MOSS : a model for open system security
- Van Zyl, Pieter Willem Jordaan
- Authors: Van Zyl, Pieter Willem Jordaan
- Date: 2012-09-12
- Subjects: Computer security - South Africa , Computer networks - Security measures , Security systems - Models. , Computers - Access control
- Type: Thesis
- Identifier: uj:10276 , http://hdl.handle.net/10210/7645
- Description: Ph.D , This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations
- Full Text:
- Authors: Van Zyl, Pieter Willem Jordaan
- Date: 2012-09-12
- Subjects: Computer security - South Africa , Computer networks - Security measures , Security systems - Models. , Computers - Access control
- Type: Thesis
- Identifier: uj:10276 , http://hdl.handle.net/10210/7645
- Description: Ph.D , This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations
- Full Text:
Information security using intelligent software agents
- Authors: Van der Merwe, Jacobus
- Date: 2012-08-20
- Subjects: Computer security , Computer networks - Security measures , Internet - Security measures , Intelligent agents (Computer software)
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/387930 , uj:2793 , http://hdl.handle.net/10210/6231
- Description: Ph.D. , Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
- Full Text:
- Authors: Van der Merwe, Jacobus
- Date: 2012-08-20
- Subjects: Computer security , Computer networks - Security measures , Internet - Security measures , Intelligent agents (Computer software)
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/387930 , uj:2793 , http://hdl.handle.net/10210/6231
- Description: Ph.D. , Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
- Full Text:
Information security in a distributed banking environment, with specific reference to security protocols.
- Authors: Van Buuren, Suzi
- Date: 2012-08-22
- Subjects: Banks and banking - Security measures , Intranets (Computer networks) - Security measures , Internet - Security measures , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:3063 , http://hdl.handle.net/10210/6484
- Description: M.Comm. , The principal aim of the present dissertation is to determine the nature of an electronicbanking environment, to determine the threats within such an environment and the security functionality needed to ward off these threats. Security solutions for each area at risk will be provided in short. The main focus of the dissertation will fall on the security protocols that can be used as solutions to protect a banking system. In the dissertation, indication will also be given of what the security protocols, in their turn, depend on to provide protection to a banking system. There are several security protocols that can be used to secure a banking system. The problem, however, is to determine which protocol will provide the best security for a bank in a specific application. This dissertation is also aimed at providing a general security framework that banks could use to evaluate various security protocols which could be implemented to secure a banking system. Such framework should indicate which security protocols will provide a bank in a certain banking environment with the best protection against security threats. It should also indicate which protocols could be used in combination with others to provide the best security.
- Full Text:
- Authors: Van Buuren, Suzi
- Date: 2012-08-22
- Subjects: Banks and banking - Security measures , Intranets (Computer networks) - Security measures , Internet - Security measures , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:3063 , http://hdl.handle.net/10210/6484
- Description: M.Comm. , The principal aim of the present dissertation is to determine the nature of an electronicbanking environment, to determine the threats within such an environment and the security functionality needed to ward off these threats. Security solutions for each area at risk will be provided in short. The main focus of the dissertation will fall on the security protocols that can be used as solutions to protect a banking system. In the dissertation, indication will also be given of what the security protocols, in their turn, depend on to provide protection to a banking system. There are several security protocols that can be used to secure a banking system. The problem, however, is to determine which protocol will provide the best security for a bank in a specific application. This dissertation is also aimed at providing a general security framework that banks could use to evaluate various security protocols which could be implemented to secure a banking system. Such framework should indicate which security protocols will provide a bank in a certain banking environment with the best protection against security threats. It should also indicate which protocols could be used in combination with others to provide the best security.
- Full Text:
Network security by preventing DDOS attack using honeypot
- Authors: Selvaraj, Rajalakshmi
- Date: 2017
- Subjects: Computer security , Computer networks - Security measures , Machine learning , Intrusion detection systems (Computer security)
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/263140 , uj:27812
- Description: D.Ing. (Electrical Engineering) , Abstract: Basically, Intrusion Detection System (IDS) is introduced in the modern environment in order to secure the system that works in terms of signature, where they are not fit for recognizing most unidentified attackers. The identification of indistinct attack and interruption is not more supportive to recognize the few sorts of attacks, where interruption dependent attack has turned into a huge task to identify interrupter on the system. An intelligent attacker can get a sensible data and information from the framework only after detecting the shortcomings. Distributed Denial of Service (DDoS) is a main cause over the security and also it turns into a most challenging thread in future. There are such a large number of sorts of Denial of Service (DoS), for example, Smurf, Ping of Death, and Clone attack. Some methodologies are not being effortlessly actualized in the system of genuine enterprises, on account of practically trained framework which is trained by the specimen of malware or profound investigation of packet assessment or relies upon the host-based strategy that requires a major limitation for conservation. The Honeypots are a standout amongst the best techniques to gather the examples of malware thus it is used for investigation and for the determination of attacks. Honeypot is a novel application which comprises of huge energy and conceivable outcomes in the field of security. It helps in compromising the behavior of the attack as well as attackers information. Distributed Denial of Service (DDoS) turns into a main goal in the system as it influences the system at multi-level. This prompts a congestion overhead and wastage of transmission capacity usage. In order to overcome these issues, a roaming virtual...
- Full Text:
- Authors: Selvaraj, Rajalakshmi
- Date: 2017
- Subjects: Computer security , Computer networks - Security measures , Machine learning , Intrusion detection systems (Computer security)
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/263140 , uj:27812
- Description: D.Ing. (Electrical Engineering) , Abstract: Basically, Intrusion Detection System (IDS) is introduced in the modern environment in order to secure the system that works in terms of signature, where they are not fit for recognizing most unidentified attackers. The identification of indistinct attack and interruption is not more supportive to recognize the few sorts of attacks, where interruption dependent attack has turned into a huge task to identify interrupter on the system. An intelligent attacker can get a sensible data and information from the framework only after detecting the shortcomings. Distributed Denial of Service (DDoS) is a main cause over the security and also it turns into a most challenging thread in future. There are such a large number of sorts of Denial of Service (DoS), for example, Smurf, Ping of Death, and Clone attack. Some methodologies are not being effortlessly actualized in the system of genuine enterprises, on account of practically trained framework which is trained by the specimen of malware or profound investigation of packet assessment or relies upon the host-based strategy that requires a major limitation for conservation. The Honeypots are a standout amongst the best techniques to gather the examples of malware thus it is used for investigation and for the determination of attacks. Honeypot is a novel application which comprises of huge energy and conceivable outcomes in the field of security. It helps in compromising the behavior of the attack as well as attackers information. Distributed Denial of Service (DDoS) turns into a main goal in the system as it influences the system at multi-level. This prompts a congestion overhead and wastage of transmission capacity usage. In order to overcome these issues, a roaming virtual...
