Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Subject: search.filters.subject.Network Security

Search Results

Now showing 1 - 8 of 8
  • No Thumbnail Available
    ItemRestricted
    Enhancing Network Security through Machine Learning and Threat Intelligence Integration in Next-Generation Firewall IDS/IPS Systems
    (Northumbria University, 2024-09-05) Sufi, Mohammed; Abosata, Nassr
    This dissertation explores how Machine Learning (ML) and real-time Threat Intelligence feeds can improve Next-Generation Firewall (NGFW) systems especially in increasing the accuracy and efficacy of Intrusion Detection and Prevention Systems which contribute in enhancing network security. Using threat intelligence feeds including IP addresses, domains, and URLs which come with related information’s such as the Indicators of Compromise (IoC) reputation scores, and threat categories like "malware" or "phishing,”. Thus, by using this information, applying supervised learning techniques enable to easily assess and classify threats into high-risk and low risk categories in order to reduce false positives, which result in enhancing threat detection and prevention accuracy. These classified threat feeds are dynamically updated, allowing the NGFW to protect against new threats by adjusting its security rules with appropriate countermeasures. The results show that combining ML with classified threat feeds improves the NGFW's capacity to detect and prevent threats, leading to more focused and responsive threat management.
    26 0
  • No Thumbnail Available
    ItemRestricted
    A Critical Analysis of Cyber Threats and Vulnerabilities in Satellite Ground Systems
    (University of the West of England, 2024) Almutairi, Faisal; Mills, Alan
    The growing dependence on satellite ground systems for critical applications such as telecommunications, navigation, and weather forecasting has underscored the importance of cybersecurity in these systems. This paper critically analyses the current state of cybersecurity threats and vulnerabilities in satellite ground systems. Utilising a comprehensive literature review and critical analysis of existing scholarly works, technical papers, and industry reports, this study identifies key cyber threats, including unauthorised access, jamming, spoofing, Advanced Persistent Threats (APTs), man-in-the-middle attacks, eavesdropping, and hijacking. The analysis reveals vulnerabilities in encryption protocols and communication channels. The study evaluates existing security measures and highlights gaps in empirical validation and practical implementation. It emphasises the need for robust encryption methods, advanced cryptographic techniques, and adaptive security strategies. We also discuss the crucial step of enhancing the resilience of satellite ground systems by incorporating developing technologies like Artificial Intelligence (AI) and quantum cryptography. This paper concludes with practical recommendations, emphasising empirical validation of security measures and comprehensive risk management frameworks. The research aims to improve the security and reliability of satellite ground systems, ensuring their protection against evolving cyber threats and contributing to the overall enhancement of cybersecurity in this infrastructure
    29 0
  • No Thumbnail Available
    ItemRestricted
    Evaluation and Detection of Adversarial Attacks in ML-based NIDS
    (Newcastle University, 2024) Alatwi, Huda Ali O; Morisset, Charles
    A Network Intrusion Detection System (NIDS) monitors network traffic to detect unauthorized access and potential security breaches. A Machine Learning (ML)-based NIDS is a security mechanism that uses ML algorithms to automatically detect and identify suspicious activities or potential threats in a network by analyzing traffic patterns, distinguishing between normal and malicious behaviors, and alerting or blocking unauthorized access. Despite high accuracy, ML-based NIDS are vulnerable to adversarial attacks, where attackers modify malicious traffic to evade detection and transfer these tactics across various systems. To the best of our knowledge, several crucial research gaps persist in this area that have not yet been addressed. First, there are no systematic threat models for identifying and analyzing potential threats and vulnerabilities in ML-based NIDS. This lack of structured threat modeling hinders the development of comprehensive defense strategies and leave these systems vulnerable to adversarial attacks that exploit unknown weaknesses in the ML algorithms or system architecture. The current literature employs generic adversarial attacks mainly designed for image recognition domain to assess the resilience of ML-based, but no research has verified the realism and compliance of these attacks with network domain constraints. Investigating whether these attacks produce valid network is crucial to determine their real-world threat level and the suitability of ML-based NIDS for deployment. Another gap in the literature is the lack of comprehensive evaluations that include a wide range of models, attack types, and defense strategies using contemporary network traffic data. This gap makes it difficult to verify the generalizability and applicability of the findings for real-world. The absence of standardized metrics further hampers the ability to evaluate and compare the resilience of ML-based NIDS to adversarial attacks. Finally, there is no a lightweight solution that effectively detects and classifies adversarial traffic with scoring high accuracy on both clean and perturbed data with proven efficiency over recent dataset and across various attack types and defenses. These gaps hinder the robustness of ML-based NIDS against adversarial attacks. Therefore, this Ph.D. thesis aims to address these vulnerabilities to enhance the ML-based NIDS resilience. The overall contributions include; 1) A threat modeling for ML-based NIDS using STRIDE and Attack Tree methodologies; 2) An investigation of the realism and performance of generic adversarial attacks against DL-based NIDS; 3) A comprehensive evaluation for adversarial attacks' performance consistency, models' resilience, and defenses' effectiveness; 4) Adversarial-Resilient NIDS, a framework for detecting and classifying adversarial attacks against ML-based NIDS.
