates; identifies the positions and investigates the practices of cyber security companies within the cyber security field and analyzes the ongoing struggles for the production of cyber security. Risk-based thinking is a cornerstone of the process of conceiving and commercializing products and services advertised by companies. In this sense, it is argued that both risk-based thinking and the commercial practices of cyber security companies produce specific forms of security. The work identifies three distinct forms of security produced within the field: defensive security, offensive security and active defense. It analyzes the implications of each form to the overall security of cyberspace and argues that whilst the majority of companies adopt an active defense approach in their products and services, some of them are leaning towards more offensive solutions to deal with current risks. It concludes the analysis with some thoughts on the implications of the current dynamics of the cyber security market for security and Internet governance.
2
Sridharan, Venkatraman. "Cyber security in power systems." Thesis, Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/43692.
Full textAbstract:
Many automation and power control systems are integrated into the 'Smart Grid' concept for efficiently managing and delivering electric power. This integrated approach created several challenges that need to be taken into consideration such as cyber security issues, information sharing, and regulatory compliance. There are several issues that need to be addressed in the area of cyber security. Currently, there are no metrics for evaluating cyber security and methodologies to detect cyber attacks are in their infancy. There is a perceived lack of security built into the smart grid systems, but there is no mechanism for information sharing on cyber security incidents. In this thesis, we discuss the vulnerabilities in power system devices, and present ideas and a proposal towards multiple-threat system intrusion detection. We propose to test the multiple-threat methods for cyber security monitoring on a multi-laboratory test bed, and aid the development of a SCADA test bed, to be constructed on the Georgia Tech Campus.
3
Patterson, Joanna. "Cyber-Security Policy Decisions in Small Businesses." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4551.
Full textAbstract:
Cyber-attacks against small businesses are on the rise yet small business owners often lack effective strategies to avoid these attacks. The purpose of this qualitative multiple case study was to explore the strategies small business owners use to make cyber-security decisions. Bertalanffy's general systems theory provided the conceptual framework for this study. A purposive sample of 10 small business owners participated in the interview process and shared their decision-making methodologies and influencers. The small business owners were vetted to ensure their strategies were effective through a series of qualification questions. The intent of the research question and corresponding interview questions was to identify strategies that successful small business owners use to make cyber-security decisions. Data analysis consisted of coding keywords, phrases, and sentences from semi structured interviews as well as document analysis. The following themes emerged: government requirements, peer influence, budgetary constraints, commercial standards, and lack of employee involvement. According to the participants, budgetary constraints and peer influence were the most influential factors when making decisions regarding cyber-security strategies. Through exposing small business owners to proven strategies, the implications for social change include a reduction of their small business operating costs and assistance with compliance activities.
4
Vuković, Ognjen. "Cyber-security in Smart Grid Communication and Control." Doctoral thesis, KTH, Kommunikationsnät, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-152223.
Full textAbstract:
Society is increasingly dependent on the reliable operation of power systems. Power systems, at the same time, heavily rely on information technologies to achieve efficient and reliable operation. Recent initiatives to upgrade power systems into smart grids target an even tighter integration with information technologies to enable the integration of renewable energy sources, local and bulk generation and demand response. Thus for the reliable operation of smart grids, it is essential that its information infrastructure is secure and reliable in the face of both failures and attacks. This thesis contributes to improving the security of power systems against attacks on their information infrastructures. The contributions lie in three areas: data integrity, data condentiality, and data availability of power system applications. We analyze how characteristics of power system applications can be leveraged for detection and mitigation of data integrity attacks. We consider singleand multi-area power system state estimation. For single-area state estimation, we look at the integrity of measurement data delivered over a wide area communication network. We deffine security metrics that quantify the importance of particular components of the communication network, and that allow us to optimize the deployment of network, transport and application layer security solutions. For multi-area state estimation, we look at the integrity of data exchanged between the control centers of neighboring areas in face of a targeted trojan that compromises an endpoint of the secure communication tunnel. We deffine multiple attack strategies and show that they can signifficantly disturb the state estimation. Moreover, we propose schemes that could be used for detection, localization, and mitigation of data integrity attacks. We investigate how to provide data confidentiality for power system applications when they utilize cloud computing. We focus on contingency analysis and propose an approach to obfuscate information regarding power flows and the presence of a contingency violation while allowing the operator to analyze contingencies with the needed accuracy in the cloud. Our empirical evaluation shows that the errors introduced into power flows due to the proposed obfuscation are small, and that the RMS errors introduced grow linearly with the magnitude of obfuscation. We study how to improve data availability in face of gray hole attacks combined with traffic analysis. We consider two cases: SCADA substation to control center communication using DNP3, and inter-control center communication. In the first case, we propose a support vector machine-based traffic analysis algorithm that uses only the information on timing and direction of three consecutive messages, and show that a gray hole attack can be effectively performed even if the traffic is sent through an encrypted tunnel. We discuss possible mitigation schemes, and show that a minor modication of message timing could help mitigate the attack. In the second case, we study how anonymity networks can be used to improve availability at the price of increased communication overhead and delay. We show that surprisingly availability is not always improved with more overhead and delay. Moreover, we show that it is better to overestimate than to underestimate the attacker's capabilities when conguring anonymity networks.QC 20140924
5
Dahlman, Elsa, and Karin Lagrelius. "A Game of Drones : Cyber Security in UAVs." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-259295.
Full textAbstract:
As Unmanned Aerial Vehicles (UAVs) are getting more popular and their area of use is expanding rapidly, the security aspect becomes important to investigate. This thesis is a systematic literature review that examines which type of cyber attacks are most common among attacks directed at civilian use UAVs and what consequences they bring. All cyber attacks presented in the report are categorized using the STRIDE threat model, which risk they pose and what equipment is required for the adversary to follow through with the attack. The findings are that Spoofing and Denial of Service attacks are the most common cyber attack types against UAVs and that hijacking and crashing are the most common results of the attacks. No equipment that is difficult to access is required for either of the attack types in most cases, making the result an indicator that the security state for civilian use UAVs today needs improving.Obemannade luftburna farkoster (OLF) blir mer vanliga allteftersom deras användningsområde utökas, vilket innebär att cybersäkerhetsaspekten behöver studeras. Detta arbete är en systematisk litteraturstudie som undersöker vilka typer av cyberattacker riktade mot drönare som är vanligast och vilka risker de medför. Attackerna i rapporten är kategoriserade med hjälp av metoden STRIDE samt efter vilka mål attackerna haft och vilken utrustning som krävs. Resultatet är att Spoofing och Denial of Service-attacker är vanligast och att de medför att attackeraren kan kapa eller krascha drönaren. Ingen svåråtkomlig utrustning krävs för någon av dessa attacktyper vilket indikerar att säkerhetsläget för civila drönare behöver förbättras.
6
Masonganye, James. "Analysis of cyber security in smart grid systems." Diss., University of Pretoria, 2005. http://hdl.handle.net/2263/66218.
Full textAbstract:
Cyber security is a major concern due to global incidents of intrusion. The impact of the attacks on the electricity grid can be significant, resulting in the collapsing of the national economy. Electricity network is needed by banks, government security agencies, hospitals and telecommunication operators. The purpose of this research is to investigate the various types of cyber security threats, including ICT technologies required for safe operation of the smart grid to protect and mitigate the impact of cyber security. The modelling of cyber security using the Matlab/SimPowerSystem simulates the City of Tshwane power system. Eskom components used to produce energy, interconnect to the City of Tshwane power distribution substations and simulated using Simulink SimPowerSystem.Dissertation (MEng)--University of Pretoria, 2017.
Electrical, Electronic and Computer Engineering
MEng
Unrestricted
7
Sjöstedt, Matildha. "Monitoring of Cyber Security Exercise Environments in Cyber Ranges : with an implementation for CRATE." Thesis, Linköpings universitet, Programvara och system, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177647.
Full textAbstract:
In a world where much of society is dependent on digital infrastructure, various cyber threats can pose a great risk to businesses, critical infrastructure and potentially entire nations. For this reason, research and education as well as the preparation of strategies, training of personnel etc., is imperative. Cyber ranges can provide ''safe environments'' in which for example cyber security exercises and experiments can be conducted. While easier to deploy and configure than ''real'' infrastructures, monitoring of such environments during ongoing exercises/experiments poses a number of challenges. During this thesis work, the question of what types of data and information could be relevant to provide in a monitoring system for this context was investigated, with regard to aspects such as providing technical support or gaining situational awareness during exercises. Results gained from a survey with participants from relevant organizations, contributed greatly to this question. The survey and literature study also provided insights into challenges and potential problems of developing and running such monitoring. CRATE is a cyber range developed and maintained by the Swedish Defence Research Agency (FOI). In this thesis work, some of the challenges and potential problems found are tackled with a suggested design and an implemented monitoring system prototype for CRATE. Apart from providing functionality to retrieve information about accounts and privileges as well as status of services, the design of the prototype also lays the foundation for a flexible and extensible monitoring system -- fully adapted for use within a cyber range. With cyber exercises becoming both more prevalent and extensive, the need for capable monitoring of exercise environments will naturally arise. While the developed prototype may facilitate future cyber exercises/experiments in CRATE, the results of this thesis work are also ready to be used as a source of inspiration for other cyber range operators.
8
Locke, Ronald Taylor. "Anomaly detection with applications in environmental and cyber security." Thesis, Boston University, 2012. https://hdl.handle.net/2144/33260.
Full textAbstract:
Thesis (Ph.D.)--Boston UniversityPLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you.
