Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Computer attack.

Дисертації з теми "Computer attack"

Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями

Оберіть тип джерела:

Ознайомтеся з топ-50 дисертацій для дослідження на тему "Computer attack".

Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.

Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.

Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.

1

Mowery, Keaton. "Beneath the Attack Surface." Thesis, University of California, San Diego, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=3712726.

Повний текст джерела
Анотація:

Computer systems are often analyzed as purely virtual artifacts, a collection of software operating on a Platonic ideal of a computer. When software is executed, it runs on actual hardware: an increasingly complex web of analog physical components and processes, cleverly strung together to present an illusion of pure computation. When an abstract software system is combined with individual hardware instances to form functioning systems, the overall behavior varies subtly with the hardware. These minor variations can change the security and privacy guarantees of the entire system, in both beneficial and harmful ways. We examine several such security effects in this dissertation.

First, we look at the fingerprinting capability of JavaScript and HTML5: when invoking existing features of modern browsers, such as JavaScript execution and 3-D graphics, how are the results affected by underlying hardware, and how distinctive is the resulting fingerprint?

Second, we discuss AES side channel timing attacks, a technique to extract information from AES encryption running on hardware. We present several reasons why we were unable to reproduce this attack against modern hardware and a modern browser.

Third, we examine positive uses of hardware variance: namely, seeding Linux's pseudorandom number generator at kernel initialization time with true entropy gathered during early boot. We examine the utility of these techniques on a variety of embedded devices, and give estimates for the amount of entropy each can generate.

Lastly, we evaluate a cyberphysical system: one which combines physical processes and analog sensors with software control and interpretation. Specifically, we examine the Rapiscan Secure~1000 backscatter X-ray full-body scanner, a device for looking under a scan subject's clothing, discovering any contraband secreted about their person. We present a full security analysis of this system, including its hardware, software, and underlying physics, and show how an adaptive, motivated adversary can completely subvert the scan to smuggle contraband, such as knives, firearms, and plastic explosives, past a Secure~1000 checkpoint. These attacks are entirely based upon understanding the physical processes and sensors which underlie this cyberphysical system, and involve adjusting the contraband's location and shape until it simply disappears.

Стилі APA, Harvard, Vancouver, ISO та ін.
2

Hersén, Nicklas. "Measuring Coverage of Attack Simulations on MAL Attack Graphs." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-292640.

Повний текст джерела
Анотація:
With the transition from traditional media and the increasing number of digital devices, the threats against digital infrastructure is greater than ever before. New and stricter security requirements are placed on digital platform in order to protect sensitive information against external cyber threats. Threat modeling is a process which involves identifying threats and weakness of a system with the purpose of eliminating vulnerabilities before they are exploited. The Meta Attack Language is a probabilistic threat modeling language which allows security researchers to instantiate specific attack scenarios through the use of attack simulations. Currently there is no support for gathering coverage data from these simulations other than manually checking the compromised state of all objects present in a simulation. The purpose of this work is to develop a coverage extension in order to simplify the threat modeling process. The coverage extension is able to produce coverage estimates from attack simulations executed on specific Meta Attack Language threat models. These metrics are adaptations of existing code- and model coverage metrics commonly used for software- and model testing. There are limitations in what type of data can be effectively presented (such as for exponentially growing data sets) due to the simplicity of the models.
Övergången från traditionella medier till digitala plattformar har lett till en ökad hotbild mot digital infrastruktur. Vikten av att designa säkra plattformar och enheter för att skydda känslig information har lett till framkomsten av nya strängare säkerhetskrav. Hotmodellering är en process med syfte att förebygga att svagheter i ett system utnyttjas av externa parter genom att identifiera brister i systemet. Meta Attack Language är ett hotmodelleringsspråk med stöd för simulering av specifika attack scenarion genom attacksimuleringar. I nuläget finns inget stöd för insamling av täckningsdata från dessa simuleringar. Syftet med detta arbete är att utveckla en tilläggstjänst för insamling av täckningsdata i syfte att underlätta hotmodelleringsprocessen. Den utvecklade tillägstjänsten kan ge en uppskattning av hur väl en modell täcks av en mängd simuleringar. Täckningsvärderna som används av tilläggstjänsten är anpassningar av befintliga mätvärden som används inom uppskattning av källkods- och modelltäckning. Nuvarande implementation har ett flertal begränsningar gällande presentationen av viss typ av data, till exempel exponentiellt växande mätvärden. Detta beror på att modellerna inte är anpassade för denna typ av testning.
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Fang, Pengcheng. "REPTRACKER:TOWARDS AUTOMATIC ATTACK INVESTIGATION." Case Western Reserve University School of Graduate Studies / OhioLINK, 2019. http://rave.ohiolink.edu/etdc/view?acc_num=case1550696995596089.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Tajdini, M. "Developing an advanced IPv6 evasion attack detection framework." Thesis, Liverpool John Moores University, 2018. http://researchonline.ljmu.ac.uk/9864/.

Повний текст джерела
Анотація:
Internet Protocol Version 6 (IPv6) is the most recent generation of Internet protocol. The transition from the current Internet Version 4 (IPv4) to IPv6 raised new issues and the most crucial issue is security vulnerabilities. Most vulnerabilities are common between IPv4 and IPv6, e.g. Evasion attack, Distributed Denial of Service (DDOS) and Fragmentation attack. According to the IPv6 RFC (Request for Comment) recommendations, there are potential attacks against various Operating Systems. Discrepancies between the behaviour of several Operating Systems can lead to Intrusion Detection System (IDS) evasion, Firewall evasion, Operating System fingerprint, Network Mapping, DoS/DDoS attack and Remote code execution attack. We investigated some of the security issues on IPv6 by reviewing existing solutions and methods and performed tests on two open source Network Intrusion Detection Systems (NIDSs) which are Snort and Suricata against some of IPv6 evasions and attack methods. The results show that both NIDSs are unable to detect most of the methods that are used to evade detection. This thesis presents a detection framework specifically developed for IPv6 network to detect evasion, insertion and DoS attacks when using IPv6 Extension Headers and Fragmentation. We implemented the proposed theoretical solution into a proposed framework for evaluation tests. To develop the framework, "dpkt" module is employed to capture and decode the packet. During the development phase, a bug on the module used to parse/decode packets has been found and a patch provided for the module to decode the IPv6 packet correctly. The standard unpack function included in the "ip6" section of the "dpkt" package follows extension headers which means following its parsing, one has no access to all the extension headers in their original order. By defining, a new field called all_extension_headers and adding each header to it before it is moved along allows us to have access to all the extension headers while keeping the original parse speed of the framework virtually untouched. The extra memory footprint from this is also negligible as it will be a linear fraction of the size of the whole set of packet. By decoding the packet, extracting data from packet and evaluating the data with user-defined value, the proposed framework is able to detect IPv6 Evasion, Insertion and DoS attacks. The proposed framework consists of four layers. The first layer captures the network traffic and passes it to second layer for packet decoding which is the most important part of the detection process. It is because, if NIDS could not decode and extract the packet content, it would not be able to pass correct information into the Detection Engine process for detection. Once the packet has been decoded by the decoding process, the decoded packet will be sent to the third layer which is the brain of the proposed solution to make a decision by evaluating the information with the defined value to see whether the packet is threatened or not. This layer is called the Detection Engine. Once the packet(s) has been examined by detection processes, the result will be sent to output layer. If the packet matches with a type or signature that system admin chose, it raises an alarm and automatically logs all details of the packet and saves it for system admin for further investigation. We evaluated the proposed framework and its subsequent process via numerous experiments. The results of these conclude that the proposed framework, called NOPO framework, is able to offer better detection in terms of accuracy, with a more accurate packet decoding process, and reduced resources usage compared to both exciting NIDs.
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Van, Heerden Renier Pelser. "A formalised ontology for network attack classification." Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011603.

Повний текст джерела
Анотація:
One of the most popular attack vectors against computers are their network connections. Attacks on computers through their networks are commonplace and have various levels of complexity. This research formally describes network-based computer attacks in the form of a story, formally and within an ontology. The ontology categorises network attacks where attack scenarios are the focal class. This class consists of: Denial-of- Service, Industrial Espionage, Web Defacement, Unauthorised Data Access, Financial Theft, Industrial Sabotage, Cyber-Warfare, Resource Theft, System Compromise, and Runaway Malware. This ontology was developed by building a taxonomy and a temporal network attack model. Network attack instances (also know as individuals) are classified according to their respective attack scenarios, with the use of an automated reasoner within the ontology. The automated reasoner deductions are verified formally; and via the automated reasoner, a relaxed set of scenarios is determined, which is relevant in a near real-time environment. A prototype system (called Aeneas) was developed to classify network-based attacks. Aeneas integrates the sensors into a detection system that can classify network attacks in a near real-time environment. To verify the ontology and the prototype Aeneas, a virtual test bed was developed in which network-based attacks were generated to verify the detection system. Aeneas was able to detect incoming attacks and classify them according to their scenario. The novel part of this research is the attack scenarios that are described in the form of a story, as well as formally and in an ontology. The ontology is used in a novel way to determine to which class attack instances belong and how the network attack ontology is affected in a near real-time environment.
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Cullum, James J. "Performance analysis of automated attack graph generation software." Thesis, Monterey, Calif. : Naval Postgraduate School, 2006. http://bosun.nps.edu/uhtbin/hyperion.exe/06Dec%5FCullum.pdf.

Повний текст джерела
Анотація:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, December 2006.
Thesis Advisor(s): Cynthia Irvine, Timothy Levin. "December 2006." Includes bibliographical references (p. 137- 138). Also available in print.
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Harris, Rae. "Spectre: Attack and Defense." Scholarship @ Claremont, 2019. https://scholarship.claremont.edu/scripps_theses/1384.

