'n Bestuurs- en metodologiese benadering tot gebeurlikheidsbeplanning vir die gerekenariseerde stelsels van 'n organisasie
- Authors: Nel, Yvette
- Date: 2014-07-28
- Subjects: Computer networks - Security measures , Information technology
- Type: Thesis
- Identifier: uj:11844 , http://hdl.handle.net/10210/11576
- Description: M.Com. (Informatics) , The-utilization of information technology is essential for an organization, not only to handle daily business activities but also to facilitate management decisions. The greater the dependence of the organization upon information technology, the greater the risk the organization is exposed to in case of an information systems interruption. Computer disasters, such as fires, floods, storms, sabotage and human error, constitute a security threat which could prejudice the survival of an organization. Disaster recovery planning is a realistic and imperative activity for each organization whether large or small. In the light of the potential economic and legal implications o fa disaster, it is no longer acceptable not to be prepared for such an occurrence today.A well designed and tested disaster recovery plan, as part of the total information security strategy of the organization, is therefore not only essential in the terms of the recovery of business functions, but for the SURVIVAL of the organization. In viewpoint above, it can be expected that disaster counterrevolutionary be standard practice for all organizations. However that is not the case. The literature study undertook, as well as exposure in practice, indicate clearly that disaster recovery planning enjoys low priority in most organizations. The majority existentialists are superficial, unstructured and insufficient and will not be successful when real disaster strikes.:The most important single cause for the failure of an organization ~ disaster recovery plan, will be that too much emphasis is being placed on the technical aspects rather than on the management or organizational aspects. The solutions an integrated approach of strategies and the multiple technologies which are available today. These strategies and technologies should be combined to meet the specific needs of the individual organization. The purpose of this dissertation was firstly to identify the most critical problems related to disaster recovery planning and secondly to provide a methodology for the development and implementation of a disaster recovery plan which addresses these problems. This methodology constitutes an enhancement on an existing information security methodology in order to establish a total information security strategy for a large organization with disaster recovery as an essential aspect of this strategy. The final disaster recovery planning methodology as proposed in this dissertation, was developed as a result of an extensive literature study undertook as well as involvement during the development of a disaster recovery system by the company which initiated this study.
- Full Text:
- Authors: Nel, Yvette
- Date: 2014-07-28
- Subjects: Computer networks - Security measures , Information technology
- Type: Thesis
- Identifier: uj:11844 , http://hdl.handle.net/10210/11576
- Description: M.Com. (Informatics) , The-utilization of information technology is essential for an organization, not only to handle daily business activities but also to facilitate management decisions. The greater the dependence of the organization upon information technology, the greater the risk the organization is exposed to in case of an information systems interruption. Computer disasters, such as fires, floods, storms, sabotage and human error, constitute a security threat which could prejudice the survival of an organization. Disaster recovery planning is a realistic and imperative activity for each organization whether large or small. In the light of the potential economic and legal implications o fa disaster, it is no longer acceptable not to be prepared for such an occurrence today.A well designed and tested disaster recovery plan, as part of the total information security strategy of the organization, is therefore not only essential in the terms of the recovery of business functions, but for the SURVIVAL of the organization. In viewpoint above, it can be expected that disaster counterrevolutionary be standard practice for all organizations. However that is not the case. The literature study undertook, as well as exposure in practice, indicate clearly that disaster recovery planning enjoys low priority in most organizations. The majority existentialists are superficial, unstructured and insufficient and will not be successful when real disaster strikes.:The most important single cause for the failure of an organization ~ disaster recovery plan, will be that too much emphasis is being placed on the technical aspects rather than on the management or organizational aspects. The solutions an integrated approach of strategies and the multiple technologies which are available today. These strategies and technologies should be combined to meet the specific needs of the individual organization. The purpose of this dissertation was firstly to identify the most critical problems related to disaster recovery planning and secondly to provide a methodology for the development and implementation of a disaster recovery plan which addresses these problems. This methodology constitutes an enhancement on an existing information security methodology in order to establish a total information security strategy for a large organization with disaster recovery as an essential aspect of this strategy. The final disaster recovery planning methodology as proposed in this dissertation, was developed as a result of an extensive literature study undertook as well as involvement during the development of a disaster recovery system by the company which initiated this study.
- Full Text:
A model for the evaluation of control with reference to a simple path context model in a UNIX environment
- Authors: Du Plessis, Gerrit Steyn
- Date: 2015-09-08
- Subjects: Computer security - Evaluation , UNIX (Computer file) , Auditing - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:14055 , http://hdl.handle.net/10210/14471
- Description: M.Com. , Information and the IT systems that support it are important business assets. Their availability, integrity and confidentiality are essential to maintain an organisations competitive edge, cash flow, profitability, company image and compliance with legal requirements. Organisations world-wide are now facing increased security threats from a wide range of sources. Information systems may be the target of a range of serious threats including computer-based fraud, espionage, sabotage, vandalism and other sources of failure or disaster ...
- Full Text:
- Authors: Du Plessis, Gerrit Steyn
- Date: 2015-09-08
- Subjects: Computer security - Evaluation , UNIX (Computer file) , Auditing - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:14055 , http://hdl.handle.net/10210/14471
- Description: M.Com. , Information and the IT systems that support it are important business assets. Their availability, integrity and confidentiality are essential to maintain an organisations competitive edge, cash flow, profitability, company image and compliance with legal requirements. Organisations world-wide are now facing increased security threats from a wide range of sources. Information systems may be the target of a range of serious threats including computer-based fraud, espionage, sabotage, vandalism and other sources of failure or disaster ...
