Current Search: Computer security (x)
View All Items
Pages
- Title
- Properties of Static and Mobile Unreliable Networks and their effects on Combating Malicious Objects.
- Creator
- Ruocco, John, Wu, Jie, Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Wireless sensor networks or WSNs continually become more common in todays world. They are able to give us a constant view into the world as they gather information and make this information more readily available. The infonnation these networks gather and contain is valuable and protecting it is of great importance. Today more and more devices are becoming wireless and mobile. This is allowing for very diverse networks to be created and they are constantly changing. Nodes in these networks...
Show moreWireless sensor networks or WSNs continually become more common in todays world. They are able to give us a constant view into the world as they gather information and make this information more readily available. The infonnation these networks gather and contain is valuable and protecting it is of great importance. Today more and more devices are becoming wireless and mobile. This is allowing for very diverse networks to be created and they are constantly changing. Nodes in these networks are either moving to different positions or going offi ine which constantly changes the overall layout of the network. With this increasing connectivity of today's devices this opens the door for possibility for these types of networks to become targets by malicious objects designed to bring harm to the network. Many unre liable networks already face many problems such as having to optimize battety life and being deployed in areas where they can be damaged. A malicious object in this type of network has the power to destroy data and deplete the networks limited resources such as bandwidth and power. Removal of these malicious objects can also have a negative effect on these limited resources. We must find a way to remove these malicious objects in a way that minimizes loss to the network. In this paper we will look at the information survival threshold of these types of networks. Certain controllable parameters exist that directly impact the survival rate of all data in the network. We will combine this with the addition our own self-replicating objects to the network designed to neutralize their malicious counterparts. We will examine these information survival threshold parameters along with specific parameters available to the network. We shall see how these parameters affect overall survival of data in the network and their impact on our own good data.
Show less - Date Issued
- 2008
- PURL
- http://purl.flvc.org/fau/fd/FA00012545
- Subject Headings
- Wireless communication systems--Security measures, Computer network protocols, Computer security, Computer networks--Security measures
- Format
- Document (PDF)
- Title
- Design and analysis of key establishment protocols.
- Creator
- Neupane, Kashi., Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
Consider a scenario where a server S shares a symmetric key kU with each user U. Building on a 2-party solution of Bohli et al., we describe an authenticated 3-party key establishment which remains secure if a computational Bilinear Diffie Hellman problem is hard or the server is uncorrupted. If the BDH assumption holds during a protocol execution, but is invalidated later, entity authentication and integrity of the protocol are still guaranteed. Key establishment protocols based on hardness...
Show moreConsider a scenario where a server S shares a symmetric key kU with each user U. Building on a 2-party solution of Bohli et al., we describe an authenticated 3-party key establishment which remains secure if a computational Bilinear Diffie Hellman problem is hard or the server is uncorrupted. If the BDH assumption holds during a protocol execution, but is invalidated later, entity authentication and integrity of the protocol are still guaranteed. Key establishment protocols based on hardness assumptions, such as discrete logarithm problem (DLP) and integer factorization problem (IFP) are vulnerable to quantum computer attacks, whereas the protocols based on other hardness assumptions, such as conjugacy search problem and decomposition search problem can resist such attacks. The existing protocols based on the hardness assumptions which can resist quantum computer attacks are only passively secure. Compilers are used to convert a passively secure protocol to an actively secure protoc ol. Compilers involve some tools such as, signature scheme and a collision-resistant hash function. If there are only passively secure protocols but not a signature scheme based on same assumption then the application of existing compilers requires the use of such tools based on different assumptions. But the introduction of new tools, based on different assumptions, makes the new actively secure protocol rely on more than one hardness assumptions. We offer an approach to derive an actively secure two-party protocol from a passively secure two-party protocol without introducing further hardness assumptions. This serves as a useful formal tool to transform any basic algebric method of public key cryptography to the real world applicaticable cryptographic scheme. In a recent preprint, Vivek et al. propose a compiler to transform a passively secure 3-party key establishment to a passively secure group key establishment. To achieve active security, they apply this compiler to Joux's, protoc ol and apply a construction by Katz and Yung, resulting in a 3-round group key establishment. In this reserach, we show how Joux's protocol can be extended to an actively secure group key establishment with two rounds. The resulting solution is in the standard model, builds on a bilinear Diffie-Hellman assumption and offers forward security as well as strong entity authentication. If strong entity authentication is not required, then one half of the participants does not have to send any message in the second round, which may be of interest for scenarios where communication efficiency is a main concern.
