Magisterprogram i nätverksforensik på Utexpo

A Hybrid Defence Against Prompt Injection in LLM Agents Evaluating Security Efficacy and Computational Performance Trade-offs

• Participants: Jesna Sunny and Dennis Daniel.

This thesis presents a hybrid security framework to protect Large Language Model (LLM) agents against prompt-injection attacks. The proposed approach combines Polymorphic Prompt Assembling (PPA) and Runtime Security Monitoring (RSM) to strengthen security at both the input and execution stages of LLM agent operations.
The study evaluates the effectiveness of the framework against direct, indirect, and obfuscated prompt injection attacks while also analysing computational performance factors such as latency, memory usage and CPU utilisation. Experimental results show that the hybrid approach significantly reduces the Attack Success Rate (ASR) while maintaining practical system performance.
The research highlights the importance of layered defence mechanisms in securing tool-using AI agents and demonstrates how combining input-level protection with runtime monitoring can create a more resilient and reliable AI security architecture.

A Hybrid GAN and Cognitive Twin Framework for Insider Threat Detection in Zero Trust Architectures

• Participants: Kevin Dadzie and Paul Nilsson.
  

Modern enterprise networks have evolved into highly distributed environments driven by cloud computing, the Internet of Things (IoT) devices, and widespread remote work. This transformation has significantly expanded the organisational attack surface, rendering traditional perimeter-based security mechanisms such as firewalls and virtual private networks (VPNs) increasingly ineffective. As highlighted by (1), the increasing adoption of cloud services and remote access has weakened traditional network perimeters and expanded the attack surface, reducing the effectiveness of conventional security models. To address these challenges, organisations are adopting Zero Trust Architecture (ZTA), a security paradigm built on the principle of “never trust, always verify”. Within ZTA, no user or device is implicitly trusted, regardless of network location. Instead, every access request is continuously authenticated, authorised, and evaluated based on contextual risk, enforcing strict least-privilege access control and micro-segmentation. This paradigm shift moves cybersecurity from static, perimeter-based protection to dynamic, context-aware defence. A critical component enabling this shift is User and Entity Behaviour Analytics (UEBA). UEBA systems analyse large volumes of telemetry data, including authentication logs, endpoint activity, and network interactions, to model normal behavioural patterns using machine learning techniques.

​A Quantitative Forensic Evaluation of Database and Hash-Linked Logging Mechanisms for RFID Event Integrity Using Tamper Detection Latency Under Insider Threat Models

• Participants: Divya Vincent and Mahitha Johns.
  

 RFID-based access control systems are widely deployed in institutional and organisational environments to manage access and maintain audit logs for forensic investigations, incident analysis and compliance verification. However, conventional database logging lacks built-in integrity protection, making records vulnerable to unauthorised modification or deletion by privileged insiders. This project presents a quantitative forensic evaluation of traditional database logging and a tamper-evident hash-linked logging approach for securing RFID audit trails under insider threat conditions. Using SHA-256 for cryptographic hashing, each log entry is linked to the previous one, creating a sequential integrity chain that exposes unauthorised changes during verification. A controlled experimental framework was developed using Python and SQLite, simulating 10,000 RFID access events across multiple users and locations. Insider tampering scenarios, including timestamp manipulation, identity substitution, location alteration and record deletion, were systematically evaluated. A key contribution is Tamper Detection Latency (TDL), a forensic metric that measures how quickly tampering is detected across different verification strategies. Results show that conventional logging cannot reliably detect tampering, while the hash-linked approach detected all simulated attacks with practical performance overhead, demonstrating a practical solution to improve forensic trust in centralised audit systems.

Embedding-Based Machine Learning for Detecting Direct and Indirect Prompt Injection Attacks

• Participants: Bianca Susa and Aswathy Njettutharayil Baby.
  

This thesis investigates the problem of indirect prompt injection attacks in Large Language Models (LLMs). In these attacks, malicious instructions are hidden inside otherwise normal-looking documents such as emails, news articles, or summaries, with the goal of manipulating the behavior of AI systems.
While previous research has mainly focused on isolated malicious prompts, this work studies more realistic scenarios in which harmful instructions are embedded within long and diverse documents. To explore this problem, multiple datasets containing hidden malicious instructions were constructed using real-world text sources.
The experiments show that detecting these attacks becomes significantly more difficult when analysing entire documents at once, as malicious instructions are often obscured by surrounding benign content. To address this limitation, a chunk-based approach was proposed in which documents are divided into smaller sections and analysed individually.