Two approaches to detecting anomalous behavior within a sequence of random observations are presented. One approach is stochastic in nature, using large deviations techniques to form a Hoeffding decision test. Scenarios in which sequential observations can be considered independent and identically distributed (iid) or adhere to a first-order Markov chain are both considered. The Markovian case is explored further and asymptotic performance results are developed for using the generalized likelihood ratio test (GLRT) to identify a Markov source. After a presentation of binary and multi-class Support Vector Machines (SVM), a deterministic anomaly detection method based on the so-called one-class SVM is also presented. The presented methodologies are then applied to detection and localization of Chemical, Biological, Radiological, or Nuclear (CBRN) events in an urban area using a network of sensors. In contrast to earlier work, these approaches do not solve an inverse dispersion problem but rely on data obtained from a simulation of the CBRN dispersion to obtain descriptors of sensor measurements under a variety of CBRN release scenarios. To assess the problem of environmental monitoring, CBRN event-free conditions are assumed to be iid and a corresponding stochastic anomaly detector is relied on to detect a CBRN event. Conditional on such an event, subsequent sensor observations are assumed to follow a Markov process. Accordingly, the presented Markov source identification methodology is used to map sensor observations to a source location chosen out of a discrete set of possible locations. A multi-class SVM approach to CBRN localization is also developed, and the two techniques are compared using three-dimensional CBRN release simulations. Also addressed is the problem of optimally placing sensors to minimize the localization probability of error. The anomaly detection approaches are then applied to detection of data exfiltration-style attempts on a network server. Two one-class SVM approaches are presented. In both, data packet transmissions are captured and compiled into network flows. In a flow-by-flow network anomaly detector, features are extracted from individual flows and their novelty is tested. If a flows features differ too greatly from nominal flow features, as determined by the SVM, that flow is declared an anomaly. In a network-wide anomaly detector, the novelty of a time sequence of flows is tested. The stochastic anomaly detectors are applied to sequences of flows as well, under the contexts of subsequent network flows either being iid or following a Markov process. These techniques are evaluated on simulated network traffic.
2031-01-01
9
Chivukula, Venkata Ramakrishna. "Detecting Cyber Security Anti-Patterns in System Architecture Models." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-293027.
Full textAbstract:
Organizations across the world have been on the receiving end of large-scale cyber-attacks. Over time, the number and the success of these attacks have grown to a high level. To prepare for these attacks, organizations have to test the resilience of their infrastructures. One way to manage the risk of these attacks and to ensure security is the use of threat modeling. Through threat modeling, organizations can analyze their infrastructure and identify vulnerabilities. The vulnerabilities then have to be patched to improve the overall security posture of the organization. When modeled, these vulnerabilities can occur in different forms. Certain vulnerabilities are specific to certain components in the system. On the other hand, some deficiencies occur in conjunction with multiple assets in the infrastructure. These are called structural deficiencies. Identifying and mitigating these structural deficiencies is very important. In this thesis, structural deficiencies are described and a catalog of some deficiencies is built through a survey. The deficiencies and the catalog are developed towork with Foreseeti AB’s securiCADmodeling software. Further, a deficiency model is defined that can enable description and search of these deficiencies in securiCAD models. Using the description model, all occurrences of the deficiency can be found. These occurrences then can be replaced with structural improvements. The improved securiCAD models are then tested with simulations. The results from the simulations show that the structural improvements are useful in significantly reducing the Time-To-Compromise (TTC) of important assets. Using the catalog and the deficiency model, system administrators can identify deficiencies and test the effect of different improvements in the securiCAD model which can then be applied to the actual infrastructure.Organisationer över hela världen har blivit måltavlor för storskaliga cyberattacker. Över tid har antalet framgångsrika attacker vuxit till en hög nivå. Som en förberedelse för dessa attacker måste organisationer testa sin infrastrukturs motståndskraft. Ett sätt att hantera risken för dessa attacker och säkerställa säkerhet är användningen av hotmodellering och attacksimuleringar. Genom hotmodellering och attacksimuleringar kan organisationer analysera egenskaperna för informationssäkerhet i sin infrastruktur och identifiera svaga punkter. Svagheterna måste sedan hanteras för att förbättra organisationens övergripande säkerhetsposition. När de modelleras kan dessa svagheter förekomma i olika former. Vissa är komponentspecifika och lokala till ett objekt i infrastrukturen. Dessa kan hanteras med hjälp av försvar som definieras i securi- CAD. Andra svagheter kan uppstå genom relationerna mellan flera objekt i infrastrukturen. Dessa kallas strukturella svagheter. Att identifiera och mildra dessa strukturella svagheter är mycket viktigt. I denna avhandling beskrivs strukturella svagheter och en katalog med svagheter har byggts upp. Vidare definieras en modell som möjliggör beskrivning av dessa svagheter och möjliggör identifiering av svagheter i securiCADmodeller. Med hjälp av beskrivningsmodellen kan alla förekomster av bristen hittas. Dessa händelser kan sedan ersättas med strukturella förbättringar. De förbättrade securiCAD-modellerna analyseras sedan. Resultaten visar att de strukturella förbättringarna är användbara för att avsevärt minska Time-To- Compromise (TTC) för viktiga tillgångar. Med hjälp av katalogen och modellen kan systemadministratörer identifiera svagheter och testa effekten av olika förbättringar i securiCAD-modellen som sedan kan tillämpas på den faktiska infrastrukturen.
10
Fischer, Fabian [Verfasser]. "Visual Analytics for Situational Awareness in Cyber Security / Fabian Fischer." Konstanz : Bibliothek der Universität Konstanz, 2016. http://d-nb.info/1122561830/34.
Full text
11
Ntsaluba, Nandi. "The cyber security legislative and policy framework in South Africa." Diss., University of Pretoria, 2018. http://hdl.handle.net/2263/65706.
Full textAbstract:
The analysis focuses on the CyberSecurity posture of South Africa within the international legal instruments that profile CyberSecurity and CyberCrime as a strategic issue and a national security imperative. This dissertation provides the definitions dominating African and global literature whilst recognising the absence of agreement on these definitions. The ever-increasing CyberAttacks present a threat to human, economic and national security and is attracting attention from the traditional Air, Marine, and Land space. The CyberSecurity and CyberCrime debates are progressive and maturing ones that originate from the International Convention, the Council of Europe Convention on CyberCrime (COECC), which focus on criminalisation of CyberCrimes and mechanisms to guide enforcement. From a South African perspective, CyberSecurity and CyberCrime is aptly demonstrated by the Electronic Communication and Transaction Act 25 of 2002. Since then, global awareness of CyberCrime as a national security threat has led South Africa to develop a comprehensive draft Bill on CyberSecurity and CyberCrime as a response to the SADC model law on Computer Crime and CyberCrime. Geopolitical consideration also has affected positioning decisions South Africa has assumed within the CyberSecurity architecture. The African Union (AU) Agenda 2063 profiles the importance of prioritising security of the submarine optic fibre network as the critical physical infrastructure underpinning the virtual cloud of CyberSpace. The critical question to address is whether the CyberCrime and CyberSecurity Bill {2017}, which has undergone several revisions since 2015, comprehensively deal with the realities that manifest within the five domains (i.e. land, maritime, air, Outerspace, CyberSpace). The question worth asking is how secure are citizens in the advent of the cloud and crowd computing? How does the myriad of legislation on CyberSecurity guarantee one’s security – physically, economically and socially? The study recognises a plethora of legislative frameworks that promote safer CyberSpace and lately, the Cybercrime and CyberSecurity Bill that aims to present a one-stop shop platform for identification, monitoring, reporting and criminalisation of violations of security within the CyberSpace. This qualitative study firstly, seeks to present the recommendations on improving the CyberSecurity posture of South Africa, which finds itself within a variety of legislative frameworks. Secondly, from a geopolitical and geostrategic perspective, a comparative analysis of South African legislative framework with those of Germany and Russia is conducted with the aim of deepening CyberSecurity protection and awareness amongst citizens. Germany has demonstrated international commitment to protect society against CyberCrime by signing (2001) and ratifying (2009) the Budapest Convention as well as domesticating it to ensure enforcement. Further commitment has been displayed by the signing and ratification of the Additional Protocols to the Convention on CyberCrime that focuses on criminalisation of racist and xenophobic-natured acts committed through computer systems.Mini Dissertation (LLM)--University of Pretoria, 2018.
Private Law
LLM
Unrestricted
12
Munk, Tine Hojsgaard. "Cyber-security in the European region : anticipatory governance and practices." Thesis, University of Manchester, 2015. https://www.research.manchester.ac.uk/portal/en/theses/cybersecurity-in-the-european-region-anticipatory-governance-and-practices(6658eec7-cc61-4c84-9054-ea40cf405ed9).html.
Full textAbstract:
This thesis explores the nature of cyber-security at the beginning of the 21st century. In the current security paradigm, security strategies based on anticipatory governance have become essential in the management of the constantly changing cyber-security environment. Thus, this thesis aims to understand security strategies and governance introduced in the European region. The increased dependency on cyber-space is visible in all public-private sectors and governmental operations, as well as communications between groups and individuals. As a result, cyber-attacks on public and private entities are increasing. This requires a security framework that is flexible and establishes different types of security cooperation to manage the widespread cyber-risks. This is essential to the development of security strategies, governance forms, practices, and guidelines for enhancing resilience and preparedness towards cyber-risks. Therefore, I am examining cyber-security through the lenses of nodal governance and governmentality, which enables me to understand European cyber-security strategies and governance forms developed by the Council of Europe, the European Union, and the North-Atlantic Treaty Organization. To analyse existing strategies and governance forms, I have used two critical security schools, the Copenhagen School and the Paris School, which cover different aspects of the security agenda. The thesis develops a substantive analytical framework through two case studies, namely cyber-security and cyber-terrorism. The findings in this thesis identifies problem areas, such as the complexity of the nodal system, the legislative lacuna, reliance on different governance forms, transparency and accountability, and types of anticipatory governance and regulatory practices.
13
Spyridopoulos, Theodoros. "A holistic cyber-protection approach for industrial control systems based on systems theory : cyber security in ICSs." Thesis, University of Bristol, 2016. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.702187.