Show less - Date Issued
- 2012
- PURL
- http://purl.flvc.org/FAU/3342239
- Subject Headings
- Computer networks, Security measures, Computer network protocols, Data encryption (Computer science), Public key infrastructure (Computer security)
- Format
- Document (PDF)
- Title
- Permutation-based transformations for digital multimedia encryption and steganography.
- Creator
- Socek, Daniel, Florida Atlantic University, Furht, Borko, Magliveras, Spyros S., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The aim of this work is to explore the utilization of permutation-based transformations to achieve compression, encryption and steganography in the domain of digital videos. The main contribution of this dissertation is a novel type of digital video encryption that has several advantages over other currently available digital video encryption methods. An extended classification of digital video encryption algorithms is presented in order to clarify these advantages. The classification itself...
Show moreThe aim of this work is to explore the utilization of permutation-based transformations to achieve compression, encryption and steganography in the domain of digital videos. The main contribution of this dissertation is a novel type of digital video encryption that has several advantages over other currently available digital video encryption methods. An extended classification of digital video encryption algorithms is presented in order to clarify these advantages. The classification itself represents an original work, since to date, no such comprehensive classification is provided in known scientific literature. Both security and performance aspects of the proposed method are thoroughly analyzed to provide evidence for high security and performance efficiency. Since the basic model is feasible only for a certain class of video sequences and video codecs, several extensions providing broader applicability are described along with the basic algorithm. An additional significant contribution is the proposition of a novel type of digital video steganography based on disguising a given video by another video. Experimental results are generated for a number of video sequences to demonstrate the performance of proposed methods.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/12225
- Subject Headings
- Image processing--Security measures, Data encryption (Computer science), Computer security, Multimedia systems--Security measures
- Format
- Document (PDF)
- Title
- Power based wide collision attacks on AES.
- Creator
- Ye, Xin, Eisenbarth, Thomas, Graduate College
- Date Issued
- 2011-04-08
- PURL
- http://purl.flvc.org/fcla/dt/3164806
- Subject Headings
- Computer networks, Data encryption (Computer science), Computer security
- Format
- Document (PDF)
- Title
- Comparison of embedded security versus separated security in an application.
- Creator
- Oviedo, Carlos., Florida Atlantic University, VanHilst, Michael
- Abstract/Description
-
This work discusses and compares two different approaches that design and implement a requirement for security in an application. The construction process followed for the security features determines how easily further changes can be accommodated, after the application has been built. How the problem is decomposed into modules, and when, determines if a solution or parts from the solution will be reusable without modification in the same application after changes have been made to address a...
Show moreThis work discusses and compares two different approaches that design and implement a requirement for security in an application. The construction process followed for the security features determines how easily further changes can be accommodated, after the application has been built. How the problem is decomposed into modules, and when, determines if a solution or parts from the solution will be reusable without modification in the same application after changes have been made to address a new or altered requirement. Two construction perspectives are analyzed. In the first perspective, security features are embedded within the application design. In the second approach, the security design is separated from the rest of the application. For this latter implementation, an aspect oriented approach is used. The analysis performed shows that how the problem is decomposed leads to different designs, which present different levels of challenge for the application's future evolution. If a more adaptable solution can be designed and implemented, then the application will be more flexible to accommodate new changes and, as a consequence, be more reusable.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13324
- Subject Headings
- Data encryption (Computer science), Computer security, Embedded computer systems
- Format
- Document (PDF)
- Title
- NETWORK FEATURE ENGINEERING AND DATA SCIENCE ANALYTICS FOR CYBER THREAT INTELLIGENCE.
- Creator
- Wheelus, Charles, Zhu, Xingquan, Florida Atlantic University, Department of Computer and Electrical Engineering and Computer Science, College of Engineering and Computer Science
- Abstract/Description
-
While it is evident that network services continue to play an ever-increasing role in our daily lives, it is less evident that our information infrastructure requires a concerted, well-conceived, and fastidiously executed strategy to remain viable. Government agencies, Non-Governmental Organizations (\NGOs"), and private organizations are all targets for malicious online activity. Security has deservedly become a serious focus for organizations that seek to assume a more proactive posture; in...