    40 0
  • No Thumbnail Available
    ItemRestricted
    Comprehensive Strategies for Time-Sensitive Networks: Path Selection, Scheduling, Security, and Virtual Reality Traffic Insights
    (Univeristy of Delaware, 2024-09) Alnajim, Abdullah Abdulkarim; Shen, Chien-Chung
    Distributed real-time applications (RTAs) demand that their communication networks be robust and deterministic. Two properties identify the network’s determinism, which are (1) the stability in terms of end-to-end latency and jitter and (2) the resilience to failures and security threats. To achieve determinism, the IEEE Time-Sensitive Networking (TSN) Task Group has amended the standards of IEEE 802.3 Ethernet to support the stringent timing requirements of RTAs. The primary purpose of this dissertation is to satisfy these two properties in the context of TSN and analyze the traffic characteristics of one popular RTA application, namely Virtual Reality (VR). To meet the stability property, we design an incremental performance-aware path selection and non-time-slotted scheduling framework that uses performance measurements to route TSN flows while load-balancing both TSN and best-effort traffic and diversifying the selected paths to avoid creating bottleneck links. Then, the framework uses non-time-slotted scheduling to find the appropriate transmission time to avoid queuing delays (or make them predictable) while enhancing bandwidth utilization compared to existing time-slotted scheduling solutions. The incremental nature of the framework, although increasing its flexibility by allowing RTAs to join the network while it is in operation, introduces security threats. We identify these threats, evaluate their impacts, and propose reactive defenses to detect and react to them upon their occurrences. To better understand future RTAs, we also analyzed the traffic characteristics of the ideal VR experience, where we used the information of the human vision capabilities to derive specific values for the required capacity, latency, and reliability for such an experience. To evaluate the accuracy of these estimated values, we derived corresponding values for Quest 2 using its provided specifications. Then, we conducted realistic VR experiences over an edge-enabled IEEE 802.11ax network to evaluate how far the calculated values were from the measured values. Results showed that the schedulability of better load-balanced TSN flows increases by up to 95.08%. Compared with time-slotted scheduling, non-time-slotted scheduling increases the schedulability of TSN flows by fivefold in some cases. Moreover, non-time-slotted scheduling reduces the number of guard bands, enhancing link utilization by more than 60%. Furthermore, the reactive defenses retained TSN’s determinism by dropping less than 1% of TSN flows in some scenarios. Finally, the measured traffic characteristics from the realistic VR experience over IEEE 802.11ax aligned with their corresponding calculated values.
    24 0
  • Thumbnail Image
    ItemRestricted
    A Distributed and Hybrid AI-Based Security Framework for 5G Real-time Applications
    (Washington University in St. Louis, 2024-08-15) Ghubaish, Ali Hussain A; Chamberlain, Roger; Dutta, Ashutosh; Jain, Raj; Ottley, Alvitta; Zhang, Ning
    This dissertation develops a multifaceted security framework tailored for 5G-enabled real-time Internet of medical things (IoMT) systems to significantly enhance the security infrastructure within healthcare environments. The framework pivots around three core technological advancements: the development of the light feature engineering based on the mean decrease in accuracy (LEMDA), the construction of a 5G testbed that serves as a distributed intrusion detection system (IDS), and the implementation of a hybrid deep reinforcement learning (HDRL) method. LEMDA represents a breakthrough in data processing for IoMT systems. By intelligently reducing data complexity, LEMDA enhances the speed and accuracy of threat detection mechanisms, which is crucial for handling the immense volumes of data generated in healthcare settings. This method speeds up the detection process and ensures that essential data nuances are not lost, thereby maintaining high precision in threat identification. Establishing the 5G testbed introduces a novel approach to distributed IDS. This testbed leverages the latest in 5G and multi-access edge computing (MEC) technologies to distribute the processing load, thereby enhancing the overall resilience and efficiency of the network. This strategic distribution also helps overcome traditional challenges associated with centralized systems, such as scalability issues and vulnerability to single points of failure. Furthermore, this initiative has led to creating a new dataset specifically designed to support the development of IDS methodologies congruent with the architectures of 5G and MEC. This dataset is a valuable resource for researchers across both academic and industrial spheres, facilitating the advancement of tailored intrusion detection strategies. Lastly, the HDRL method integrates deep learning and reinforcement learning techniques tailored to harness network and host data for improved threat detection. This innovative approach dynamically adapts to evolving threat landscapes, reducing the need for constant human supervision and frequent retraining. The HDRL method showcases a significant enhancement in threat detection efficacy, setting new benchmarks in the field. In addition to these primary contributions, the dissertation delves into creating comprehensive datasets through the EHMS testbed and reviews current IoMT security measures and attack techniques. These endeavors provide a holistic view of the security landscape and inform the development of the proposed security framework.
