Sharif Digital Repository

Failure due to fatigue loading is one of the main reasons for the wear out of parts in the industry. Prevention of failure and improving the fatigue life of materials have been studied by many researchers. Desirable compressive residual stress have important effect on improving the lifetime of materials. Laser peenning leads to increase fatigue life of metals by creating compressive residual stress at the surface of the pieces.This study investigates the effect of different laser coverage areas on residual stresses using finite element method and also investigates the fatigue crack growth experimentally.Simulation results show that increasing the laser peening rows impart the residual... 

Using database encryption to protect data in some situations where access control is not soleley enough is inevitable. Database encryption provides an additional layer of protecton to conventional access control techniques. It prevents unauthorized users, including intruders breaking into a network, from viewing the sensitive data. As a result data remains protected even in the event that database is successfully attacked or stolen. However, encryption and decryption of data result in database performance degradation. In the situation where all the information is stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an... 

When organizations prefer to outsource their data, security protection of data will be more important. Using cryptography in addition to access control techniques is a natural way for saving confidentiality of data against untrusted server. However, encryption and decryption of data result in database performance degradation. In such a situation all the information stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an unwilling tradeoff between the security and performance is normally forced. The appropriate approaches to increase the performance are methods to deal directly with the encrypted data without firstly... 

While intrusion detection systems (IDSs) are widely used, large number of alerts as well as high rate of false positive events make such a security mechanism insufficient. Accordingly, a track of recent security research, focused on alert correlation. This thesis proposes a Hidden Markov Model (HMM) based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise. We used HMM to predict the next attack class of the intruder that is also known as plan recognition. Our method has two advantages. Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations. Secondly, as we perform high... 

Existing Intrusion Detection Systems (IDSs) are not designed to deal with all categories of processing environments. This thesis focuses on IDSs for the Grid computing environment, and concentrates on feature selection and performance. An existing framework, Globus, is used as the basis for the consideration and development of the research issue in Grid computing. The system is based on two engine designs: (a) Signature and (b) Support Vector Machine; SVM has been selected for pattern discovery in traffic analysis. We found that the performance of the system greatly depends on the efficiency of the underlying framework and the number of Intrusion Detection System instances. We demonstrate... 

Today many communications take place over asynchronous insecure networks which do not provide any guarantee of security (as Internet); hence there is a must in authenticating party or parties with which we are going to interact. In many cases, more than two parties (entities) are going to interact, resulting in need of group authentication. Since authentication is inseparable from key exchange, we are going to introduce a new authenticated group key exchange protocol in this thesis which benefits from all known features for such a protocol in the literature such as contributiveness and deniability. To overcome the problem of concurrency, we use a framework dedicated to security in concurrent... 

Mobile localization development, is the reason for appearance of location-based services (LBS). Be sure of not disclosing the user personal information is the main challenge in LBS. Many different concepts and approaches for the protection of location privacy have been described in the literature which change the query of user to server. These approaches falling roughly into two main categories: centralized and distributed (user-centric). Centralized category includes approaches like “changing query pattern” using encryption on user device, or using an “anonymizer trusted third party”. In such approaches threat of an untrustworthy LBS server is addressed by the introduction of a new... 

In this thesis, we study a queuing system with one server in which customers differ in both sensitivity to delay and willingness to pay. In this system, the server’s goal is to design a mechanism in order to maximize her revenue. It is worth to mention that nonlinear delay cost is implemented.Making use of the achievable region approach, we show that a well-designed menu of probabilistic admission control along with priority pricing contracts, may force customers to reveal their true valuations and at the same time induce customers that are more sensitive to delay to opt for higher priorities. Thus, the probabilistic admission control allows the server to identify the customers that are... 

Website Fingerprinting is a trac analysis attack that allows an eavesdropper to determine the web activity of a client, even if the client is using privacy technologies such as Tor. Recent researches have shown that an attacker is able to detect which websites a user is visiting over than 98% accuracy, While previous countermeasures fail against this kind of attacks. In this research, we introduce two defenses. In the rst defense, we exploit deep neural network vulnerabilities by using Adversarial Example.In this method, we add small perturbation to trac which misleads classier to detect websites that the user has visited. In the second defense, we introduce a defense mechanism based on... 

Data outsourcing is a process that delegates storage, retrieval, and management of data to an external storage service provider. Data outsourcing will create security challenges for data owners despite decreasing the costs. The most important security challenges in this process are to maintain the confidentiality of data in order to prevent the server's access to information and to ensure that data retrieved from the server is correct. Numerous studies have been conducted to address each of these concerns, each with specific capabilities and overheads. The presented methods generally support some parts of the database's functionality, and feature enhancement in them is along with an increase... 

As mobile networks have been expanded, the importance of subscribers' information security has become more and more evident. Despite mitigating known vulnerabilities of older mobile networks in newer generations, there are still some security flaws that can be exploited. In particular, as a common scenario, attackers can exploit "Use 2G mobile network if 3G/4G is unavailable" setting in order to force a subscriber to downgrade his/her mobile network to 2G; hence becoming vulnerable to known 2G attacks. Mobile networks have a heterogeneous and distributed architecture which make intrusion detection systems incapable of covering the entire network. In this dissertation, alongside with the... 

As cloud computing becomes a ubiquitous technology, data outsourcing, which means delegating storage and retrieval of the data to an extraneous service provider, becomes more popular. One of the main issues in data outsourcing is preserving data confidentiality and privacy. A common solution to this problem is encrypting the data before outsourcing, but this approach prevents the service provider from doing computations on the data. A trivial solution is to transfer all of the data to the client-side and decrypt it before doing the computations, but this solution imposes a large overhead on the client-side and contradicts the philosophy of outsourcing. Till now, so many encryption schemes... 

A traffic classifier maps each input stream into a pre-defined traffic class. If the traffic is encrypted using a protocol, such as SSL, or is protected using an encrypted tunnel, it's content would be hidden from the classifier, in which case the common traffic classification methods will be ineffective. Although common security mechanisms which provide information confidentiality to user can't hide all properties of messages, including length and time. Some of the newly presented methods of traffic classification utilize these properties and can actually classify messages without accessing their content. We will study such methods and their limitations in this thesis. Of all the encrypted... 

Trac classication in today’s high-bandwidth networks is challenging, resource consuming, and inaccurate due to the high volume, velocity, and variety aracteristics of the network trac. Trac aracterization and Application identication teniques are widely addressed in the current literature. Due to the massive volume and streaming data in recent years, stream algorithms have been considered by many researers in dierent areas. Online application detection is an issue that has been addressed less frequently in literature. In this thesis, we investigate the performance of 10 dierent stream classication algorithms along with traditional classication algorithms. To generate a robust classier for... 

In recent years, internet traffic is experiencing an explosive growth. High performance networking in large scale computer networks creates several security challenges. Exploiting Deep Packet Inspection (DPI) is regarded as a big challenge especially for massive data when number of concurrent connections grows. Using simple security based on network layer data can easily avaded by attackers and also can not detect more sophisticated attacks like DDoS. In this paper we proposed a new grammar model named bidirectional asynchronous counting grammar and it’s automata. With this grammar model we can define policies based on extracted fields in both request and response flows. Using new model of... 

High-bandwidth network analysis is challenging, resource consuming, and inaccurate due to the high volume, velocity, and variety characteristics of the network traffic. Today's high-bandwidth networks require adaptive analyzing approaches to recognize the network variable behaviors. The analyzing approaches should be robust against the lack of prior knowledge and provide data to impose more complex policies.This thesis introduces complex policy relation and proposes a two-layer framework to enforce complex policies, named HB2DS. The proposed framework is equipped with the mechanism and policy layers. The mechanism layer processes network packets header and payload to generate a flow stream.... 

Embedded systems are commonly used in industrial and non-industrial environments. The widespread usage of Internet and the connectivity it brings lead to the emergence of the Internet Of Things (IOT) which in turn leads to the increased usage of embedded systems. Smart things bringing intelligence to human life are just a small example of such systems.On one hand, embedded systems with a low-end processor have minimal capabilities, and on the other hand, the widespread usage of these systems make them an attractive goal for attackers. Embedded system security is not a new topic, but system connectivity over Internet and the remote access to them make this topic more important than... 

One of the most important requirements in deploying a security system is to ensure the effectiveness and absence of bypass patterns. This is especially important for attack-based detection systems. One of the systems that has recently attracted the attention of network administrators is Web Application Firewall (WAF). The purpose of this thesis is to propose a deep learning approach to identify the pattern of SQL Injection (SQLi) attacks which could potentially bypass a WAF. We delve into the problem of detecting SQLi attacks among a very large dataset of existing SQL queries. To this end, we use one of the latest implementation of Recurrent Neural Network (RNN) called Long Short-Term Memory...