Academic literature on the topic 'Vulnerability detection system'

Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically.

The increasing need to safeguard patient data in Internet of Medical Things (IoMT) devices highlights the critical importance of reducing vulnerabilities within these systems. The widespread adoption of IoMT has transformed healthcare by enabling continuous remote patient monitoring (RPM), which enhances patient outcomes and optimizes healthcare delivery. However, the integration of IoMT devices into healthcare systems presents significant security challenges, particularly in protecting sensitive patient data and ensuring the reliability of medical devices. The diversity of data formats used by various vendors in RPM complicates data aggregation and fusion, thereby hindering overall cybersecurity efforts. This thesis proposes a novel semantic framework for vulnerability detection in RPM settings within the IoMT system. The framework addresses interoperability, heterogeneity, and integration challenges through meaningful data aggregation. The core of this framework is a domain ontology that captures the semantics of concepts and properties related to the primary security aspects of IoT medical devices. This ontology is supported by a comprehensive ruleset and complex queries over aggregated knowledge. Additionally, the implementation integrates medical device data with the National Vulnerability Database (NVD) via an API, enabling real-time detection of vulnerabilities and improving the security of RPM systems. By capturing the semantics of medical devices and network components, the proposed semantic model facilitates partial automation in detecting network anomalies and vulnerabilities. A logic-based ruleset enhances the system’s robustness and efficiency, while its reasoning capabilities enable the identification of potential vulnerabilities and anomalies in IoMT systems, thereby improving security measures in remote monitoring settings. The semantic framework also supports knowledge graph visualization and efficient querying through SPARQL. The knowledge graph provides a structured representation of interconnected data and stores Cyber Threat Intelligence (CTI) to enhance data integration, visualization, and semantic enrichment. The query mechanism enables healthcare providers to extract valuable insights from IoMT data, notifying them about new system vulnerabilities or vulnerable medical devices. This demonstrates the impact of vulnerabilities on cybersecurity requirements (Confidentiality, Integrity, and Availability) and facilitates countermeasures based on severity. Consequently, the framework promotes timely decision-making, enhancing the overall efficiency and effectiveness of IoMT systems. The semantic framework is validated through various use cases and existing frameworks, demonstrating its effectiveness and robustness in vulnerability detection within the domain of IoMT security.

Роботу виконано на кафедрі ком’пютерно-інтегрованих технологій Тернопільського національного технічного університету імені Івана Пулюя Міністерства освіти і науки України Захист відбудеться 21 грудня 2021 р. о 09 .00 годині на засіданні екзаменаційної комісії № 24 у Тернопільському національному технічному університеті імені Івана Пулюя за адресою: 46001, м. Тернопіль, вул.Руська, 56, навчальний корпус №1, ауд. 403<br>Кваліфікаційна робота складається з пояснювальної записки та графічної частини (ілюстративний матеріал – слайди). Об’єм графічної частини кваліфікаційної роботи становить 10 слайдів. Об’єм пояснювальної записки складає 64 друкованих сторінок формату А4 (210×297), об’єм додатків – 14 друкованих сторінок формату А4. Кваліфікаційна робота складається з шести розділів, в яких нараховується 10 рисунків та 3 таблиці з даними. В роботі використано 20 літературних джерел. У кваліфікаційній роботі вирішується задача розробки та впровадження розподіленої служби, призначеної для накопичення та аналізування використання ресурсів обчислювальних вузлів, їх активних процесів, виконання розподілених прикладних програм, з метою виявлення відхилень у їх роботі та інформування користувача про нештатні ситуації. Основні вимоги, які висуваються до цієї служби полягають у здійсненні кластерного моніторингу та аналізу використання ресурсів.Qualification work consists of an explanatory note and a graphic part (illustrative material - slides). The graphic part of the qualifying work is 10 slides. The volume of the explanatory note is 64 printed A4 pages (210 × 297), the volume of appendices is 10 printed A4 pages. The qualification work consists of six sections, in which there are 15 figures and 3 tables with data. 20 literary sources were used in the work. Qualification work solves the problem of developing and implementing a distributed service designed to accumulate and analyze the use of resources of computer nodes, their active processes, the implementation of distributed applications, to identify deviations in their work and inform the user about abnormal situations. The main requirements for this service are cluster monitoring and analysis of resource use.<br>ПЕРЕЛІК УМОВНИХ ПОЗНАЧЕНЬ, ОДИНИЦЬ, СИМВОЛІВ, СКОРОЧЕНЬ І ТЕРМІНІВ 6 ВСТУП 7 1 АНАЛІЗ АРХІТЕКТУРИ РОЗПОДІЛЕНИХ СИСТЕМ І АРХІТЕКТУРНИХ СТИЛІВ 9 1.1 Розподілена система 9 1.2 Архітектури розподілених систем 9 1.3 Архітектурні стилі 10 1.3.1 Багатошарова архітектура 10 1.3.2 Архітектура на основі об'єктів 10 1.3.3 Архітектура, орієнтована на дані 11 1.3.4 Архітектура на основі подій 11 1.4 Вимоги до розподілених систем 12 1.5 Проміжне середовище розподілених систем 14 2 АНАЛІЗ ЗАГРОЗ ІНФОРМАЦІЙНІЙ БЕЗПЕЦІ В РОЗПОДІЛЕНИХ СИСТЕМАХ 16 2.1 Технології розвитку вразливостей і загроз 16 2.2 Модель загроз у розподілених мережах 17 2.3 Вразливість до шахрайства 18 2.4 Проблеми дослідження вразливості 19 2.5 Несанкціонований доступ у розподілених мережах. Механізми його реалізації 21 3 ДОСЛІДЖЕННЯ МЕХАНІЗМІВ ЗМЕНШЕННЯ ВРАЗЛИВОСТІ ТА ЗАГРОЗ 27 3.2 Фізична безпека в розподіленій системі 28 3.3 Безпека мережі та політика аутентифікації 29 3.4 Розробка механізмів захисту 30 3.4.1. Фокус керування 31 3.4.2. Багаторівнева організація механізмів захисту 31 3.4.3. Розподіл механізмів захисту 32 3.5 Захищені канали 33 3.6 Контроль доступу 34 4 НАУКОВО-ДОСЛІДНА ЧАСТИНА 35 4.1 Дослідження існуючих способів побудови 35 4.2 Кластерний моніторинг 37 4.2.1 Загальна характеристика моніторингу кластерів 37 4.2.2 Способи автоматизування виявлення несправностей 40 4.2.3 Альтернативні структури моніторингу 40 5 СПЕЦІАЛЬНА ЧАСТИНА 42 5.1 Архітектура і дизайн розробленої системи 42 5.1.1 Принцип роботи колектора 42 5.1.2 Опис роботи механізму аналізу 44 5.2 Реалізація системи 46 5.2.1 Запобігання помилок при роботі з колектором 47 5.2.2 Передача даних для аналізу та зберігання 48 5.3 Експерементальна частина 48 5.3.1 Опис експериментальної установки 48 5.3.2 Використання пам’яті колектора 49 5.3.3 Хід аналізу 49 5.3.5 Експеременти з виявленням вразливостей 50 5.4 Отримані результати 51 5.4.1 Вимірювання колектора 51 5.4.2 Результати продуктивності аналізу 51 5.4.3 Аналіз даних 54 5.4.4 Результати виявлення відхилень 55 6 ОХОРОНА ПРАЦІ ТА БЕЗПЕКА В НАДЗВИЧАЙНИХ СИТУАЦІЯХ 56 6.1 Безпека виконання робіт 56 6.2 Значення автоматизації виробничих процесів в питаннях охорони праці 56 6.3 Долікарська допомога при пораненнях 57 ВИСНОВКИ 60 СПИСОК ВИКОРИСТАНИХ ДЖЕРЕЛ 61 ДОДАТКИ

Chemical and petrochemical plants are susceptible to malicious acts due to the attractiveness brought by the substances handled, the possibility to thieve secret information, and their strategic importance. Thus, a number of qualitative and semi-quantitative methodologies have been developed for the assessment of vulnerabilities of such sites. Similarly, offshore facilities, that are central in the production of hydrocarbons, were subjected to physical and cyber security events as is outlined in relevant past accident analysis. However, there are just few methodologies tailored for the identification of vulnerabilities in that specific environment. The current study is aimed at closing such gap by building a proper technique for modeling attacks towards offshore sites. The method has been developed just for physical attacks and has been drafted with reference to the ASD model, for rendering the adversary pattern, and to the single path computer model (EASI), for the estimation of the PPS effectiveness. The methodology is intended as a tool for supporting standard SVA/SRA procedures, with particular reference to the API RP 780, therefore its purpose is to provide a systematic approach to the analysis. It has been applied to a case study, represented by an offshore production platform, to point out the results obtained and to outline the link with the API SRA methodology.