- Full Text:
A socio-technical systems cybersecurity optimisation process : the systems engineering management approach
- Authors: Malatji, Masike
- Date: 2019
- Subjects: Cyberspace - Security measures , Computer networks - Security measures , Cyberterrorism
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/417550 , uj:35366
- Description: Abstract: Despite the emergence of artificial intelligence-powered enterprise systems security solutions, it was found that at least 90% of malicious cyberattacks resulted from human behaviour or error. This and various other studies over the past 11 years confirmed that the human being remains the weakest link in the entire enterprise systems security chain. In addition, evidence seemed to suggest that many enterprises are still taking overly techno-centric approaches to cybersecurity risk and increase the chances of missing the bigger picture. With that, the study sought to understand how a bigger enterprise systems security picture could be realised. In particular, the aim of this study was to identify and address socio-technical security gaps in existing enterprise systems security frameworks, which encompass information security, cybersecurity, information technology security and physical security. The importance of the study was to highlight that taking overly techno-centric approaches to enterprise systems security risk has not yielded significantly positive results for organisations. A big picture approach is required to attain a holistic enterprise systems security optimisation state. A socio-technical approach to enterprise systems security was adopted to develop the ‘big picture’ solution. This was achieved through the application of the socio-technical systems theory to the enterprise systems security domain. The cornerstone and foundation of the socio-technical systems approach is joint optimisation, which is a technique that is more concerned with harnessing the best of both the technical and social (including human) aspects of an enterprise structure and processes. This culminated into the development of an integrated management process to identify and address socio-technical security gaps in existing enterprise systems security programs. A mixed-methods research approach where the focus group, in-depth personal interviews and online surveys were employed to test for the validation of the integrated management process was adopted. This resulted in the finalisation and desktop application of the integrated management process on the COBIT® 5 for Information Security framework. Thus, the management process for security joint optimisation would benefit the information security, cybersecurity and information technology security community of practitioners to holistically optimise enterprise systems security practices. Moreover, the management process would benefit, especially those, who practice enterprise systems security at strategic (policy driven) and tactical (guideline driven) levels for security joint optimisation at operational level. , D.Ing. (Engineering Management)
- Full Text:
- Authors: Malatji, Masike
- Date: 2019
- Subjects: Cyberspace - Security measures , Computer networks - Security measures , Cyberterrorism
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/417550 , uj:35366
- Description: Abstract: Despite the emergence of artificial intelligence-powered enterprise systems security solutions, it was found that at least 90% of malicious cyberattacks resulted from human behaviour or error. This and various other studies over the past 11 years confirmed that the human being remains the weakest link in the entire enterprise systems security chain. In addition, evidence seemed to suggest that many enterprises are still taking overly techno-centric approaches to cybersecurity risk and increase the chances of missing the bigger picture. With that, the study sought to understand how a bigger enterprise systems security picture could be realised. In particular, the aim of this study was to identify and address socio-technical security gaps in existing enterprise systems security frameworks, which encompass information security, cybersecurity, information technology security and physical security. The importance of the study was to highlight that taking overly techno-centric approaches to enterprise systems security risk has not yielded significantly positive results for organisations. A big picture approach is required to attain a holistic enterprise systems security optimisation state. A socio-technical approach to enterprise systems security was adopted to develop the ‘big picture’ solution. This was achieved through the application of the socio-technical systems theory to the enterprise systems security domain. The cornerstone and foundation of the socio-technical systems approach is joint optimisation, which is a technique that is more concerned with harnessing the best of both the technical and social (including human) aspects of an enterprise structure and processes. This culminated into the development of an integrated management process to identify and address socio-technical security gaps in existing enterprise systems security programs. A mixed-methods research approach where the focus group, in-depth personal interviews and online surveys were employed to test for the validation of the integrated management process was adopted. This resulted in the finalisation and desktop application of the integrated management process on the COBIT® 5 for Information Security framework. Thus, the management process for security joint optimisation would benefit the information security, cybersecurity and information technology security community of practitioners to holistically optimise enterprise systems security practices. Moreover, the management process would benefit, especially those, who practice enterprise systems security at strategic (policy driven) and tactical (guideline driven) levels for security joint optimisation at operational level. , D.Ing. (Engineering Management)
- Full Text:
A systematic literature review of the Internet of Things
- Authors: Khanyile, Sibusiso
- Date: 2017
- Subjects: Internet of things , Embedded Internet devices , Mobile computing , Computer networks - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/269236 , uj:28602
- Description: Abstract: The explosiveness of the internet continuously transforms communication between people and information technology systems. The mass adoption of the web transformed the methods of communication, giving the ability to interconnect anytime, anywhere in different time zones in the world. The information technology development is the primary bridge that enabled a seamlessly connected environment despite geographical location. The technology progressions from accessing information from the internet through mobile devices using social media to deliver information to users brought enrichment to society and enterprises with information at fingertips. With this interest, there has been a rise in academic interest resulting in an acceleration of research on the Internet of Things (IoT). The scientific research in IoT has been exponentially growing in the last decade. There has been an abundance of research material generated on the issues of IoT. The research primarily focuses on the rise of the research interest in IoT for the industrial sector in the last decade. Moreover, the research provides a systematic review in the attempt to address IoT security, standards, and practices. The dissertation highlights the rise in scientific research in IoT lead by Energy, Industry 4.0 and Health. The IoT proliferation in the noted industry sectors attracts security concerns; several security themes are presented in conjunction with standards and practices to address the issue of security. Moreover, the research provides a systematic review in the attempt to address IoT security, standards, and practices. The review process identified 632 papers, of which 45 primary studies are classified pertinent to the IoT security. The data is extracted from articles to determine various challenges of IoT concerning security. The evaluation process identified the strategies to deal with issues arising from IoT and provided a review of initiatives by standards bodies to combat IoT security. The findings are expected to help other researchers and experts in the field of IoT to understand the challenges involved with technology evolution of IoT and the approaches offered to deal with them. , M.Phil. (Engineering Management)
- Full Text:
- Authors: Khanyile, Sibusiso
- Date: 2017
- Subjects: Internet of things , Embedded Internet devices , Mobile computing , Computer networks - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/269236 , uj:28602
- Description: Abstract: The explosiveness of the internet continuously transforms communication between people and information technology systems. The mass adoption of the web transformed the methods of communication, giving the ability to interconnect anytime, anywhere in different time zones in the world. The information technology development is the primary bridge that enabled a seamlessly connected environment despite geographical location. The technology progressions from accessing information from the internet through mobile devices using social media to deliver information to users brought enrichment to society and enterprises with information at fingertips. With this interest, there has been a rise in academic interest resulting in an acceleration of research on the Internet of Things (IoT). The scientific research in IoT has been exponentially growing in the last decade. There has been an abundance of research material generated on the issues of IoT. The research primarily focuses on the rise of the research interest in IoT for the industrial sector in the last decade. Moreover, the research provides a systematic review in the attempt to address IoT security, standards, and practices. The dissertation highlights the rise in scientific research in IoT lead by Energy, Industry 4.0 and Health. The IoT proliferation in the noted industry sectors attracts security concerns; several security themes are presented in conjunction with standards and practices to address the issue of security. Moreover, the research provides a systematic review in the attempt to address IoT security, standards, and practices. The review process identified 632 papers, of which 45 primary studies are classified pertinent to the IoT security. The data is extracted from articles to determine various challenges of IoT concerning security. The evaluation process identified the strategies to deal with issues arising from IoT and provided a review of initiatives by standards bodies to combat IoT security. The findings are expected to help other researchers and experts in the field of IoT to understand the challenges involved with technology evolution of IoT and the approaches offered to deal with them. , M.Phil. (Engineering Management)
- Full Text:
Alert modeling on supervisory control and data acquisition system with remote terminal unit
- Authors: Dey, A.K.