Full textAbstract:
Being the cornerstone of today's Industry, Industrial Control Systems (ICSs) play an important role in the overall function and quality of modern society. Their use to control critical processes within the Industry (power production, transportation, manufacturing etc.) makes them an integral part of the Critical National Infrastructure (CNI), as defined by the European Council (2008), rendering thereby their protection a process of critical importance. Traditionally, ICSs have been operated as closed, isolated systems. However, the connection of contemporary ICS installations with external networks, including the corporate network and the Internet, along with the introduction of conventional off-the-self technologies, has exposed the once isolated systems to a rapidly evolving yet new to them cyberthreat landscape. Their critical nature further complicates the situation making them an attractive target for various attack vectors and threat agents. Traditional cyber-security methods seem inadequate since they are tailored to the specific corporate needs ignoring the demanding nature of ICSs. Nevertheless, due to the increased cost of designing and applying new cyber-protection methods, the majority of cyber-security solutions used nowadays in the Industry are mainly adaptations of traditional corporate-oriented methods (Giannopoulos et aI., 2012), raising thus significant challenges that the research community has to address. This thesis presents novel cyber-security approaches, tailored to the particular nature of ICSs. The developed methods take into account both the increased cybersecurity needs in this critical area and the related costs, offering optimal cost efficient cyber-security solutions. Stafford Beer's Viable System Model (VSM) was used as a vehicle to analyse the behaviour of ICSs and identify the areas where cost-efficient cyber-protection methods are in need (Stafford, 1984). Driving the research into those areas a series of cyber-protection methods were developed using system theory-base.d techniques such as game theory and system dynamics. Those methods include a cost-efficient cyber-security model against the malware spread within ICSs and a cost-efficient model for the protection against Denial of Service (DoS)/ Distributed Denial of Service (DDoS) attacks. Building on the same premises a novel ICS-oriented cyber-security risk management method was developed based on the Viable System Model and game theory. i
14
Iaiani, Matteo. "Analisi degli aspetti di cyber security in impianti dell'industria di processo." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2019.
Find full textAbstract:
Nel presente lavoro, l'aspetto della cyber security è stato analizzato dal punto di vista dell'ingegneria per la sicurezza di processo. Dapprima è stata eseguita un’analisi storica attraverso il RISI (Repository of Industrial Security Incidents) database degli incidenti connessi alla cyber security che, oltre a fornire una statistica sulla distribuzione temporale, geografica e per tipologia di settore industriale, ha permesso di individuare gli obiettivi, le fasi e le modalità degli attacchi informatici alle reti aziendali (comprese quelle più interne di controllo e supervisione), passo fondamentale per l’individuazione delle misure di sicurezza. Successivamente è stata sviluppata una procedura sistematica per l’analisi di cyber security degli schemi di processo, la PSSR-CyM (Process System Security Review for the Hazard Identification due to Cyber Manipulation) che permette di individuare, per uno specifico nodo di processo, le combinazioni delle deviazioni impartibili da remoto ai componenti manipolabili che ne determinano lo stato fisico, con la finalità di dare luogo a un critical event (ad es. un rilascio di materia o energia) da cui possono originarsi gli incidenti rilevanti (esplosioni, incendi e dispersioni di nubi tossiche).
Tale procedura è stata applicata, con intento esemplificativo, a due casi di studio: un serbatoio di stoccaggio atmosferico e un separatore trifase di un impianto onshore che realizza il primo trattamento del greggio prodotto dai pozzi petroliferi. In seguito, anche attraverso l’ausilio di un software per le simulazioni dinamiche, si è verificata l’adeguatezza delle barriere passive in riferimento alle condizioni più critiche che si possono originare come conseguenza delle manipolazioni attuabili attraverso un cyber attacco e individuate tramite PSSR-CyM analisi.
15
Dutta, Saurabh. "Striking a balance between usability and cyber-security in IoT devices/." Thesis, Massachusetts Institute of Technology, 2017. http://hdl.handle.net/1721.1/113508.
Full textAbstract:
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2017.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 67-74).
Today more and more physical objects are being connected to internet. The Internet of Things, or loT, is dramatically changing the way of living and the way we interact with things and each other. Home doors can be opened remotely with a watch, cars' performance can be upgraded remotely, devices monitor health and send updates to physicians remotely. loT technology has made some labor-intensive jobs simple and has the potential to simplify and enhance nearly every aspect of our lives. On the other hand, increased levels of high profile cyber security breaches in recent years have made it clear how important it is to make sure these devices are trustworthy and secure. While most users are aware of how critical it is to secure their laptops, mobile devices, and apps, due to the seamless ways in which loT devices integrates into our daily lives, users are often unaware of risks associated with them. At the same time, IoT device makers are aggressively releasing new products in a mad race to establish themselves in this emerging market. Increased pressure to differentiate on usability based functionalities has spurred products and features that are not properly vetted for security. Gartner predicts that by 2020, more than 25% of identified enterprise attacks will involve IoT, though loT will account for only 10% of IT security budgets. As loT continues to grow, vendors will favor usability over security and IT security practitioners remain unsure of the correct amount of acceptable risk.
by Saurabh Dutta.
S.M. in Engineering and Management
16
Respicio, Annie. "SECURITY PRACTICES: KEEPING INDIVIDUALS SAFE AND AWARE IN THE CYBER WORLD." CSUSB ScholarWorks, 2019. https://scholarworks.lib.csusb.edu/etd/944.
Full textAbstract:
We currently live in a day and age where nearly everyone uses electronic devices and connects to the web. Whether it be from a desktop, laptop, or smartphone, staying connected and having information at your fingertips is easier than ever. Although technology has become so intermingled with our daily lives, the idea around security is not as momentous as it should be. As mentioned by the Multi-State Information Sharing and Analysis Center (MS-ISAC), “based on recent statistics, the average unprotected computer can be compromised in a matter of minutes. The majority of individuals who thought their computers were safe…were wrong.” (MS-ISAC 2)
This paper specifically investigates what types of security practices individuals in Southern California are aware of, how much of these practices are actively implemented and how can we not only further spread awareness, but also keep them engaged in these practices. This study shows that most of the participants feel confident about their level of knowledge regarding basic cyber security practices. Similarly, they were also confident in their active and frequent implementation of security practices.
Nonetheless, it is imperative that implementing security measures become an active part of people’s behavior. As technology and interconnectedness continues to grow, security will only become even more at risk. Since it is a difficult task to change the behavior of people, this study suggests the best route is to begin consistently teaching people at a young age. By doing so, many of these practices can become embedded within people and nearly function as second nature as they mature. Although this suggestion does not focus on security awareness and implementation on those individuals who currently use smartphones, computers, and other devices, it is a sure way of ensuring the future populations become more engaged in understanding the importance of security measures and practice them.
17
Dewar, Robert Scott. "Cyber security in the European Union : an historical institutionalist analysis of a 21st century security concern." Thesis, University of Glasgow, 2017. http://theses.gla.ac.uk/8188/.
Full textAbstract:
This thesis uses cyber security, an important topic in today's world, as a vector for analysis in order to contribute to a better understanding of the European Union (EU)’s policy-making processes. Although EU policy has received extensive scholarly attention, cyber security policy is under-researched, a gap in current literature this thesis addresses. The goal of the thesis is to understand why the Union adopted and maintained a socio-economic approach to cyber security when other actors added military and defence considerations. The thesis employs an historical institutionalist (HI) framework to examine the long-term institutional and ideational influences underpinning policy development in this area between 1985 and 2013. This was achieved using a longitudinal narrative inquiry employing an original, conceptual content analysis technique developed to gather data from both relevant EU acquis communautaire and over 30 interviews. There were three main findings resulting from this analysis, two empirical and one theoretical. The first empirical finding was that the EU’s competences established an institutional framework – a set of rules and procedures – for policy development in this sector. By restricting the EU’s capacity to engage in military or national security-oriented issues, its competences required it to respond to emerging security matters from a socio-economic perspective. The second empirical finding was that there exists a specific discourse underpinning EU cyber security policy. That discourse is predicated upon a set of five ideational elements which influenced policy continuously between 1985 and 2013. These five elements are: maximising the economic benefits of cyberspace; protecting fundamental rights; tackling cyber-crime; promoting trust in digital systems and achieving these goals through facilitating actor co-operation. Throughout the thesis the argument is made that the EU adopted and maintained its socio-economic policy as a result of an interaction between this ideational discourse and the institutional framework provided by competences. This interaction created a linear, but not deterministic path of policy development from which the EU did not deviate. The third, theoretical, finding relates to the HI mechanisms of path dependency and punctuated equilibrium. The EU’s policy discourse was exposed to major stresses after 2007 which, according to punctuated equilibrium, should have caused policy change. Instead, those stresses entrenched the Union’s discourse. This demonstrates an explanatory flexibility not normally associated with punctuated equilibrium. The findings of the thesis have implications for policy practitioners by providing a way to identify underlying ideational dynamics in policy development. Due to a combination of empirical and conceptual findings, the thesis provides a potential basis for future research in EU policy development and HI analyses.
18
Karray, Khaled. "Cyber-security of connected vehicles : contributions to enhance the risk analysis and security of in-vehicle communications." Thesis, Université Paris-Saclay (ComUE), 2019. http://www.theses.fr/2019SACLT023.
