MARC View

000			08232nam a22002537a 4500
008			210125b2018 a\|\|\|f mb\|\| 00\| 0 eng d
040			_aEG-CaNU _cEG-CaNU
041	0		_aeng _beng
082			_a658
100	0		_aAhmed Ali Mohammed El-Kosairy
245	1		_aA New Web Deception System Framework with Intrusion and Ransomware Detection System [WDS-IRDS] _cAhmed Ali Mohammed El-Kosairy
260			_c2018
300			_a96 p. _bill. _c21 cm.
500			_3Supervisor: Nashwa Abd El-Baki
502			_aThesis (M.A.)—Nile University, Egypt, 2018 .
504			_a"Includes bibliographical references"
505	0		_aContents: ABSTRACT ...................................................................................................................................... 17 CHAPTER 1: INTRODUCTION ............................................................................................................ 19 1.1 GENERAL OVERVIEW ......................................................................................................... 19 1.2 AIMS AND OBJECTIVES ...................................................................................................... 20 1.3 RESEARCH GOALS AND APPROACH .................................................................................... 21 1.4 THESIS ORGANIZATION ...................................................................................................... 21 CHAPTER 2: BACKGROUND .............................................................................................................. 23 2.1 HONEYWEB, WEB PROTECTION AND DECEPTION-BASED SCHEMES ................................... 23 2.2 GAME THEORY-BASED SCHEMES ....................................................................................... 23 2.3 INTRUSION AND RANSOMWAREDETECTION-BASED SCHEMES .......................................... 24 SUMMARY...................................................................................................................................... 24 CHAPTER 3: PROPOSED WDS/ IRDS ARCHITECTURE AND DESIGN ................................................... 25 3.1WEB DECEPTION SYSTEM ARCHITECTURE AND DESIGN [WDS] ................................................... 25 3.1.1 GAME THEORY AND WEB DECEPTION ..................................................................................... 25 3.1.2PROPOSED WDS ARCHITECTURE .............................................................................................. 28 3.1.3 WDS STRUCTURE WITH GIDA MODULE DESIGN ...................................................................... 29 3.2 INTRUSION AND RANSOMWARE DETECTION SYSTEM ARCTURTURE AND DESIGN [IRDS] .......... 32 3.2.1 INTRUDER DETECTION FOR SERVERS AND NETWORK ............................................................. 32 3.2.2 DIFFERENCE BETWEEN RANSOMWARE DETECTION TECHNIQUES ........................................... 34 3.2.3 IRDS DESIGN ........................................................................................................................... 37 8 A. IRDS STRUCTURE AND DESIGN ............................................................................................... 37 B. IRDS AND POSITIONING TECHNIQUE ...................................................................................... 38 C. MISLEADING CONTENTS AND IRDS STRUCTURE/DESIGN ........................................................ 40 SUMMARY...................................................................................................................................... 42 CHAPTER 4: EXPERIMENTAL RESULTS .............................................................................................. 43 4.1 WDS EXPERIMENTS ................................................................................................................... 43 4.1.1 ATTACKS BEFORE USING THE PROPOSED WDS ....................................................................... 43 4.1.2 ATTACKS AFTER USING THE PROPOSED WDS .......................................................................... 44 4.2 IRDS EXPERIMENT ..................................................................................................................... 46 4.2.1 EXPERIMENT 1: TESTING RANSOMWARE DETECTION ............................................................. 46 4.2.2 EXPERIMENT 2: TESTING INTRUSION DETECTION ................................................................... 51 4.2.3 EXPERIMENT 3: COMPARING IRDS, FILE-HASHING, AND ENTROPY ......................................... 55 4.2.4 LIMITATIONS OF THE PROPOSED IRDS .................................................................................... 63 SUMMARY...................................................................................................................................... 64 CHAPTER 5: BENCHMARKING PROPOSED SCHEME .......................................................................... 66 SUMMARY...................................................................................................................................... 83 CHAPTER 6: CONCLUSIONS AND FUTURE WORK ............................................................................. 84 APPENDIX A.................................................................................................................................... 86 SPLUNK SECURITY INFORMATION AND EVENT MANAGEMENT ....................................................... 86 (SIEM)............................................................................................................................................. 86 A.1 WHAT IS SIEM ........................................................................................................................... 86 A.2CAPABILITIES/COMPONENTS ..................................................................................................... 86 A.3WHY SPLUNK............................................................................................................................. 87 APPENDIX B ................................................................................................................................ 90 WDS ALGORITHM: OUR PROPOSED WDS AGENT POLICY SCRIPT ............................... 90 REFERENCES ............................................................................
520	3		_aAbstract: Web applications have many vulnerabilities that allow attackers to compromise sensitive data and gain unauthorized access to the production web servers. Attackers and cybercriminals are always in a race to either compromise networks and servers or embezzle ransoms through ransomware. Current random attacks draw attention to the need for new protection and detection tools. Intruders must be prevented from such exploitations of assets, and their malicious attempts counter-attacked. Among the approaches of preventing intruders from compromising servers and networks is the use of traditional security controls, such as Intrusion Prevention Systems (IPS), firewalls and Antiviruses. Such tactics could be successful at lower attacks levels. Current attacks are more aggressive, they can bypass most security tools. Servers are being compromised and files encrypted for ransom. In this thesis, we propose a web deception scheme to mitigate web attacks in the production web site and detect any intrusion or ransomware in the server and endpoints. The solution is more like a call for arms, using game theory, honeyweb, and honeytokens with ransomware and intrusion detection. Layers of deception systems are introduced to detect any intrusion or ransomware trying to gain access to compromise private files by using a deception system based on honeyfiles and honeytokens. A proof of concept is deployed with implementation of one of the key deception methods proposed to detect ransomware and intruders. The proposed scheme is explained in detail as well as simulation results.
546			_aText in English, abstracts in English.
650		4	_aInformation Security _9294
655		7	_2NULIB _aDissertation, Academic _9187
690			_aInformation Security _9294
942			_2ddc _cTH
999			_c8869 _d8869