Now showing 1 - 5 of 7
- ItemA Platform to analyze android application components for vulnerabilities(Strathmore University, 2021) Muchoki, Macharia BensonPast research has shown that developers ·make mistakes in writing Android application configuration files, resulting to multiple vulnerabilities in these applications. More often, these vulnerabilities go unnoticed and the affected applications are installed in many end user’s devices. One typical security vulnerability is related to misconfiguration of Android application components. Source code obfuscation is increasingly becoming popular and was found in this study to be limiting the accuracy of most Android applications auditing tools. This study was aimed at designing, developing, and testing a platform called MobiSec. MobiSec employs a hybrid analysis technique that examines both static and dynamic features to aid Android application developers and security analysts in identifying vulnerable Android application components. The MobiSec platform was designed, developed, and tested employing the agile methodology for fast delivery. Functional, compatibility and performance tests were carried out by analysing popular Android mobile applications from Google Play Store. Performance and validation testing results showed that the MobiSec platform could be used reliably with 95% accuracy to identify vulnerable Android application components.
- ItemApplication of browser fingerprinting using JA3 hashes in digital forensics(Strathmore University, 2021) Mathii, Pius MuisyoWeb-based communication has become more secure in recent years as a result of Transport Layer Security (TLS) encapsulation. TLS increases user security by encrypting transmitted data; however, it restricts network monitoring and data capturing, which is important for digital forensics. With the constant evolution of TLS protocol suites, creating unique and stable TLS fingerprints for forensic purposes is difficult. Furthem1ore, content advertising and tracking plugins contribute to "communication noise," limiting the use of TLS fingerprinting. This paper describes an experiment using JA3 hashes for TLS fingerprinting of network applications and focuses on fingerprinting of browsers, specifically the stability, reliability, and uniqueness of JA3 fingerprints. The study also looks at the applicability of JA3 fingerprints in digital forensics. Agile software development methodology was used to achieve the design, implementation, testing and validation aspects of the solution. The final product was an interactive shell script that examines an unknown network capture file and identifies the identity of the browser that was used based on JA3 algorithm. The performance of the tool was good overall based on extensive testing and evaluation.
- ItemDetecting zero-day attacks using Recurrent Neural Network(Strathmore University, 2021) Ndungu, George MuchiriThe development of Information and Communications Technology (ICT) and an increase in the use of mobile technology has enabled organisations to implement and adopt the use of information and management systems to conduct their day to day activities. However, as cyber-attacks against organisations are becoming more frequent and more sophisticated there is a need for advanced measures to help prevent against the known cybersecurity attacks and zero day attacks. In view of the above shortcoming, this study developed an anomaly-based cybersecurity threats detection model using the Recurrent Neural Network (RNN) technique that can be used to detect zero-day vulnerabilities. This approach functions with the assumption that a cybersecurity attack is different from a normal system activity of a legitimate user and can be detected by a system that identifies the differences. The RNN algorithm has a strong modelling ability for anomaly detection, and high accuracy in both binary and multiclass classification. Compared to traditional classification methods its performance includes a higher detection accuracy rate with a low false-positive rate. This research adopts RAD methodology, which heavily emphasizes rapid prototyping and iterative delivery, to develop the RNN system for anomaly detection. This research aimed to develop an RNN model which will be used to detect zero-day vulnerabilities. The predictive model had an accuracy of 93% which was achieved through tests using model demo data. The main objective of the research was met and it proved that the Neural Network Algorithm can be used to detect zero-day attacks in a network.
- ItemA Model to detect and prevent rogue DHCP attacks on wireless LAN communication(Strathmore University, 2021) Wachira, Fiona NjeriWLAN technology is a crucial component of computer networks. The use of Wi-Fi communication has grown due to the increasing population of end devices, which includes smartphones, tablets, laptops etc. This has significantly increased the number of internet users. When mobile hosts move from one network to another, they require new system configurations in order to communicate hence the use of WLAN. Dynamic Host Configuration Protocol (DHCP) supports automatic configuration of hosts. With respect to DHCP processes, one of the internal attacks that majorly affects WLAN security is rogue DHCP server. Due to the nature of DHCP communication, it is easy for an attacker to introduce a rogue DHCP server. This is possible since a client can receive DHCPOFFER messages from more than one DHCP server. To address this issue, the study proposes a custom IDS that detects rogue DHCP server attacks by monitoring and analysing DHCP transaction messages. The study implements an experimental design that involves setting up a test network containing both rogue and genuine DHCP servers. Packet characteristics of rogue DHCP are collected and analyzed to identify the parameters to be used by the IDS. To validate the proposed solution, the offered IP addresses by the rogue DHCP server are checked against the report generated by the IDS. From the findings, it was confirmed that the IDS has 100% detection rate since all offered IP addresses by rogue DHCP server were detected by the IDS.
- ItemA Prototype to identify fraudulent sim card registration using Public Key infrastructure verification approach(Strathmore University, 2021) Wanja, Gate MaureenIdentifying a legitimate subscriber is important for the Mobile Network Operators during the SIM card registration and verification process. Over the years, the use of Mobile devices has grown steadily, increasing the numbers of subscribers to the different MNOS significantly. The MNOs are the owners of the SIM cards which they issue to their subscribers. The SIM card stores critical information belonging to the user, and information such as the IMSI number is unique to identifying the module. Different governments have approached the issue of SIM card registration differently. In some countries, SIM card registration is mandatory, and there is a requirement to provide identification during the registration process, while this is not a requirement for other countries. The Mobile Network Operators must have the Know Your Customer policies to validate the users as they activate the SIM modules. The research objective was to design, develop and test a prototype used by the mobile network operators and the users for self-registration of SIM cards. This objective was achieved by creating a verification platform for the users to activate their SIM modules after purchasing them from MNOs. Activating the SIM would be done after a user has been issued with a signed public key by a certificate Authority. The prototype used the functionalities of the PKI that ensured the integrity and authentication of the legitimate users. Unit and usability tests were conducted to validate if the prototype achieved its main objective. Different users involved in the data collection phase gave their recommendations, which formed the requirements for developing the prototype and furthering this research work. Each of the specific objectives was also discussed to show how each was achieved.