The future grid is different from the current system, and requires more interactions between electrical network and data communication network from the end users to generators. The electrical network acts as a power supply for communication nodes, and in turn, the communication network transmits the control messages for the electrical components. Because of this interdependency, any problems exist in either of these networks may threaten the stability of the whole system. We focus on analysing the vulnerability of the interacted power network and communication network from perspectives of topologies and system operation. An interdiction model is proposed considering the security and operation of both power and communication networks to recognise the crucial set of power components. We solve the interdiction problem using a decomposition method with the consideration of the interdependency between power and communication components. We propose a practical smart grid model as two mutually dependent complex networks with improved interlinks allocation strategy. Moreover, we study the problem of intentional attacks targeting to interdependent networks generated with known degree distribution or distribution of interlinks. In both models, each node's degree is correlated with the number of its links that connect to the other network. Detecting the community structure of a power network can effectively improve the availability of the control actions, which can enhance power system's resilience. This work proposes a method to group the power components into overlapping communities based on the linear sensitivity of the electrical network and complex network theory. This work provides a guidance for the design of the distributed power control system and the power system operation planning.

Les outils de prévention des vulnérabilités et de détection des anomalies sont essentiels pour la sécurité des réseaux informatiques. Cette thèse se concentre sur l'utilisation des données du MITRE ATT&amp;CK, des scores CVSS et de la norme ISO 27002:2022 pour automatiser et consolider l'analyse des vulnérabilités et la détection des anomalies. Les objectifs principaux sont : - Diagnostic de vulnérabilité : Identifier les sous-réseaux les plus vulnérables en combinant les données du MITRE ATT&amp;CK, des scores CVSS et de la norme ISO 27002:2022. Pour cela, une base de données appelée Data ISO-MA a été créée. Un algorithme évalue la vulnérabilité des chemins dans le réseau, identifiant ceux les plus à risque. - Détection d’anomalies : Analyser les flux de trafic pour détecter des comportements inhabituels dans les chemins vulnérables. Une approche inspirée du modèle Path-scan de Joshua Neil et al. (2013) a été utilisée. Chaque connexion réseau est modélisée avec un modèle de Markov à 3 états et la statistique du rapport de vraisemblance généralisé (GLRT), permettant de capturer et d'identifier les comportements anormaux.Ces deux outils visent à renforcer la sécurité des réseaux informatiques en fournissant une solution intégrée pour la prévention des vulnérabilités et la détection des anomalies<br>Tools for vulnerability prevention and anomaly detection are essential for the security of computer networks. This thesis focuses on using MITRE ATT&amp;CK data, CVSS scores, and the ISO 27002:2022 standard to automate and consolidate vulnerability analysis and anomaly detection.The main objectives are: -Vulnerability Diagnosis: Identify the most vulnerable sub-networks by combining MITRE ATT&amp;CK data, CVSS scores, and the ISO 27002:2022 standard. To achieve this, a database called Data ISO-MA was created. An algorithm evaluates the vulnerability of network paths, identifying those most at risk. - Anomaly Detection: Analyze traffic flows to detect unusual behaviors in vulnerable paths. An approach inspired by the Path-scan model introduced by Joshua Neil et al. (2013) was used. Each network connection is modeled with a 3-state Markov model and the Generalized Likelihood Ratio Test (GLRT), allowing for the capture and identification of abnormal behaviors.These two tools aim to enhance the security of computer networks by providing an integrated solution for vulnerability prevention and anomaly detection

