Web Vulnerability Assessment and Penetration Testing (Web VAPT) is an important cybersecurity practice that thoroughly examines web applications to uncover possible vulnerabilities. These vulnerabilities represent potential security gaps that could severely compromise the web applications' integrity and functionality if exploited by malicious entities.
One of the attacks employed in the Web VAPT process is the Directory Brute-Forcing Attack. This attack aims to identify hidden directories and files not adequately secured in a web application that contain sensitive information or critical functionalities. The attack methodology involves sending many requests of possible directories or files to the target web application, where brute-force generation of requests is performed using a wordlist. Due to its brute-force nature, this attack methodology often results in enormous quantities of requests sent for a small amount of successful discoveries.
With AI's quick progress and diffusion, the paradigm of Offensive AI emerges, where AI-based technologies are employed in traditional cyber attacks to make them more sophisticated and effective.
This research explores whether AI can enhance the standard directory enumeration process. We propose two novel attack methodologies for performing directory brute-forcing attacks that leverage probability and Language Models (LM).
Our experiments - conducted on a testbed consisting of around 1 million URLs from various domains of web applications (academic institutions, hospitals, government agencies, and business corporations) - demonstrate the superiority of our approaches over the standard brute-force attacks.
In particular, the LM-based attack results in an average discoveries increase of 969%, and the probabilistic attack is more efficient at sending successful requests in the early stages of attacks in more than 94% of cases.

Acoustic side-channel attacks (SCAs) use audio produced by a system to bypass traditional security measures to extract sensitive information. Human interface devices, such as keyboards, have been the focus of such attacks, however, computer mice are input devices that are currently in a research gap. This paper explores the security risks the emitted mouse sounds pose during usage. The methodology first establishes a proof of concept attack by classifying the mouse movement into up, down, left and right directions. The results lead to a 97% accuracy in distinguishing between the four categories in a controlled environment. This sets the stage by proving a leakage model useful for mouse acoustic SCAs. The research investigated the precision of tracking mouse movements by conducting experiments with ten unique movements on a large mouse pad. The study, using a dual-microphone setup, a smartphone in stereo recording, achieved 95% accuracy in discerning ten different movements. Furthermore, to place the research in a real-world context, the same experiment was repeated by adding two more directions (diagonal movement) and five other participants. The model was trained to become generalizable to six participants and 12 mouse pad movements, resulting in an accuracy of 94%. Given the same environment, this result shows the capability to extract sensitive information using a non-user-specific model. In addition, the paper experimented with a realistic attack scenario to infer a user action of closing a window on a laptop by clicking the red 'X' at the top right of the screen. The trained model could predict with 91% whether a mouse movement and click described the close window event. The experiments and findings within this research confirm audio leakage from a computer mouse in use. Moreover, the SCA poses a security risk in real-world scenarios, as it allows us to trace user activity in a realistic scenario. This work has explored the limits of single microphone use for SCAs and opened the door toward dual-microphone setup for future experiments.

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) have been in use for a long time on the web to block bots from accessing services. Many Different types of CAPTCHAs exist in various shapes and forms. As traditional CAPTCHAs became increasingly susceptible to attacks, mainly with the rise of artificial intelligence, there were efforts to enhance their complexity. As a side effect, this also increased the difficulty for legitimate users. Then attackers improved their methods, and the CAPTCHAs were broken once again, while the regular user keeps getting harder challenges. Over the years, this cycle has continued, leading to today’s CAPTCHAs, which are not only insecure but also difficult to solve for regular users, defeating the purpose of having a CAPTCHA in the first place. What makes AI attacks so successful in CAPTHCA systems is their ability to perform the given task with high accuracy. AI bots are now faster and more successful in solving CAPTCHAs than humans.

In this paper, we propose SHAPECAP (Shape Analysis and Precision Exploiting CAPTCHA), a novel interactive CAPTCHA system that aims for a user-friendly solution that is also secure against AI-backed attackers. The design of our solution involves a canvas on which shapes are moving randomly. The user can choose a specific shape at the start of the challenge and use the mouse pointer to follow it. There will be small variations of the chosen shape in order to confuse the user. If the user follows the correct shape, they will complete the challenge faster, while following the variation shapes will take longer. Based on the mouse movement data collected throughout the challenge, we can confirm whether the user is a human or a bot. Our aim is to find a pattern that shows humans are more likely to follow irregular shapes. We exploit the precision of machines and use it against them while capitalising on the natural tendency of humans to make errors.