Повний текст джерела
Анотація:
Modern processors use architecture like caches, branch predictors, and speculative execution in order to maximize computation throughput. For instance, recently accessed memory can be stored in a cache so that subsequent accesses take less time. Unfortunately microarchitecture-based side channel attacks can utilize this cache property to enable unauthorized memory accesses. The Spectre attack is a recent example of this attack. The Spectre attack is particularly dangerous because the vulnerabilities that it exploits are found in microprocessors used in billions of current systems. It involves the attacker inducing a victim’s process to speculatively execute code with a malicious input and store the recently accessed memory into the cache. This paper describes the previous microarchitecture side channel attacks. It then describes the three variants of the Spectre attack. It describes and evaluates proposed defenses against Spectre.
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Almohri, Hussain. "Security risk prioritization for logical attack graphs." Thesis, Manhattan, Kan. : Kansas State University, 2008. http://hdl.handle.net/2097/1114.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Jafarian, Jafar Haadi. "Cyber Agility for Attack Deterrence and Deception." Thesis, The University of North Carolina at Charlotte, 2017. http://pqdtopen.proquest.com/#viewpdf?dispub=10686943.

Повний текст джерела
Анотація:

In recent years, we have witnessed a rise in quantity and sophistication of cyber attacks. Meanwhile, traditional defense techniques have not been adequate in addressing this status quo. This is because the focus has remained mostly on either identifying and patching exploits, or detecting and filtering them. These techniques are only effective when intrusions are known or detectable. However, unknown (zero-day) vulnerabilities are constantly being discovered, and known vulnerabilities are not often patched promptly. Even worse, while defenders need to patch all vulnerabilities and intrusions paths against unknown malicious entities, the attackers only need to discover only one successful intrusion path in a system that is known and static. These asymmetric advantages have constantly kept attackers one step ahead of defenders.

To reverse this asymmetry in cyber warfare, we aim to propose new proactive defense paradigms that can deter or deceive cyber attackers without relying on intrusion detection and prevention and by offering cyber agility as a system property. Cyber agility allows for system configuration to be changed dynamically without jeopardizing operational and mission requirements of the system. In this thesis, we introduce two novel cyber agility techniques based on two paradigms of cyber deterrence and cyber deception. Cyber deterrence techniques aim to deter cyber threats by changing system configurations randomly and frequently. In contrast, cyber deception techniques aim to deflect attacks to fake targets by misrepresenting system configurations strategically and adaptively.

In the first part of this dissertation, we propose a multi-strategy, multi-parameter and multi-dimensional host identity mutation technique for deterring reconnaissance attacks. This deterrence is achieved by mutating IP addresses and anonymizing fingerprints of network hosts both proactively and adaptively. Through simulation and analytical investigation, we show that our approach significantly increases the attack cost for coordinated scanning worms, advanced network reconnaissance techniques, and multi-stage APT attacks.

In the second part, we propose a formal framework to construct active cyber deception plans that are goal-oriented and dynamic. Our framework introduces a deception logic that models consistencies and conflicts among various deception strategies (e.g., lies) and quantifies the benefit and cost of potential deception plans.

In the third part, we demonstrate and evaluate our deception planning framework by constructing an effective deception plan against multi-stage attacks. Through our experimentation, we show that the generated deception plans are effective and economical, and outperform existing or random deception plans.

Стилі APA, Harvard, Vancouver, ISO та ін.
10

Ong, Hoang. "Semantic attack on transaction data anonymised by set-based generalisation." Thesis, Cardiff University, 2015. http://orca.cf.ac.uk/74553/.

Повний текст джерела
Анотація:
Publishing data that contains information about individuals may lead to privacy breaches. However, data publishing is useful to support research and analysis. Therefore, privacy protection in data publishing becomes important and has received much recent attention. To improve privacy protection, many researchers have investigated how secure the published data is by designing de-anonymisation methods to attack anonymised data. Most of the de-anonymisation methods consider anonymised data in a syntactic manner. That is, items in a dataset are considered to be contextless or even meaningless literals, and they have not considered the semantics of these data items. In this thesis, we investigate how secure the anonymised data is under attacks that use semantic information. More specifically, we propose a de-anonymisation method to attack transaction data anonymised by set-based generalisation. Set-based generalisation protects data by replacing one item by a set of items, so that the identity of an individual can be hidden. Our goal is to identify those items that are added to a transaction during generalisation. Our attacking method has two components: scoring and elimination. Scoring measures semantic relationship between items in a transaction, and elimination removes items that are deemed not to be in the original transaction. Our experiments on both real and synthetic data show that set-based generalisation may not provide adequate protection for transaction data, and about 70% of the items added to the transactions during generalisation can be detected by our method with a precision greater than 85%.
Стилі APA, Harvard, Vancouver, ISO та ін.
11

Das, Kumar J. (Kumar Jay) 1978. "Attack development for intrusion detector evaluation." Thesis, Massachusetts Institute of Technology, 2000. http://hdl.handle.net/1721.1/9080.

Повний текст джерела
Анотація:
Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2000.
Includes bibliographical references (p. 96-97).
An important goal of the 1999 DARPA Intrusion Detection Evaluation was to promote the development of intrusion detection systems that can detect new attacks. This thesis describes UNIX attacks developed for the 1999 DARPA Evaluation. Some attacks were new in 1999 and others were stealthy versions of 1998 User-to-Root attacks designed to evade network-based intrusion detection systems. In addition, new and old attacks were fragmented at the packet level to evade network-based intrusion detection systems. Results demonstrated that new and stealthy attacks were not detected well. New attacks that were never seen before were not detected by any network-based systems. Stealthy attacks, modified to be difficult to detect by network intrusion detection systems, were detected less accurately than clear versions. The best network-based system detected 42% of clear attacks and only 11% of stealthy attacks at 10 false alarms per day. A few attacks and background sessions modified with packet modifications eluded network intrusion detection systems causing them to generate false negatives and false positives due to improper TCP/IP reassembly.
by Kumar J. Das.
S.B.and M.Eng.
Стилі APA, Harvard, Vancouver, ISO та ін.
12

Salla, Vamsi. "Error and attack tolerance of complex real networks." Morgantown, W. Va. : [West Virginia University Libraries], 2005. https://eidr.wvu.edu/etd/documentdata.eTD?documentid=4311.

Повний текст джерела
Анотація:
Thesis (M.S.)--West Virginia University, 2005.
Title from document title page. Document formatted into pages; contains x, 80 p. : ill. (some col.). Includes abstract. Includes bibliographical references (p. 70-72).
Стилі APA, Harvard, Vancouver, ISO та ін.
13

Rathee, Nupur. "Attack Detection in Recommender Systems using Clustering Techniques." University of Cincinnati / OhioLINK, 2008. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1211475789.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
14

Staples, Zachary H. Michael Robert J. "Redefining attack : taking the offensive against networks /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Mar%5FStaples.pdf.

Повний текст джерела
Анотація:
Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, March 2003. Thesis (M.S. in Computer Science and M.S. in Modeling, Virtual Environments and Simulation)--Naval Postgraduate School, March 2003.
Thesis advisor(s): Dan Moran, John Hiles, Rudy Darken. Includes bibliographical references (p. 134-138). Also available online.
Стилі APA, Harvard, Vancouver, ISO та ін.
15

Arikan, Erinc. "Attack profiling for DDoS benchmarks." Access to citation, abstract and download form provided by ProQuest Information and Learning Company; downloadable PDF file Mb., 96 p, 2006. http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&res_dat=xri:pqdiss&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&rft_dat=xri:pqdiss:1435821.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
16

Skog, Andersen Jonas, and Ammar Alderhally. "Denial-of-service attack : A realistic implementation of a DoS attack." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-120690.

Повний текст джерела
Анотація:
This report describes some of the most well known denial of service attacks (DoS-attacks). This will be done in the first part of the report, the second part describes an implementation of a DoS-attack. The main purpose of its first part is to closer examine common DoS-attacks, the purpose of such attacks, the protection methods that can be deployed to mitigate these attacks and the ways that are used to measure these attacks. The second part describes a implementation of a practical attack implemented using HTTP POST requests to overwhelm a web server, so called HTTP POST attack. The attack was carried out using different number of attack nodes, up to the default maximum limit for Apache web server. The attack succeeded after several attempts with different parameters. As a result of the experiments we learnt that a successful HTTP POST attack needs to take between 15% and 100% of the maximum permitted clients to make an impact on the server’s response time. The server that was attacked had no defence mechanism to protect itself against DoS-attacks. One important thing to note is that this attack is carried out in a protected environment so as not to affect the external environment.
Стилі APA, Harvard, Vancouver, ISO та ін.
17

Laurens, Vicky. "DDoSniffer: An attack detection tool detecting TCP-based distributed denial of service attack traffic at the agent machines." Thesis, University of Ottawa (Canada), 2006. http://hdl.handle.net/10393/27384.