- Date: 2015
- Subjects: Supervisory control systems , Automatic data collection systems , Computer networks - Security measures , Computer security
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/82632 , uj:18981
- Description: Abstract: Supervisory control and data acquisition (SCADA) systems have evolved over from standalone, compartmentalized operations into networked architectures that communicate across large distances. In addition, their implementations have migrated from custom hardware and software to standard hardware and software platforms. These changes have led to reduced development and operational as well as providing executive management with real-time information that can be used to support planning, supervision, and decision making. For reasons of efficiency, maintenance, data acquisition and control platforms have migrated from isolated in-plant networks security using proprietary hardware and software to Remote Terminal Unit using standard software, network protocols, and the Internet. Control engineering might be absorbed or closely integrated with the corporate software. Integrating SCADA data collection and alert monitoring with corporate customer data provides management with an increased ability to run the organization more efficiently and effectively. This thesis provides a conceptual analysis for the creation of a SCADA network security exploration alert. A framework application using common SCADA network security logic is created to provide a proof of concept. Development of a viable alert system for identifying SCADA network remotely will help improve critical infrastructure security by improving situational awareness for network managers. , M.Eng.
- Full Text:
- Authors: Dey, A.K.
- Date: 2015
- Subjects: Supervisory control systems , Automatic data collection systems , Computer networks - Security measures , Computer security
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/82632 , uj:18981
- Description: Abstract: Supervisory control and data acquisition (SCADA) systems have evolved over from standalone, compartmentalized operations into networked architectures that communicate across large distances. In addition, their implementations have migrated from custom hardware and software to standard hardware and software platforms. These changes have led to reduced development and operational as well as providing executive management with real-time information that can be used to support planning, supervision, and decision making. For reasons of efficiency, maintenance, data acquisition and control platforms have migrated from isolated in-plant networks security using proprietary hardware and software to Remote Terminal Unit using standard software, network protocols, and the Internet. Control engineering might be absorbed or closely integrated with the corporate software. Integrating SCADA data collection and alert monitoring with corporate customer data provides management with an increased ability to run the organization more efficiently and effectively. This thesis provides a conceptual analysis for the creation of a SCADA network security exploration alert. A framework application using common SCADA network security logic is created to provide a proof of concept. Development of a viable alert system for identifying SCADA network remotely will help improve critical infrastructure security by improving situational awareness for network managers. , M.Eng.
- Full Text:
An architecture for anti-malware protection based on collaboration
- Corregedor, Manuel Rodrigues
- Authors: Corregedor, Manuel Rodrigues
- Date: 2017
- Subjects: Malware (Computer software) - Prevention , Computer networks - Security measures , Computer security , Computer crimes - Prevention
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/243085 , uj:25090
- Description: Ph.D. (Computer Science) , Abstract: Anyone who uses a computer for work or recreational purposes has come across the problem of malware, for example, viruses, worms, trojans, rootkits, adware etc. This is especially the case if the computer is connected to the Internet. A number of security organisations and / or vendors such as the European Union Agency for Network and Information Security (ENISA), Microsoft and McAfee release annual reports that contain statistics on the latest threats. The reports show that malware is a growing problem that needs to be addressed [1][2]. Furthermore, organisations such as AV-Comparatives [3] that conduct independent testing of security software have demonstrated that no anti-virus product guarantees a 100% detection of malware while keeping the false positive rate at zero i.e. benign (safe) files that are detected as malicious. Additionally, it should be noted as per the remarks in the AV-Comparatives report [4], that although some products have 100% detection rates in a test month report it does not mean the products will always protect against all existing and unknown viruses (malware). Therefore, this thesis will address the problem that current anti-malware products do not guarantee a 100% detection and / or prevention of malware. The main objective of this thesis is to create an architecture called Collab-AV that can be used to protect the home user from malware by leveraging the aspect of proactive collaboration between different sources of information and different existing anti-malware vendors thus following a strength in numbers philosophy. In order to achieve this objective the following approach is taken: • The different types of malware threats are identified and discussed • A comprehensive literature study on current and proposed anti-malware techniques is performed • Through the comprehensive literature study, the weaknesses and strengths of each antimalware technique are identified The Collab-AV architecture incorporates the identified strengths while addressing the identified weaknesses through collaboration...
- Full Text:
- Authors: Corregedor, Manuel Rodrigues
- Date: 2017
- Subjects: Malware (Computer software) - Prevention , Computer networks - Security measures , Computer security , Computer crimes - Prevention
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/243085 , uj:25090
- Description: Ph.D. (Computer Science) , Abstract: Anyone who uses a computer for work or recreational purposes has come across the problem of malware, for example, viruses, worms, trojans, rootkits, adware etc. This is especially the case if the computer is connected to the Internet. A number of security organisations and / or vendors such as the European Union Agency for Network and Information Security (ENISA), Microsoft and McAfee release annual reports that contain statistics on the latest threats. The reports show that malware is a growing problem that needs to be addressed [1][2]. Furthermore, organisations such as AV-Comparatives [3] that conduct independent testing of security software have demonstrated that no anti-virus product guarantees a 100% detection of malware while keeping the false positive rate at zero i.e. benign (safe) files that are detected as malicious. Additionally, it should be noted as per the remarks in the AV-Comparatives report [4], that although some products have 100% detection rates in a test month report it does not mean the products will always protect against all existing and unknown viruses (malware). Therefore, this thesis will address the problem that current anti-malware products do not guarantee a 100% detection and / or prevention of malware. The main objective of this thesis is to create an architecture called Collab-AV that can be used to protect the home user from malware by leveraging the aspect of proactive collaboration between different sources of information and different existing anti-malware vendors thus following a strength in numbers philosophy. In order to achieve this objective the following approach is taken: • The different types of malware threats are identified and discussed • A comprehensive literature study on current and proposed anti-malware techniques is performed • Through the comprehensive literature study, the weaknesses and strengths of each antimalware technique are identified The Collab-AV architecture incorporates the identified strengths while addressing the identified weaknesses through collaboration...
- Full Text:
Authorisation as audit risk in an information technology environment
- Authors: Kruger, Willem Jacobus
- Date: 2014-02-05
- Subjects: Auditing - Access control. , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:3679 , http://hdl.handle.net/10210/9062
- Description: M.Comm. , Please refer to full text to view abstract
- Full Text:
- Authors: Kruger, Willem Jacobus
- Date: 2014-02-05
- Subjects: Auditing - Access control. , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:3679 , http://hdl.handle.net/10210/9062
- Description: M.Comm. , Please refer to full text to view abstract
- Full Text:
Best practice strategy framework for developing countries to secure cyberspace
- Authors: Jaquire, Victor John
- Date: 2015-11-12
- Subjects: Computer networks - Security measures , Data encryption (Computer science) , Cyberspace - Security measures , Cyberterrorism - Prevention , Information warfare - Prevention
- Type: Thesis
- Identifier: uj:14558 , http://hdl.handle.net/10210/15091
- Description: M.Com. (Informatics) , Cyber issues are global phenomena in a world of inter-related systems, and as such, the discussion on cybersecurity frameworks, policies and strategies inevitably requires reference to, and benchmarking with regional, continental and global trends and solutions. This, in the context of the effects of globalisation on developing countries, with specific reference to areas such as Africa as a developing continent with regard to the protection of its cyberspace. More drastic measures, such as the utilization of cyber warfare techniques and pre-emptive cyber strike-teams in addition to traditional cybersecurity mechanisms as an essential part of a national security effort to protect cyberspace has become more prevalent within the developed worlds. Likewise, developing nations need to gear themselves in a structured, coordinated and responsible way in order to do their part to secure their own environments. Cyberspace is a dynamic global environment with cyber related issues being a global concern. Although countries generally regulate their own cyber environment through policy; cross-border cyber issues are difficult to resolve and the lack of international cyber laws impede cybersecurity efforts. Cybercrime and the management of cross-border cyber incidents are becoming a growing national security concern as the lack of effective controls leave critical infrastructure and the cyber-connected environment vulnerable to attack. Some developing countries are on track with the maturity of their cybersecurity initiatives, but appropriate cybersecurity frameworks for many developing countries require careful consideration, especially due to the lack of resources, infrastructure and local technology development capabilities.