Show moreWhile it is evident that network services continue to play an ever-increasing role in our daily lives, it is less evident that our information infrastructure requires a concerted, well-conceived, and fastidiously executed strategy to remain viable. Government agencies, Non-Governmental Organizations (\NGOs"), and private organizations are all targets for malicious online activity. Security has deservedly become a serious focus for organizations that seek to assume a more proactive posture; in order to deal with the many facets of securing their infrastructure. At the same time, the discipline of data science has rapidly grown into a prominent role, as once purely theoretical machine learning algorithms have become practical for implementation. This is especially noteworthy, as principles that now fall neatly into the field of data science has been contemplated for quite some time, and as much as over two hundred years ago. Visionaries like Thomas Bayes [18], Andrey Andreyevich Markov [65], Frank Rosenblatt [88], and so many others made incredible contributions to the field long before the impact of Moore's law [92] would make such theoretical work commonplace for practical use; giving rise to what has come to be known as "Data Science".
Show less - Date Issued
- 2020
- PURL
- http://purl.flvc.org/fau/fd/FA00013620
- Subject Headings
- Cyber security, Computer security, Information infrastructure, Predictive analytics
- Format
- Document (PDF)
- Title
- Data mining heuristic-¬based malware detection for android applications.
- Creator
- Peiravian, Naser, Zhu, Xingquan, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The Google Android mobile phone platform is one of the dominant smartphone operating systems on the market. The open source Android platform allows developers to take full advantage of the mobile operation system, but also raises significant issues related to malicious applications (Apps). The popularity of Android platform draws attention of many developers which also attracts the attention of cybercriminals to develop different kinds of malware to be inserted into the Google Android Market...
Show moreThe Google Android mobile phone platform is one of the dominant smartphone operating systems on the market. The open source Android platform allows developers to take full advantage of the mobile operation system, but also raises significant issues related to malicious applications (Apps). The popularity of Android platform draws attention of many developers which also attracts the attention of cybercriminals to develop different kinds of malware to be inserted into the Google Android Market or other third party markets as safe applications. In this thesis, we propose to combine permission, API (Application Program Interface) calls and function calls to build a Heuristic-Based framework for the detection of malicious Android Apps. In our design, the permission is extracted from each App’s profile information and the APIs are extracted from the packed App file by using packages and classes to represent API calls. By using permissions, API calls and function calls as features to characterize each of Apps, we can develop a classifier by data mining techniques to identify whether an App is potentially malicious or not. An inherent advantage of our method is that it does not need to involve any dynamic tracking of the system calls but only uses simple static analysis to find system functions from each App. In addition, Our Method can be generalized to all mobile applications due to the fact that APIs and function calls are always present for mobile Apps. Experiments on real-world Apps with more than 1200 malwares and 1200 benign samples validate the algorithm performance. Research paper published based on the work reported in this thesis: Naser Peiravian, Xingquan Zhu, Machine Learning for Android Malware Detection Using Permission and API Calls, in Proc. of the 25th IEEE International Conference on Tools with Artificial Intelligence (ICTAI) – Washington D.C, November 4-6, 2013.
Show less - Date Issued
- 2013
- PURL
- http://purl.flvc.org/fau/fd/FA0004045
- Subject Headings
- Computer networks -- Security measures, Data encryption (Computer science), Data structures (Computer science), Internet -- Security measures
- Format
- Document (PDF)
- Title
- A utility-based routing scheme in multi-hop wireless networks.
- Creator
- Lu, Mingming., College of Engineering and Computer Science, Florida Atlantic University, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Multi-hop wireless networks are infrastructure-less networks consisting of mobile or stationary wireless devices, which include multi-hop wireless mesh networks and multi-hop wireless sensor networks. These networks are characterized by limited bandwidth and energy resources, unreliable communication, and a lack of central control. These characteristics lead to the research challenges of multi-hop wireless networks. Building up routing schemes with good balance among the routing QoS (such as...