    22 0
  • Thumbnail Image
    ItemRestricted
    Performance Evaluation of Trust Management in Mobile Ad-hoc Networks
    (Saudi Digital Library, 2023-08-01) Jari, Hassan; Thomas, Nigel; Forshaw, Matthew
    Mobile Ad-hoc Networks (MANETs) are characterised by their self-organising nature, dynamic topology, and lack of centralised control, which makes them vulnerable to various security threats. Trust management mechanisms have emerged as a promising solution to address these challenges by establishing trust among nodes in the network and ensuring reliable and secure communication. The thesis presents a comprehensive approach to trust management in MANETs, focusing on the development, evaluation, and comparison of direct, indirect, and global trust management mechanisms for the Ad-hoc On-demand Distance Vector (AODV) routing protocol. The proposed direct trust management mechanism enhances the AODV protocol by incorporating trust values based on nodes’ historical behaviour during the route discovery and maintenance process. This mechanism allows nodes to make informed decisions when selecting routes, thereby improving the reliability and security of the network. The indirect trust management mechanism extends the direct trust approach by considering recommendations from neighbouring nodes to establish trust among nodes that have not previously interacted. This mechanism fosters cooperation among nodes and mitigates the impact of malicious or compromised nodes in the network. Finally, the global trust management mechanism takes a more holistic approach, combining direct and indirect trust information to calculate a global trust value for each node. This mechanism enables nodes to make routing decisions based on a broader understanding of the network’s overall trust landscape. To assess the performance and security of these trust management mechanisms, we conduct extensive simulations using the network simulators NS-2 and NS-3. Our results demonstrate significant improvements in key performance metrics, such as packet delivery ratio, throughput, end-to-end delay, and routing overheads, when trust management mechanisms are integrated with the AODV routing protocol. Furthermore, we evaluate the robustness of these mechanisms in the presence of malicious nodes, such as black hole attacks, and show their effectiveness in mitigating the impact of such security threats. In summary, this paper presents a comprehensive approach to trust management in Mobile Ad-hoc Networks, encompass the development, evaluation, and comparison of direct, indirect, and global trust mechanisms for the AODV routing protocol. Through rigorous analysis and extensive simulations, we demonstrate the effectiveness of these mechanisms in improving the security and performance of MANETs across various scenarios and environments. By highlighting potential future research and emphasising the importance of interdisciplinary collaboration, the thesis contributes to the ongoing efforts to create more secure, robust, and efficient ad-hoc networking solutions.
    21 0
  • Thumbnail Image
    ItemRestricted
    Lightweight Cryptographic Mechanisms for Internet of Things and Embedded Systems
    (2023-03) Bin Rabiah, Abdulrahman; Abu-Ghazaleh, Nael; Richelson, Silas
    Today, IoT devices such as health monitors and surveillance cameras are widespread. As the industry matures, IoT systems are becoming pervasive. This revolution necessitates further research in network security, as IoT systems impose constraints on network design due to the use of lightweight, computationally weak devices with limited power and network connectivity being used for varying and unique applications. Thus, specialized secure protocols which can tolerate these constraints are needed. This dissertation examines three problems in the constrained IoT setting: 1) Key exchange, 2) Authentication and 3) Key management. First, IoT devices often gather critical information that needs to be communicated in a secure manner. Authentication and secure communication in an IoT environment can be difficult because of constraints, in computing power, memory, energy and network connectivity. For secure communication with the rest of the network, an IoT device needs to trust the gateway through which it communicates, often over a wireless link. An IoT device needs a way of authenticating the gateway and vice-versa, to set up that secure channel. We introduce a lightweight authentication and key exchange system for IoT environments that is tailored to handle the IoT-imposed constraints. In our system, the gateway and IoT device communicate over an encrypted channel that uses a shared symmetric session key which changes periodically (every session) in order to ensure perfect forward secrecy. We combine both symmetric-key and public-key cryptography based authentication and key exchange, thus reducing the overhead of manual configuration. We study our proposed system, called Haiku, where keys are never exchanged over the network. We show that Haiku is lightweight and provides authentication, key exchange, confidentiality, and message integrity. Haiku does not need to contact a Trusted Third Party (TTP), works in disconnected IoT environments, provides perfect forward secrecy, and is efficient in compute, memory and energy usage. Haiku achieves 5x faster