Theses

Permanent URI for this communityhttps://rda.sliit.lk/handle/123456789/2429

Postgraduate students are required to submit a thesis as part of fulfilling the requirements of their respective postgraduate degree programmes. This community features merit-based graduate theses submitted by SLIIT postgraduate students. Abstracts are available for public viewing, while the full texts can be accessed on-site within the library.
CC BY-NC-ND 4.0 License
Theses and Dissertations of the Sri Lanka Institute of Information Technology (SLIIT) are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License .

Browse

Filters

Advanced Search

Filter by

Settings

Search Results

Now showing 1 - 10 of 300
  • Thumbnail Image
    PublicationOpen Access
    Threat Detection Based on Log Analysis for Automating Security Information and Event Management (SIEM) Functionality
    (Sri Lanka Institute of Information Technology, 2025-12) Hewagama, C.A.
    The reliance of modern organizations on information systems continues to increase, making these infrastructures frequent targets for malicious activity. System logs represent a primary source of forensic evidence, yet the volume generated by large-scale environments renders manual inspection infeasible. Security Information and Event Management (SIEM) platforms automate log collection and correlation but remain limited in detecting evolving or previously unseen threats. As a result, there is growing interest in augmenting SIEM functionality through Natural Language Processing (NLP) and machine learning. This study investigates lightweight Transformer models as candidates for log-based anomaly detection in SIEM contexts. Two compressed architectures, DistilBERT and TinyBERT, are evaluated under parameter-efficient adaptation strategies: frozen encoders with linear classification heads and Low-Rank Adaptation (LoRA). Log templates are extracted using the Drain algorithm to normalize unstructured log data, and experiments are conducted on two benchmark datasets, BGL and HDFS. A classical baseline using TF-IDF with Logistic Regression is also included for comparison. Evaluation covers both detection metrics (precision, recall, F1-score, PR-AUC, ROC-AUC) and efficiency metrics (latency, throughput, memory usage). The scope of this research is limited to training and evaluation rather than live SIEM deployment. Its contribution lies in assessing the trade-offs between detection accuracy and computational efficiency across lightweight adaptation strategies, providing guidance on configurations most viable for integration into real-time SIEM pipelines.
  • Thumbnail Image
    PublicationOpen Access
    Evaluating Cybersecurity Awareness in Sri Lankan Healthcare Sector: A Role-Based Training Framework for Public and Private Institutions
    (Sri Lanka Institute of Information Technology, 2025-12) Hewamanna I.U.K
    This study investigates cybersecurity awareness within Sri Lanka’s healthcare sector and develops a role-based training framework to enhance awareness and secure digital practices across public and private healthcare institutions. As healthcare systems increasingly digitize, human factors remain a major vulnerability, particularly in environments with limited resources and inconsistent policy enforcement. A quantitative survey was conducted among healthcare professionals to assess their awareness levels, training exposure, institutional support, and perceptions of cybersecurity importance. Data collected through Google Forms were analyzed using Excel and Jamovi. Descriptive statistics, Independent Sample T-Tests, One-Way ANOVA, and Regression Analysis were employed to explore patterns and relationships across professional roles and institution types. Results revealed moderate awareness levels overall, with significant variation between public and private institutions and across roles, emphasizing the need for contextualized, role-specific training. Based on these findings, a Role-Based Cybersecurity Awareness and Training Framework was developed, aligned with NIST SP 800-50r1, the Personal Data Protection Act (2022), and Ministry of Health Information Security Guidelines (2023). Expert evaluation (n = 6) rated the framework highly for clarity, practicality, and policy alignment (mean score = 4.37/5). The study concludes that micro-learning modules, continuous reinforcement, and leadership involvement can significantly enhance cybersecurity culture in healthcare while minimizing operational disruption. The proposed framework offers a feasible, low-cost, and scalable model to strengthen human-centered cybersecurity resilience across Sri Lanka’s healthcare sector.
  • Thumbnail Image
    PublicationOpen Access
    Evaluating and Enhancing the Robustness of CNN algorithm Against Adversarial Attacks: A Case Study on MNIST
