63 resultados para network-based intrusion detection system
em Doria (National Library of Finland DSpace Services) - National Library of Finland, Finland
Resumo:
Mobile malwares are increasing with the growing number of Mobile users. Mobile malwares can perform several operations which lead to cybersecurity threats such as, stealing financial or personal information, installing malicious applications, sending premium SMS, creating backdoors, keylogging and crypto-ransomware attacks. Knowing the fact that there are many illegitimate Applications available on the App stores, most of the mobile users remain careless about the security of their Mobile devices and become the potential victim of these threats. Previous studies have shown that not every antivirus is capable of detecting all the threats; due to the fact that Mobile malwares use advance techniques to avoid detection. A Network-based IDS at the operator side will bring an extra layer of security to the subscribers and can detect many advanced threats by analyzing their traffic patterns. Machine Learning(ML) will provide the ability to these systems to detect unknown threats for which signatures are not yet known. This research is focused on the evaluation of Machine Learning classifiers in Network-based Intrusion detection systems for Mobile Networks. In this study, different techniques of Network-based intrusion detection with their advantages, disadvantages and state of the art in Hybrid solutions are discussed. Finally, a ML based NIDS is proposed which will work as a subsystem, to Network-based IDS deployed by Mobile Operators, that can help in detecting unknown threats and reducing false positives. In this research, several ML classifiers were implemented and evaluated. This study is focused on Android-based malwares, as Android is the most popular OS among users, hence most targeted by cyber criminals. Supervised ML algorithms based classifiers were built using the dataset which contained the labeled instances of relevant features. These features were extracted from the traffic generated by samples of several malware families and benign applications. These classifiers were able to detect malicious traffic patterns with the TPR upto 99.6% during Cross-validation test. Also, several experiments were conducted to detect unknown malware traffic and to detect false positives. These classifiers were able to detect unknown threats with the Accuracy of 97.5%. These classifiers could be integrated with current NIDS', which use signatures, statistical or knowledge-based techniques to detect malicious traffic. Technique to integrate the output from ML classifier with traditional NIDS is discussed and proposed for future work.
Resumo:
Leveraging cloud services, companies and organizations can significantly improve their efficiency, as well as building novel business opportunities. Cloud computing offers various advantages to companies while having some risks for them too. Advantages offered by service providers are mostly about efficiency and reliability while risks of cloud computing are mostly about security problems. Problems with security of the cloud still demand significant attention in order to tackle the potential problems. Security problems in the cloud as security problems in any area of computing, can not be fully tackled. However creating novel and new solutions can be used by service providers to mitigate the potential threats to a large extent. Looking at the security problem from a very high perspective, there are two focus directions. Security problems that threaten service user’s security and privacy are at one side. On the other hand, security problems that threaten service provider’s security and privacy are on the other side. Both kinds of threats should mostly be detected and mitigated by service providers. Looking a bit closer to the problem, mitigating security problems that target providers can protect both service provider and the user. However, the focus of research community mostly is to provide solutions to protect cloud users. A significant research effort has been put in protecting cloud tenants against external attacks. However, attacks that are originated from elastic, on-demand and legitimate cloud resources should still be considered seriously. The cloud-based botnet or botcloud is one of the prevalent cases of cloud resource misuses. Unfortunately, some of the cloud’s essential characteristics enable criminals to form reliable and low cost botclouds in a short time. In this paper, we present a system that helps to detect distributed infected Virtual Machines (VMs) acting as elements of botclouds. Based on a set of botnet related system level symptoms, our system groups VMs. Grouping VMs helps to separate infected VMs from others and narrows down the target group under inspection. Our system takes advantages of Virtual Machine Introspection (VMI) and data mining techniques.
Resumo:
The mobile networks of earlier and current generations, or 2G and 3G networks, provide users voice and packet services with higher transmission rates and good quality over the same core network. When developing the next generation of mobile networks the current quality of services needs to be maintained. This thesis concentrates on the next generation mobile network, especially on the evolution of the packet network part. The new mobile network has requirements for the common packet backbone network, Mobile Packet Backbone Network, which is additionally discussed in this study. The next generation mobile network, called LTE/SAE, is currently under testing. The test system is called Container Trial System. It is a mini sized LTE/SAE site. The LTE/SAE is studied in this thesis concentrating on the evolved packet core, the SAE part of the composition. The empirical part of the study compares the LTE/SAE Container Trial System and commercial network designs and additionally produces documentation for internal personnel and customers. The research is performed by comparing the documentations and specifications of both the Container Trial System and commercial network. Since the LTE commercial network is not yet constructed, the comparison is done theoretically. The purpose is furthermore to find out if there are any design issues that could be done differently in the next version of the Container Trial System.
