Physical Sciences and Mathematics Commons^™

Evaluating Staff Attitudes, Intentions, And Behaviors Related To Cyber Security In Large Australian Health Care Environments: Mixed Methods Study, Martin Dart, Mohiuddin Ahmed

Research outputs 2022 to 2026

Background: Previous studies have identified that the effective management of cyber security in large health care environments is likely to be significantly impacted by human and social factors, as well as by technical controls. However, there have been limited attempts to confirm this by using measured and integrated studies to identify specific user motivations and behaviors that can be managed to achieve improved outcomes.

Objective: This study aims to document and analyze survey and interview data from a diverse range of health care staff members, to determine the primary motivations and behaviors that influence their acceptance and application of cyber …

A Review Of Multi-Factor Authentication In The Internet Of Healthcare Things, Tance Suleski, Mohiuddin Ahmed, Wencheng Yang, Eugene Wang

Research outputs 2022 to 2026

Objective: This review paper aims to evaluate existing solutions in healthcare authentication and provides an insight into the technologies incorporated in Internet of Healthcare Things (IoHT) and multi-factor authentication (MFA) applications for next-generation authentication practices. Our review has two objectives: (a) Review MFA based on the challenges, impact and solutions discussed in the literature; and (b) define the security requirements of the IoHT as an approach to adapting MFA solutions in a healthcare context. Methods: To review the existing literature, we indexed articles from the IEEE Xplore, ACM Digital Library, ScienceDirect, and SpringerLink databases. The search was refined to combinations …

Anomaly Detection In Cybersecurity Datasets Via Cooperative Co-Evolution-Based Feature Selection, Bazlur A. N. M. Rashid, Mohiuddin Ahmed, Leslie F. Sikos, Paul Haskell-Dowland

Research outputs 2022 to 2026

Anomaly detection from Big Cybersecurity Datasets is very important; however, this is a very challenging and computationally expensive task. Feature selection (FS) is an approach to remove irrelevant and redundant features and select a subset of features, which can improve the machine learning algorithms’ performance. In fact, FS is an effective preprocessing step of anomaly detection techniques. This article’s main objective is to improve and quantify the accuracy and scalability of both supervised and unsupervised anomaly detection techniques. In this effort, a novel anomaly detection approach using FS, called Anomaly Detection Using Feature Selection (ADUFS), has been introduced. Experimental analysis …

Ransomware 2.0: An Emerging Threat To National Security, Mohiuddin Ahmed, Sascha Dominik Dov Bachmann, Abu Barkat Ullah, Shaun Barnett

Research outputs 2022 to 2026

The global Covid-19 pandemic has seen the rapid evolution of our traditional working environment; more people are working from home and the number of online meetings has increased. This trend has also affected the security sector. Consequently, the evolution of ransomware to what is now being described as ‘Ransomware 2.0’ has governments, businesses and individuals alike rushing to secure their data.

A Low-Cost Machine Learning Based Network Intrusion Detection System With Data Privacy Preservation, Jyoti Fakirah, Lauhim Mahfuz Zishan, Roshni Mooruth, Michael L. Johnstone, Wencheng Yang

Research outputs 2022 to 2026

Network intrusion is a well-studied area of cyber security. Current machine learning-based network intrusion detection systems (NIDSs) monitor network data and the patterns within those data but at the cost of presenting significant issues in terms of privacy violations which may threaten end-user privacy. Therefore, to mitigate risk and preserve a balance between security and privacy, it is imperative to protect user privacy with respect to intrusion data. Moreover, cost is a driver of a machine learning-based NIDS because such systems are increasingly being deployed on resource-limited edge devices. To solve these issues, in this paper we propose a NIDS …

Bringing Defensive Artificial Intelligence Capabilities To Mobile Devices, Kevin Chong, Ahmed Ibrahim

Australian Information Security Management Conference

Traditional firewalls are losing their effectiveness against new and evolving threats today. Artificial intelligence (AI) driven firewalls are gaining popularity due to their ability to defend against threats that are not fully known. However, a firewall can only protect devices in the same network it is deployed in, leaving mobile devices unprotected once they leave the network. To comprehensively protect a mobile device, capabilities of an AI-driven firewall can enhance the defensive capabilities of the device. This paper proposes porting AI technologies to mobile devices for defence against today’s ever-evolving threats. A defensive AI technique providing firewall-like capability is being …

Security Vulnerabilities In Android Applications, Crischell Montealegre, Charles Rubia Njuguna, Muhammad Imran Malik, Peter Hannay, Ian Noel Mcateer

Australian Information Security Management Conference

Privacy-related vulnerabilities and risks are often embedded into applications during their development, with this action being either performed out of malice or out of negligence. Moreover, the majority of the mobile applications initiate connections to websites, other apps, or services outside of its scope causing significant compromise to the oblivious user. Therefore, mobile data encryption or related data-protection controls should be taken into account during the application development phase. This paper evaluates some standard apps and their associated threats using publicly available tools and demonstrates how an ignorant user or an organisation can fall prey to such apps.