Docker has been one of the most widely used DevOps tools in the last decade, enabling fast development of personalized services. Indeed, the common practice is to reuse already available containers and customize them based on the developer's needs. DockerHub is the leading platform for uploading and downloading Docker containers. Unfortunately, reusing code and infrastructure exposes developers to security and privacy threats, as the original developer might have had malicious intent to collect sensitive data or create backdoors in a victim's system. The existing literature has raised concerns about this security and privacy threats, and performed a mass vulnerability scans of Docker images. However, currently existing studies are mostly based on static analysis, which has been proved to be insufficient for a complete security assessment.

In this thesis we present a novel framework for the en-masse identification of vulnerabilities in Docker Containers. Additionally, as part of the framework, we document and implement a component which sorts and downloads images based on their popularity, which improves on the current fuzzy-search based state-of-the-art. Using this framework we found vulnerabilities in 2.44% of the containers we scanned. The framework also succeeded in finding novel vulnerabilities, resulting in two new reserved CVE numbers in the social network software Friendica.

The Internet of Things (IoT) is a rapidly growing technology that connects millions of devices together. However, as more devices connect, the importance of ensuring security, privacy, and performance becomes paramount. Training performance is affected without proper protocols in place, and devices can get compromised. This research focuses on how to enhance IoT security, privacy and performance using federated learning and blockchain. We will first identify the current challenges concerning those three metrics for IoT. Then, we will introduce federated learning and blockchain and explore how to integrate them. Next, we will address a set of related work performed on the field through a series of surveys. Keeping those surveys in mind, we present and compare several novel solutions for various IoT applications that attempt to provide solutions to enhance IoT security. We complete this study by discussing the potential of those solutions, as well as their challenges and then we highlight possible directions for future research in this booming field.

The dramatic increase in the number of Internet of Things (IoT) devices has created rapid growth for exploitation of security flaws and vulnerabilities. Particularly for critical infrastructure and real-time systems security threats can be highly damaging. Machine Learning (ML) algorithms have demonstrated the ability to combat the security threats and improve the efficiency of data management within IoT networks. This paper addresses how ML methods improve security and efficiency. A review of the current approaches is conducted and these approaches are categorized into detection systems as well as privacy and efficiency enhancements. The proposed future research directions are then presented to address the limitations of the state-of-the-art ML-based IoT security methods.

The Internet of Things (IoT) consists out of billions of devices. This vast size magnifies the security and efficiency challenges the IoT faces. Blockchain (BC) features like decentralisation, immutability and smart contracts can negate these IoT challenges.
In this paper we discuss how BC based solutions can significantly increase the security and efficiency of data management in IoT networks.

To this end we provide reviews of existing related surveys that focus on the privacy and performance of BC solutions in IoT.
State-of-the-art research papers on this topic are reviewed and discussed.
We create summaries that categorize and compare all reviews in this paper. These comparisons include consensus algorithms, performance, security, privacy, pros and cons.
Finally, we discuss the reviewed papers and present potential future research directions that we found in this field based on the discussed research papers and surveys.

The use of Internet of Things (IoT) devices has experienced an increase since its inception and is expected to continue to do so. However, this growth has also attracted individuals with malicious intentions. Botnet attacks on IoT devices have become more potent each year, exploiting new vulnerabilities and attacking more devices. Therefore, it is imperative to improve countermeasures. N-BaIoT is a frequently used dataset that covers botnet attacks in various stages of the botnet life cycle. Nevertheless, when examining the state-of-the-art utilizing the dataset, there are certain limitations that need to be addressed.

One limitation is the lack of detailed feature analysis in most studies. This results in less comprehension of the behavior of the malicious and benign data in the dataset, leading to a lack of feature optimization. Feature optimization is crucial as it improves the computational time of the model and makes it efficient to deploy in real-life applications. Another limitation is the uneven distribution of the malicious and benign data, resulting in unreliable evaluation scores. This issue has not been addressed in many studies.

