Tesi di Dottorato
Permanent URI for this communityTesi di Dottorato
Browse
6 results
Search Results
Item Resource reservation protocol and predictive algorithms for QoS support in wireless environments(2008-01) Fazio, Peppino; Talia, Domenico; Marano, SalvatoreItem Ensemble learning techniques for cyber security applications(2017-07-13) Pisani, Francesco Sergio; Crupi, Felice; Folino, GianluigiCyber security involves protecting information and systems from major cyber threats; frequently, some high-level techniques, such as for instance data mining techniques, are be used to efficiently fight, alleviate the effect or to prevent the action of the cybercriminals. In particular, classification can be efficiently used for many cyber security application, i.e. in intrusion detection systems, in the analysis of the user behavior, risk and attack analysis, etc. However, the complexity and the diversity of modern systems opened a wide range of new issues difficult to address. In fact, security softwares have to deal with missing data, privacy limitation and heterogeneous sources. Therefore, it would be really unlikely a single classification algorithm will perform well for all the types of data, especially in presence of changes and with constraints of real time and scalability. To this aim, this thesis proposes a framework based on the ensemble paradigm to cope with these problems. Ensemble is a learning paradigm where multiple learners are trained for the same task by a learning algorithm, and the predictions of the learners are combined for dealing with new unseen instances. The ensemble method helps to reduce the variance of the error, the bias, and the dependence from a single dataset; furthermore, it can be build in an incremental way and it is apt to distributed implementations. It is also particularly suitable for distributed intrusion detection, because it permits to build a network profile by combining different classifiers that together provide complementary information. However, the phase of building of the ensemble could be computationally expensive as when new data arrives, it is necessary to restart the training phase. For this reason, the framework is based on Genetic Programming to evolve a function for combining the classifiers composing the ensemble, having some attractive characteristics. First, the models composing the ensemble can be trained only on a portion of the training set, and then they can be combined and used without any extra phase of training. Moreover the models can be specialized for a single class and they can be designed to handle the difficult problems of unbalanced classes and missing data. In case of changes in the data, the function can be recomputed in an incrementally way, with a moderate computational effort and, in a streaming environment, drift strategies can be used to update the models. In addition, all the phases of the algorithm are distributed and can exploits the advantages of running on parallel/ distributed architectures to cope with real time constraints. The framework is oriented and specialized towards cyber security applications. For this reason, the algorithm is designed to work with missing data, unbalanced classes, models specialized on some tasks and model working with streaming data. Two typical scenarios in the cyber security domain are provided and some experiment are conducted on artificial and real datasets to test the effectiveness of the approach. The first scenario deals with user behavior. The actions taken by users could lead to data breaches and the damages could have a very high cost. The second scenario deals with intrusion detection system. In this research area, the ensemble paradigm is a very new technique and the researcher must completely understand the advantages of this solution.Item Malevolent Activities Detection and Cyber Range Scenarios Orchestration(2018-06-08) Piccolo, Antonio; Saccà, Domenico; Pugliese, Andrea; Crupi, Feliceincreasing availability of Internet accessible services driven by the di usion of connected devices. The consequent exposition to cyber-threats demands for suitable methodologies, techniques and tools allowing to adequately handle issues arising in such a complex domain. Most Intrusion Detection Systems are capable of detecting many attacks, but cannot provide a clear idea to the analyst because of the huge number of false alerts generated by these systems. This weakness in the IDS has led to the emergence of many methods in which to deal with these alerts, minimize them and highlight the real attacks. Furthermore, experience shows that the inter- pretation of the alerts usually requires more than the single messages provided by the sensors, so there is a need for techniques that can analyse the alerts within the context in which they have been generated. This might require the ability to correlate them with some other contextual information provided by other devices. Using synthetic data to design, implement and test these techniques its not fair and reliable because the variety and unpredictability of the real world data. On the other hand retrieve these information from real world networks is not easy (and sometimes impossible) due to privacy and con dential restrictions. Virtual Environments, Software De ned Systems and Software De ned Net- work will play a critical role in many cyber-security related aspects like the assessment of newly devised intrusion detection techniques, the generation of real world like