JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Kisangala, Gerald | |
| dc.date.accessioned | 2025-12-15T08:17:54Z | |
| dc.date.available | 2025-12-15T08:17:54Z | |
| dc.date.issued | 2025 | |
| dc.identifier.citation | Kisangala, G. (2025). Development of an algorithm for cyber incident analysis and response: the case of universities in eastern Uganda. Busitema University. Unpublished dissertation | en_US |
| dc.identifier.uri | http://hdl.handle.net/20.500.12283/4594 | |
| dc.description | Dissertation | en_US |
| dc.description.abstract | Universities in Eastern Uganda increasingly rely on digital systems for teaching, learning, and administration, yet they face persistent cyber threats such as phishing, malware, and application-level attacks. These challenges are intensified by limited computational resources, weak network infrastructure, insufficient funding, and shortages of skilled IT personnel. Most existing intrusion detection and response systems (IDS) are highly complex and resource-intensive, making them impractical for these institutions. This study addressed that gap by designing and testing a lightweight, rule-based cyber incident detection and response algorithm specifically tailored for resource-constrained universities. These constraints include limited budgets, aging servers and software, few qualified IT staff, and low-capacity, intermittently reliable ISP connectivity typical of remote campuses, which together restrict deployment of enterprise security solutions. A hybrid research approach combining qualitative and quantitative techniques was employed, using Design Science Method (DSM) to guide the structured development, demonstration, and evaluation of the algorithm. Data was gathered from five universities to establish contextual threats and system constraints, while simulation experiments were conducted to evaluate the algorithm’s effectiveness under realistic attack scenarios. The resulting system was modular and adaptive, implemented with a PHP-MySQL backend and an administrative dashboard for IT staff. It focused on detecting SQL injections, fake bots, and header tampering, while a correlation engine linked events into multi-stage attack chains. Results demonstrated detection accuracy above 92%, precision above 91%, and median response times below 100 ms, sustaining up to 450 requests per second before degradation. Compared to Snort, the algorithm achieved higher precision and lower resource use, though Snort maintained slightly higher recall. This work demonstrates that lightweight, resource-efficient detection systems can significantly strengthen cybersecurity in low-capacity university environments. It further extends the application of the Defensein-Depth model and Resource-Based View theory by aligning cybersecurity design with available institutional capabilities and infrastructure limitations. | en_US |
| dc.description.sponsorship | Assoc. Prof. Gilbert Gilibrays Ocen : Dr. Odongtoo Godfrey : Busitema University | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | Busitema University | en_US |
| dc.subject | Cyber threats | en_US |
| dc.subject | Cybersecurity | en_US |
| dc.subject | Cyber security frameworks | en_US |
| dc.title | Development of an algorithm for cyber incident analysis and response | en_US |
| dc.title.alternative | the case of universities in eastern Uganda | en_US |
| dc.type | Other | en_US |
