SACM - United Kingdom
Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9667
Browse
5 results
Search Results
Item Restricted Enhancing Network Security through Machine Learning and Threat Intelligence Integration in Next-Generation Firewall IDS/IPS Systems(Northumbria University, 2024-09-05) Sufi, Mohammed; Abosata, NassrThis dissertation explores how Machine Learning (ML) and real-time Threat Intelligence feeds can improve Next-Generation Firewall (NGFW) systems especially in increasing the accuracy and efficacy of Intrusion Detection and Prevention Systems which contribute in enhancing network security. Using threat intelligence feeds including IP addresses, domains, and URLs which come with related information’s such as the Indicators of Compromise (IoC) reputation scores, and threat categories like "malware" or "phishing,”. Thus, by using this information, applying supervised learning techniques enable to easily assess and classify threats into high-risk and low risk categories in order to reduce false positives, which result in enhancing threat detection and prevention accuracy. These classified threat feeds are dynamically updated, allowing the NGFW to protect against new threats by adjusting its security rules with appropriate countermeasures. The results show that combining ML with classified threat feeds improves the NGFW's capacity to detect and prevent threats, leading to more focused and responsive threat management.26 0Item Restricted A Critical Analysis of Cyber Threats and Vulnerabilities in Satellite Ground Systems(University of the West of England, 2024) Almutairi, Faisal; Mills, AlanThe growing dependence on satellite ground systems for critical applications such as telecommunications, navigation, and weather forecasting has underscored the importance of cybersecurity in these systems. This paper critically analyses the current state of cybersecurity threats and vulnerabilities in satellite ground systems. Utilising a comprehensive literature review and critical analysis of existing scholarly works, technical papers, and industry reports, this study identifies key cyber threats, including unauthorised access, jamming, spoofing, Advanced Persistent Threats (APTs), man-in-the-middle attacks, eavesdropping, and hijacking. The analysis reveals vulnerabilities in encryption protocols and communication channels. The study evaluates existing security measures and highlights gaps in empirical validation and practical implementation. It emphasises the need for robust encryption methods, advanced cryptographic techniques, and adaptive security strategies. We also discuss the crucial step of enhancing the resilience of satellite ground systems by incorporating developing technologies like Artificial Intelligence (AI) and quantum cryptography. This paper concludes with practical recommendations, emphasising empirical validation of security measures and comprehensive risk management frameworks. The research aims to improve the security and reliability of satellite ground systems, ensuring their protection against evolving cyber threats and contributing to the overall enhancement of cybersecurity in this infrastructure29 0Item Restricted Evaluation and Detection of Adversarial Attacks in ML-based NIDS(Newcastle University, 2024) Alatwi, Huda Ali O; Morisset, CharlesA Network Intrusion Detection System (NIDS) monitors network traffic to detect unauthorized access and potential security breaches. A Machine Learning (ML)-based NIDS is a security mechanism that uses ML algorithms to automatically detect and identify suspicious activities or potential threats in a network by analyzing traffic patterns, distinguishing between normal and malicious behaviors, and alerting or blocking unauthorized access. Despite high accuracy, ML-based NIDS are vulnerable to adversarial attacks, where attackers modify malicious traffic to evade detection and transfer these tactics across various systems. To the best of our knowledge, several crucial research gaps persist in this area that have not yet been addressed. First, there are no systematic threat models for identifying and analyzing potential threats and vulnerabilities in ML-based NIDS. This lack of structured threat modeling hinders the development of comprehensive defense strategies and leave these systems vulnerable to adversarial attacks that exploit unknown weaknesses in the ML algorithms or system architecture. The current literature employs generic adversarial attacks mainly designed for image recognition domain to assess the resilience of ML-based, but no research has verified the realism and compliance of these attacks with network domain constraints. Investigating whether these attacks produce valid network is crucial to determine their real-world threat level and the suitability of ML-based NIDS for deployment. Another gap in the literature is the lack of comprehensive evaluations that include a wide range of models, attack types, and defense strategies using contemporary network traffic data. This gap makes it difficult to verify the generalizability and applicability of the findings for real-world. The absence of standardized metrics further hampers the ability to evaluate and compare the resilience of ML-based NIDS to adversarial attacks. Finally, there is no a lightweight solution that effectively detects and classifies adversarial traffic with scoring high accuracy on both clean and perturbed data with proven efficiency over recent dataset and across various attack types and defenses. These gaps hinder the robustness of ML-based NIDS against adversarial attacks. Therefore, this Ph.D. thesis aims to address these vulnerabilities to enhance the ML-based NIDS resilience. The overall contributions include; 