- Full Text:
Veilige indentifikasietegnieke vir gebruikers van rekenaarstelsels
- Rensleigh, Christopher William
- Authors: Rensleigh, Christopher William
- Date: 2014-10-07
- Subjects: Computer networks - Security measures , Computer security , Smartcard technology , Magnetic stipe card
- Type: Thesis
- Identifier: uj:12535 , http://hdl.handle.net/10210/12329
- Description: M.Com. (Informatics) , Please refer to full text to view abstract
- Full Text:
- Authors: Rensleigh, Christopher William
- Date: 2014-10-07
- Subjects: Computer networks - Security measures , Computer security , Smartcard technology , Magnetic stipe card
- Type: Thesis
- Identifier: uj:12535 , http://hdl.handle.net/10210/12329
- Description: M.Com. (Informatics) , Please refer to full text to view abstract
- Full Text:
The computer incident response framework (CIRF)
- Authors: Pieterse, Theron Anton
- Date: 2014-10-10
- Subjects: Information technology - Security measures , Computer networks - Security measures , Risk management , Computer security
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/369666 , uj:12577 , http://hdl.handle.net/10210/12368
- Description: M.Com. (Informatics) , A company’s valuable information assets face many risks from internal and external sources. When these risks are exploited and reports on information assets are made public, it is usually easy to determine which companies had a contingency plan to deal with the various aspects of these “computer incidents”. This study incorporates important factors of computer incidents into a framework which will assists the company in effectively dealing and managing computer incidents when they occur.
- Full Text:
- Authors: Pieterse, Theron Anton
- Date: 2014-10-10
- Subjects: Information technology - Security measures , Computer networks - Security measures , Risk management , Computer security
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/369666 , uj:12577 , http://hdl.handle.net/10210/12368
- Description: M.Com. (Informatics) , A company’s valuable information assets face many risks from internal and external sources. When these risks are exploited and reports on information assets are made public, it is usually easy to determine which companies had a contingency plan to deal with the various aspects of these “computer incidents”. This study incorporates important factors of computer incidents into a framework which will assists the company in effectively dealing and managing computer incidents when they occur.
- Full Text:
'n Bestuurs- en metodologiese benadering tot gebeurlikheidsbeplanning vir die gerekenariseerde stelsels van 'n organisasie
- Authors: Nel, Yvette
- Date: 2014-07-28
- Subjects: Computer networks - Security measures , Information technology
- Type: Thesis
- Identifier: uj:11844 , http://hdl.handle.net/10210/11576
- Description: M.Com. (Informatics) , The-utilization of information technology is essential for an organization, not only to handle daily business activities but also to facilitate management decisions. The greater the dependence of the organization upon information technology, the greater the risk the organization is exposed to in case of an information systems interruption. Computer disasters, such as fires, floods, storms, sabotage and human error, constitute a security threat which could prejudice the survival of an organization. Disaster recovery planning is a realistic and imperative activity for each organization whether large or small. In the light of the potential economic and legal implications o fa disaster, it is no longer acceptable not to be prepared for such an occurrence today.A well designed and tested disaster recovery plan, as part of the total information security strategy of the organization, is therefore not only essential in the terms of the recovery of business functions, but for the SURVIVAL of the organization. In viewpoint above, it can be expected that disaster counterrevolutionary be standard practice for all organizations. However that is not the case. The literature study undertook, as well as exposure in practice, indicate clearly that disaster recovery planning enjoys low priority in most organizations. The majority existentialists are superficial, unstructured and insufficient and will not be successful when real disaster strikes.:The most important single cause for the failure of an organization ~ disaster recovery plan, will be that too much emphasis is being placed on the technical aspects rather than on the management or organizational aspects. The solutions an integrated approach of strategies and the multiple technologies which are available today. These strategies and technologies should be combined to meet the specific needs of the individual organization. The purpose of this dissertation was firstly to identify the most critical problems related to disaster recovery planning and secondly to provide a methodology for the development and implementation of a disaster recovery plan which addresses these problems. This methodology constitutes an enhancement on an existing information security methodology in order to establish a total information security strategy for a large organization with disaster recovery as an essential aspect of this strategy. The final disaster recovery planning methodology as proposed in this dissertation, was developed as a result of an extensive literature study undertook as well as involvement during the development of a disaster recovery system by the company which initiated this study.
- Full Text:
- Authors: Nel, Yvette
- Date: 2014-07-28
- Subjects: Computer networks - Security measures , Information technology
- Type: Thesis
- Identifier: uj:11844 , http://hdl.handle.net/10210/11576
- Description: M.Com. (Informatics) , The-utilization of information technology is essential for an organization, not only to handle daily business activities but also to facilitate management decisions. The greater the dependence of the organization upon information technology, the greater the risk the organization is exposed to in case of an information systems interruption. Computer disasters, such as fires, floods, storms, sabotage and human error, constitute a security threat which could prejudice the survival of an organization. Disaster recovery planning is a realistic and imperative activity for each organization whether large or small. In the light of the potential economic and legal implications o fa disaster, it is no longer acceptable not to be prepared for such an occurrence today.A well designed and tested disaster recovery plan, as part of the total information security strategy of the organization, is therefore not only essential in the terms of the recovery of business functions, but for the SURVIVAL of the organization. In viewpoint above, it can be expected that disaster counterrevolutionary be standard practice for all organizations. However that is not the case. The literature study undertook, as well as exposure in practice, indicate clearly that disaster recovery planning enjoys low priority in most organizations. The majority existentialists are superficial, unstructured and insufficient and will not be successful when real disaster strikes.:The most important single cause for the failure of an organization ~ disaster recovery plan, will be that too much emphasis is being placed on the technical aspects rather than on the management or organizational aspects. The solutions an integrated approach of strategies and the multiple technologies which are available today. These strategies and technologies should be combined to meet the specific needs of the individual organization. The purpose of this dissertation was firstly to identify the most critical problems related to disaster recovery planning and secondly to provide a methodology for the development and implementation of a disaster recovery plan which addresses these problems. This methodology constitutes an enhancement on an existing information security methodology in order to establish a total information security strategy for a large organization with disaster recovery as an essential aspect of this strategy. The final disaster recovery planning methodology as proposed in this dissertation, was developed as a result of an extensive literature study undertook as well as involvement during the development of a disaster recovery system by the company which initiated this study.
- Full Text:
Service oriented architecture governance tools within information security
- Authors: Mokgosi, Letlhogonolo
- Date: 2012-06-07
- Subjects: Service oriented architecture (Computer science) , Information security , Computer security , Information technology management , Management information systems , Computer networks - Security measures , Computer network architectures , Software architecture , Computer architecture
- Type: Thesis
- Identifier: uj:8655 , http://hdl.handle.net/10210/5010
- Description: M.Tech. , Service Oriented Architecture has many advantages. For example, organisations can align business with Information Technology, reuse the developed functionality, reduce development and maintain cost for applications. Organisations adopt Service Oriented Architecture with the aim of automating and integrating business processes. However, it has information security vulnerabilities that should be considered. For example, applications exchange information across the Internet, where it can be tampered with. Information security is therefore one of the crucial qualities that need to be satisfied within information systems. This dissertation addresses the issue of information security within Service Oriented Architecture applications. Some organisations rely on Service Oriented Architecture governance tools when securing information in their Service Oriented Architecture environment. However, they may purchase them without investigating whether they include information security. The aim of this dissertation is to analyse whether these tools include information security. Each tool is benchmarked against the five information security services, defined by the ISO 7498/2 document and including identification and authentication, authorisation, confidentiality, integrity and non-repudiation. The dissertation concludes with a table summarising the results. This dissertation offers decision-makers information that can assist them in analysing whether Service Oriented Architecture governance tools includes information security. It also assists organisations to be aware of security vulnerabilities within Service Oriented Architecture applications, and the consequences that may arise if information security measures are ignored.