- Full Text:
- Authors: Jaquire, Victor John
- Date: 2015-11-12
- Subjects: Computer networks - Security measures , Data encryption (Computer science) , Cyberspace - Security measures , Cyberterrorism - Prevention , Information warfare - Prevention
- Type: Thesis
- Identifier: uj:14558 , http://hdl.handle.net/10210/15091
- Description: M.Com. (Informatics) , Cyber issues are global phenomena in a world of inter-related systems, and as such, the discussion on cybersecurity frameworks, policies and strategies inevitably requires reference to, and benchmarking with regional, continental and global trends and solutions. This, in the context of the effects of globalisation on developing countries, with specific reference to areas such as Africa as a developing continent with regard to the protection of its cyberspace. More drastic measures, such as the utilization of cyber warfare techniques and pre-emptive cyber strike-teams in addition to traditional cybersecurity mechanisms as an essential part of a national security effort to protect cyberspace has become more prevalent within the developed worlds. Likewise, developing nations need to gear themselves in a structured, coordinated and responsible way in order to do their part to secure their own environments. Cyberspace is a dynamic global environment with cyber related issues being a global concern. Although countries generally regulate their own cyber environment through policy; cross-border cyber issues are difficult to resolve and the lack of international cyber laws impede cybersecurity efforts. Cybercrime and the management of cross-border cyber incidents are becoming a growing national security concern as the lack of effective controls leave critical infrastructure and the cyber-connected environment vulnerable to attack. Some developing countries are on track with the maturity of their cybersecurity initiatives, but appropriate cybersecurity frameworks for many developing countries require careful consideration, especially due to the lack of resources, infrastructure and local technology development capabilities.
- Full Text:
Conceptualising antecedents of systems innovation on information security risks
- Authors: Botsime, Mogotsi Steven
- Date: 2019
- Subjects: Computer security - Management , Computer networks - Security measures , Information technology - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/402702 , uj:33711
- Description: Abstract : This research represents a comprehensive conceptualisation of antecedents of systems innovation and how they affect systems innovation in an organisational context. It further examines the relationship between information security risks and systems innovation. Antecedents of systems innovation are identified based on the existing theories such as Diffusion of Innovation (DoI) and Organisational Innovation. This research makes use of new systems and technologies which include Big Data/Cloud Computing, Blockchain, Internet of Things (IoT), Virtual/Augmented reality and Artificial Intelligence (AI) to examine organisations strides towards systems innovation. This research is underpinned by the increase in systems innovation and the growing concerns of information security risks faced by organisations. A quantitative method of analysis was used to analyse data using statistical methods with a view to identify relationships between variables. Data collected shows that systems and technology must have increased benefits in order to be adopted and the complexity of systems does not affect the adoption of such systems and technologies. Individual characteristics were found to have no effect in systems innovation whereas organisational and environmental elements highly influence innovation in the organisation. A relationship could not be established between systems innovation and information security risks. This research highlights the importance of ensuring that new systems and technologies adds value to the organisation and equally important is to ensure management of organisational and environmental elements that affect systems innovation. Information security risks should also not be a deterrence for systems innovation. , M.Com. (Business Management)
- Full Text:
- Authors: Botsime, Mogotsi Steven
- Date: 2019
- Subjects: Computer security - Management , Computer networks - Security measures , Information technology - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/402702 , uj:33711
- Description: Abstract : This research represents a comprehensive conceptualisation of antecedents of systems innovation and how they affect systems innovation in an organisational context. It further examines the relationship between information security risks and systems innovation. Antecedents of systems innovation are identified based on the existing theories such as Diffusion of Innovation (DoI) and Organisational Innovation. This research makes use of new systems and technologies which include Big Data/Cloud Computing, Blockchain, Internet of Things (IoT), Virtual/Augmented reality and Artificial Intelligence (AI) to examine organisations strides towards systems innovation. This research is underpinned by the increase in systems innovation and the growing concerns of information security risks faced by organisations. A quantitative method of analysis was used to analyse data using statistical methods with a view to identify relationships between variables. Data collected shows that systems and technology must have increased benefits in order to be adopted and the complexity of systems does not affect the adoption of such systems and technologies. Individual characteristics were found to have no effect in systems innovation whereas organisational and environmental elements highly influence innovation in the organisation. A relationship could not be established between systems innovation and information security risks. This research highlights the importance of ensuring that new systems and technologies adds value to the organisation and equally important is to ensure management of organisational and environmental elements that affect systems innovation. Information security risks should also not be a deterrence for systems innovation. , M.Com. (Business Management)
- Full Text:
Critical information infrastructure protection for developing countries
- Authors: Ellefsen, Ian David
- Date: 2012-08-16
- Subjects: Computer crimes prevention , Computer security , Computer networks - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:9498 , http://hdl.handle.net/10210/5928
- Description: D.Phil.(Computer Science) , In this thesis we will investigate the development of Critical Information Infrastructure Protection (CIIP) structures in the developing world. Developing regions are experiencing fast-paced development of information infrastructures, and improvements in related technologies such as Internet connectivity and wireless technologies. The use of these new technologies and the number of new users that are introduced to the Internet can allow cyber threats to flourish. In many cases, Computer Security Incident Response Teams (CSIRTs) can be used to provide CIIP. However, the development of traditional CSIRT-like structures can be problematic in developing regions where technological challenges, legal frameworks, and limited capacity can reduce its overall effectiveness. In this thesis we will introduce the Community-oriented Security, Advisory and Warning (C-SAW) Team. This model is designed to address the challenges to CIIP faced by developing regions by defining a structure that is loosely-coupled and flexible in nature. Furthermore, the aspect of community-orientation is used to allow a C-SAW Team to operate within a designated community of members. This thesis is divided into three primary parts. In Part 1 we will discuss the background research undertaken during this study. The background chapters will lay the foundation for the later chapters in this thesis. In Part 2 we will introduce the C-SAW Team model and elaborate on the construction, relationships, positioning, services, and framework in which it can be deployed. Finally, in Part 3 we present our conclusions to this thesis.