Avec le développement croissant d'Internet, les applications Web sont devenues de plus en plus vulnérables et exposées à des attaques malveillantes pouvant porter atteinte à des propriétés essentielles telles que la confidentialité, l'intégrité ou la disponibilité des systèmes d'information. Pour faire face à ces malveillances, il est nécessaire de développer des mécanismes de protection et de test (pare feu, système de détection d'intrusion, scanner Web, etc.) qui soient efficaces. La question qui se pose est comment évaluer l'efficacité de tels mécanismes et quels moyens peut-on mettre en oeuvre pour analyser leur capacité à détecter correctement des attaques contre les applications web. Dans cette thèse nous proposons une nouvelle méthode, basée sur des techniques de clustering de pages Web, qui permet d'identifier les vulnérabilités à partir de l'analyse selon une approche boîte noire de l'application cible. Chaque vulnérabilité identifiée est réellement exploitée ce qui permet de s'assurer que la vulnérabilité identifiée ne correspond pas à un faux positif. L'approche proposée permet également de mettre en évidence différents scénarios d'attaque potentiels incluant l'exploitation de plusieurs vulnérabilités successives en tenant compte explicitement des dépendances entre les vulnérabilités. Nous nous sommes intéressés plus particulièrement aux vulnérabilités de type injection de code, par exemple les injections SQL. Cette méthode s'est concrétisée par la mise en oeuvre d'un nouveau scanner de vulnérabilités et a été validée expérimentalement sur plusieurs exemples d'applications vulnérables. Nous avons aussi développé une plateforme expérimentale intégrant le nouveau scanner de vulnérabilités, qui est destinée à évaluer l'efficacité de systèmes de détection d'intrusions pour des applicationsWeb dans un contexte qui soit représentatif des menaces auxquelles ces applications seront confrontées en opération. Cette plateforme intègre plusieurs outils qui ont été conçus pour automatiser le plus possible les campagnes d'évaluation. Cette plateforme a été utilisée en particulier pour évaluer deux techniques de détection d'intrusions développées par nos partenaires dans le cadre d'un projet de coopération financé par l'ANR, le projet DALI.

Thesis (MSc)--Stellenbosch University, 2014.<br>ENGLISH ABSTRACT: Coastal erosion is a worldwide hazard of which the consequences can only be mitigated via thorough and efficient monitoring of erosion and vulnerability to erosion. This study aimed to establish the accuracy, efficacy and efficiency of various remote sensing techniques for the detection and monitoring of coastal erosion and vulnerability occurring in False Bay, South Africa. There is a need to monitor the erosion in this area as well as to determine the most effective techniques for monitoring the erosion in False Bay and other similar environments in the future. This study provides an assessment of the usefulness of different data sources and techniques for change detection in the coastal environment. The data sources used were Landsat TM/ETM+ imagery and aerial photographs. Image differencing, tasselled cap transformations, vegetation index differencing, Boolean change detection, and post-classification change detection were all performed on the Landsat imagery. The aerial photographs were assessed using the Digital Shoreline Analysis System (DSAS) add-on for ArcGIS which determines statistical differences in the shoreline position as digitised in vector format. The results showed that while the resolution of the Landsat imagery was not sufficient to analyse erosion along the beach itself, the larger area covered by the satellite images enabled vulnerability indicators to be seen. Notably, the post-classification change detection indicated consistent increases in built-up areas, while sand dune, beach, and sand (not beach) all decreased. NDVI differencing showed consistent decreases in NDVI indicating decreasing plant health and density. The results of image differencing with both band 4 and the brightness band led to conclusions that vegetation health was decreasing while reflective surfaces such as bare sand and roads were increasing. All of these indicate an increased vulnerability to coastal erosion. The Boolean change detection method was found not to be useful in this case. Aerial photographs were studied on four focus areas: Bayview Heights, Macassar Beach, Strand, and Pringle Bay. The results showed erosion at all four areas, with Strand experiencing only erosion (no accretion) at an average of 53 cm erosion per year. Erosion at Macassar Beach and Pringle Bay was also severe, with Bayview Heights being the least severe and showing a