    (Sri Lanka Institute of Information Technology, 2025-12) Aththanayaka A.M.R.E.
    The Convolutional Neural Networks (CNNs) have achieved exceptional performance in computer vision tasks, particularly in image classification domains such as MNIST digit recognition. However, their susceptibility to adversarial attacks poses serious security threats that limit their deployment in real-world applications. This research examines CNNs vulnerability through systematic evaluation of five potent adversarial attacks such as FGSM, BIM, PGD, Deep Fool, and Carlini-Wagner on MNIST dataset. The baseline CNN model achieves 99.23% accuracy on clean data, However, adversarial attacks which subtly perturbed inputs designed to fool classifiers cause catastrophic performance degradation, reducing accuracy to as low as 8.91%. To address these vulnerabilities, this study proposes CADF: a Comprehensive Cyber Attack Detection Framework which implements a multi-layered defense strategy. The framework incorporates a binary detection classifier achieving 99.56% accuracy in identifying adversarial examples, followed by a multi-class attack identifier with 93.56% accuracy in categorizing specific threat types. CADF's adaptive defense engine dynamically selects optimal countermeasures including feature squeezing, spatial smoothing, and ensemble defenses based on the identified attack characteristics. Experimental results demonstrate that CADF restores model accuracy under multi-attack scenarios while maintaining high performance on clean samples and achieving real-time processing capabilities. This integrated approach provides a scalable and efficient solution for enhancing CNN robustness without compromising computational performance, offering significant advancements in securing deep learning systems against evolving adversarial threats.
  • Thumbnail Image
    PublicationOpen Access
    Enabling Consistent Stateful Security in Distributed Web Application Firewalls: A Framework for Scalable Cloud Environment
    (Sri Lanka Institute of Information Technology, 2025-12) Palendrarajah, P
    The rapid adoption of cloud-native infrastructures has highlighted a critical limitation in existing Web Application Firewalls (WAFs): their stateless design restricts consistent enforcement of security policies across distributed environments. This research addresses this gap by designing and evaluating a portable persistence module for open-source WAFs, enabling stateful security enforcement through integration with distributed data stores. Guided by the principles of design science research [1], the study develops a pluggable framework that supports both Redis and Memcached as backends. Redis is widely recognized for its durability and advanced data structures [2], while Memcached offers lightweight, in-memory caching optimized for speed [3]. By embedding the module within ModSecurity v3 [4] and deploying it on AWS cloud infrastructure, the research benchmarks the comparative performance of Redis and Memcached under simulated traffic and attack scenarios, including Distributed Denial of Service (DDoS) conditions [5]. Evaluation metrics include latency overhead, throughput, memory utilization, and resilience under node failures. Preliminary results indicate that Redis achieves superior consistency and resilience, albeit with higher memory consumption, while Memcached provides lower latency at the cost of weaker fault tolerance. Beyond technical performance, the research contributes a generalizable, portable framework that can be embedded into other open-source WAFs, expanding their applicability in distributed and multi-tenant environments. Both artifact and empirical evaluation contributions positions the work as a step forward in bridging distributed systems and web security, while also providing a foundation for future enhancements such as adaptive, machine-learning-based intrusion prevention [6].
  • Thumbnail Image
    PublicationOpen Access
    Developing Robust AI-Based Cybersecurity Alerting and Intelligence Systems Against Adversarial Attacks
    (Sri Lanka Institute of Information Technology, 2025-11) Puvaneswaran, T
    The increasing reliance on Artificial Intelligence (AI) in cybersecurity has significantly enhanced detection and defense mechanisms. But, adversarial machine learning (AML) presents critical vulnerabilities that undermine reliability of AI-driven security systems. Adversaries craft subtle perturbations to inputs, deceiving models into misclassifications, thereby bypassing intrusion detection systems, malware classifiers, and other defense mechanisms. This reasearch explores the two-fold nature of artificial intelligence in the field of cybersecurity, both as an enabler of robust defense and as target for adversarial attacks. Focusing on intrusion detection and malware classification, we propose a hybrid defense framework that combines