- Full Text:
- Authors: Ellefsen, Ian David
- Date: 2012-08-16
- Subjects: Computer crimes prevention , Computer security , Computer networks - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:9498 , http://hdl.handle.net/10210/5928
- Description: D.Phil.(Computer Science) , In this thesis we will investigate the development of Critical Information Infrastructure Protection (CIIP) structures in the developing world. Developing regions are experiencing fast-paced development of information infrastructures, and improvements in related technologies such as Internet connectivity and wireless technologies. The use of these new technologies and the number of new users that are introduced to the Internet can allow cyber threats to flourish. In many cases, Computer Security Incident Response Teams (CSIRTs) can be used to provide CIIP. However, the development of traditional CSIRT-like structures can be problematic in developing regions where technological challenges, legal frameworks, and limited capacity can reduce its overall effectiveness. In this thesis we will introduce the Community-oriented Security, Advisory and Warning (C-SAW) Team. This model is designed to address the challenges to CIIP faced by developing regions by defining a structure that is loosely-coupled and flexible in nature. Furthermore, the aspect of community-orientation is used to allow a C-SAW Team to operate within a designated community of members. This thesis is divided into three primary parts. In Part 1 we will discuss the background research undertaken during this study. The background chapters will lay the foundation for the later chapters in this thesis. In Part 2 we will introduce the C-SAW Team model and elaborate on the construction, relationships, positioning, services, and framework in which it can be deployed. Finally, in Part 3 we present our conclusions to this thesis.
- Full Text:
Development and evaluation of a deep learning based intrusion detection model for wireless networks
- Authors: Kasongo, Sydney Mambwe
- Date: 2020
- Subjects: Wireless communication networks - Access control , Intrusion detection systems (Computer security) , Computer networks - Security measures , Machine learning
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/418298 , uj:35460
- Description: Abstract: In recent times, there has been an extensive and expeditious growth and advancement of information and communication related technologies as well an advancement of the Internet. With these technological breakthroughs came the rapid development of wireless enabled devices. Consequently, the expansion of wireless networks capable of handling the increasing volume of information generated by those networks became inevitable. As a result, wireless networks are vulnerable and exposed to numerous security threats as well as privacy concerns. Currently, the existing protective and preventive measures such as wired and wireless Intrusion Detection Systems (IDSs) are not fully immune to the growing number of network intrusions instances. An IDS has a critical role in ensuring that various networks are secured and protected against attacks. Research has demonstrated that the majority of current IDS systems do not perform at the required level. There exists many types of IDS systems; however, we focused on Machine Learning (ML) and Deep Learning (DL) based IDSs. The performance of current ML and DL based IDS systems for wired and wireless networks suffer from a low level of detection accuracy and a high ratio of false alarm rate. Moreover, the increase in the amount of data generated by the wired and wireless networks has caused the datasets required to design and implement ML and DL based IDSs to become highly dimensional in terms of features and extremely complex in terms of the types of data. In this thesis, we design and implement DL based IDS systems using Feed Forward Deep Neural Networks (FFDNNs), Deep Long-Short Term Memory Recurrent Neural Networks (DLSTM RNNs) and Deep Gated Recurrent Unit Recurrent Recurrent Neural Networks (DGRU RNNs). In the aim to tackle the issue of the highly dimensional input spaces, we further implement an Information Gain (IG) based feature extraction method that is conjoined with the FFDNNs. We also devised and implemented two wrapper-based feature selection algorithms. One is based on the Extra-Trees (ET) classifier and the other is inspired from the Random Forest (RF) classifier. The ET is coupled with the DLSTM RNNs and the DGRU RNNs. The RF is used in conjunction with FFDNNs. In order to evaluate the performance of our frameworks, the following three datasets were used: the NSL-Knowledge Discovery and Data mining (NSL-KDD) dataset, the University of New South Wales-NB15 (UNSW-NB15) dataset and the Aegean Wi-Fi Intrusion Dataset (AWID). , Ph.D. (Electrical and Electronic Engineering)
- Full Text:
- Authors: Kasongo, Sydney Mambwe
- Date: 2020
- Subjects: Wireless communication networks - Access control , Intrusion detection systems (Computer security) , Computer networks - Security measures , Machine learning
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/418298 , uj:35460
- Description: Abstract: In recent times, there has been an extensive and expeditious growth and advancement of information and communication related technologies as well an advancement of the Internet. With these technological breakthroughs came the rapid development of wireless enabled devices. Consequently, the expansion of wireless networks capable of handling the increasing volume of information generated by those networks became inevitable. As a result, wireless networks are vulnerable and exposed to numerous security threats as well as privacy concerns. Currently, the existing protective and preventive measures such as wired and wireless Intrusion Detection Systems (IDSs) are not fully immune to the growing number of network intrusions instances. An IDS has a critical role in ensuring that various networks are secured and protected against attacks. Research has demonstrated that the majority of current IDS systems do not perform at the required level. There exists many types of IDS systems; however, we focused on Machine Learning (ML) and Deep Learning (DL) based IDSs. The performance of current ML and DL based IDS systems for wired and wireless networks suffer from a low level of detection accuracy and a high ratio of false alarm rate. Moreover, the increase in the amount of data generated by the wired and wireless networks has caused the datasets required to design and implement ML and DL based IDSs to become highly dimensional in terms of features and extremely complex in terms of the types of data. In this thesis, we design and implement DL based IDS systems using Feed Forward Deep Neural Networks (FFDNNs), Deep Long-Short Term Memory Recurrent Neural Networks (DLSTM RNNs) and Deep Gated Recurrent Unit Recurrent Recurrent Neural Networks (DGRU RNNs). In the aim to tackle the issue of the highly dimensional input spaces, we further implement an Information Gain (IG) based feature extraction method that is conjoined with the FFDNNs. We also devised and implemented two wrapper-based feature selection algorithms. One is based on the Extra-Trees (ET) classifier and the other is inspired from the Random Forest (RF) classifier. The ET is coupled with the DLSTM RNNs and the DGRU RNNs. The RF is used in conjunction with FFDNNs. In order to evaluate the performance of our frameworks, the following three datasets were used: the NSL-Knowledge Discovery and Data mining (NSL-KDD) dataset, the University of New South Wales-NB15 (UNSW-NB15) dataset and the Aegean Wi-Fi Intrusion Dataset (AWID). , Ph.D. (Electrical and Electronic Engineering)
- Full Text:
Die integrering van inligtingsekerheid met programmatuuringenieurswese
- Booysen, Hester Aletta Susanna
- Authors: Booysen, Hester Aletta Susanna
- Date: 2014-11-20
- Subjects: Computer security , Software engineering , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:13039 , http://hdl.handle.net/10210/12921
- Description: M.Com. (Informatiks) , Please refer to full text to view abstract
- Full Text:
- Authors: Booysen, Hester Aletta Susanna
- Date: 2014-11-20
- Subjects: Computer security , Software engineering , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:13039 , http://hdl.handle.net/10210/12921
- Description: M.Com. (Informatiks) , Please refer to full text to view abstract
- Full Text:
Information security in a distributed banking environment, with specific reference to security protocols.