Full textAbstract:
Au cours de la dernière décennie, les progrès technologiques ont rendu la voiture de plus en plus autonome et connectée au monde extérieur. D'un autre côté, cette transformation technologique a soumis les véhicules modernes à des cyber-attaques avancées. Les architectures cyber-physiques des systèmes automobiles n'ont pas été conçues dans un souci de sécurité. Avec l'intégration de plates-formes connectées dans ces systèmes cyber-physiques, le paysage des menaces a radicalement changé. Dernièrement, plusieurs atteintes à la sécurité visant différents constructeurs automobiles ont été signalées principalement par la communauté scientifique. Cela fait de la sécurité une préoccupation essentielle, avec un impact important, en particulier sur la future conduite autonome. Afin de remédier à cela, une ingénierie de sécurité rigoureuse doit être intégrée au processus de conception d'un système automobile et de nouvelles méthodes de protections adaptées aux spécificités des systèmes véhiculaire doivent être introduites. La modélisation des menaces et l'analyse des risques sont des éléments essentiels de ce processus. Pour ce faire, les arbres d’attaque se sont avérés un moyen raisonnable de modéliser les étapes d’attaque et d’aider le concepteur à évaluer les risques. Néanmoins, étant donné la diversité des architectures, élaborer des arbres d’attaque pour toutes les architectures peut rapidement devenir un fardeau. Cette thèse aborde la problématique de la sécurité des véhicules connectés. L'approche présentée consiste à améliorer la méthodologie d'évaluation de la sécurité par la génération automatique d'arbres d'attaques pour assister à l'étape d'analyse de risques. On propose aussi de nouvelle méthodes de protections des réseaux internes véhiculaires capables de faire face aux attaques cyberphysiques existantesDuring the last decade, technological advances have made the car more and more connected to the outside world. On the flip side, thistechnological transformation has made modern vehicles subject to advanced cyber attacks. The cyber-physical architectures of automotive systems were not designed with security in mind. With the integration of connected platforms into these cyberphysical systems, the threat landscape has radically changed. Lately, multiple security breaches targeting different car manufacturers have been reported mainly by the scientific community. This makes security a critical concern, with a high impact especially on future autonomous driving. In order to address this gap, rigorous security engineering needs to be integrated into the design process of an automotive system and new protection methods adapted to the specificities of the vehicle systems must be introduced. Threat modeling and risk analysis are essential building blocks of this process. In this context, attack trees proved to be a reasonably good way to model attack steps. Nevertheless, given the diversity of architectures, it can quickly become a burden to draw attack trees for all architectures. This thesis tackles the issues of security of connected vehicles. The proposed approach allows enhancing the threat analysis with the automated generation of attack tree used to assist in the risk assessment step. We also propose novel and efficient protection mechanisms for in-vehicle communication networks capable of coping with existing cyber-physical attacks
19
Elmrabit, Nebrase. "A multiple-perspective approach for insider-threat risk prediction in cyber-security." Thesis, Loughborough University, 2018. https://dspace.lboro.ac.uk/2134/36243.
Full textAbstract:
Currently governments and research communities are concentrating on insider threat matters more than ever, the main reason for this is that the effect of a malicious insider threat is greater than before. Moreover, leaks and the selling of the mass data have become easier, with the use of the dark web. Malicious insiders can leak confidential data while remaining anonymous. Our approach describes the information gained by looking into insider security threats from the multiple perspective concepts that is based on an integrated three-dimensional approach. The three dimensions are human issue, technology factor, and organisation aspect that forms one risk prediction solution. In the first part of this thesis, we give an overview of the various basic characteristics of insider cyber-security threats. We also consider current approaches and controls of mitigating the level of such threats by broadly classifying them in two categories: a) technical mitigation approaches, and b) non-technical mitigation approaches. We review case studies of insider crimes to understand how authorised users could harm their organisations by dividing these cases into seven groups based on insider threat categories as follows: a) insider IT sabotage, b) insider IT fraud, c) insider theft of intellectual property, d) insider social engineering, e) unintentional insider threat incident, f) insider in cloud computing, and g) insider national security. In the second part of this thesis, we present a novel approach to predict malicious insider threats before the breach takes place. A prediction model was first developed based on the outcomes of the research literature which highlighted main prediction factors with the insider indicator variables. Then Bayesian network statistical methods were used to implement and test the proposed model by using dummy data. A survey was conducted to collect real data from a single organisation. Then a risk level and prediction for each authorised user within the organisation were analysed and measured. Dynamic Bayesian network model was also proposed in this thesis to predict insider threats for a period of time, based on data collected and analysed on different time scales by adding time series factors to the previous model. Results of the verification test comparing the output of 61 cases from the education sector prediction model show a good consistence. The correlation was generally around R-squared =0.87 which indicates an acceptable fit in this area of research. From the result we expected that the approach will be a useful tool for security experts. It provides organisations with an insider threat risk assessment to each authorised user and also organisations can discover their weakness area that needs attention in dealing with insider threat. Moreover, we expect the model to be useful to the researcher's community as the basis for understanding and future research.
20
Qabajeh, Issa Mohammad. "Dynamic rule covering classification in data mining with cyber security phishing application." Thesis, De Montfort University, 2017. http://hdl.handle.net/2086/14298.
Full textAbstract:
Data mining is the process of discovering useful patterns from datasets using intelligent techniques to help users make certain decisions. A typical data mining task is classification, which involves predicting a target variable known as the class in previously unseen data based on models learnt from an input dataset. Covering is a well-known classification approach that derives models with If-Then rules. Covering methods, such as PRISM, have a competitive predictive performance to other classical classification techniques such as greedy, decision tree and associative classification. Therefore, Covering models are appropriate decision-making tools and users favour them carrying out decisions. Despite the use of Covering approach in data processing for different classification applications, it is also acknowledged that this approach suffers from the noticeable drawback of inducing massive numbers of rules making the resulting model large and unmanageable by users. This issue is attributed to the way Covering techniques induce the rules as they keep adding items to the rule’s body, despite the limited data coverage (number of training instances that the rule classifies), until the rule becomes with zero error. This excessive learning overfits the training dataset and also limits the applicability of Covering models in decision making, because managers normally prefer a summarised set of knowledge that they are able to control and comprehend rather a high maintenance models. In practice, there should be a trade-off between the number of rules offered by a classification model and its predictive performance. Another issue associated with the Covering models is the overlapping of training data among the rules, which happens when a rule’s classified data are discarded during the rule discovery phase. Unfortunately, the impact of a rule’s removed data on other potential rules is not considered by this approach. However, When removing training data linked with a rule, both frequency and rank of other rules’ items which have appeared in the removed data are updated. The impacted rules should maintain their true rank and frequency in a dynamic manner during the rule discovery phase rather just keeping the initial computed frequency from the original input dataset. In response to the aforementioned issues, a new dynamic learning technique based on Covering and rule induction, that we call Enhanced Dynamic Rule Induction (eDRI), is developed. eDRI has been implemented in Java and it has been embedded in WEKA machine learning tool. The developed algorithm incrementally discovers the rules using primarily frequency and rule strength thresholds. These thresholds in practice limit the search space for both items as well as potential rules by discarding any with insufficient data representation as early as possible resulting in an efficient training phase. More importantly, eDRI substantially cuts down the number of training examples scans by continuously updating potential rules’ frequency and strength parameters in a dynamic manner whenever a rule gets inserted into the classifier. In particular, and for each derived rule, eDRI adjusts on the fly the remaining potential rules’ items frequencies as well as ranks specifically for those that appeared within the deleted training instances of the derived rule. This gives a more realistic model with minimal rules redundancy, and makes the process of rule induction efficient and dynamic and not static. Moreover, the proposed technique minimises the classifier’s number of rules at preliminary stages by stopping learning when any rule does not meet the rule’s strength threshold therefore minimising overfitting and ensuring a manageable classifier. Lastly, eDRI prediction procedure not only priorities using the best ranked rule for class forecasting of test data but also restricts the use of the default class rule thus reduces the number of misclassifications. The aforementioned improvements guarantee classification models with smaller size that do not overfit the training dataset, while maintaining their predictive performance. The eDRI derived models particularly benefit greatly users taking key business decisions since they can provide a rich knowledge base to support their decision making. This is because these models’ predictive accuracies are high, easy to understand, and controllable as well as robust, i.e. flexible to be amended without drastic change. eDRI applicability has been evaluated on the hard problem of phishing detection. Phishing normally involves creating a fake well-designed website that has identical similarity to an existing business trustful website aiming to trick users and illegally obtain their credentials such as login information in order to access their financial assets. The experimental results against large phishing datasets revealed that eDRI is highly useful as an anti-phishing tool since it derived manageable size models when compared with other traditional techniques without hindering the classification performance. Further evaluation results using other several classification datasets from different domains obtained from University of California Data Repository have corroborated eDRI’s competitive performance with respect to accuracy, number of knowledge representation, training time and items space reduction. This makes the proposed technique not only efficient in inducing rules but also effective.
21
Fontenele, Marcelo Paiva. "Designing a method for discovering expertise in cyber security communities : an ontological approach." Thesis, University of Reading, 2017. http://centaur.reading.ac.uk/71325/.
Full textAbstract:
Cyber security aims to protect our connected society from threats affecting services that rely on cyberspace. The pervasive nature of those threats requires a collaborative engagement in which a heterogeneous set of stakeholders request or provide security services. One of the major challenges in current cyber security initiatives is to place skilled people wherever needed whilst reducing the overall knowledge gap. Thus, in order to orchestrate roles in such a complex and dynamic environment, a novel approach to discover talent within the cyber security community is required. This PhD research addresses this challenge by devising a conceptual model and an ontological methodology, which aids a robust discovery of the fittest expertise driven by the specific needs of cyber security projects, as well as benchmarking expertise shortages. Talent management, knowledge management and organisational modelling theories provide the theoretical foundations upon which the cyber security community is articulated. Mixed methods were performed within a cyber security community to triangulate findings in the literature, test the method and appraise the solution. The method for discovering expertise in cyber security communities (DECYSE) is capable of delivering a seamless solution for processes involving expertise discovery. This method enables learning from previous projects; supports selection, ranking and assessment of experts according to specified requirements in a project profile; and provides indicators to measure knowledge gaps and shortages in the cyber security community. The DECYSE method is robust and underpinned by analytical techniques, considering complex interactions and perspectives from the actors involved. In order to promote ongoing improvement on the method itself, this thesis also details the conceptual model which articulates the requirements for developing DECYSE. A round of experiments was successfully conducted, where a team of three experts, out of sixty-six participant profiles, met the criteria in a cyber security project. The method was also positively appraised by a board of experts working with strategic CS projects. DECYSE enables ongoing improvement and contributes to both theory and the cyber security community.
22
Kahlström, Joakim, and Johan Hedlin. "Automating software installation for cyber security research and testing public exploits in CRATE." Thesis, Linköpings universitet, Databas och informationsteknik, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177401.
Full textAbstract:
As cyber attacks are an ever-increasing threat to many organizations, the need for controlled environments where cyber security defenses can be tested against real-world attacks is increasing. These environments, called cyber ranges, exist across the world for both military and academic purposes of various scales. As the function of a cyber range involves having a set of computers, virtual or physical, that can be configured to replicate a corporate network or an industrial control system, having an automated method of configuring these can streamline the process of performing different exercises. This thesis aims to provide a proof of concept of how the installation of software with known vulnerabilities can be performed and examines if the software is vulnerable directly after installation. The Cyber Range And Training Environment (CRATE) developed by the Swedish Defence Research Agency (FOI) is used as a testbed for the installations and FOI-provided tools are used for launching automated attacks against the installed software. The results show that installations can be performed without Internet access and with minimal network traffic being generated and that our solution can rewrite existing software packages from the package manager Chocolatey to work with an on-premises repository with an 85% success rate. It is also shown that very few publicly available exploits succeed without any manual configuration of either the exploit or the targeted software. Our work contributes to making it easier to set up environments where cyber security research and training can be conducted by simplifying the process of installing vulnerable applications.