Show moreMulti-hop wireless networks are infrastructure-less networks consisting of mobile or stationary wireless devices, which include multi-hop wireless mesh networks and multi-hop wireless sensor networks. These networks are characterized by limited bandwidth and energy resources, unreliable communication, and a lack of central control. These characteristics lead to the research challenges of multi-hop wireless networks. Building up routing schemes with good balance among the routing QoS (such as reliability, cost, and delay) is a paramount concern to achieve high performance wireless networks. These QoS metrics are internally correlated. Most existing works did not fully utilize this correlation. We design a metric to balance the trade-off between reliability and cost, and build up a framework of utility-based routing model in multi-hop wireless networks. This dissertation focuses on the variations with applications of utility-based routing models, designing new concepts, and developing new algorithms for them. A review of existing routing algorithms and the basic utility-based routing model for multi-hop wireless networks has been provided at the beginning. An efficient algorithm, called MaxUtility, has been proposed for the basic utility-based routing model. MaxUtility is an optimal algorithm that can find the best routing path with the maximum expected utility., Various utility-based routing models are extended to further enhance the routing reliability while reducing the routing overhead. Besides computing the optimal path for a given benefit value and a given source-destination pair, the utility-based routing can be further extended to compute all optimal paths for all possible benefit values and/or all source-destination pairs. Our utility-based routing can also adapt to different applications and various environments. In the self-organized environment, where network users are selfish, we design a truthful routing, where selfish users have to tell the truth in order to maximize their utilities. We apply our utility-based routing scheme to the data-gathering wireless sensor networks, where a routing scheme is required to transmit data sensed by multiple sensor nodes to a common sink node.
Show less - Date Issued
- 2008
- PURL
- http://purl.flvc.org/FAU/77647
- Subject Headings
- Wireless communication systems, Security measures, Computer network protocols, Computer algorithms, Computer networks, Security measures
- Format
- Document (PDF)
- Title
- Resource-sensitive intrusion detection models for network traffic.
- Creator
- Abushadi, Mohamed E., Florida Atlantic University, Khoshgoftaar, Taghi M.
- Abstract/Description
-
Network security is an important subject in today's extensively interconnected computer world. The industry, academic institutions, small and large businesses and even residences are now greatly at risk from the increasing onslaught of computer attacks. Such malicious efforts cause damage ranging from mere violation of confidentiality and issues of privacy up to actual financial loss if business operations are compromised, or even further, loss of human lives in the case of mission-critical...
Show moreNetwork security is an important subject in today's extensively interconnected computer world. The industry, academic institutions, small and large businesses and even residences are now greatly at risk from the increasing onslaught of computer attacks. Such malicious efforts cause damage ranging from mere violation of confidentiality and issues of privacy up to actual financial loss if business operations are compromised, or even further, loss of human lives in the case of mission-critical networked computer applications. Intrusion Detection Systems (IDS) have been used along with the help of data mining modeling efforts to detect intruders, yet with the limitation of organizational resources it is unreasonable to inspect every network alarm raised by the IDS. Modified Expected Cost of Misclassification ( MECM) is a model selection measure that is resource-aware and cost-sensitive at the same time, and has proven to be effective for the identification of the best resource-based intrusion detection model.
Show less - Date Issued
- 2003
- PURL
- http://purl.flvc.org/fcla/dt/13054
- Subject Headings
- Computer networks--Security measures--Automation, Computers--Access control, Data mining, Computer security
- Format
- Document (PDF)
- Title
- Techniques for combining binary classifiers: A comparative study in network intrusion detection systems.
- Creator
- Lin, Hua., Florida Atlantic University, Khoshgoftaar, Taghi M., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
We discuss a set of indirect combining techniques for addressing multi-category classification problems that have been used in many domains, but not for intrusion detection systems. In contrast to the indirect combining techniques, direct techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect combining technique decomposes the original multi-category problem into, based on some criteria, multiple binary-category problems. We...
Show moreWe discuss a set of indirect combining techniques for addressing multi-category classification problems that have been used in many domains, but not for intrusion detection systems. In contrast to the indirect combining techniques, direct techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect combining technique decomposes the original multi-category problem into, based on some criteria, multiple binary-category problems. We investigated two different approaches for building the binary classifiers. The results of the binary classifiers are then merged using a combining technique---three different combining techniques were studied. We implement some of the indirect combining techniques proposed in recent literature, and apply them to a case study of the DARPA KDD-1999 network intrusion detection project. The results demonstrate the usefulness of using indirect combining techniques for the multi-category classification problem of intrusion detection systems.
