The advancement of cloud technology has impacted society positively in a number of ways, but it has also led to an increase in threats that target private information available on cloud systems. Intrusion prevention systems play a crucial role in protecting cloud systems from such threats. In this thesis, an intrusion prevention approach todetect and prevent such threats in real-time is proposed. This approach is designed for network-based intrusion prevention systems and leverages the power of supervised machine learning with Extreme Gradient Boosting (XGBoost) and Long Short-Term Memory (LSTM) algorithms, to analyze the flow of each packet that is sent to a cloud system through the network. The innovations of this thesis include developing a custom LSTM architecture, using this architecture to train a LSTM model to identify attacks and using TCP reset functionality to prevent attacks for cloud systems. The aim of this thesis is to provide a framework for an Intrusion Prevention System. Based on simulations and experimental results with the NF-UQ-NIDS-v2 dataset, the proposed system is accurate, fast, scalable and has a low rate of false positives, making it suitable for real world applications.

Rapid growth of internet and connected devices ranging from cloud systems to internet of things have raised critical concerns for securing these systems. In the recent past, security attacks on different kinds of devices have evolved in terms of complexity and diversity. One of the challenges is establishing secure communication in the network among various devices and systems. Despite being protected with authentication and encryption, the network still needs to be protected against cyber-attacks. For this, the network traffic has to be closely monitored and should detect anomalies and intrusions. Intrusion detection can be categorized as a network traffic classification problem in machine learning. Existing network traffic classification methods require a lot of training and data preprocessing, and this problem is more serious if the dataset size is huge. In addition, the machine learning and deep learning methods that have been used so far were trained on datasets that contain obsolete attacks. In this thesis, these problems are addressed by using ensemble methods applied on an up to date network attacks dataset. Ensemble methods use multiple learning algorithms to get better classification accuracy that could be obtained when the corresponding learning algorithm is applied alone. This dataset for network traffic classification has recent attack scenarios and contains over fifteen attacks. This approach shows that ensemble methods can be used to classify network traffic and detect intrusions with less training times of the model, and lesser pre-processing without feature selection. In addition, this thesis also shows that only with less than ten percent of the total features of input dataset will lead to similar accuracy that is achieved on whole dataset. This can heavily reduce the training times and classification duration in real-time scenarios.

The advent of the Internet of Things (IoT) and its increasing appearances in

Small Office/Home Office (SOHO) networks pose a unique issue to the availability

and health of the Internet at large. Many of these devices are shipped insecurely, with

poor default user and password credentials and oftentimes the general consumer does

not have the technical knowledge of how they may secure their devices and networks.

The many vulnerabilities of the IoT coupled with the immense number of existing

devices provide opportunities for malicious actors to compromise such devices and

use them in large scale distributed denial of service attacks, preventing legitimate

users from using services and degrading the health of the Internet in general.

This thesis presents an approach that leverages the benefits of an Internet Engineering

Task Force (IETF) proposed standard named Manufacturer Usage Descriptions,

that is used in conjunction with the concept of Software Defined Networks

(SDN) in order to detect malicious traffic generated from IoT devices suspected of

being utilized in coordinated flooding attacks. The approach then works towards

the ability to detect these attacks at their sources through periodic monitoring of

preemptively permitted flow rules and determining which of the flows within the permitted

set are misbehaving by using an acceptable traffic range using Exponentially

Weighted Moving Averages (EWMA).

Due to the shortcomings of modern Mobile Device Management solutions, businesses

have begun to incorporate forensics to analyze their mobile devices and respond

to any incidents of malicious activity in order to protect their sensitive data. Current

forensic tools, however, can only look a static image of the device being examined,

making it difficult for a forensic analyst to produce conclusive results regarding the

integrity of any sensitive data on the device. This research thesis expands on the

use of forensics to secure data by implementing an agent on a mobile device that can

continually collect information regarding the state of the device. This information is

then sent to a separate server in the form of log files to be analyzed using a specialized

tool. The analysis tool is able to look at the data collected from the device over time

and perform specific calculations, according to the user's specifications, highlighting

any correlations or anomalies among the data which might be considered suspicious

to a forensic analyst. The contribution of this paper is both an in-depth explanation

on the implementation of an iOS application to be used to improve the mobile forensics

process as well as a proof-of-concept experiment showing how evidence collected

over time can be used to improve the accuracy of a forensic analysis.

Corporations invest considerable resources to create, preserve and analyze

their data; yet while organizations are interested in protecting against

unauthorized data transfer, there lacks a comprehensive metric to discriminate

what data are at risk of leaking.

This thesis motivates the need for a quantitative leakage risk metric, and

provides a risk assessment system, called Whispers, for computing it. Using

unsupervised machine learning techniques, Whispers uncovers themes in an

organization's document corpus, including previously unknown or unclassified

data. Then, by correlating the document with its authors, Whispers can

identify which data are easier to contain, and conversely which are at risk.

Using the Enron email database, Whispers constructs a social network segmented

by topic themes. This graph uncovers communication channels within the

organization. Using this social network, Whispers determines the risk of each

topic by measuring the rate at which simulated leaks are not detected. For the

Enron set, Whispers identified 18 separate topic themes between January 1999

and December 2000. The highest risk data emanated from the legal department

with a leakage risk as high as 60%.