Normal view MARC view ISBD view

A New Web Deception System Framework with Intrusion and Ransomware Detection System [WDS-IRDS] (Record no. 8869)

MARC details
000 -LEADER
fixed length control field	08232nam a22002537a 4500
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION
fixed length control field	210125b2018 a\|\|\|f mb\|\| 00\| 0 eng d
040 ## - CATALOGING SOURCE
Original cataloging agency	EG-CaNU
Transcribing agency	EG-CaNU
041 0# - Language Code
Language code of text	eng
Language code of abstract	eng
082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER
Classification number	658
100 0# - MAIN ENTRY--PERSONAL NAME
Personal name	Ahmed Ali Mohammed El-Kosairy
245 1# - TITLE STATEMENT
Title	A New Web Deception System Framework with Intrusion and Ransomware Detection System [WDS-IRDS]
Statement of responsibility, etc.	Ahmed Ali Mohammed El-Kosairy
260 ## - PUBLICATION, DISTRIBUTION, ETC.
Date of publication, distribution, etc.	2018
300 ## - PHYSICAL DESCRIPTION
Extent	96 p.
Other physical details	ill.
Dimensions	21 cm.
500 ## - GENERAL NOTE
Materials specified	Supervisor: Nashwa Abd El-Baki
502 ## - Dissertation Note
Dissertation type	Thesis (M.A.)—Nile University, Egypt, 2018 .
504 ## - Bibliography
Bibliography	"Includes bibliographical references"
505 0# - Contents
Formatted contents note	Contents:<br/>ABSTRACT ...................................................................................................................................... 17<br/>CHAPTER 1: INTRODUCTION ............................................................................................................ 19<br/>1.1 GENERAL OVERVIEW ......................................................................................................... 19<br/>1.2 AIMS AND OBJECTIVES ...................................................................................................... 20<br/>1.3 RESEARCH GOALS AND APPROACH .................................................................................... 21<br/>1.4 THESIS ORGANIZATION ...................................................................................................... 21<br/>CHAPTER 2: BACKGROUND .............................................................................................................. 23<br/>2.1 HONEYWEB, WEB PROTECTION AND DECEPTION-BASED SCHEMES ................................... 23<br/>2.2 GAME THEORY-BASED SCHEMES ....................................................................................... 23<br/>2.3 INTRUSION AND RANSOMWAREDETECTION-BASED SCHEMES .......................................... 24<br/>SUMMARY...................................................................................................................................... 24<br/>CHAPTER 3: PROPOSED WDS/ IRDS ARCHITECTURE AND DESIGN ................................................... 25<br/>3.1WEB DECEPTION SYSTEM ARCHITECTURE AND DESIGN [WDS] ................................................... 25<br/>3.1.1 GAME THEORY AND WEB DECEPTION ..................................................................................... 25<br/>3.1.2PROPOSED WDS ARCHITECTURE .............................................................................................. 28<br/>3.1.3 WDS STRUCTURE WITH GIDA MODULE DESIGN ...................................................................... 29<br/>3.2 INTRUSION AND RANSOMWARE DETECTION SYSTEM ARCTURTURE AND DESIGN [IRDS] .......... 32<br/>3.2.1 INTRUDER DETECTION FOR SERVERS AND NETWORK ............................................................. 32<br/>3.2.2 DIFFERENCE BETWEEN RANSOMWARE DETECTION TECHNIQUES ........................................... 34<br/>3.2.3 IRDS DESIGN ........................................................................................................................... 37<br/>8<br/>A. IRDS STRUCTURE AND DESIGN ............................................................................................... 37<br/>B. IRDS AND POSITIONING TECHNIQUE ...................................................................................... 38<br/>C. MISLEADING CONTENTS AND IRDS STRUCTURE/DESIGN ........................................................ 40<br/>SUMMARY...................................................................................................................................... 42<br/>CHAPTER 4: EXPERIMENTAL RESULTS .............................................................................................. 43<br/>4.1 WDS EXPERIMENTS ................................................................................................................... 43<br/>4.1.1 ATTACKS BEFORE USING THE PROPOSED WDS ....................................................................... 43<br/>4.1.2 ATTACKS AFTER USING THE PROPOSED WDS .......................................................................... 