23
Ayereby, Manouan Pierre-Marius. "Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems." ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/6163.
Full textAbstract:
This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees' behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization.
24
Hou, Chengjun. "Dynamic Programming under Parametric Uncertainty with Applications in Cyber Security and Project Management." The Ohio State University, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=osu1437676379.
Full text
25
Bolton, Alexander. "Bayesian change point models for regime detection in stochastic processes with applications in cyber security." Thesis, Imperial College London, 2016. http://hdl.handle.net/10044/1/48484.
Full textAbstract:
Some important cyber security data can be modelled using stochastic processes that undergo changes in behaviour over time. Consider a piece of malicious software (malware) that performs different functions as it runs. Data obtained from this software switch between different behaviours that correspond to different functions. Coders create new strains of similar malware by making minor changes to existing malware; these new samples cannot be detected by methods that only identify whether an exact executable file has been seen before. Comparing data from new malware and existing malware, in order to detect similar behaviours, is a cyber security challenge. Methods that can detect these similar behaviours are used to identify similar malware samples. This thesis presents a generalised change point model for stochastic processes that includes regimes, i.e. recurring parameters. For generality the stochastic processes are assumed to be multivariate. A new reversible jump Markov chain Monte Carlo (RJMCMC) sampler is presented for inferring model parameters. The number of change points or regimes need not be specified before inference as the RJMCMC sampler allows these to be inferred. The RJMCMC sampler is applied in different contexts, including estimating malware similarity. A new sequential Monte Carlo (SMC) sampler is also presented. Like the RJMCMC sampler, the SMC sampler infers change points and regimes, but the SMC inference is computed online. The SMC sampler is also applied to detect regimes in a variety of contexts, including connections made in a computer network.
26
Lu, Long. "Reinforcing the weakest link in cyber security: securing systems and software against attacks targeting unwary users." Diss., Georgia Institute of Technology, 2013. http://hdl.handle.net/1853/49090.
Full textAbstract:
Unwary computer users are often blamed as the weakest link on the security chain, for unknowingly facilitating incoming cyber attacks and jeopardizing the efforts to secure systems and networks. However, in my opinion, average users should not bear the blame because of their lack of expertise to predict the security consequence of every action they perform, such as browsing a webpage, downloading software to their computers, or installing an application to their mobile devices.
My thesis work aims to secure software and systems by reducing or eliminating the chances where users’ mere action can unintentionally enable external exploits and attacks. In achieving this goal, I follow two complementary paths: (i) building runtime monitors to identify and interrupt the attack-triggering user actions; (ii) designing offline detectors for the software vulnerabilities that allow for such actions. To maximize the impact, I focus on securing software that either serve the largest number of users (e.g. web browsers) or experience the fastest user growth (e.g. smartphone apps), despite the platform distinctions.
I have addressed the two dominant attacks through which most malicious software (a.k.a. malware) infections happen on the web: drive-by download and rogue websites. BLADE, an OS kernel extension, infers user intent through OS-level events and prevents the execution of download files that cannot be attributed to any user intent. Operating as a browser extension and identifying malicious post-search redirections, SURF protects search engine users from falling into the trap of poisoned search results that lead to fraudulent websites. In the infancy of security problems on mobile
devices, I built Dalysis, the first comprehensive static program analysis framework for vetting Android apps in bytecode form. Based on Dalysis, CHEX detects the component hijacking vulnerability in large volumes of apps.
My thesis as a whole explores, realizes, and evaluates a new perspective of securing software and system, which limits or avoids the unwanted security consequences caused by unwary users. It shows that, with the proposed approaches, software can be reasonably well protected against attacks targeting its unwary users. The knowledge and insights gained throughout the course of developing the thesis have advanced the community’s awareness of the threats and the increasing importance of considering unwary users when designing and securing systems. Each work included in this thesis has yielded at least one practical threat mitigation system. Evaluated by the large-scale real-world experiments, these systems have demonstrated the effectiveness at thwarting the security threats faced by most unwary users today. The threats addressed by this thesis have span multiple computing platforms, such as desktop operating systems, the Web, and smartphone devices, which highlight the broad impact of the thesis.
27
Maines, C. L. "A framework for the extension and visualisation of cyber security requirements in modelling languages." Thesis, Liverpool John Moores University, 2018. http://researchonline.ljmu.ac.uk/8393/.
Full textAbstract:
Almost half of UK firms claim to have been subject to some sort of cyber-attack or breach in the last 12 months, with an average cost per incident being around £20,000. Yet, even in the face of these ever-mounting threats, cyber security is still treated as an afterthought throughout the systems development lifecycle (SDLC). Though literature is aiming to rectify this mindset through the proposal of multiple software security solutions, there is still a noticeable absence of any usable, expressive tool for designing cyber security into a system at the requirements stages of the SDLC. By not practicing secure by design, there is a risk of: poor defences, confused developers with no security guidelines to work from, a potential redesign of core functionality and very expensive patch management. There have been several attempts at producing a solution, with modelling languages presenting themselves as the perfect platform to specify such designs. One can observe multiple publications throughout literature which propose the extension of these languages to include security expression. However, the ability of these propositions to provide comprehensive expression of the cyber security domain and remain usable alongside their parent modelling language, remains an elusive endeavour. The aim of this thesis is to produce a solution which ensures the practicability of expressive and usable secure by design tool implementation. That is, by conducting an evaluation of existing attempts at security extension and extracting heuristics based on their current failings, combine them with proven scientific principles to produce a framework which will act as its own form of methodology to guide the development of a security extension to modelling languages.
28
Ivanov, Bozhidar, and Joonas Vaino. "Computer literacy : Does a background in computer programming give you better cyber security habits?" Thesis, Internationella Handelshögskolan, Högskolan i Jönköping, IHH, Informatik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-44763.
Full textAbstract:
Background: Computers are everywhere around us today and skills must be acquired in order for a person to use them. However, the topic of computer literacy is not researched enough to specify basic computer skills to consider an individual computer literate. This thesis will contribute to the research gap by investigating the computer skills of the workforce in the IT sector. Purpose: The purpose of this thesis is to examine the connection between computer programming and cyber security skills of the IT professional, e.g. is there a beneficial factor of this connection. Method: For this study the quantitative research method was used to gather data. The authors decided that the best way to reach their target group and answer the research questions was to conduct a survey and pose questions on the topics of computer literacy and cyber security. Conclusion: The results show that there is a statistical significance between the user’s security habits and his or her programming skills (or the absence of them). People who write code, defined as programmers, scored better on security skills survey, whereas their counterparts, the non-programmers, have some knowledge on the topic but they can never be absolutely sure of their cyber safety in the fast changing world of IT.
29
Fall, Moustapha. "Cyber-Physical Systems Security: Machine to Machine Controlled by PLC in a Local Network." University of Cincinnati / OhioLINK, 2021. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1623168149265934.
Full text
30
Wei, Longfei. "Game-Theoretic and Machine-Learning Techniques for Cyber-Physical Security and Resilience in Smart Grid." FIU Digital Commons, 2018. https://digitalcommons.fiu.edu/etd/3850.
Full textAbstract:
The smart grid is the next-generation electrical infrastructure utilizing Information and Communication Technologies (ICTs), whose architecture is evolving from a utility-centric structure to a distributed Cyber-Physical System (CPS) integrated with a large-scale of renewable energy resources. However, meeting reliability objectives in the smart grid becomes increasingly challenging owing to the high penetration of renewable resources and changing weather conditions. Moreover, the cyber-physical attack targeted at the smart grid has become a major threat because millions of electronic devices interconnected via communication networks expose unprecedented vulnerabilities, thereby increasing the potential attack surface. This dissertation is aimed at developing novel game-theoretic and machine-learning techniques for addressing the reliability and security issues residing at multiple layers of the smart grid, including power distribution system reliability forecasting, risk assessment of cyber-physical attacks targeted at the grid, and cyber attack detection in the Advanced Metering Infrastructure (AMI) and renewable resources.
This dissertation first comprehensively investigates the combined effect of various weather parameters on the reliability performance of the smart grid, and proposes a multilayer perceptron (MLP)-based framework to forecast the daily number of power interruptions in the distribution system using time series of common weather data. Regarding evaluating the risk of cyber-physical attacks faced by the smart grid, a stochastic budget allocation game is proposed to analyze the strategic interactions between a malicious attacker and the grid defender. A reinforcement learning algorithm is developed to enable the two players to reach a game equilibrium, where the optimal budget allocation strategies of the two players, in terms of attacking/protecting the critical elements of the grid, can be obtained. In addition, the risk of the cyber-physical attack can be derived based on the successful attack probability to various grid elements.
Furthermore, this dissertation develops a multimodal data-driven framework for the cyber attack detection in the power distribution system integrated with renewable resources. This approach introduces the spare feature learning into an ensemble classifier for improving the detection efficiency, and implements the spatiotemporal correlation analysis for differentiating the attacked renewable energy measurements from fault scenarios. Numerical results based on the IEEE 34-bus system show that the proposed framework achieves the most accurate detection of cyber attacks reported in the literature. To address the electricity theft in the AMI, a Distributed Intelligent Framework for Electricity Theft Detection (DIFETD) is proposed, which is equipped with Benford’s analysis for initial diagnostics on large smart meter data. A Stackelberg game between utility and multiple electricity thieves is then formulated to model the electricity theft actions. Finally, a Likelihood Ratio Test (LRT) is utilized to detect potentially fraudulent meters.
31
Ryttare, Emma. "Change Management: A Key in Achieving Successful Cyber Security : A Multiple Case Study of Organizations in Sweden." Thesis, Luleå tekniska universitet, Institutionen för ekonomi, teknik och samhälle, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-74788.
