Sharif Digital Repository

Insider threat is a significant security risk for organizations and hard to detect. Most of introduced detection methods need contextual data entries about users, or preprocessed user activity logs to detect insider threats while it is costly and time-consuming. In this thesis, we introduce a behavior analysis method that learns its context and detects multiple types of insider threats from raw logs and network traffic in real-time. This method, named XABA, learns user roles and exclusive behaviors, through analyzing raw logs related to each network session of the user. Then it checks for some abnormal patterns, and if so, triggers the appropriate alert. XABA is implemented on the big-stream... 

Nowadays, most of businesses are becoming computer-based. This trend causes the organizations to become more vulnerable to internal and external threats. Internal threats are done through insiders. Insiders unlike outsiders have capabilities which aid them to easily carry out their illicit activities. Unfortunately, most of research in computer security has focused on the outsider threats, whereas the most damaging is the result of insiders’ illicit activities.This dissertation addresses three primary necessities of the research in the area of insider threat: a consistent definition of insider threat, a classification of types of insider threats, and a classification of vulnerabilities which... 

Radio frequency identification systems (RFID) were used in the past to identify physical objects. Along with the development of RFID systems and its wide range of applications in our daily life, the need for privacy in such systems is becoming more and more significant. Authentication protocols are used as the care of secure communication to preserve the privacy and security in RFID systems. In this thesis the security of authentication protocols against general attacks are investigated, using two typical authentication protocols. As an alternative, we use a privacy model as another tool to analyze two other types of authentication protocols. The results reveal the weakness in the design of... 

Nowadays, software systems face many challenges that relate to their maintenance, scalability, and development. To address these challenges, many large software systems have moved away from monolithic architecture and adopted a microservicesbased architecture. However, microservices-based systems face security challenges due to their distributed nature, complex dependencies, and diverse implementation technologies. This study specifically examines architecture-based threats, which fall under the program logic-based category. Previous research has required access to the server-side architecture to recover the architecture of the system, but this study proposes a method for recovering the... 

In line with advances in science and technology in the areas of robotics, artificial intelligence, computer and control, unmanned vehicles are being more utilized and focused. On the other hand, development and further advances of these vehicles is highly dependent on the level of their autonomy. Motion planning is one of the most important issues in this regard. Due to high levels of autonomy required for unmanned air vehicles (UAV), the subject of motion planning is of valuable interest in aerospace applications. The goal of the motion planning problem, that is the subject of this research, is to extract an optimal trajectory for the UAV from an initial location toward its target point... 

Increasing in insider threats of the organization, made it necessary to use a security solution to investigate anomalies within the organization. Diagnosis of insider anomalies is based on examining the behavior of any entity, whether employees or systems of the organization. Entities are classified into different categories based on reported events. The high consumption of resources, the creation or elimination of entities, and the variability of their behavior over time are among the major challenges in diagnosing insider anomalies. In this research, while defining the process of diagnosing insider anomalies, a possible solution is presented considering the above challenges. In the... 

We examine the economic implications of the SEC disclosure rules for companies doing business with Iran on their riskiness of debt. We exploit Section 219 of the Iran Threat Reduction and Syria Human Rights Act (ITRA), which requires companies listed on U.S exchanges to disclose their activities and transactions with Iranian institutions. We analyze the impact of the first ITRA disclosure on the cost of capital for both American and foreign companies listed on the US exchanges. Using a difference-in-difference approach, we document a negative impact of ITRA disclosures on loan spread and credit rating of foreign companies. Further, using textual analysis, we identify the elements in the...