The main contribution of this thesis is the development of a hybrid ensemble model to detect IoT botnet attacks faster and accurately. Additionally, the aim of this study is to provide a clear analysis of the behavior of the malicious and benign data and optimize the number of selected features. In the hybrid ensemble model, a minimal number of features will be utilized to evaluate performance. The comparison will be achieved by taking into account both the unbalanced and balanced datasets used for training and testing. By considering both datasets, the limitation of the distribution can be highlighted by examining the distinct performance of each dataset, making the comparison extensive and reliable.

The results indicate that the selected features and detection models proposed in this research outperform those of other studies. In both cases using the balanced and unbalanced sets, the performance score and computational time are improved. In addition, this is achieved by using fewer features compared to several studies.

Attacks using drones are increasing, war zones see more and more use of drones and civilian areas are threatened by cheap commercial drones. In order to prevent drone attacks, they have to be detected; identifiedand neutralized. Faster identification results in more time to respond, making identification vital. This thesisuses radar to identify drone threats using behavioral history. The basis for identification is created by flyingexperiments around critical infrastructure whilst recording the movement using radar. Subsequently multi-ple identification algorithms are compared to determine the fastest and most accurate way of identification.We determined distance to critical infrastructure and degrees scouted around critical infrastructure are themost important features. Next to that, the random forest achieves 96% accuracy, decreasing to 86% whenchallenged. The decision tree scores 94% accuracy, but due to its explanatory nature it becomes the desiredalgorithm. Understanding the basis for action is essential in neutralizing drone threats, making decision treesthe preferred method of identification.

This thesis is a research into developing a methodology and implementation of automated gray-box Broken Access Control Scanning (BACS) in web applications. Broken access controls take first place in the OWASP Top Ten Web Application Security Risks 2021. The need for this research comes from the observation that testing for broken access controls in web applications is labor-intensive, time-consuming, and error-prone. Therefore, security researchers require a modern methodology and toolset for exhaustively discovering access control vulnerabilities in web applications.

The posited hypothesis is that the contextual awareness required for access controls can be achieved by assuming that users are only authorized to perform actions accessible via the UI for that particular user. The methodology developed in this research consists of four phases: 1) A crawl phase where an application is crawled as multiple users. 2) A request selection phase, where potentially vulnerable requests are selected. 3) A request replay phase, where selected requests are replayed in the session context of another user. 4) A response comparison phase to identify whether an access control vulnerability has occurred. An implementation is provided and evaluated during web application penetration tests of DongIT. The results show that critical and structural access control issues can be identified when all four stages are completed. However, the intricacies of web applications often pose challenges for one or more of the four stages. From the results, it is concluded that the BACS methodology is a viable strategy and a valuable tool in the toolbelt of a security tester.

The growing number of software vulnerabilities being disclosed is posing a challenge to many organisations. With limited patching resources and only a fraction of the vulnerabilities posing a real threat, prioritization is key. Current prioritization methods, such as CVSS, are failing and are sometimes no better than random guessing. Exploit Prediction Systems (EPS) try to fill this gap leveraging a data-driven approach. Related works in the exploit prediction domain make EPS design decisions based on different methodological assumptions. Some of these assumptions are unrealistic or faulty, yielding models that fail to represent a real world situation.
The first contribution of this thesis is the identification of critical methodological assumptions in EPS design and the magnitude of their effects. Then, as second contribution, EPS performance is optimized under restricting yet realistic circumstances, by exploring different techniques to handle class-imbalance, creating richer textual features and/or leveraging different prediction algorithms. The third contribution of this thesis is the implementation of an open-source framework that enables easy experimentation with different machine learning techniques for exploit prediction.

Six critical methodological assumptions have been identified in the area of realistic data collection, correct processing of data, and proper model evaluation. Experiments show that when adhering to the most realistic assumptions, only a fraction of the predictive power of the evaluated EPS is sustained. Almost all prior works fall victim to at least one faulty or unrealistic assumption, and thereby report overoptimistic results.

Substantial improvements are achieved in the optimization step of this thesis. With an optimized EPS with a F1-score of 0.366, performance is insufficient to justify its deployment in a production environment. With the current level of maturity, exploit prediction could have value as a complementary measure to existing vulnerability prioritization systems. Further improvements and more transparent systems are essential for EPS to be suitable for practical usage.

Artificial Intelligence (AI) and Machine learning (ML) applications are being widely used to solve different problems in different sectors. These applications have enabled the human-effort and involvement to be very low. The AI/ML systems
make their own predictions and do not require a great deal of human help. However, over the last few years several incidents of the developed systems
have led to questions regarding the transparency of those AI/ML systems. Without expertise, it is not always as straightforward to understand
certain predictions. This pressing issue has led to the emerging topic of Explainable Artificial Intelligence (XAI). In this research, we will present the current work on a specific type of XAI, namely model-specific XAI. Model-specific XAI techniques are particular to certain types of ML techniques. We will look into several recent model-specific XAI techniques and provide the advantages
and disadvantages. Within similarities we find that there is a set of general requirements that the techniques should adhere to (expertise, bias, time, privacy
and performance). We characterize the techniques in feature-based, concept-based and logic-based. With regard to future work, there is room for
improvement on several areas. For example, this includes work from exploring hybrid techniques to investigating how current techniques can improve
the privacy.

Software-Defined Networks (SDNs) are a promising new network design paradigm that allows for better control of the network. But as with any new software implementation, there are new security concerns that arise. In the past there have been various papers covering specific side-channel attacks on SDNs; most of them consist of either using time delays in operations to create a covert communication channel between two compromised hosts or using proving packets and their response times to determine the flow rules and configuration of the network.
This paper intents to investigate the impact of different types of side-channel attacks in SDN scenarios. Provide a survey on the state-of-the-art solutions that are proposed to address the side-channel attacks in SDN. Particularly, identifying different ways through which an adversary can launch side-channel attacks, and the different entities and network metrics that are impacted by a specific side-channel attack. Next, identify and survey the solutions available in the state-of-the-art that tackle side-channel attacks. Finally, propose new possible improved solutions to the issue of side-channel attacks in SDNs and future research on the field.
We conclude that current side-channel attacks target the separation control and data planes at the core of the SDN paradigm, by exploiting the response delay created by a centralized logic system in the controller. This as seen can be exploited in two main ways related to the two main attack categories mentioned in this paper: teleportation attacks and recognisance attacks.

The Software Defined Network (SDN) is a relatively new paradigm that aims to tackle the lack of centralization in the existing network by separating the control centre from the programming data plane. The controller keeps an overview of the structure of the whole network, which makes it vulnerable to possible topology poisoning attacks. Topology attacks aim to disrupt the overview of the controller over the structure of the network in order to intercept or disrupt the transfer of the packages over the SDN network. In this paper, a survey on the state-of-the-art on topology attacks is conducted, followed by an analysis of the limitations of the existing solutions, and a comparison between the verification process of each solution and the number of known vulnerabilities are presented. Further, possible future research directions are proposed for improving these solutions and fixing the mentioned limitations and vulnerabilities.

Software-Defined Networks are an exciting network paradigm that brings many advantages to its users. However, its architecture also makes it vulnerable to attacks. Distributed Denial of Service attacks are one of those attacks that can
exploit the weaknesses of an SDN. This paper explains the weaknesses that can be exploited and the consequences of a DDoS attack. State-of-the-art machine learning and statistical solutions to this problem are presented and evaluated. The
limitations of each solution are analysed, and a new system is proposed that eliminates the mentioned flaws.

Software-Defined Networking (SDN) is a relatively new networking paradigm that proposes to separate the control and the data logic in networks. The control logic is centralized in a controller, which allows for a programmable network. SDN is promising but also intro- duces some critical security vulnerabilities to networks. This work proposes a survey of state-of-the-art research into attacks and state-of-the-art defences arising from controller place- ment, controller failure and the northbound interface. Furthermore, it proposes a comparison and analysis of the limitations of that research. Finally, it proposes future research directions to improve SDN security focused on network con- sistency and on the interoperability of different defences.