- Authors: Van Buuren, Suzi
- Date: 2012-08-22
- Subjects: Banks and banking - Security measures , Intranets (Computer networks) - Security measures , Internet - Security measures , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:3063 , http://hdl.handle.net/10210/6484
- Description: M.Comm. , The principal aim of the present dissertation is to determine the nature of an electronicbanking environment, to determine the threats within such an environment and the security functionality needed to ward off these threats. Security solutions for each area at risk will be provided in short. The main focus of the dissertation will fall on the security protocols that can be used as solutions to protect a banking system. In the dissertation, indication will also be given of what the security protocols, in their turn, depend on to provide protection to a banking system. There are several security protocols that can be used to secure a banking system. The problem, however, is to determine which protocol will provide the best security for a bank in a specific application. This dissertation is also aimed at providing a general security framework that banks could use to evaluate various security protocols which could be implemented to secure a banking system. Such framework should indicate which security protocols will provide a bank in a certain banking environment with the best protection against security threats. It should also indicate which protocols could be used in combination with others to provide the best security.
- Full Text:
- Authors: Van Buuren, Suzi
- Date: 2012-08-22
- Subjects: Banks and banking - Security measures , Intranets (Computer networks) - Security measures , Internet - Security measures , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:3063 , http://hdl.handle.net/10210/6484
- Description: M.Comm. , The principal aim of the present dissertation is to determine the nature of an electronicbanking environment, to determine the threats within such an environment and the security functionality needed to ward off these threats. Security solutions for each area at risk will be provided in short. The main focus of the dissertation will fall on the security protocols that can be used as solutions to protect a banking system. In the dissertation, indication will also be given of what the security protocols, in their turn, depend on to provide protection to a banking system. There are several security protocols that can be used to secure a banking system. The problem, however, is to determine which protocol will provide the best security for a bank in a specific application. This dissertation is also aimed at providing a general security framework that banks could use to evaluate various security protocols which could be implemented to secure a banking system. Such framework should indicate which security protocols will provide a bank in a certain banking environment with the best protection against security threats. It should also indicate which protocols could be used in combination with others to provide the best security.
- Full Text:
Information security using intelligent software agents
- Authors: Van der Merwe, Jacobus
- Date: 2012-08-20
- Subjects: Computer security , Computer networks - Security measures , Internet - Security measures , Intelligent agents (Computer software)
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/387930 , uj:2793 , http://hdl.handle.net/10210/6231
- Description: Ph.D. , Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
- Full Text:
- Authors: Van der Merwe, Jacobus
- Date: 2012-08-20
- Subjects: Computer security , Computer networks - Security measures , Internet - Security measures , Intelligent agents (Computer software)
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/387930 , uj:2793 , http://hdl.handle.net/10210/6231
- Description: Ph.D. , Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
- Full Text:
MOSS : a model for open system security
- Van Zyl, Pieter Willem Jordaan
- Authors: Van Zyl, Pieter Willem Jordaan
- Date: 2012-09-12
- Subjects: Computer security - South Africa , Computer networks - Security measures , Security systems - Models. , Computers - Access control
- Type: Thesis
- Identifier: uj:10276 , http://hdl.handle.net/10210/7645
- Description: Ph.D , This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations
- Full Text:
- Authors: Van Zyl, Pieter Willem Jordaan
- Date: 2012-09-12
- Subjects: Computer security - South Africa , Computer networks - Security measures , Security systems - Models. , Computers - Access control
- Type: Thesis
- Identifier: uj:10276 , http://hdl.handle.net/10210/7645
- Description: Ph.D , This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations
- Full Text:
Network intrusion detection system using neural networks approach in networked biometrics system
- Authors: Mgabile, Tinny
- Date: 2014-04-09
- Subjects: Computer networks - Security measures , Neural networks (Computer science) , Pattern recognition systems , Biometric identification
- Type: Thesis
- Identifier: uj:10528 , http://hdl.handle.net/10210/10054
- Description: M.Phil. (Electrical and Electronic Engineering) , Network security has become increasingly important as more and more applica- tions are making their way into the market. The research community has proposed various methods to build a reliable network intrusion detection system to detect unauthorised activities in networked systems. However many network intrusion detection systems that have been reported in literature su er from an excessive number of false positives, false negatives, and are unable to cope with new, elegant and structured attacks. This is mainly because most network intrusion detection systems rely on security experts to analyze the network tra c data and manually construct intrusion detection rules. This study proposes to use a machine learning technique such as neural network approach to anomaly based network intrusion detection system (NIDS). The main objective for this study is to construct an NIDS model that will produce approx- imate to zero false positive or no false positive at all and have high degree of accuracy in detecting network attacks. The neural network (NN) model is trained on a biometric networked system dataset simulated in the study, containing strictly replayed and normal network tra c that encourage the development of the pro- posed NIDS. By analyzing the NN{based NIDS results, the study reached the false positive rate of 0, and high accuracy rate of 100 percent. To support the results obtained in this study, the performance of the NN{based NIDS was compared to two other classi cation methods (k{nearest neighbor algorithm (KNN) and Naive Bayes). The results obtained from KNN and naive Bayes were 99.87 and 99.75 percent respectively. These results show that the proposed model can successfully be used as an e ective tool for solving complicated classi cation problems such as NIDS.
- Full Text:
- Authors: Mgabile, Tinny
- Date: 2014-04-09
- Subjects: Computer networks - Security measures , Neural networks (Computer science) , Pattern recognition systems , Biometric identification
- Type: Thesis
- Identifier: uj:10528 , http://hdl.handle.net/10210/10054
- Description: M.Phil. (Electrical and Electronic Engineering) , Network security has become increasingly important as more and more applica- tions are making their way into the market. The research community has proposed various methods to build a reliable network intrusion detection system to detect unauthorised activities in networked systems. However many network intrusion detection systems that have been reported in literature su er from an excessive number of false positives, false negatives, and are unable to cope with new, elegant and structured attacks. This is mainly because most network intrusion detection systems rely on security experts to analyze the network tra c data and manually construct intrusion detection rules. This study proposes to use a machine learning technique such as neural network approach to anomaly based network intrusion detection system (NIDS). The main objective for this study is to construct an NIDS model that will produce approx- imate to zero false positive or no false positive at all and have high degree of accuracy in detecting network attacks. The neural network (NN) model is trained on a biometric networked system dataset simulated in the study, containing strictly replayed and normal network tra c that encourage the development of the pro- posed NIDS. By analyzing the NN{based NIDS results, the study reached the false positive rate of 0, and high accuracy rate of 100 percent. To support the results obtained in this study, the performance of the NN{based NIDS was compared to two other classi cation methods (k{nearest neighbor algorithm (KNN) and Naive Bayes). The results obtained from KNN and naive Bayes were 99.87 and 99.75 percent respectively. These results show that the proposed model can successfully be used as an e ective tool for solving complicated classi cation problems such as NIDS.