Resumo:
Presentation at Open Repositories 2014, Helsinki, Finland, June 9-13, 2014
Resumo:
Food safety has always been a social issue that draws great public attention. With the rapid development of wireless communication technologies and intelligent devices, more and more Internet of Things (IoT) systems are applied in the food safety tracking field. However, connection between things and information system is usually established by pre-storing information of things into RFID Tag, which is inapplicable for on-field food safety detection. Therefore, considering pesticide residue is one of the severe threaten to food safety, a new portable, high-sensitivity, low-power, on-field organophosphorus (OP) compounds detection system is proposed in this thesis to realize the on-field food safety detection. The system is designed based on optical detection method by using a customized photo-detection sensor. A Micro Controller Unit (MCU) and a Bluetooth Low Energy (BLE) module are used to quantize and transmit detection result. An Android Application (APP) is also developed for the system to processing and display detection result as well as control the detection process. Besides, a quartzose sample container and black system box are also designed and made for the system demonstration. Several optimizations are made in wireless communication, circuit layout, Android APP and industrial design to realize the mobility, low power and intelligence.
Resumo:
Työn keskeisimpänä tavoitteena on tutkia SIEM-järjestelmien (Security Information and Event Management) käyttömahdollisuuksia PCI DSS -standardissa (Payment Card IndustryData Security Standard) lähtökohtaisesti ratkaisutoimittajan näkökulmasta. Työ on tehty Cygate Oy:ssä. SIEM on uusi tietoturvan ratkaisualue, jonka käyttöönottoa vauhdittavat erilaiset viralliset sääntelyt kuten luottokorttiyhtiöiden asettama PCI DSS -standardi. SIEM-järjestelmien avulla organisaatiot pystyvät keräämään valmistajariippumattomasti verkon systeemikomponenteista tapahtumatietoja, joiden avulla pystytään näkemään keskitetysti, mitä verkossa on tapahtunut. SIEM:ssa käsitellään sekä historiapohjaisia että reaaliaikaisia tapahtumia ja se toimii organisaatioiden keskitettynä tietoturvaprosessia tukevana hallintatyökaluna. PCI DSS -standardi on hyvin yksityiskohtainen ja sen vaatimusten täyttäminen ei ole yksinkertaista. Vaatimuksenmukaisuutta ei saavuteta hetkessä, vaan siihen liittyvä projekti voi kestää viikoista kuukausiin. Standardin yksi haasteellisimmista asioista on keskitetty lokien hallinta. Maksukorttitietoja käsittelevien ja välittävien organisaatioiden on kerättävä kaikki audit-lokit eri järjestelmistä, jotta maksukorttitietojen käyttöä pystytään luottamuksellisesti seuraamaan. Standardin mukaan organisaatioiden tulee käyttää myös tunkeutumisen ja haavoittuvuuksien havainnointijärjestelmiä mahdollisten tietomurtojen havaitsemiseksi ja estämiseksi. SIEM-järjestelmän avulla saadaan täytettyä PCI DSS -standardin vaativimpia lokien hallintaan liittyviä vaatimuksia ja se tuo samallamonia yksityiskohtaisia parannuksia tukemaan muita standardin vaatimuskohtia. Siitä voi olla hyötyä mm. tunkeutumisen ja haavoittuvuuksien havainnoinnissa. SIEM-järjestelmän hyödyntäminen standardin apuna on kuitenkin erittäin haasteellista. Käyttöönotto vaatii tarkkaa etukäteissuunnittelua ja kokonaisuuksien ymmärtämistä niin ratkaisutoimittajan kuin ratkaisun käyttöönottajan puolelta.
