http://dlib.iit.ac.lk/xmlui/handle/123456789/2950 2026-04-04T03:22:32Z http://dlib.iit.ac.lk/xmlui/handle/123456789/2965 Next-Generation Runtime Application Self-Protection (RASP): Leveraging eBPF for Automated, Real-Time Defense in Cloud and Containerized Environments Stanley, Robert As Kubernetes becomes the go-to orchestration platform for cloud-native applications, its dynamic and multi-tenant nature introduces complex runtime security challenges. Conventional security solutions such as firewalls, traditional intrusion detection systems (IDS), and user-space RASP implementations struggle to provide effective protection within these environments. These legacy approaches often fail to offer real-time visibility, suffer from high resource consumption, and lack the granularity to detect sophisticated threats such as privilege escalation, container escape, and lateral movement. To address this gap, this research proposes a novel Runtime Application Self-Protection (RASP) framework designed explicitly for Kubernetes and built on the Extended Berkeley Packet Filter (eBPF) technology. The architecture comprises a lightweight pod-level agent and a centralized controller, communicating over gRPC with mutual TLS. The system performs real-time syscall monitoring (e.g., execve, connect, setuid), classifies events using a configurable rule engine, and dispatches alerts through Slack integrations. Additionally, telemetry is exported to the ELK stack for long-term forensic visibility and machine learning readiness. The system was rigorously evaluated in realistic Kubernetes environments, including simulated adversarial conditions. Results demonstrate that the framework achieves event classification latency under 30ms, with an average CPU overhead of less than 3% and memory usage below 150MB, validating its suitability for production-grade deployments. Alert accuracy exceeded 97.6% true positive rates with zero false positives under tuned rulesets. The architecture proved resilient, with 100% telemetry recovery during controller failover scenarios, and scalability across heterogeneous clusters was confirmed. Full CI/CD automation was implemented using GitHub Actions and ArgoCD, enabling reproducible, secure deployments. This work represents a technically robust and academically novel contribution to runtime container security, establishing a practical foundation for future enforcement logic and intelligent anomaly detection in Kubernetes-native ecosystems. 2025-01-01T00:00:00Z http://dlib.iit.ac.lk/xmlui/handle/123456789/2964 Hybrid Image Forgery Detection System Ariyapala, Lakni Malinya The rise of digital media manipulation has made image forgery detection essential in digital forensics. Traditional approaches using only handcrafted or deep learning features often struggle with limited scope and generalization across forgery types. This research addresses these challenges by developing a hybrid detection system capable of identifying both splicing and copy-move forgeries using a combination of statistical and deep features. The system extracts handcrafted features, Discrete Cosine Transform, Zernike Moments, and Color Histograms, and fuses them with deep semantic features from MobileNetV2. These features are concatenated and classified using a Random Forest model. Implementation was done using Python, OpenCV, TensorFlow Keras, and scikit-learn. Testing was performed on CASIA v2 and CoMoFoD datasets, with a CLI interface allowing real-time user input and result display. The system achieved 66 percent accuracy, 67 percent precision, 60 percent recall, 63 percent F1-score, and an AUC of 0.77. These results validate the effectiveness of hybrid feature fusion for forgery detection. Expert feedback confirmed the project’s novelty and relevance, though improvements such as forgery localisation and GUI-based interfaces are recommended for future development. 2025-01-01T00:00:00Z http://dlib.iit.ac.lk/xmlui/handle/123456789/2963 "CyberGrid AI, AI-Powered Cybersecurity Policy Generator for Smart Grids Assisted by Augmented Ontology" Munasinghe, Thisaru Modern smart grid infrastructures require highly context-specific and standards-compliant cybersecurity policies to safeguard complex, dynamic energy networks. However, manual policy development and generic templates struggle to keep pace with evolving smart grid threats and regulatory requirements, often resulting in incomplete or non-compliant guidelines. This gap highlights the need for an automated approach to generate precise, context-aware security policies in line with industry standards. To address this challenge, the project introduces CyberGrid AI, a multi-tiered system architecture that combines a domain-specific augmented ontology with a GPT-powered AI engine. The smart grid ontology encodes key assets, threat scenarios, and countermeasures, forming a knowledge base for policy generation. User input about a given smart grid context is semantically matched against this ontology to identify relevant threats and appropriate ISO/IEC 27001 controls. Prior to generation, the model integrates the latest threat intelligence to account for emerging vulnerabilities, ensuring that the resulting policies are both standards-compliant and up-to-date with current cybersecurity risks. A prototype of CyberGrid AI shows that the system can quickly produce high-quality security policies. Each policy is generated in approximately 13 seconds and demonstrates over 95% alignment with expert-defined policies in test scenarios, effectively mirroring the intended ISO 27001 controls. The ontology-based approach ensures full domain coverage and traceable policy decisions, validating the effectiveness of combining ontological reasoning with AI-driven policy generation. 2025-01-01T00:00:00Z http://dlib.iit.ac.lk/xmlui/handle/123456789/2962 Malware Detection System Fernando, Kevin This research presents a lightweight malware detection system for Microsoft Windows Portable Executable (PE) files using static analysis and supervised machine learning. The study addresses the limitations of signature-based antivirus and the operational overhead of dynamic sandboxing by extracting discriminative yet inexpensive static features—average section entropy, number of sections, total raw section size, and file size—and training a Random Forest classifier to detect malicious executables. The methodology follows Design Science Research and CRISP-DM, covering requirement specification, a modular architecture, implementation in Python, dataset curation, model training, and comprehensive evaluation. 2025-01-01T00:00:00Z