Refine
Year of publication
Document Type
- Master's Thesis (24)
- Bachelor Thesis (16)
- Study Thesis (1)
Language
- English (41) (remove)
Has Fulltext
- yes (41)
Is part of the Bibliography
- no (41) (remove)
Keywords
- IT-Sicherheit (4)
- security (3)
- Analysis (2)
- Deep learning (2)
- Identitätsverwaltung (2)
- Maschinelles Lernen (2)
- Modellieren (2)
- 6LoWPAN (1)
- AUTOSAR (1)
- Access Management (1)
Institute
- Fakultät Medien (M) (ab 22.04.2021) (16)
- Fakultät Maschinenbau und Verfahrenstechnik (M+V) (11)
- Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) (5)
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (5)
- Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021) (3)
- Fakultät Wirtschaft (W) (2)
- ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik (2)
- INES - Institut für nachhaltige Energiesysteme (1)
- IfTI - Institute for Trade and Innovation (1)
Open Access
- Closed Access (41) (remove)
This thesis focuses on the development and implementation of a Datagram Transport Layer Security (DTLS) communication framework within the ns-3 network simulator, specifically targeting the LoRaWAN model network. The primary aim is to analyse the behaviour and performance of DTLS protocols across different network conditions within a LoRaWAN context. The key aspects of this work include the following.
Utilization of ns-3: This thesis leverages ns-3’s capabilities as a powerful discrete event network simulator. This platform enables the emulation of diverse network environments, characterized by varying levels of latency, packet loss, and bandwidth constraints.
Emulation of Network Challenges: The framework specifically addresses unique challenges posed by certain network configurations, such as duty cycle limitations. These constraints, which limit the time allocated for data transmission by each device, are crucial in understanding the real-world performance of DTLS protocols.
Testing in Multi-client-server Scenarios: A significant feature of this framework is its ability to test DTLS performance in complex scenarios involving multiple clients and servers. This is vital for assessing the behaviour of a protocol under realistic network conditions.
Realistic Environment Simulation: By simulating challenging network conditions, such as congestion, limited bandwidth, and resource constraints, the framework provides a realistic environment for thorough evaluation. This allows for a comprehensive analysis of DTLS in terms of security, performance, and scalability.
Overall, this thesis contributes to a deeper understanding of DTLS protocols by providing a robust tool for their evaluation under various and challenging network conditions.
Global energy demand is still on an increase during the last decade, with a lot of impact on the climate change due to the intensive use of conventional fossil-based fuels power plants to cover this demand. Most recently, leaders of the globe met in 2015 to come out with the Paris Agreement, stating that the countries will start to take a more responsible and effective behaviour toward the global warming and climate change issues. Many studies have discussed how the future energy system will look like with respecting the countries’ targets and limits of greenhouse gases and their CO2 emissions. However, these studies rarely discussed the industry sector in detail even though it is one of the major role players in the energy sector. Moreover, many studies have simulated and modelled the energy system with huge jumps of intervals in terms of years and environmental goals. In the first part of this study, a model will be developed for the German electrical grid with high spatial and temporal resolutions and different scenarios of it will be analysed meticulously on shorter periods (annual optimization), with different flexibilities and used technologies and degrees of innovations within each scenario. Moreover, the challenge in this research is to adequately map the diverse and different characteristics of the medium-sized industrial sector. In order to be able to take a first step in assessing the relevance of the industrial sector in Germany for climate protection goals, the industrial sector will be mapped in PyPSA-Eur (an open-source model data set of the European energy system at the level of the transmission network) by detailing the demand for different types of industry and assigning flexibilities to the industrial types. Synthetically generated load profiles of various industrial types are available. Flexibilities in the industrial sector are described by the project partner Fraunhofer IPA in the GaIN project and can be used. Using a scenario analysis, the development of the industrial sector and the use of flexibilities are then to be assessed quantitatively.
One of the main problematics of the seals tests is the time and money consuming they are. Up to now, there are few tries to do a digitalisation of a test where the seals behaviour can be known.