logs, the evaluation of skills of cyber-defence team members and the evaluation of the disruptive e ects caused by the di usion of new malware. This thesis proposes, among other things, a novel domain-speci c platform, named SmallWorld, aimed to easily design, build and deploy realistic com- puter network scenarios achieved by the immersion of real systems into a software de ned virtual environment, enriched by Software De ned Agents put in charge of reproducing users or bot behaviours. Additionally, to provide validation and performance evaluation of the proposed platform, a number of Scenarios (including penetration testing laboratories, IoT and domotics net- works and a reproduction of the most common services on Internet like a DNS server, a MAIL server, a booking service and a payment gateway) have been developed inside SmallWorld. Over time the platform has been rewrit- ten and radically improved leading to the birth of Hacking Square. This new version is currently available on-line and freely accessible from anyone. The impact of this research prototype has been demonstrated, above all, during the course of "Metodi e Strumenti per la Sicurezza Informatica" for the mas- ter degree in Cyber Security at DIMES, University of Calabria. In fact, the platform has been employed to build the laboratory of the course as an in cloud service for students (including all the material to conduct exercises and assignments) and to organize a, practical, Capture the Flag (CTF) like nal test. Finally, the platform is under the attention of Consorzio Interuniver- sitario per l'Informatica (CINI), as it could be used to manage and deploy training content for the CyberChallenge 2018.Item Theoretical and Practical Aspects of Trusted Execution Environments in Information Security and Volunteer Computing(2018-08-06) Ianni, Michele; Pugliese, Andrea; Masciari, ElioCommodity operating systems, both on desktop and mobile devices, offer rich functionality and consequently a significant attack surface. A compromise of the operating system, however, means that an attacker also has access to any critical assets of the user’s applications. These critical assets include code, which either is part of security-critical functionality, or of commercial value and other sensitive information whose disclosure, even in a minimal part, must be avoided. While many platforms offer support for Trusted Execution Environments (TEEs), these are currently restricted for the use of secure services provided by the operating system or the vendor. Developers have to rely on obfuscation to protect their own code from unauthorized tampering or copying, which only provides an obstacle for an attacker but does not prevent compromise. In collaborative networks, moreover, many problems are usually not handled at all, since it is not possible, in many cases, to hide confidential data from inputs of the subtasks solved by the computers of the network. This thesis proposes to take advantage and extend these TEEs to also offer code protection for arbitrary application and secure data in volunteer computing networksItem Anomalies in cyber security: detection, prevention and simulation approaches(2018-07-03) Argento, Luciano; Crupi, Felice; Furfaro, Angelo; Angiulli, FabrizioWith themassive adoption of the Internet both our private andworking life has drastically changed. The Internet has introduced new ways to communicate and complete every day tasks. Organisations of any kind have taken their activities online to achieve many advantages, e.g. commercial organisations can reach more customers with proper marketing. However, the Internet has also brought various drawbacks and one of these concerns cyber security issues. Whenever an entity (e.g. a person or company) connects to the Internet it immediately becomes a potential target of cyber threats, i.e. malicious activities that take place in cyberspace. Examples of cyber threats are theft of intellectual property and denial of service attacks. Many efforts have been spent to make the Internet perhaps the most revolutionary communication tool ever created, but unfortunately little has been done to design it in a secure fashion. Since the massive adoption of the Internet we have witnessed a huge number of threats, perpetrated by many different actors such as criminal organisations, disgruntled workers and even people with little expertise, thanks to the existence of attack toolkits. On top of that, cyber threats are constantly going through a steady evolution process and, as a consequence, they are getting more and more sophisticated. Nowadays, the cyber security landscape is in a critical condition. It is of utmost importance to keep up with the evolution of cyber threats in order to improve the state of cyber security. We need to adapt existing security solutions to the ever-changing security landscape and devise new ones when needed. The research activities presented in this thesis find their place in this complex scenario. We investigated significant cyber security problems, related to data analysis and anomaly detection, in different areas of research, which are: Hybrid Anomaly Detection Systems; Intrusion Detection Systems; Access Control Systems and Internet of Things. Anomaly detection approaches are very relevant in the field of cyber security. Fraud and intrusion detection arewell-known research areaswhere such approaches are very important. A lot of techniques have been devised, which can be categorised in anomaly and signature based detection techniques. Researchers have also spent much effort on a third category of detection techniques, i.e. hybrid anomaly detection, which combine the two former approaches in order to obtain better detection performances. Towards this direction, we designed a generic framework, called HALF, whose goal is to accommodate multiple mining algorithms of a specific domain and provide a flexible and more effective detection capability. HALF can be easily employed in different application domains such as intrusion detection and steganalysis due to its generality and the support provided for the data analysis process. We analysed two case studies in order to show how HALF can be exploited in practice to implement a Network Intrusion Detection System and a Steganalysis tool. The concept of anomaly is a core element of the research activity conducted in the context of intrusion detection, where an intrusion can be seen as an anomalous activity that might represent a threat to a network or system. Intrusion detection systems constitute a very important class of security tools which have become an invaluable defence wall against cyber threats. In this thesis we present two research results that stemfromissues related to IDSs that resort to the n-grams technique. The starting point of our first contribution is the threat posed by content-based attacks. Their goal is to deliver malicious content to a service in order to exploit its vulnerabilities. This type of attacks has been causing serious damages to both people and organisations over these years. Some of these attacks may exploit web application vulnerabilities to achieve goals such as data theft and privilege escalation, which may lead to enormous financial loss for the victim. IDSs that exploit the n-gram technique have proven to be very effective against this category of cyber threats. However, n-grams may not be sufficient to build reliable models that describe normal and/or malicious traffic. In addition, the presence of an adversarial attacker is not properly addressed by the existing solutions. We devised a novel anomaly-based intrusion detection technique, called PCkAD to detect content-based attacks threatening application level protocols. PCkAD models legitimate traffic on the basis of the spatial distribution of the n−grams occurring in the relevant content of normal traffic and has been designed to be resistant to blending evasion techniques. Indeed, we demonstrate that evading is an intrinsically difficult problem. The experiments conducted to evaluate PCkAD show that it achieves state of the art performances in real attack scenarios and that it performs well against blending attacks. The second contribution concerning intrusion detection investigates issues that may be brought by the employment of the n-gram technique. Many approaches using n-grams have been proposed in literature which typically exploit high order n-grams to achieve good performance. However, because the n-gram domain grows exponentially with respect to the n-gram size, significant issues may arise, from the generation of huge models to overfitting. We present an approach aimed to reduce the size of n-grambased models, which is able build models that contain only a fraction of the original n-grams with little impact on the detection accuracy. The reported experiments, conducted on a real word dataset, show promising results. The research concerning access control systems focused on anomalies that represent attempts of exceeding or misusing access controls to negatively affect the confidentiality, integrity or availability of a target information system. Access control systems are nowadays the first line of defence of modern computing systems. However, their intrinsic static nature hinders autonomously refinement of access rules and adaptation to emerging needs. Advanced attributed-based systems still rely on mainly manual administration approaches and are not effective on preventing insider threat exploiting granted access rights. We introduce a machine learning approach to refine attribute-based access control policies based on behavioural patterns of users’ access to resources. The designed system tailors a learning algorithm upon the decision tree solutions. We analysed a case study and conducted an experiment to show the effectiveness of the system. IoT is the last topic of interest in the present thesis. IoT is showing the potential for impacting several domains, ranging from personal to enterprise environments. IoT applications are designed to improve most aspects of both business and citizens’ lives, however such emerging technology has become an attractive target for cybercriminals. A worrying security problem concerns the presence of many smart devices that have security holes. Researchers are investing their efforts in the evaluation of security properties. Following this direction, we show that it is possible to effectively assess cyber security scenarios involving IoT settings by combining novel virtual environments, agent-based simulation and real devices and then achieving a means that helps prevent anomalous actions fromtaking advantage of security holes for malicious purposes. We demonstrate the effectiveness of the approach through a case study regarding a typical smart home setting.Item Simulation models for the evaluation of detection and defense protocols against cyber attacks(2016-02-19) Molina Valdiviezo, Lorena Paulina; Crupi, Felice; Furfaro, Angelo