Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Cyber resilience (3)
- Australian infrastructure (2)
- E-health (2)
- Malware (2)
- Medical information security (2)
-
- Anti-analysis (1)
- Artefacts (1)
- Assortativity (1)
- Australia (1)
- Blind signature (1)
- Botnet (1)
- Code obfuscation (1)
- Coloured Petri Nets (1)
- Comparative analysis (1)
- Computer forensics (1)
- Computer security (1)
- Critical Infrastructure (1)
- Critical infrastructure protection (1)
- Cryptology (1)
- Customer perspective (1)
- Cyber security (1)
- Data hiding (1)
- Database security (1)
- Denial of confidence (1)
- Detecting terrorist cells (1)
- Digital evidence (1)
- Digital investigation (1)
- Disaster recovery (1)
- Elderly (1)
- Electronic evidence (1)
Articles 1 - 20 of 20
Full-Text Articles in Entire DC Network
On The Detection Of Hidden Terrorist Cells Immersed In Peer To Peer Networks, Belinda A. Chiera
On The Detection Of Hidden Terrorist Cells Immersed In Peer To Peer Networks, Belinda A. Chiera
International Cyber Resilience conference
Hidden terrorist cells in high dimensional communications networks arise when terrorists camouflage connectivity to appear randomly connected to the background network. We investigate hidden network detectability when the background network does not support terrorist activities. Using two September 11 terrorist networks as the test bed and a network measure called assortativity, we suggest hidden terrorist networks can behave as Peer-to-Peer networks. We compare the September 11 hidden networks with Peer-to-Peer networks containing embedded terrorist networks, as well as with generic Peer-to-Peer networks. Using Peer-to-Peer characteristics and social network group-based centralities, we show that for certain Peer-to-Peer networks it is possible …
Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah
Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah
International Cyber Resilience conference
Whilst security threats to the general public continue to evolve, elderly computer users with limited skill and knowledge are left playing catch-up in an ever-widening gap in fundamental cyber-related comprehension. As a definable cohort, the elderly generally lack awareness of current security threats, and remain under-educated in terms of applying appropriate controls and safeguards to their computers and networking devices. This paper identifies that web-based computer security information sources do not adequately provide helpful information to senior citizen end-users in terms of both design and content. It subsequently demonstrates a solution designed with the elderly, yet novice, end-user in mind. …
Gap Analysis Of Intrusion Detection In Smart Grids, Nishchal Kush, Ernest Foo, Ejaz Ahmed, Irfan Ahmed, Andrew Clark
Gap Analysis Of Intrusion Detection In Smart Grids, Nishchal Kush, Ernest Foo, Ejaz Ahmed, Irfan Ahmed, Andrew Clark
International Cyber Resilience conference
Given the recent emergence of the smart grid and smart grid related technologies, their security is a prime concern. Intrusion detection provides a second line of defence. However, conventional intrusion detection systems (IDSs) are unable to adequately address the unique requirements of the smart grid. This paper presents a gap analysis of contemporary IDSs from a smart grid perspective. This paper highlights the lack of adequate intrusion detection within the smart grid and discusses the limitations of current IDSs approaches. The gap analysis identifies current IDSs as being unsuited to smart grid application without significant changes to address smart grid …
K Anonymous Private Query Based On Blind Signature And Oblivious Transfer, Russell Paulet, Golam Kaosar, Xun Yi
K Anonymous Private Query Based On Blind Signature And Oblivious Transfer, Russell Paulet, Golam Kaosar, Xun Yi
International Cyber Resilience conference
In this paper, we consider a scenario where there are a group of clients and a database server, and a client wishes to query the database, but does not want to reveal her or his query to the server. Current solutions for this problem are based on oblivious transfer, which usually requires high communication overhead. To reduce the communication overhead, we propose three k-anonymous private query protocols. Our first protocol is based on blind signature, where the server cannot determine the identity of the querying client from the group. Our second protocol is based on k-anonymous oblivious transfer, where the …
A Phishing Model And Its Applications To Evaluating Phishing Attacks, Narasimha Shashidhar, Lei Chen
A Phishing Model And Its Applications To Evaluating Phishing Attacks, Narasimha Shashidhar, Lei Chen
International Cyber Resilience conference
Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. In this paper, we present a theoretical yet practical model to study this threat in a formal manner. While it is folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model captures phishing in terms of this indistinguishability between the natural and phishing message distributions. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical …
A Comparative Analysis Of The Security Of Internet Banking In Australia:A Customer Perspective, Panida Subsorn, Sunsern Limwiriyakul
A Comparative Analysis Of The Security Of Internet Banking In Australia:A Customer Perspective, Panida Subsorn, Sunsern Limwiriyakul
International Cyber Resilience conference
Internet has its own inherent security issues in terms of confidentiality, integrity and privacy. The main impact of these kinds of issues is specifically on the banking industry as they have increased their Internet banking facilities in order to reduce costs and provide better services and banking convenience to their Internet banking customers. However, banking customers have not had a choice of Internet banking mainly due to the fact that they are already tied to whatever form of Internet banking that their current bank provides. This paper therefore examined Internet banking security systems in Australian banks by creating the proposed …
Why Australia's E-Health System Will Be A Vulnerable National Asset , Patricia A. Williams
Why Australia's E-Health System Will Be A Vulnerable National Asset , Patricia A. Williams
International Cyber Resilience conference
Connecting Australian health services and the e-health initiative is a major talking point currently. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However the largest problem may not be these issues in sharing information but the fact that the point of origin and storage of such records is still relatively insecure. Australia aims to have a Personally Controlled Electronic Health Record in 2012 and this is underpinned by a national network for e-health. It is this very foundation that becomes the critical infrastructure, with general practice the cornerstone for its success. Yet, …
A Threat To Cyber Resilience: A Malware Rebirthing Botnet, Murray Brand, Craig Valli, Andrew Woodward
A Threat To Cyber Resilience: A Malware Rebirthing Botnet, Murray Brand, Craig Valli, Andrew Woodward
International Cyber Resilience conference
This paper presents a threat to cyber resilience in the form of a conceptual model of a malware rebirthing botnet which can be used in a variety of scenarios. It can be used to collect existing malware and rebirth it with new functionality and signatures that will avoid detection by AV software and hinder analysis. The botnet can then use the customized malware to target an organization with an orchestrated attack from the member machines in the botnet for a variety of malicious purposes, including information warfare applications. Alternatively, it can also be used to inject known malware signatures into …
Novel Pseudo Random Number Generation Using Variant Logic Framework, Jeffrey Zheng
Novel Pseudo Random Number Generation Using Variant Logic Framework, Jeffrey Zheng
International Cyber Resilience conference
Cyber Security requires cryptology for the basic protection. Among different ECRYPT technologies, stream cipher plays a central role in advanced network security applications; in addition, pseudo-random number generators are placed in the core position of the mechanism. In this paper, a novel method of pseudo-random number generation is proposed to take advantage of the large functional space described using variant logic, a new framework for binary logic. Using permutation and complementary operations on classical truth table to form relevant variant table, numbers can be selected from table entries having pseudo-random properties. A simple generation mechanism is described and shown and …
Malware Detection Based On Structural And Behavioural Features Of Api Calls, Manoun Alazab, Robert Layton, Sitalakshmi Venkataraman, Paul Watters
Malware Detection Based On Structural And Behavioural Features Of Api Calls, Manoun Alazab, Robert Layton, Sitalakshmi Venkataraman, Paul Watters
International Cyber Resilience conference
In this paper, we propose a five-step approach to detect obfuscated malware by investigating the structural and behavioural features of API calls. We have developed a fully automated system to disassemble and extract API call features effectively from executables. Using n-gram statistical analysis of binary content, we are able to classify if an executable file is malicious or benign. Our experimental results with a dataset of 242 malwares and 72 benign files have shown a promising accuracy of 96.5% for the unigram model. We also provide a preliminary analysis by our approach using support vector machine (SVM) and by varying …