This work aims to digitally reproduce a seal test to extract their behaviour when working under different operation conditions to see their impact on the pimp’s efficiency. In this thesis, due to the Lomaking effect, the leakage and the forces applied on the stator will be the base of analysis.
First of all, among all the literature available for very different kind of seals and inner patterns, it has been chosen the most appropriate and precise data. The data chosen is “Test results for liquid Damper Seals using a Round-Hole Roughness Pattern for the Stator” from Fayolle, P. and “Static and Rotordynamic Characteristics of Liquid Annular Seals with Circumferentially/Grooved Stator and Smooth Rotor using three levels of circumferential Inlet-Fluid” from Torres J.M.
From the literature, dimensions of the test rig and the seals will be extracted to model them into a 3D CAD software. With the 3D CAD digitalisation, the fluid volumes for a rotor-centred position, meaning without eccentricity, will be extracted, and used. The following components have been modelled:
- Smooth Annular Liquid Seal (Grooved Rotor)
- Grooved Annular Liquid Seal (Smooth Rotor)
- Round-Hole Pattern Annular Liquid Seal (𝐻𝑑=2 𝑚𝑚) (Smooth Rotor)
- Straight Honeycomb Annular Liquid Seal (Smooth Rotor)
- Convergent Honeycomb Annular Liquid Seal (Smooth Rotor)
- Smooth Rotor / Smooth Annular Liquid Seal (Smooth Rotor)
As there is just one test rig, all the components have been adapted to the different dimensions of the seals by referencing some measures. This allows to test any seal with the same test rig.
Afterwards a CFD simulation that will be used to obtain leakage and stator forces. The parameters that will be changed are the rotational velocity of the fluid (2000 rpm, 4000 rpm, and 6000 rpm) and the pressure drop (2,068 bar, 4,137 bar, 6,205 bar, and 8,274 bar).
Those results will be compared to the literature ones, and they will determine if digitalisation can be validated or not. Even though the relative error is higher than 5% but the tendency is the same and it is thought that by changing some parameters the test results can be even closer to the literature ones.
On a regular basis, we hear of well-known online services that have been abused or compromised as a result of data theft. Because insecure applications jeopardize users' privacy as well as the reputation of corporations and organizations, they must be effectively secured from the outset of the development process. The limited expertise and experience of involved parties, such as web developers, is frequently cited as a cause of risky programs. Consequently, they rarely have a full picture of the security-related decisions that must be made, nor do they understand how these decisions affect implementation accurately.
The selection of tools and procedures that can best assist a certain situation in order to protect an application against vulnerabilities is a critical decision. Regardless of the level of security that results from adhering to security standards, these factors inadvertently result in web applications that are insufficiently secured. JavaScript is a language that is heavily relied on as a mainstream programming language for web applications with several new JavaScript frameworks being released every year.
JavaScript is used on both the server-side in web applications development and the client-side in web browsers as well.
However, JavaScript web programming is based on a programming style in which the application developer can, and frequently must, automatically integrate various bits of code from third parties. This potent combination has resulted in a situation today where security issues are frequently exploited. These vulnerabilities can compromise an entire server if left unchecked. Even though there are numerous ad hoc security solutions for web browsers, client-side attacks are also popular. The issue is significantly worse on the server side because the security technologies available for server-side JavaScript application frameworks are nearly non-existent.
Consequently, this thesis focuses on the server-side aspect of JavaScript; the development and evaluation of robust server-side security technologies for JavaScript web applications. There is a clear need for robust security technologies and security best practices in server-side JavaScript that allow fine-grained security.
However, more than ever, there is this requirement of reducing the associated risks without hindering the web application in its functionality.
This is the problem that will be tackled in this thesis: the development of secure security practices and robust security technologies for JavaScript web applications, specifically, on the server-side, that offer adequate security guarantees without putting too many constraints on their functionality.
Much of the research in the field of audio-based machine learning has focused on recreating human speech via feature extraction and imitation, known as deepfakes. The current state of affairs has prompted a look into other areas, such as the recognition of recording devices, and potentially speakers, by only analysing sound files. Segregation and feature extraction are at the core of this approach.
