511 research outputs found
Master of Science
thesisSystem administrators use application-level knowledge to identify anomalies in virtual appliances (VAs) and to recover from them. This process can be automated through an anomaly detection and recovery system. In this thesis, we claim that application-level policies defined over kernel-level application state can be effective for automatically detecting and mitigating the effects of malicious software in VAs. By combining user-defined application-level policies, virtual machine introspection (VMI), expert systems, and kernel-based state management techniques for anomaly detection and recovery, we are able to provide a favorable environment for the execution of applications in VAs. We use policies to specify the desired state of the VA based on an administrator's application-level knowledge. By using VMI we are able to generate a snapshot that represents the true internal state of the VA. An expert system evaluates the snapshot and identifies any violations. Potential violations include the execution of an irrelevant application, an unauthorized process, or an unfavorable environment configuration. The expert system also reasons about appropriate recovery strategies for each of the violations detected. The recovery strategy decided by the expert system is carried out by recovery tools so that the VA can be restored to an acceptable state. We evaluate the effectiveness of this approach for anomaly detection and repair by using it to detect and recover from the actions of different types malicious software targeting a web server VA. The system is shown to be effective in guarding the VA against the actions of a kernel-exploit kit, a kernel rootkit, a user-space rootkit, and an application malware. For each of these attacks, the recovery component was able to restore the VA to an acceptable state. Although, the recovery actions carried out did not remove the malicious software, they substantially mitigated the harmful effects of the malicious software
ESASCF: Expertise Extraction, Generalization and Reply Framework for an Optimized Automation of Network Security Compliance
The Cyber threats exposure has created worldwide pressure on organizations to
comply with cyber security standards and policies for protecting their digital
assets. Vulnerability assessment (VA) and Penetration Testing (PT) are widely
adopted Security Compliance (SC) methods to identify security gaps and
anticipate security breaches. In the computer networks context and despite the
use of autonomous tools and systems, security compliance remains highly
repetitive and resources consuming. In this paper, we proposed a novel method
to tackle the ever-growing problem of efficiency and effectiveness in network
infrastructures security auditing by formally introducing, designing, and
developing an Expert-System Automated Security Compliance Framework (ESASCF)
that enables industrial and open-source VA and PT tools and systems to extract,
process, store and re-use the expertise in a human-expert way to allow direct
application in similar scenarios or during the periodic re-testing. The
implemented model was then integrated within the ESASCF and tested on different
size networks and proved efficient in terms of time-efficiency and testing
effectiveness allowing ESASCF to take over autonomously the SC in Re-testing
and offloading Expert by automating repeated segments SC and thus enabling
Experts to prioritize important tasks in Ad-Hoc compliance tests. The obtained
results validate the performance enhancement notably by cutting the time
required for an expert to 50% in the context of typical corporate networks
first SC and 20% in re-testing, representing a significant cost-cutting. In
addition, the framework allows a long-term impact illustrated in the knowledge
extraction, generalization, and re-utilization, which enables better SC
confidence independent of the human expert skills, coverage, and wrong
decisions resulting in impactful false negatives
Test Automation with Grad-CAM Heatmaps -- A Future Pipe Segment in MLOps for Vision AI?
Machine Learning (ML) is a fundamental part of modern perception systems. In
the last decade, the performance of computer vision using trained deep neural
networks has outperformed previous approaches based on careful feature
engineering. However, the opaqueness of large ML models is a substantial
impediment for critical applications such as in the automotive context. As a
remedy, Gradient-weighted Class Activation Mapping (Grad-CAM) has been proposed
to provide visual explanations of model internals. In this paper, we
demonstrate how Grad-CAM heatmaps can be used to increase the explainability of
an image recognition model trained for a pedestrian underpass. We argue how the
heatmaps support compliance to the EU's seven key requirements for Trustworthy
AI. Finally, we propose adding automated heatmap analysis as a pipe segment in
an MLOps pipeline. We believe that such a building block can be used to
automatically detect if a trained ML-model is activated based on invalid pixels
in test images, suggesting biased models.Comment: Accepted for publication in the Proc. of the 1st International
Workshop on DevOps Testing for Cyber-Physical System
CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS
Intrusion detection systems (IDS) have been widely adopted within the IT community, as
passive monitoring tools that report security related problems to system administrators.
However, the increasing number and evolving complexity of attacks, along with the
growth and complexity of networking infrastructures, has led to overwhelming numbers of
IDS alerts, which allow significantly smaller timeframe for a human to respond. The need
for automated response is therefore very much evident. However, the adoption of such
approaches has been constrained by practical limitations and administrators' consequent
mistrust of systems' abilities to issue appropriate responses.
The thesis presents a thorough analysis of the problem of intrusions, and identifies false
alarms as the main obstacle to the adoption of automated response. A critical examination
of existing automated response systems is provided, along with a discussion of why a new
solution is needed. The thesis determines that, while the detection capabilities remain
imperfect, the problem of false alarms cannot be eliminated. Automated response
technology must take this into account, and instead focus upon avoiding the disruption of
legitimate users and services in such scenarios. The overall aim of the research has
therefore been to enhance the automated response process, by considering the context of an
attack, and investigate and evaluate a means of making intelligent response decisions.
The realisation of this objective has included the formulation of a response-oriented
taxonomy of intrusions, which is used as a basis to systematically study intrusions and
understand the threats detected by an IDS. From this foundation, a novel Flexible
Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis
from which flexible and escalating levels of response are offered, according to the context
of an attack. The thesis describes the design and operation of the architecture, focusing
upon the contextual factors influencing the response process, and the way they are
measured and assessed to formulate response decisions. The architecture is underpinned by
the use of response policies which provide a means to reflect the changing needs and
characteristics of organisations.
The main concepts of the new architecture were validated via a proof-of-concept prototype
system. A series of test scenarios were used to demonstrate how the context of an attack
can influence the response decisions, and how the response policies can be customised and
used to enable intelligent decisions. This helped to prove that the concept of flexible
automated response is indeed viable, and that the research has provided a suitable
contribution to knowledge in this important domain
ESASCF: expertise extraction, generalization and reply framework for optimized automation of network security compliance
Organizations constantly exposed to cyber threats are compelled to comply with cyber security standards and policies for protecting their digital assets. Vulnerability assessment (VA) and pene- tration testing (PT) are widely adopted methods for security compliance (SC) to identify security gaps and anticipate security breaches. However, these methods for security compliance tend to be highly repetitive and resource-intensive. In this paper, we propose a novel method to tackle the ever-growing problem of efficiency in network security auditing by designing and developing an Expert-System Automated Security Compliance Framework (ESASCF). ESASCF enables industrial and open-source VA and PT tools to extract, process, store and re-use the expertise in similar scenarios or during periodic re-testing. ESASCF was tested on different size networks and proved efficient in terms of time efficiency and testing effectiveness. ESASCF takes over autonomously the SC in re-testing and offloading the human expert by automating repeated segments SC and thus enabling experts to prioritize important tasks in ad-hoc compliance tests. The obtained results show a performance improvement by cutting the time required for an expert to 50% in the context of typical corporate networks’ first security compliance and 20% in re-testing. In addition, the framework allows a long-term impact illustrated in the knowledge extraction, generalization, and re-utilization, which enables better SC confidence independent of the human expert skills, coverage, and wrong decisions resulting in false negatives
Ethical Hacking: Network Security and Penetration Testing
This Grants Collection for Ethical Hacking: Network Security and Penetration Testing was created under a Round Eight ALG Textbook Transformation Grant.
Affordable Learning Georgia Grants Collections are intended to provide faculty with the frameworks to quickly implement or revise the same materials as a Textbook Transformation Grants team, along with the aims and lessons learned from project teams during the implementation process.
Documents are in .pdf format, with a separate .docx (Word) version available for download. Each collection contains the following materials: Linked Syllabus Initial Proposal Final Reporthttps://oer.galileo.usg.edu/compsci-collections/1009/thumbnail.jp
- …