1) A threat modeling for ML-based NIDS using STRIDE and Attack Tree methodologies; 2) An investigation of the realism and performance of generic adversarial attacks against DL-based NIDS; 3) A comprehensive evaluation for adversarial attacks' performance consistency, models' resilience, and defenses' effectiveness; 4) Adversarial-Resilient NIDS, a framework for detecting and classifying adversarial attacks against ML-based NIDS.41 0Item Restricted Performance Evaluation of Trust Management in Mobile Ad-hoc Networks(Saudi Digital Library, 2023-08-01) Jari, Hassan; Thomas, Nigel; Forshaw, MatthewMobile Ad-hoc Networks (MANETs) are characterised by their self-organising nature, dynamic topology, and lack of centralised control, which makes them vulnerable to various security threats. Trust management mechanisms have emerged as a promising solution to address these challenges by establishing trust among nodes in the network and ensuring reliable and secure communication. The thesis presents a comprehensive approach to trust management in MANETs, focusing on the development, evaluation, and comparison of direct, indirect, and global trust management mechanisms for the Ad-hoc On-demand Distance Vector (AODV) routing protocol. The proposed direct trust management mechanism enhances the AODV protocol by incorporating trust values based on nodes’ historical behaviour during the route discovery and maintenance process. This mechanism allows nodes to make informed decisions when selecting routes, thereby improving the reliability and security of the network. The indirect trust management mechanism extends the direct trust approach by considering recommendations from neighbouring nodes to establish trust among nodes that have not previously interacted. This mechanism fosters cooperation among nodes and mitigates the impact of malicious or compromised nodes in the network. Finally, the global trust management mechanism takes a more holistic approach, combining direct and indirect trust information to calculate a global trust value for each node. This mechanism enables nodes to make routing decisions based on a broader understanding of the network’s overall trust landscape. To assess the performance and security of these trust management mechanisms, we conduct extensive simulations using the network simulators NS-2 and NS-3. Our results demonstrate significant improvements in key performance metrics, such as packet delivery ratio, throughput, end-to-end delay, and routing overheads, when trust management mechanisms are integrated with the AODV routing protocol. Furthermore, we evaluate the robustness of these mechanisms in the presence of malicious nodes, such as black hole attacks, and show their effectiveness in mitigating the impact of such security threats. In summary, this paper presents a comprehensive approach to trust management in Mobile Ad-hoc Networks, encompass the development, evaluation, and comparison of direct, indirect, and global trust mechanisms for the AODV routing protocol. Through rigorous analysis and extensive simulations, we demonstrate the effectiveness of these mechanisms in improving the security and performance of MANETs across various scenarios and environments. By highlighting potential future research and emphasising the importance of interdisciplinary collaboration, the thesis contributes to the ongoing efforts to create more secure, robust, and efficient ad-hoc networking solutions.21 0Item Restricted Artificial Immune Systems for Detecting Unknown Malware in the IoT(Queen Mary University of London, 2023-01-27) Alrubayyi, Hadeel; Goteng, Gokop; Jaber, MonaWith the expansion of the digital world, the number of the Internet of Things (IoT) devices is evolving dramatically. IoT devices have limited computational power and small memory. Also, they are not part of traditional computer networks. Consequently, existing and often complex security methods are unsuitable for malware detection in IoT networks. This has become a significant concern in the advent of increasingly unpredictable and innovative cyber-attacks. In this context, artificial immune systems (AIS) have emerged as effective IoT malware detection mechanisms with low computational requirements. In this research, we present a critical analysis to highlight the limitations of the AIS state-of-the-art solutions and identify promising research directions. Next, we propose Negative-Positive-Selection (NPS) method, which is an AIS-based for malware detection. The NPS is suitable for IoT's computation restrictions and security challenges. The NPS performance is benchmarked against the state-of-the-art using multiple real-time datasets. The simulation results show a 21% improvement in malware detection and a 65% reduction in the number of detectors. Then, we examine AIS solutions' potential gains and limitations under realistic implementation scenarios. We design a framework to mimic real-life IoT systems. The objective is to evaluate the method's lightweight, fault tolerance, and detection performance with regard to the system constraints. We demonstrate that AIS solutions successfully detect unknown malware in the most challenging IoT environment in terms of memory capacity and processing power. Furthermore, the systemic results with different system architectures reveal the AIS solutions' ability to transfer learning between IoT devices. Transfer learning is a critical feature in the presence of highly constrained devices in the network. More importantly, we highlight that the simulation environment cannot be taken at face value. In reality, AIS malware detection accuracy for IoT systems is likely to be close to 10% worse than simulation results, as indicated by the study results.74 0