Повний текст джерела
Анотація:
Distributed Denial of Service (DDoS) attacks are an important and challenging security threat. Despite of the availability of several defence mechanisms and ongoing academic research in the field, attackers handle to build a large network of agent machines. This research developed a tool, DDoSniffer, to tackle the DDoS attack by detecting ongoing attack traffic at the agent machines. Due to the diversity in DDoS attack strategies, it is not realistic to deal with all type of attacks with one single solution. DDoSniffer focuses on TCP-based attacks. Different scenarios were tested to evaluate the performance of DDoSniffer when detecting what we classified as connection attacks and bandwidth attacks. The former attacks generate connections with four packets or fewer. The latter attacks create connections with traffic ratios larger than usual. Detection is the minimum requirement of all defence mechanisms, and DDoSniffer is capable of detecting a broad range of attacks within seconds.
Стилі APA, Harvard, Vancouver, ISO та ін.
18

Yieh, Pierson. "Vehicle Pseudonym Association Attack Model." DigitalCommons@CalPoly, 2018. https://digitalcommons.calpoly.edu/theses/1840.

Повний текст джерела
Анотація:
With recent advances in technology, Vehicular Ad-hoc Networks (VANETs) have grown in application. One of these areas of application is Vehicle Safety Communication (VSC) technology. VSC technology allows for vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications that enhance vehicle safety and driving experience. However, these newly developing technologies bring with them a concern for the vehicular privacy of drivers. Vehicles already employ the use of pseudonyms, unique identifiers used with signal messages for a limited period of time, to prevent long term tracking. But can attackers still attack vehicular privacy even when vehicles employ a pseudonym change strategy? The major contribution of this paper is a new attack model that uses long-distance pseudonym changing and short-distance non-changing protocols to associate vehicles with their respective pseudonyms.
Стилі APA, Harvard, Vancouver, ISO та ін.
19

Almgren, Love, and Åström Johan Holm. "Probabilistic modelling and attack simulations on AWS Connected Vehicle Solution : An Application of the Meta Attack Language." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-259298.

Повний текст джерела
Анотація:
This work is focused on investigating if the Meta Attack Language (MAL) can be used to create an integrating layer between two different applications of the MAL, and thus being able to model a new domain. In this case vehicleLang and awsLang were choosen as candidate applications of the MAL. While the domain chosen was to model the AWS Connected Vehicle Solution Infrastructure. This domain therefore modelled a service that is quickly becoming popular among car manufacturers. The two languages were successfully compiled into one language using the MAL, and also able to model a leak within AWS that could potentially lead to greater exposure of the infrastructure as a whole. On the other hand some limitations in the MAL compiler has lead to suggestions of how to improve it for better support of integration of different MAL applications.
Denna rapport är fokuserad på att undersöka om Meta Attack Language (MAL) kan användas till att skapa ett integrerande lager mellan två olika tillämpningar av MAL, och därmed modellera en ny domän. VehicleLang och awsLang valdes som tillämpningar av MAL. Domänen som valdes att modellera var AWS Connected Vehicle Solution Infrastructure, vilket är en service som blir allt mer populär bland biltillverkare. De två språken kompilerades ihop till ett med hjälp av MAL, och det användes till att modellera en läcka inom AWS som potentiellt kunde leda till en större exponering av infrastrukturen. Samtidigt har några begränsningar i MAL kompilatorn lett till några förbättringsförslag för bättre integrationssupport av olika MAL applikationer.
Стилі APA, Harvard, Vancouver, ISO та ін.
20

Shittu, Riyanat O. "Mining intrusion detection alert logs to minimise false positives & gain attack insight." Thesis, City University London, 2016. http://openaccess.city.ac.uk/14592/.

Повний текст джерела
Анотація:
Utilising Intrusion Detection System (IDS) logs in security event analysis is crucial in the process of assessing, measuring and understanding the security state of a computer network, often defined by its current exposure and resilience to network attacks. Thus, the study of understanding network attacks through event analysis is a fast growing emerging area. In comparison to its first appearance a decade ago, the complexities involved in achieving effective security event analysis have significantly increased. With such increased complexities, advances in security event analytical techniques are required in order to maintain timely mitigation and prediction of network attacks. This thesis focusses on improving the quality of analysing network event logs, particularly intrusion detection logs by exploring alternative analytical methods which overcome some of the complexities involved in security event analysis. This thesis provides four key contributions. Firstly, we explore how the quality of intrusion alert logs can be improved by eliminating the large volume of false positive alerts contained in intrusion detection logs. We investigate probabilistic alert correlation, an alternative to traditional rule based correlation approaches. We hypothesise that probabilistic alert correlation aids in discovering and learning the evolving dependencies between alerts, further revealing attack structures and information which can be vital in eliminating false positives. Our findings showed that the results support our defined hypothesis, aligning consistently with existing literature. In addition, evaluating the model using recent attack datasets (in comparison to outdated datasets used in many research studies) allowed the discovery of a new set of issues relevant to modern security event log analysis which have only been introduced and addressed in few research studies. Secondly, we propose a set of novel prioritisation metrics for the filtering of false positive intrusion alerts using knowledge gained during alert correlation. A combination of heuristic, temporal and anomaly detection measures are used to define metrics which capture characteristics identifiable in common attacks including denial-of-service attacks and worm propagations. The most relevant of the novel metrics, Outmet is based on the well known Local Outlier Factor algorithm. Our findings showed that with a slight trade-off of sensitivity (i.e. true positives performance), outmet reduces false positives significantly. In comparison to prior state-of-the-art, our findings show that it performs more efficiently given a variation of attack scenarios. Thirdly, we extend a well known real-time clustering algorithm, CluStream in order to support the categorisation of attack patterns represented as graph like structures. Our motive behind attack pattern categorisation is to provide automated methods for capturing consistent behavioural patterns across a given class of attacks. To our knowledge, this is a novel approach to intrusion alert analysis. The extension of CluStream resulted is a novel light weight real-time clustering algorithm for graph structures. Our findings are new and complement existing literature. We discovered that in certain case studies, repetitive attack behaviour could be mined. Such a discovery could facilitate the prediction of future attacks. Finally, we acknowledge that due to the intelligence and stealth involved in modern network attacks, automated analytical approaches alone may not suffice in making sense of intrusion detection logs. Thus, we explore visualisation and interactive methods for effective visual analysis which if combined with the automated approaches proposed, would improve the overall results of the analysis. The result of this is a visual analytic framework, integrated and tested in a commercial Cyber Security Event Analysis Software System distributed by British Telecom.
Стилі APA, Harvard, Vancouver, ISO та ін.
21

Aasberg, Freddy. "HypervisorLang : Attack Simulations of the OpenStack Nova Compute Node." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-294139.

Повний текст джерела
Анотація:
Cloud services are growing in popularity and the global public cloud services are forecasted to increase by 17% in 2020[1]. The popularity of cloud services is due to the improved resource allocation for providers and simplicity of use for the customer. Due to the increasing popularity of cloud services and its increased use by companies, the security assessment of the services is strategically becoming more critical. Assessing the security of a cloud system can be problematic because of its complexity since the systems are composed of many different technologies. One way of simplifying the security assessment is attack simulations, covering cyberattacks of the investigated system. This thesis will make use of Meta Attack language (MAL) to create the Domain- Specific Language (DLS) HypervisorLang that models the virtualisation layer in an OpenStack Nova setup. The result of this thesis is a proposed DSL HypervisorLang which uses attack simulation to model hostile usage of the service and defences to evade those. The hostile usage covers attacks such as a denial of services, buffer overflows and out-of-bound-read and are sourced via known vulnerabilities. To implement the main components of the Nova module into HypervisorLang, literature studies where performed and included components in Nova together with threat modelling. Evaluating the correctness of HypervisorLang was performed by implementing test cases to display the different attack steps included in the model. However, the results also show that some limitations of the evaluations have been found and are proposed for further research.
Molntjänster växer i popularitet och de publika molntjänsterna förväntas öka med 17% år 2020[1]. Populariteten beror bland annat på en förbättrad resursanvändning hos leverantörer och enkelheten för kunden att införskaffa resurser. På grund av molntjänsternas ökande popularitet och deras ökade användning hos företag blir säkerhetsanalyser av tjänsterna mer kritisk. Att bedöma en molntjänsts säkerhet kan vara problematiskt på grund av dess komplexitet. Detta eftersom systemen oftast består av många olika tekniker. Ett sätt att förenkla säkerhetsanalysen är attacksimuleringar som täcker cyberattacker mot den undersökta tjänsten. Detta examensarbete kommer att använda Meta Attack Language (MAL) för att skapa ett domänspecifikt språk som modellerar virtualiseringslagret i en OpenStack Nova-installation. Resultatet av examensarbetet är HypervisorLang som använder attacksimuleringar för att modellera attacker mot tjänsten samt säkerhetslösningar för att undvika dem. Några av attackerna som täcks av modellen är ’denial-of-service’ (DOS), Out-of-bound-read, buffer overflow och är hämtade via kända sårbarheter. Utvecklingen av språket genomfördes med hjälp av litteraturstudier av komponenterna i Nova tillsammans med studier kring hotmodellering gällande de komponenter som ingår i modellen. Utvärderingen av HypervisorLang utfördes genom att implementera testfall för att bekräfta att de olika attackstegen som ingår i modellen fungerar som tänkt. Resultaten visar också att vissa begränsningar av utvärderingarna har hittats och föreslås för framtida forskning.
Стилі APA, Harvard, Vancouver, ISO та ін.
22

Michael, Robert J., and Zachary H. Staples. "Redefining attack: taking the offensive against networks." Thesis, Monterey, California. Naval Postgraduate School, 2003. http://hdl.handle.net/10945/1063.