combination of erosion and accretion. The higher resolution available on the aerial photographs was vital to view changes on the beach itself. In future studies requiring assessment of changes in the position or condition of the beach itself, aerial photographs or high resolution satellite data should be used. Studies of vulnerability extending over the entire coastal zone may make use of Landsat TM images. Post-classification change detection provides powerful change direction information and can indicate the percentage of area change from one class to another. However, image differencing and vegetation index differencing are much faster to perform and can provide information about general trends in the changes occurring. Therefore post-classification change detection might be used in areas of high and rapid change while image differencing and vegetation index differencing can be useful to cover vast areas where little change is expected.<br>AFRIKAANSE OPSOMMING: Kus-erosie is ‘n wêreldwye gevaar waarvan die gevolge slegs deur deeglike en doeltreffende monitering van erosie en kwesbaarheid vir erosie verminder kan word. Hierdie studie poog om die akkuraatheid, doeltreffendheid en effektiwiteit van verskillende afstandswaarneming tegnieke vas te stel vir die opsporing en monitering van kus-erosie en kwesbaarheid in Valsbaai, Suid Afrika. Daar is ‘n behoefte aan die monitering van erosie in hierdie area, sowel as om die mees doeltreffende tegnieke van die monitering hiervan in Valsbaai en ander soortgelyke omgewings in die toekoms te bepaal. Hierdie studie bied ‘n evaluering van die nut van verskillende data-bronne en tegnieke vir die opsporing van verandering in ‘n kusomgewing. Die data-bronne wat gebruik is, is Landsat TM/ETM+ beelde asook lugfoto’s. Beeld differensievorming, “tasselled cap” transformasies, plantegroei indeks differensievorming, Boolse verandering en post-klassifikasie verandering is toegepas op die Landsat beelde. Die lugfotos is ge-evalueer deur die Digitale Kuslyn Analise Stelsel (Digital Shoreline Analysis System – DSAS). DSAS is ‘n bykomstige sagteware vir ArcGIS wat statistiese verskille in gedigitaliseerde kuslyn posisie bepaal. Die resultate toon dat terwyl die resolusie van die Landsat beelde nie voldoende was om strand-erosie self te analiseer, die groter area wat deur die satellietbeelde gedek word toegelaat het om kwesbaarheid aanwysers te ontleed. Spesifiek die post-klassifikasie verandering het aangedui dat konsekwente toenames in beboude areas voorkom, terwyl afnames in sandduine, strand en sand-areas voorgekom het. NDVI differensievorming het konsekwente afnames in NDVI getoon, wat dui op afnames in die gesondheid en digtheid van plantegroei. Die resultate van die beeld differensievorming met beide Landsat Band 4 en die helderheid-band het gelei tot die gevolgtrekking dat die gesondheid van plantegroei afgeneem het, terwyl reflektiewe oppervlaktes soos oop sand en paaie aan die toeneem is. Al hierdie resultate dui op die verhoogde kwesbaarheid vir kus erosie. Die Boolse verandering metode is bevind om nie van nut te wees in hierdie geval nie. Lugfoto’s van vier fokus-areas is bestudeer: Bayview Heights, Macassar Strand, Strand en Pringlebaai. Resultate van die DSAS analise het gevind dat oorwegend erosie by al vier areas plaasvind, met Strand die enigste area wat slegs erosie (geen aanwas) ervaar teen ‘n gemiddelde koers van 0.53 m per jaar. Erosie by Macassar Strand en Pringlebaai was ook ernstig, terwyl Bayview Heights die minste erosie ervaar het, met ‘n kombinasie van erosie en aanwas. Die hoër resolusie beskikbaar deur die lugfoto’s was noodsaaklik om veranderinge in strand areas waar te neem. In toekomstige studies wat die assessering van verandering in die posisie of toestand van strande noodsaak behoort lugfotos of hoë-resolusie satellietbeeld data gebruik te word. Studies oor die kwesbaarheid van ‘n hele kusstreek kan wel gebruik maak van Landsat data. Post-klassifikasie verandering bied kragtige informasie oor die rigting van verandering en kan die persentasie van verandering van een klas na ‘n ander aandui. Beeld en NDVI differensievorming is egter veel vinniger om uit te voer en kan informasie rakende die algemene tendense in verandering lewer. Post-klassifikasie verandering kan dus gebruik word in gebiede van vinnige en beduidende verandering plaasvind, terwyl beeld en NDVI differensievorming nuttig kan wees om groot areas te dek waar min verandering verwag word.