Xmpp Architecture And Security Challenges In An Iot Ecosystem, Muhammad Imran Malik, Ian Noel Mcateer, Peter Hannay, Syed Naeem Firdous, Zubair Baig

Australian Information Security Management Conference

The elusive quest for technological advancements with the aim to make human life easier has led to the development of the Internet of Things (IoT). IoT technology holds the potential to revolutionise our daily life, but not before overcoming barriers of security and data protection. IoTs’ steered a new era of free information that transformed life in ways that one could not imagine a decade ago. Hence, humans have started considering IoTs as a pervasive technology. This digital transformation does not stop here as the new wave of IoT is not about people, rather it is about intelligent connected devices. …

Mitigating Man-In-The-Middle Attacks On Mobile Devices By Blocking Insecure Http Traffic Without Using Vpn, Kevin Chong, Muhammad Imran Malik, Peter Hannay

Australian Information Security Management Conference

Mobile devices are constantly connected to the Internet, making countless connections with remote services. Unfortunately, many of these connections are in cleartext, visible to third-parties while in transit. This is insecure and opens up the possibility for man-in-the-middle attacks. While there is little control over what kind of connection running apps can make, this paper presents a solution in blocking insecure HTTP packets from leaving the device. Specifically, the proposed solution works on the device, without the need to tunnel packets to a remote VPN server, and without special privileges such as root access. Speed tests were performed to quantify …

An Investigation Into A Denial Of Service Attack On An Ethereum Network, Richard Greene, Michael N. Johnstone

Australian Information Security Management Conference

Apart from its much-publicised use in crypto-currency, blockchain technology is used in a wide range of application areas, from diamonds to wine. The most common application of this technology is in smart contracts in supply chain management, where assurance of delivery and provenance are important. One problem for an Ethereum consortium is the potential for disruption caused by a Denial-of-Service attack across the consortium nodes. Such an attack can be launched from a single source or multiple sources to amplify the effect. This paper investigates the impact of various Denial-of-Service attacks on an Ethereum Consortium deployed on the Azure Cloud …

A Critical Analysis Of Security Vulnerabilities And Countermeasures In A Smart Ship System, Dennis Bothur, Guanglou Zheng, Craig Valli

Australian Information Security Management Conference

It is timely to raise cyber security awareness while attacks on maritime infrastructure have not yet gained critical momentum. This paper analyses vulnerabilities in existing shipborne systems and a range of measures to protect them. It discusses Information Technology network flaws, describes issues with Industrial Control Systems, and lays out major weaknesses in the Automated Identification System, Electronic Chart Display Information System and Very Small Aperture Terminals. The countermeasures relate to the concept of “Defence-in-depth”, and describe procedural and technical solutions. The maritime sector is interconnected and exposed to cyber threats. Internet satellite connections are feasible and omnipresent on vessels, …

An Investigation Into Some Security Issues In The Dds Messaging Protocol, Thomas White, Michael N. Johnstone, Matthew Peacock

Australian Information Security Management Conference

The convergence of Operational Technology and Information Technology is driving integration of the Internet of Things and Industrial Control Systems to form the Industrial Internet of Things. Due to the influence of Information Technology, security has become a high priority particularly when implementations expand into critical infrastructure. At present there appears to be minimal research addressing security considerations for industrial systems which implement application layer IoT messaging protocols such as Data Distribution Services (DDS). Simulated IoT devices in a virtual environment using the DDSI-RTPS protocol were used to demonstrate that enumeration of devices is possible by a non-authenticated client in …

An Investigation Of Potential Wireless Security Issues In Traffic Lights, Brian Bettany, Michael N. Johnstone, Matthew Peacock

Australian Information Security Management Conference

The purpose of automated traffic light systems is to safely and effectively manage the flow of vehicles through (usually) urban environments. Through the use of wireless-based communication protocols, sets of traffic lights are increasingly being connected to larger systems and also being remotely accessed for management purposes, both for monitoring and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus systems may operate with sub-standard or non-existent security implementations. This research aims to test if the same issues and vulnerabilities that appear to be present in traffic light systems in the USA are prevalent …

Image Similarity Using Dynamic Time Warping Of Fractal Features, Ahmed Ibrahim, Craig Valli

Australian Digital Forensics Conference

Hashing algorithms such as MD/SHA variants have been used for years by forensic investigators to look for known artefacts of interest such as malicious files. However, such hashing algorithms are not effective when their hashes change with the slightest alteration in the file. Fuzzy hashing overcame this limitation to a certain extent by providing a close enough measure for slight modifications. As such, image forensics is an essential part of any digital crime investigation, especially in cases involving child pornography. Unfortunately such hashing algorithms can be thwarted easily by operations as simple as saving the original file in a different …

