MSc in Cyber Security
Permanent URI for this collectionhttps://rda.sliit.lk/handle/123456789/2918
Students enrolled in the MSc in Cyber Security programme are required to submit a thesis as a compulsory component of their degree requirements. This collection comprises merit-based theses submitted by postgraduate candidates specialising in Cyber Security. Abstracts are available for public viewing, while the full texts can be accessed on-site within the library.
Theses and Dissertations of the Sri Lanka Institute of Information Technology (SLIIT) are licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Browse
Publication Embargo Publication Embargo “FireX” – A Low Cost Raspberry Pi Based Open-Source Firewall Appliance for Sri Lanka Post(2021) Fernando, G.G.U.Recent statistics on data breach shows millions of data get stolen or lost every year and larger organizations are moving in to complex IT security solutions to protect their data from the intruders. However, organizations with limited financial capabilities remain unprotected to lack of available funds to invest on decent IT security solution for their organization. Department of Posts Sri Lanka (Sri Lanka POST) is also in a situation where seeking a low cost IT security firewall solution to protect their post offices located around the country. The open source firewall solutions are the most popular world-wide methodology for used to empower the overall security of a medium scale home and office computing network as well as large scale cooperate networks without spending a large amount of funds. Open Source Firewall Controls embedded to a hardware device provides more centralized approach for IT Engineers when managing a network. Furthermore, most of other Government Organizations in Sri Lanka faces the same issues when protecting their cooperate network infrastructure due to financial capabilities. As a solution, The Researcher designed an open source low cost embedded hardware device to act as a corporate firewall where the device can govern the network access while catering the business requirements whereas protecting the IT assets from the intruders. The designed firewall solution is based on multiple open source packages which can run on a raspberry pi model 3b+ single-board computer (SBC). The open source firewall package ‘IPFire’ was used to act as the firewalling module for this project. At the end of this research project the Researcher is planning to locate on post offices around Sri Lanka.Publication Embargo Smart Source code Analyzer to Detect Security Vulnerabilities(2021) Gunawardana, P.C.S.Web based applications are more vulnerable to unauthorized access. Recently web applications are more important for organizations to implement their business activities and sensitive information sharing among owners. To solve security problems (cyber-attacks, threats) organizations are expending huge money to penetration testing, vulnerability assessments for their IT resources. According to OWASP ratings there are most vulnerable areas in web development. Injection, Broken authentication, Sensitive data exposure, XML external entities (XXE), Broken access control, Security misconfigurations, Cross site scripting (XSS), Insecure deserialization are some top vulnerabilities that can be happened in web application. SQL injection attack can destroy the web application or any online application. SQLI will allow attackers to access, modify, delete sensitive information of application back-end database without authorization. It is possible to run arbitrary commands with using SQL injection which uses high system privileges. Hence effect is high critical. Most of SQL injection attacks are from user inputs dynamically generated. Normally there are several ways to write a code. So those codes can be vulnerable for attacks. Specially SQL injection attacks because of unprepared coding and not follow secure code standards. As example we can write SQL injection prevention code with using prepared statements. In java they have SQL injection safer method which is prepared statement. As example [email: ‘ OR ‘1’ = ‘1 Password: ‘ OR ‘1’ = ‘1] code generate [SELECT userid FROM employee WHERE id = ‘1’ OR ‘1’ = ‘1’ AND password = ‘1’ OR ‘1’ = ‘1’] query. Because this generate WHERE clause always TRUE. [2] So attacker can log into system without valid login id and password. As well as retrieve sensitive information or meta data about database schema such as database names, table names, table field names, table field data types. So this is big issue and harmful for applications. Cross-Site Scripting (XSS) is a most famous attack type by hackers inserting malicious code samples for web application client side (use JavaScript codes for front end not attack host server). These kinds of attacks can be happened mostly because of not proper validation of the content. This is about mostly happened retrieving user sessions, session tokens, sensitive information and cookies, hijack accounts, spread web worms, access browser history and clipboard contents, control web browser remotely, scan and exploit internal network applications. Majority of web sites as example 70% of them are vulnerable to XSS attacks. XSS can be classified into two parts. Those are namely reflected XSS and XSS stored. This is about inserting malicious JavaScript code to web application URL.