Show less - Date Issued
- 2004
- PURL
- http://purl.flvc.org/fcla/dt/13111
- Subject Headings
- Computer networks--Security measures, Computer security, Computers--Access control, Electronic countermeasures, Fuzzy systems
- Format
- Document (PDF)
- Title
- Fuzzy vault fingerprint cryptography: Experimental and simulation studies.
- Creator
- Kotlarchyk, Alex J., Florida Atlantic University, Pandya, Abhijit S., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The fuzzy vault scheme introduced by Juels and Sudan [Jue02] was implemented in a fingerprint cryptography system using COTS software. This system proved to be unsuccessful. Failure analysis led to a series of simulations to investigate the parameters and system thresholds necessary for such a system to perform adequately and as guidance for constructing similar systems in the future. First, a discussion of the role of biometrics in data security and cryptography is presented, followed by a...
Show moreThe fuzzy vault scheme introduced by Juels and Sudan [Jue02] was implemented in a fingerprint cryptography system using COTS software. This system proved to be unsuccessful. Failure analysis led to a series of simulations to investigate the parameters and system thresholds necessary for such a system to perform adequately and as guidance for constructing similar systems in the future. First, a discussion of the role of biometrics in data security and cryptography is presented, followed by a review of the key developments leading to the development of the fuzzy vault scheme. The relevant mathematics and algorithms are briefly explained. This is followed by a detailed description of the implementation and simulation of the fuzzy vault scheme. Finally, conclusions drawn from analysis of the results of this research are presented.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13360
- Subject Headings
- Computer networks--Security measures, Computer security, Data encryption (Computer science)
- Format
- Document (PDF)
- Title
- MACHINE LEARNING ALGORITHMS FOR THE DETECTION AND ANALYSIS OF WEB ATTACKS.
- Creator
- Zuech, Richard, Khoshgoftaar, Taghi M., Florida Atlantic University, Department of Computer and Electrical Engineering and Computer Science, College of Engineering and Computer Science
- Abstract/Description
-
The Internet has provided humanity with many great benefits, but it has also introduced new risks and dangers. E-commerce and other web portals have become large industries with big data. Criminals and other bad actors constantly seek to exploit these web properties through web attacks. Being able to properly detect these web attacks is a crucial component in the overall cybersecurity landscape. Machine learning is one tool that can assist in detecting web attacks. However, properly using...
Show moreThe Internet has provided humanity with many great benefits, but it has also introduced new risks and dangers. E-commerce and other web portals have become large industries with big data. Criminals and other bad actors constantly seek to exploit these web properties through web attacks. Being able to properly detect these web attacks is a crucial component in the overall cybersecurity landscape. Machine learning is one tool that can assist in detecting web attacks. However, properly using machine learning to detect web attacks does not come without its challenges. Classification algorithms can have difficulty with severe levels of class imbalance. Class imbalance occurs when one class label disproportionately outnumbers another class label. For example, in cybersecurity, it is common for the negative (normal) label to severely outnumber the positive (attack) label. Another difficulty encountered in machine learning is models can be complex, thus making it difficult for even subject matter experts to truly understand a model’s detection process. Moreover, it is important for practitioners to determine which input features to include or exclude in their models for optimal detection performance. This dissertation studies machine learning algorithms in detecting web attacks with big data. Severe class imbalance is a common problem in cybersecurity, and mainstream machine learning research does not sufficiently consider this with web attacks. Our research first investigates the problems associated with severe class imbalance and rarity. Rarity is an extreme form of class imbalance where the positive class suffers extremely low positive class count, thus making it difficult for the classifiers to discriminate. In reducing imbalance, we demonstrate random undersampling can effectively mitigate the class imbalance and rarity problems associated with web attacks. Furthermore, our research introduces a novel feature popularity technique which produces easier to understand models by only including the fewer, most popular features. Feature popularity granted us new insights into the web attack detection process, even though we had already intensely studied it. Even so, we proceed cautiously in selecting the best input features, as we determined that the “most important” Destination Port feature might be contaminated by lopsided traffic distributions.
Show less - Date Issued
- 2021
- PURL
- http://purl.flvc.org/fau/fd/FA00013823
- Subject Headings
- Machine learning, Computer security, Algorithms, Cybersecurity
- Format
- Document (PDF)
- Title
- Enhanced 1-D chaotic key-based algorithm for image encryption.
- Creator
- Furht, Borko, Socek, Daniel, Magliveras, Spyros S.