The results demonstrate that localised analysis substantially improves detection performance, increasing classification effectiveness from approximately 0.70 to 0.95 F1-score. These findings suggest that indirect prompt injection is best understood as a localised detection problem, where small malicious regions hidden inside large amounts of normal text can still strongly influence AI behavior.
The thesis contributes to ongoing research on AI security using realistic datasets and fully open-source models.

Evaluating the Impact of Large Language Model-Based Malware Code Transformations on Static Malware Detection

• Participants: Joju Jose and Sneha Varghese.
  

This study examines how Large Language Models (LLMs) can be used to transform malware code and how these changes affect static malware detection. Malware samples were first analysed using static analysis techniques and then decompiled into a readable format. These code samples were modified using two LLMs, OpenAI GPT-4 and Google Gemini, while preserving their functionality. The transformed code was then re-analysed using the same detection process to compare the results.
The findings show that LLM-based transformations can significantly influence how malware is detected. OpenAI GPT-4 consistently reduced detection scores and made controlled changes to the code structure, making the malware less detectable. In contrast, Gemini produced less stable results, often increasing code complexity without effectively reducing detection.
The study highlights that not all transformations lead to better evasion: targeted and balanced changes are more effective than aggressive modifications. It also shows that traditional static detection methods can be weakened by AI-driven code transformations. In summary, this research emphasises the growing role of AI in cybersecurity, both as a potential risk and an opportunity, and highlights the need for more advanced, adaptive detection techniques.

Evaluating Defence-in-Depth Strategies Against Prompt Injection Attacks in Large Language Models

• Participant: Anish Perekkapillil.
  

This master’s thesis investigates one of the most important security challenges facing modern artificial intelligence systems. Large Language Models (LLMs) such as OpenAI ChatGPT, Google Gemini, and Anthropic Claude are increasingly integrated into applications that support customer service, education, healthcare, finance, and cybersecurity. Their ability to generate human-like text has made them highly valuable, but these same capabilities also introduce serious security concerns. Among these concerns, prompt injection attacks have emerged as one of the most critical threats.

Prompt injection occurs when a malicious user crafts input designed to manipulate the model into ignoring its original instructions and performing unintended actions. Unlike traditional software, which clearly separates trusted system instructions from untrusted user input, LLMs process all tokens within a shared context window. This means that the model treats both internal instructions and external user prompts as part of the same sequence. As a result, an attacker can insert adversarial instructions, such as “ignore previous instructions” or “reveal confidential information,” to override the system's intended behaviour. This architectural limitation raises significant questions about the safe deployment of LLMs in real-world systems.

NIS2 Network Forensic Readiness for Incident Reporting: Simulation and Evaluation of Zero Trust and Traditional-Inspired Network Architecture

• Participants: Moses Appiah-Ekuful and Nana Frimpong Amponsah.
  

There is growing interest among states in introducing both national and transnational laws to regulate and mitigate the vulnerabilities associated with growing reliance on network technologies. In this regard, the introduction of the NIS2 Directives remains critical for safeguarding the digital landscape and strengthening cybersecurity within the European Union. Sweden, for example, fully implemented the NIS2 Directives on 15 January 2026, and notably, the two major areas of concern are the implementation of cybersecurity risk management and the reporting of cybersecurity incidents (which align with NIS2 Articles 21 and 23, respectively). This further underscores the importance of cybersecurity and the need to adopt and enforce this directive within the EU. The NIS2 directives aim to transform cybersecurity across the EU. This study focuses on related NIS2 articles to understand the progress, preparedness, and readiness of organisations to adopt and incorporate these directives into their operations.

Samma data – olika resultat

• Deltagare: David Thornberg och William Mattsson.
  