- Full Text:
- Authors: Mokgosi, Letlhogonolo
- Date: 2012-06-07
- Subjects: Service oriented architecture (Computer science) , Information security , Computer security , Information technology management , Management information systems , Computer networks - Security measures , Computer network architectures , Software architecture , Computer architecture
- Type: Thesis
- Identifier: uj:8655 , http://hdl.handle.net/10210/5010
- Description: M.Tech. , Service Oriented Architecture has many advantages. For example, organisations can align business with Information Technology, reuse the developed functionality, reduce development and maintain cost for applications. Organisations adopt Service Oriented Architecture with the aim of automating and integrating business processes. However, it has information security vulnerabilities that should be considered. For example, applications exchange information across the Internet, where it can be tampered with. Information security is therefore one of the crucial qualities that need to be satisfied within information systems. This dissertation addresses the issue of information security within Service Oriented Architecture applications. Some organisations rely on Service Oriented Architecture governance tools when securing information in their Service Oriented Architecture environment. However, they may purchase them without investigating whether they include information security. The aim of this dissertation is to analyse whether these tools include information security. Each tool is benchmarked against the five information security services, defined by the ISO 7498/2 document and including identification and authentication, authorisation, confidentiality, integrity and non-repudiation. The dissertation concludes with a table summarising the results. This dissertation offers decision-makers information that can assist them in analysing whether Service Oriented Architecture governance tools includes information security. It also assists organisations to be aware of security vulnerabilities within Service Oriented Architecture applications, and the consequences that may arise if information security measures are ignored.
- Full Text:
Network intrusion detection with sensor fusion : performance bounds and benchmarks
- Mkuzangwe, Nenekazi Nokuthala Penelope
- Authors: Mkuzangwe, Nenekazi Nokuthala Penelope
- Date: 2020
- Subjects: Intrusion detection systems (Computer security) , Computer networks - Security measures , Multisensor data fusion
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/425183 , uj:36391
- Description: Abstract: The achievable performances of intrusion detection systems are unknown beforehand. Currently, intrusion detection researchers implement these systems before they can determine what the performances of their systems will be or compare the performance of their systems to existing systems in order to evaluate the performances of their systems . Another challenge of network researchers is the unavailability of real world traffic traces of network activities due to privacy and legal restrictions. This Thesis contributes to the literature by 1. presenting the achievable performances of the existing anomaly and learning based network intrusion detection systems (NIDSs) in detecting the Transmission Control Protocol (TCP) synchronised (SYN) flooding attacks. Two anomaly based algorithms, adaptive threshold and cumulative sum based algorithms were considered in building the anomaly based NIDSs. The logic OR operator was used to combine the outcomes of the two anomaly based algorithms to enhance their performance. The three algorithms were used to detect TCP SYN flooding attacks that were synthetically generated according to a Poisson process and constant interarrival times. The logic OR operator performed better than the two algorithms. The three algorithms detected the Poisson process attacks better than the constant interarrival times attacks. For the learning based NIDSs, the decision tree and a novel fuzzy logic based NIDSs were used to detect Neptune, which is a type of a TCP SYN flooding attack. The decision tree outperformed the fuzzy logic system. 2. providing the achievable upper bounds on the accuracies of two ensembles of classifiers based NIDSs. The first NIDS is an AdaBoost based ensemble that uses decision stamp as a base learner. The second NIDS is a Bagging based ensemble that uses a decision tree as a base learner. The obtained bounds will enable researchers to estimate the performance of their ensemble based NIDSs before they implement them and determine how well their ensemble based NIDSs are performing relative to these bounds. From the empirical studies, it was deduced that if the dataset entropy with respect to the features falls between 0.9578 to 0.9586 and the average information gain amongst the features used in the ensemble falls between 0.045615 and 0.25615 then the accuracy of the first NIDS will be at most 0.9065 and the accuracy of the second NIDS will be at best 0.9193. These obtained ensemble accuracy upper bounds hold irrespective of the attack or dataset provided that the features used in the ensemble (AdaBoosted decision stump ensemble or Bagged decision tree ensemble) have the same characteristics as the features used in this Thesis and the features are discretised in the same way as in this work... , D.Phil.
- Full Text:
- Authors: Mkuzangwe, Nenekazi Nokuthala Penelope
- Date: 2020
- Subjects: Intrusion detection systems (Computer security) , Computer networks - Security measures , Multisensor data fusion
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/425183 , uj:36391
- Description: Abstract: The achievable performances of intrusion detection systems are unknown beforehand. Currently, intrusion detection researchers implement these systems before they can determine what the performances of their systems will be or compare the performance of their systems to existing systems in order to evaluate the performances of their systems . Another challenge of network researchers is the unavailability of real world traffic traces of network activities due to privacy and legal restrictions. This Thesis contributes to the literature by 1. presenting the achievable performances of the existing anomaly and learning based network intrusion detection systems (NIDSs) in detecting the Transmission Control Protocol (TCP) synchronised (SYN) flooding attacks. Two anomaly based algorithms, adaptive threshold and cumulative sum based algorithms were considered in building the anomaly based NIDSs. The logic OR operator was used to combine the outcomes of the two anomaly based algorithms to enhance their performance. The three algorithms were used to detect TCP SYN flooding attacks that were synthetically generated according to a Poisson process and constant interarrival times. The logic OR operator performed better than the two algorithms. The three algorithms detected the Poisson process attacks better than the constant interarrival times attacks. For the learning based NIDSs, the decision tree and a novel fuzzy logic based NIDSs were used to detect Neptune, which is a type of a TCP SYN flooding attack. The decision tree outperformed the fuzzy logic system. 2. providing the achievable upper bounds on the accuracies of two ensembles of classifiers based NIDSs. The first NIDS is an AdaBoost based ensemble that uses decision stamp as a base learner. The second NIDS is a Bagging based ensemble that uses a decision tree as a base learner. The obtained bounds will enable researchers to estimate the performance of their ensemble based NIDSs before they implement them and determine how well their ensemble based NIDSs are performing relative to these bounds. From the empirical studies, it was deduced that if the dataset entropy with respect to the features falls between 0.9578 to 0.9586 and the average information gain amongst the features used in the ensemble falls between 0.045615 and 0.25615 then the accuracy of the first NIDS will be at most 0.9065 and the accuracy of the second NIDS will be at best 0.9193. These obtained ensemble accuracy upper bounds hold irrespective of the attack or dataset provided that the features used in the ensemble (AdaBoosted decision stump ensemble or Bagged decision tree ensemble) have the same characteristics as the features used in this Thesis and the features are discretised in the same way as in this work... , D.Phil.