- Abstract/Description
-
A recently proposed Chaotic-Key Based Algorithm (CKBA) has been shown to be unavoidably susceptible to chosen/known-plaintext attacks and ciphertext-only attacks. In this paper we enhance the CKBA algorithm three-fold: 1) we change the 1-D chaotic Logistic map to a piecewise linear chaotic map (PWLCM) to improve the balance property, 2) we increase the key size to 128 bits, and 3) we add two more cryptographic primitives and extend the scheme to operate on multiple rounds so that the chosen...
Show moreA recently proposed Chaotic-Key Based Algorithm (CKBA) has been shown to be unavoidably susceptible to chosen/known-plaintext attacks and ciphertext-only attacks. In this paper we enhance the CKBA algorithm three-fold: 1) we change the 1-D chaotic Logistic map to a piecewise linear chaotic map (PWLCM) to improve the balance property, 2) we increase the key size to 128 bits, and 3) we add two more cryptographic primitives and extend the scheme to operate on multiple rounds so that the chosen/knownplaintext attacks are no longer possible. The new cipher has much stronger security and its performance characteristics remain very good.
Show less - Date Issued
- 2004-11-22
- PURL
- http://purl.flvc.org/fcla/dt/358402
- Subject Headings
- Data encryption (Computer science), Computer algorithm, Mulitmedia systems --Security measures.
- Format
- Document (PDF)
- Title
- Implementing security in an IP Multimedia Subsystem (IMS) next generation network - a case study.
- Creator
- Ortiz-Villajos, Jose M., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The IP Multimedia Subsystem (IMS) has gone from just a step in the evolution of the GSM cellular architecture control core, to being the de-facto framework for Next Generation Network (NGN) implementations and deployments by operators world-wide, not only cellular mobile communications operators, but also fixed line, cable television, and alternative operators. With this transition from standards documents to the real world, engineers in these new multimedia communications companies need to...
Show moreThe IP Multimedia Subsystem (IMS) has gone from just a step in the evolution of the GSM cellular architecture control core, to being the de-facto framework for Next Generation Network (NGN) implementations and deployments by operators world-wide, not only cellular mobile communications operators, but also fixed line, cable television, and alternative operators. With this transition from standards documents to the real world, engineers in these new multimedia communications companies need to face the task of making these new networks secure against threats and real attacks that were not a part of the previous generation of networks. We present the IMS and other competing frameworks, we analyze the security issues, we present the topic of Security Patterns, we introduce several new patterns, including the basis for a Generic Network pattern, and we apply these concepts to designing a security architecture for a fictitious 3G operator using IMS for the control core.
Show less - Date Issued
- 2009
- PURL
- http://purl.flvc.org/FAU/186763
- Subject Headings
- Electronic digital computers, Programming, Computer networks, Security measures, TCP/IP (Computer network protocol), Security measures, Internet Protocol Multimedia Subsystem (IMS), Security measures, Multimedia communications, Security measures
- Format
- Document (PDF)
- Title
- DATA COLLECTION FRAMEWORK AND MACHINE LEARNING ALGORITHMS FOR THE ANALYSIS OF CYBER SECURITY ATTACKS.
- Creator
- Calvert, Chad, Khoshgoftaar, Taghi M., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The integrity of network communications is constantly being challenged by more sophisticated intrusion techniques. Attackers are shifting to stealthier and more complex forms of attacks in an attempt to bypass known mitigation strategies. Also, many detection methods for popular network attacks have been developed using outdated or non-representative attack data. To effectively develop modern detection methodologies, there exists a need to acquire data that can fully encompass the behaviors...
Show moreThe integrity of network communications is constantly being challenged by more sophisticated intrusion techniques. Attackers are shifting to stealthier and more complex forms of attacks in an attempt to bypass known mitigation strategies. Also, many detection methods for popular network attacks have been developed using outdated or non-representative attack data. To effectively develop modern detection methodologies, there exists a need to acquire data that can fully encompass the behaviors of persistent and emerging threats. When collecting modern day network traffic for intrusion detection, substantial amounts of traffic can be collected, much of which consists of relatively few attack instances as compared to normal traffic. This skewed distribution between normal and attack data can lead to high levels of class imbalance. Machine learning techniques can be used to aid in attack detection, but large levels of imbalance between normal (majority) and attack (minority) instances can lead to inaccurate detection results.