Повний текст джерела
Анотація:
Approved for public release; distribution is unlimited
This thesis done in cooperation with the MOVES Institute
The Information Age empowers individuals, and affords small groups an opportunity to attack states' interests with an increasing variety of tactics and great anonymity. Current strategies to prevail against these emerging threats are inherently defensive, relying on potential adversaries to commit mistakes and engage in detectable behavior. While defensive strategies are a critical component of a complete solution set, they cede initiative to the adversary. Moreover, reactive measures are not suited to quickly suppress adversary networks through force. To address this shortfall in strategic planning, the science of networks is rapidly making clear that natural systems built over time with preferential attachment form scale-free networks. These networks are naturally resilient to failure and random attack, but carry inherent vulnerabilities in their highly connected hubs. Taking the offensive against networks is therefore an exercise in discovering and attacking such hubs. To find these hub vulnerabilities in network adversaries, this thesis proposes a strategy called Stimulus Based Discovery, which leads to rapid network mapping and then systematically improves the accuracy and validity of this map while simultaneously degrading an adversary's network cohesion. Additionally, this thesis provides a model for experimenting with Stimulus Based Discovery in a Multi-Agent System.
Lieutenant, United States Navy
Стилі APA, Harvard, Vancouver, ISO та ін.
23

Selliah, Sentil. "Mobile agent based attack resistant architecture for distributed intrusion detection system." Morgantown, W. Va. : [West Virginia University Libraries], 2001. http://etd.wvu.edu/templates/showETD.cfm?recnum=2060.

Повний текст джерела
Анотація:
Thesis (M.S.)--West Virginia University, 2001.
Title from document title page. Document formatted into pages; contains vii, 61 p. : ill. Includes abstract. Includes bibliographical references (p. 50-52).
Стилі APA, Harvard, Vancouver, ISO та ін.
24

Borowczak, Mike. "Side channel attack resistance| Migrating towards high level methods." Thesis, University of Cincinnati, 2013. http://pqdtopen.proquest.com/#viewpdf?dispub=3601397.

Повний текст джерела
Анотація:

Our world is moving towards ubiquitous networked computing with unstoppable momentum. With technology available at our every finger tip, we expect to connect quickly, cheaply, and securely on the sleekest devices. While the past four decades of design automation research has focused on making integrated circuits smaller, cheaper and quicker the past decade has drawn more attention towards security. Though security within the scope of computing is a large domain, the focus of this work is on the elimination of computationally based power byproducts from high-level device models down to physical designs and implementations The scope of this dissertation is within the analysis, attack and protection of power based side channels. Research in the field concentrates on determining, masking and/or eliminating the sources of data dependent information leakage within designs. While a significant amount of research is allocated to reducing this leakage at low levels of abstraction, significantly less research effort has gone into higher levels of abstraction. This dissertation focuses on both ends of the design spectrum while motivating the future need for hierarchical side channel resistance metrics for hardware designs. Current low level solutions focus on creating perfectly balanced standard cells through various straight-forward logic styles. Each of these existing logic styles, while enhancing side channel resistance by reducing the channels' variance, come at significant design expense in terms of area footprint, power consumption, delay and even logic style structure. The first portion of this proposal introduces a universal cell based on a dual multiplexer, implemented using a pass-transistor logic which approaches and exceeds some standard cell cost benchmarks. The proposed cell and circuit level methods shows significant improvements in security metrics over existing cells and approaches standard CMOS cell and circuit performance by reducing area, power consumption and delay. While most low level works stop at the cell level, this work also investigates the impact of environmental factors on security. On the other end of the design spectrum, existing secure architecture and algorithm research attempts to mask side channels through random noise, variable timing, instruction reordering and other similar methods. These methods attempt to obfuscate the primary source of information with side channels. Unfortunately, in most cases, the techniques are still susceptible to attack - of those with promise, most are algorithm specific. This dissertation approaches high-level security by eliminating the relationship between high level side channel models and the side channels themselves. This work discusses two different solutions targeting architecture level protection. The first, deals with the protection of Finite State Machines, while the seconds deals with protection of a class of cryptographic algorithms using Feedback Shift Registers. This dissertation includes methods for reducing the power overhead of any FSM circuit (secured or not). The solutions proposed herein render potential side channel models moot by eliminating or reducing the model's data dependent variability. Designers unwilling to compromise on a doubling of area can include some sub-optimal security to their devices.

Стилі APA, Harvard, Vancouver, ISO та ін.
25

Miller, Rachel A. S. M. (Rachel Ann) Massachusetts Institute of Technology. "New cryptographic protocols With side-channel attack security." Thesis, Massachusetts Institute of Technology, 2012. http://hdl.handle.net/1721.1/75684.

Повний текст джерела
Анотація:
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.
"June 2012." Cataloged from PDF version of thesis.
Includes bibliographical references (p. 76-80).
Cryptographic protocols implemented in real world devices are subject to tampering attacks, where adversaries can modify hardware or memory. This thesis studies the security of many different primitives in the Related-Key Attack (RKA) model, where the adversary can modify a secret key. We show how to leverage the RKA security of blockciphers to provide RKA security for a suite of high-level primitives. This motivates a more general theoretical question, namely, when is it possible to transfer RKA security from a primitive P1 to a primitive P2? We provide both positive and negative answers. What emerges is a broad and high level picture of the way achievability of RKA security varies across primitives, showing, in particular, that some primitives resist "more" RKAs than others. A technical challenge was to achieve RKA security without assuming the class of allowed tampering functions is "claw-free"; this mathematical assumption fails to describe how tampering occurs in practice, but was made for all prior constructions in the RKA model. To solve this challenge, we present a new construction of psuedorandom generators that are not only RKA secure but satisfy a new notion of identity-collision-resistance.
by Rachel A. Miller.
S.M.
Стилі APA, Harvard, Vancouver, ISO та ін.
26

Furman, Joshua R. (Joshua Ronni) 1977. "Attack notification and adaptation in ad hoc networks." Thesis, Massachusetts Institute of Technology, 2002. http://hdl.handle.net/1721.1/87423.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
27

Mulligan, Jennifer Joyce 1978. "Detection and recovery from the obvious engineer attack." Thesis, Massachusetts Institute of Technology, 2002. http://hdl.handle.net/1721.1/87344.

Повний текст джерела
Анотація:
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2002.
Includes bibliographical references (leaves 65-66).
by Jennifer Joyce Mulligan.
S.M.
Стилі APA, Harvard, Vancouver, ISO та ін.
28

Sikiligiri, Amjad Basha M. "Buffer Overflow Attack and Prevention for Embedded Systems." University of Cincinnati / OhioLINK, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1311775318.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
29

Alenskog, Berg Christoffer, and Niklas Tomsic. "Defining the type specification for an IoT attack database." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280094.

Повний текст джерела
Анотація:
The Internet of things (IoT) as an emerging technology provides great opportunities to simplify every day life with devices such as smart fridges and automatic robot vacuum cleaners. However, there lies a challenge in keeping these new devices secure and away from hackers. This report aims to define a database specification for a database to store information about attacks against IoT devices. The intended purpose of the database specification is to help ethical hackers in storing the information about their attack attempts so that future research can make use of previous attacks. By looking at previous penetration tests and by talking to experienced people in the field we have defined a specification that can aid future researchers with their penetration tests given that a database is populated with relevant research according to the specification. The actual effectiveness of the database remains to be proven since an implementation of the database has not been sufficiently populated yet.
Sakernas internet, eller the Internet of things (IoT) på engelska, erbjuder stora möjligheter att förenkla det vardagliga livet med nya vitvaror och enheter som smarta kylskåp och automatiska robotdammsugare. Det uppstår dock en utmaning att hålla dessa enheter säkra och utom räckhåll för hackare. Rapportens syfte är att definiera en databasspecifikation för en databas vars ändamål är att lagra information om attackförsök mot IoT-enheter. Målet med databasspecifikationen är sedan att hjälpa etiska hackare att lagra information om deras attackförsök så att framtida forskning kan använda sig av tidigare attacker. Genom att undersöka rapporter om penetrationstestning och rådfråga erfarna individer inom ämnet har vi definierat en specifikation som kan hjälpa framtida forskare med sina penetrationstest givet att en databas kan fyllas med relevant information utefter specifikationen. Den faktiska effektiviteten av en sådan databas återstår att testas då en tillräckligt populerad databas inte existerar än.
Стилі APA, Harvard, Vancouver, ISO та ін.
30

Rosander, Sara. "StackLang : Automatic Attack Simulations Against the OpenStack Cloud Environment." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-287027.