Full textAbstract:
Purpose – The purpose of this study is to enhance the understanding of how organizations can improve their cyber security with change management. To fulfill the purpose, the following research questions were developed: RQ1: What are the key factors for effective change management in the context of cyber security? and RQ2: How can organizations manage these factors to improve cyber security? Method – A qualitative research method with an inductive approach was chosen. The empirical data collection was performed as a multiple case study with 16 semi-structured interviews with respondents from six organizations, and the data were analyzed through a thematic analysis. Result – The findings of this study is gathered in a framework for successful cyber security culture change that highlights each essential activity for how to improve cyber security with change management. It also shows when and how these activities should be performed, when to consider each leadership characteristic, and what employee sensemaking needs that should be considered during the process. Theoretical contribution – The study contributes to both cyber security literature and change management literature. It contributes to the cyber security literature by providing a processual model that illustrates the factors dependency of each other. Also, by adding the perspective of sensemaking, the study provides an overall picture, with both a leader and employee perspective, of how change management can be used to improve cyber security. Additionally, this study extends earlier change management literature by providing a sensemaking approach to the change process. Managerial implications – The study contributes with valuable insights for management in practice by presenting a framework that can help CISO’s, security consultants or other managers responsible for the organizations security to execute successful cyber security culture change. With the presented framework, they can plan, execute and sustain the change in the organization’s cyber security culture.
32
Tan, Yue. "Stochastic Modeling, Optimization and Data-Driven Adaptive Control with Applications in Cloud Computing and Cyber Security." The Ohio State University, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=osu1431098853.
Full text
33
Martin, Jaclyn. "Something Looks Phishy Here: Applications of Signal Detection Theory to Cyber-Security Behaviors in the Workplace." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6728.
Full textAbstract:
Cyber-security is an ever-increasing problem in the 21st century. Though the majority of cyber-security breaches are a direct result of human error (Hu, Dinev, Hart, & Cooke, 2012), there is a dearth of research in psychology on the application of human decision-making for cyber-security compliance. Through an online inbox simulation, the present research examined the utility of a robust psychological model for decision-making, signal detection theory (SDT) for modeling decision-making in the context of receiving and responding to phishing and spear-phishing email scams. The influence of individual differences, specifically conscientiousness, on phishing email detection was also examined. The results indicate that SDT is useful for modeling and measuring cyber-compliance behavior in terms of responding to phishing emails. This finding supports the feasibility of using SDT to monitor training effectiveness for individuals’ resistance to social engineering in phishing email detection. There were no significant relationships between participants’ scores on conscientiousness and their phishing and spear-phishing email detection ability. Future research should explore predictors of cyber-compliance with regards to individuals’ phishing and spear-phishing susceptibility.
34
Lundberg, Johan. "Dynamic Risk Management in Information Security : A socio-technical approach to mitigate cyber threats in the financial sector." Thesis, Örebro universitet, Handelshögskolan vid Örebro Universitet, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-87359.
Full textAbstract:
In the last decade, a new wave of socio-technical cyber threats has emerged that is targeting both the technical and social vulnerabilities of organizations and requires fast and efficient threat mitigations. Yet, it is still common that financial organizations rely on yearly reviewed risk management methodologies that are slow and static to mitigate the ever-changing cyber threats. The purpose of this research is to explore the field of Dynamic Risk Management in Information Security from a socio-technical perspective in order to mitigate both types of threats faster and dynamically to better suit the connected world we live in today. In this study, the Design Science Research methodology was utilized to create a Dynamic Information Security Risk Management model based on functionality requirements collected through interviews with professionals in the financial sector and structured literature studies. Finally, the constructed dynamic model was then evaluated in terms of its functionality and usability. The results of the evaluation showed that the finalized dynamic risk management model has great potential to mitigate both social and technical cyber threats in a dynamic fashion.Under senaste decenniet har en ny våg av sociotekniska cyberhot uppkommit som är riktade både mot de sociala och tekniska sårbarheterna hos organisationer. Dessa hot kräver snabba och effektiva hotreduceringar, dock är det fortfarande vanligt att finansiella organisationer förlitar sig på årligen granskade riskhanteringsmetoder som både är långsamma och statiska för att mildra de ständigt föränderliga cyberhoten. Syftet med denna forskning är att undersöka området för dynamisk riskhantering inom informationssäkerhet ur ett sociotekniskt perspektiv, med målsättningen att snabbare och dynamiskt kunna mildra bägge typerna av hot för att bättre passa dagens uppkopplade värld. I studien användes Design Science Research för att skapa en dynamisk riskhanteringsmodell med syfte att hantera sociotekniska cyberhot mot informationssäkerheten. Riskhanteringsmodellen är baserad på funktionskrav insamlade genom intervjuer med yrkesverksamma inom finanssektorn, samt strukturerade litteraturstudier. Avslutningsvis utvärderades den konstruerade dynamiska modellen avseende dess funktionalitet och användbarhet. Resultaten av utvärderingen påvisade att den slutgiltiga dynamiska riskhanteringsmodellen har en stor potential att mitigera både sociala och tekniska cyberhot på ett dynamiskt sätt.
35
Topping, Colin. "The role of awareness in adoption of government cyber security initiatives : A study of SMEs in the U.K." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-64870.
Full textAbstract:
Awareness is a key component of any information security programme. This study sets out to establish whether SMEs are using the government cyber security initiatives and finds that only 4.3% of respondents are utilising the resource that is freely available from the newly formed National Cyber Security Centre. The principal reason for this is a lack of awareness, although the survey also reveals that respondents would use this service if they had knowledge of it. Furthermore, 72.3% are keen for the government to deliver a public cyber security awareness campaign from funds available to the National Cyber Security Strategy. The association of the NCSC with GCHQ is seen to increase the trust in the service the NCSC delivers, whilst incentivising SMEs to enhance their security is popular amongst the 46 respondents. Survey responses suggest that small and micro businesses believe that they are too small to attract cyber-attacks, under the misguided assumption that “security through obscurity” is a viable control to mitigate the cyber risk. This underlines the lack of awareness of the randomness of threats such as ransomware and supports the need for greater user knowledge.
36
MacEwan, Neil Finlay. "Responsibilisation, rules and rule-following concerning cyber security : findings from small business case studies in the UK." Thesis, University of Southampton, 2017. https://eprints.soton.ac.uk/417156/.
Full textAbstract:
This thesis is the result of an investigation into the challenges that lie within the governance of small business employees' behaviour towards cyber security. That investigation comprised three stages. The first was an exploration of the political context in which the matter of cyber security sits within the UK. This sought to determine whether cyber security is a policy area where the State continues to push responsibility away from itself and onto non-State actors, as a means of extending and enhancing the governance of situations and environments which have a tendency to produce criminal behaviour (Garland, 1997). More specifically, the research questions explored during this stage were: In the UK, is government discourse responsibilising small businesses, and the people who work within them, for cyber security? If so, how? And with what implications? Answering these questions involved detailed analysis of much government discourse on cybercrime and cyber security. It was found that the UK government continues to employ a responsibilisation strategy in the governance of cybercrime and cyber security. Yet, it has become increasingly frustrated with what it sees as poor risk management by those so responsibilised, such as small businesses. This has caused the government to speak in more judgemental and less tolerant terms on this matter, and thereby also continue to shape victim status in ways that make it increasingly difficult to attain. In turn, this brings consequences which include the danger of victim blaming. The second and third stages of research sought to evaluate that continuing governmental strategy of responsibilisation 'on the ground.' In particular, to learn how small businesses are coping with the 'responsibilisation conundrum' passed on to them by the government: that of getting each of their employees to behave in cyber-secure ways, all of the time. The specific research questions explored during these stages were: Within their everyday working lives, do employees within small businesses practise what their government and their employers preach to them about cyber security? And if not, why not? Answering these questions involved the conduct of case studies within three small businesses. These comprised a five-day Diary Study, followed up by semi-structured Interviewing. Collectively, the findings from these case studies indicated strongly that the government has underestimated the difficulty of that 'responsibilisation conundrum.' Specifically, by showing that the governance of employees' behaviour around cyber security within small businesses, in and beyond the workplace, can be far from straightforward, in a number of ways and for a number of reasons. However, this research has also gone on to demonstrate that this 'responsibilisation conundrum' is even more difficult than has been recognised before, by the government or anyone else. Specifically, because the matter of rules and rule-following behaviour brings greater complexity to it. Two aspects of this research have combined to shed new light on that 'responsibilisation conundrum': Firstly, further findings from those case studies have provided much evidence of the real influences on people's rule-following behaviour around cyber security, the most potent of which were found to be pragmatism ('just getting things done') and consensus ('that's how we all do it here'). And secondly, the first application of Meaning Finitism and Rule Scepticism within the subject of cyber security has challenged strongly some assumptions being made by government and businesses about the efficacy of rules and their use in the governance of cyber security. All of these findings have led to two main recommendations: Firstly, that in future any strategies for governing the human aspects of cyber security should be grounded in people's lived experiences of cyber security within their everyday working lives. And secondly, as part of a solution to the 'responsibilisation conundrum,' a Finitist approach should now be taken to training and otherwise guiding people towards cyber-secure behaviours. Combining a true understanding of the relation between rules and conduct, and a recognition of the multiplicity of cyber security threats, this is an approach that will help shape the behaviour of employees in ways sought but seldom achieved by rule-setting.
37
El, Wynton. "Social Media in Japan: An Investigation of the Impact Social Media Has on Cyber-Security and Politics in Japan." Thesis, The University of Arizona, 2014. http://hdl.handle.net/10150/555533.
Full textAbstract:
The advancement of technology and social media in East Asia, although innovative, has created an avenue for cyber-criminals to access information from individuals and corporations. Three of the most technologically and economically advanced nations in the world lie in East Asia and have a substantial amount of data in cyberspace. A large volume of sensitive and inadequately protected data is in this continuously growing cloud. This suggests the need for governments in the region to establish increased cyber-security legislation in order to protect national security interests. The purpose of this research is to investigate the impact social media has on cybersecurity and politics in East Asia with an emphasis on Japan. Research suggests that China and South Korea lead Japan in cyber-security; however, Japan is making great strides in effectively securing its cyberspace. With assistance from the United States and other NATO allies, Japan has the ability and means to create an optimal cyber-defense infrastructure that matches its technology innovations.