- Full Text:
Network intrusion detection system using neural networks approach in networked biometrics system
- Authors: Mgabile, Tinny
- Date: 2014-04-09
- Subjects: Computer networks - Security measures , Neural networks (Computer science) , Pattern recognition systems , Biometric identification
- Type: Thesis
- Identifier: uj:10528 , http://hdl.handle.net/10210/10054
- Description: M.Phil. (Electrical and Electronic Engineering) , Network security has become increasingly important as more and more applica- tions are making their way into the market. The research community has proposed various methods to build a reliable network intrusion detection system to detect unauthorised activities in networked systems. However many network intrusion detection systems that have been reported in literature su er from an excessive number of false positives, false negatives, and are unable to cope with new, elegant and structured attacks. This is mainly because most network intrusion detection systems rely on security experts to analyze the network tra c data and manually construct intrusion detection rules. This study proposes to use a machine learning technique such as neural network approach to anomaly based network intrusion detection system (NIDS). The main objective for this study is to construct an NIDS model that will produce approx- imate to zero false positive or no false positive at all and have high degree of accuracy in detecting network attacks. The neural network (NN) model is trained on a biometric networked system dataset simulated in the study, containing strictly replayed and normal network tra c that encourage the development of the pro- posed NIDS. By analyzing the NN{based NIDS results, the study reached the false positive rate of 0, and high accuracy rate of 100 percent. To support the results obtained in this study, the performance of the NN{based NIDS was compared to two other classi cation methods (k{nearest neighbor algorithm (KNN) and Naive Bayes). The results obtained from KNN and naive Bayes were 99.87 and 99.75 percent respectively. These results show that the proposed model can successfully be used as an e ective tool for solving complicated classi cation problems such as NIDS.
- Full Text:
- Authors: Mgabile, Tinny
- Date: 2014-04-09
- Subjects: Computer networks - Security measures , Neural networks (Computer science) , Pattern recognition systems , Biometric identification
- Type: Thesis
- Identifier: uj:10528 , http://hdl.handle.net/10210/10054
- Description: M.Phil. (Electrical and Electronic Engineering) , Network security has become increasingly important as more and more applica- tions are making their way into the market. The research community has proposed various methods to build a reliable network intrusion detection system to detect unauthorised activities in networked systems. However many network intrusion detection systems that have been reported in literature su er from an excessive number of false positives, false negatives, and are unable to cope with new, elegant and structured attacks. This is mainly because most network intrusion detection systems rely on security experts to analyze the network tra c data and manually construct intrusion detection rules. This study proposes to use a machine learning technique such as neural network approach to anomaly based network intrusion detection system (NIDS). The main objective for this study is to construct an NIDS model that will produce approx- imate to zero false positive or no false positive at all and have high degree of accuracy in detecting network attacks. The neural network (NN) model is trained on a biometric networked system dataset simulated in the study, containing strictly replayed and normal network tra c that encourage the development of the pro- posed NIDS. By analyzing the NN{based NIDS results, the study reached the false positive rate of 0, and high accuracy rate of 100 percent. To support the results obtained in this study, the performance of the NN{based NIDS was compared to two other classi cation methods (k{nearest neighbor algorithm (KNN) and Naive Bayes). The results obtained from KNN and naive Bayes were 99.87 and 99.75 percent respectively. These results show that the proposed model can successfully be used as an e ective tool for solving complicated classi cation problems such as NIDS.
- Full Text:
A socio-technical systems cybersecurity optimisation process : the systems engineering management approach
- Authors: Malatji, Masike
- Date: 2019
- Subjects: Cyberspace - Security measures , Computer networks - Security measures , Cyberterrorism
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/417550 , uj:35366
- Description: Abstract: Despite the emergence of artificial intelligence-powered enterprise systems security solutions, it was found that at least 90% of malicious cyberattacks resulted from human behaviour or error. This and various other studies over the past 11 years confirmed that the human being remains the weakest link in the entire enterprise systems security chain. In addition, evidence seemed to suggest that many enterprises are still taking overly techno-centric approaches to cybersecurity risk and increase the chances of missing the bigger picture. With that, the study sought to understand how a bigger enterprise systems security picture could be realised. In particular, the aim of this study was to identify and address socio-technical security gaps in existing enterprise systems security frameworks, which encompass information security, cybersecurity, information technology security and physical security. The importance of the study was to highlight that taking overly techno-centric approaches to enterprise systems security risk has not yielded significantly positive results for organisations. A big picture approach is required to attain a holistic enterprise systems security optimisation state. A socio-technical approach to enterprise systems security was adopted to develop the ‘big picture’ solution. This was achieved through the application of the socio-technical systems theory to the enterprise systems security domain. The cornerstone and foundation of the socio-technical systems approach is joint optimisation, which is a technique that is more concerned with harnessing the best of both the technical and social (including human) aspects of an enterprise structure and processes. This culminated into the development of an integrated management process to identify and address socio-technical security gaps in existing enterprise systems security programs. A mixed-methods research approach where the focus group, in-depth personal interviews and online surveys were employed to test for the validation of the integrated management process was adopted. This resulted in the finalisation and desktop application of the integrated management process on the COBIT® 5 for Information Security framework. Thus, the management process for security joint optimisation would benefit the information security, cybersecurity and information technology security community of practitioners to holistically optimise enterprise systems security practices. Moreover, the management process would benefit, especially those, who practice enterprise systems security at strategic (policy driven) and tactical (guideline driven) levels for security joint optimisation at operational level. , D.Ing. (Engineering Management)
- Full Text:
- Authors: Malatji, Masike
- Date: 2019
- Subjects: Cyberspace - Security measures , Computer networks - Security measures , Cyberterrorism
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/417550 , uj:35366
- Description: Abstract: Despite the emergence of artificial intelligence-powered enterprise systems security solutions, it was found that at least 90% of malicious cyberattacks resulted from human behaviour or error. This and various other studies over the past 11 years confirmed that the human being remains the weakest link in the entire enterprise systems security chain. In addition, evidence seemed to suggest that many enterprises are still taking overly techno-centric approaches to cybersecurity risk and increase the chances of missing the bigger picture. With that, the study sought to understand how a bigger enterprise systems security picture could be realised. In particular, the aim of this study was to identify and address socio-technical security gaps in existing enterprise systems security frameworks, which encompass information security, cybersecurity, information technology security and physical security. The importance of the study was to highlight that taking overly techno-centric approaches to enterprise systems security risk has not yielded significantly positive results for organisations. A big picture approach is required to attain a holistic enterprise systems security optimisation state. A socio-technical approach to enterprise systems security was adopted to develop the ‘big picture’ solution. This was achieved through the application of the socio-technical systems theory to the enterprise systems security domain. The cornerstone and foundation of the socio-technical systems approach is joint optimisation, which is a technique that is more concerned with harnessing the best of both the technical and social (including human) aspects of an enterprise structure and processes. This culminated into the development of an integrated management process to identify and address socio-technical security gaps in existing enterprise systems security programs. A mixed-methods research approach where the focus group, in-depth personal interviews and online surveys were employed to test for the validation of the integrated management process was adopted. This resulted in the finalisation and desktop application of the integrated management process on the COBIT® 5 for Information Security framework. Thus, the management process for security joint optimisation would benefit the information security, cybersecurity and information technology security community of practitioners to holistically optimise enterprise systems security practices. Moreover, the management process would benefit, especially those, who practice enterprise systems security at strategic (policy driven) and tactical (guideline driven) levels for security joint optimisation at operational level. , D.Ing. (Engineering Management)
- Full Text:
Authorisation as audit risk in an information technology environment
- Authors: Kruger, Willem Jacobus
- Date: 2014-02-05
- Subjects: Auditing - Access control. , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:3679 , http://hdl.handle.net/10210/9062
- Description: M.Comm. , Please refer to full text to view abstract
- Full Text:
- Authors: Kruger, Willem Jacobus
- Date: 2014-02-05
- Subjects: Auditing - Access control. , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:3679 , http://hdl.handle.net/10210/9062
- Description: M.Comm. , Please refer to full text to view abstract
- Full Text:
The evaluation and analysis of the control facilities in a network environment with specific reference to Novell 4
- Authors: Kleinsmit, Michael J.