adversarial training, model distillation, and explainable AI (XAI) to counter adversarial threats. By integrating dual datasets (CSE-CIC-IDS2018 and Microsoft Malware Dataset) and evaluating them under various adversarial attack strategies, the framework enhances both robustness and interpretability of AI models. Additionally, this is deployed in real-time cloud environments to ensure scalability and operational efficiency. The proposed methodology is aim to provide reliable cybersecurity solutions capable of withstanding sophisticated adversarial attacks while maintaining high levels of transparency for security analysts. This research contributes to advancing resilient, scalable, and explainable AI-driven cybersecurity frameworks for modern digital infrastructures.
  • Thumbnail Image
    PublicationOpen Access
    Automated Detection of Deepfake Audio in Real-Time VoIP Communication
    (Sri Lanka Institute of Information Technology, 2025-12) Chandrasiri, D.D.C.M.
    With the increasing sophistication of AI-generated deepfake audio, real-time voice communication systems such as Voice over IP (VoIP) are at heightened risk of misuse through impersonation, fraud, and misinformation. Existing detection methods primarily rely on computationally expensive deep learning models trained on static data, which are impractical for live applications constrained by low latency and limited resources. This research addresses this gap by investigating the viability of a lightweight, highly efficient Random Forest (RF) classifier for real-time deepfake audio detection in VoIP environments. The proposed system utilizes a focused methodology: raw audio is segmented into 2-second chunks and transformed into a comprehensive 800-dimension feature vector comprising Mel-Frequency Cepstral Coefficients (MFCCs), Chroma, Spectral Contrast, and Zero-Crossing Rate. Through an iterative training process using combined standard and 'in-the-wild' datasets to ensure generalization, the final RF model achieved an overall accuracy of 93.77% on an independent test set. Critically, the system demonstrated extremely low end-to-end processing latency of approximately 76 milliseconds (well below the <200ms target). The findings prove that this computationally efficient, classical machine learning approach can achieve both high accuracy and speed. The final model successfully met the False Positive Rate objective (<5%) with a measured FPR of 2.85% on independent data, making it a viable and practical solution for enhancing the security and trustworthiness of real-time voice interactions against emerging deepfake threats.
  • Thumbnail Image
    PublicationOpen Access
    An AI-Driven Intrusion Detection System to Defend Against Satellite Hijacking
    (Sri Lanka Institute of Information Technology, 2025-12) Karunathilake K. K. H.
    The increasing reliance of the world on satellite systems has made them prime targets for cyber threats, with satellite orbital manipulation, a form of satellite hijacking, posing a critical national security risk due to its potential for disrupting essential infrastructure. To address this threat, this research proposes a novel Artificial Intelligence (AI)-based anomaly detection system tailored for identifying suspicious orbital maneuvers. The study employs Machine Learning (ML) models to analyze a custom dataset derived from the public European Space Agency Anomaly Detection Benchmark (ESA-ADB). This dataset was rigorously pre-filtered to include only anomalies occurring within a ±48.00 hours window of a telecommand execution, thereby creating a naturally balanced, command-linked dataset to proxy for the kinematic footprint of a cyberattack. Findings established that temporal pattern recognition is paramount for detecting these attacks. LSTM networks emerged as the most promising model, leveraging their ability to learn sequential dependencies to achieve a high recall rate of 95.64% with a corresponding precision of 90.88%. Furthermore, a novel physics validation gate, grounded in orbital mechanics, was incorporated as a final, non-negotiable security layer. This component is vital, as it confirms that detected anomalies are physically non-nominal deviations, transforming raw statistical alerts into high-confidence cybersecurity indicators and dramatically boosting the overall trustworthiness and suitability of the system for operational deployment.
  • Thumbnail Image
    PublicationOpen Access
    AI Powered Log Analysis and Threat Detection System for Windows
    (Sri Lanka Institute of Information Technology, 2025-12) Sriharan, G