Повний текст джерела
Анотація:
Cloud computing is a fast-emerging technology. It is an attractive system for companies and has been embraced by many due to its benefits of economy, reliability, scalability, and guaranteed quality of service. Due to the increasing use of cloud platforms, it is important to be able to ensure its security. One way of assessing security in a cloud platform is to use threat modeling and attack graphs. But to assess the security in a cloud platform with the help of threat modeling could be challenging. This due to big and complex IT-system which are hard to overlook and to gather relevant information about. One way to simplify this task is by simulating cyber attacks with the help of a domain-specific language. The need to find weaknesses of the system is passed over to the language itself and the attack simulations. In this thesis, the Meta Attack Language has been used to create a domain-specific probabilistic modeling language, StackLang, used to simulate attacks against OpenStack environments. The result of the simulations will show the most probable attack scenario one attacker could make, and which assets of the system that are most probable to be compromised. The aim of the thesis was to investigate which attacks that were possible to simulate through StackLang. To investigate this, two literature studies were conducted to first understand the components of OpenStack and secondly to discover the attacks. The results show that it is possible to simulate some of the most common attacks against cloud platforms, such as DoS-attacks and account hijacking. In terms of the completeness and correctness of the language, it is shown that further work needs to be done to extend StackLang to improve these aspects but that there still exists potentiality for the language in the future.
Molnplattformar är en snabbt växande teknik. Det är ett attraktivt system för företag och är något som har omfamnats av många på grund av dess fördelar med ekonomi, tillförlitlighet, skalbarhet och garanterad kvalitet av service. På grund av den ökande användningen av molnplattformar är det viktigt att kunna säkerställa dess säkerhet. Ett sätt att utvärdera säkerheten i en molnplattform är att använda hotmodellering och attackgrafer. Men att använda sig av detta kan vara en utmanande process på grund av de stora och komplexa IT-system som används av företag idag. De är svåra att överblicka och samla rätt relevant information ifrån. Processen kommer därför fort att bli alldeles för stor och komplex. Ett sätt att förenkla denna uppgift är genom att simulera cyberattacker. Genom att använda attacksimuleringar gör det hotmodelleringen till en enklare process eftersom behovet att hitta svagheter i systemet överförs till det domänspecifika språket och attacksimuleringarna. I denna avhandling kommer Meta Attack Language att användas för att skapa ett domänspecifikt probabilistiskt modelleringsspråk, StackLang, som används för att simulera attacker mot OpenStack-miljöer. Resultatet av simuleringarna visar det mest sannolika attackscenariot som en angripare kan göra, och vilka tillgångar i systemet som är mest troliga att komprometteras av angriparen. Syftet med avhandlingen var att undersöka vilka attacker som var möjliga att simulera genom StackLang. För att undersöka detta genomfördes två litteraturstudier för att först förstå komponenterna i OpenStack och sedan för att upptäcka de relevanta attackerna. Resultaten visar att det är möjligt att simulera några av de vanligaste attackerna mot molnplattformar, till exempel DoS-attacker och kapning av konton. När det gäller språkets fullständighet och korrekthet visas det att ytterligare arbete måste göras för att utöka StackLang och för att förbättra dessa aspekter, men att det finns utvecklingsmöjligheter.
Стилі APA, Harvard, Vancouver, ISO та ін.
31

Costantini, Kevin C. "Development of a cyber attack simulator for network modeling and cyber security analysis /." Online version of thesis, 2007. http://hdl.handle.net/1850/5440.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
32

Pandey, Amit Kumar. "Securing Web Applications From Application-Level Attack." Kent State University / OhioLINK, 2007. http://rave.ohiolink.edu/etdc/view?acc_num=kent1181098075.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
33

Andersson, Karl, and Marcus Odlander. "Detecting a Distributed Denial-of-Service Attack Using Speed Test Data: A Case Study on an Attack with Nationwide Impact." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-120611.

Повний текст джерела
Анотація:
This thesis presents a case study that investigates a large Distributed Denial of Service (DDoS) attack and how it affected speed tests observed by the crowd-based speed test application Bredbandskollen.  Furthermore, the thesis also investigates the possibility of using crowd-based speed tests as a method to detect a DDoS attack. This method has very low overhead which makes it an interesting complement to other methods. This thesis also shows that there was a significant deviation in the number of measurements during the DDoS attack considered in the case study compared to the year average. Furthermore, the measurements of the peak day of the attack had a higher average download speed than the year average. Whereas the higher download speed observation at first may appear non-intuitive, we briefly discuss potential explanations and how such positive anomalies could potentially be used to detect attacks. Detecting DDoS attacks early can lead to earlier recognition of network problems which can aid Internet Service Providers (ISPs) in maintaining the availability of their networks.
Стилі APA, Harvard, Vancouver, ISO та ін.
34

Mohammadnia, Hamzeh. "IoT-NETZ: Spoong Attack Mitigation in IoT Network." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-260250.

Повний текст джерела
Анотація:
The phenomenal growth of the Internet of Things (IoT) and popularity of the mobile stations have rapidly increased the demand of WLAN network (known as IEEE 802.11 and WiFi). WLAN is a low-cost alternative of the cellular network and being an unlicensed spectrum to build the master plan of embedding the Internet in everything -&-anywhere. At the same time, monitoring the number of IoT and WiFi-enabled devices across residential and enterprises is not trivial. Therefore, future WiFi network architecture requires an agile management paradigm to provide internal support and security for WiFi networks.The operation of IoT and mobile device applications relies on scalability and high-performance computing of clouds. Cloud computing has completely centralized the current data center networking architecture and it provides computation-intensive, high-speed network, and realtime responses to the requests of IoT. The IoT-to-cloud communication is the essence of network security concerns and it is in grievous need of constant security improvement along the inter-networking. Based on the number of researches and analysis on generated traffic by IoT, it has been observed there are the significant number of massive spoofing-oriented attacks targeting cloud services are launched from compromised IoT.On the basis of reviewing prior researches on mostly-conducted network attacks by IoT, there is a challenging and common characteristic which has been frequently utilized in the numerous massive Internet attacks, known as spoofing. This work will survey the existing proposed solutions which have been deployed to protect both traditional and softwarized network paradigms. Then, it proposes the approach of this work that enables IoT-hosting networks protected by employing Software-defined Wireless Networking (SDWN) within the proposed model to mitigate spoofing -oriented network attacks. In addition, the proposed solution provides the environmental sustainability feature by saving power consumption in networking devices during network operation. The practical improvement in the proposed model is measured and evaluated within the emulated environment of Mininet-WiFi.
Den fenomenala tillväxten av IoT och populariteten hos mobilstationerna har snabbt ökat efterfrågan på WLAN-nätverk (känd som IEEE 802.11 och WiFi). WLAN är ett billigt alternativ för mobilnätet och är ett olicensierat spektrum för att bygga huvudplanen för att bädda in Internet i allt-och-var som helst. Samtidigt är det inte trivialt att övervaka antalet IoT och WiFi-aktiverade enheter över bostäder och företag. Därför kräver framtida WiFi nätverksarkitektur ett smidigt hantering paradigm för att tillhandahålla internt stöd och säkerhet för WiFi-nätverk.Användningen av IoT och mobilanvändningsapplikationer är beroende av skalbarhet och högpresterande beräkningar av moln. Cloud computing har helt centraliserat den nuvarande datacenters nätverksarkitektur och det ger beräkningsintensiva, höghastighetsnätverk och realtidssvar påbegäran från IoT. IoT-till-moln kommunikationen är kärnan i nätverkssäkerhetshänsyn och de har ett allvarligt behov av ständig förbättring och säkerhetshärdning inom deras internätverk. Baserat på antalet undersökningar och analyser av genererad trafik av IoT har det observerats. Det finns det betydande antalet massiva spoofing-orienterade attacker som riktar sig mot molntjänster, lanseras från komprometterad IoT.På grundval av att granska tidigare undersökningar om IoTs mest genomförda nätverksattacker finns det en utmanande och gemensam egenskap som ofta utnyttjats i de många massiva internetattackerna. Detta arbete kommer att undersöka de befintliga lösningarna som har implementerats för att skydda både traditionella och mjukvariga nätverksparadigmer. Därefter föreslår det tillvägagångssättet för detta arbete som möjliggör IoT-värdnät skyddade genom att använda SDWN inom den föreslagna modellen för att mildra poofing-orienterade nätverksattacker. Dessutom erbjuder den föreslagna lösningen miljöhållbarhet genom att spara strömförbrukning i nätverksenheter under nätverksdrift. Den praktiska förbättringen av den föreslagna modellen mäts och utvärderas inom den omgivande miljön av Mininet-WiFi.
Стилі APA, Harvard, Vancouver, ISO та ін.
35

Caldera, Carlos M. Eng Massachusetts Institute of Technology. "Towards an automated attack tree generator for the IoT." Thesis, Massachusetts Institute of Technology, 2017. http://hdl.handle.net/1721.1/119512.

Повний текст джерела
Анотація:
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2017.
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 73-77).
The growing frequency and scale of cyber security attacks is daunting. Notable areas of concern are the Internet of Things (IoT) and Operational Technology (OT) systems; the IoT is becoming intimately integrated into our lives, and the physical repercussions of attacks on OT systems can be devastating. Risk analysis tools can prove to be very helpful towards defining counter measures that can either prevent or dampen the effect of these seemingly inevitable cyber security attacks. One such tool, attack trees, provide a formal way of describing the varying attacks that could be mounted against a system. Though they are limited because their development is time intensive, work has been done on automating this process with attack tree generators. In this thesis, we provide suggested design modifications to be made on existing attack tree generators to work on IoT and OT systems.
by Carlos Caldera.
M. Eng.
Стилі APA, Harvard, Vancouver, ISO та ін.
36

Rudolph, Spencer Alan. "Cold Boot Attack and Countermeasures on Systems with Non-Volatile Caches." The Ohio State University, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=osu1480657418085196.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
37

Yek, Suen. "The development of an attack vector using applied levels of deceptive strategy for directing attack in a honeynet." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2007. https://ro.ecu.edu.au/theses/275.

Повний текст джерела
Анотація:
Deception has long been part of an effective strategy for the guileful and determined predator. Deceptive lessons learned from the animal kingdom have since been passed over to the realm of network security. Home users and organisations alike may adopt deceptive strategies as a proactive and preventative measure for monitoring and securing wired and wireless networks. Honeypots and honeynets are digital entities that are able to emulate the behaviours and functionality of genuine computerised systems. A honeypot's ability to deceive network attack tools may alIow defenders to tailor network countermeasures according to predicted attack vectors. In this research, an exploratory study of honeynet architecture and deployment was undertaken to create a virtual network to deceive network attacks and direct an attack vector through a predetennined deception.
Стилі APA, Harvard, Vancouver, ISO та ін.
38

Stouten, Floris. "Big data analytics attack detection for Critical Information Infrastructure Protection." Thesis, Luleå tekniska universitet, Datavetenskap, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-59562.

Повний текст джерела
Анотація:
Attacks on critical information infrastructure are increasing in volume and sophistication with destructive consequences according to the 2015 Cyber Supply Chain Security Revisited report from ESG recently (ESG, 2015). In a world of connectivity and data dependency, cyber-crime is on the rise causing many disruptions in our way of living. Our society relies on these critical information infrastructures for our social and economic well-being, and become more complex due to many integrated systems. Over the past years, various research contributions have been made to provide intrusion detection solutions to address these complex attack problems. Even though various research attempts have been made, shortcomings still exists in these solutions to provide attack detection. False positives and false negatives outcomes for attack detection are still known shortcomings that must be addressed. This study contributes research, by finding a solution for the found shortcomings by designing an IT artifact framework based on the Design Science Research Methodology (DSRM). The framework consist of big data analytics technology that provides attack detection. Research outcomes for this study shows a possible solution to the shortcomings by the designed IT artifact framework with use of big data analytics technology. The framework built on open source technology can provide attack detection, and possibly provide a solution to improve the false positives and false negatives for attack detection outcomes. Three main modules have been designed and demonstrated, whereby a hybrid approach for detection is used to address the shortcomings. Therefore, this research can benefit Critical Information Infrastructure Protection (CIIP) in Sweden to detect attacks and can possibly be utilized in various network infrastructures.
Стилі APA, Harvard, Vancouver, ISO та ін.
39

Strandberg, Emil. "Inloggning : Lösenordskryptering och Brute force attack." Thesis, Mittuniversitetet, Avdelningen för data- och systemvetenskap, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-25178.

Повний текст джерела
Анотація:
This report is the result of a sub-project of a larger project to create a platform formathematical education. The sub-project focuses on authentication with associ-ated security, where security is emphasized. The project environment is Java EE 6where GlassFish 4.0 acts as the server. The project has been divided into threeparts; password encryption, Java EE authentication and brute force attack. Thepassword encryption part focuses on examining different hash functions executionspeed, the result shows that none of the examined hash algorithms is suitable fordirect use. Instead its recommended to use PBKDF2 with salt to encrypt pass-words. The Java EE section constructs a working application where users can reg-ister and login etc. This is performed as a study of the security tools available inJava EE. The result meets the requirement specification and a section on Java EEsecurity tools is presented. The brute force attack section is a theoretical study ofwhat can be done to protect against a brute force attack. The result shows thatCAPTCHAs is not recommended by OWASP and a system using cookies and aform of userblocking is purposed. The various parts are separated as far as possi-ble through the report with the exception that the result of the password encryp-tion section is applied in the Java EE application.
Denna rapport är resultatet av en deluppgift i ett större projekt att skapa en platt-form för undervisning av matematik. Uppgiften fokuserar på inloggning med till-hörande säkerhet. Projektets miljö är Java EE 6 med Glassfish 4.0 som server.Projektet har delats upp i tre underkategorier; Lösenordskryptering, Java EE in-loggning och Brute force attacks. Lösenordskrypterings delen fokuserar på att un-dersöka olika hashfunktioners exekveringshastighet, resultatet visar att ingen avde algoritmer som undersöks lämpar sig att användas direkt. Istället rekommende-ras system som PBKDF2 med SALT för att kryptera lösenord. Java EE avsnittetkonstruerar en fungerande applikation där användare kan registrera sig och loggain med mera. Arbetet utförs som en studie av vilka säkerhetsverktyg som finnstillgängliga i Java EE. Resultatet uppfyller kravspecifikationen och ett avsnitt omJava EEs verktyg presenteras. Brute force attack-avsnittet är en teoretisk studieav vad som kan göras för att skydda sig mot Brute force attacker. Resultatet visaratt robotfilter inte är rekommenderat av OWASP och ett förslag på ett system somanvänder kakor och en form av användarblockering presenteras. De olika delarnaär separerade så långt som möjligt genom rapporten med undantaget att resultatetav lösenordskrypterings avsnittet tillämpas i Java EE applikationen.
Стилі APA, Harvard, Vancouver, ISO та ін.
40

Borg, Isak. "Speculative Interference: A Modern Spectre Attack." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-450199.

Повний текст джерела
Анотація:
Since the Spectre family of attacks were made public knowledge in January of 2018, researchers, manufacturers and interested individuals have experimented a lot with creating defences against it. But there have also been a lot of research aimed at circumventing these defences and finding alternative side-channels and mechanisms for performing Spectre-type attacks. This thesis implements and demonstrates a proof of concept of one of these newfound attacks known as a Speculative interference attack. This is done in a simulated environment, which to our knowledge has not been done before at the time of writing this report. After the 'basic' version of a Spectre attack has been explained, the thesis will explain how the more advanced interference attack works and how it is implemented in the simulated environment. In the end the results gained with the attack will be presented, which should convince the reader of the relevance and possibilities of the attack.
Efter att säkerhetsattackerna kända som Spectre offentliggjordes i Januari 2018 har bådeforskare, utvecklare och intresserade individer experimenterat med att ta fram försvar mot dem. Det har också spenderats mycket resurser och tid på att finna sätt att kringgå dessa försvar och att hitta alternativa sido-kanaler och mekanismer som kan utnyttjas för att genomföra en Spectre-attack. Den här uppsatsen demonstrerar en fungerande implementation av en av dessa nyfunna attacker, känd som en ’Speculative interference attack’. Detta görs i en simulerad miljö, vilken enligt vår kännedom inte tidigare har gjorts vid genomförandet av detta arbete. Efter att en mer grundläggande version av en Spectre-attack har förklarats kommer uppsatsen att gå igenom hur den mer avancerade ’interference’ attacken fungerar och hur den är implementerad. I slutändan kommer de resultat attacken tagit fram att redogöras, vilket bör övertyga läsaren om attackens relevans och möjligheter.
Стилі APA, Harvard, Vancouver, ISO та ін.
41

Näslund, Oskar. "Lightweight and Machine Learning Attack Resistant Physical Unclonable Functions." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-264214.

Повний текст джерела
Анотація:
More and more embedded devices such as smart home appliances are being connected to the Internet. Implementing lightweight security at a low cost thus becomes increasingly relevant to prevent malicious network entries using less protected devices. Physical Unclonable Functions (PUFs), and more specifically Arbiter Physical Unclonable Functions (APUFs), are cryptographic primitives that have looked promising for achieving the mentioned requirements. Unfortunately, the APUF as well as many constructions based on it have either been shown weak to machine learning modeling attacks or are not sufficiently lightweight to fit on small embedded devices. Throughout the thesis, software called PyPuf has been used to simulate APUFs. By implementing file parsing in PyPuf it is now possible to generate a software model of an APUF realized in hardware. This thesis explores methods of protecting the APUF from machine learning modeling attacks. Together with a team of researchers at KTH, Royal Institute of Technology in Stockholm, I propose a lightweight PUF construction called the Cyclic Redundancy Check Physical Unclonable Function (CRC-PUF), in which inputs are obfuscated using a technique based on a Cyclic Redundancy Check (CRC). By changing the CRC generator polynomial between input evaluations, the probability of successfully recovering the obfuscated input is at most 2−86 for 128-bit inputs. The output protection technique of combining multiple APUF chains was also explored by comparing XOR with majority vote.
Fler och fler inbyggda enheter så som smarta hushållsapparater ansluts till internet. Att implementera hårdvarueffektiv säkerhet till ett lågt pris blir därför mer och mer relevant för att förhindra illvilliga nätverksintrång av mindre skyddade enheter. Physical Unclonable Functions (PUFs), och mer specifikt Arbiter Physical Unclonable Functions (APUFs), är krypografiska primitiv som har sett lovande ut för att uppnå de nämnda kraven. Oturligt nog har APUF-konstruktionen, så väl som många andra konstruktioner som baseras på den antingen visats vara svaga mot modelleringsattacker baserade på maskininlärning, eller inte varit tillräckligt lättviktiga för att kunna användas på små inbyggda enheter. Under projektet har mjukvaran PyPuf använts för att simulera APUFs. Genom att implementera filparsning i PyPuf är det nu möjligt att generera en mjukvarumodel av en APUF realiserad i hårdvara. Denna avhandling undersöker metoder att försvara APUF-konstruktionen mot modelleringsattacker baserade på maskininlärning. Tillsammans med en grupp av forskare på KTH, Kungliga Tekniska Högskolan i Stockholm, föreslår jag en lättviktig PUF-konstruktion som kallas Cyclic Redundancy Check Physical Unclonable Function (CRCPUF), i vilken inmatningar döljs med hjälp av en teknik som är baserad på en Cyclic Redundancy Check (CRC). Genom att ändra generatorpolynomet hos CRC mellan inmatningsutvärderingar så minskar sannolikheten att framgångsrikt utvinna inmatningen till som mest 2−86 för 128bitarsinmatningar. Utmatningsskyddstekniken att kombinera flera APUF-kedjor var undersökt, genom att jämföra XOR med majoritetsomröstning.
Стилі APA, Harvard, Vancouver, ISO та ін.
42

Katti, Sachin (Katti Rajsekhar). "On attack correlation and the benefits of sharing IDS data." Thesis, Massachusetts Institute of Technology, 2005. http://hdl.handle.net/1721.1/34363.