5G telecommunication systems must be ultra-reliable to meet the needs of the next evolution in communication. The systems deployed must be thoroughly tested and must conform to their standards. Software and network protocols are commonly tested with techniques like fuzzing, penetration testing, code review, conformance testing. With fuzzing, testers can send crafted inputs to monitor the System Under Test (SUT) for a response. 3GPP, the standardization body for the telecom system, produces new versions of specifications as part of continuously evolving features and enhancements. This leads to many versions of specifications for a network protocol like Radio Resource Control (RRC), and testers need to constantly update the testing tools and the testing environment. In this work, it is shown that by using the generic nature of RRC specifications, which are given in Abstract Syntax Notation One (ASN.1) description language, one can design a testing tool to adapt to all versions of 3GPP specifications. This thesis work introduces an ASN.1 based adaptive fuzzer that can be used for testing RRC and other network protocols based on ASN.1 description language. The fuzzer extracts knowledge about ongoing RRC messages using protocol description files of RRC, i.e., RRC ASN.1 schema from 3GPP, and uses the knowledge to fuzz RRC messages. The adaptive fuzzer identifies individual fields, sub-messages, and custom data types according to specifications when mutating the content of existing messages. Furthermore, the adaptive fuzzer has identified a previously unidentified vulnerability in Evolved Packet Core (EPC) of srsLTE and openLTE, two open-source LTE implementations, confirming the applicability to robustness testing of RRC and other network protocols.<br>5G-telekommunikationssystem måste vara extremt tillförlitliga för att möta behoven för den kommande utvecklingen inom kommunikation. Systemen som används måste testas noggrant och måste överensstämma med deras standarder. Programvara och nätverksprotokoll testas ofta med tekniker som fuzzing, penetrationstest, kodgranskning, testning av överensstämmelse. Med fuzzing kan testare skicka utformade input för att övervaka System Under Test (SUT) för ett svar. 3GPP, standardiseringsorganet för telekomsystemet, producerar ofta nya versioner av specifikationer för att möta kraven och bristerna från tidigare utgåvor. Detta leder till många versioner av specifikationer för ett nätverksprotokoll som Radio Resource Control (RRC) och testare behöver ständigt uppdatera testverktygen och testmiljön. I detta arbete visar vi att genom att använda den generiska karaktären av RRC-specifikationer, som ges i beskrivningsspråket Abstract Syntax Notation One (ASN.1), kan man designa ett testverktyg för att anpassa sig till alla versioner av 3GPP-specifikationer. Detta uppsatsarbete introducerar en ASN.1-baserad adaptiv fuzzer som kan användas för att testa RRC och andra nätverksprotokoll baserat på ASN.1- beskrivningsspråk. Fuzzer extraherar kunskap om pågående RRC meddelanden med användning av protokollbeskrivningsfiler för RRC, dvs RRC ASN.1 schema från 3GPP, och använder kunskapen för att fuzz RRC meddelanden. Den adaptiva fuzzer identifierar enskilda fält, delmeddelanden och anpassade datatyper enligt specifikationer när innehållet i befintliga meddelanden muteras. Dessutom har den adaptiva fuzzer identifierat en tidigare oidentifierad sårbarhet i Evolved Packet Core (EPC) för srsLTE och openLTE, två opensource LTE-implementeringar, vilket bekräftar tillämpligheten för robusthetsprovning av RRC och andra nätverksprotokoll.