19 resultados para TERRORIST ATTACKS
Resumo:
IoT consists of essentially thousands of tiny sensor nodes interconnected to the internet, each one of which executes the programmed functions under memory and power limita- tions. The sensor nodes are distributed mainly for gathering data in various situations. IoT envisions the future technologies such as e-health, smart city, auto-mobiles automa- tion, construction sites automation, and smart home. Secure communication of data under memory and energy constraints is major challenge in IoT. Authentication is the first and important phase of secure communication. This study presents a protocol to authenticate resource constraint devices in physical proximity by solely using the shared wireless communication interfaces. This model of authentication only relies on the abundance of ambient radio signals to authenticate in less than a second. To evaluate the designed protocol, SkyMotes are emulated in a network environment simulated by Contiki/COOJA. Results presented during this study proves that this approach is immune against passive and active attacks. An adversary located as near as two meters can be identified in less than a second with minimal expense of energy. Since, only radio device is used as required hardware for the authentication, this technique is scalable and interoperable to heterogeneous nature of IoT.
Resumo:
Mobile malwares are increasing with the growing number of Mobile users. Mobile malwares can perform several operations which lead to cybersecurity threats such as, stealing financial or personal information, installing malicious applications, sending premium SMS, creating backdoors, keylogging and crypto-ransomware attacks. Knowing the fact that there are many illegitimate Applications available on the App stores, most of the mobile users remain careless about the security of their Mobile devices and become the potential victim of these threats. Previous studies have shown that not every antivirus is capable of detecting all the threats; due to the fact that Mobile malwares use advance techniques to avoid detection. A Network-based IDS at the operator side will bring an extra layer of security to the subscribers and can detect many advanced threats by analyzing their traffic patterns. Machine Learning(ML) will provide the ability to these systems to detect unknown threats for which signatures are not yet known. This research is focused on the evaluation of Machine Learning classifiers in Network-based Intrusion detection systems for Mobile Networks. In this study, different techniques of Network-based intrusion detection with their advantages, disadvantages and state of the art in Hybrid solutions are discussed. Finally, a ML based NIDS is proposed which will work as a subsystem, to Network-based IDS deployed by Mobile Operators, that can help in detecting unknown threats and reducing false positives. In this research, several ML classifiers were implemented and evaluated. This study is focused on Android-based malwares, as Android is the most popular OS among users, hence most targeted by cyber criminals. Supervised ML algorithms based classifiers were built using the dataset which contained the labeled instances of relevant features. These features were extracted from the traffic generated by samples of several malware families and benign applications. These classifiers were able to detect malicious traffic patterns with the TPR upto 99.6% during Cross-validation test. Also, several experiments were conducted to detect unknown malware traffic and to detect false positives. These classifiers were able to detect unknown threats with the Accuracy of 97.5%. These classifiers could be integrated with current NIDS', which use signatures, statistical or knowledge-based techniques to detect malicious traffic. Technique to integrate the output from ML classifier with traditional NIDS is discussed and proposed for future work.
Resumo:
Internetin yhteisöpalveluiden käyttäjien avoimuus ja sosiaalisuus altistavat heidät monenlaisille riskeille. “Social engineering” eli käyttäjien manipulointi on uhka, joka liittyy informaation hankkimiseen perinteisen kanssakäymisen kautta, mutta yhä enenevissä määrin myös internetissä. Kun kanssakäyminen tapahtuu internetin välityksellä, käyttäjien manipuloijat hyödyntävät yhteisöpalveluita yhteydenpitoon uhrien kanssa sekä paljon käyttäjäinformaatiota sisältävänä alustana. Tämän tutkielman tarkoitus on löytää internetin yhteisöpalveluiden ja käyttäjien manipuloinnin välinen yhteys. Tämä päämäärä saavutettiin etsimällä vastauksia kysymyksiin kuten: Mitkä ovat tyypilliset hyökkäystyypit? Miksi informaatiolla on niin suuri rooli? Mitä seurauksia ilmiöllä on ja miten hyökkäyksiltä on mahdollista suojautua? Vastaukset kysymyksiin löydettiin toteuttamalla systemaattinen kirjallisuuskatsaus. Katsaus muodostui yhdistämällä tärkeimmät löydökset 60 tarkoin valitusta ilmiötä käsittelevästä artikkelista. Käyttäjien manipuloinnin huomattiin olevan hyvin laaja ja monimutkainen ilmiö internetin yhteisöpalveluissa. Huomattiin, että manipulointia ilmenee sivustoilla useissa erilaisissa muodoissa, joita ovat muun muassa tietojen kalastelu, profiilien yhdistäminen, sosiaaliset sovellukset, roskaposti, haitalliset linkit, identiteettivarkaudet, tietovuodot ja erilaiset huijaukset, jotka hyödyntävät sekä ihmisluonnon että sivustojen perusominaisuuksia. Haavoittuvuus ja luottamus havaittiin myös tärkeiksi aspekteiksi, sillä ne yhdistävät informaation merkityksen ja ihmisluonnon, jotka molemmat ovat avaintekijöitä sekä manipuloinnissa että yhteisöpalvelusivustoilla. Vaikka ilmiön seurausten huomattiin olevan negatiivisia niin käyttäjien olemukselle internetissä kuin todellisessakin elämässä, havaittiin myös, että ilmiön ymmärtäminen ja tunnistaminen helpottaa siltä suojautumista
Resumo:
Modern automobiles are no longer just mechanical tools. The electronics and computing services they are shipping with are making them not less than a computer. They are massive kinetic devices with sophisticated computing power. Most of the modern vehicles are made with the added connectivity in mind which may be vulnerable to outside attack. Researchers have shown that it is possible to infiltrate into a vehicle’s internal system remotely and control the physical entities such as steering and brakes. It is quite possible to experience such attacks on a moving vehicle and unable to use the controls. These massive connected computers can be life threatening as they are related to everyday lifestyle. First part of this research studied the attack surfaces in the automotive cybersecurity domain. It also illustrated the attack methods and capabilities of the damages. Online survey has been deployed as data collection tool to learn about the consumers’ usage of such vulnerable automotive services. The second part of the research portrayed the consumers’ privacy in automotive world. It has been found that almost hundred percent of modern vehicles has the capabilities to send vehicle diagnostic data as well as user generated data to their manufacturers, and almost thirty five percent automotive companies are collecting them already. Internet privacy has been studies before in many related domain but no privacy scale were matched for automotive consumers. It created the research gap and motivation for this thesis. A study has been performed to use well established consumers privacy scale – IUIPC to match with the automotive consumers’ privacy situation. Hypotheses were developed based on the IUIPC model for internet consumers’ privacy and they were studied by the finding from the data collection methods. Based on the key findings of the research, all the hypotheses were accepted and hence it is found that automotive consumers’ privacy did follow the IUIPC model under certain conditions. It is also found that a majority of automotive consumers use the services and devices that are vulnerable and prone to cyber-attacks. It is also established that there is a market for automotive cybersecurity services and consumers are willing to pay certain fees to avail that.