44<br/>4.2 IRDS EXPERIMENT ..................................................................................................................... 46<br/>4.2.1 EXPERIMENT 1: TESTING RANSOMWARE DETECTION ............................................................. 46<br/>4.2.2 EXPERIMENT 2: TESTING INTRUSION DETECTION ................................................................... 51<br/>4.2.3 EXPERIMENT 3: COMPARING IRDS, FILE-HASHING, AND ENTROPY ......................................... 55<br/>4.2.4 LIMITATIONS OF THE PROPOSED IRDS .................................................................................... 63<br/>SUMMARY...................................................................................................................................... 64<br/>CHAPTER 5: BENCHMARKING PROPOSED SCHEME .......................................................................... 66<br/>SUMMARY...................................................................................................................................... 83<br/>CHAPTER 6: CONCLUSIONS AND FUTURE WORK ............................................................................. 84<br/>APPENDIX A.................................................................................................................................... 86<br/>SPLUNK SECURITY INFORMATION AND EVENT MANAGEMENT ....................................................... 86<br/>(SIEM)............................................................................................................................................. 86<br/>A.1 WHAT IS SIEM ........................................................................................................................... 86<br/>A.2CAPABILITIES/COMPONENTS ..................................................................................................... 86<br/>A.3WHY SPLUNK............................................................................................................................. 87<br/>APPENDIX B ................................................................................................................................ 90<br/>WDS ALGORITHM: OUR PROPOSED WDS AGENT POLICY SCRIPT ............................... 90<br/>REFERENCES ............................................................................
520 3# - Abstract
Abstract	Abstract:<br/>Web applications have many vulnerabilities that allow attackers to compromise sensitive data and<br/>gain unauthorized access to the production web servers. Attackers and cybercriminals are always<br/>in a race to either compromise networks and servers or embezzle ransoms through ransomware.<br/>Current random attacks draw attention to the need for new protection and detection tools. Intruders<br/>must be prevented from such exploitations of assets, and their malicious attempts counter-attacked.<br/>Among the approaches of preventing intruders from compromising servers and networks is the use<br/>of traditional security controls, such as Intrusion Prevention Systems (IPS), firewalls and Antiviruses.<br/>Such tactics could be successful at lower attacks levels. Current attacks are more<br/>aggressive, they can bypass most security tools. Servers are being compromised and files encrypted<br/>for ransom.<br/>In this thesis, we propose a web deception scheme to mitigate web attacks in the production web<br/>site and detect any intrusion or ransomware in the server and endpoints. The solution is more like a<br/>call for arms, using game theory, honeyweb, and honeytokens with ransomware and intrusion<br/>detection.<br/>Layers of deception systems are introduced to detect any intrusion or ransomware trying to gain<br/>access to compromise private files by using a deception system based on honeyfiles and<br/>honeytokens. A proof of concept is deployed with implementation of one of the key deception<br/>methods proposed to detect ransomware and intruders. The proposed scheme is explained in detail<br/>as well as simulation results.
546 ## - Language Note
Language Note	Text in English, abstracts in English.
650 #4 - Subject
Subject	Information Security
655 #7 - Index Term-Genre/Form
Source of term	NULIB
focus term	Dissertation, Academic
690 ## - Subject
School	Information Security
942 ## - ADDED ENTRY ELEMENTS (KOHA)
Source of classification or shelving scheme	Dewey Decimal Classification
Koha item type	Thesis
650 #4 - Subject
--	294
655 #7 - Index Term-Genre/Form
--	187
690 ## - Subject
--	294

Holdings
Withdrawn status	Lost status	Source of classification or shelving scheme	Damaged status	Not for loan	Home library	Current library	Date acquired	Total Checkouts	Full call number	Date last seen	Price effective from	Koha item type
		Dewey Decimal Classification		Not For Loan	Main library	Main library	01/25/2021		658 / A.K.N / 2018	01/25/2021	01/25/2021	Thesis