38
Egloff, Florian J. "Cybersecurity and non-state actors : a historical analogy with mercantile companies, privateers, and pirates." Thesis, University of Oxford, 2018. http://ora.ox.ac.uk/objects/uuid:77eb9bad-ca00-48b3-abcf-d284c6d27571.
Full textAbstract:
The thesis investigates how the historical analogy to mercantile companies, privateers, and pirates between the 16th and 19th century can elucidate the relationship between non-state actors and states in cyber(in-)security, and how such an application changes our understanding of cyber(in-)security. It contributes to a better integration of non-state actors into the study of cyber(in-)security and international security by clarifying the political challenges raised by the interaction between these players and states. Drawing on the literature of non-state armed actors, the thesis defines a spectrum of state proximity to develop an analytical framework categorizing actors as state, semi-state, and non-state. The historical investigation utilizes primary and secondary sources to explore three periods in British naval history: the late 16th, late 17th, and mid-19th centuries. A comparison of the two security domains - the sea and cyberspace - identifies the pre-18th century periods as the most useful analogues for cyber(in-)security. The thesis evaluates the analogy by conducting empirical case studies. First, the case of the attacks against Estonia (2007) and three criminal court cases against Russian hackers (2014/2017) examine the analogy to pirates and privateers. Second, the analogy to mercantile companies focuses on the attacks against Google (2009), the attacks against Sony Pictures Entertainment (2014), and the collaboration between large technology companies and Five-Eyes signals intelligence agencies. The thesis makes three main claims: first, the analogy to piracy and privateering provides a new understanding of how state proximity is used politically by attackers and defenders, and offers lessons for understanding attribution in cyberspace. Second, the longevity of historical privateering sheds light on the long-term risks and rewards of state collaboration with cyber criminals, and offers insight into the political constitution of cyber(in-)security. Third, the mercantile company lens improves our understanding of how cooperative and conflictive relations between large technology companies and states influence cyber(in-)security.
39
Lavine, Michael Keith. "Cyber security information sharing in the United States : an empirical study including risk management and control implications, 2000-2003." Thesis, City University London, 2007. http://openaccess.city.ac.uk/8496/.
Full textAbstract:
A tremendous amount of change in traditional business paradigms has occurred over the past decade through the development of Electronic Commerce and advancements in the field of Information Technology. As lesser-developed countries progress and become more prosperous, traditional 'first world' countries have migrated to become strong service oriented economies (Asch, 2001). Supporting technologies have developed over the past decade which has exploited the benefits of the Internet and other information technologies. While Electronic Commerce continues to grow there is a corresponding impact on computer software and individual privacy (Ghosh and Swaminatha, 2001). Recently, the U.S. National Institute of Standards and Technology (NIST) found that software bugs cost the U.S. economy approximately $59.5 billion, or 60% of the annual Gross Domestic Product (U.S. Department of Commerce, 2003). In addition, we have witnessed a rise in the strength and impact of Denial of Service and other types of computer attacks such as: viruses, trojans, exploit scripts and probes/scans. Popular industry surveys such as the annual Federal Bureau of Investigation/Computer Security Institute (Gordon, Et. Al., 2006) confirm the growing threats in the Information Assurance field. In addition to these concerns our increased reliance on the Internet enabled systems (Loudon and Loudon, 2000), E-Commerce systems and Information Technologies an integrated suite of risks which must be managed effectively across the public and private sectors (Backhouse, Et. Al, 2005, Ghosh and Swamintha, 2001, Parker, 2001, Graf, 1995, Greenberg and Goldman, 1995). Previous research (Rumizen, 1998, Haver, 1998, Roulier, 1998) examined Inter-Organisational, Web Information Systems and Government Information Systems in order to assess how companies and other organisations can effectively design these information systems such that maximum benefits can be achieved for all participating organisations. Furthermore, Davenport, Harris and Delong (2001) and Davenport (1999) explained that collaboration is central to the results of a knowledge management system in which open, nonpolitical, non-competitive entities are involved in environments to achieve optimal individual and collective results. Before this memorable event, some related programmatic initiatives were already in-process at that time. The United States government built upon its active leadership in the areas of computer security and information assurance when it launched a number of important efforts to manage information security threats. This was clearly evident when President Clinton made the U.S. National Infrastructure (NII) a major national priority in the 1990s. One critical development occurred in 1998 when the National Infrastructure Protection Centre was established to be the central point for gathering, analysing and disseminating critical cyber security information and built upon the previous success of the national Computer Emergency Response Team (CERT). Earlier research (Rich, 2001, Soo Hoo, 2000, Howard, 1997 and Landwher, 1994) addressed various aspects of information security information and incident reporting. Also, Vatis (2001) addressed some research considerations in this area while investigating foreign network centric and traditional warfare events primarily through Denial of Service and Web Site Defacement attacks. However, areas for new exploration existed especially as they related to U.S. critical infrastructure protection (Karestand, 2003, Vatis, 2001, U.S. General Accounting Office, 2000, Alexander and Swetham, 1999). Finally, Information and Network Centric Warfare (Arens and Rosenbloom, 2003, Davies, 2000, Denning and Baugh, 2000, and Schwartau, 1997) are increasing national security issues in the War on Terrorism and Homeland Security in general.
40
Brandman, Joshua Erich. "A Physical Hash for Preventing and Detecting Cyber-Physical Attacks in Additive Manufacturing Systems." Thesis, Virginia Tech, 2017. http://hdl.handle.net/10919/86412.
Full textAbstract:
This thesis proposes a new method for detecting malicious cyber-physical attacks on additive manufacturing (AM) systems. The method makes use of a physical hash, which links digital data to the manufactured part via a disconnected side-channel measurement system. The disconnection ensures that if the network and/or AM system become compromised, the manufacturer can still rely on the measurement system for attack detection. The physical hash takes the form of a QR code that contains a hash string of the nominal process parameters and toolpath. It is manufactured alongside the original geometry for the measurement system to scan and compare to the readings from its sensor suite. By taking measurements in situ, the measurement system can detect in real-time if the part being manufactured matches the designer's specification. A proof-of-concept validation was realized on a material extrusion machine. The implementation was successful and demonstrated the ability of this method to detect the existence (and absence) of malicious attacks on both process parameters and the toolpath.
A case study for detecting changes to the toolpath is also presented, which uses a simple measurement of how long each layer takes to build. Given benchmark readings from a 30x30 mm square layer created on a material extrusion system, several modifications were able to be detected. The machine's repeatability and measurement technique's accuracy resulted in the detection of a 1 mm internal void, a 2 mm scaling attack, and a 1 mm skewing attack. Additionally, for a short to moderate length build of an impeller model, it was possible to detect a 0.25 mm change in the fin base thickness.
A second case study is also presented wherein dogbone tensile test coupons were manufactured on a material extrusion system at different extrusion temperatures. This process parameter is an example of a setting that can be maliciously modified and have an effect on the final part strength without the operator's knowledge. The performance characteristics (Young's modulus and maximum stress) were determined to be statistically different at different extrusion temperatures (235 and 270 °C).Master of Science
41
Lambert, Glenn M. II. "Security Analytics: Using Deep Learning to Detect Cyber Attacks." UNF Digital Commons, 2017. http://digitalcommons.unf.edu/etd/728.
Full textAbstract:
Security attacks are becoming more prevalent as cyber attackers exploit system vulnerabilities for financial gain. The resulting loss of revenue and reputation can have deleterious effects on governments and businesses alike. Signature recognition and anomaly detection are the most common security detection techniques in use today. These techniques provide a strong defense. However, they fall short of detecting complicated or sophisticated attacks. Recent literature suggests using security analytics to differentiate between normal and malicious user activities.
The goal of this research is to develop a repeatable process to detect cyber attacks that is fast, accurate, comprehensive, and scalable. A model was developed and evaluated using several production log files provided by the University of North Florida Information Technology Security department. This model uses security analytics to complement existing security controls to detect suspicious user activity occurring in real time by applying machine learning algorithms to multiple heterogeneous server-side log files. The process is linearly scalable and comprehensive; as such it can be applied to any enterprise environment. The process is composed of three steps. The first step is data collection and transformation which involves identifying the source log files and selecting a feature set from those files. The resulting feature set is then transformed into a time series dataset using a sliding time window representation. Each instance of the dataset is labeled as green, yellow, or red using three different unsupervised learning
methods, one of which is Partitioning around Medoids (PAM). The final step uses Deep Learning to train and evaluate the model that will be used for detecting abnormal or suspicious activities. Experiments using datasets of varying sizes of time granularity resulted in a very high accuracy and performance. The time required to train and test the model was surprisingly fast even for large datasets. This is the first research paper that develops a model to detect cyber attacks using security analytics; hence this research builds a foundation on which to expand upon for future research in this subject area.
42
Tipparach, Santipab. "The Design of Virtual Reality Based Data Visualization and User Interface Design in a Semi-Automated Cyber-Security Research Application." Thesis, North Dakota State University, 2019. https://hdl.handle.net/10365/31720.
Full textAbstract:
Virtual Reality is currently an affordable and consumer ready technology used by many in the games and interactive media industry, however unlike the user interface standards in mobile, PCs, and Macs, VR UI design can vary in complexity and usability. VR has many times been linked in films, TV shows, and animation as a method for navigating through cyberspace. It has been portrayed to be involved in the process of hacking a computer on some network. This study will look at approaches to developing a UI system using cyber-security research applications as a basis for designing a framework. Throughout, this research will analyze the different approaches to UI design and data visualization, extract relevant information, and find out what approaches will help improve the VR software front end design.
43
Rubin, Willa. "Waging Wars in Cyberspace: How International Law On Aggression And Self-Defense Falls Short Of Addressing Cyber Warfare.Could Iran Legally Retaliate For The Stuxnet Attack?" Oberlin College Honors Theses / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=oberlin1462921585.
Full text
44
Gripenstedt, Daniel, and Joakim Öberg. "A security analysis in a life science environment : a case study." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-299357.
Full textAbstract:
The cyber-threat against life-science is much larger today than just a couple of years back. Companies within the field have valuable information from example R& Din pharmaceuticals, biotech, personal data of vulnerable patients or medical devices and that is something attackers are very much aware of. Lab equipment have generally been disconnected from the internet to protect their data even more but the benefits a company would gain in diagnostics and support could outweigh it. In this paper a fictional environment with lab instruments, control units and databases is set up based on a real system used by Company X. A security analysis for the system is conducted with the goal to identify and analyse potential threats and risks. This was done by first study relevant literature along with meetings with representatives from Company X. The security analysis is made with a threat model called Yacraf which includes six different phases, the process was easy to follow and resulted in potential ways how an attacker could gain access to the system. The results also show different protection scenarios for these attacks and how Company X could implement preventive measures in advance. If Company X where to implement such a remote control system a first step would be to educate the employees to recognize common cyber-threats and only set up the remote connection when needed.Cyberhotet mot life science är mycket större idag än för bara ett par år tillbaka. Företag sitter på värdefull information från exempel forskning och utveckling inom läkemedel, bioteknik, personuppgifter om utsatta patienter eller medicintekniska produkter och det är något som hackare är mycket medvetna om. Labutrustning har i allmänhet kopplats bort från internet för att skydda deras data ännu mer, men fördelar företag kan vinna på diagnistik och support skulle kunna uppväga det. I denna uppsats skapas en fiktiv miljö med laboratorieinstrument, styrenheter och databaser baserat på ett verkligt system som används av företag X. En säkerhetsanalys för systemet genomförs med målet att identifiera och analysera potentiella hot och risker. Detta gjordes genom att först studera relevant litteratur tillsammans med möten med företrädare för företag X. Säkerhetsanalysen är gjord med en hotmodell som heter Yacraf som innehåller sex olika faser, processen var lätt att följa och resulterade i potentiella sätt hur en angripare kunde vinna tillgång till systemet. Resultaten visar också olika skyddsscenarier för dessa attacker och hur Company X kunde genomföra förebyggande åtgärder i förväg. Om företag X skulle implementera ett sådant fjärrkontrollsystem skulle ett första steg vara att utbilda de anställda att känna igen vanliga cyberhot och bara ansluta fjärranslutningen vid behov.
45
Wang, Yujue. "Quantifying the effects of uncertainty to manage cyber-security risk and enable adaptivity in power grid wide area monitoring and control applications." Thesis, Washington State University, 2016. http://pqdtopen.proquest.com/#viewpdf?dispub=10139695.
Full textAbstract:
The smooth operation of the power grid is based on the effective Wide Area Monitoring and Control systems, which is supposed to provide reliable and secure communication of data. Due to the complexity of the system and inaccuracy of modeling, uncertainty is unavoidable in such systems. So it is of great interest to characterize and quantify the uncertainty properly, which is significant to the functionality of power grid.
Trust, as a subjective and expressive concept connoting one party's (the trustor's) reliance on and belief in the performance of another party (the trustee), is modeled to help administrators (trustors) of WAMC systems evaluate the trustworthiness of data sources (trustees), which is essentially a measurement of uncertainty of this system. Both evidence based methods and data based methods are developed to evaluate trustworthiness and describe uncertainty respectively.
By modeling both aleatory and epistemic uncertainty with subjective logic and probability distributions respectively, a framework quantifying uncertainty is proposed. Quantification of the uncertainties can greatly help the system administrators to select the most fitting security implementation to achieve both security and QoS with a certain confidence. Based on the quantification framework, an adaptive security mechanism is prototyped, which can adjust the security scheme online according to dynamic requirements and environmental changes, to make the best ongoing trade-off between security assurance and QoS.
46
Munir, Sundas, and Mirza Sanam Iqbal Baig. "Challenges and Security Aspects of Blockchain Based Online Multiplayer Games." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-38771.
Full textAbstract:
Video gaming has always been a blooming industry. With the emergence of online multi- player video games , this industry’s worth have sky rocketed. Online multiplayer video games store data of player’s credentials, in-game progress, in-game virtual assets and payment details etc. Which mean security threats to these systems are nothing new and securing these games have always meant to protect player’s data from unauthorized breach. Integration of Blockchain technology in online multiplayer video games apart from other amazing features, provides a way to prove digital ownership of virtual assets with their verifiable scarcity. Trade of these in-game virtual assets have always been a goal for online multiplayer gaming companies, but there was none enough trust-able infrastructure available which can be relied on. Blockchain just solved that problem. It provided a platform for these asset’s secure and transparent transaction between players. Topic for our research not only consider the security challenges in online games but specifi- cally blockchain based online multiplayer games. This adaptation is still new and there is need of consideration of new security challenges. In this dissertation we try to bring out some important challenges related to security of blockchain based online multiplayer video games. There are currently no studies around security concerns and challenges of the integration of the online multiplayer video games in the emerging blockchain systems. In order to fill in the gap, this dissertation discusses and identifies two main security concerning questions related to this domain. Also this dissertation provides basic steps for expanding future research and application in this joint domain.
47
Khatwani, Chanchal. "Security Analysis of ECC Based Protocols." UNF Digital Commons, 2017. http://digitalcommons.unf.edu/etd/734.
Full textAbstract:
Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities, and to enhance them to be more secure against threats. This work demonstrates how currently used ECC based protocols are vulnerable to attacks. If protocols are vulnerable, damages could include critical data loss and elevated privacy concerns. The protocols considered in thiswork differ in their usage of security factors (e.g. passwords, pins, and biometrics), encryption and timestamps. The threatmodel considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals.
48
Mapoka, Trust Tshepo. "Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications : multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications." Thesis, University of Bradford, 2015. http://hdl.handle.net/10454/14468.
Full textAbstract:
Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.
49
Hätty, Niklas. "Representing attacks in a cyber range." Thesis, Linköpings universitet, Programvara och system, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-159838.
Full textAbstract:
Trained security experts can be a mitigating factor to sophisticated cyberattacks that aim to violate the confidentiality, integrity, and availability of information. Reproducible sessions in a safe training environment is an effective way of increasing the excellence of security experts. One approach to achieving this is by using cyber ranges, which essentially is a set of hardware nodes that can virtually represent a large organization or system. The Swedish Defense Research Agency (FOI) develops and maintains a fully functioning cyber range and has the ability to automatically deploy sophisticated attacks against organizations and systems represented in this cyber range through a system called SVED. In this thesis, the capability to deploy different types of cyberattacks through SVED against virtual organizations in a cyber range, CRATE, is investigated. This is done by building a dataset of publicly disclosed security incidents from a database and attempting to represent each of them in SVED, and subsequently instantiating these attack representations against organizations in CRATE. The results show that the prevalence of at least one CVE-entry (Common Vulnerabilities and Exposures) in the incident description is a key factor to be able to represent an attack in SVED. When such an entry does exist, SVED is likely able to implement a representation of the attack. However, for certain type of attacks a CVE-entry is not enough to determine how an attack was carried out, which is why some attacks are harder to implement in SVED. This was the case for Denial of Service (DoS) attacks, which are too reliant on infrastructure rather than one or more vulnerabilities, and SQL injections, which are more reliant on the implementation of database access. Finally, CRATE is able to handle almost all attacks implemented in SVED, given that the correct vulnerable application software is installed on at least one machine in one of the organizations in CRATE.
50
Puttaroo, Mohammad Ally Rehaz. "A behavioural study in runtime analysis environments and drive-by download attacks." Thesis, University of West London, 2017. https://repository.uwl.ac.uk/id/eprint/4751/.
Full textAbstract:
In the information age, the growth in availability of both technology and exploit kits have continuously contributed in a large volume of websites being compromised or set up with malicious intent. The issue of drive-by-download attacks formulate a high percentage (77%) of the known attacks against client systems. These attacks originate from malicious web-servers or compromised web-servers and attack client systems by pushing malware upon interaction. Within the detection and intelligence gathering area of research, high-interaction honeypot approaches have been a longstanding and well-established technology. These are however not without challenges: analysing the entirety of the world wide web using these approaches is unviable due to time and resource intensiveness. Furthermore, the volume of data that is generated as a result of a run-time analysis of the interaction between website and an analysis environment is huge, varied and not well understood. The volume of malicious servers in addition to the large datasets created as a result of run-time analysis are contributing factors in the difficulty of analysing and verifying actual malicious behaviour. The work in this thesis attempts to overcome the difficulties in the analysis process of log files to optimise malicious and anomaly behaviour detection. The main contribution of this work is focused on reducing the volume of data generated from run-time analysis to reduce the impact of noise within behavioural log file datasets. This thesis proposes an alternate approach that uses an expert lead approach to filtering benign behaviour from potentially malicious and unknown behaviour. Expert lead filtering is designed in a risk-averse method that takes into account known benign and expected behaviours before filtering the log file. Moreover, the approach relies upon behavioural investigation as well as potential for 5 system compromisation before filtering out behaviour within dynamic analysis log files. Consequently, this results in a significantly lower volume of data that can be analysed in greater detail. The proposed filtering approach has been implemented and tested in real-world context using a prudent experimental framework. An average of 96.96% reduction in log file size has been achieved which is transferable to behaviour analysis environments. The other contributions of this work include the understanding of observable operating system interactions. Within the study of behaviour analysis environments, it was concluded that run-time analysis environments are sensitive to application and operating system versions. Understanding key changes in operating systems behaviours within Windows is an unexplored area of research yet Windows is currently one of the most popular client operating system. As part of understanding system behaviours for the creation of behavioural filters, this study undertakes a number of experiments to identify the key behaviour differences between operating systems. The results show that there are significant changes in core processes and interactions which can be taken into account in the development of filters for updated systems. Finally, from the analysis of 110,000 potentially malicious websites, typical attacks are explored. These attacks actively exploited the honeypot and offer knowledge on a section of the active web-based attacks faced in the world wide web. Trends and attack vectors are identified and evaluated.