[3] These are happening due to unsecure software writings. Many software engineers are not aware of security coding standards and they only focus about developing. But the main critical and important thing is security of web application. It should be in developing stage. So this research is to identify security vulnerabilities of software code and future enhancement of this research is to suggest alternative best suitable secure code lines. In my research I focus mostly on SQL injection. So finding SQL injection varieties and prevention ways of writing SQL queries. Apart of that I can find more details about more vulnerabilities such as buffer overflow, xss attacks that can be happened to web application or codes. These are fed into vulnerability database tables and also prevention methods of such vulnerabilities are stored in another database table. In my research I’m going to design web application that allows user to paste their coding. Then he can check whether those have security problems with displaying tooltip about security issue about code and generate report about vulnerability. I develop this from PHP as web language and MYSQL as database management system. There are several tables with having security issue sample codes as well as correct way of writing those related security problem prevention codes. There are several ways to identify developer pasted code in my webpage. Those are abstract syntax tree, code comparing hash key generation etc. I use arrays to collect pasted code with tokens. It is similar way of abstract syntax tree. After that before comparing I develop a function to identify which kind of vulnerability is existing in that pasted code in my web page. For that I have another special database table with having specific kind of vulnerability key words. Database table has sql keywords such as select, insert etc. If pasted code is having select query found then I use next comparing that the code is having security problem. Then it is going to compare tokenized code with vulnerability database tables and correct way and best practices of secure coding database tables. In this project I try to do sql injection vulnerability. So finding all type of sql injection attacks and collect vulnerable codes and feed those into my database table. Up to now I do this to check PHP code. Future I can enhance to other languagesPublication Embargo Threat Intelligent Base Risk Observation Framework(2021) Lakshitha, S. A. D. K.Information systems of every organization are highly depending on information security framework. Day by day threat landscape is getting stronger and security technologies are developing accordingly. Always growing threat landscapes are adding organization an additional risk while organizations computer system risk factor is changing according to the end user traffic, running applications and operating system vulnerabilities. But enterprises always try to keep the risk factor in an acceptable level. For risk assessment and security practices, efficient analysis of distributed Cyber Threat Intelligence (CTI) information is very important. Threat profiling is gaining popularity to enforce a proactive line of resistance. However, assessing a systems resiliency in the face of appropriate threats and identified in CTI shared data remains problematic, and it hold lack of semantics and background detail in textual representations of threat awareness. This threat intelligence base risk observation framework (TIROF) is a software tool that observe and indicate risk level of the computer system using threat intelligence feed and National Vulnerability database. Further it will assess application risk factor separately using available Common Vulnerabilities and Exposure (CVE). Tool will be developed with rules and inferences, the system offers an automated method to examine about the cyber threats impacting the computer system by classifying threat significance, assessing threat probability, and identifying the affected and exposed properties.Publication Embargo Detect Anomalous Activities in an Apparel Manufacturing Plant(2021) Munasinghe, M. M. D. C.Suspicious activity detection is one of the most rapidly developing areas of Computer Vision and Artificial Intelligence. Computer vision is used extensively in abnormal detection and monitoring to solve a variety of problems. Because of the growing demand for the protection of personal safety, security, and property, the need for and deployment of video surveillance systems capable of recognizing and interpreting scene and anomaly events is critical in intelligence monitoring. Because, as we all know, prevention is preferable to cure, preventing a crime before it occurs is preferable to investigating what or how the crime occurred. In the same way that vaccinations are given to people to prevent disease, it has become necessary in today's world with a much higher rate of crime to have a Crime detection technique that prevents crime happenings. Security surveillance is a critical requirement in many places, including airports, train stations, shopping malls, and public places, where detecting suspicious and abnormal behavior has a significant impact on ensuring security. Despite the availability of CCTV (closed-circuit television) cameras in many locations, CCTV footage is used as an investigation tool to identify suspects. These Detection techniques can be used by police officers to detect crimes before they occur, allowing them to be prevented. This is accomplished by turning a video into frames and then evaluating the activity of individuals within those frames. Human detection has long been a difficult challenge due to the non-rigid nature of human bodies, which alter shape at will. Human recognition and detection in both the interior and outdoor environments is a difficult task due to a variety of issues such as inadequate illumination, variations instances, and so on. This study introduces a new approach to detecting human behaviors based on context and situation. We devised a three-stage procedure for analyzing abnormal situations and detecting suspicious behavior. We introduced methods for human detection with associated context objects in the first stage. To identify normal situations, the identified human objects were mapped with context information. Stage two created a model for recognizing human actions, which includes both normal and abnormal actions. In stage three, we developed a conventional model, to represent the normal situation of a given context. We combined the identified human actions with their context and compare them with the conventional model. Deviation from the conventional model is used to recognize the abnormal actions along with their underlying situations. To build our system, we used an unsupervised approach. We used publicly available datasets for the evaluation, and our abnormal situation detection approach performed better. When compared to the baseline systems, the results of the unsupervised approach are encouraging. This system will be useful for detecting abnormal and suspicious human behaviors in real-time, allowing people to be monitoredPublication Embargo Unsupervised Sinhala Cyberbullying Categorization(2021) Chandrasena, B.G.M.The objective of unsupervised machine learning is to categorize the social media comments into a given number of pre-learned categories. The earlier studies of this domain have used many the dataset for supervised learning & introduced a large number of techniques, methodologies. A major challenge there was training labels. Although words with training comments are easy to find, separating them manually is not an easy task. Through this research, we hope to find a solution to this using unsupervised machine learning techniques. the proposed technique divides the comments into words and removed special characters, emojis, and links from the comments & categorized each comment using a keyword list of each category and similarity findings. And then this was used to categorize comments for training. The implemented method shows the same performance, by Comparison with other supervised machine learning techniques for cyberbullying. Therefore, this mechanism can be used in any other places where low-cost cyberbullying identification is needed. This also can be used to create train comments.Publication Embargo Security Awareness Chatbot(2021) Reeshan, N.P.A.M.Publication Embargo Anonymity and Data Security Related Security Concerns in TOR Network(2021) JAYASINGHE, D.G.G.RFor those unfamiliar with Tor, it is a privacy-enhancing system that is meant to protect Internet users' confidentiality against non-global opponent traffic analysis attempts. TOR is a network protocol that has been developed to provide the anonymous transfer of communication data packets for the transport of lowlatency information. Tor is well-suited for mobile devices, such as those used for online browsing, document management, and video conferencing since it provides anonymity on top of TCP while maintaining a rapid reaction time and throughput. Because the communications exchanged over the TOR network are encrypted and the sender stays anonymous, many people believe that the TOR network is safe. TOR, like every other software, contains flaws, which are difficult to detect. Even when TOR is utilized appropriately, there are a plethora of cautions to be aware of. Due to the use of risky protocols in Tor, a malicious router might potentially collect passwords by monitoring exit traffic. While exit routers are monitoring data in such cases, it is quite straightforward to identify the source of the problem. Exit routers are used to capture POP3 traffic in order to breach accounts. Tor is exposed when a router is configured with the default escape policy because it discloses information about the numerous harmful actions that are tunneled via it. Attempts to hack, charges of copyright infringement, and bot network control networks, to name a few examples of malicious communication that may be identified using Tor are all common. There are several types of attacks that may be launched against TOR. Some assaults are designed to cause damage to the Tor client, such as denial of service attacks. Some of them are as follows: The customer is threatened by plug-in assaults, which are carried out via the Web browser that he or she uses to access the network. Certain attacks make advantage of remote technology that has been inserted into the program (a "plug-in"). These applications operate as independent software and are executed on the operating system with the privileges granted to the users by the operating system. ii) The Torben attack manipulates web pages in order to encourage the user to examine information from untrusted sources in order to find a Tor client on their computer. iii) P2P Significant Parameters This kind of attack takes use of Tor clients' connections to peer-to-peer networks in order to deanonymize their communications. TCP/IP packets are sent to a torrent tracker, which is a network service with which a client must contact in order to get information about the list of peers that are able to share the desired resource. Attackers may manipulate the content of the list by inserting a malicious torrent peer's IP address in it, which will cause the list to be re-generated. A suite of assaults known as Raptor, which may be conducted by the Autonomous System in order to deanonymize clients, is described in detail in Section 4. In one attack, traffic analysis of asymmetric communications that characterize the network is used to determine the vulnerability. The suspect's purpose in this form of threat is to put the secret service in a position of vulnerability by threatening to reveal its identify or undermine it. As previously stated, the Tor network may be used to access apps on both the public surface Internet and Tor (hidden services), as well as applications on the private surface Internet. Some assaults are designed to cause damage to the Tor network's servers. In other cases, the secret service is obliged to connect to a malicious target site during these assaults. Cell counting and padding are two examples of such tactics: During the introduction step of the secret services, the attacker delivers a Tor cell/packet that he has particularly crafted. In order to enter the (malicious) meeting location, the message is transmitted to the secret service, which is requested to construct a Tor chain in order to do so. In addition, Coronate is a program that automatically detects location leaks in hidden services, which is a kind of phishing. Information about a hidden service's IP address may be revealed if sensitive data in the material is disclosed. Most of the time, the administrator is the source of these breaches. Off-path MitM- This kind of attack involves a man-in-the-middle (MitM) assault on a Tor covert operation in order to get access to the Tor network. The fact that the attacker does not have to be in the communication channel is a significant point to consider. To connect and recover data from the Tor network, traffic must eventually depart the anonymized and encrypted Tor protocol, which must be accessed via the "normal Internet" in order for users to link and retrieve data from it. This is accomplished via the use of exit nodes, which serve as virtual gateways through which encrypted Tor communication may be sent to the Internet. As a result, the proposed study is primarily concerned with the security of information that is sent from the exit node to the server and provides a solution for data security at the exit nodes. The solution is mostly focused on the server side.Publication Embargo Open-Source Information Security and Audit framework for BYOD(2021) Peiris, D.P.K.L.In today's pandemic environment, businesses are continuously looking for innovative solutions to assist with their corporate operations. Businesses aim to incorporate contemporary technological advances in order to stay ahead of the competition and expand their business in terms of both outcomes and productivity. "Bring your own device" is one of the new phenomena (BYOD). Instead of company providing the required hardware/software to their employees they can use their own device. Employees are permitted to use their own laptops, tabs or cell phones at work when BYOD rules are adopted. Because they are already familiar with how these devices work, they are more likely to be more efficient. The benefits of this led to greater employee satisfaction and allow the company to pass on more expenses to the employee, therefore improving its costeffectiveness. [1] This has made workers' jobs easier and contributed to increased efficiency. Security is the most important factor in BYOD, which has a range of issues. [2] By 2020, 74% of organizations would have experienced data breaches due to unsecure mobile device use. The idea of employees bringing their own devices to work would keep any IT manager up at night (BYOD). While bringing your own device increases productivity, IT experts are aware that bringing your own device exposes your organization to severe security threats. [9] As a result, BYOD device security methods have irritated the interest of IT experts. MDM, MAM, and NAC are just a few of the BYOD device security frameworks that are now accessible. As a consequence, businesses can employ those security measures to prevent data breaches. If such a security system exists, there is no automatic IT Security and auditing tool in it to deliver compliance information to IT experts so they can respond quickly. As a result, I've picked that gap as a study topic in order to present open source as a compliance alternative to companies. Based on the study's findings, the suggested security and audit methodology would assist businesses in reducing and recognizing BYOD security concerns. This security and audit methodology will also help to the creation of new information security expertise in the event of BYODs. [18] Also this solution will be replacement for system VirtualizationPublication Embargo Prevention Of Data Leakage By Malicious Web Crawlers(2021) Somarathne, H.P.Web crawlers are tools that are used to search for information on the internet in order to access it. Since the beginning of public use of the internet, web crawlers have made it easier for search engines to index the content on the internet. Unfortunately, Web Crawlers can be used for nefarious purposes as well as for legitimate ones. Because of the rising use of search engines and the prioritization of the need to get a higher ranking in the indexing of online sites, the threats posed by web crawlers have expanded significantly. In web crawlers, the robots exclusion standard is the regulating point. It establishes a set of criteria for the approved paths that a web crawler can take. Crawlers, on the other hand, are able to circumvent these restrictions and retrieve information from restricted web pages. Due to this, web crawlers can collect information that can be used for phishing, spamming, and a variety of other unethical and illegal activities. This has a significant impact on service providers, as web crawlers can collect information that can be used for phishing, spamming, and a variety of other unethical and illegal activities. The purpose of this study is to introduce a unique field of research into the detection and prevention of web crawlers. As a result of the low amount of traffic production, typical crawler detection methods were found to be ineffective at capturing dispersed web crawlers, which was discovered. Specifically, the research combines improved conventional web crawler prevention methods with a novel crawler detection method in which the threshold values are measured. This method adds distributed web crawlers to the restriction list, preventing them from traversing the websites, as well as to the restriction list itself. In order to measure threshold values, the LMT (Long tail threshold model) is being presented as a method of measurement. Furthermore, the detection methodology is built on the basis of the observation of crawler traffic and the identification of unique characteristic patterns of them in order to distinguish them from human-generated traffic, as previously mentioned. A limitation approach is incorporated into the system in order to reduce the influence that a crawler can have on a website.Publication Embargo Android Hybrid Malware Detection Approaches Using Machine Learning Algorithms(2021) Weerawardhana, B.K.G.P.N.Smart phones are a major part of a life in modern life. Among them android is the most usable mobile operating system. According to IDC corporate report in USA android operating system use 84.5% from market share [3]. currently most mobile attacks [22] happen with android operating system. Most of the attackers use chunks of malware code attached with android application java code to attack devices. The purpose of android malware writes is to get financial benefits; most of the famous type of android malware is ransomware which after executing malicious application on the device The malware will encrypt all the device valuable information of the device. To decrypt all data owners should be pay for decryption key. Due to android openness and free availability of market, android mobile operating system has become major attractive target for Cyber criminals. In this research paper focus issue of mobile application, analyze malware using reverse engineering, static and dynamic malware analysis, Malicious URL analysis and application code analysis of the android application and implement framework using machine learning based on Supervised machine learning approach for detect and classify android malware. static malware analysis based on reverse engineering of application and extracted application features without executing application. This recognizes application information flow, code structure, permissions, network details and static related features. Dynamic analysis examines the dynamic behaviors of the application during run time of the application in a fully controlled virtual environment. comparing both analysis static analysis consists with pattern-based approach; same time dynamic detection approach can be provided additional protecting from malicious application since it consists dynamic behaviors of the application including memory logs, CPU usage, system call logs, etc. Also, used malicious URL analysis to users protect from unawares downloading malware by using untrusted web URLs. Finally, the outcome will be developed platform which will be identified and protected from malware affected functions. Also, this framework will be using both static, dynamic malware analysis and URL analysis technique, and will solution for traditional malware detection tools problems and Final outcome framework called as Hybrid android malware detection [92] [93] system. Application will be based on machine learning algorithms and python programming. This application can protect from both malware codes and functions which functions are previously analyze using reverse engineering [11], machine learning algorithms, android code analysis and traditional malware features. Especially malware functions consisting of both raditional and newly coming malware features. My experimental result project depicts that based machine learning based android malware classification and my project can be classify unknown applications malware analyzing android application static and dynamic features. In my project primarily based on android applications permissions and all dynamic related features. Also, users can classify their used accessed URLs are malicious or not and can be safe from android attacks.Publication Embargo salvos: A Game to Enhance Cyber Security Awareness in Sri Lankan Universities(2021) Madushani, J.A.P.With the Covid-19 pandemic, the universities have completely changed their whole procedure of delivering lectures and doing other administrative and academic works. Various kinds of restrictions and lock-downs took this general education system to an e-education system. Adapting to electronic resources and internet-based teaching made it easy for distance learning. However, increasing network access and usage of other e-resources caused a significant increment in the risks for cyberattacks as well. Even though there are many controls and policies implemented in universities to mitigate these risks, the results from the survey carried among universities show they are not 100% secure. Not like other IT organizations, most of the system and e-resource users in universities are non-technical staff. Therefore, it is important to reduce user mistakes that expose vulnerabilities within the universities. To increase the awareness level of the staff, this study has introduced Salvos. Salvos is a mobile game that covers basic cyber security concepts in an educational environment. The Salvos addresses the main areas, Internet security, Malware protection, Email security, Password security and Physical security. This can be used to deliver security training to university staff in an entertaining way without being another boring instructor-led theory session. To achieve the proposed solution, 25 persons were selected from different universities and measured their awareness level using a pre-test survey. After training with the Salvos, it was evaluated using a post-test survey given to them. Further, security backgrounds in the universities were studied using a questionnaire shared among universities. In the game evaluation, analytical tests were done using R. However, a normality test was done for the pre-test and post-test results since the data set is smaller than 30. Then a paired t-test was carried out to find whether there is a significant increment in user awareness level after training with the Salvos. Among the 17 universities who responded to the survey, 100% have agreed that it is essential to provide security awareness training to academic and non-academic staff. Further, important areas identified to address in the Salvos were malware (100%), password management (88%), email threats (82%), internet security (59%) and physical security (47%). In the evaluation, paired t-test shows -68.6087 mean difference of the marks from the pre and post questionnaire. Moreover, the p-value of the test was 5.008e-15 which rejects the null hypothesis and conclude that the security awareness level of the participants has increased after the training through Salvos. This study presents the current user awareness level among different categories of the university staff and security backgrounds of the Sri Lankan universities. Study results provide evidence for the need for security training and final analysis proved that the training through Salvos can actually increase security awareness among university staff. Further, Salvos can use by staff with any background and it can easily customize for the user needs. The methods used, results collected and analysis made are further discussed in the rest of the chapters.Publication Embargo Mitre attack framework adoption as a siem rule base using machine learning approach(2021) Weeraman, P.W.R.S.Digital transformation is the standard business strategy approach in most Organizations. Every person is looking for digital solutions to aid their routine works. Every Organization looking possibility move to physical office concept for virtual office concept. Even homemakers and bargain hunters also expect to move online shopping with doorstep delivery solutions with this COVID-19 pandemic. Every business needs to adopt IT functions for their business process to ensure business stability or increase their revenue. Most large-scale enterprises have a dedicated IT strategy approach to align with their business strategy. They follow best IT security practices such as SIEM, security operation centers (SOC), annual IT compliance review, IT audit and best security devices in the market. However, most of the business do IT system adoption without a preplanned process. They do not follow any best it practices in term of IT security. Further, they do not have a proper IT strategy that aligns with business objectives. Most small and medium scale business with minimum IT infrastructures and IT operations. The absence of a proper IT security approach in the business may introduce new IT risk to their information and business. This Research makes experimental approach to adopt cyber threat intelligence to SIEM detection base using adversary tactic, technique, procedure (TTP) and machine learning (ML) instead of signature-based detection methods. TTP change is relatively more challenging than IP address or file hash change. This research concern uses TTP-based Security information and event management systems (SIEM) solution using open-source software and MITRE ATT&CK community framework. Further, this Research aims to reduce operating expenses and capital expenses using a community-based framework and opensource software.Publication Embargo Implementing Stackable Open-Source Firewall Security and Network Traffic Monitoring System(2021) Ariyarathne, K.A.S.Network security is the main feature in network management. For that firewall and network monitoring systems are the main ingredients. Around the world millions of dollars annually are spent by the organizations for safeguards their data and information from unauthorized accesses. In the current market there are two type firewall and monitoring tools available for users, commercial and open source. But all these tools are not suitable for entry level, small and medium sized enterprises (SME’s). The commercial Firewalls and Network monitoring tools are dead weight for entry level and small size businesses, both financially and functionally. For that most efficient and available solution for that is to move to open-source firewall and network traffic monitoring systems. But the firewall should be armed with next generation firewall features such as UTM filtering, URL filtering, antivirus, anti-spyware, anti-spam, network firewalling, intrusion detection and prevention, content filtering, leak prevention, remote routing, NAT, and VPN support. And Network traffic monitoring should be included with network devices, links and connections, mission critical servers, external service providers, passive/active network health monitoring, automatic alerts, automatic load balancing and failover, monitor abnormal behaviors, etc. And finally, as a tool kit open-source firewall and network traffic monitoring systems work as a single unit to prevent, detect, and disable network attacks.Publication Open Access Cryptographic Issues and Vulnerabilities in Web Applications(2021) Herath, H M P Kavinda Ranjan KumaraWeb application security is the most controversial and crucial factor to be concentrated on considering the security aspect of cyberspace. Cryptography takes critical parts of security by implementing encryption and decryption phenomena on data at rest, in moving, and in use to be protected the security breaches. Cryptographic concepts had developed over the last few decades as a result of well-known series of mathematical and logical functions. Weakness of poor programming techniques or leakiness of traditional software development life cycles is a crucial element of the security vulnerabilities that can be a huge impact on several web applications which are currently in existence. The cryptographic vulnerabilities of the web application would depend on several factors such as lack of knowledge on particular subject matters of cryptography, least privilege and contribution of security techniques while cording, unable to proceed with proper standardized vulnerability assessment criteria, the improper adaptation of cryptographic concepts, unable to intended with high secure framework like DevSecOps, depend on the procedures rather than empirical approaches, etc. Sophisticated tools and techniques are necessary factors of driving through the rectification and mitigation of the security vulnerabilities that exist in the web applications whereas implementation process, testing and monitoring of the System Development Life Cycle. This dissertation emphasized indeed a further illustration of cryptographic vulnerability assessment in several specimens collected from different domains from enterprise web applications and related APIs (Application Protocol Interface) currently established. The tools are the critical elements used to evaluate errors on the codes whereas statistical or dynamic analysis. Static tools are given in high percentage of accuracy of the results whereas automated tools are well suited for mega scripting projects such as millions of code evaluated for errors. Java-based code scripting has been dominated still among the huge percentage of the web sources. Python will be established gradually due to the high inbuilt security system on it. Java and Python are the programming languages still being dominated of existence to discuss in the cryptographic vulnerabilities on the process of web application developments. The ultimate goal of this dissertation could be retain valuable sources of documents enriched with sophisticated technics to be used a reference guide for the developers and the security engineers to fulfilled their gaps between code and security requirementsPublication Embargo Network Intrusion Detection System for Virtual Machine base Datacenter Architecture(2021) Shaune, SelvathasanNow a days most Banks and Finance sectors company are maintain their own inhouse datacenter. For this the main technology there have used is virtualization. Ex: ESXI, Sun Oracle, Citrix and Microsoft Hyper-V. Because of that, these companies must make sure of the server and network security are in a good level. To do that they have to have proper Firewall setup, Core Switch for the server side and the LAN side with Access Control Lists (ACL). Most of the companies have only the Firewall. To prevent a malicious attack or any intrusion attack they are using the firewall. But firewall perform blocking and filtering of traffic through a Network Intrusion Detection System identifies and alert a system administrator or inhibit the attack as per configuration. Firewall allow the traffic based on set of policies that configured by the system administrator. This is where the Network Intrusion Detection System needs in middle of firewall and the server network. Since there is an attack, botnet or malicious thing happened there is no way to stop and prevent or hold the situation automatically. Firewall can only have the alert facility. But if there is a Network Intrusion Detection System it has the prevent or hold capability. This Network Intrusion Detection System can have deep packets and it use 6 layers of the Open Systems Interconnection (OSI). In this paper I am going to implement a signature base Network Intrusion Detection System with packet filter option, and we can improve overall network security for the server side and for the LAN side also. Here I am going to use Snort, Suricata, open-source firewall using Linux with IPTABLE commands and pfSense Firewall. Snort and Suricata is an Intrusion Detection System (IDS) that is important to network security. Both of the systems are working together with a firewall.Publication Embargo “A hybrid approach on phishing URL Detection using Long Short-Term Memory (LSTM) and Gated Recurrent Units (GRU)(2021) Dilhara, B.A.S.Phishing is one of the oldest types of cyber-attack which mostly comes in the form of camouflaged URLs to delude the users in order to get their personal information for malevolent purposes of the attacker. In addition, it is one of the easiest ways of inducing people into disclosing their personal credentials including credit card details. Since people use web applications on a daily basis, most phishing attacks comes up as fake websites pretending to mimic a trustworthy website. Moreover, emails are being used by the attackers to send the phishing website URL (Uniform Resource Locator) to the victim. Such type of URLs is termed as malicious URLs and most phishing attackers use them for successful data breaches. Therefore, it is a necessity to filter up, which URLs are benign, and which are malicious. In order to determine these factors, the concepts including traditional mechanisms used for URL detection, the drawbacks that those mechanisms had, and machine learning approaches used by different authors and their novelty approaches for effective detection are reviewed through this paper. Moreover, this will be focusing on cumulative deep learning approaches to build up hybrid deep learning models. Furthermore, this study proposes 4 hybrid deep learning models namely GRU-LSTM, LSTM-LSTM, bidirectional (GRU)-LSTM, and bidirectional (LSTM)-LSTM. In addition, the study also proposes 3 non hybrid deep learning models namely CNN(1D), LSTM and GRU. Hence, the main objective of this research is to provide a new insight to the hybrid deep learning approaches in URL detection by evaluating their accuracy, precision, recall and f1 score. In conclusion, this research recognizes Bi (GRU) – LSTM as the best mechanism to join hybrid models to detect phishing URLs and classify them as malicious or benign.Publication Embargo Study of Avoiding Length Extension attack on MD Based Secret Prefix Message Authentication Code(2021) Premadasa, B.H.A.J.The integrity of the message can be violated intentionally or unintentionally caused by means of natural phenomena or interceptions of malicious actors. Changes in message integrity caused by natural reasons can be corrected using various error correction mechanisms. Message Authentication Code is being widely used in order to check the integrity of a message. Using Message Authentication Code, the receiver can check whether the message is modified or changed during the transmission process. Message Authentication Code comes handy when detecting integrity violations by malicious actors. The integrity check is done by calculating special values which can be only obtained by using the original message. The calculated hash value by the sender is appended at the end of the message and transmitted to the receiver. The receiver gets the message and calculates the hash value using the same techniques used by the sender. By comparing accumulated hash value with the hash value sent by the sender, any integrity violation can be identified. But the hashing algorithms based on Merkle–Damgård construction are vulnerable to length extension attacks. To address this vulnerability, Secure Hash Algorithms are introduced. The purpose of this study is to develop a novel algorithm to avoid length extension attacks on MD based message authentication algorithm.Publication Embargo An Open-Source Solution for Corporates to Implement Scenario based Intrusion Detection for Incident Response(2021) Kithulgoda, D.S.Detecting potential security compromises to aid in formulating a proactive response strategy is still a relatively new field in the local network security arena. Even managed security service providers who support these corporates on different digital security tiers face difficulties when using practical implementations that have the capability to detect and escalate to relevant parties for mitigation. This research discusses how a third-tier detection strategy can be developed with open-source toolkits like the Snort intrusion detection system as the second line of defense to support network teams. The necessity of auxiliary packages to work along with Snort must be stressed upon because the demands are higher in corporate environment settings. Some examples include Zeek and Security Onion. The placement of an IDS to perform as expected requires careful planning after a thorough examination of the relevant network diagrams. For this, the recommendation is to use dedicated hardware composed of all tools mentioned on an ad-hoc basis with a switch-span setup. It is also commonly known as port mirroring, so that an exact copy of the traffic that flows can be fed for investigation. To suit the Sri Lankan context, a stripped-down version of the MITRE ATT&CK + SHIELD Active Defense Matrix will be used to choose the applied malicious datasets and for designing the security playbooksPublication Open Access Student Attention Monitoring Tool for Online Learning Based on Machining Learning(2022-01) Nilaweera, V.A.By monitoring students in conventional classroom education, a teacher can quickly recognize or get their attention. The lack of such response from the emotions and actions of students participating in the session has an impact on distance education. The student's level of attention to the explanation of a certain lecture is a factor that may affect their ability to recall and use what they have learned. Students who keep attention are thus more involved in the learning and teaching process than those who do not, and they acquire the skills provided in the courses. As a consequence, it is crucial to create strategies and technologies that allow teachers to objectively assess their students' levels of attention so that they may make necessary adjustments to the lecture's dynamics. In order to bridge the gap between these two learning modes, the suggested system analyzes students' attention levels using the typical built-in web cameras on their laptops and developed to function in real-time while they are attending lectures, using drowsiness, movement of the head, and facial expressions such as happiness, sadness, disgust, surprise, fear, anger. This method offers the teacher available information on pedagogic efficacy while removing the requirement to switch on the camera and share student videos during the lecture. The method described in this research is conceptualized as a software architecture that runs locally on the personal computers of students. Each model that has been used is consistently performing between 80% and 98% accurately. Teachers should be able to readily detect student behaviors with the help of a thorough representation of the data obtained from the students.