Mitigating Cyber-Threats Through Public-Private Partnerships: Low Cost Governance With High-Impact Returns , David M. Cook
Mitigating Cyber-Threats Through Public-Private Partnerships: Low Cost Governance With High-Impact Returns , David M. Cook
International Cyber Resilience conference
The realization that cyber threats can cause the same devastation to a country as physical security risks has taken the long route towards acceptance. Governments and businesses have thrown the glove of responsibility back and forth on numerous occasions, with government agencies citing the need for private enterprise to take up the mantle, and Business returning the gesture by proposing a ‘national’ perspective on cyber security. Ambit claims such as these drain a range of security resources when both sides should work in concert by directing all available energy towards resolving cyber-threats. This paper compares the public-private arrangements through Australasia …
Security Analysis Of Session Initiation Protocol - A Methodology Based On Coloured Petri Nets, Lin Liu
Security Analysis Of Session Initiation Protocol - A Methodology Based On Coloured Petri Nets, Lin Liu
International Cyber Resilience conference
In recent years Voice over Internet Protocol (VoIP) has become a popular multimedia application over the Internet. At the same time critical security issues in VoIP have started to emerge. The Session Initiation Protocol (SIP) is a predominant signalling protocol for VoIP. It is used to establish, maintain and terminate VoIP calls, playing a crucial role in VoIP. This paper is aimed at developing a Coloured Petri Net (CPN)-based approach to analysing security vulnerabilities in SIP, with the ultimate goal of achieving a formal and comprehensive security assessment of SIP specification, and creating a platform for evaluating countermeasures for securing …
Developing Robust Voip Router Honeypots Using Device Fingerprints , Craig Valli, Mohammed Al-Lawati
Developing Robust Voip Router Honeypots Using Device Fingerprints , Craig Valli, Mohammed Al-Lawati
International Cyber Resilience conference
As the telegram was replaced by telephony, so to Voice over IP (VoIP) systems are replacing conventional switched wire telephone devices, these systems rely on Internet connectivity for the transmission of voice conversations. This paper is an outline of ongoing preliminary research into malfeasant VoIP activity on the Internet. 30 years ago PABX systems were compromised by hackers wanting to make long distance calls at some other entities expense. This activity faded as telephony became cheaper and PABX systems had countermeasures installed to overcome attacks. Now the world has moved onto the provision of telephony via broadband enabled Voice over …
Is Cyber Resilience In Medical Practice Security Achievable? , Patricia A H Williams
Is Cyber Resilience In Medical Practice Security Achievable? , Patricia A H Williams
International Cyber Resilience conference
Australia is moving to a national e-health system with a high level of interconnectedness. The scenario for recovery of such a system, particularly once it is heavily relied upon, may be complex. Primary care medical practices are a fundamental part of the new e-health environment yet function as separate business entities within Australia’s healthcare system. Individually this means that recovery would be reliant on the self-sufficiency of each medical practice. However, the ability of these practices to individually and collectively recover is questionable. The current status of information security in primary care medical practices is compared to the needs of …
Small Business - A Cyber Resilience Vulnerability , Patricia A H Williams, Rachel J. Manheke
Small Business - A Cyber Resilience Vulnerability , Patricia A H Williams, Rachel J. Manheke
International Cyber Resilience conference
Small business in Australia comprise 95% of businesses. As a group this means that they contain increasing volumes of personal and business data. This creates escalating vulnerabilities as information is aggregated by various agencies. These vulnerabilities include identity theft and fraud. The threat environment of small business is extensive with both technical and human vulnerabilities. The problem is that the small business environment is being encouraged to adopt e-commerce by the government yet lacks resources in securing its cyber activity. This paper analysed the threats to this situation and found that questions of responsibility by individual businesses and the government …
Which Organisational Model Meets Best Practice Criterion For Critical Infrastructure Providers: An Examination Of The Australian Perspective Based On Case Studies, Andrew Woodward, Craig Valli