The spread of AI techniques has lead to its presence in critical situations, with increasing performance that can compromise on its understanding. Users with no prior AI knowledge rely on these techniques such as doctors or recruiters with a need for transparency and comprehensibility of the mechanisms. The advent of Explainable Artificial Intelligence techniques responds to such issues with a diversity that has lead to the construction of a taxonomy for this domain. Notably, there is a distinction between model-specific and model-agnostic techniques. Rightly operational XAI technique should go through an evaluation process. In this paper, we investigate the different available tools and metrics for the evaluation of XAI techniques to then assess the evaluation quality of five state-of-the-art model specific techniques: TCAV, SIDU, ACE, Net2Vec and Concept Analysis with ILP. It has been concluded that despite broad existing literature on evaluation methods, there is a lack of exhaustive assessment of criteria and a lack of standardization in regards of the evaluation of these model-specific- techniques.

The ever increasing presence of Machine Learning (ML) algorithms and Artificial Intelligence (AI) agents in safety-critical and sensitive fields over the past few years has spurred massive amounts of research in Explainable Artificial Intelligence (XAI) techniques (models). This new frontier of AI research aims to resolve some of the fundamental issues that accompany the usage of ML algorithms in sensitive fields such as medicine or criminology. For ML algorithm's to be implemented and used within fields such as medicine, it is not simply enough that they are proficient and effective tool at solving their assigned task (such as classifying whether a patient has Covid-19 or not). These ML techniques lack the ability to allow their human counterparts the possibility of understanding why they have made such a prediction, therefore not allowing the human supervisor a peak into the black box. This black box problem is one of the underlying difficulties that currently prevent the widespread adoption of ML/AI algorithms into these safety-critical fields. XAI techniques aim to solve this very issue and in particular Model-Agnostic XAI techniques aim to generate explanations on the predictions of any ML or AI algorithm. In this paper we will be exploring and investigating the different Model-Agnostic XAI techniques and looking into their individual advantages and disadvantages. After we've analyzed each individual technique, we will take a more global view into the different characteristics and how the XAI implementations compare to each other using different metrics for comparison. Finally we will propose future improvements and extensions that can be made to the various investigated XAI techniques.

The significant progress of Artificial Intelligence (AI) and Machine Learning (ML) techniques such as Deep Learning (DL) has seen success in their adoption in resolving a variety of problems. However, this success has been accompanied by increasing model complexity resulting in a lack of transparency and trustworthiness. Explainable Artificial Intelligence (XAI) has been proposed as a solution to the need for trustworthy AI/ML systems. A large number of studies about XAI are published in recent years, with a majority discussing the specifics of XAI. Hence this work aims to formalize existing XAI literature from a high-level approach in terms of (1) benefits, (2) requirements, (3) challenges and (4) the underlying building blocks involved. Additionally, this paper presents a case study of XAI within the medical image analysis domain followed by future works and research directions in the field and from a general perspective, all to serve as a foundation and reference point to make the topic more accessible to novices.

Many artificial intelligence (AI) systems are built using black-box machine learning (ML) algorithms. The lack of transparency and interpretability reduces their trustworthiness. In recent years, research into explainable AI (XAI) has increased. These systems are designed to tackle common ML issues such as trust, accountability, and transparency. However, research into the evaluation of XAI is still low. In this paper, common trends in the evaluation of state-of-the-art model-agnostic XAI models and any missing or undervalued evaluation methods are identified. First, a taxonomy is explored, and an overview of existing evaluation metrics found in literature is made. Then, using this overview, a thorough analysis and comparison of the evaluation methods of 5 state-of-the-art model-agnostic XAI models (LIME, SHAP, Anchors, PASTLE, and CASTLE) is done. It has been discovered that only a small subset of the found evaluation metrics is used in the evaluation of the state-of-the-art models. Metrics that are not often assessed in user-studies but deserve more attention are (appropriate) trust, task time length, and task performance. For synthetic experiments, only fidelity is commonly assessed. The models are also only assessed using proxy tasks, none of them are assessed using real-world tasks. In addition, each identified metric was found to have various different measurement methods and units of measurement, indicating a lack of standardization.