Resumo:
Streptococcus suis is an important pig pathogen but it is also zoonotic, i.e. capable of causing diseases in humans. Human S. suis infections are quite uncommon but potentially life-threatening and the pathogen is an emerging public health concern. This Gram-positive bacterium possesses a galabiose-specific (Galalpha1−4Gal) adhesion activity, which has been studied for over 20 years. P-fimbriated Escherichia coli−bacteria also possess a similar adhesin activity targeting the same disaccharide. The galabiose-specific adhesin of S. suis was identified by an affinity proteomics method. No function of the protein identified was formerly known and it was designated streptococcal adhesin P (SadP). The peptide sequence of SadP contains an LPXTG-motif and the protein was proven to be cell wall−anchored. SadP may be multimeric since in SDS-PAGE gel it formed a protein ladder starting from about 200 kDa. The identification was confirmed by producing knockout strains lacking functional adhesin, which had lost their ability to bind to galabiose. The adhesin gene was cloned in a bacterial expression host and properties of the recombinant adhesin were studied. The galabiose-binding properties of the recombinant protein were found to be consistent with previous results obtained studying whole bacterial cells. A live-bacteria application of surface plasmon resonance was set up, and various carbohydrate inhibitors of the galabiose-specific adhesins were studied with this assay. The potencies of the inhibitors were highly dependent on multivalency. Compared with P-fimbriated E. coli, lower concentrations of galabiose derivatives were needed to inhibit the adhesion of S. suis. Multivalent inhibitors of S. suis adhesion were found to be effective at low nanomolar concentrations. To specifically detect galabiose adhesin−expressing S. suis bacteria, a technique utilising magnetic glycoparticles and an ATP bioluminescence bacterial detection system was also developed. The identification and characterisation of the SadP adhesin give valuable information on the adhesion mechanisms of S. suis, and the results of this study may be helpful for the development of novel inhibitors and specific detection methods of this pathogen.
Resumo:
The continuous technology evaluation is benefiting our lives to a great extent. The evolution of Internet of things and deployment of wireless sensor networks is making it possible to have more connectivity between people and devices used extensively in our daily lives. Almost every discipline of daily life including health sector, transportation, agriculture etc. is benefiting from these technologies. There is a great potential of research and refinement of health sector as the current system is very often dependent on manual evaluations conducted by the clinicians. There is no automatic system for patient health monitoring and assessment which results to incomplete and less reliable heath information. Internet of things has a great potential to benefit health care applications by automated and remote assessment, monitoring and identification of diseases. Acute pain is the main cause of people visiting to hospitals. An automatic pain detection system based on internet of things with wireless devices can make the assessment and redemption significantly more efficient. The contribution of this research work is proposing pain assessment method based on physiological parameters. The physiological parameters chosen for this study are heart rate, electrocardiography, breathing rate and galvanic skin response. As a first step, the relation between these physiological parameters and acute pain experienced by the test persons is evaluated. The electrocardiography data collected from the test persons is analyzed to extract interbeat intervals. This evaluation clearly demonstrates specific patterns and trends in these parameters as a consequence of pain. This parametric behavior is then used to assess and identify the pain intensity by implementing machine learning algorithms. Support vector machines are used for classifying these parameters influenced by different pain intensities and classification results are achieved. The classification results with good accuracy rates between two and three levels of pain intensities shows clear indication of pain and the feasibility of this pain assessment method. An improved approach on the basis of this research work can be implemented by using both physiological parameters and electromyography data of facial muscles for classification.
Resumo:
In modern society, the body health is a very important issue to everyone. With the development of the science and technology, the new and developed body health monitoring device and technology will play the key role in the daily medical activities. This paper focus on making progress in the design of the wearable vital sign system. A vital sign monitoring system has been proposed and designed. The whole detection system is composed of signal collecting subsystem, signal processing subsystem, short-range wireless communication subsystem and user interface subsystem. The signal collecting subsystem is composed of light source and photo diode, after emiting light of two different wavelength, the photo diode collects the light signal reflected by human body tissue. The signal processing subsystem is based on the analog front end AFE4490 and peripheral circuits, the collected analog signal would be filtered and converted into digital signal in this stage. After a series of processing, the signal would be transmitted to the short-range wireless communication subsystem through SPI, this subsystem is mainly based on Bluetooth 4.0 protocol and ultra-low power System on Chip(SoC) nRF51822. Finally, the signal would be transmitted to the user end. After proposing and building the system, this paper focus on the research of the key component in the system, that is, the photo detector. Based on the study of the perovskite materials, a low temperature processed photo detector has been proposed, designed and researched. The device is made up of light absorbing layer, electron transporting and hole blocking layer, hole transporting and electron blocking layer, conductive substrate layer and metal electrode layer. The light absorbing layer is the important part of whole device, and it is fabricated by perovskite materials. After accepting the light, the electron-hole pair would be produced in this layer, and due to the energy level difference, the electron and hole produced would be transmitted to metal electrode and conductive substrate electrode through electron transporting layer and hole transporting layer respectively. In this way the response current would be produced. Based on this structure, the specific fabrication procedure including substrate cleaning; PEDOT:PSS layer preparation; pervoskite layer preparation; PCBM layer preparation; C60, BCP, and Ag electrode layer preparation. After the device fabrication, a series of morphological characterization and performance testing has been done. The testing procedure including film-forming quality inspection, response current and light wavelength analysis, linearity and response time and other optical and electrical properties testing. The testing result shows that the membrane has been fabricated uniformly; the device can produce obvious response current to the incident light with the wavelength from 350nm to 800nm, and the response current could be changed along with the light wavelength. When the light wavelength keeps constant, there exists a good linear relationship between the intensity of the response current and the power of the incident light, based on which the device could be used as the photo detector to collect the light information. During the changing period of the light signal, the response time of the device is several microseconds, which is acceptable working as a photo detector in our system. The testing results show that the device has good electronic and optical properties, and the fabrication procedure is also repeatable, the properties of the devices has good uniformity, which illustrates the fabrication method and procedure could be used to build the photo detector in our wearable system. Based on a series of testing results, the paper has drawn the conclusion that the photo detector fabricated could be integrated on the flexible substrate and is also suitable for the monitoring system proposed, thus made some progress on the research of the wearable monitoring system and device. Finally, some future prospect in system design aspect and device design and fabrication aspect are proposed.
Resumo:
The integrated system of design for manufacturing and assembly (DFMA) and internet based collaborative design are presented to support product design, manufacturing process, and assembly planning for axial eccentric oil-pump design. The presented system manages and schedules group oriented collaborative activities. The design guidelines of internet based collaborative design & DFMA are expressed. The components and the manufacturing stages of axial eccentric oil-pump are expressed in detail. The file formats of the presented system include the data types of collaborative design of the product, assembly design, assembly planning and assembly system design. Product design and assembly planning can be operated synchronously and intelligently and they are integrated under the condition of internet based collaborative design and DFMA. The technologies of collaborative modelling, collaborative manufacturing, and internet based collaborative assembly for the specific pump construction are developed. A seven-security level is presented to ensure the security of the internet based collaborative design system.
Resumo:
Suomen Viestintävirasto Ficora on antanut määräyksen 13/2005M, jonka mukaan internet-palveluntarjoajalla tulee olla ennalta määritellyt prosessit ja toimintamallit sen omista asiakasliittymistä internetiin lähtevän haitallisen liikenteen havaitsemiseksi ja suodattamiseksi. Määräys ei sinällään aseta ehtoja, kuinka asetetut vaatimukset kukin internet-palveluntarjoaja täyttää. Tässä diplomityössä annetaan määritelmät haitalliselle liikenteelle ja tutkitaan menetelmiä, joilla sitä voidaan havainnoida ja suodattaa paikallisen internet-palveluntarjoajan operaattoriverkoissa. Suhteutettunapaikallisen internet-palveluntarjoajan asiakasliittymien määrään, uhkien vakavuuteen ja tällaisen systeemin kustannuksiin, tullaan tämän työn pohjalta ehdottamaan avoimen lähdekoodin tunkeutumisenhavaitsemistyökalua nopeaa reagointia vaativiin tietoturvaloukkauksiin ja automatisoitua uudelleenreitititystä suodatukseen. Lisäksi normaalin työajan puitteissa tapahtuvaan liikenteen seurantaan suositetaan laajennettua valvontapöytää, jossa tarkemmat tutkimukset voidaan laittaa alulle visualisoitujen reaaliaikaisten tietoliikenneverkon tietovoiden kautta.
Resumo:
This paper analyzes the possibilities of integrating cost information and engineering design. Special emphasis is on finding the potential of using the activity-based costing (ABC) method when formulating cost information for the needs of design engineers. This paper suggests that ABC is more useful than the traditional job order costing, but the negative issue is the fact that ABC models become easily too complicated, i.e. expensive to build and maintain, and difficult to use. For engineering design the most suitable elements of ABC are recognizing activities of the company, constructing acitivity chains, identifying resources, activity and cost drivers, as wellas calculating accurate product costs. ABC systems including numerous cost drivers can become complex. Therefore, a comprehensive ABC based cost information system for the use of design engineers should be considered criticaly. Combining the suitable ideas of ABC with engineering oriented thinking could give competentresults.
Resumo:
During the project we get familiar with Linksys WRT54GL wireless router and its network managing methods. Operating system is OpenWRT which is Linux-based distribution for embedded devices. OpenWRT uses two kind of approach for its network administration. The first one is web-based user interface and the second one is command line based. Both methods are working but do not solve all problems that competent network administrator can need for secured network managing. The goal of the project was design an NCurses-based user interface for network administration that can be run from command line. The user interface can be use for example from terminal via SSH which is yet faster and also light to use. The idea is to combine the user friendly of WWW-interface and the advanced options that command line based network managing can offer. Linux-based open source OpenWRT offers good development tools. There exist also a compact development community if there is need for further development of software in future. So far user interface for command line based network administrator is not available.
Resumo:
Työn tavoitteena oli tutkia ja vertailla komponenttipohjaisia ohjelmistoarkkitehtuureita (Microsoft .NET ja J2EE). Työn tarkoituksena oli valita ohjelmistoarkkitehtuuri uudelle neuroverkkopohjaiselle urasuunnittelupalvelulle. Tässä työssä selvitettiin myös, miten luodaan kansainvälistettäviä ja lokalisoitavia sovelluksia, sekä kuinka Web-, Windows-, mobiili-, puhe- ja Digi-TV -käyttöliittymät soveltuvat uudelle urasuunnittelupalvelulle. Tutkimustyössä käytettiin alan kirjallisuutta, Microsoftin ja Sun Microsystemsin Web-sivuja. Tutkimustyössä analysoitiin Microsoft Pet Shop- ja Sun Microsystemsin Java Pet Store -esimerkkisovellusten suorituskykyvertailua. Analyysituloksiin perustuen urasuunnittelupalvelussa suositellaan käytettäväksi J2EE-arkkitehtuuria. Uudelle urasuunnittelupalvelulle toimenpide-ehdotus on komponenttipohjainen järjestelmä Web-, puhe- ja Digi-TV -käyttöliittymillä ja personoidulla sisällöllä. Järjestelmä tehdään viisivaiheisena hankkeena, johon sisältyy pilottitestejä. Uuteen urasuunnittelupalveluun liitetään mukaan opiskelijat, oppilaitokset ja työnantajat sekä asiantuntijoita neuroverkon opetusdatan määrittämiseen. Palvelu perustuu integroituun tietokantaan. Eri osajärjestelmissä tuotettua tietoa voidaan hyödyntää kaikkialla urasuunnittelupalvelussa.
Resumo:
Tässä työssä tutkitaan maasulkuvirtoja sekä niiden vaikutusta ja kehitystä Haminan Ener-gia Oy:n keskijänniteverkossa. Lisäksi tarkastellaan erilaisia mahdollisuuksia rajoittaa maasulkuvirtojen suuruuksia. Tutkimusalueena käytetään koko Haminan Energia Oy:n keskijänniteverkkoaluetta. Maasulkuvirtojen suuruuden ja vaikutusten tutkimiseksi suori-tetaan erilaisin lähtökriteerein maasulkujen vikavirtalaskennat verkkotietojärjestelmällä. Verkon kehittymisen analysoimiseksi selvitetään sen ikätietoja, kaava-alueiden muutok-sia sekä päämuuntaja- ja varasyöttökapasiteetteja. Analyysien pohjalta saatujen tulosten perusteella työssä laaditaan arvio maasulkuvirtojen kehityksestä tulevaisuudessa. Maasulkuvirtojen kompensoimiseksi päädytään rakenta-maan uusi päämuuntaja Laurilan sähköasemalle sekä parantamaan eräiden muuntamoiden ja erottimien maadoituksia. Nämä parannusehdotukset toteuttamalla pystytään sähkötur-vallisuusmääräykset täyttämään maasulkujen osalta pitkälle tulevaisuuteen sekä vähentä-mään asiakkaiden kokemia keskeytyksiä. Lisäksi työssä tehdään ohjeistus Haminan Energia Oy:lle maasulkuvirtojen laskentaa varten.