- Date: 2015-09-08
- Subjects: Netware Novell 4 (Computer operating system) , Computer networks - Security measures , Database security , Electronic data processing - Auditing
- Type: Thesis
- Identifier: uj:14074 , http://hdl.handle.net/10210/14490
- Description: M.Com. , The auditor has the objective to express an opinion on the financial statements on which he is reporting. It is important for the auditor to know that the data which he is auditing has not been changed without the necessary authority or been lost and that the data meets the three Information Security Objectives (IS0s) ...
- Full Text:
- Authors: Kleinsmit, Michael J.
- Date: 2015-09-08
- Subjects: Netware Novell 4 (Computer operating system) , Computer networks - Security measures , Database security , Electronic data processing - Auditing
- Type: Thesis
- Identifier: uj:14074 , http://hdl.handle.net/10210/14490
- Description: M.Com. , The auditor has the objective to express an opinion on the financial statements on which he is reporting. It is important for the auditor to know that the data which he is auditing has not been changed without the necessary authority or been lost and that the data meets the three Information Security Objectives (IS0s) ...
- Full Text:
A systematic literature review of the Internet of Things
- Authors: Khanyile, Sibusiso
- Date: 2017
- Subjects: Internet of things , Embedded Internet devices , Mobile computing , Computer networks - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/269236 , uj:28602
- Description: Abstract: The explosiveness of the internet continuously transforms communication between people and information technology systems. The mass adoption of the web transformed the methods of communication, giving the ability to interconnect anytime, anywhere in different time zones in the world. The information technology development is the primary bridge that enabled a seamlessly connected environment despite geographical location. The technology progressions from accessing information from the internet through mobile devices using social media to deliver information to users brought enrichment to society and enterprises with information at fingertips. With this interest, there has been a rise in academic interest resulting in an acceleration of research on the Internet of Things (IoT). The scientific research in IoT has been exponentially growing in the last decade. There has been an abundance of research material generated on the issues of IoT. The research primarily focuses on the rise of the research interest in IoT for the industrial sector in the last decade. Moreover, the research provides a systematic review in the attempt to address IoT security, standards, and practices. The dissertation highlights the rise in scientific research in IoT lead by Energy, Industry 4.0 and Health. The IoT proliferation in the noted industry sectors attracts security concerns; several security themes are presented in conjunction with standards and practices to address the issue of security. Moreover, the research provides a systematic review in the attempt to address IoT security, standards, and practices. The review process identified 632 papers, of which 45 primary studies are classified pertinent to the IoT security. The data is extracted from articles to determine various challenges of IoT concerning security. The evaluation process identified the strategies to deal with issues arising from IoT and provided a review of initiatives by standards bodies to combat IoT security. The findings are expected to help other researchers and experts in the field of IoT to understand the challenges involved with technology evolution of IoT and the approaches offered to deal with them. , M.Phil. (Engineering Management)
- Full Text:
- Authors: Khanyile, Sibusiso
- Date: 2017
- Subjects: Internet of things , Embedded Internet devices , Mobile computing , Computer networks - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/269236 , uj:28602
- Description: Abstract: The explosiveness of the internet continuously transforms communication between people and information technology systems. The mass adoption of the web transformed the methods of communication, giving the ability to interconnect anytime, anywhere in different time zones in the world. The information technology development is the primary bridge that enabled a seamlessly connected environment despite geographical location. The technology progressions from accessing information from the internet through mobile devices using social media to deliver information to users brought enrichment to society and enterprises with information at fingertips. With this interest, there has been a rise in academic interest resulting in an acceleration of research on the Internet of Things (IoT). The scientific research in IoT has been exponentially growing in the last decade. There has been an abundance of research material generated on the issues of IoT. The research primarily focuses on the rise of the research interest in IoT for the industrial sector in the last decade. Moreover, the research provides a systematic review in the attempt to address IoT security, standards, and practices. The dissertation highlights the rise in scientific research in IoT lead by Energy, Industry 4.0 and Health. The IoT proliferation in the noted industry sectors attracts security concerns; several security themes are presented in conjunction with standards and practices to address the issue of security. Moreover, the research provides a systematic review in the attempt to address IoT security, standards, and practices. The review process identified 632 papers, of which 45 primary studies are classified pertinent to the IoT security. The data is extracted from articles to determine various challenges of IoT concerning security. The evaluation process identified the strategies to deal with issues arising from IoT and provided a review of initiatives by standards bodies to combat IoT security. The findings are expected to help other researchers and experts in the field of IoT to understand the challenges involved with technology evolution of IoT and the approaches offered to deal with them. , M.Phil. (Engineering Management)
- Full Text:
The management of networks with specific reference to security management
- Authors: Kersten, Karin
- Date: 2012-08-15
- Subjects: Computer networks - Management , Computer networks - Security measures , Computer crimes
- Type: Thesis
- Identifier: uj:9296 , http://hdl.handle.net/10210/5739
- Description: M.Comm. , This dissertation is devoted to an investigation into the network-management environment, with special emphasis on the security aspects and the provision of a reference framework when choosing a network-management product. The dissertation is aimed at those responsible for network-management and the selection of the various network-management products by providing a framework for evaluating network management products. The first four chapters provide the background to the reference framework. The following two chapters are devoted to those aspects to be taken into consideration when evaluating a network-management product. The consolidation and the case study in chapters seven and eight provide an abridged version of the framework and illustrate how the framework could be applied to a network-management product. Chapter one provides the background to the reference framework regarding networks and network-management. The concept of network-management is introduced, as well as the three forms of architectures that could be implemented, namely centralised, hierarchical and distributed architectures. A number of network-management functions have to be taken into consideration when evaluating a network-management package, namely configuration, asset, fault, performance, accounting and security management. These functions are also covered in chapter six. Chapter two provides the background to the security aspect of the reference framework. The three main topics covered in this respect are the definition of network-security, computer crime and specific elements of network-security. This chapter also provides a springboard for the evaluation of the network-management environment, as well as an idea of what issues and measures should