Show less - Date Issued
- 2019
- PURL
- http://purl.flvc.org/fau/fd/FA00013289
- Subject Headings
- Machine learning, Algorithms, Anomaly detection (Computer security), Intrusion detection systems (Computer security), Big data
- Format
- Document (PDF)
- Title
- Machine learning algorithms for the analysis and detection of network attacks.
- Creator
- Najafabadi, Maryam Mousaarab, Khoshgoftaar, Taghi M., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The Internet and computer networks have become an important part of our organizations and everyday life. With the increase in our dependence on computers and communication networks, malicious activities have become increasingly prevalent. Network attacks are an important problem in today’s communication environments. The network traffic must be monitored and analyzed to detect malicious activities and attacks to ensure reliable functionality of the networks and security of users’ information....
Show moreThe Internet and computer networks have become an important part of our organizations and everyday life. With the increase in our dependence on computers and communication networks, malicious activities have become increasingly prevalent. Network attacks are an important problem in today’s communication environments. The network traffic must be monitored and analyzed to detect malicious activities and attacks to ensure reliable functionality of the networks and security of users’ information. Recently, machine learning techniques have been applied toward the detection of network attacks. Machine learning models are able to extract similarities and patterns in the network traffic. Unlike signature based methods, there is no need for manual analyses to extract attack patterns. Applying machine learning algorithms can automatically build predictive models for the detection of network attacks. This dissertation reports an empirical analysis of the usage of machine learning methods for the detection of network attacks. For this purpose, we study the detection of three common attacks in computer networks: SSH brute force, Man In The Middle (MITM) and application layer Distributed Denial of Service (DDoS) attacks. Using outdated and non-representative benchmark data, such as the DARPA dataset, in the intrusion detection domain, has caused a practical gap between building detection models and their actual deployment in a real computer network. To alleviate this limitation, we collect representative network data from a real production network for each attack type. Our analysis of each attack includes a detailed study of the usage of machine learning methods for its detection. This includes the motivation behind the proposed machine learning based detection approach, the data collection process, feature engineering, building predictive models and evaluating their performance. We also investigate the application of feature selection in building detection models for network attacks. Overall, this dissertation presents a thorough analysis on how machine learning techniques can be used to detect network attacks. We not only study a broad range of network attacks, but also study the application of different machine learning methods including classification, anomaly detection and feature selection for their detection at the host level and the network level.
Show less - Date Issued
- 2017
- PURL
- http://purl.flvc.org/fau/fd/FA00004882, http://purl.flvc.org/fau/fd/FA00004882
- Subject Headings
- Machine learning., Computer security., Data protection., Computer networks--Security measures.
- Format
- Document (PDF)
- Title
- An Empirical Study of Ordinal and Non-ordinal Classification Algorithms for Intrusion Detection in WLANs.
- Creator
- Gopalakrishnan, Leelakrishnan, Khoshgoftaar, Taghi M., Florida Atlantic University
- Abstract/Description
-
Ordinal classification refers to an important category of real world problems, in which the attributes of the instances to be classified and the classes are linearly ordered. Many applications of machine learning frequently involve situations exhibiting an order among the different categories represented by the class attribute. In ordinal classification the class value is converted into a numeric quantity and regression algorithms are applied to the transformed data. The data is later...
Show moreOrdinal classification refers to an important category of real world problems, in which the attributes of the instances to be classified and the classes are linearly ordered. Many applications of machine learning frequently involve situations exhibiting an order among the different categories represented by the class attribute. In ordinal classification the class value is converted into a numeric quantity and regression algorithms are applied to the transformed data. The data is later translated back into a discrete class value in a postprocessing step. This thesis is devoted to an empirical study of ordinal and non-ordinal classification algorithms for intrusion detection in WLANs. We used ordinal classification in conjunction with nine classifiers for the experiments in this thesis. All classifiers are parts of the WEKA machinelearning workbench. The results indicate that most of the classifiers give similar or better results with ordinal classification compared to non-ordinal classification.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fau/fd/FA00012521
- Subject Headings
- Wireless LANs--Security measures, Computer networks--Security measures, Data structures (Computer science), Multivariate analysis
- Format
- Document (PDF)
- Title
- Evaluating indirect and direct classification techniques for network intrusion detection.