- Full Text:
Network intrusion detection with sensor fusion : performance bounds and benchmarks
- Mkuzangwe, Nenekazi Nokuthala Penelope
- Authors: Mkuzangwe, Nenekazi Nokuthala Penelope
- Date: 2020
- Subjects: Intrusion detection systems (Computer security) , Computer networks - Security measures , Multisensor data fusion
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/425183 , uj:36391
- Description: Abstract: The achievable performances of intrusion detection systems are unknown beforehand. Currently, intrusion detection researchers implement these systems before they can determine what the performances of their systems will be or compare the performance of their systems to existing systems in order to evaluate the performances of their systems . Another challenge of network researchers is the unavailability of real world traffic traces of network activities due to privacy and legal restrictions. This Thesis contributes to the literature by 1. presenting the achievable performances of the existing anomaly and learning based network intrusion detection systems (NIDSs) in detecting the Transmission Control Protocol (TCP) synchronised (SYN) flooding attacks. Two anomaly based algorithms, adaptive threshold and cumulative sum based algorithms were considered in building the anomaly based NIDSs. The logic OR operator was used to combine the outcomes of the two anomaly based algorithms to enhance their performance. The three algorithms were used to detect TCP SYN flooding attacks that were synthetically generated according to a Poisson process and constant interarrival times. The logic OR operator performed better than the two algorithms. The three algorithms detected the Poisson process attacks better than the constant interarrival times attacks. For the learning based NIDSs, the decision tree and a novel fuzzy logic based NIDSs were used to detect Neptune, which is a type of a TCP SYN flooding attack. The decision tree outperformed the fuzzy logic system. 2. providing the achievable upper bounds on the accuracies of two ensembles of classifiers based NIDSs. The first NIDS is an AdaBoost based ensemble that uses decision stamp as a base learner. The second NIDS is a Bagging based ensemble that uses a decision tree as a base learner. The obtained bounds will enable researchers to estimate the performance of their ensemble based NIDSs before they implement them and determine how well their ensemble based NIDSs are performing relative to these bounds. From the empirical studies, it was deduced that if the dataset entropy with respect to the features falls between 0.9578 to 0.9586 and the average information gain amongst the features used in the ensemble falls between 0.045615 and 0.25615 then the accuracy of the first NIDS will be at most 0.9065 and the accuracy of the second NIDS will be at best 0.9193. These obtained ensemble accuracy upper bounds hold irrespective of the attack or dataset provided that the features used in the ensemble (AdaBoosted decision stump ensemble or Bagged decision tree ensemble) have the same characteristics as the features used in this Thesis and the features are discretised in the same way as in this work... , D.Phil.
- Full Text:
- Authors: Mkuzangwe, Nenekazi Nokuthala Penelope
- Date: 2020
- Subjects: Intrusion detection systems (Computer security) , Computer networks - Security measures , Multisensor data fusion
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/425183 , uj:36391
- Description: Abstract: The achievable performances of intrusion detection systems are unknown beforehand. Currently, intrusion detection researchers implement these systems before they can determine what the performances of their systems will be or compare the performance of their systems to existing systems in order to evaluate the performances of their systems . Another challenge of network researchers is the unavailability of real world traffic traces of network activities due to privacy and legal restrictions. This Thesis contributes to the literature by 1. presenting the achievable performances of the existing anomaly and learning based network intrusion detection systems (NIDSs) in detecting the Transmission Control Protocol (TCP) synchronised (SYN) flooding attacks. Two anomaly based algorithms, adaptive threshold and cumulative sum based algorithms were considered in building the anomaly based NIDSs. The logic OR operator was used to combine the outcomes of the two anomaly based algorithms to enhance their performance. The three algorithms were used to detect TCP SYN flooding attacks that were synthetically generated according to a Poisson process and constant interarrival times. The logic OR operator performed better than the two algorithms. The three algorithms detected the Poisson process attacks better than the constant interarrival times attacks. For the learning based NIDSs, the decision tree and a novel fuzzy logic based NIDSs were used to detect Neptune, which is a type of a TCP SYN flooding attack. The decision tree outperformed the fuzzy logic system. 2. providing the achievable upper bounds on the accuracies of two ensembles of classifiers based NIDSs. The first NIDS is an AdaBoost based ensemble that uses decision stamp as a base learner. The second NIDS is a Bagging based ensemble that uses a decision tree as a base learner. The obtained bounds will enable researchers to estimate the performance of their ensemble based NIDSs before they implement them and determine how well their ensemble based NIDSs are performing relative to these bounds. From the empirical studies, it was deduced that if the dataset entropy with respect to the features falls between 0.9578 to 0.9586 and the average information gain amongst the features used in the ensemble falls between 0.045615 and 0.25615 then the accuracy of the first NIDS will be at most 0.9065 and the accuracy of the second NIDS will be at best 0.9193. These obtained ensemble accuracy upper bounds hold irrespective of the attack or dataset provided that the features used in the ensemble (AdaBoosted decision stump ensemble or Bagged decision tree ensemble) have the same characteristics as the features used in this Thesis and the features are discretised in the same way as in this work... , D.Phil.
- Full Text:
Network security by preventing DDOS attack using honeypot
- Authors: Selvaraj, Rajalakshmi
- Date: 2017
- Subjects: Computer security , Computer networks - Security measures , Machine learning , Intrusion detection systems (Computer security)
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/263140 , uj:27812
- Description: D.Ing. (Electrical Engineering) , Abstract: Basically, Intrusion Detection System (IDS) is introduced in the modern environment in order to secure the system that works in terms of signature, where they are not fit for recognizing most unidentified attackers. The identification of indistinct attack and interruption is not more supportive to recognize the few sorts of attacks, where interruption dependent attack has turned into a huge task to identify interrupter on the system. An intelligent attacker can get a sensible data and information from the framework only after detecting the shortcomings. Distributed Denial of Service (DDoS) is a main cause over the security and also it turns into a most challenging thread in future. There are such a large number of sorts of Denial of Service (DoS), for example, Smurf, Ping of Death, and Clone attack. Some methodologies are not being effortlessly actualized in the system of genuine enterprises, on account of practically trained framework which is trained by the specimen of malware or profound investigation of packet assessment or relies upon the host-based strategy that requires a major limitation for conservation. The Honeypots are a standout amongst the best techniques to gather the examples of malware thus it is used for investigation and for the determination of attacks. Honeypot is a novel application which comprises of huge energy and conceivable outcomes in the field of security. It helps in compromising the behavior of the attack as well as attackers information. Distributed Denial of Service (DDoS) turns into a main goal in the system as it influences the system at multi-level. This prompts a congestion overhead and wastage of transmission capacity usage. In order to overcome these issues, a roaming virtual...