Which Organisational Model Meets Best Practice Criterion For Critical Infrastructure Providers: An Examination Of The Australian Perspective Based On Case Studies, Andrew Woodward, Craig Valli
International Cyber Resilience conference
While it is recognised that there must be segregation between corporate and process control networks in order to achieve a higher level of security, there is evidence that this is not occurring. Computer and network vulnerability assessments were carried out on three Australian critical infrastructure providers to determine their level of security. The security measures implemented by each organisation have been mapped against best practice recommendations for achieving segregation between process control and corporate networks. One of the organisations used a model which provided a dedicated information security team for provision of security for the process control networks. One of …
Penetration Testing And Vulnerability Assessments: A Professional Approach, Konstantinos Xynos, Iain Sutherland, Huw Read, Emlyn Everitt, Andrew J C Blyth
Penetration Testing And Vulnerability Assessments: A Professional Approach, Konstantinos Xynos, Iain Sutherland, Huw Read, Emlyn Everitt, Andrew J C Blyth
International Cyber Resilience conference
Attacks against computer systems and the data contained within these systems are becoming increasingly frequent and evermore sophisticated. So-called “zero-day” exploits can be purchased on black markets and Advanced Persistent Threats (APTs) can lead to exfiltration of data over extended periods. Organisations wishing to ensure security of their systems may look towards adopting appropriate measures to protect themselves against potential security breaches. One such measure is to hire the services of penetration testers (or “pen-tester”) to find vulnerabilities present in the organisation’s network, and provide recommendations as to how best to mitigate such risks. This paper discusses the definition and …
Making Information Security Acceptable To The User , Andrew Jones, Thomas Martin
Making Information Security Acceptable To The User , Andrew Jones, Thomas Martin
International Cyber Resilience conference
The security of information that is processed and stored in Information and Communications Technology systems is an ongoing problem that, as yet, has not been satisfactorily resolved. Software developers, system architects and managers all aspire to use technology to provide improvements in the protection of information that is processed and stored on these systems. However, they are working in an environment where the threats to the information, the technologies in use and the uses to which the technologies are being employed are changing at a pace which is faster than can be effectively addressed. This paper looks at the underlying …
What Are You Looking For: Identification Of Remnant Communication Artefacts In Physical Memory, Matthew Simon, Jill Slay
What Are You Looking For: Identification Of Remnant Communication Artefacts In Physical Memory, Matthew Simon, Jill Slay
International Cyber Resilience conference
Law enforcement has sound methods for investigating and obtaining data about targets that are using traditional communication services such as the Public Switched Telephone Network. The Internet as a data transfer medium is a vastly different paradigm to that of traditional telephony networks. Information about targets using Internet communication technologies cannot be obtained using the same methods used for traditional communication. There has been an identified need for methods to obtain information on targets that have been using Internet communication methods. The acquisition and analysis of physical memory has been proposed as a vector for the recovery of such information. …
Tracing Vnc And Rdp Protocol Artefacts On Windows Mobile And Windows Smartphone For Forensic Purpose, Paresh Kerai
Tracing Vnc And Rdp Protocol Artefacts On Windows Mobile And Windows Smartphone For Forensic Purpose, Paresh Kerai
International Cyber Resilience conference
Remote access is the means of acquiring access to a computer or network remotely or from distance. It is typically achieved through the internet which connects people, corporate offices and telecommuters to the internal network of organizations or individuals. In recent years there has been a greater adoption of remote desktop applications that help administrators to configure and repair computers remotely over the network. However, this technology has also benefited cyber criminals. For example they can connect to computers remotely and perform illegal activity over the network. This research will focus on Windows mobile phones and the Paraben forensics software …