This research focuses on determining whether a recorded sound can reveal the recording device with which it was captured. Each specific microphone manufacturer and model, among other characteristics and imperfections, can have subtle but compounding effects on the results, whether it be differences in noise, or the recording tempo and sensitivity of the microphone while recording. By studying these slight perturbations, it was found to be possible to distinguish between microphones based on the sounds they recorded.
After the recording, pre-processing, and feature extraction phases we completed, the prepared data was fed into several different machine learning algorithms, with results ranging from 70% to 100% accuracy, showing Multi-Layer Perceptron and Logistic Regression to be the most effective for this type of task.
This was further extended to be able to tell the difference between two microphones of the same make and model. Achieving the identification of identical models of a microphone suggests that the small deviations in their manufacturing process are enough of a factor to uniquely distinguish them and potentially target individuals using them. This however does not take into account any form of compression applied to the sound files, as that may alter or degrade some or most of the distinguishing features that are necessary for this experiment.
Building on top of prior research in the area, such as by Das et al. in in which different acoustic features were explored and assessed on their ability to be used to uniquely fingerprint smartphones, more concrete results along with the methodology by which they were achieved are published in this project’s publicly accessible code repository.
The objective of this thesis is the conceptual design of a battery management system for the first prototype of the UWC (University of the Western Cape) Modular Battery System. The battery system is a lithium-ion battery that aims to be used in renewable energy systems and for niche electric vehicles such as golf carts.
The concept that is introduced in this thesis comprises the parameter monitoring, the safety management and has its main focus on an accurate state of charge estimation.
Another battery system that was already implemented is used as base for the parameter monitoring and the safety management for the new battery management system. In contrast to that, the concept for the state of charge estimation must be developed completely.
Different methods for the state of charge estimation which are based on the measured voltage, current and temperature are discussed, evaluated and the chosen method is conceived in this thesis. The method used for the state of charge estimation is different for the time when the battery is active than when it is inactive. During charge and discharge Coulomb counting is used and when the cell is inactive voltage versus state of charge lookup tables are used to update the estimation.
To have an accurate estimation when the cell is inactive only for a short time, a model of the voltage relaxation is used to predict the voltage when the cells are in equilibrium. This allows the algorithm to reset the state of charge that is estimated by Coulomb counting – which tends to have a growing error over time – frequently.
To evaluate the accuracy of the voltage prediction, cell tests were executed where the voltage relaxation was sampled. The recursive least square method to predict the end voltage was tested with a MATLAB programme. With the help of voltage versus state of charge lookup tables it was possible to determine the state of charge accuracy with the accuracy of the voltage prediction.
To date, many experiments have been performed to study how the internal geometrical shapes of the annular liquid seal can reduce internal leakage and increase pump efficiency. These can be time-consuming and expensive as all rotordynamic coefficients must be determined in each case.
Nowadays, accurate simulation methods to calculate rotordynamic coefficients of annular seals are still rare. Therefore, new numerical methods must be designed and validated for annular seals.
The present study aims to contribute to this labour by providing a summary of the available test rig and seals dimensions and experimental results obtained in the following experiments:
− Kaneko, S et al., Experimental Study on Static and Dynamic Characteristics of Liquid Annular Convergent-Tapered Seals with Honeycomb Roughness Pattern (2003) [1] − J. Alex Moreland, Influence of pre-swirl and eccentricity in smooth stator/grooved rotor liquid annular seals, static and rotordynamic characteristics (2016) [2]
A 3D CAD simulation with Siemens NX Software of the test rig used in J. Alex Moreland’s experiment has been made. The following annular liquid seals have also been 3D modelled, as well as their fluid volume:
− Smooth Annular Liquid Seal (SS/GR) (J. Alex Moreland experiment)
− Grooved Annular Liquid Seal (GS/SR)
− Round-Hole Pattern Annular Liquid Seal (𝐻𝑑=2 mm) (GS/SR)
− Straight Honeycomb Annular Liquid Seal (GS/SR)
− Convergent Honeycomb Annular Liquid Seal (No. 3) (GS/SR)
− Smooth Annular Liquid Seal (SS/SR) (S. Kaneko experiment)
In the case of the seals used in S. Kaneko’s experiments, the test rig has been adapted to each seal, defining interpart expressions which can be easily modified.
Afterwards, it has been done a CFD simulation of the Smooth Annular Liquid Seal using Ansys CFX Software. To do so, the fluid volume geometry has been simplified to do a first approximation. Results have been compared for an eccentricity 𝜀0=0.00 for the following ranges of rotor speeds and differential of pressure:
− Δ𝑃= 2.07, 4.14, 6.21, and 8.27 bar,
− 𝜔= 2, 4, 6 and 8 krpm.
Even results obtained have the same trend as the one proportionated by the literature, they cannot be validated as the error is above 5%. It is also observed that as the pressure drop increases, the relative error decreases considerably.
How can manufacturers or service companies provide better services with connected products, without having acquired a powerful IT infrastructure nor the competences for software development?
Today companies can appeal to a relocated-IT-infrastructure provider, which is called Cloud.
Consequently, they do not have to manage and take care of the safety/security aspect, the updates and the breakdown of the infrastructure internally, as those are all managed by the provider.
It is possible to outsource the development of the software of the connected product to an external company. However, the question now is how fast this company can juggle from one Cloud to another in order to fulfil their clients wishes?
neverMind offers a solution based on a multi-protocols-platform linking the different connected products to a multitude of Clouds without having to redesign the whole communication stack/building block for each change in the Cloud-solution. This is the object of my thesis.
The development follows the V-Model, the first steps to understand the complexity of the project were the realisation of the product technical and architectural specifications. The last step before the Implementation was to design in details the progress and the process of every parts of the platform.
The outcome of the requirements analysis led me to divide the project in two parts:
• a “General Interface” acting as a gateway between the Client-application and “Cloud-modules”
• the “Cloud-modules” themselves.
So far, the specifications are drown up; the General Interface and a client example are coded, as well as a first Cloud-module template.
In the field of network security, the detection of intrusions is an important task to prevent and analyse attacks.
In recent years, an increasing number of works have been published on this subject, which perform this detection based on machine learning techniques.
Thereby not only the well-studied detection of intrusions, but also the real-time capability must be considered.
This thesis addresses the real-time functionality of machine learning based network intrusion detection.
For this purpose we introduce the network feature generator library PyNetFlowGen, which is designed to allow real-time processing of network data.
This library generates 83 statistical features based on reassembled data flows.
The introduced performant Cython implementation allows processing individual packets within 4.58 microseconds.
Based on the generated features, machine learning models were examined with regard to their runtime and real-time capabilities.
The selected Decision-Tree-Classifier model created in Python was further optimised by transpiling it into C-Code, what reduced the prediction time of a single sample to 3.96 microseconds on average.
Based on the feature generator and the machine learning model, an basic IDS system was implemented, which allows a data throughput between 63.7 Mbit/s and 2.5 Gbit/s.
The identification of vulnerabilities is an important element of the software development process to ensure the security of software. Vulnerability identification based on the source code is a well studied field. To find vulnerabilities on the basis of a binary executable without the corresponding source code is more challenging. Recent research has shown how such detection can be performed statically and thus runtime efficiently by using deep learning methods for certain types of vulnerabilities.
This thesis aims to examine to what extent this identification can be applied sufficiently for a variety of vulnerabilities. Therefore, a supervised deep learning approach using recurrent neural networks for the application of vulnerability detection based on binary executables is used. For this purpose, a dataset with 50,651 samples of 23 different vulnerabilities in the form of a standardised LLVM Intermediate Representation was prepared. The vectorised features of a Word2Vec model were then used to train different variations of three basic architectures of recurrent neural networks (GRU, LSTM, SRNN). For this purpose, a binary classification was trained for the presence of an arbitrary vulnerability, and a multi-class model was trained for the identification of the exact vulnerability, which achieved an out-of-sample accuracy of 88% and 77%, respectively. Differences in the detection of different vulnerabilities were also observed, with non-vulnerable samples being detected with a particularly high precision of over 98%. Thus, the methodology presented allows an accurate detection of vulnerabilities, as well as a strong limitation of the analysis scope for further analysis steps.
Cloud computing is a combination of technologies, including grid computing and distributed computing, that use the Internet as a network for service delivery. Organizations can select the price and service models that best accommodate their demands and financial restrictions. Cloud service providers choose the pricing model for their cloud services, taking the size, usage, user, infrastructure, and service size into account. Thus, cloud computing’s economic and business advantages are driving firms to shift more applications to the cloud, boosting future development. It enlarges the possibilities of current IT systems.
Over the past several years, the ”cloud computing” industry has exploded in popularity, going from a promising business concept to one of the fastest expanding areas of the IT sector. Most enterprises are hosting or installing web services in a cloud architecture for management simplicity and improved availability. Virtual environments are applied to accomplish multi-tenancy in the cloud. A vulnerability in a cloud computing environment poses a direct threat to the users’ privacy and security. In our digital age, the user has many identities. At all levels, access rights and digital identities must be regulated and controlled.
Identity and access management(IAM) are the process of managing identities and regulating access privileges. It is considered as a front-line soldier of IT security. It is the goal of identity and access management systems to protect an organization’s assets by limiting access to just those who need it and in the appropriate cases. It is required for all businesses with thousands of users and is the best practice for ensuring user access control. It identifies, authenticates, and authorizes people to access an organization’s resources. This, in turn, enhances access management efficiency. Authentication, authorization, data protection, and accountability are just a few of the areas in which cloud-based web services have security issues. These features come under identity and access management.
The implementation of identity and access management(IAM) is essential for any business. It’s becoming more and more business-centric, so we need more than technical know-how to succeed. Organizations may save money on identity management and, more crucially, become much nimbler in their support of new business initiatives if they have developed sophisticated IAM capabilities. We used these features of identity and access management to validate the robustness of the cloud computing environment with a comparison of traditional identity and access management.
In this work, an implementation of the somewhat homomorphic BV encryption scheme is presented. During the implementation, care was taken to ensure that the resulting program will be as efficient as possible i.e. fast and resource-saving. The basis for this is the work of Arndt Bieberstein, who implemented the BV scheme with respect to functionality. The presented implementation supports the basics of the BV scheme, namely (symmetric and asymmetric) encryption, decryption and evaluation of addition as well as multiplication. Additionally, it supports the encoding of positive and negative numbers, various gaussian sampling methods, basically infinitely large polynomial coefficients, the generation of suitable parameters for a use case, threading and relinearization to reduce the size of a ciphertext after multiplications. After presenting the techniques used in the implementation, it’s actual efficiency is determined by measuring the timings of the operations for various parameters.
Annotated training data is essential for supervised learning methods. Human annotation is costly and laborsome especially if a dataset consists of hundreds of thousands of samples and annotators need to be hired. Crowdsourcing emerged as a solution that makes it easier to get access to large amounts of human annotators. Introducing paid external annotators however introduces malevolent annotations, both intentional and unintentional. Both forms of malevolent annotations have negative effects on further usage of the data and can be summarized as spam. This work explores different approaches to post-hoc detection of spamming users and which kinds of spam can be detected by them. A manual annotation checking process resulted in the creation of a small user spam dataset which is used in this thesis. Finally an outlook for future improvements of these approaches will be made.
The status quo of PROFINET, a commonly used industrial Ethernet standard, provides no inherent security in its communication protocols. In this thesis an approach for protecting real-time PROFINET RTC messages against spoofing, tampering and optionally information disclosure is specified and implemented into a real-world prototype setup. Therefor authenticated encryption is used, which relies on symmetric cipher schemes. In addition a procedure to update the used symmetric encryption key in a bumpless manner, e.g. without interrupting the real-time communication, is introduced and realized.
The concept for protecting the PROFINET RTC messages was developed in collaboration with a task group within the security working group of PROFINET International. The author of this thesis has also been part of that task group. This thesis contributes by proofing the practicability of the concept in a real-world prototype setup, which consists of three FPGA-based development boards that communicate with each other to showcase bumpless key updates.
To enable a bumpless key update without disturbing the deterministic real-time traffic by dedicated messages, the key update annunciation and status is embedded into the header. By provisioning two key slots, of which only one is in used, while the other is being prepared, a well-synchronized coordinated switch between the receiver and the sender performs the key update.
The developed prototype setup allows to test the concept and builds the foundation for further research and implementation activities, e.g. the impact of cryptographic operations onto the processing time.
As the population grows, so does the amount of biowaste. As demand for energy grows, biogas is a promising solution to the problem. Lignocellulosic materials are challenged of slow degradability due to the presence of polymers such as cellulose, lignin and hemicellulose. There are several pretreatment methods available to enhance the degradability of such materials, including enzymatic pretreatment. In this pretreatment, there are few parameters that can influence the results, the most important being the enzyme to solid ratio and the solid to liquid ratio. During this project, experiments were conducted to determine the optimal conditions for those two factors. It was discovered that a solid to liquid ratio of 31 g of buffer per 1 gram of organic dry matter produced the highest reducing sugar release in flasks when combined with 34 mg of protein per 1 gram of organic dry mass. Additionally, another experiment was carried out to investigate the impact of enzymatic pretreatment on biogas production using artificial biowaste as a substrate. Artificial biowaste produced 577,9 NL/kg oDM, while enzymatically pretreated biowaste produced 639,3 NL/kg oDM. This resulted in a 10,6% rise in cumulative biogas production compared to its use without enzymatic pretreatment. By the conclusion of the investigation, specific cumulative dry methane yields of 364,7 NL/kg oDM and 426,3 NL/kg oDM were obtained from artificial biowaste without and with enzymatic pretreatment, respectively. This resulted in a methane production boost of 16,9%. Additionally in case of the reactors with enzymatically pretreated substrate kinetic constant was lower more than double, where maximum volume of biogas increased, comparing to the reactors without enzymatic pretreatment.
The Timed-Up-and-Go (TUG) test aims to assess mobility, balance, walking ability, and fall risk during walking. The instrumentalization of the TUG is already described in the literature and is beginning to be implemented in the industry. The products proposed by Zhortech and Digitsole, namely connected insoles, as well as additional sensors placed on the sternum and the right and eventually left femur allow the instrumentalization of the test.
An algorithm of detection and evaluation of the TUG has been developed in two versions. The first one (V1) aiming simply to calculate the total duration of the test. A second version is an improvement of V1, allowing to segment the TUG in three sub-phases: Sit-Stand, walking, Stand-Sit. These algorithms have been declined in a variant with the five sensors mentioned, and one without the sensor of the left femur.
The performance of the algorithms was compared to manual labeling performed on video. The comparison includes a bland-Altman plot and a correlation for the total test duration, but also for the sub-phase’s duration according to the two variants.
The TUG duration shows very good results regarding the limits of agreements (lLoA = -0.33 s and uLoA+0.6 s). The bias of 0.13 s indicated that the algorithm overrates the duration of the TUG. The results of the TUG subphases are less accurate. Although the correlation coefficient is between 0.76 and 0.96 for the different subphases, the limits of agreements are still very high, between -0.71 s and -0.5 s for the lLoA and +0.39 s and +0.58 s for the uLoA. These limits of agreements indicated that the Sit-Stand and Stand-Sit transition are not accurate enough yet. The dispersion is high for a transition that could last between about one and six seconds. The two variants, with and without a sensor on the left femur, present similar results.
Among the billions of smartphone users in the world, Android still holds more than 80% of the market share. The applications which the users install have a specific set of features that need access to some device functionalities and sensors that may hold sensitive information about the user. Therefore, Android releases have set permission standards to let the user know what information is being disclosed to the application. Along with other security and privacy improvements, significant changes to the permission scheme are introduced with the Android 6.0 version (API level 23). In this master thesis, the Android permission scheme is tested on two devices from different eras. The evolution of Android over the years is examined in terms of confidentiality. For each device, two applications are built; one focused on extracting every piece of information within the confidentiality scope with every permission declared and/or requested, and the other app focused on getting this type of information without user notification. The resulting analysis illustrates whether how and in what way the Android permission scheme declined or improved over time.
Even though the internet has only been there for a short period, it has grown tremendously. To- day, a significant portion of commerce is conducted entirely online because of increased inter- net users and technological advancements in web construction. Additionally, cyberattacks and threats have expanded significantly, leading to financial losses, privacy breaches, identity theft, a decrease in customers’ confidence in online banking and e-commerce, and a decrease in brand reputation and trust. When an attacker pretends to be a genuine and trustworthy institution, they can steal private and confidential information from a victim. Aside from that, phishing has been an ongoing issue for a long time. Billions of dollars have been shed on the global economy. In recent years, there has been significant progress in the development of phishing detection and identification systems to protect against phishing attacks. Phishing detection technologies frequently produce binary results, i.e., whether a phishing attempt was made or not, with no explanation. On the other hand, phishing identification methodologies identify phishing web- pages by visually comparing webpages with predetermined authentic references and reporting phishing together with its target brand, resulting in findings that are understandable. However, technical difficulties in the field of visual analysis limit the applicability of currently available solutions, preventing them from being both effective (with high accuracy) and efficient (with little runtime overhead). Here, we evaluate existed framework called Phishpedia. This hybrid deep learning system can recognize identity logos from webpage screenshots and match logo variants of the same brand with high precision. Phishpedia provides high accuracy with low run- time. Lastly, unlike other methods, Phishpedia does not require training on any phishing sam- ples whatsoever. Phishpedia exceeds baseline identification techniques (EMD, PhishZoo, and LogoSENSE), inaccurately detecting phishing pages in lengthy testing using accurate phishing data. The effectiveness of Phishpedia was tested and compared against other standard machine learning algorithms and some state-of-the-art algorithms. The given solutions performed better than different algorithms in the given dataset, which is impressive.
Privacy is the capacity to keep some things private despite their social repercussions. It relates to a person’s capacity to control the amount, time, and circumstances under which they disclose sensitive personal information, such as a person’s physiology, psychology, or intelligence. In the age of data exploitation, privacy has become even more crucial. Our privacy is now more threatened than it was 20 years ago, outside of science and technology, due to the way data and technology highly used. Both the kinds and amounts of information about us and the methods for tracking and identifying us have grown a lot in recent years. It is a known security concern that human and machine systems face privacy threats. There are various disagreements over privacy and security; every person and group has a unique perspective on how the two are related. Even though 79% of the study’s results showed that legal or compliance issues were more important, 53% of the survey team thought that privacy and security were two separate things. Data security and privacy are interconnected, despite their distinctions. Data security and data privacy are linked with each other; both are necessary for the other to exist. Data may be physically kept anywhere, on our computers or in the cloud, but only humans have authority over it. Machine learning has been used to solve the problem for our easy solution. We are linked to our data. Protect against attackers by protecting data, which also protects privacy. Attackers commonly utilize both mechanical systems and social engineering techniques to enter a target network. The vulnerability of this form of attack rests not only in the technology but also in the human users, making it extremely difficult to fight against. The best option to secure privacy is to combine humans and machines in the form of a Human Firewall and a Machine Firewall. A cryptographic route like Tor is a superior choice for discouraging attackers from trying to access our system and protecting the privacy of our data There is a case study of privacy and security issues in this thesis. The problems and different kinds of attacks on people and machines will then be briefly talked about. We will explain how Human Firewalls and machine learning on the Tor network protect our privacy from attacks such as social engineering and attacks on mechanical systems. As a real-world test, we will use genomic data to try out a privacy attack called the Membership Inference Attack (MIA). We’ll show Machine Firewall as a way to protect ourselves, and then we’ll use Differential Privacy (DP), which has already been done. We applied the method of Lasso and convolutional neural networks (CNN), which are both popular machine learning models, as the target models. Our findings demonstrate a logarithmic link between the desired model accuracy and the privacy budget.