key exchange and at least 10x energy consumption reductions. Second, signature-based authentication is a core cryptographic primitive essential for most secure networking protocols. We introduce a new signature scheme, MSS, that allows a client to efficiently authenticate herself to a server. We model our new scheme in an offline/online model where client online time is premium. The offline component derives basis signatures that are then composed based on the data being signed to provide signatures efficiently and securely during run-time. MSS requires the server to maintain state and is suitable for applications where a device has long-term associations with the server. MSS allows direct comparison to hash chain-based authentication schemes used in similar settings, and is relevant to resource-constrained devices e.g., IoT. We derive MSS instantiations for two cryptographic families, assuming the hardness of RSA and decisional Diffie-Hellman (DDH) respectively, demonstrating the generality of the idea. We then use our new scheme to design an efficient time-based one-time password (TOTP) system. Specifically, we implement two TOTP authentication systems from our RSA and DDH instantiations. We evaluate the TOTP implementations on Raspberry Pis which demonstrate appealing gains: MSS reduces authentication latency and energy consumption by a factor of ∼82 and 792, respectively, compared to a recent hash chain-based TOTP system. Finally, we examine an important sub-component of the massive IoT technology, namely connected vehicles (CV)/Internet of Vehicles (IoV). In the US alone, the US department of transportation approximates the number of vehicles to be around 350 million. Connected vehicles is an emerging technology, which has the potential to improve the safety and efficiency of the transportation system. To maintain the security and privacy of CVs, all vehicle-to-vehicle (V2V) communications are typically established on top of pseudonym certificates (PCs) which are maintained by a vehicular public key infrastructure (VPKI). However, the state-of-the-art VPKIs (including SCMS; the US VPKI standard for CV) often overlooked the reliability constraint of wireless networks (which eventually degrades the VPKI security) that exists in high-mobility environments such as CV networks. This constraint stems from the short coverage time between an on-board unit (OBU) inside a fast moving vehicle and a stationary road-side unit (RSU). In this work, we present TVSS, a novel VPKI design that pushes critical VPKI operations to the edge of the network; the RSU, while maintaining all security and privacy assumptions in the state-of-the-art VPKIs. Our real-life testbed shows a reduced PC generation latency by 28.5x compared to recent VPKIs. Furthermore, our novel local pseudonym certificate revocation lists (PCRLs) achieves 13x reduction in total communication overhead for downloading them compared to delta PCRLs.
    33 0
  • No Thumbnail Available
    ItemRestricted
    Artificial Immune Systems for Detecting Unknown Malware in the IoT
    (Queen Mary University of London, 2023-01-27) Alrubayyi, Hadeel; Goteng, Gokop; Jaber, Mona
    With the expansion of the digital world, the number of the Internet of Things (IoT) devices is evolving dramatically. IoT devices have limited computational power and small memory. Also, they are not part of traditional computer networks. Consequently, existing and often complex security methods are unsuitable for malware detection in IoT networks. This has become a significant concern in the advent of increasingly unpredictable and innovative cyber-attacks. In this context, artificial immune systems (AIS) have emerged as effective IoT malware detection mechanisms with low computational requirements. In this research, we present a critical analysis to highlight the limitations of the AIS state-of-the-art solutions and identify promising research directions. Next, we propose Negative-Positive-Selection (NPS) method, which is an AIS-based for malware detection. The NPS is suitable for IoT's computation restrictions and security challenges. The NPS performance is benchmarked against the state-of-the-art using multiple real-time datasets. The simulation results show a 21% improvement in malware detection and a 65% reduction in the number of detectors. Then, we examine AIS solutions' potential gains and limitations under realistic implementation scenarios. We design a framework to mimic real-life IoT systems. The objective is to evaluate the method's lightweight, fault tolerance, and detection performance with regard to the system constraints. We demonstrate that AIS solutions successfully detect unknown malware in the most challenging IoT environment in terms of memory capacity and processing power. Furthermore, the systemic results with different system architectures reveal the AIS solutions' ability to transfer learning between IoT devices. Transfer learning is a critical feature in the presence of highly constrained devices in the network. More importantly, we highlight that the simulation environment cannot be taken at face value. In reality, AIS malware detection accuracy for IoT systems is likely to be close to 10% worse than simulation results, as indicated by the study results.
    73 0

Copyright owned by the Saudi Digital Library (SDL) © 2025