be addressed and taken in order to prevent, or at least minimise, the effects of network-security breaches. Chapter three covers issues relating to network-security responsibilities, with special reference to the management side of network-management, including those issues that management should take into consideration when evaluating the network-management environment. Two methods that could be implemented include network-management policies and strategies. Network-security policies and strategies encompass those issues necessary for effective security within an organisation. This chapter, however, covers the more theoretical or higher-level goals or objectives of network-management. Chapter four relates to more of the day-to-day management issues of the network-security and the network-security management services and functions that should be considered. These include issues such as network-security services, managing network access, monitoring and controlling the network security system and the maintenance and modification of the said system. Network-management product considerations are discussed in chapter five, which chapter can be viewed as the business and practical side of the reference framework. The topics discussed here are more closely related to the business considerations when evaluating a networkmanagement package and the practical issues of network-management. Topics discussed in this chapter include security and network-management products, practical approaches to choosing network-management products, critical success factors of network-management and analysis of the cost component. In contrast to these issues, the reference framework expounded in chapter six concentrates on the technical and network-management functions. Chapter six constitutes the culmination of the present dissertation in the form of a reference framework, which is for the greater part formulated along the lines of the criteria given. This reference framework is aimed at those experts enlisted to evaluate and select networkmanagement products, specifically as far as their security-management features are concerned. The areas covered include the user framework, the product framework, networkfault management, network-performance management, network-accounting management, network configuration and change management, network-security management and conformance testing. The topics discussed are, however, by no means exclusive and there are a number of other issues that have not been addressed in this dissertation, but which, depending on the network environment, would have to be taken into consideration. Chapter seven is a consolidation of the reference framework given in chapter six, as well as of some of the main points and criteria that could be considered when performing a quick evaluation of a product. This chapter does not, however, make any pretence to being exhaustive, but merely serves to highlight a few crucial criteria. Chapter eight is devoted to a case study in terms of which the reference framework is applied to a network-management product. In conclusion, a summary of the dissertation is given in chapter nine.
- Full Text:
- Authors: Kersten, Karin
- Date: 2012-08-15
- Subjects: Computer networks - Management , Computer networks - Security measures , Computer crimes
- Type: Thesis
- Identifier: uj:9296 , http://hdl.handle.net/10210/5739
- Description: M.Comm. , This dissertation is devoted to an investigation into the network-management environment, with special emphasis on the security aspects and the provision of a reference framework when choosing a network-management product. The dissertation is aimed at those responsible for network-management and the selection of the various network-management products by providing a framework for evaluating network management products. The first four chapters provide the background to the reference framework. The following two chapters are devoted to those aspects to be taken into consideration when evaluating a network-management product. The consolidation and the case study in chapters seven and eight provide an abridged version of the framework and illustrate how the framework could be applied to a network-management product. Chapter one provides the background to the reference framework regarding networks and network-management. The concept of network-management is introduced, as well as the three forms of architectures that could be implemented, namely centralised, hierarchical and distributed architectures. A number of network-management functions have to be taken into consideration when evaluating a network-management package, namely configuration, asset, fault, performance, accounting and security management. These functions are also covered in chapter six. Chapter two provides the background to the security aspect of the reference framework. The three main topics covered in this respect are the definition of network-security, computer crime and specific elements of network-security. This chapter also provides a springboard for the evaluation of the network-management environment, as well as an idea of what issues and measures should be addressed and taken in order to prevent, or at least minimise, the effects of network-security breaches. Chapter three covers issues relating to network-security responsibilities, with special reference to the management side of network-management, including those issues that management should take into consideration when evaluating the network-management environment. Two methods that could be implemented include network-management policies and strategies. Network-security policies and strategies encompass those issues necessary for effective security within an organisation. This chapter, however, covers the more theoretical or higher-level goals or objectives of network-management. Chapter four relates to more of the day-to-day management issues of the network-security and the network-security management services and functions that should be considered. These include issues such as network-security services, managing network access, monitoring and controlling the network security system and the maintenance and modification of the said system. Network-management product considerations are discussed in chapter five, which chapter can be viewed as the business and practical side of the reference framework. The topics discussed here are more closely related to the business considerations when evaluating a networkmanagement package and the practical issues of network-management. Topics discussed in this chapter include security and network-management products, practical approaches to choosing network-management products, critical success factors of network-management and analysis of the cost component. In contrast to these issues, the reference framework expounded in chapter six concentrates on the technical and network-management functions. Chapter six constitutes the culmination of the present dissertation in the form of a reference framework, which is for the greater part formulated along the lines of the criteria given. This reference framework is aimed at those experts enlisted to evaluate and select networkmanagement products, specifically as far as their security-management features are concerned. The areas covered include the user framework, the product framework, networkfault management, network-performance management, network-accounting management, network configuration and change management, network-security management and conformance testing. The topics discussed are, however, by no means exclusive and there are a number of other issues that have not been addressed in this dissertation, but which, depending on the network environment, would have to be taken into consideration. Chapter seven is a consolidation of the reference framework given in chapter six, as well as of some of the main points and criteria that could be considered when performing a quick evaluation of a product. This chapter does not, however, make any pretence to being exhaustive, but merely serves to highlight a few crucial criteria. Chapter eight is devoted to a case study in terms of which the reference framework is applied to a network-management product. In conclusion, a summary of the dissertation is given in chapter nine.
- Full Text:
Development and evaluation of a deep learning based intrusion detection model for wireless networks
- Authors: Kasongo, Sydney Mambwe
- Date: 2020
- Subjects: Wireless communication networks - Access control , Intrusion detection systems (Computer security) , Computer networks - Security measures , Machine learning
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/418298 , uj:35460
- Description: Abstract: In recent times, there has been an extensive and expeditious growth and advancement of information and communication related technologies as well an advancement of the Internet. With these technological breakthroughs came the rapid development of wireless enabled devices. Consequently, the expansion of wireless networks capable of handling the increasing volume of information generated by those networks became inevitable. As a result, wireless networks are vulnerable and exposed to numerous security threats as well as privacy concerns. Currently, the existing protective and preventive measures such as wired and wireless Intrusion Detection Systems (IDSs) are not fully immune to the growing number of network intrusions instances. An IDS has a critical role in ensuring that various networks are secured and protected against attacks. Research has demonstrated that the majority of current IDS systems do not perform at the required level. There exists many types of IDS systems; however, we focused on Machine Learning (ML) and Deep Learning (DL) based IDSs. The performance of current ML and DL based IDS systems for wired and wireless networks suffer from a low level of detection accuracy and a high ratio of false alarm rate. Moreover, the increase in the amount of data generated by the wired and wireless networks has caused the datasets required to design and implement ML and DL based IDSs to become highly dimensional in terms of features and extremely complex in terms of the types of data. In this thesis, we design and implement DL based IDS systems using Feed Forward Deep Neural Networks (FFDNNs), Deep Long-Short Term Memory Recurrent Neural Networks (DLSTM RNNs) and Deep Gated Recurrent Unit Recurrent Recurrent Neural Networks (DGRU RNNs). In the aim to tackle the issue of the highly dimensional input spaces, we further implement an Information Gain (IG) based feature extraction method that is conjoined with the FFDNNs. We also devised and implemented two wrapper-based feature selection algorithms. One is based on the Extra-Trees (ET) classifier and the other is inspired from the Random Forest (RF) classifier. The ET is coupled with the DLSTM RNNs and the DGRU RNNs. The RF is used in conjunction with FFDNNs. In order to evaluate the performance of our frameworks, the following three datasets were used: the NSL-Knowledge Discovery and Data mining (NSL-KDD) dataset, the University of New South Wales-NB15 (UNSW-NB15) dataset and the Aegean Wi-Fi Intrusion Dataset (AWID). , Ph.D. (Electrical and Electronic Engineering)
- Full Text:
- Authors: Kasongo, Sydney Mambwe
- Date: 2020
- Subjects: Wireless communication networks - Access control , Intrusion detection systems (Computer security) , Computer networks - Security measures , Machine learning
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/418298 , uj:35460
- Description: Abstract: In recent times, there has been an extensive and expeditious growth and advancement of information and communication related technologies as well an advancement of the Internet. With these technological breakthroughs came the rapid development of wireless enabled devices. Consequently, the expansion of wireless networks capable of handling the increasing volume of information generated by those networks became inevitable. As a result, wireless networks are vulnerable and exposed to numerous security threats as well as privacy concerns. Currently, the existing protective and preventive measures such as wired and wireless Intrusion Detection Systems (IDSs) are not fully immune to the growing number of network intrusions instances. An IDS has a critical role in ensuring that various networks are secured and protected against attacks. Research has demonstrated that the majority of current IDS systems do not perform at the required level. There exists many types of IDS systems; however, we focused on Machine Learning (ML) and Deep Learning (DL) based IDSs. The performance of current ML and DL based IDS systems for wired and wireless networks suffer from a low level of detection accuracy and a high ratio of false alarm rate. Moreover, the increase in the amount of data generated by the wired and wireless networks has caused the datasets required to design and implement ML and DL based IDSs to become highly dimensional in terms of features and extremely complex in terms of the types of data. In this thesis, we design and implement DL based IDS systems using Feed Forward Deep Neural Networks (FFDNNs), Deep Long-Short Term Memory Recurrent Neural Networks (DLSTM RNNs) and Deep Gated Recurrent Unit Recurrent Recurrent Neural Networks (DGRU RNNs). In the aim to tackle the issue of the highly dimensional input spaces, we further implement an Information Gain (IG) based feature extraction method that is conjoined with the FFDNNs. We also devised and implemented two wrapper-based feature selection algorithms. One is based on the Extra-Trees (ET) classifier and the other is inspired from the Random Forest (RF) classifier. The ET is coupled with the DLSTM RNNs and the DGRU RNNs. The RF is used in conjunction with FFDNNs. In order to evaluate the performance of our frameworks, the following three datasets were used: the NSL-Knowledge Discovery and Data mining (NSL-KDD) dataset, the University of New South Wales-NB15 (UNSW-NB15) dataset and the Aegean Wi-Fi Intrusion Dataset (AWID). , Ph.D. (Electrical and Electronic Engineering)
- Full Text:
Best practice strategy framework for developing countries to secure cyberspace
- Authors: Jaquire, Victor John
- Date: 2015-11-12
- Subjects: Computer networks - Security measures , Data encryption (Computer science) , Cyberspace - Security measures , Cyberterrorism - Prevention , Information warfare - Prevention
- Type: Thesis
- Identifier: uj:14558 , http://hdl.handle.net/10210/15091
- Description: M.Com. (Informatics) , Cyber issues are global phenomena in a world of inter-related systems, and as such, the discussion on cybersecurity frameworks, policies and strategies inevitably requires reference to, and benchmarking with regional, continental and global trends and solutions. This, in the context of the effects of globalisation on developing countries, with specific reference to areas such as Africa as a developing continent with regard to the protection of its cyberspace. More drastic measures, such as the utilization of cyber warfare techniques and pre-emptive cyber strike-teams in addition to traditional cybersecurity mechanisms as an essential part of a national security effort to protect cyberspace has become more prevalent within the developed worlds. Likewise, developing nations need to gear themselves in a structured, coordinated and responsible way in order to do their part to secure their own environments. Cyberspace is a dynamic global environment with cyber related issues being a global concern. Although countries generally regulate their own cyber environment through policy; cross-border cyber issues are difficult to resolve and the lack of international cyber laws impede cybersecurity efforts. Cybercrime and the management of cross-border cyber incidents are becoming a growing national security concern as the lack of effective controls leave critical infrastructure and the cyber-connected environment vulnerable to attack. Some developing countries are on track with the maturity of their cybersecurity initiatives, but appropriate cybersecurity frameworks for many developing countries require careful consideration, especially due to the lack of resources, infrastructure and local technology development capabilities.
- Full Text:
- Authors: Jaquire, Victor John
- Date: 2015-11-12
- Subjects: Computer networks - Security measures , Data encryption (Computer science) , Cyberspace - Security measures , Cyberterrorism - Prevention , Information warfare - Prevention
- Type: Thesis
- Identifier: uj:14558 , http://hdl.handle.net/10210/15091
- Description: M.Com. (Informatics) , Cyber issues are global phenomena in a world of inter-related systems, and as such, the discussion on cybersecurity frameworks, policies and strategies inevitably requires reference to, and benchmarking with regional, continental and global trends and solutions. This, in the context of the effects of globalisation on developing countries, with specific reference to areas such as Africa as a developing continent with regard to the protection of its cyberspace. More drastic measures, such as the utilization of cyber warfare techniques and pre-emptive cyber strike-teams in addition to traditional cybersecurity mechanisms as an essential part of a national security effort to protect cyberspace has become more prevalent within the developed worlds. Likewise, developing nations need to gear themselves in a structured, coordinated and responsible way in order to do their part to secure their own environments. Cyberspace is a dynamic global environment with cyber related issues being a global concern. Although countries generally regulate their own cyber environment through policy; cross-border cyber issues are difficult to resolve and the lack of international cyber laws impede cybersecurity efforts. Cybercrime and the management of cross-border cyber incidents are becoming a growing national security concern as the lack of effective controls leave critical infrastructure and the cyber-connected environment vulnerable to attack. Some developing countries are on track with the maturity of their cybersecurity initiatives, but appropriate cybersecurity frameworks for many developing countries require careful consideration, especially due to the lack of resources, infrastructure and local technology development capabilities.