- Creator
- Ibrahim, Nawal H., Florida Atlantic University, Khoshgoftaar, Taghi M.
- Abstract/Description
-
Increasing aggressions through cyber terrorism pose a constant threat to information security in our day to day life. Implementing effective intrusion detection systems (IDSs) is an essential task due to the great dependence on networked computers for the operational control of various infrastructures. Building effective IDSs, unfortunately, has remained an elusive goal owing to the great technical challenges involved, and applied data mining techniques are increasingly being utilized in...
Show moreIncreasing aggressions through cyber terrorism pose a constant threat to information security in our day to day life. Implementing effective intrusion detection systems (IDSs) is an essential task due to the great dependence on networked computers for the operational control of various infrastructures. Building effective IDSs, unfortunately, has remained an elusive goal owing to the great technical challenges involved, and applied data mining techniques are increasingly being utilized in attempts to overcome the difficulties. This thesis presents a comparative study of the traditional "direct" approaches with the recently explored "indirect" approaches of classification which use class binarization and combiner techniques for intrusion detection. We evaluate and compare the performance of IDSs based on various data mining algorithms, in the context of a well known network intrusion evaluation data set. It is empirically shown that data mining algorithms when applied using the indirect classification approach yield better intrusion detection models.
Show less - Date Issued
- 2004
- PURL
- http://purl.flvc.org/fcla/dt/13128
- Subject Headings
- Computer networks--Security measures, Computer security, Software measurement, Data mining
- Format
- Document (PDF)
- Title
- Firewall formulation driven by risk analysis.
- Creator
- Srinivasan, Sriram, Jr., Florida Atlantic University, Pandya, Abhijit S., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
At the turn of the new millennium, the focus of Information Technology Management turned to Information and Systems Security, as opposed to competitive advantage investment. In catering to the security needs of various firms and institutions, it is seen that different entities require varying Information Security configurations. This thesis attempts to utilize Risk Analysis, a commonly used procedure in business realms, to formulate customized Firewalls based on the specific needs of a...
Show moreAt the turn of the new millennium, the focus of Information Technology Management turned to Information and Systems Security, as opposed to competitive advantage investment. In catering to the security needs of various firms and institutions, it is seen that different entities require varying Information Security configurations. This thesis attempts to utilize Risk Analysis, a commonly used procedure in business realms, to formulate customized Firewalls based on the specific needs of a network, subsequently building an effective system following the "Defense in Depth" strategy. This is done by first choosing an efficient Risk Analysis model which suits the process of creating Firewall policies, and then applying it to a particular case study. A network within Florida Atlantic University is used as an experimental test case, and by analyzing the traffic to which it is subject while behind a single Firewall layer, a specific Security Policy is arrived at and implemented.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13348
- Subject Headings
- Computer networks--Security measures, Electronic data processing departments--Security measures, Firewalls (Computer security), Risk assessment
- Format
- Document (PDF)
- Title
- Mitigating worm propagation on virtual LANs.
- Creator
- Sun, Xiaoguang., Florida Atlantic University, Rajput, Saeed, Hsu, Sam, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Recent worms have used sophisticated propagation techniques to propagate faster than the patch distribution and have utilized previously unknown vulnerabilities. To mitigate repetition of such epidemics in future, active defense mechanisms are needed that not only identify malicious activity, but can also defend against widespread outbreak. We provide a framework capable of reacting quickly to quarantine infections. The fundamental components of our framework are detector and VLAN switch. We...
Show moreRecent worms have used sophisticated propagation techniques to propagate faster than the patch distribution and have utilized previously unknown vulnerabilities. To mitigate repetition of such epidemics in future, active defense mechanisms are needed that not only identify malicious activity, but can also defend against widespread outbreak. We provide a framework capable of reacting quickly to quarantine infections. The fundamental components of our framework are detector and VLAN switch. We have provided a proof of concept implementation, where we use the Blaster worm as an example, and demonstrate that detection of worms is possible, and individual infected hosts can be isolated quickly. Furthermore, using Monte Carlo simulations, we show that such containment of future epidemics is possible. In addition, we also compute the overhead of detection and mitigation approaches and have shown that our approach has lower overhead compared to the others.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13369
- Subject Headings
- Wireless LANs--Security measures, Wireless communication systems--Security measures, Computer viruses--Prevention, Computer security
- Format
- Document (PDF)