MSc in Cyber Security
Permanent URI for this collectionhttps://rda.sliit.lk/handle/123456789/2918
Students enrolled in the MSc in Cyber Security programme are required to submit a thesis as a compulsory component of their degree requirements. This collection comprises merit-based theses submitted by postgraduate candidates specialising in Cyber Security. Abstracts are available for public viewing, while the full texts can be accessed on-site within the library.
Theses and Dissertations of the Sri Lanka Institute of Information Technology (SLIIT) are licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Browse
40 results
Search Results
Publication Open Access Threat Detection Based on Log Analysis for Automating Security Information and Event Management (SIEM) Functionality(Sri Lanka Institute of Information Technology, 2025-12) Hewagama, C.A.The reliance of modern organizations on information systems continues to increase, making these infrastructures frequent targets for malicious activity. System logs represent a primary source of forensic evidence, yet the volume generated by large-scale environments renders manual inspection infeasible. Security Information and Event Management (SIEM) platforms automate log collection and correlation but remain limited in detecting evolving or previously unseen threats. As a result, there is growing interest in augmenting SIEM functionality through Natural Language Processing (NLP) and machine learning. This study investigates lightweight Transformer models as candidates for log-based anomaly detection in SIEM contexts. Two compressed architectures, DistilBERT and TinyBERT, are evaluated under parameter-efficient adaptation strategies: frozen encoders with linear classification heads and Low-Rank Adaptation (LoRA). Log templates are extracted using the Drain algorithm to normalize unstructured log data, and experiments are conducted on two benchmark datasets, BGL and HDFS. A classical baseline using TF-IDF with Logistic Regression is also included for comparison. Evaluation covers both detection metrics (precision, recall, F1-score, PR-AUC, ROC-AUC) and efficiency metrics (latency, throughput, memory usage). The scope of this research is limited to training and evaluation rather than live SIEM deployment. Its contribution lies in assessing the trade-offs between detection accuracy and computational efficiency across lightweight adaptation strategies, providing guidance on configurations most viable for integration into real-time SIEM pipelines.Publication Open Access Evaluating Cybersecurity Awareness in Sri Lankan Healthcare Sector: A Role-Based Training Framework for Public and Private Institutions(Sri Lanka Institute of Information Technology, 2025-12) Hewamanna I.U.KThis study investigates cybersecurity awareness within Sri Lanka’s healthcare sector and develops a role-based training framework to enhance awareness and secure digital practices across public and private healthcare institutions. As healthcare systems increasingly digitize, human factors remain a major vulnerability, particularly in environments with limited resources and inconsistent policy enforcement. A quantitative survey was conducted among healthcare professionals to assess their awareness levels, training exposure, institutional support, and perceptions of cybersecurity importance. Data collected through Google Forms were analyzed using Excel and Jamovi. Descriptive statistics, Independent Sample T-Tests, One-Way ANOVA, and Regression Analysis were employed to explore patterns and relationships across professional roles and institution types. Results revealed moderate awareness levels overall, with significant variation between public and private institutions and across roles, emphasizing the need for contextualized, role-specific training. Based on these findings, a Role-Based Cybersecurity Awareness and Training Framework was developed, aligned with NIST SP 800-50r1, the Personal Data Protection Act (2022), and Ministry of Health Information Security Guidelines (2023). Expert evaluation (n = 6) rated the framework highly for clarity, practicality, and policy alignment (mean score = 4.37/5). The study concludes that micro-learning modules, continuous reinforcement, and leadership involvement can significantly enhance cybersecurity culture in healthcare while minimizing operational disruption. The proposed framework offers a feasible, low-cost, and scalable model to strengthen human-centered cybersecurity resilience across Sri Lanka’s healthcare sector.Publication Open Access Evaluating and Enhancing the Robustness of CNN algorithm Against Adversarial Attacks: A Case Study on MNIST(Sri Lanka Institute of Information Technology, 2025-12) Aththanayaka A.M.R.E.The Convolutional Neural Networks (CNNs) have achieved exceptional performance in computer vision tasks, particularly in image classification domains such as MNIST digit recognition. However, their susceptibility to adversarial attacks poses serious security threats that limit their deployment in real-world applications. This research examines CNNs vulnerability through systematic evaluation of five potent adversarial attacks such as FGSM, BIM, PGD, Deep Fool, and Carlini-Wagner on MNIST dataset. The baseline CNN model achieves 99.23% accuracy on clean data, However, adversarial attacks which subtly perturbed inputs designed to fool classifiers cause catastrophic performance degradation, reducing accuracy to as low as 8.91%. To address these vulnerabilities, this study proposes CADF: a Comprehensive Cyber Attack Detection Framework which implements a multi-layered defense strategy. The framework incorporates a binary detection classifier achieving 99.56% accuracy in identifying adversarial examples, followed by a multi-class attack identifier with 93.56% accuracy in categorizing specific threat types. CADF's adaptive defense engine dynamically selects optimal countermeasures including feature squeezing, spatial smoothing, and ensemble defenses based on the identified attack characteristics. Experimental results demonstrate that CADF restores model accuracy under multi-attack scenarios while maintaining high performance on clean samples and achieving real-time processing capabilities. This integrated approach provides a scalable and efficient solution for enhancing CNN robustness without compromising computational performance, offering significant advancements in securing deep learning systems against evolving adversarial threats.Publication Open Access Enabling Consistent Stateful Security in Distributed Web Application Firewalls: A Framework for Scalable Cloud Environment(Sri Lanka Institute of Information Technology, 2025-12) Palendrarajah, PThe rapid adoption of cloud-native infrastructures has highlighted a critical limitation in existing Web Application Firewalls (WAFs): their stateless design restricts consistent enforcement of security policies across distributed environments. This research addresses this gap by designing and evaluating a portable persistence module for open-source WAFs, enabling stateful security enforcement through integration with distributed data stores. Guided by the principles of design science research [1], the study develops a pluggable framework that supports both Redis and Memcached as backends. Redis is widely recognized for its durability and advanced data structures [2], while Memcached offers lightweight, in-memory caching optimized for speed [3]. By embedding the module within ModSecurity v3 [4] and deploying it on AWS cloud infrastructure, the research benchmarks the comparative performance of Redis and Memcached under simulated traffic and attack scenarios, including Distributed Denial of Service (DDoS) conditions [5]. Evaluation metrics include latency overhead, throughput, memory utilization, and resilience under node failures. Preliminary results indicate that Redis achieves superior consistency and resilience, albeit with higher memory consumption, while Memcached provides lower latency at the cost of weaker fault tolerance. Beyond technical performance, the research contributes a generalizable, portable framework that can be embedded into other open-source WAFs, expanding their applicability in distributed and multi-tenant environments. Both artifact and empirical evaluation contributions positions the work as a step forward in bridging distributed systems and web security, while also providing a foundation for future enhancements such as adaptive, machine-learning-based intrusion prevention [6].Publication Open Access Developing Robust AI-Based Cybersecurity Alerting and Intelligence Systems Against Adversarial Attacks(Sri Lanka Institute of Information Technology, 2025-11) Puvaneswaran, TThe increasing reliance on Artificial Intelligence (AI) in cybersecurity has significantly enhanced detection and defense mechanisms. But, adversarial machine learning (AML) presents critical vulnerabilities that undermine reliability of AI-driven security systems. Adversaries craft subtle perturbations to inputs, deceiving models into misclassifications, thereby bypassing intrusion detection systems, malware classifiers, and other defense mechanisms. This reasearch explores the two-fold nature of artificial intelligence in the field of cybersecurity, both as an enabler of robust defense and as target for adversarial attacks. Focusing on intrusion detection and malware classification, we propose a hybrid defense framework that combines adversarial training, model distillation, and explainable AI (XAI) to counter adversarial threats. By integrating dual datasets (CSE-CIC-IDS2018 and Microsoft Malware Dataset) and evaluating them under various adversarial attack strategies, the framework enhances both robustness and interpretability of AI models. Additionally, this is deployed in real-time cloud environments to ensure scalability and operational efficiency. The proposed methodology is aim to provide reliable cybersecurity solutions capable of withstanding sophisticated adversarial attacks while maintaining high levels of transparency for security analysts. This research contributes to advancing resilient, scalable, and explainable AI-driven cybersecurity frameworks for modern digital infrastructures.Publication Open Access Automated Detection of Deepfake Audio in Real-Time VoIP Communication(Sri Lanka Institute of Information Technology, 2025-12) Chandrasiri, D.D.C.M.With the increasing sophistication of AI-generated deepfake audio, real-time voice communication systems such as Voice over IP (VoIP) are at heightened risk of misuse through impersonation, fraud, and misinformation. Existing detection methods primarily rely on computationally expensive deep learning models trained on static data, which are impractical for live applications constrained by low latency and limited resources. This research addresses this gap by investigating the viability of a lightweight, highly efficient Random Forest (RF) classifier for real-time deepfake audio detection in VoIP environments. The proposed system utilizes a focused methodology: raw audio is segmented into 2-second chunks and transformed into a comprehensive 800-dimension feature vector comprising Mel-Frequency Cepstral Coefficients (MFCCs), Chroma, Spectral Contrast, and Zero-Crossing Rate. Through an iterative training process using combined standard and 'in-the-wild' datasets to ensure generalization, the final RF model achieved an overall accuracy of 93.77% on an independent test set. Critically, the system demonstrated extremely low end-to-end processing latency of approximately 76 milliseconds (well below the <200ms target). The findings prove that this computationally efficient, classical machine learning approach can achieve both high accuracy and speed. The final model successfully met the False Positive Rate objective (<5%) with a measured FPR of 2.85% on independent data, making it a viable and practical solution for enhancing the security and trustworthiness of real-time voice interactions against emerging deepfake threats.Publication Open Access An AI-Driven Intrusion Detection System to Defend Against Satellite Hijacking(Sri Lanka Institute of Information Technology, 2025-12) Karunathilake K. K. H.The increasing reliance of the world on satellite systems has made them prime targets for cyber threats, with satellite orbital manipulation, a form of satellite hijacking, posing a critical national security risk due to its potential for disrupting essential infrastructure. To address this threat, this research proposes a novel Artificial Intelligence (AI)-based anomaly detection system tailored for identifying suspicious orbital maneuvers. The study employs Machine Learning (ML) models to analyze a custom dataset derived from the public European Space Agency Anomaly Detection Benchmark (ESA-ADB). This dataset was rigorously pre-filtered to include only anomalies occurring within a ±48.00 hours window of a telecommand execution, thereby creating a naturally balanced, command-linked dataset to proxy for the kinematic footprint of a cyberattack. Findings established that temporal pattern recognition is paramount for detecting these attacks. LSTM networks emerged as the most promising model, leveraging their ability to learn sequential dependencies to achieve a high recall rate of 95.64% with a corresponding precision of 90.88%. Furthermore, a novel physics validation gate, grounded in orbital mechanics, was incorporated as a final, non-negotiable security layer. This component is vital, as it confirms that detected anomalies are physically non-nominal deviations, transforming raw statistical alerts into high-confidence cybersecurity indicators and dramatically boosting the overall trustworthiness and suitability of the system for operational deployment.Publication Open Access AI Powered Log Analysis and Threat Detection System for Windows(Sri Lanka Institute of Information Technology, 2025-12) Sriharan, GThe increasing volume and complexity of cyber threats demand advanced, automated methods for analyzing Windows event logs. Traditional rule-based systems often fail to detect novel attacks, prompting the exploration of deep learning techniques. This research develops and evaluates an anomaly detection system by fine tuning a BERT (Bidirectional Encoder Representations from Transformers) model on the windows system security logs. The methodology involved processing the ATLASv2 dataset, a collection of 20.5 million realistic Windows Security Logs containing both benign and malicious activity. A baseline model was implemented using the Hugging Face transformers library and trained on a representative sample of 100,000 log events, accelerated by a GPU. Evaluation of this baseline model on an unseen validation set demonstrated strong performance, achieving 96.98% overall accuracy and a 94.55% precision rate. The key finding was a recall of 79.10%, indicating a weakness in detecting rare malicious events due to the natural class imbalance of the dataset. To address this, a new, perfectly balanced dataset was created using oversampling, which dramatically improved the model's F1-Score to 95.33%. Following this data-centric improvement, a comprehensive hyperparameter tuning phase was conducted, employing Grid Search, Random Search, and Bayesian Optimization. This optimization successfully identified a BEST model with a high F1-Score of 96.60%. This research successfully validates a complete framework for applying and optimizing advanced AI models for log analysis. The next phase will focus on implementing a functional prototype with a user interface and expanding the comparative analysis to include other traditional ML models to further strengthen the research findingsPublication Open Access ADVANCING RANSOMWARE DETECTION SYSTEM USING MACHINE LEARNING(Sri Lanka Institute of Information Technology, 2025-09) De Silva, G.A.A.I.SRansomware attacks pose a significant and evolving threat to data security and operational integrity, necessitating advanced detection mechanisms. This project aims to develop an effective ransomware detection system leveraging machine learning techniques, specifically Recurrent Neural Networks (RNN) and auto encoders, to analyze network traffic for anomalies indicative of ransomware activity. Utilizing the UNSW-NB15 datasets, we undertook extensive data preprocessing, including handling missing values and normalizing features, to prepare the datasets for training. The model employs Long Short-Term Memory (LSTM) layers to capture temporal dependencies and patterns within the network traffic data. The training and validation processes focused on normal traffic data to establish a baseline for detecting deviations caused by ransomware. Our results demonstrate high accuracy in distinguishing between normal and ransomware-infected traffic, with a clear ability to identify potential threats in real-time. This innovative approach showcases the potential of RNN-based auto encoders in enhancing cyber security measures. The conclusion emphasizes the system’s effectiveness in providing early warnings of ransomware attacks, thereby significantly aiding in the protection of valuable data assets and maintaining operational continuity.Publication Open Access Optimizing Multi-Factor Authentication Protocols to Bolster Corporate User Security(SLIIT, 2024-12) Indika, B.G.P.In today’s cybersecurity landscape, where corporate entities face sophisticated threats, robust authentication measures are essential. This research focuses on designing a contextual and risk-based Multi-Factor Authentication (MFA) model to enhance corporate security. Unlike traditional static MFA, the proposed model incorporates dynamic, context-sensitive factors such as user behavior, location data, and risk levels, strengthening defenses in environments handling sensitive information. This study highlights the need for adaptable authentication solutions capable of responding in real-time to evolving threats. By integrating biometric and adaptive authentication technologies, the research aims to enhance both security and user experience. The proposed scalable MFA model offers a multi-layered defense mechanism tailored to the demands of corporate environments, contributing to improved data protection and organizational trust. While this approach advances secure authentication practices, it also presents challenges, such as privacy concerns stemming from extensive data collection, high implementation complexity, and the need for accurate, real-time data. Scalability may lead to system delays, and frequent verification prompts risk frustrating users. Balancing security, usability, and privacy is critical for long-term success. In conclusion, this research demonstrates the potential of contextual and risk-based MFA models to effectively mitigate cybersecurity threats. By providing a more adaptive and responsive framework, the study contributes to the development of improved corporate cybersecurity practices, addressing the growing need for solutions that safeguard data assets and maintain trust with stakeholders.