- Full Text:
Critical information infrastructure protection for developing countries
- Authors: Ellefsen, Ian David
- Date: 2012-08-16
- Subjects: Computer crimes prevention , Computer security , Computer networks - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:9498 , http://hdl.handle.net/10210/5928
- Description: D.Phil.(Computer Science) , In this thesis we will investigate the development of Critical Information Infrastructure Protection (CIIP) structures in the developing world. Developing regions are experiencing fast-paced development of information infrastructures, and improvements in related technologies such as Internet connectivity and wireless technologies. The use of these new technologies and the number of new users that are introduced to the Internet can allow cyber threats to flourish. In many cases, Computer Security Incident Response Teams (CSIRTs) can be used to provide CIIP. However, the development of traditional CSIRT-like structures can be problematic in developing regions where technological challenges, legal frameworks, and limited capacity can reduce its overall effectiveness. In this thesis we will introduce the Community-oriented Security, Advisory and Warning (C-SAW) Team. This model is designed to address the challenges to CIIP faced by developing regions by defining a structure that is loosely-coupled and flexible in nature. Furthermore, the aspect of community-orientation is used to allow a C-SAW Team to operate within a designated community of members. This thesis is divided into three primary parts. In Part 1 we will discuss the background research undertaken during this study. The background chapters will lay the foundation for the later chapters in this thesis. In Part 2 we will introduce the C-SAW Team model and elaborate on the construction, relationships, positioning, services, and framework in which it can be deployed. Finally, in Part 3 we present our conclusions to this thesis.
- Full Text:
- Authors: Ellefsen, Ian David
- Date: 2012-08-16
- Subjects: Computer crimes prevention , Computer security , Computer networks - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:9498 , http://hdl.handle.net/10210/5928
- Description: D.Phil.(Computer Science) , In this thesis we will investigate the development of Critical Information Infrastructure Protection (CIIP) structures in the developing world. Developing regions are experiencing fast-paced development of information infrastructures, and improvements in related technologies such as Internet connectivity and wireless technologies. The use of these new technologies and the number of new users that are introduced to the Internet can allow cyber threats to flourish. In many cases, Computer Security Incident Response Teams (CSIRTs) can be used to provide CIIP. However, the development of traditional CSIRT-like structures can be problematic in developing regions where technological challenges, legal frameworks, and limited capacity can reduce its overall effectiveness. In this thesis we will introduce the Community-oriented Security, Advisory and Warning (C-SAW) Team. This model is designed to address the challenges to CIIP faced by developing regions by defining a structure that is loosely-coupled and flexible in nature. Furthermore, the aspect of community-orientation is used to allow a C-SAW Team to operate within a designated community of members. This thesis is divided into three primary parts. In Part 1 we will discuss the background research undertaken during this study. The background chapters will lay the foundation for the later chapters in this thesis. In Part 2 we will introduce the C-SAW Team model and elaborate on the construction, relationships, positioning, services, and framework in which it can be deployed. Finally, in Part 3 we present our conclusions to this thesis.
- Full Text:
A model for the evaluation of control with reference to a simple path context model in a UNIX environment
- Authors: Du Plessis, Gerrit Steyn
- Date: 2015-09-08
- Subjects: Computer security - Evaluation , UNIX (Computer file) , Auditing - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:14055 , http://hdl.handle.net/10210/14471
- Description: M.Com. , Information and the IT systems that support it are important business assets. Their availability, integrity and confidentiality are essential to maintain an organisations competitive edge, cash flow, profitability, company image and compliance with legal requirements. Organisations world-wide are now facing increased security threats from a wide range of sources. Information systems may be the target of a range of serious threats including computer-based fraud, espionage, sabotage, vandalism and other sources of failure or disaster ...
- Full Text:
- Authors: Du Plessis, Gerrit Steyn
- Date: 2015-09-08
- Subjects: Computer security - Evaluation , UNIX (Computer file) , Auditing - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:14055 , http://hdl.handle.net/10210/14471
- Description: M.Com. , Information and the IT systems that support it are important business assets. Their availability, integrity and confidentiality are essential to maintain an organisations competitive edge, cash flow, profitability, company image and compliance with legal requirements. Organisations world-wide are now facing increased security threats from a wide range of sources. Information systems may be the target of a range of serious threats including computer-based fraud, espionage, sabotage, vandalism and other sources of failure or disaster ...
- Full Text:
Alert modeling on supervisory control and data acquisition system with remote terminal unit
- Authors: Dey, A.K.
- Date: 2015
- Subjects: Supervisory control systems , Automatic data collection systems , Computer networks - Security measures , Computer security
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/82632 , uj:18981
- Description: Abstract: Supervisory control and data acquisition (SCADA) systems have evolved over from standalone, compartmentalized operations into networked architectures that communicate across large distances. In addition, their implementations have migrated from custom hardware and software to standard hardware and software platforms. These changes have led to reduced development and operational as well as providing executive management with real-time information that can be used to support planning, supervision, and decision making. For reasons of efficiency, maintenance, data acquisition and control platforms have migrated from isolated in-plant networks security using proprietary hardware and software to Remote Terminal Unit using standard software, network protocols, and the Internet. Control engineering might be absorbed or closely integrated with the corporate software. Integrating SCADA data collection and alert monitoring with corporate customer data provides management with an increased ability to run the organization more efficiently and effectively. This thesis provides a conceptual analysis for the creation of a SCADA network security exploration alert. A framework application using common SCADA network security logic is created to provide a proof of concept. Development of a viable alert system for identifying SCADA network remotely will help improve critical infrastructure security by improving situational awareness for network managers. , M.Eng.
- Full Text:
- Authors: Dey, A.K.
- Date: 2015
- Subjects: Supervisory control systems , Automatic data collection systems , Computer networks - Security measures , Computer security
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/82632 , uj:18981
- Description: Abstract: Supervisory control and data acquisition (SCADA) systems have evolved over from standalone, compartmentalized operations into networked architectures that communicate across large distances. In addition, their implementations have migrated from custom hardware and software to standard hardware and software platforms. These changes have led to reduced development and operational as well as providing executive management with real-time information that can be used to support planning, supervision, and decision making. For reasons of efficiency, maintenance, data acquisition and control platforms have migrated from isolated in-plant networks security using proprietary hardware and software to Remote Terminal Unit using standard software, network protocols, and the Internet. Control engineering might be absorbed or closely integrated with the corporate software. Integrating SCADA data collection and alert monitoring with corporate customer data provides management with an increased ability to run the organization more efficiently and effectively. This thesis provides a conceptual analysis for the creation of a SCADA network security exploration alert. A framework application using common SCADA network security logic is created to provide a proof of concept. Development of a viable alert system for identifying SCADA network remotely will help improve critical infrastructure security by improving situational awareness for network managers. , M.Eng.
- Full Text: