مشاريع طلاب خريف 2024 - F24 - Toggle
تقنيات المصادقة واستراتيجيات الدفاع للتخفيف من المخاطر الأمنية لإنترنت الأشياء
Techniques for Authentication and Defense strategies to mitigate IOT security risks
Internet of Things (IoT) has rapidly evolved into a transformative technology, impacting various facts of daily life and industry. However, its widespread adoption has been impeded by significant challenges, particularly in the realms of security, privacy, interoperability, scalability, and Quality of Service (QoS). These challenges represent critical obstacles that must be addressed to ensure the reliability and efficacy of IoT systems. It addresses security vulnerabilities through multi-layered measures including encryption, authentication mechanisms, anomaly detection, and secure firmware updates, while also prioritizing privacy preservation through privacy-by-design principles and data anonymization techniques. Additionally, methodology advocates for interoperability frameworks, scalability strategies encompassing cloud-based architectures and edge computing paradigms, and Quality of Service enhancements through performance monitoring and adaptive resource allocation. By implementing these methodologies, we aim to overcome the fundamental challenges facing IoT deployment and pave the way for a more secure, interoperable, scalable, and reliable IoT ecosystem, underscoring the importance of comprehensive solutions to unlock the full potential of the Internet of Things.
In this study, a system was proposed that integrates authentication techniques and defense strategies to mitigate risks. SUACC-IoT was used for authentication, and its limitations were overcome by applying the MTD defense strategies and the MSAAD multi-stage defense strategy.
إعداد: الطالب هادي الطحان
إشراف: الدكتور محمد الشايطة
تقنيات المصادقة واستراتيجيات الدفاع للتخفيف من المخاطر الأمنية لإنترنت الأشياء
استخدام مصيدة مخترقين متنقلة ضمن شبكة
Using a mobile honeypot within a network
Static-address honeypots face a recurring challenge in cybersecurity environments: they are often detected by attackers within a short time frame, rendering them ineffective for sustained monitoring and threat analysis. This study addresses that limitation by proposing a dynamic strategy to periodically or conditionally change the honeypot’s network address without altering its internal structure or compromising system integrity.
The project implements a smart redirection mechanism that reshapes the honeypot’s perceived location, reducing its detectability and extending its operational lifespan. Alerts generated by the honeypot are analyzed using Snort, transformed via Vector into a structured format, and integrated with Elasticsearch for contextual and behavioral visualization.
The implementation was carried out in a semi-production environment, with each stage validated through independent testing units to ensure reliability and scalability. Results demonstrate that dynamic address switching significantly enhances the honeypot’s stealth capabilities, improves alert accuracy, and strengthens overall situational awareness.
This study presents a practical model applicable in institutional settings, offering a flexible reactivation mechanism for static honeypots. It contributes to the research landscape by advancing strategic monitoring and control methodologies and opens new avenues for developing adaptive security solutions in response to evolving cyber threats.
إعداد: الطالب غيث علي شقرة
إشراف: الدكتور محمد الجنيدي
استخدام مصيدة مخترقين متنقلة ضمن شبكة
التحليل الجنائي الرقمي للشبكات
Digital forensic analysis of Networks
In light of the rapid evolution and increasing complexity of cyber threats, digital network forensics emerges as a critical tool for incident response and understanding attacker tactics. This study aims to present an integrated, applied methodology for investigating network intrusions by systematically collecting and correlating evidence extracted from network traffic with that found in the volatile memory of compromised systems.
To achieve this goal, a simulation-based experimental methodology was adopted. An isolated virtual network environment, simulating a small corporate network, was designed and implemented using the EVE-NG platform. Subsequently, a multi-stage cyber-attack, mimicking the "Cyber Kill Chain" framework, was launched. A custom malicious payload was created using Metasploit, delivered to the victim's machine, and then used to establish a Command and Control (C2) channel and install persistence mechanisms in the system registry. The investigation process followed the methodological framework recommended in the National Institute of Standards and Technology (NIST) Special Publication 800-86. It relied on a set of leading open-source tools, where the Zeek framework was used to analyze captured network traffic, and the Volatility 3 framework was employed to dissect a live memory image of the victim's machine.
The results demonstrated the success of the applied methodology in fully and accurately reconstructing the attack sequence. Network analysis successfully identified the suspicious C2 communication channel over port 4444, while memory analysis revealed the malicious process responsible for this communication (SVU.exe), the beaconing mechanism used by the attacker, and the system registry key that ensured the malware remained active after a system reboot. The study proved that the integration of network and memory analysis is not merely an option but an absolute necessity to achieve a deep, causal understanding of security incidents, as each source provides context that the other cannot offer alone. This paper underscores the effectiveness of open-source tools in building advanced forensic investigation capabilities and presents a practical model that organizations and incident response teams can follow to enhance their ability to detect and effectively respond to intrusions.
إعداد: الطالبة نيفين فايز شاهين
إشراف: الدكتور محمد الجنيدي
التحليل الجنائي الرقمي للشبكات