- Full Text:
- Authors: Selvaraj, Rajalakshmi
- Date: 2017
- Subjects: Computer security , Computer networks - Security measures , Machine learning , Intrusion detection systems (Computer security)
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/263140 , uj:27812
- Description: D.Ing. (Electrical Engineering) , Abstract: Basically, Intrusion Detection System (IDS) is introduced in the modern environment in order to secure the system that works in terms of signature, where they are not fit for recognizing most unidentified attackers. The identification of indistinct attack and interruption is not more supportive to recognize the few sorts of attacks, where interruption dependent attack has turned into a huge task to identify interrupter on the system. An intelligent attacker can get a sensible data and information from the framework only after detecting the shortcomings. Distributed Denial of Service (DDoS) is a main cause over the security and also it turns into a most challenging thread in future. There are such a large number of sorts of Denial of Service (DoS), for example, Smurf, Ping of Death, and Clone attack. Some methodologies are not being effortlessly actualized in the system of genuine enterprises, on account of practically trained framework which is trained by the specimen of malware or profound investigation of packet assessment or relies upon the host-based strategy that requires a major limitation for conservation. The Honeypots are a standout amongst the best techniques to gather the examples of malware thus it is used for investigation and for the determination of attacks. Honeypot is a novel application which comprises of huge energy and conceivable outcomes in the field of security. It helps in compromising the behavior of the attack as well as attackers information. Distributed Denial of Service (DDoS) turns into a main goal in the system as it influences the system at multi-level. This prompts a congestion overhead and wastage of transmission capacity usage. In order to overcome these issues, a roaming virtual...
- Full Text:
Service oriented architecture governance tools within information security
- Authors: Mokgosi, Letlhogonolo
- Date: 2012-06-07
- Subjects: Service oriented architecture (Computer science) , Information security , Computer security , Information technology management , Management information systems , Computer networks - Security measures , Computer network architectures , Software architecture , Computer architecture
- Type: Thesis
- Identifier: uj:8655 , http://hdl.handle.net/10210/5010
- Description: M.Tech. , Service Oriented Architecture has many advantages. For example, organisations can align business with Information Technology, reuse the developed functionality, reduce development and maintain cost for applications. Organisations adopt Service Oriented Architecture with the aim of automating and integrating business processes. However, it has information security vulnerabilities that should be considered. For example, applications exchange information across the Internet, where it can be tampered with. Information security is therefore one of the crucial qualities that need to be satisfied within information systems. This dissertation addresses the issue of information security within Service Oriented Architecture applications. Some organisations rely on Service Oriented Architecture governance tools when securing information in their Service Oriented Architecture environment. However, they may purchase them without investigating whether they include information security. The aim of this dissertation is to analyse whether these tools include information security. Each tool is benchmarked against the five information security services, defined by the ISO 7498/2 document and including identification and authentication, authorisation, confidentiality, integrity and non-repudiation. The dissertation concludes with a table summarising the results. This dissertation offers decision-makers information that can assist them in analysing whether Service Oriented Architecture governance tools includes information security. It also assists organisations to be aware of security vulnerabilities within Service Oriented Architecture applications, and the consequences that may arise if information security measures are ignored.
- Full Text:
- Authors: Mokgosi, Letlhogonolo
- Date: 2012-06-07
- Subjects: Service oriented architecture (Computer science) , Information security , Computer security , Information technology management , Management information systems , Computer networks - Security measures , Computer network architectures , Software architecture , Computer architecture
- Type: Thesis
- Identifier: uj:8655 , http://hdl.handle.net/10210/5010
- Description: M.Tech. , Service Oriented Architecture has many advantages. For example, organisations can align business with Information Technology, reuse the developed functionality, reduce development and maintain cost for applications. Organisations adopt Service Oriented Architecture with the aim of automating and integrating business processes. However, it has information security vulnerabilities that should be considered. For example, applications exchange information across the Internet, where it can be tampered with. Information security is therefore one of the crucial qualities that need to be satisfied within information systems. This dissertation addresses the issue of information security within Service Oriented Architecture applications. Some organisations rely on Service Oriented Architecture governance tools when securing information in their Service Oriented Architecture environment. However, they may purchase them without investigating whether they include information security. The aim of this dissertation is to analyse whether these tools include information security. Each tool is benchmarked against the five information security services, defined by the ISO 7498/2 document and including identification and authentication, authorisation, confidentiality, integrity and non-repudiation. The dissertation concludes with a table summarising the results. This dissertation offers decision-makers information that can assist them in analysing whether Service Oriented Architecture governance tools includes information security. It also assists organisations to be aware of security vulnerabilities within Service Oriented Architecture applications, and the consequences that may arise if information security measures are ignored.
- Full Text:
Testing the functionality and effectiveness of software defined networks
- Authors: Adedayo, Adebayo Oluwaseun
- Date: 2017
- Subjects: Software-defined networking (Computer network technology) , Broadband communication systems , Computer networks - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/280486 , uj:30140
- Description: M.Ing. (Electrical Engineering) , Abstract: An important part of Information Technology is networking which has made communication between two or more computers or devices to be possible. Traditional network architecture is not able to meet the challenges of the current trends in networking due to the complexity of handling devices and its non-scalable nature. Software Defined Networking (SDN) is an emerging dynamic approach to networking that makes use of logically centralized controllers in managing a network thus simplifying network design and operation. The project involves the design of a prototype network based on SDN architecture. An analysis of the network is conducted by considering various aspects of the Software Defined Networks that affects its functionality such as transfer of data between the control plane and the data plane. Furthermore, we analyse the use of virtualization technology, troubleshooting and verification of the behaviour of SDN. Since SDN is a new networking approach, there are various aspects of the technology that still needs to be understood and improved. The aim of this research is to test the functionality and effectiveness of SDN and to investigate various aspects of the architecture that affects its operation. Recommendations and conclusions emerging from the analysis are made to enhance the understanding and functionality of SDN.
- Full Text:
- Authors: Adedayo, Adebayo Oluwaseun
- Date: 2017
- Subjects: Software-defined networking (Computer network technology) , Broadband communication systems , Computer networks - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/280486 , uj:30140
- Description: M.Ing. (Electrical Engineering) , Abstract: An important part of Information Technology is networking which has made communication between two or more computers or devices to be possible. Traditional network architecture is not able to meet the challenges of the current trends in networking due to the complexity of handling devices and its non-scalable nature. Software Defined Networking (SDN) is an emerging dynamic approach to networking that makes use of logically centralized controllers in managing a network thus simplifying network design and operation. The project involves the design of a prototype network based on SDN architecture. An analysis of the network is conducted by considering various aspects of the Software Defined Networks that affects its functionality such as transfer of data between the control plane and the data plane. Furthermore, we analyse the use of virtualization technology, troubleshooting and verification of the behaviour of SDN. Since SDN is a new networking approach, there are various aspects of the technology that still needs to be understood and improved. The aim of this research is to test the functionality and effectiveness of SDN and to investigate various aspects of the architecture that affects its operation. Recommendations and conclusions emerging from the analysis are made to enhance the understanding and functionality of SDN.
- Full Text: