Дисертації з теми "SNORD"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: SNORD.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 дисертацій для дослідження на тему "SNORD".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Hebras, Jade. "Caractérisation moléculaire du petit ARN nucléolaire SNORD115 : un rôle dans la régulation de l'expression et de la fonction du récepteur à la sérotonine 5-HT2C ?" Thesis, Toulouse 3, 2020. http://www.theses.fr/2020TOU30209.
Анотація:
Le nucléole des mammifères contient des centaines de petits ARN nucléolaires à boîte C/D (SNORD) dont la grande majorité guide une 2'-O-ribose méthylation sur les précurseurs des ARN ribosomiques (pré-ARNr). Certains SNORD facilitent aussi les clivages que subissent le pré-ARNr ou modifient le petit ARN nucléaire U6. Des travaux récents laissent également entrevoir que certains SNORD interagissent avec des ARNm. C'est le cas par exemple pour SNORD115 qui est au cœur de mon travail de thèse. SNORD115 est exprimé uniquement dans le cerveau à partir de nombreux gènes répétés en tandem situés au locus SNURF-SNRPN dont l'expression est contrôlée par l'empreinte génomique parentale. Des défauts génétiques associés à ce locus chromosomique sont associés à une maladie rare: le syndrome de Prader-Willi (SPW). SNORD115 est remarquable car il possède une longue complémentarité conservée avec l'ARNm codant un récepteur à la sérotonine, le variant 5-HT2C. Certains travaux proposent que SNORD115 régule la voie 5-HT2C en modulant l'épissage alternatif ou l'édition A vers I du pré-ARNm 5-HT2C. Un défaut dans l'activité du 5-HT2C pourrait être à l'origine de l'hyperphagie et/ou des anomalies comportementales qui caractérisent le SPW. Mon projet de thèse principal consistait à éprouver cette hypothèse grâce à un nouveau modèle murin CRISPR/Cas9 invalidé pour SNORD115. Mes résultats montrent que la perte d'expression de SNORD115 ne perturbe pas la régulation post-transcriptionnelle du pré-ARNm 5-HT2C in vivo. D'autre part, des études réalisées dans l'équipe n'ont pas permis de révéler des anomalies marquées dans les phénotypes anxio-dépressifs, ni dans le comportement alimentaire. Ma thèse soulève donc des questions importantes quant au rôle régulateur de SNORD115 dans le cerveau et de sa contribution potentielle dans l'étiologie du SPW. En parallèle, j'ai aussi abordé le répertoire des 2'-O-méthylations de l'ARNr dans des tissus murins, notamment le cerveau. Ce travail s'inscrivait dans la thématique émergente de la théorie du "ribosome spécialisé" qui propose qu'une hétérogénéité structurale des composants du ribosome puisse se traduire par des changements dans les capacités fonctionnelles du ribosome. Mes résultats montrent des variations dans la méthylation pour un nombre très limité de sites, et ce principalement au cours du développement. Aussi, les ribosomes des tissus développementaux sont globalement moins méthylés que ceux des tissus adultes. Nous avons concentré nos efforts sur LSU-G4593 dont la méthylation guidée par SNORD78 est retrouvée uniquement au cours du développement. Nous proposons que des évènements d'épissage alternatif du gène-hôte de SNORD78 modulent la production de SNORD78, et de fait le niveau de méthylation LSU-Gm4593. Grâce à l'étude d'une lignée cellulaire humaine (HEK293) invalidée pour SNORD78, j'ai recherché les implications fonctionnelles de LSU-Gm4593. A ce jour, mes travaux ne montrent pas un rôle marqué dans la prolifération cellulaire, ni dans la fidélité de la traduction. La fonction précise de LSU-Gm4593 demeure donc incompriseThe nucleolus of mammalian cells contains hundreds of box C/D small nucleolar RNAs (SNORDs). Majority of them, guide sequence-specific 2'-O ribose methylations into ribosomal RNA (rRNA). Some of them facilitate RNA folding and cleavages of ribosomal RNA precursors or guide ribose methylations into spliceosomal small nuclear RNA U6. Recent studies propose that some SNORD could target other transcripts, possibly messenger RNA as suggested by the brain-specific SNORD115. SNORD115 is processed from tandemly repeated genes embedded in the imprinted SNURF-SNRPN domain. Defects in gene expression at this domain are causally linked to rare disease: the Prader-Willi Syndrome (PWS). Excitingly, SNORD115 displays an extensive region of complementary to a brain-specific mRNA encoding the serotonin receptor 5-HT2C. SNORD115 could influence 5-HT2C signaling by fine-tuning alternative splicing or A to I RNA editing of 5-HT2C pre-mRNA. Reduced 5-HT2C receptor activity could contribute to impaired emotional response and/or compulsive overeating that characterized the syndrome. My work was to test this hypothesis using a CRISPR/Cas9-mediated SNORD115 knockout mouse model. My results show that loss of SNORD115 expression, in vivo, does not alter the post-transcriptional regulation of 5-HT2C pre-mRNA processing. Others results from the team do not reveal any defects in anxio-depressive phenotypes and eating behaviour. Our study questions the regulatory roles of SNORD115 in brain functions and behavioural disturbance associated with PWS. On other hand, I have studied ribose methylation sites in rRNA from mouse tissues. This work was included in emerging field of the specialized ribosome hypothesis which suggests heterogeneity in ribosomes may impact activity of ribosomes. Our results show significant changes at few discrete set of sites, especially in rRNA from developing tissues. Also, rRNA from developing tissues is globally less methylated than rRNA from adult tissues. We focus on LSU-Gm4593 site because this position is specifically methylated only during development and hardly ever detected in adult tissues. Methylation at LSU-G4593 is guided by SNORD78. We propose that the expression levels of SNORD78 during development appeared to be regulated by alternative splicing of the host-gene and to correlate with the methylation level of its target site at LSU-G4593. We've used a human cell line (HEK293T) inactivated for the SNORD78 gene in order to understand the functionally role of the corresponding ribose methylation. Our work did not demonstrate any overt cellular phenotypes, even though translation fidelity and the precise function of LSU-Gm4593 remains unknown
2
Ringström, Saltin Markus. "Intrusion Detection Systems : utvärdering av Snort." Thesis, University of Skövde, School of Humanities and Informatics, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-3081.
Анотація:
Det här examensarbetet undersöker effektiviteten hos ett Intrusion Detection System(IDS). Ett IDS är ett system som skall upptäcka om klienter på ett nätverk attackerasav en ”hacker” eller om någon obehörig försöker inkräkta, ungefär som en vakthund.Det IDS som testats är Snort, ett mycket populärt IDS skrivet med öppen källkod.Syftet med studien är att kunna påvisa huruvida ett IDS är ett bra komplement till ettsystems säkerhet eller inte, då det gjorts väldigt få metodiska undersökningar avSnort, och IDS i allmänhet.Den studie som gjorts utfördes med hjälp av ett antal experiment i enlaborationsmiljö, där effektiviteten hos Snort sattes på prov med hjälp av olika typerav attacker.Utifrån det resultat som uppkom så går det att konstatera att ett IDS absolut är ettkomplement värt att överväga för en organisation som är villig att ägna de resursersom systemet kräver, då ett högt antal av de utförda attackerna upptäcktes – attackersom anti-virus eller brandväggar inte är skapade för att reagera på.
3
Steinvall, Daniel. "Utvärdering av signaturdatabaser i systemet Snort." Thesis, Karlstads universitet, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-72581.
Анотація:
Konstant uppkoppling till internet idag är en självklarhet för många världen över. Internet bidrar till en global förbindelse som aldrig tidigare varit möjligt, vilken kan tyckas vara underbart i många avseenden. Dessvärre kan denna digitala förbindelse missbrukas och användas för ondsinta ändamål vilket har lett till behov av säkerhetslösningar som bland annat nätverks-intrångsdetektionssystem. Ett av de mest omtalade verktygen som är ett exempel på ett sådant system är Snort som studeras i denna studie. Utöver analysering av Snort, evalueras även olika signaturdatabasers detektionsförmåga av angrepp. Totalt exekverades 1143 angrepp från 2008-2019 och dessa utvärderades av tre Snort-versioner daterade 2012, 2016 och 2018. Varje Snort-version analyserade angreppen med 18 signaturdatabaser daterade 2011-2019 från tre olika utgivare. Resultaten visar att det stor skillnad mellan de olika utgivarnas signaturdatabaser där den bästa detekterade runt 70% av angreppen medan den sämsta endast detekterade runt 1%. Även hur Snort konfigurerades hade stor inverkan på resultatet där Snort med för-processorn detekterade omkring 15% fler angrepp än utan den.For many people all over the world being constantly connected to the Internet is taken for granted. The Internet connects people globally in a way that has never been possible before, which in many ways is a fantastic thing. Unfortunately, this global connection can be abused for malicious purposes which have led to the need for security solutions such as network intrusion detection systems. One prominent example of such a system is Snort which is the subject of evaluation in this thesis. This study investigates the ability of signature databases for Snort to detect cyberattacks. In total, we executed 1143 attacks released between 2008-2019 and recorded the network traffic. We then analyzed the network traffic using three versions of Snort released 2012, 2016, and 2018. For each version, we used 18 different signature databases dated 2011-2019 from three different publishers. Our results show that there are a significant difference between the different publishers’ signature databases, where the best signature database detected around 70% of the attacks and the worst only detected around 1%. The configuration of Snort also had a significant impact on the results, where Snort with the pre-processor detected about 15% more attacks than without it.
4
Magnusson, Jonas. "Intrångsdetekteringssystem : En jämförelse mellan Snort och Suricata." Thesis, University of Skövde, School of Humanities and Informatics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-4401.
Анотація:
Arbetets syfte är att jämföra intrångsdetekteringssystemen Snort och Suricata för att ge en uppfattning om vilken av applikationerna som lämpar sig att implementeras hos en internetleverantör för att upptäcka attacker och öka säkerheten på nätverket. Jämförelsen utförs med hänseende till antal upptäckta attacker, prestanda, implementeringstid, antal konfigurationsfiler samt vilka operativsystem de finns tillgängliga på.
Resultatet visar att Suricata med sitt stöd för att använda signaturer skapade för Snort upptäcker fler attacker än Snort. Snort däremot går både smidigare och snabbare att implementera. Prestandamässigt så visar Suricata bäst resultat, genom att använda sig av flera kärnor och mindre minne.
5
Fleming, Theodor, and Hjalmar Wilander. "Network Intrusion and Detection : An evaluation of SNORT." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-144335.
Анотація:
Network security has become a vital part for computer networks to ensure that they operate as expected. With many of today's services relying on networks it is of great importance that the usage of networks are not being compromised. One way to increase the security of a computer network is to implement a Network Intrusion Detection System (NIDS). This system monitors the traffic sent to, from and within the network. This study investigates how a NIDS called SNORT with different configurations handles common network attacks. The knowledge of how SNORT managed the attacks is used to evaluate and indicate the vulnerability of different SNORT configurations. Different approaches on both how to bypass SNORT and how to detect attacks are described both theoretically, and practically with experiments. This study concludes that a carefully prepared configuration is the factor for SNORT to perform well in network intrusion detection.
6
Zhang, Huan. "Parallelization of a software based intrusion detection system - Snort." Thesis, University of Canterbury. Electrical and Computer Engineering, 2011. http://hdl.handle.net/10092/5988.
Анотація:
Computer networks are already ubiquitous in people’s lives and work and network security is becoming a critical part. A simple firewall, which can only scan the bottom four OSI layers, cannot satisfy all security requirements. An intrusion detection system (IDS) with deep packet inspection, which can filter all seven OSI layers, is becoming necessary for more and more networks. However, the processing throughputs of the IDSs are far behind the current network speed. People have begun to improve the performance of the IDSs by implementing them on different hardware platforms, such as Field-Programmable Gate Array (FPGA) or some special network processors. Nevertheless, all of these options are either less flexible or more expensive to deploy. This research focuses on some possibilities of implementing a parallelized IDS on a general computer environment based on Snort, which is the most popular open-source IDS at the moment.
In this thesis, some possible methods have been analyzed for the parallelization of the pattern-matching engine based on a multicore computer. However, owing to the small granularity of the network packets, the pattern-matching engine of Snort is unsuitable for parallelization. In addition, a pipelined structure of Snort has been implemented and analyzed. The universal packet capture API - LibPCAP has been modified for a new feature, which can capture a packet directly to an external buffer. Then, the performance of the pipelined Snort can have an improvement up to 60% on an Intel i7 multicore computer for jumbo frames. A primary limitation is on the memory bandwidth. With a higher bandwidth, the performance of the parallelization can be further improved.
7
Dominguez-Camara, Rosario. "Multiparameter assessment of speech using SNORS+ with integrated EMG analysis." Thesis, University of Kent, 2005. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.418555.
8
Albin, Eugene. "A comparative analysis of the Snort and Suricata intrusion-detection systems." Thesis, Monterey, California. Naval Postgraduate School, 2011. http://hdl.handle.net/10945/5480.
Анотація:
Approved for public release; distribution is unlimited.Our research focuses on comparing the performance of two open-source intrusion-detection systems, Snort and Suricata, for detecting malicious activity on computer networks. Snort, the de-facto industry standard open-source solution, is a mature product that has been available for over a decade. Suricata, released two years ago, offers a new approach to signature-based intrusion detection and takes advantage of current technology such as process multithreading to improve processing speed. We ran each product on a multi-core computer and evaluated several hours of network traffic on the NPS backbone. We evaluated the speed, memory requirements, and accuracy of the detection engines in a variety of experiments. We conclude that Suricata will be able to handle larger volumes of traffic than Snort with similar accuracy, and thus recommend it for future needs at NPS since the Snort installation is approaching its bandwidth limits.
9
Kurukkankunnel, Joy Cyril, and Sherjin Dan Thomas. "A Study of Intrusion detection on PROFINET Network by Improving SNORT." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-43350.
Анотація:
This report is a result of master thesis in network forensics at Halmstad University during spring term 2018. Industrial engineers are becoming aware of the importance of network security. In today's industrial system, attacks on industrial control system are becoming more commonplace. The availability of industrial specific search engine which can reveal system to anyone interested, has made it easier to target vulnerable systems. Years ago, the networks that are not connected to a public network were considered "Safe". Today these networks are inter-connected, and the challenge is how to make them secure. To protect industrial control systems, monitoring of the industrial network is required to find abnormal activities. There are many open source intrusion detection systems available we have chosen SNORT for our project work since SNORT is a powerful open source intrusion detection system and has many default sets of rules also communitybased rules can be implemented. SNORT has features such as real-time traffic analysis, logging packets and content searching ability. SNORT has limited capability in understanding the PROFINET protocol and the aim of our project is to modify SNORT application to read PROFINET packets so that it can be used in industrial networks running on PROFINET protocol and create rules for PROFINET by examining the data captured from the lab environment.
10
Meyer, Steven J. "GPS Receiver Testing on the Supersonic Naval Ordnance Research Track (SNORT)." International Foundation for Telemetering, 1997. http://hdl.handle.net/10150/609808.
Анотація:
International Telemetering Conference Proceedings / October 27-30, 1997 / Riviera Hotel and Convention Center, Las Vegas, NevadaThere is an interest in using Global Positioning System (GPS) receivers to find: Time Space Position Information (TSPI), miss distances between a missile and target, and using the data real time as an independent tracking aid for range safety. Ashtech, Inc. has several standalone GPS receivers they believe can work at high g levels. This paper investigates how the Ashtech GPS receivers work under high g loading in one axis. The telemetry system used to collect data from the receivers and the reconstruction of the data will also be discussed. The test was done at SNORT (Supersonic Naval Ordnance Research Track) located at NAWS, China Lake, CA. The g level obtained was about +23 g’s with a deceleration of -15 g’s. The velocity reached was about Mach 2.0. A summary of the errors is included.
11
Cavusoglu, Mustafa. "An Efficient And Fast Method Of Snore Detection For Sleep Disorder Investigation." Master's thesis, METU, 2007. http://etd.lib.metu.edu.tr/upload/12608236/index.pdf.
Анотація:
Snores are breath sounds that most people produce during sleep and they are reported to be a risk factor for various sleep disorders, such as obstructive sleep apnea syndrome (OSAS). Diagnosis of sleep disorders relies on the expertise of the clinician that inspects whole night polysomnography recordings. This inspection is time consuming and uncomfortable for the patient. There are surgical and therapeutic treatments. However, evaluation of the success of these methods also relies on subjective criteria and the expertise of the clinician. Thus, there is a strong need for a tool to analyze the snore sounds automatically, and to produce objective criteria and to assess the success of the applied treatment by comparing these criteria obtained before and after the treatment. In this thesis, we proposed a new algorithm to detect snoring episodes from the sleep sound recordings of the individuals, and created a user friendly interface to process snore recordings and to produce simple objective criteria to evaluate the results. The algorithm classifies sleep sound segments as snores and nonsnores according to their subband energy distributions. It was observed that inter- and intra-individual spectral energy distributions of snore sounds show significant similarities. This observation motivated the representation of the feature vectors in a lower dimensional space which was achieved using principal component analysis. Sleep sounds can be efficiently represented and classified as snore or nonsnore in a two dimensional space. The sound recordings were taken from patients that are suspected of OSAS pathology while they were connected to the polysomnography in Gülhane Military Medical Academy Sleep Studies Laboratory. The episodes taken from 30 subjects (18 simple snorers and 12 OSA patients) with different apnea/hypopnea indices were classified using the proposed algorithm. The system was tested by using the manual annotations of an ENT specialist as a reference. The system produced high detection rates both in simple snorers and OSA patients.
12
Thorarensen, Christian. "A Performance Analysis of Intrusion Detection with Snort and Security Information Management." Thesis, Linköpings universitet, Databas och informationsteknik, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-177602.
Анотація:
Network intrusion detection systems (NIDSs) are a major component in cybersecurity and can be implemented with open-source software. Active communities and researchers continue to improve projects and rulesets used for detecting threats to keep up with the rapid development of the internet. With the combination of security information management, automated threat detection updates and widely used software, the NIDS security can be maximized. However, it is not clear how different combinations of software and basic settings affect network performance. The main purpose in this thesis was to find out how multithreading, standard ruleset configurations and near real-time data shipping affect Snort IDS’ online and offline performance. Investigations and results were designed to guide researchers or companies to enable maximum security with minimum impact on connectivity. Software used in performance testing was limited to Snort 2.9.17.1-WIN64 (IDS), Snort 3.1.0.0 (IDS), PulledPork (rule management) and Open Distro for Elasticsearch (information management). To increase the replicability of this study, the experimentation method was used, and network traffic generation was limited to 1.0 Gbit/s hardware. Offline performance was tested with traffic recorded from a webserver during February 2021 to increase the validity of test results, but detection of attacks was not the focus. Through experimentation it was found that multithreading enabled 68-74% less runtime for offline analysis on an octa-thread system. On the same system, Snort’s drop rate was reduced from 9.0% to 1.1% by configuring multiple packet threads for 1.0 Gbit/s traffic. Secondly, Snort Community and Proofpoint ET Open rulesets showed approximately 1% and 31% dropped packets, respectively. Finally, enabling data shipping services to integrate Snort with Open Distro for Elasticsearch (ODFE) did not have any negative impact on throughput, network delay or Snort’s drop rate. However, the usability of ODFE needs further investigation. In conclusion, Snort 3 multithreading enabled major performance benefits but not all open-source rules were available. In future work, the shared security information management solution could be expanded to include multiple Snort sensors, triggers, alerting (email) and suggested actions for detected threats.
13
Wakwella, Ajith S. "Processing of snore related sounds for the diagnosis of obstructive sleep apnoea (OSA) /." [St. Lucia, Qld.], 2005. http://www.library.uq.edu.au/pdfserve.php?image=thesisabs/absthe18755.pdf.
14
Utimura, Luan Nunes. "Aplicação em tempo real de técnicas de aprendizado de máquina no Snort IDS /." São José do Rio Preto, 2020. http://hdl.handle.net/11449/192443.
Анотація:
Orientador: Kelton Augusto Pontara da CostaResumo: À medida que a Internet cresce com o passar dos anos, é possível observar um aumento na quantidade de dados que trafegam nas redes de computadores do mundo todo. Em um contexto onde o volume de dados encontra-se em constante renovação, sob a perspectiva da área de Segurança de Redes de Computadores torna-se um grande desafio assegurar, em termos de eficácia e eficiência, os sistemas computacionais da atualidade. Dentre os principais mecanismos de segurança empregados nestes ambientes, destacam-se os Sistemas de Detecção de Intrusão em Rede. Muito embora a abordagem de detecção por assinatura seja suficiente no combate de ataques conhecidos nessas ferramentas, com a eventual descoberta de novas vulnerabilidades, faz-se necessário a utilização de abordagens de detecção por anomalia para amenizar o dano de ataques desconhecidos. No campo acadêmico, diversos trabalhos têm explorado o desenvolvimento de abordagens híbridas com o intuito de melhorar a acurácia dessas ferramentas, com o auxílio de técnicas de Aprendizado de Máquina. Nesta mesma linha de pesquisa, o presente trabalho propõe a aplicação destas técnicas para a detecção de intrusão em um ambiente tempo real mediante uma ferramenta popular e amplamente utilizada, o Snort. Os resultados obtidos mostram que em determinados cenários de ataque, a abordagem de detecção baseada em anomalia pode se sobressair em relação à abordagem de detecção baseada em assinatura, com destaque às técnicas AdaBoost, Florestas Aleatórias, Árvor... (Resumo completo, clicar acesso eletrônico abaixo)
Abstract: As the Internet grows over the years, it is possible to observe an increase in the amount of data that travels on computer networks around the world. In a context where data volume is constantly being renewed, from the perspective of the Network Security area it becomes a great challenge to ensure, in terms of effectiveness and efficiency, today’s computer systems. Among the main security mechanisms employed in these environments, stand out the Network Intrusion Detection Systems. Although the signature-based detection approach is sufficient to combat known attacks in these tools, with the eventual discovery of new vulnerabilities, it is necessary to use anomaly-based detection approaches to mitigate the damage of unknown attacks. In the academic field, several works have explored the development of hybrid approaches in order to improve the accuracy of these tools, with the aid of Machine Learning techniques. In this same line of research, the present work proposes the application of these techniques for intrusion detection in a real time environment using a popular and widely used tool, the Snort. The obtained results shows that in certain attack scenarios, the anomaly-based detection approach may outperform the signature-based detection approach, with emphasis on the techniques AdaBoost, Random Forests, Decision Tree and Linear Support Vector Machine.
Mestre
15
Nadji, Al-Husein, and Hgi Haval Sarbast. "Bearbetningstid och CPU-användning i Snort IPS : En jämförelse mellan ARM Cortex-A53 och Cortex-A7." Thesis, Tekniska Högskolan, Jönköping University, JTH, Datateknik och informatik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-50899.
Анотація:
Syftet med denna studie är att undersöka hur bearbetningstiden hos Snort intrångsskyddssystem varierar mellan två olika processorer; ARM Cortex-A53 och Cortex-A7. CPU-användningen undersöktes även för att kontrollera om bearbetningstid är beroende av hur mycket CPU Snort använder. Denna studie ska ge kunskap om hur viktig en processor är för att Snort ska kunna prestera bra när det gäller bearbetningstid och CPU användning samt visa det uppenbara valet mellan Cortex-A53 och Cortex-A7 när man ska implementera Snort IPS. Med hjälp av litteratursökning konstruerades en experimentmiljö för att kunna ge svar på studiens frågeställningar. Snort kan klassificeras som CPU-bunden vilket innebär att systemet är beroende av en snabb processor. I detta sammanhang innebär en snabb processor gör att Snort hinner bearbeta den mängd nätverkstrafik den får, annars kan trafiken passera utan att den inspekteras vilket kan skada enheten som är skyddat av Snort. Studiens resultat visar att bearbetningstiden i Snort på Cortex-A53 och Cortex-A7 skiljer sig åt och en tydlig skillnad i CPU-användning mellan processorerna observerades. Studien visar även kopplingen mellan bearbetningstiden och CPUanvändning hos Snort. Studiens slutsats är att ARM Cortex-A53 har bättre prestanda vid användning av Snort IPS avseende bearbetningstid och CPU-användning, där Cortex-A53 har 10 sekunder kortare bearbetningstid och använder 2,87 gånger mindre CPU.The purpose of this study is to examine how the processing time of the Snort intrusion prevention system varies on two different processors; ARM Cortex-A53 and CortexA7. CPU usage was also examined to check if processing time depends on how much CPU Snort uses. This study will provide knowledge about how important a processor is for Snort to be able to perform well in terms of processing time and CPU usage. This knowledge will help choosing between Cortex-A53 and Cortex-A7 when implementing Snort IPS. To achieve the purpose of the study a literature search has been done to design an experimental environment. Snort can be classified as CPU-bound, which means that the system is dependent on a fast processor. In this context, a fast processor means that Snort is given enough time to process the amount of traffic it receives, otherwise the traffic can pass through without it being inspected, which can be harmful to the device that is protected by Snort. The results of the study show that the processing time in Snort on Cortex-A53 and Cortex-A7 differs and an obvious difference in CPU usage between the processors is shown. The study also presents the connection between processing time and CPU usage for Snort. In conclusion, ARM Cortex-A53 has better performance when using Snort IPS in terms of processing time and CPU usage, Cortex-A53 has 10 seconds less processing time and uses 2,87 times less CPU.
16
Sharp, Paul Dean. "An instrument for the multiparameter assessment of speech." Thesis, University of Kent, 2000. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.344150.
17
Aussibal, Julien. "Rsids : un IDS distribué basé sur le framework CVSS." Pau, 2009. http://www.theses.fr/2009PAUU3044.
Анотація:
La détection d'intrusion est une méthode qui permet de garantir la notion de disponibilité dans les systèmes et réseaux informatiques. Cette disponibilité est généralement mise à mal par différentes anomalies. Ces anomalies peuvent être provoqués soit de manière légitime suite a des opérations involontaires intervenant sur ces systèmes (rupture de lien, embouteillages,. . . ), soit de manière illégitimes avec des opérations malveillantes ayant pour but de nuire à la disponibilité de ces systèmes. La mise en oeuvre d'outils recherchant ces différentes anomalies, que sont les IDS (Intrusion Dectetion System), contribuent à détecter au plus tôt ces anomalies et à les bloquer. Cette thèse nous a permis de mettre en place une nouvelle plateforme de génération d'anomalies légitimes et illégitimes. Ce travail a été réalisé dans le cadre du projet METROSEC. Cette plateforme nous a permis d'obtenir différentes captures de trafics contenant ces anomalies. Les différentes anomalies illégitimes ont été réalisées avec des outils classiques de Dénis de Service qui sont TFN2k ou encore Trinoo. Des anomalies légitimes ont aussi été réalisées sous la forme de phénomène de foules subites. L'ensemble de ces captures réelles de trafic ont été utilisées dans le cadre d'autres recherches sur la détection d'intrusion pour l'évaluation de nouvelles méthodes de détection. Dans un second temps, la mise en oeuvre d'un nouvel outil de détection nous a semblé nécessaire afin d'améliorer la qualité de détection de ces anomalies. Ce nouvel IDS distribué, appelé RSIDS (Risk Scored Intrusion Detection System), permettra de récupérer les résultats d'une multitude de sondes hétérogènes. L'utilisation de ses sondes va permettre de supprimer les risques de fausses alertes. En effet une sonde n'est pas capable de détecter l'ensemble des anomalies pouvant arriver sur un système ou un réseau. Chacune des remontées d'alertes fournies par ses sondes sera évaluée en fonction de son degré de dangerosité. Cette évaluation de la dangerosité s'appuie sur le framework CVSS (Common Vulnerability Scoring System)Intrusion detection is a method that ensures the availability concept in systems and computer networks. This availability is generally undermined by various anomalies. These anomalies can be caused either legitimately unintended result has operations working on these systems (broken link, traffic, or. . . ), so illegitimate with malicious operations designed to undermine the availability of these systems. The implementation of these various anomalies detection tools, such as IDS (Intrusion Detection System), contribute to early identification of these anomalies and to block them. This thesis has enabled us to develop a new generation platform to generate legitimate and illegitimate anomalies. This work was carried out under the project METROSEC. This platform has enabled us to obtain various traffic captures containing these anomalies. The various illegimitate anomalies were performed with classic tools to make Denial of Service like TFN2k or Trinoo. Legitimate Anormalies were also conducted with flash crowd phenomenon. All these catch real traffic were used in further research on intrusion detection for the evaluation of new methods of detection. In a second part, the implementation of a new detection tool seems necessary to improve the quality of detection of these anomalies. This new distributed IDS, called RSIDS (Risk Scored Intrusion Detection System), will retrieve the results of a multitude of heterogeneous probes. The use of probes will remove the risk of false alarms. Indeed, a probe is not able to detect all anomalies that occur on a system or network. Each alert provided by its probes will be evaluated according to their degree of dangerousness. The assessment of dangerousness based on the framework CVSS (Common Vulnerability Scoring System)
18
Černý, Michal. "Systémy detekce a prevence průniku." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2010. http://www.nusl.cz/ntk/nusl-218240.
Анотація:
The detection and intrusion prevention systems could be realized as independent hardware or set in the software form on to the host. The primary purpose of these protective elements is the undesirable activity detection such as integrity intrusion of the files, invalid attempts while connecting to the remote service or acquisition of the local network data. The systems react to the event on the basis of the action that is defined by internal rules. We can include the caution sending or communication blocking among possible counteractions. The base principals of the detection and intrusion prevention systems are described in the dissertation. Various types of captured data analyses and processes of the inhere rules creation and further more caution formats are mentioned in the dissertation. There are also considered the alternatives of their location including advantages of selected situations. There is described the installation and setting up of particular elements of the realized network and security systems. In order to the verification of functionality and factor of the protection providing there was realized several selected types of attacks.
19
Dubell, Michael, and David Johansson. "Nätverkssäkerhet med IPS : Förbättrad nätverkssäkerhet med Intrusion Prevention Systems." Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-23347.
Анотація:
Att skydda sin IT-miljö mot olika typer av intrång och attacker som till exempel trojaner,skadliga Java applets eller DoS attacker med hjälp av brandväggar och antivirusprogramär två viktiga lager i skalskyddet. I den här uppsatsen undersöks hur väl ett Intrusion Prevention System skulle kunna fungera som ett ytterligare lager i skalskyddet. Fokus ligger på hur väl IPS-systemet klarar av att avvärja attacker, hur mycket tid som går åt till konfigurering och drift för att få ett fungerande IPS samt hur prestandan i nätverket påverkas av implementationen. För att mäta hur väl IPS systemet klarar av att upptäcka och blockera attacker utförs två experiment där ett mindre nätverk attackeras på olika sätt. I det första experimentet skyddas infrastrukturen av en brandvägg och klienterna är utrustade med antivirusprogram. I det andra experimentet genomförs samma attacker igen fast med ett Snort IPS implementerat i nätverket. Resultatet av de genomförda experimenten visar att en IPS klarar att blockera ca 87% av attackerna, men nätverksprestandan påverkas negativt. Slutsatsen är att endast brandväggar och antivirusprogram inte ger ett fullgott skydd.
20
Nwosu, Ikechukwu C. "Intrustion Detection in Soho Networks using Elasticsearch SIEM." University of Cincinnati / OhioLINK, 2021. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1627662698171667.
21
Pettersson, Mattias. "Detektering av långsam portskanning i realtidssystem." Thesis, Högskolan Dalarna, Datateknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:du-25550.
Анотація:
I denna rapport beskriver jag min undersökning av en metod för detektering av långsam portskanning i ett system som utför realtidsanalys. Portskanning används som en rekognoceringsmetod bland illasinnade aktörer i IT-världen. Det används för att bilda en uppfattning om eventuella svagheter som kan finnas i ett nätverk. Långsam portskanning används för att lura ev. Detekteringssystem och därmed kunna skanna utan att upptäckas. Detektering av långsam portskanning kan vara resurskrävande för arbetsminnet då en stor buffer traditionellt upprättas för att analysera nätverkstrafik över en längre tidsperiod. Det finns även lösningar som analyserar nätverksflöden, vilket istället innebär en förlust av information och att port skanning ej kan upptäckas i realtid. Jag har skapat ett detekteringsystem där jag undersöker möjligheten att använda en databas för detektering av långsam portskanning. Det görs i ett system som ana-lyserar paket i realtid. Resultatet blev ett program som klarar av just det. Det upptäcker vanliga portskan-ningsattacker i realtid och långsamma attacker via presentation i en databas.In this report I describe my investigation of a method for slow port scanning detec-tion in a real-time analysis system. Port scanning is used as a reconnaissance technique used by perpetrators in the IT world. It is used to form an idea of any vulnerabilities that may exist in a network. Slow port scanning is used to try to bypass detection systems and thus able to per-form a scan without being detected. Slow port scanning detection may be resource-intensive for the computer memory since a large buffer is traditionally established to analyze network traffic over a longer period of time. There are also solutions that analyze netflow data, which provides less information and is unable to detect port scanning in real time. I have created a detection system where I investigate the possibility of using data-base in order to detect slow port scanning. The method is part of a system that ana-lyzes real-time packages. The result is a program is capable of doing just that. It detects regular port scan attacks in real time and slow attacks through presentation of the database.
22
Guerra, Flávia Corrêa. "Prevalência de sintomas de apneia obstrutiva do sono em adultos em uma cidade do sul do Brasil." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2016. http://hdl.handle.net/10183/150731.
Анотація:
É crescente a preocupação com as doenças do sono e o seu impacto na saúde da população em geral. Pouco ainda é conhecido e explorado na região Sul de Santa Catarina. Embora a literatura reforce a necessidade de uma avaliação objetiva, existem bons instrumentos clínicos que podem ser utilizados em estudos epidemiológicos. Foi realizado um estudo transversal e observacional com o objetivo de estimar a prevalência de sintomas relacionados a apneia obstrutiva do sono em um grupo de pacientes atendidos no Ambulatório de Clínicas Integradas da Universidade do Extremo Sul Catarinense, um ambulatório geral secundário, na cidade de Criciúma. Foram avaliados 101 pacientes através da aplicação de questões de sintomas de apneia validadas pelo estudo PLATINO e da Escala de Sonolência de Epworth. A amostra estudada tinha 73 (72,3%) mulheres; 47 (48,6%) indivíduos estudados tinham entre 40 e 59 anos. O ronco esteve presente em 65 (64,4%) pacientes e 20 (19,8%) relataram apneias. Dos indivíduos entrevistados, 31 (30,7%) relataram já terem sido questionados pelo seu médico a respeito do seu sono. Quanto ao resultado da ESE, 14 (13,9%) tiveram pontuação superior a 10. No sexo masculino, foi encontrada uma relação entre a presença de ronco e apneia e escores na ESE acima de 10 (p< 0,01). Concluímos que em uma população não selecionada o ronco foi um sintoma bastante prevalente, assim como o relato de apneias. As questões referentes ao sono, sobretudo relacionadas à apneia do sono, ainda são pouco abordadas pelos médicos em consultas gerais.This observational cross-sectional study was conducted to determine the prevalence of symptoms related to obstructive sleep apnea in a group of patients attending Clínicas Integradas da Universidade do Extremo Sul Catarinense Ambulatory, a secondary ambulatory, in Criciuma, Brazil. Inclusion criteria was age 18 years or older. 101 patients were interviewed, and it were apllied questions related to obstructive apnea symptoms, previously validated in the PLATINO study and Epworth Sleepiness Scale. The sample was compounded by 73 (72,3%) women. 47 (48,6%) individuals were between 40 and 59 years old. Snores were present in 65 (64,4%) patients and 20 (19,8%) referred witnessed apneas during sleep. Thirty one (30,7%)of the participants said their physician have ever asked about sleep. The result on Epworth Sleepiness Scale was greater than 10 in 14 (13,9%) individuals. There was a significant relation between snore, witnessed apneas and Epworth Sleepiness Scale results greater than 10 in males (p<0,01). The prevalence of obstructive sleep apnea symptoms are high in this population, but Epworth Sleepiness Scale values are low. Besides, physicians still don’t ask much about sleep.
23
Pagna, Disso Jules Ferdinand. "A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment." Thesis, University of Bradford, 2010. http://hdl.handle.net/10454/5248.
Анотація:
Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes.
24
Pagna, Disso Jules F. "A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment." Thesis, University of Bradford, 2010. http://hdl.handle.net/10454/5248.
Анотація:
Recent research has indicated that although security systems are developing,
illegal intrusion to computers is on the rise. The research conducted here
illustrates that improving intrusion detection and prevention methods is
fundamental for improving the overall security of systems.
This research includes the design of a novel Intrusion Detection System (IDS)
which identifies four levels of visibility of attacks. Two major areas of security
concern were identified: speed and volume of attacks; and complexity of
multistage attacks. Hence, the Multistage Intrusion Detection and Prevention
System (MIDaPS) that is designed here is made of two fundamental elements:
a multistage attack engine that heavily depends on attack trees and a Denial of
Service Engine. MIDaPS were tested and found to improve current intrusion
detection and processing performances.
After an intensive literature review, over 25 GB of data was collected on
honeynets. This was then used to analyse the complexity of attacks in a series
of experiments. Statistical and analytic methods were used to design the novel
MIDaPS.
Key findings indicate that an attack needs to be protected at 4 different levels.
Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use
legitimate actions, MIDaPS uses a novel approach of attack trees to trace the
attacker¿s actions. MIDaPS was tested and results suggest an improvement to
current system performance by 84% whilst detecting DDOS attacks within 10
minutes.
25
Costa, Nilson Santos. "Proteção de sistemas elétricos considerando aspectos de segurança da rede de comunicação." Universidade de São Paulo, 2007. http://www.teses.usp.br/teses/disponiveis/18/18133/tde-28082007-155730/.
Анотація:
O mundo moderno está cada dia mais conectado por todos os meios tecnológicos que existem hoje. Isto permite que mais e mais pessoas possam se comunicar, tornando a estrada da comunicação virtual obrigatória para a sobrevivência das pequenas, médias e grandes empresas públicas e privadas. O grande avanço tecnológico do século 20 foi à utilização em grande escala do PC (personal computer) comumente chamados de microcomputadores. Este avanço também chegou aos sistemas elétricos de potência, tornando as subestações digitalizadas. Estas subestações sendo digitais correm riscos de invasão cibernética interna ou mesmo externa. Embora a possibilidade de invasão cibernética externa seja pequena, ela existe. Diante dessa situação este trabalho propõe a aplicação de um sistema de segurança, aplicado em um sistema elétrico de potência. O trabalho concentra-se especificamente no estudo dos sistemas de detecção de intruso (SDI), nos seus dois modos básicos: o SDI por abuso e SDI por anomalia utilizando redes neurais artificiais. Estes conceitos serão testados em um sistema elétrico de potência simulado, com uma rede de comunicação baseada em microcomputadores e/ou equipamentos microprocessados, com relés digitais reais. Os Softwares, denominados SNORT e Carcará, foram utilizados e extensivamente testados com resultados altamente encorajadores para a função descrita.Modern world is more connected each day by all technological means available. This allows more people to communicate, turning the virtual communication road obligatory to the survival of small, medium and large companies, whether public or private. The great technological advance of the 20th century was the large use of the PCs (personal computer), usually called microcomputers. This advance also reached the power electric systems with the digitalization of the substations. These digitalized substations, run the risk of cybernetic invasion, internal or even external. Although the possibility of external cybernetic invasion is small, it exists. In that context, the present thesis proposes the application of a security system for an electric power system. The focus will be the study of intruder detection systems (IDS), on its two basic forms: the IDS by abuse and the IDS by anomaly, using artificial neural networks. These concepts will be tested in a simulated electric power system, with a communication network based on microcomputers, with actual digital relays with the digitalization of the substations.
26
Ivvala, Avinash Kiran. "Assessment of Snort Intrusion Prevention System in Virtual Environment Against DoS and DDoS Attacks : An empirical evaluation between source mode and destination mode." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-14056.
Анотація:
Context. Cloud computing (CC) is developed as a Human-centered computing model to facilitate its users to access resources anywhere on the globe. The resources can be shared among any cloud user which mainly questions the security in cloud computing. There are Denial of Service and Distributed Denial of Service attacks which are generated by the attackers to challenge the security of CC. The Next-Generation Intrusion Prevention Systems (sometimes referred as Non-Traditional Intrusion Prevention Systems (NGIPS) are being used as a measure to protect users against these attacks. This research is concerned with the NGIPS techniques that are implemented in the cloud computing environment and their evaluation. Objectives. In this study, the main objective is to investigate the existing techniques of the NGIPS that can be deployed in the cloud environment and to provide an empirical comparison of source mode and destination mode in Snort IPS technique based on the metrics used for evaluation of the IPS systems. Methods. In this study, a systematic literature review is used to identify the existing NGIPS techniques. The library databases used to search the literature are Inspec, IEEE Xplore, ACM Digital Library, Wiley, Scopus and Google scholar. The articles are selected based on an inclusion and exclusion criteria. The experiment is selected as a research method for the empirical comparison of Source mode and destination mode of Snort NGIPS found through literature review. The testbed is designed and implemented with the Snort filter techniques deployed in the virtual machine. Results. Snort is one of the mostly used NGIPS against DoS and DDoS attacks in the cloud environment. Some common metrics used for evaluating the NGIPS techniques are CPU load, Memory usage, bandwidth availability, throughput, true positive rate, false positive rate, true negative rate, false negative rate, and accuracy. From the experiment, it was found that Destination mode performs better than source mode in Snort. When compared with the CPU load, Bandwidth, Latency, Memory Utilization and rate of packet loss metrics. Conclusions. It was concluded that many NGIPS of the cloud computing model are related to each other and use similar techniques to prevent the DoS and DDoS attacks. The author also concludes that using of source based and destination based intrusion detection modes in Snort has some difference in the performance measures.
27
Afzal, Zeeshan. "Towards Secure Multipath TCP Communication." Licentiate thesis, Karlstads universitet, Institutionen för matematik och datavetenskap (from 2013), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-48172.
Анотація:
The evolution in networking coupled with an increasing demand to improve user experience has led to different proposals to extend the standard TCP. Multipath TCP (MPTCP) is one such extension that has the potential to overcome few inherent limitations in the standard TCP. While MPTCP's design and deployment progresses, most of the focus has been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as the standard TCP. The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in the traditional networking environment. The Internet of today has security middle-boxes that perform traffic analysis to detect intrusions and attacks. Such middle-boxes make use of different assumptions about the traffic, e.g., traffic from a single connection always arrives along the same path. This along with many other assumptions may not be true anymore with the advent of MPTCP as traffic can be fragmented and sent over multiple paths simultaneously. We investigate how practical it is to evade a security middle-box by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic is used to evaluate such attacks against Snort IDS to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend the MPTCP performance advantages to servers that only support standard TCP, while ensuring that intrusions can be detected as before. Finally, we investigate the potential MPTCP scenario where security middle-boxes only have access to some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a nearly 90% detection accuracy. Another contribution of this work is a tool, that converts IDS rules into equivalent attack traffic to automate the evaluation of a middle-box.Multipath TCP (MPTCP) is an extension to standard TCP that is close to being standardized. The design of the protocol is progressing, but most of the focus has so far been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as standard TCP. The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in a traditional networking environment. Today, the security middleboxes make use of different assumptions that may not be true anymore with the advent of MPTCP.We investigate how practical it is to evade a security middlebox by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic generated from a tool that is also presented in this thesis is used to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend secure MPTCP performance advantages. We also investigate the MPTCP scenario where security middleboxes can only observe some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a high detection accuracy.
HITS
28
Fernandez, Maria del Mar, and Ignacio Porres. "An Evaluation of current IDS." Thesis, Linköping University, Department of Electrical Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11635.
Анотація:
With the possibility of connecting several computers and networks the necessity of protecting the whole data and machines from attackers (hackers) that try to get some confident information to use for their own benefit or just destroy or modify valuable information was born. At this point IDS appears to help users, companies or institutions to detect when they are getting compromised. This thesis will cover two main parts: the first one consists of an intense research study about the world of IDS and its environment. Subsequently, we will conclude this part with some points where IDS still needs to be questioned and show up desirable requirements for “the perfect” intrusion detection system. This “perfect” adjective can of course be discussed variously. The second part of the thesis approaches the implementation of the most used open source IDS: Snort. Some basic attacks on the machine where Snort is installed will be performed in order to make the future user see what kind of protection it ensures and the usability of this. There is a brief discussion about two of the main challenges in IDS will follow: analyzing big amounts of packets and encrypted traffic. Finally there are conclusions for a safe computer environment as well as the suggestion that some skilled programmer should give Snort a more friendly interface for every kind of users and a built in programme package which includes webserver, database and other libraries that are needed to run it properly with all its features.
29
Tarim, Mehmet Cem. "A Faster Intrusion Detection Method For High-speed Computer Networks." Master's thesis, METU, 2011. http://etd.lib.metu.edu.tr/upload/12613246/index.pdf.
Анотація:
The malicious intrusions to computer systems result in the loss of money, time and hidden information which require deployment of intrusion detection systems. Existing intrusion detection methods analyze packet payload to search for certain strings and to match them with a rule database which takes a long time in large size packets. Because of buffer limits, packets may be dropped or the system may stop working due to high CPU load. In this thesis, we investigate signature based intrusion detection with signatures that only depend on the packet header information without payload inspection. To this end, we analyze the well-known DARPA 1998 dataset to manually extract such signatures and construct a new rule set to detect the intrusions. We implement our rule set in a popular intrusion detection software tool, Snort. Furthermore we enhance our rule set with the existing rules of Snort which do not depend on payload inspection. We test our rule set on DARPA data set as well as a new data set that we collect using attack generator tools. Our results show around 30% decrease in detection time with a tolerable decrease in the detection rate. We believe that our method can be used as a complementary component to speed up intrusion detection systems.
30
nagadevara, venkatesh. "Evaluation of Intrusion Detection Systems under Denial of Service Attack in virtual Environment." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-15796.
Анотація:
Context. The intrusion detection systems are being widely used for detecting the malicious traffic in many industries and they use a variety of technologies. Each IDs had different architecture and are deployed for detecting malicious activity. Intrusion detection system has a different set of rules which can defined based on requirement. Therefore, choosing intrusion detection system for and the appropriate environment is not an easy task. Objectives. The goal of this research is to evaluate three most used open source intrusion detection systems in terms of performance. And we give details about different types of attacks that can be detected using intrusion detection system. The tools that we select are Snort, Suricata, OSSEC. Methods. The experiment is conducted using TCP, SCAN, ICMP, FTP attack. Each experiment was run in different traffic rates under normal and malicious traffics all rule are active. All these tests are conducted in a virtual environment. Results. We can calculate the performance of IDS by using CPU usage, memory usage, packet loss and a number of alerts generated. These results are calculated for both normal and malicious traffic. Conclusions. We conclude that results vary in different IDS for different traffic rates. Specially snort showed better performance in alerts identification and OSSEC in the performance of IDS. These results indicated that alerts are low when the traffic rates high are which indicates this is due to the packet loss. Overall OSSEC provides better performance. And Snort provides better performance and accuracy for alert detection.
31
Atakan, Mustafa. "Improving Performance Of Network Intrusion Detection Systems Through Concurrent Mechanisms." Master's thesis, METU, 2004. http://etd.lib.metu.edu.tr/upload/1061399/index.pdf.
Анотація:
As the bandwidth of present networks gets larger than the past, the demand of Network Intrusion Detection Systems (NIDS) that function in real time becomes the major requirement for high-speed networks. If these systems are not fast enough to process all network traffic passing, some malicious security violations may take role using this drawback. In order to make that kind of applications schedulable, some concurrency mechanism is introduced to the general flowchart of their algorithm. The principal aim is to fully utilize each resource of the platform and overlap the independent parts of the applications. In the sense of this context, a generic multi-threaded infrastructure is designed and proposed. The concurrency metrics of the new system is analyzed and compared with the original ones.
32
Qaisi, Ahmed Abdulrheem Jerribi. "Network Forensics and Log Files Analysis : A Novel Approach to Building a Digital Evidence Bag and Its Own Processing Tool." Thesis, University of Canterbury. Computer Science and Software Engineering, 2011. http://hdl.handle.net/10092/5999.
Анотація:
Intrusion Detection Systems (IDS) tools are deployed within networks to monitor data that is transmitted to particular destinations such as MySQL,Oracle databases or log files. The data is normally dumped to these destinations without a forensic standard structure. When digital evidence is needed, forensic specialists are required to analyse a very large volume of data. Even though forensic tools can be utilised, most of this process has to be done manually, consuming time and resources. In this research, we aim to address this issue by combining several existing tools to archive the original IDS data into a new container (Digital Evidence Bag) that has a structure based upon standard forensic processes. The aim is to develop a method to improve the current IDS database function in a forensic manner. This database will be optimised for future, forensic, analysis.
Since evidence validity is always an issue, a secondary aim of this research is to develop a new monitoring scheme. This is to provide the necessary evidence to prove that an attacker had surveyed the network prior to the attack. To achieve this, we will set up a network that will be monitored by multiple IDSs. Open source tools will be used to carry input validation attacks into the network including SQL injection. We will design a new tool to obtain the original data in order to store it within the proposed DEB. This tool will collect the data from several databases of the different IDSs. We will assume that the IDS will not have been compromised.
33
Kusy, Filip. "Pokročilé metody zabezpečení sítě proti útokům." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2018. http://www.nusl.cz/ntk/nusl-376916.
Анотація:
This student work focuses on security against network attacks. It focus on network attacks and ways to prevent them. Subsequently, it deals with the Snort variant of the IPS/IDS system. It deal with the connection between Mikrotik and the Snort Linux server
34
Chapčák, David. "Behaviorální analýza síťového provozu a detekce útoků (D)DoS." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2017. http://www.nusl.cz/ntk/nusl-317014.
Анотація:
The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
35
Lejonqvist, Gisela, and Oskar Larsson. "Improving the precision of an Intrusion Detection System using Indicators of Compromise : - a proof of concept -." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-69997.
Анотація:
The goal of this research is to improve an IDS so that the percentage of true positives is high, an organisation can cut time and cost and use its resources in a more optimal way. This research goal was to prove that the precision of an intrusion detection system (IDS), in terms of producing lower rate of false positives or higher rate of true alerts, can be achieved by parsing indicators of compromise (IOC) to gather information, that combined with system-specific knowledge will be a solid base for manual fine-tuning of IDS-rules. The methodology used is Design Science Research Methodology (DSRM) because it is used for research that aims to answer an existing problem with a new or improved solution. A part of that solution is a proposed process for tuning of an arbitrary intrusion detection system. The implemented and formalized process Tuned Intrusion Detection System (TIDS) has been designed during this research work, aiding us in presenting and performing validation tests in a structured and robust way. The testbed consisted of a Windows 10 operating system and a NIDS implementation of Snort as an IDS. The work was experimental, evaluated and improved regarding IDS rules and tools over several iterations. With the use of recorded data traffic from the public dataset CTU-13, the difference between the use of tuned versus un-tuned rules in an IDS was presented in terms of precision of the alerts created by the IDS. Our contributions were that the concept holds; the precision can be improved by adding custom rules based on known parameters in the network and features of the network traffic and disabling rules that were out of scope. The second contribution is the TIDS process, as designed during the thesis work, serving us well during the process.
36
Aspernäs, Andreas, and Thommy Simonsson. "IDS on Raspberry Pi : A Performance Evaluation." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-43997.
Анотація:
This is a report on the possibility of using a Raspberry Pi as an intrusion detection system in a home environment to increase network security. The focus of this study was on how well two different generations of Raspberry Pi would be able to handle network traffic while acting as an intrusion detection system. To examine this a testing environment was set up containing two workstation computers connected to a Raspberry Pi, each computer hosting a virtual machine. Tests measuring the network throughput as well as the CPU and memory usage were performed on each of the Raspberry Pi devices. Two models of Raspberry Pis were used; Raspberry Pi model B+ and Raspberry Pi 2 model B; each of them running the operating system Arch Linux ARM. The results of these tests were that both of the Raspberry Pis could be used as an intrusion detection system but has some limitations that could impede usage depending on the requirements of the user. Raspberry Pi 2 model B show benefits of its updated hardware by suffering lower throughput degradation than Raspberry Pi model B+, while using less of it's total CPU and memory capacity.Den här rapporten behandlar möjligheten att använda en Raspberry Pi som ett intrångdetekteringssystem i en hemma miljö för att öka nätverkssäkerheten. Fokusen i den här studien ligger på hur väl de två senaste generationerna av Raspberry Pi skulle kunna hantera nätverkstrafik samtidigt som den undersöker nätverkstrafiken och söker efter hot. För att kontrollera hur väl en Raspberry Pi kan fungera som ett intrångdetekteringssystem har en laborationsmiljö upprättats bestående av två fysiska maskiner som vardera används för att virtualisera en virtuell maskin. Tester för att mäta datagenomströmning, processor och minnesbelastning utfördes på var och en av Raspberry Pi. Två modeller av Raspberry Pi användes; Raspberry Pi model b+ och Raspberry Pi 2 model b, både körde operativsystemet Arch Linux ARM. Resultatet av testerna visade att det går att använda båda enheterna för att upprätta ett intrångdetekteringssystem, men det finns vissa begränsningar i enheterna vilket kan begränsa implementationsmöjligheterna. Raspberry Pi 2 model B uppvisade bättre resultat i form av att den är lägre belastad och har en högre datagenomströmning till skillnad från Raspberry Pi model B+. Raspberry Pi 2 model B har nyare och snabbare hårdvara vilket är den troliga orsaken till att den presterar bättre.
37
Dvořák, Milan. "Měření spolehlivosti vyhledávání vzorů." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2012. http://www.nusl.cz/ntk/nusl-236542.
Анотація:
This thesis deals with the pattern matching methods based on finite automata and describes their optimizations. It presents a methodology for the measurement of reliability of pattern matching methods, by comparing their results to the results of the PCRE library. Experiments were conducted for a finite automaton with perfect hashing and faulty transition table. Finally, the resulting reliability evaluation of the algorithm is shown and possible solutions of the identified problems are proposed.
38
Kachirski, Oleg. "AN INTERACTIVE DISTRIBUTED SIMULATION FRAMEWORK WITH APPLICATION TO WIRELESS NETWORKS AND INTRUSION DETECTION." Doctoral diss., University of Central Florida, 2005. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/2531.
Анотація:
In this dissertation, we describe the portable, open-source distributed simulation framework (WINDS) targeting simulations of wireless network infrastructures that we have developed. We present the simulation framework which uses modular architecture and apply the framework to studies of mobility pattern effects, routing and intrusion detection mechanisms in simulations of large-scale wireless ad hoc, infrastructure, and totally mobile networks. The distributed simulations within the framework execute seamlessly and transparently to the user on a symmetric multiprocessor cluster computer or a network of computers with no modifications to the code or user objects. A visual graphical interface precisely depicts simulation object states and interactions throughout the simulation execution, giving the user full control over the simulation in real time. The network configuration is detected by the framework, and communication latency is taken into consideration when dynamically adjusting the simulation clock, allowing the simulation to run on a heterogeneous computing system. The simulation framework is easily extensible to multi-cluster systems and computing grids. An entire simulation system can be constructed in a short time, utilizing user-created and supplied simulation components, including mobile nodes, base stations, routing algorithms, traffic patterns and other objects. These objects are automatically compiled and loaded by the simulation system, and are available for dynamic simulation injection at runtime. Using our distributed simulation framework, we have studied modern intrusion detection systems (IDS) and assessed applicability of existing intrusion detection techniques to wireless networks. We have developed a mobile agent-based IDS targeting mobile wireless networks, and introduced load-balancing optimizations aimed at limited-resource systems to improve intrusion detection performance. Packet-based monitoring agents of our IDS employ a CASE-based reasoner engine that performs fast lookups of network packets in the existing SNORT-based intrusion rule-set. Experiments were performed using the intrusion data from MIT Lincoln Laboratories studies, and executed on a cluster computer utilizing our distributed simulation system.Ph.D.
School of Computer Science
Engineering and Computer Science
Computer Science
39
Bontupalli, Venkataramesh. "Intrusion Detection and High-Speed Packet Classification Using Memristor Crossbars." University of Dayton / OhioLINK, 2015. http://rave.ohiolink.edu/etdc/view?acc_num=dayton1449623641.
40
Duarte, Eduardo Rolo. ""Tratamento da síndrome da apnéia e hipopnéia obstrutiva do sono e do ronco com placa reposicionadora da mandíbula: avaliação dos efeitos por meio de polissonografia e do exame físico da musculatura de pacientes sem disfunção craniomandibular"." Universidade de São Paulo, 2006. http://www.teses.usp.br/teses/disponiveis/23/23137/tde-01092006-121757/.
Анотація:
Entre os distúrbios do sono relatados pela Academia Americana do Sono, o mais comum é a Síndrome da Apnéia e Hipopnéia Obstrutiva do Sono (SAHOS) que ocorre em razão da dificuldade da passagem ou interrupção total do fluxo do ar nas vias aéreas, provocando freqüentes despertares durante o sono, levando à sonolência diurna excessiva e interfere na saúde e na qualidade de vida dos indivíduos. A apnéia obstrutiva do sono gera conseqüências como: o ronco crônico, hipertensão sistêmica, sonolência excessiva, diminuição da libido, fadiga, depressão, aumento do risco para acidentes de trabalho e automobilísticos. Uma placa oral de avanço mandibular foi objeto deste estudo por propiciar um tratamento não invasivo, simples e bem aceito pelos pacientes. Nesta pesquisa foram avaliados 15 pacientes com apnéia do sono sem disfunções craniomandibulares (DCM), que apresentaram sonolência excessiva ou ronco. Os dados foram levantados mediante: polissonografia, antes e após instalação da placa oral; análise dos sinais e sintomas de DCM, por meio de questionário anamnético e pela palpação muscular e da ATM, e radiografias de teleperfil para verificar possíveis modificações na morfologia das vias aéreas superiores. A média do índice de apnéia e hipopnéia (IAH) antes do tratamento foi de 18,3 e, depois, de 4,1 (redução altamente significativa, p=0,001). Ocorreu um aumento significativo na menor saturação da oxihemoglobina (p=0,05), com diminuição significativa na sua dessaturação (p=0,05). Também ocorreu uma diminuição significativa nos microdespertares do sono (p=0,05). Para 14 pacientes com IAH<30, a taxa de redução no IAH foi de 75,9% e para 15 pacientes, incluindo um com IAH severo, a taxa de redução do IAH foi de 77,6%. Verificou-se também que o IAH reduziu abaixo de 10 em 13 pacientes (86,7%) e diminuiu acima de 50% em 14 pacientes (93,3%). Ocorreu melhora altamente significativa na sonolência diurna (p=0,005) em 87% dos pacientes. O tratamento provocou alterações dimensionais nas vias aéreas superiores e não foi observado desenvolvimento de DCM durante o período de acompanhamento. A placa desenvolvida neste estudo foi considerada efetiva para tratamento da SAHOS de graus leve a moderado.Sleep-disorder breathing including obstructive sleep apnea hypopnea syndrome (OSAHS) and snoring is common and is believed to increase risk for morbidity and mortality. This disease occurs when abnormal breathing patterns like cessation of airflow disrupt sleep. Important clinical consequences of sleep apnea are cronic snoring, systemic hypertension, excessive sleepiness, depression and fatigue, sexual impairment and risk increased motor vehicle crashes and work-related accidents. Mandibulars repositioning appliances have been recommended for treatment of this disease because it is a non invasive treatment and well accepted by the patients. This study included 15 patients without temporomandibular disorders (TMD) and with excessive daytime sleepness or snoring. To get the datas the patients did two polysomnography and two cepholometrics radiographs, before and after treatment to examine upper airway dimensions and to access changes on TMD signs and symptons they answered anamnetic questionary for TMD and temporomandibular joints and muscles physical palpation were achieved. The IAH was reduced by the appliance intervention from 18,3 to 4,1 (p=0,001), and was reduced to below 10 in 13 patients (86,7%) and up to 50% in 14 patients (93,3%). The minor oxihemoglobin saturation increased significantly (p=0,05) and decreased on their dessaturation (p=0,05).The patients arouses decreased significantly(p=0,05). The IAH decreased rate was 75,9% in fourteen patients with IAH<30 and for fifteen patients with one severe IAH, the rate was 77,6%.The excessive daytime sleepiness improved significantly (p=0,005) in 87% patients.The treatment increased upper airway dimension and had no severe effect on the masticatory system and temporomandibular joints. In conclusion, this appliance showed to be effective for middle and moderate obstructive sleep apnea.
41
Vinolo, Marco Aurelio Ramirez. "Efeito dos ácidos graxos de cadeia curta sobre neutrófilos." Universidade de São Paulo, 2010. http://www.teses.usp.br/teses/disponiveis/42/42137/tde-10012011-152253/.
Анотація:
Neste estudo avaliamos o efeito dos AGCC (acetato, propionato e butirato) sobre o recrutamento de neutrófilos e parâmetros funcionais (espécies reativas de oxigênio [ERO], citocinas e óxido nítrico, fagocitose e destruição de C. albicans). Investigamos ainda a ativação do NFkB, efeito sobre histonas desacetilases (HDAC) e GPR43. Acetato e butirato alteraram a produção de ERO; o primeiro aumentou a produção de peróxido de hidrogênio, enquanto o butirato inibiu a produção estimulada por PMA. O butirato reduziu a fagocitose e killing de leveduras. Propionato e butirato reduziram a produção de TNF-α, CINC-2αb e óxido nítrico e aumentaram a síntese de IL-1β por neutrófilos estimulados com LPS. Esses efeitos decorreram de ação a nível transcricional e devem envolver inibição da atividade de HDAC e da ativação do NFkB. Os AGCC aumentaram a migração de neutrófilos in vitro e in vivo. Esses efeitos decorreram de aumento da produção de CINC-2αb pelo tecido e da ação direta dos AGCC via GPR43. Os AGCC apresentam ações pró- e antiinflamatórias dependendo do parâmetro analisado.We evaluated the effect of SCFA (acetate, propionate and butyrate) on the recruitment of neutrophils and functional parameters (reactive oxygen species [ROS], cytokines and nitric oxide production, phagocytosis and destruction of C. albicans). We also investigated the activation of NFkB, effect on histone deacetylases (HDAC) and GPR43. Acetate and butyrate altered the production of ROS, the former increased the production of hydrogen peroxide, whereas butyrate inhibited the production stimulated by PMA. Butyrate reduced the phagocytosis and killing of yeast. Propionate and butyrate reduced the production of TNF-α, CINC-2αb and nitric oxide and increased the synthesis of IL-1β by LPS-stimulated neutrophils. These effects involve modification at the transcriptional level and inhibition of HDAC and NFkB activation. SCFA increased neutrophil migration in vitro and in vivo, an effect that may be the result of increased production of CINC-2αb and direct action of GPR43. SCFA present pro- and anti-inflammatory actions depending on the parameter analyzed.
42
Orsák, David. "Zabezpečení Open source PBX proti útokům." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2012. http://www.nusl.cz/ntk/nusl-219480.
Анотація:
This master's thesis deals with open source PBX security against security attacks. In the theoretical part is detailed description of problematic about attacks that could be used on VoIP systems with high focus on the Denial of Service attack. Furthermore are in theoretical part described methods of security of initialization protocol SIP. Individual chapter is devoted to intrusion detection and prevention of IDS and IPS systems, focusing on Snort and OSSEC. In the practical part of the work was created generator of attacks against various PBX systems, which was subsequently used for detailed testing. Special tests of PBX system are then used against DoS attacks, for which was created protection in form of active elements consisting of IDS Snort & OSSEC. These are capable to provide protection in real-time. The protection was tested on particular PBX systems and in matter of comparison were measured possibilities before and after of security implementation. The output of this work is attacks generator VoIPtester and creation of configuration rules for Snort and OSSEC.
43
Junior, Walter Ribeiro Nunes. "Evolução das dimensões da faringe, crescimento craniofacial e sintomas respiratórios em crianças que roncam por aumento das tonsilas faríngea e palatinas tratadas com aparelho ortodôntico Biojusta X." Universidade de São Paulo, 2013. http://www.teses.usp.br/teses/disponiveis/5/5143/tde-27032013-101213/.
Анотація:
Introdução- Obstrução das vias aeríferas superiores associadas a mudanças nos padrões de sono, estão diretamente relacionados a problemas de crescimento e aprendizagem, o que interfere com a qualidade de vida das crianças com este quadro. Métodos de expansão maxilar já mostraram efeito favorável sobre a função respiratória. Aparelhos removíveis intra-orais têm sido usados no tratamento do ronco e apneia do sono, buscando reequilibrar a postura da mandíbula e da língua para melhorar a função respiratória. O objetivo deste trabalho é avaliar as dimensões da faringe, o crescimento craniofacial e os sintomas respiratórios obstrutivos em crianças com ronco e aumento das tonsilas faríngeas e palatinas em tratamento com um aparelho ortodôntico e ortopédico bucal. Métodos- Quarenta crianças de 6 a 9 anos de idade com tonsilas faríngeas e palatinas graus 3 e 4 e apresentando maxila atrésica e sobressaliência anterior foram divididos em dois grupos aleatórios: 24 pacientes tratados com o aparelho oral e 16 controles não tratados. As dimensões da faringe foram medidas por faringometria acústica. Cefalometria avaliou o crescimento facial, incluindo os valores relacionados com a apnéia do sono. Os pais preencheram questionários sobre os sintomas respiratórios da criança. Os pacientes foram reavaliados após 6 meses, em ambos os grupos. Resultados: A faringometria acústica confirmou um aumento volumétrico de 3,1 cm3 (d.p. ± 2,5) na faringe, no grupo de estudo e uma redução volumétrica de -1,2 cm3 (d.p. ± 1,3) no não tratado (p <0,001). A área mínima de colapsibilidade no grupo de estudo apresentou incremento de 1,1 cm2 (dp ± 0,2) para 1,3 cm2 (d.p. ± 0,2) e uma redução no grupo controle de 1,5 cm2 (dp ± 0,3) para 1,3 cm2 (d.p. ± 0,3) estatisticamente significante (p <0,001). A cefalometria comprovou crescimento craniofacial mais favorável no grupo de estudo, em comparação aos controles, incluindo os valores relacionados a apnéia do sono, como ANB, MMPA e H-ML (p <0,001) . O questionário de sintomas confirmou uma melhoria no padrão de respiração e sono no grupo tratado. Conclusão- As crianças que foram submetidos a esse protocolo de tratamento apresentaram aumento de dimensões da faringe, direção de crescimento mais favorável, e uma melhora na respiração e qualidade do sonoIntroduction- Airway obstruction due to associated changes in sleep patterns are directly related to problems of growth and learning, which interfer with the quality of life for these children. Maxillary expansion methods have shown favorable effect on respiratory function. Intra-oral removable appliances have been used in the treatment of snoring and sleep apnea, seeking to rebalance the posture of the jaw and tongue to improve breathing function. The purpose of this thesis is evaluate the facial growth, pharyngeal dimensions and respiratory symptoms in snoring children with enlarged tonsils and adenoids under treatment with an orthodontic and orthopedic oral appliance. Methods- Forty snoring children ages 6 to 9 years old with tonsil and adenoid enlargement grades 3 and 4 and presenting constricted maxilla were divided into two randomized groups: 24 patients treated with the oral appliance and 16 untreated controls. Pharyngeal size was measured by acoustic pharyngometry. Cephalometry evaluated the facial growth including values related to sleep apnea. Pharyngeal size was measured by acoustic pharyngometry. Parents filled out questionnaires about their child\'s respiratory symptoms. Patients were re-evaluated after 6 months, in both groups Results- Acoustic pharyngometry confirmed a volumetric gain of 3.1 cm3 (s.d. ±2.5) in the pharynx at the study group and a volumetric reduction of -1.2 cm3 (s.d. ±1.3) at the untreated (p<0.001). The minimum area on collapsibility at the study group showed an increment from1.1 cm2 (s.d.±0.2) to 1.3 cm2 (s.d.±0.2) and a reduction on the control group from 1.5 cm2 (s.d.±0.3) to 1.3 cm2 (s.d.±0.3) statistically significant (p<0.001). Cephalometry showed a more favorable facial growth on the study group compared to controls, including values related to sleep apnea prediction such as ANB, MMPA and H-ML (p<0.001). The symptoms questionnaire confirmed an improvement on the breathing pattern at the group treated. Conclusions- Children who underwent this treatment protocol presented more favorable growth direction, enlargement of pharyngeal dimensions, and an improvement in breathing and sleep
44
Fahlström, Albin, and Victor Henriksson. "Intrångsdetektering i processnätverk." Thesis, Mälardalens högskola, Akademin för innovation, design och teknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-39881.
Анотація:
The threat against industrial networks have increased, which raises the demands on the industries cybersecurity. The industrial networks are not constructed with cybersecurity in mind, which makes these systems vulnerable to attacks. Even if the networks outer protection is deemed sufficient, the system may still be infected. This risk demands an intrusion detection system (IDS) that can identify infected components. An IDS scans all traffic of a point in the network and looks for traffic matching its detections parameters, if a match is made the IDS will send an alarm to the administrators. It can also analyze the network traffic using a behavior based method which means that the IDS will alert administrators if network activity deviates from the normal traffic flow. It is of vital essence that the IDS do not impair with the system, an outage of the industrial process can have a high cost for the industry. This report aims to put forward plans for the implementation of an IDS in one of Mälarenergi AB’s industrial networks, this will be made using the Bro and Snort intrusion detection systems.Hoten mot industrinätverken har blivit större vilket har ställt högre krav på industriernas cybersäkerhet. Industrinätverk är ofta inte konstruerade med cybersäkerhet i åtanke, vilket har gjort dessa system sårbara mot attacker. Även om nätverkets yttre skydd anses gott går det inte att vara säker på att ett industrinätverk förblir osmittat. Detta ställer krav på någon form av intrångsdetekteringssystem (IDS) som kan upptäcka infekterad utrustning och suspekt datatrafik i nätverket. En IDS skannar alla paket vid en viss punkt i nätverket, om IDS:en upptäcker något paket som matchar med dess signatur kommer den att larma en administratör. IDS:en kan även använda beteendeanalys där den larmar om nätverksaktiviteten avviker från det normala. Det är mycket viktigt att en IDS inte orsakar avbrott i industriprocessen, om en process stannar kan det innebära stora kostnader för industrin. Denna rapport syftar till att lämna ett lösningsförslag på en IDS-implementation till ett av Mälarenergi AB: s processnätverk, lösningen konstruerades med hjälp av IDS:erna Bro och Snort.
Vissa bilder i den elektroniska rapporten har tagits bort av upphovrättsliga skäl. Författarna har bedömt att rapporten är förståelig även utan dessa bilder.
45
Fernandes, Henrique Santos. "Provendo segurança em redes definidas por software através da integração com sistemas de detecção e prevenção de intrusão." Niterói, 2017. https://app.uff.br/riuff/handle/1/3939.
Анотація:
Submitted by Patrícia Cerveira (pcerveira1@gmail.com) on 2017-06-07T20:29:49Z
No. of bitstreams: 1
Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5)Approved for entry into archive by Biblioteca da Escola de Engenharia (bee@ndc.uff.br) on 2017-07-03T14:05:51Z (GMT) No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5)
Made available in DSpace on 2017-07-03T14:05:51Z (GMT). No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5)
Os Sistemas de Detecção e Prevenção de Intrusão são fundamentais para a segurança da rede de computadores, inspecionar o tráfego da rede em tempo real em busca de intrusos para garantir uma rede confiável é um dos seus papéis. Porém a falta de integração com os ativos da rede é um dos principais fatores que limitam sua atuação. O conceito de Redes Definidas por Software visa diminuir a falta de integração entre os ativos de rede devido a separação do plano de dados do plano de controle. Diante da limitação da integração entre os ativos de redes e os Sistemas de Detecção e Prevenção de Intrusão, o presente estudo propõe, desenvolve e demonstra o IDSFlow, um modelo de integração de sistemas de detecção de intrusão em redes definidas por software. Para validar o IDSFlow, foram realizados testes utilizando o Openflow, o Mininet, CPqD e o Snort. Os resultados obtidos pelos algorítimos desenvolvidos e apresentados mostram a capacidade de integração proposta, é possível verificar a viabilidade de utilizar as regras já existentes e funcionais para o Snort assim como utilizar o histórico de utilização da rede para aumentar a efetividade da detecção e dos bloqueios de intrusos.
Intrusion Detection and Prevention Systems are fundamental to the network security, to inspect the traffic in real time seeking intruders to ensure a reliable network is one of it’s roles. However the lack of integration between the network equipments, is one of the biggest factors to limit its operations. The concept of Software Defined Networks aims to reduce the lack of integration among network assets due to the separation of the data plan from the control plan. Given the limitation of integration between networks assets and Intrusion Detection and Prevention Systems, the present study proposes, develops and demonstrates IDSFlow, an integration model of intrusion detection systems in softwaredefined networks. To validate IDSFlow, tests were run using Openflow, Mininet, CPqD and Snort. The results obtained by the algorithms developed and presented show the proposed integration capacity, it is possible to verify the feasibility of using the existing and functional rules for Snort as well as to use the network usage history to increase the effectiveness of intrusion detection and block.
46
Akrout, Rim. "Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web." Phd thesis, INSA de Toulouse, 2012. http://tel.archives-ouvertes.fr/tel-00782565.
Анотація:
Avec le développement croissant d'Internet, les applications Web sont devenues de plus en plus vulnérables et exposées à des attaques malveillantes pouvant porter atteinte à des propriétés essentielles telles que la confidentialité, l'intégrité ou la disponibilité des systèmes d'information. Pour faire face à ces malveillances, il est nécessaire de développer des mécanismes de protection et de test (pare feu, système de détection d'intrusion, scanner Web, etc.) qui soient efficaces. La question qui se pose est comment évaluer l'efficacité de tels mécanismes et quels moyens peut-on mettre en oeuvre pour analyser leur capacité à détecter correctement des attaques contre les applications web. Dans cette thèse nous proposons une nouvelle méthode, basée sur des techniques de clustering de pages Web, qui permet d'identifier les vulnérabilités à partir de l'analyse selon une approche boîte noire de l'application cible. Chaque vulnérabilité identifiée est réellement exploitée ce qui permet de s'assurer que la vulnérabilité identifiée ne correspond pas à un faux positif. L'approche proposée permet également de mettre en évidence différents scénarios d'attaque potentiels incluant l'exploitation de plusieurs vulnérabilités successives en tenant compte explicitement des dépendances entre les vulnérabilités. Nous nous sommes intéressés plus particulièrement aux vulnérabilités de type injection de code, par exemple les injections SQL. Cette méthode s'est concrétisée par la mise en oeuvre d'un nouveau scanner de vulnérabilités et a été validée expérimentalement sur plusieurs exemples d'applications vulnérables. Nous avons aussi développé une plateforme expérimentale intégrant le nouveau scanner de vulnérabilités, qui est destinée à évaluer l'efficacité de systèmes de détection d'intrusions pour des applicationsWeb dans un contexte qui soit représentatif des menaces auxquelles ces applications seront confrontées en opération. Cette plateforme intègre plusieurs outils qui ont été conçus pour automatiser le plus possible les campagnes d'évaluation. Cette plateforme a été utilisée en particulier pour évaluer deux techniques de détection d'intrusions développées par nos partenaires dans le cadre d'un projet de coopération financé par l'ANR, le projet DALI.
47
Lo, Jih-Hong, and 羅日宏. "Porting Snort on Android." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/35268324844192055165.
Анотація:
碩士國立交通大學
資訊科學與工程研究所
98
When the cell phone becomes more and more sophisticated, and the wireless network has been integrated with the cell phone network, how do we ensure that the cell phone has the security features? In Android, an open source embedded system developed by Google, although by its Linux-based design, there are not that many attacks exist, but sooner or later, the virus, the Trojan horse, or even worms will be developed for the Android platform. Back to the basic point of view, how can we ensure the security when we are surfing on the internet? The most trivial and important way to ensure the security is to scan the packets that flow in our cell phone. We present Snort, a popular intrusion detection system, on Android platform and with its powerful ability, we can detect that if there are malicious contents in the packet flow.
48
Tsai, Tzung-Shiun, and 蔡宗勳. "Snort IDS Assisting Information System." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/72055549668007274834.
Анотація:
碩士國立高雄第一科技大學
電子工程研究所
101
The Internet is booming nowadays, people’s life has been integrated with it. However, it is also bring many potential crises while convenient. Because the most common information security hazards is illegal intrusion, personal and business all must pay enough attention to this information security issues. For this program of information security, most people choose to build a set of intrusion detection system as a protection, but most of the intrusion detection systems are building on the run in the Linux environment. It’s difficult to use for most people. This research will build a set of intrusion detection system running in the Windows environment based on Snort, and explore how to write Snort rules. Same time, the user interface system (Snort IDS Assisting Information System, SIAI system) is development with php language and MySQL database. This system will statistical analysis detected event data. It combined with Google’s instant messaging service (Google Cloud Messaging, GCM) for an immediate notification function of warning events. By using SIAI system can grasp every warning event information and statistical analysis, and be able to build a personal rule set. The instant alert event message notification will be able to minimize the damage, and managers will decide the management policy in future by the above information.
49
Ku, Chih-chen, and 古智辰. "Snort Accelerator by Parallel Exact Matching." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/20590161745017383677.
Анотація:
碩士國立中正大學
電機工程所
97
With the development of network that has reached a level where the speed performance of the network exceeds the CPU, there are many kinds of internet misuses (i.e. attack, data stealing, etc) adversely impacts to every user, which is becoming paramount. Albeit the software designers Continuously develop some efforts on the security level (i.e. encryption) ,but however ,the complexity of the security needed stringently limits its speed performance to cope with the extent of data received from the network. In this thesis , we propose a set of classification rules and a parallel comparison method , to design a novel fast comparative architecture , but the core of the system design is still focusing on the Snort based software , therefore, the design is lying, between accelerator and system design . The hardware proposed can run up to 435MHz, to deal with the needs of high speed, high accuracy, and easily to update feature .
50
Liao, Kuo-Chun, and 廖國鈞. "Application of Active Noise Control for Reducing Snore." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/53823132424506467547.
Анотація:
碩士中原大學
電機工程研究所
99
This thesis discusses the cancellation of a low frequency snore signal by using ANC based method in a DSP. Generally speaking, snoring is a high up problem in nowadays. The volume of severe snoring can reach up to 90 dB, which not only cause hearing loss but also disturb the sleep of bed partner. It also linked to extremely sleepiness in daytime of snorer and his bed partner, leading to the loss of productivity in the work, safety of driving and occupation. Most solutions to this problem use passive earmuffs or earplug for the bed partner. But these facilities are uncomfortable to be wear when sleep. Another method like anti-snore pillow or tooth socket for the snorer is uncomfortable, either. A period of snore can be divided into two components, inspiration and expiration. The frequency of snore is also in low frequency, between 100 to 300 Hz. Accordingly based on the theory of superposition, the ANC system is a better way to reduce the snore noise by generating an artificial anti-snore signal This thesis uses the popular filtered-X least mean square (FXLMS) method in ANC to derive the proper signal to cancel the undesired snore noise. By using a DSP chip, this method can be realized through the estimation of secondary path, from the location of secondary speaker to the error microphone, and then tune the weights of the FIR filter to generate the anti-snore noise. This artificial noise has the same magnitude and 180 degrees phase shift of the annoying snore. Therefore, the anti-snore noises can interference the snore signal, producing a silent zone at the ears of bed partner.