Magisterprogram i nätverksforensik på Utexpo

A DeepFake Detection With CNN Based Feature Extraction Method

• Participants: Stebin Sam and Sreekumar G Nair.
  

Several studies are working on figuring out fake videos, which are often used to spread lies. One way is to quickly pull out features from videos using fancy computer stuff like VGG16, ResNet, and EfficientNet. Then, we use another trick called PCA to pick out important features. After that, we use a special computer program called SVM to tell if a video is fake or not. This helps us find and stop fake news.

Another study is about finding fake videos using a dataset from Kaggle. They use fancy computer models like VGG16, ResNet50, and EfficientNetB1 to look at people's faces. Then they use another trick called PCA to make it easier for the computer. After that, they train a special computer program called SVM to guess if a video is real or fake. They check how well it works with things like the confusion matrix and F1 score.

Another study tries to find both fake videos and fake audio in digital stuff. They use 3D computer tricks to look for fake videos and they get it right about 85 per cent of the time. For fake audio, they use a special computer model called ResNet-34, which gets it right about 99 per cent of the time. This helps to stop people from using computer tricks to lie. Overall, these projects use fancy computer stuff to find fake videos and stop fake news.

Cost Benefit Analysis of Cyber Security Investments

• Participant: Robert Robert and Uday Praveen Yarlagadda.
  

In today’s interconnected digital landscape, the importance of cybersecurity cannot be overstated. With the ever-evolving threat landscape and the increasing sophistication of cyber-attacks, organizations across all sectors are tasked with safeguarding their digital assets and sensitive information. However, allocating resources to cybersecurity initiatives requires careful consideration of the associated costs and benefits.

This thesis explores the intricate dynamics of cost-benefit analysis in cybersecurity investments. By examining the economic implications of various cybersecurity measures, this research aims to provide valuable insights into the decision-making process for organizations seeking to enhance their cyber resilience.

Furthermore, this thesis explores the challenges and limitations of conducting cost-benefit analyses for cybersecurity investments. Factors such as uncertainty in threat landscapes, the intangible nature of cyber risks, and the evolving regulatory environment present unique challenges that must be addressed to make informed investment decisions.

Through a comprehensive examination of case studies, empirical research, and theoretical frameworks, this thesis aims to contribute to the growing knowledge of cybersecurity economics. By providing practical insights and actionable recommendations, this research is hoped to empower organizations to make more informed and effective decisions in their cybersecurity investment strategies.

Ultimately, this thesis aims to shed light on the complex interplay between cybersecurity, economics, and risk management and provide stakeholders with the tools and knowledge necessary to navigate this rapidly evolving landscape.

Dark Web Forensics: An Investigation of Tor and I2P Artifacts on Windows 11

• Participants: Seyedhesam Abolghesami and Chukwudalu Chukwuneta.
  

Our thesis addresses the critical need for advanced digital forensic techniques in the realm of dark web investigations. With the increase of internet privacy concerns and illicit activities, our research focuses on uncovering digital traces left by dark web browsers like Tor and I2P on Windows 11 systems. By examining registry, memory, and storage artifacts, this study enhances the toolkit of cybersecurity professionals and law enforcement, aiding in the pursuit and prosecution of cybercriminals while contributing to safer digital environments. This work not only advances forensic methodologies but also provides deeper insights into the privacy mechanisms of dark web technologies.

Enhancing Network Security through Investigative Traffic Analysis: A Case Study

• Participant: Anjana Mohan and Winliya Jewel Sunny.
  

In our master thesis, we delve into the realm of network intrusion detection systems (IDS) by conducting a thorough comparison between two prominent tools: SNORT IDS and ZEEK IDS. Through extensive experimentation and evaluation, we aimed to assess their effectiveness in identifying various attack vectors, while also shedding light on their individual strengths and weaknesses. Our study emphasizes that while IDS tools play a crucial role in network security, they alone are insufficient for ensuring comprehensive protection. We argue for the necessity of continuous network monitoring by skilled analysts to proactively mitigate threats. Moreover, we recognize the need for an ideal IDS tool that encompasses advanced detection capabilities, optimized performance, scalability, interoperability, usability, and regulatory compliance to effectively combat the evolving threat landscape and accommodate diverse computing environments.

Exploring JPEG File Containers Without Metadata: A Machine Learning Approach for Encoder Classification

• Participants: Mattias Iko Mattsson and Raya Wagner.
  

This thesis explores a method for identifying JPEG encoders, without relying on metadata, by analyzing characteristics inherent to the JPEG file format itself. The approach uses machine learning to differentiate encoders based on features such as quantization tables, Huffman tables, and marker sequences. These features are extracted from the file container and analyzed to identify the source encoder. The random forest classification algorithm was applied to test the efficacy of the approach across different datasets, aiming to validate the model’s performance and reliability. The results confirm the model’s capability to identify JPEG source encoders, providing a useful approach for digital forensic investigations.

Guardians of the Grid : Empowering renewable energy market place with DMI and SSI for Cybersecurity

• Participant: Gily Jayaram.
  

The energy sector faces transformative changes amid technological advancements and environmental sustainability concerns. Blockchain technology emerged as a potent tool for revolutionizing energy systems, offering secure transactions, efficient resource management, and sustainable practices. Blockchain addresses challenges like lack of transparency and data security in centralized energy systems by enabling decentralized transactions to eliminate central authority dependency and focus on Self-Sovereign Identities (SSIs) and Digital Machine Identities (DMIs). SSIs empower individuals to control their digital identities independently, while DMIs ensure secure machine-to-machine communication. Our project aims to enhance privacy and security issues inherent in blockchain-based energy transactions by leveraging these technologies; we seek to mitigate cybersecurity risks and promote secure transactions in the energy sector through blockchain, contributing to its resilience and efficiency.

Into the Gates of Troy: A Comparative Study of Antivirus Solutions for the Detection of Trojan Horse Malware

• Participant: Tom Hinne.
  

This study investigates the effectiveness of free Linux antiviruses against Trojan Horse malware, a deceptive threat.

This study compares three antiviruses using a dataset of 1919 Trojan Horse samples, assessing detection rates, resource usage, and functionalities offered.

The hypothesis is that Trojans are harder to detect than other threats. This work is novel by focusing on the most common Trojan type and file formats for both Linux and other platforms.

RAM Imaging and Analysis

• Participant: Kiranbabu Sureshbabu.
  

Technology advancements have resulted in a notable increase in the number of cybercrime instances, posing a significant obstacle to efficient response. Data from the devices is recovered using a variety of cyber forensic methods and instruments in order to combat cybercrime. The current study paper focuses on memory forensics and analyzes memory, which contains a variety of information relevant to forensic investigation, including cryptographic keys, usernames, passwords, deleted files, deleted logs, and running processes. This information can be useful in investigating cybercrime.

In conclusion, this paper highlights the vital role that RAM imaging and analysis play in digital forensics, stressing how it can be used to find volatile evidence, identify malicious activity, and try to compare few tools commonly used in this field on the basis of various attributes and tries to find out which one provides the best result.

Securing the Future: Cybersecurity in the Automotive Industry

• Participant: Arya Prince Meera Sasidharan.
  
• Collaborator: TestScouts.

This thesis examines software safety and security in Tesla Model S cars, focusing on theoretical approaches to enhance security without direct implementation. It addresses historical incidents, like 2016 vulnerabilities in Wi-Fi, Bluetooth, and GPS, highlighting the need for improved safety measures. The proposed method revolves around fuzz testing, aiming to uncover vulnerabilities with unexpected inputs. Although practical implementation isn’t pursued, the research lays groundwork for future safety protocols, contributing to the discussion on fortifying software protection in automotive systems.