Повний текст джерела
Анотація:
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.
Includes bibliographical references (p. 47-49).
This thesis presents the first wide-scale study of correlated attacks, i.e., attacks mounted by the same source IP against different networks. Using a large dataset from 1700 intrusion detection systems (IDSs), this thesis shows that correlated attacks are prevalent in the current Internet; 20% of all offending sources mount correlated attacks and they account for more than 40% of all the IDS alerts in our logs. Correlated attacks appear at different networks within a few minutes of each other, indicating the difficulty of warding off these attacks by occasional offline exchange of lists of malicious IP addresses. Furthermore, correlated attacks are highly targeted. The 1700 DSs can be divided into small groups with 4-6 members that do not change with time; IDSs in the same group experience a large number of correlated attacks, while IDSs in different groups see almost no correlated attacks These results have important implications on collaborative intrusion detection of common attackers. They show that collaborating IDSs need to exchange alert information in realtime. Further, exchanging alerts among the few fixed IDSs in the same correlation group achieves almost the same benefits as collaborating with all IDSs, while dramatically reducing the overhead.
by Sachin Katti.
S.M.
Стилі APA, Harvard, Vancouver, ISO та ін.
43

Williams, Leevar (Leevar Christoff). "GARNET : a Graphical Attack graph and Reachability Network Evaluation Tool." Thesis, Massachusetts Institute of Technology, 2008. http://hdl.handle.net/1721.1/46367.

Повний текст джерела
Анотація:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2008.
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Includes bibliographical references (p. 101-102).
Attack graphs are valuable tools in the assessment of network security, revealing potential attack paths an adversary could use to gain control of network assets. Creating an effective visualization for attack graphs is essential to their utility, but many previous efforts produce complex displays that are difficult to relate to the underlying networks. This thesis presents GARNET (Graphical Attack graph and Reachability Network Evaluation Tool), an interactive visualization tool intended to facilitate the task of attack graph analysis. The tool provides a simplified view of critical steps that can be taken by an attacker and of host-to-host network reachability that enables these exploits. It allows users to perform "what-if" experiments including adding new zero-day attacks, following recommendations to patch software vulnerabilities, and changing the attacker starting location to analyze external and internal attackers. Users are able to view a set of attack graph metrics that summarize different aspects of overall network security for a specific set of attacker models. An initial user evaluation of GARNET identified problematic areas of the interface that assisted in the development of a more functional design.
by Leevar Williams.
M.Eng.
Стилі APA, Harvard, Vancouver, ISO та ін.
44

Jeong, Taehoon. "Secure analog-to-digital conversion against power side-channel attack." Thesis, Massachusetts Institute of Technology, 2020. https://hdl.handle.net/1721.1/127018.

Повний текст джерела
Анотація:
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, May, 2020
Cataloged from the official PDF of thesis.
Includes bibliographical references (pages 125-129).
At the interface between analog circuits and a digital processor, an ADC can create a critical hardware security loophole. By exploiting the power side-channel leakage of the ADC, an attacker can expose the private signal chain data. Having recognized the security threat, this thesis explores both aspects of the SAR ADC power side-channel attack (PSA): attack method and its countermeasure. Firstly, this thesis proposes two neural-network-based SAR ADC PSA methods based on multi-layer perceptron net-works (MLP-PSA) and convolutional neural networks (CNN-PSA). When applied to a SAR ADC without PSA protection, the proposed attack methods decode the power supply current waveforms of the SAR ADC into the corresponding A/D conversion results with very high accuracy, demonstrating themselves as powerful ADC PSA methods. Secondly, this thesis proposes a current-equalizer-based SAR ADC PSA countermeasure. A 12-bit, 1.25MS/s prototype SAR ADC is implemented in 65nm CMOS technology for the proof-of-concept. With the proposed PSA countermeasure, the prototype SAR ADC demonstrated a strong PSA-resistance against MLP-PSA. Due to the second-order power side-channel leakage sources of a current equalizer, the prototype SAR ADC showed weaker PSA-resistance against CNN-PSA, but generally protected a significant portion of the information from the attack.
by Taehoon Jeong.
Ph. D.
Ph.D. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science
Стилі APA, Harvard, Vancouver, ISO та ін.
45

Jevtić, Ana Ph D. Massachusetts Institute of Technology. "Cyber-attack detection and resilient state estimation in power systems." Thesis, Massachusetts Institute of Technology, 2020. https://hdl.handle.net/1721.1/127025.

Повний текст джерела
Анотація:
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, May, 2020
Cataloged from the official PDF of thesis.
Includes bibliographical references (pages 99-108).
Many critical infrastructures, such as transportation and electric energy networks, and health care, are now becoming highly integrated with information and communication technology, in order to be more efficient and reliable. These cyber-physical systems (CPS) now face an increasing threat of cyber-attacks. Intelligent attackers can leverage their knowledge of the system, disruption, and disclosure resources to critically damage the system while remaining undiscovered. In this dissertation, we develop a defense strategy, with the ability to uncover malicious and intelligent attacks and enable resilient operation of cyber-physical systems. Specifically, we apply this defense strategy to power systems, described by linear frequency dynamics around the nominal operating point. Our methodology is based on the notion of data aggregation as a tool for extracting internal information about the system that may be unknown to the attacker. As the first step to resilience and security, we propose several methods for active attack detection in cyber-physical systems. In one approach we design a clustering-based moving-target active detection algorithm and evaluate it against stealthy attacks on the 5-bus and 24-bus power grids. Next, we consider an approach based on Interaction Variables (IntVar), as another intuitive way to extract internal information in power grids. We evaluate the eectiveness of this approach on Automatic Generation Control (AGC), a vital control mechanism in today's power grid. After an attack has been detected, mitigation procedures must be put in place to allow continued reliable operation or graceful degradation of the power grid. To that end, we develop a resilient state estimation algorithm, that provides the system operator with situational awareness in the presence of wide-spread coordinated cyber-attacks when many system measurements may become unavailable.
by Ana Jevtić.
Ph. D.
Ph.D. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science
Стилі APA, Harvard, Vancouver, ISO та ін.
46

Uwagbole, Solomon. "A pattern-driven corpus to predictive analytics in mitigating SQL injection attack." Thesis, Edinburgh Napier University, 2018. http://researchrepository.napier.ac.uk/Output/1538260.

Повний текст джерела
Анотація:
The back-end database provides accessible and structured storage for each web application's big data internet web traffic exchanges stemming from cloud-hosted web applications to the Internet of Things (IoT) smart devices in emerging computing. Structured Query Language Injection Attack (SQLIA) remains an intruder's exploit of choice to steal confidential information from the database of vulnerable front-end web applications with potentially damaging security ramifications. Existing solutions to SQLIA still follows the on-premise web applications server hosting concept which were primarily developed before the recent challenges of the big data mining and as such lack the functionality and ability to cope with new attack signatures concealed in a large volume of web requests. Also, most organisations' databases and services infrastructure no longer reside on-premise as internet cloud-hosted applications and services are increasingly used which limit existing Structured Query Language Injection (SQLI) detection and prevention approaches that rely on source code scanning. A bio-inspired approach such as Machine Learning (ML) predictive analytics provides functional and scalable mining for big data in the detection and prevention of SQLI in intercepting large volumes of web requests. Unfortunately, lack of availability of robust ready-made data set with patterns and historical data items to train a classifier are issues well known in SQLIA research applying ML in the field of Artificial Intelligence (AI). The purpose-built competition-driven test case data sets are antiquated and not pattern-driven to train a classifier for real-world application. Also, the web application types are so diverse to have an all-purpose generic data set for ML SQLIA mitigation. This thesis addresses the lack of pattern-driven data set by deriving one to predict SQLIA of any size and proposing a technique to obtain a data set on the fly and break the circle of relying on few outdated competitions-driven data sets which exist are not meant to benchmark real-world SQLIA mitigation. The thesis in its contributions derived pattern-driven data set of related member strings that are used in training a supervised learning model with validation through Receiver Operating Characteristic (ROC) curve and Confusion Matrix (CM) with results of low false positives and negatives. We further the evaluations with cross-validation to have obtained a low variance in accuracy that indicates of a successful trained model using the derived pattern-driven data set capable of generalisation of unknown data in the real-world with reduced biases. Also, we demonstrated a proof of concept with a test application by implementing an ML Predictive Analytics to SQLIA detection and prevention using this pattern-driven data set in a test web application. We observed in the experiments carried out in the course of this thesis, a data set of related member strings can be generated from a web expected input data and SQL tokens, including known SQLI signatures. The data set extraction ontology proposed in this thesis for applied ML in SQLIA mitigation in the context of emerging computing of big data internet, and cloud-hosted services set our proposal apart from existing approaches that were mostly on-premise source code scanning and queries structure comparisons of some sort.
Стилі APA, Harvard, Vancouver, ISO та ін.
47

Du, Preez Riekert. "The cost of free instant messaging: an attack modelling perspective." Thesis, Nelson Mandela Metropolitan University, 2006. http://hdl.handle.net/10948/499.