Digitala forensiska verktyg används dagligen inom brottsutredningar för att identifiera, analysera och presentera data från mobiltelefoner och andra digitala enheter. Trots att olika verktyg ofta analyserar samma forensiska avbild kan resultaten skilja sig markant beroende på hur informationen extraheras, tolkas och presenteras.

I det här projektet jämförs två välkända forensiska verktyg, det kommersiella verktyget Magnet AXIOM och open source-verktyget Autopsy, genom en analys av samma forensiska avbild från en Android-enhet. Studien genomfördes genom att generera kontrollerad användardata på en Samsung Galaxy S10, skapa en forensisk avbild med Magnet Acquire och därefter analysera avbilden i båda verktygen.

Resultaten visar att båda verktygen kunde identifiera flera liknande artefakter, såsom SMS, bilder, webbhistorik och applikationsdata. Samtidigt observerades tydliga skillnader i hur informationen presenterades och hur lättillgänglig den var för användaren. Magnet AXIOM automatiserade stora delar av analysen och presenterade artefakter i ett färdigstrukturerat format, medan Autopsy i större utsträckning krävde manuell analys av filer och databaser. Magnet AXIOM kunde även identifiera en bild samt ett wifi-lösenord som ej kunde återfinnas i Autopsy.

Projektet belyser hur parserstöd, automatisering och designval påverkar den forensiska analysprocessen och visar att valet av verktyg kan få stor betydelse i praktiska utredningar inom digital forensik.

Short Paths, Big Risks

• Participants: Pontus Karlberg and Deepash Patel.
  

Browser extensions remain a persistent vector for malware dissemination, a problem compounded by code obfuscation and reuse, which contribute to polymorphism. Traditional file-based detection strategies, such as cryptographic hashing, fail to capture structural patterns, limiting their ability to identify malicious extension lineages and broader relationships. To address this gap, our thesis proposes a framework for forensic analysis of browser extension families.

Using a dataset of browser extensions that includes vetted and removed extensions vetted by Google, we conducted an empirical evaluation of our framework.

The results show that our framework is highly selective and scalable, and may improve extension vetting processes and support malware lineage discovery in broader research contexts.

Simulating Annotator Perspectives: Evaluating Demographic Prompting and Label Plasticity in Large Language Models for Hate Speech Annotation

• Participants: Denys Shalamai and Pavlo Manchur.
  

This study examines the extent to which demographic persona prompts influence large language model behaviour in hate speech annotation. By using POPQUORN and UC Berkeley Measuring Hate Speech datasets, selected open-source LLMs were prompted under neutral, original, and contrast-inverted persona conditions. The analysis is based on the evaluation of label plasticity, human-model perspective alignment, label rigidity, cross-model variability, and annotation bias. The results show that demographic prompting has a measurable but limited effect. Label plasticity appears in a minority of cases, while most outputs remain rigid across persona conditions. Demographic attributes do not improve alignment with human annotator labels compared with the neutral control condition. The study also observes strong cross-model variability and a general annotation bias towards the “Hate Speech” label.

Understanding the Influence of Adversarial Attack Concerns on Trust in AI-Enabled Wearable Health Monitoring Systems – A Qualitative Study

• Participants: Nelson Thomas and Royce Philip.
  

AI-enabled wearable health monitoring systems, such as smartwatches and fitness trackers, are becoming increasingly important in modern healthcare and personal wellness. These devices use artificial intelligence to monitor health conditions, track physical activities, and provide personalised recommendations. Despite their growing popularity, concerns remain regarding reliability, privacy, cybersecurity risks, and the trustworthiness of AI-generated health information. In particular, adversarial attacks, sensor manipulation, inaccurate readings, and lack of transparency may negatively influence how users and experts perceive these technologies.
This study explores how trust in wearable AI systems is shaped by factors such as reliability, explainability, privacy, security, and human verification. Using qualitative interviews with both experts and wearable device users, the research investigates how people respond to potential vulnerabilities and inaccuracies in AI-enabled health monitoring systems. The findings reveal that trust in wearable AI is conditional and context-dependent. Participants viewed these systems as supportive tools for general health awareness rather than fully reliable replacements for professional medical decision-making.
The study further highlights that users actively verify wearable outputs through personal judgment, physical experience, and alternative information sources instead of blindly trusting automated recommendations.