    The increasing volume and complexity of cyber threats demand advanced, automated methods for analyzing Windows event logs. Traditional rule-based systems often fail to detect novel attacks, prompting the exploration of deep learning techniques. This research develops and evaluates an anomaly detection system by fine tuning a BERT (Bidirectional Encoder Representations from Transformers) model on the windows system security logs. The methodology involved processing the ATLASv2 dataset, a collection of 20.5 million realistic Windows Security Logs containing both benign and malicious activity. A baseline model was implemented using the Hugging Face transformers library and trained on a representative sample of 100,000 log events, accelerated by a GPU. Evaluation of this baseline model on an unseen validation set demonstrated strong performance, achieving 96.98% overall accuracy and a 94.55% precision rate. The key finding was a recall of 79.10%, indicating a weakness in detecting rare malicious events due to the natural class imbalance of the dataset. To address this, a new, perfectly balanced dataset was created using oversampling, which dramatically improved the model's F1-Score to 95.33%. Following this data-centric improvement, a comprehensive hyperparameter tuning phase was conducted, employing Grid Search, Random Search, and Bayesian Optimization. This optimization successfully identified a BEST model with a high F1-Score of 96.60%. This research successfully validates a complete framework for applying and optimizing advanced AI models for log analysis. The next phase will focus on implementing a functional prototype with a user interface and expanding the comparative analysis to include other traditional ML models to further strengthen the research findings
  • Thumbnail Image
    PublicationOpen Access
    ADVANCING RANSOMWARE DETECTION SYSTEM USING MACHINE LEARNING
    (Sri Lanka Institute of Information Technology, 2025-09) De Silva, G.A.A.I.S
    Ransomware attacks pose a significant and evolving threat to data security and operational integrity, necessitating advanced detection mechanisms. This project aims to develop an effective ransomware detection system leveraging machine learning techniques, specifically Recurrent Neural Networks (RNN) and auto encoders, to analyze network traffic for anomalies indicative of ransomware activity. Utilizing the UNSW-NB15 datasets, we undertook extensive data preprocessing, including handling missing values and normalizing features, to prepare the datasets for training. The model employs Long Short-Term Memory (LSTM) layers to capture temporal dependencies and patterns within the network traffic data. The training and validation processes focused on normal traffic data to establish a baseline for detecting deviations caused by ransomware. Our results demonstrate high accuracy in distinguishing between normal and ransomware-infected traffic, with a clear ability to identify potential threats in real-time. This innovative approach showcases the potential of RNN-based auto encoders in enhancing cyber security measures. The conclusion emphasizes the system’s effectiveness in providing early warnings of ransomware attacks, thereby significantly aiding in the protection of valuable data assets and maintaining operational continuity.
  • Thumbnail Image
    PublicationOpen Access
    Automated Analysis of Commenting Styles and Documentation Practices: A Data-Driven Approach to Software Quality and Maintainability
    (Sri Lanka Institute of Information Technology, 2025-12) Sathyangani, K.A.H.P.
    Software maintainability is strongly influenced by the quality of code comments, which guide developers in understanding system functionality and behaviour. Poorly written, missing, or ambiguous comments reduce productivity and increase the cost of maintenance. The current study introduces an automated, data-driven approach to evaluating comment quality in Java projects. The proposed solution, implemented as a Java-based tool named Comment Quality Analyser, automatically scans source files, extracts comments, and evaluates them using four quality dimensions: grammatical correctness, readability, understandability, and meaningfulness. The tool integrates LanguageTool for grammatical analysis, the Flesch Reading Ease metric for readability, heuristic rules for understandability, and a Jaccard-similarity-based algorithm for measuring semantic alignment between comments and code identifiers. The results are presented through JSON reports and an interactive HTML dashboard that visualises the quality distribution across files. Real-world validation was conducted using the Apache Commons IO open-source repository, containing over 100 comments. Experimental results indicate that the system provides consistent scoring with an average accuracy of 86 % when compared with manual reviews. The proposed framework contributes to improving software documentation practices and offers a foundation for further research integrating Natural Language Processing (NLP) and Machine Learning (ML) to enhance software maintainability analysis.