Повний текст джерела
Анотація:
Instant Messaging (IM) has grown tremendously over the last few years. Even though IM was originally developed as a social chat system, it has found a place in many companies, where it is being used as an essential business tool. However, many businesses rely on free IM and have not implemented a secure corporate IM solution. Most free IM clients were never intended for use in the workplace and, therefore, lack strong security features and administrative control. Consequently, free IM clients can provide attackers with an entry point for malicious code in an organization’s network that can ultimately lead to a company’s information assets being compromised. Therefore, even though free IM allows for better collaboration in the workplace, it comes at a cost, as the title of this dissertation suggests. This dissertation sets out to answer the question of how free IM can facilitate an attack on a company’s information assets. To answer the research question, the dissertation defines an IM attack model that models the ways in which an information system can be attacked when free IM is used within an organization. The IM attack model was created by categorising IM threats using the STRIDE threat classification scheme. The attacks that realize the categorised threats were then modelled using attack trees as the chosen attack modelling tool. Attack trees were chosen because of their ability to model the sequence of attacker actions during an attack. The author defined an enhanced graphical notation that was adopted for the attack trees used to create the IM attack model. The enhanced attack tree notation extends traditional attack trees to allow nodes in the trees to be of different classes and, therefore, allows attack trees to convey more information. During the process of defining the IM attack model, a number of experiments were conducted where IM vulnerabilities were exploited. Thereafter, a case study was constructed to document a simulated attack on an information system that involves the exploitation of IM vulnerabilities. The case study demonstrates how an attacker’s attack path relates to the IM attack model in a practical scenario. The IM attack model provides insight into how IM can facilitate an attack on a company’s information assets. The creation of the attack model for free IM lead to several realizations. The IM attack model revealed that even though the use of free IM clients may seem harmless, such IM clients can facilitate an attack on a company’s information assets. Furthermore, certain IM vulnerabilities may not pose a great risk by themselves, but when combined with the exploitation of other vulnerabilities, a much greater threat can be realized. These realizations hold true to what French playwright Jean Anouilh once said: “What you get free costs too much”.
Стилі APA, Harvard, Vancouver, ISO та ін.
48

Ponnam, Sravanthi. "Keyboard Acoustic Emanations Attack : An Empirical study." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-143645.

Повний текст джерела
Анотація:
The sounds produced from the keystrokes when a user types on the keyboard are called keyboard acoustic emanations. These sounds can be recorded with a microphone and stored as a file on the computer. Different techniques can be used to retrieve each keystroke. In this way sensitive information, such as passwords used to unlock the system or enter various protected cyber spaces can be collected and misused. This study investigates the seriousness of the keyboard acoustic emanations attack and possible threats from this type of eavesdropping. The aim of the research is to show this type of attack can be performed using simple equipment and easy to use signal processing techniques and to suggest protective measures against the threat from the attack. We use empirical methodology and perform experiments under different scenarios. Unlike the previous research, the experiments are performed in a moderately noisy environment. Our attack includes two phases, training and recognition phase. The structure of the attack is created considering views of previous research and having in mind the aim of the study. Six scenarios are created based on how the characteristics of the waveforms are presented and what types of techniques are used at the recognition phase. A separate procedure for identifying which scenario produces the highest recognition rate is designed. The results show that the waveform of the acoustic signal in presence of noise has similar shape as in silent environment and that an attacker can easily perform our experiment with keyboard acoustic emanations attack. We achieved 60% recognition rate that can be considered as satisfactory. The experiment is compared with similar ones from the previous research. Easy computation, analysis and simplicity are the advantages of our approach. At the end of the thesis we suggest preventive measures for mitigating the attack.
Стилі APA, Harvard, Vancouver, ISO та ін.
49

Pettersson, Stefan. "Visualizing Endpoint Security Technologies using Attack Trees." Thesis, Linköping University, Department of Computer and Information Science, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-15509.

Повний текст джерела
Анотація:

Software vulnerabilities in programs and malware deployments have been increasing almost every year since we started measuring them. Information about how to program securely, how malware shall be avoided and technological countermeasures for this are more available than ever. Still, the trend seems to favor the attacker. This thesis tries to visualize the effects of a selection of technological countermeasures that have been proposed by researchers. These countermeasures: non-executable memory, address randomization, system call interception and file integrity monitoring are described along with the attacks they are designed to defend against. The coverage of each countermeasure is then visualized with the help of attack trees. Attack trees are normally used for describing how systems can be attacked but here they instead serve the purpose of showing where in an attack a countermeasure takes effect. Using attack trees for this highlights a couple of important aspects of a security mechanism, such as how early in an attack it is effective and which variants of an attack it potentially defends against. This is done by the use of what we call defensive codes that describe how a defense mechanism counters a sub-goal in an attack. Unfortunately the whole process is not well formalized and depends on many uncertain factors.

Стилі APA, Harvard, Vancouver, ISO та ін.
50

Boulkenafet, Z. (Zinelabidine). "Face presentation attack detection using texture analysis." Doctoral thesis, Oulun yliopisto, 2018. http://urn.fi/urn:isbn:9789526219257.

Повний текст джерела
Анотація:
Abstract In the last decades, face recognition systems have evolved a lot in terms of performance. As a result, this technology is now considered as mature and is applied in many real world applications from border control to financial transactions and computer security. Yet, many studies show that these systems suffer from vulnerabilities to spoofing attacks, a weakness that may limit their usage in many cases. A face spoofing attack or presentation attack occurs when someone tries to masquerade as someone else by presenting a fake face in front of the face recognition camera. To protect the recognition systems against attacks of this kind, many face anti-spoofing methods have been proposed. These methods have shown good performances on the existing face anti-spoofing databases. However, their performances degrade drastically under real world variations (e.g., illumination and camera device variations). In this thesis, we concentrate on improving the generalization capabilities of the face anti-spoofing methods with a particular focus on the texture based techniques. In contrast to most existing texture based methods aiming at extracting texture features from gray-scale images, we propose a joint color-texture analysis. First, the face images are converted into different color spaces. Then, the feature histograms computed over each image band are concatenated and used for discriminating between real and fake face images. Our experiments conducted on three color spaces: RGB, HSV and YCbCr show that extracting the texture information from separated luminance chrominance color spaces (HSV and YCbCr) yields to better performances compared to gray-scale and RGB image representations. Moreover, to deal with the problem of illumination and image-resolution variations, we propose to extract this texture information from different scale images. In addition to representing the face images in different scales, the multi-scale filtering methods also act as pre-processing against factors such as noise and illumination. Although our obtained results are better than the state of the art, they are still far from the requirements of real world applications. Thus, to help in the development of robust face anti-spoofing methods, we collected a new challenging face anti-spoofing database using six camera devices in three different illumination and environmental conditions. Furthermore, we have organized a competition on the collected database where fourteen face anti-spoofing methods have been assessed and compared
Tiivistelmä Kasvontunnistusjärjestelmien suorituskyky on parantunut huomattavasti viime vuosina. Tästä syystä tätä teknologiaa pidetään nykyisin riittävän kypsänä ja käytetään jo useissa käytännön sovelluksissa kuten rajatarkastuksissa, rahansiirroissa ja tietoturvasovelluksissa. Monissa tutkimuksissa on kuitenkin havaittu, että nämä järjestelmät ovat myös haavoittuvia huijausyrityksille, joissa joku yrittää esiintyä jonakin toisena henkilönä esittämällä kameralle jäljennöksen kohdehenkilön kasvoista. Tämä haavoittuvuus rajoittaa kasvontunnistuksen laajempaa käyttöä monissa sovelluksissa. Tunnistusjärjestelmien turvaamiseksi on kehitetty lukuisia menetelmiä tällaisten hyökkäysten torjumiseksi. Nämä menetelmät ovat toimineet hyvin tätä tarkoitusta varten kehitetyillä kasvotietokannoilla, mutta niiden suorituskyky huononee dramaattisesti todellisissa käytännön olosuhteissa, esim. valaistuksen ja käytetyn kuvantamistekniikan variaatioista johtuen. Tässä työssä yritämme parantaa kasvontunnistuksen huijauksen estomenetelmien yleistämiskykyä keskittyen erityisesti tekstuuripohjaisiin menetelmiin. Toisin kuin useimmat olemassa olevat tekstuuripohjaiset menetelmät, joissa tekstuuripiirteitä irrotetaan harmaasävykuvista, ehdotamme väritekstuurianalyysiin pohjautuvaa ratkaisua. Ensin kasvokuvat muutetaan erilaisiin väriavaruuksiin. Sen jälkeen kuvan jokaiselta kanavalta erikseen lasketut piirrehistogrammit yhdistetään ja käytetään erottamaan aidot ja väärät kasvokuvat toisistaan. Kolmeen eri väriavaruuteen, RGB, HSV ja YCbCr, perustuvat testimme osoittavat, että tekstuuri-informaation irrottaminen HSV- ja YCbCr-väriavaruuksien erillisistä luminanssi- ja krominanssikuvista parantaa suorituskykyä kuvien harmaasävy- ja RGB-esitystapoihin verrattuna. Valaistuksen ja kuvaresoluution variaation takia ehdotamme myös tämän tekstuuri-informaation irrottamista eri tavoin skaalatuista kuvista. Sen lisäksi, että itse kasvot esitetään eri skaaloissa, useaan skaalaan perustuvat suodatusmenetelmät toimivat myös esikäsittelynä sellaisia suorituskykyä heikentäviä tekijöitä vastaan kuten kohina ja valaistus. Vaikka tässä tutkimuksessa saavutetut tulokset ovat parempia kuin uusinta tekniikkaa edustavat tulokset, ne ovat kuitenkin vielä riittämättömiä reaalimaailman sovelluksissa tarvittavaan suorituskykyyn. Sen takia edistääksemme uusien robustien kasvontunnistuksen huijaamisen ilmaisumenetelmien kehittämistä kokosimme uuden, haasteellisen huijauksenestotietokannan käyttäen kuutta kameraa kolmessa erilaisessa valaistus- ja ympäristöolosuhteessa. Järjestimme keräämällämme tietokannalla myös kansainvälisen kilpailun, jossa arvioitiin ja verrattiin neljäätoista kasvontunnistuksen huijaamisen ilmaisumenetelmää
Стилі APA, Harvard, Vancouver, ISO та ін.
Ми пропонуємо знижки на всі преміум-плани для авторів, чиї праці увійшли до тематичних добірок літератури. Зв'яжіться з нами, щоб отримати унікальний промокод!

До бібліографії