A Survey And Method For Analysing Soho Router Firmware Currency, Nikolai Hampton, Patryk Szewczyk

Australian Information Security Management Conference

Network routers are a core component of contemporary SoHo networks. The firmware within these devices provides routing, control and monitoring functionality coupled with mechanisms to ensure a secure and reliable network. End-users are typically reliant on manufacturers to provide timely firmware updates to mitigate known vulnerabilities. An investigation was undertaken to identify the underlying software components used in the firmware of currently available, SoHo network devices used in Australia. Firmware from 37 devices was deconstructed to identify potential security issues; in each instance, the firmware images were found to include vulnerabilities, obsolete software and out-of-date operating system components. 95% of …

Loyalty Cards And The Problem Of Captcha: 2nd Tier Security And Usability Issues For Senior Citizens, David M. Cook, Apoorv Kumar, Charwina Unmar-Satiah

Australian Information Security Management Conference

Information Security often works in antipathy to access and useability in communities of older citizens. Whilst security features are required to prevent the disclosure of information, some security tools have a deleterious effect upon users, resulting in insecure practices. Security becomes unfit for purpose where users prefer to abandon applications and online benefits in favour of non-digital authentication and verification requirements. For some, the ability to read letters and symbols from a distorted image is a decidedly more difficult task than for others, and the resulting level of security from CAPTCHA tests is not consistent from person to person. This …

Analysis Into Developing Accurate And Efficient Intrusion Detection Approaches, Priya Rabadia, Craig Valli

Australian Digital Forensics Conference

Cyber-security has become more prevalent as more organisations are relying on cyber-enabled infrastructures to conduct their daily actives. Subsequently cybercrime and cyber-attacks are increasing. An Intrusion Detection System (IDS) is a cyber-security tool that is used to mitigate cyber-attacks. An IDS is a system deployed to monitor network traffic and trigger an alert when unauthorised activity has been detected. It is important for IDSs to accurately identify cyber-attacks against assets on cyber-enabled infrastructures, while also being efficient at processing current and predicted network traffic flows. The purpose of the paper is to outline the importance of developing an accurate and …

Timing Attack Detection On Bacnet Via A Machine Learning Approach, Michael N. Johnstone, Matthew Peacock, J I. Den Hartog

Australian Information Security Management Conference

Building Automation Systems (BAS), alternatively known as Building Management Systems (BMS), which centralise the management of building services, are often connected to corporate networks and are routinely accessed remotely for operational management and emergency purposes. The protocols used in BAS, in particular BACnet, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations. As intrusion is thus likely easy to achieve, intrusion detection systems should be put in place to ensure they can be detected and mitigated. Existing intrusion detection systems typically deal only with known threats (signature-based approaches) …

Big Data In Healthcare: What Is It Used For?, Rebecca Hermon, Patricia A H Williams

Australian eHealth Informatics and Security Conference

Big data analytics is a growth area with the potential to provide useful insight in healthcare. Whilst many dimensions of big data still present issues in its use and adoption, such as managing the volume, variety, velocity, veracity, and value, the accuracy, integrity, and semantic interpretation are of greater concern in clinical application. However, such challenges have not deterred the use and exploration of big data as an evidence source in healthcare. This drives the need to investigate healthcare information to control and reduce the burgeoning cost of healthcare, as well as to seek evidence to improve patient outcomes. Whilst …

Suitability Of Lacunarity Measure For Blind Steganalysis, Ahmed Ibrahim

Australian Digital Forensics Conference

Blind steganalysis performance is influenced by several factors including the features used for classification. This paper investigates the suitability of using lacunarity measure as a potential feature vectorfor blind steganalysis. Differential Box Counting (DBC) based lacunarity measure has been employed using the traditional sequential grid (SG) and a new radial strip (RS) approach. The performance of the multi-class SVM based classifier was unfortunately not what was expected. However, the findings show that both the SG and RS lacunarity produce enough discriminating features that warrant further research.

An Analysis Of Security Issues In Building Automation Systems, Matthew Peacock, Michael N. Johnstone

Australian Information Security Management Conference

The purpose of Building Automation Systems (BAS) is to centralise the management of a wide range of building services, through the use of integrated protocol and communication media. Through the use of IP-based communication and encapsulated protocols, BAS are increasingly being connected to corporate networks and also being remotely accessed for management purposes, both for convenience and emergency purposes. These protocols, however, were not designed with security as a primary requirement, thus the majority of systems operate with sub-standard or non-existent security implementations, relying on security through obscurity. Research has been undertaken into addressing the shortfalls of security implementations in …

Finding Evidence Of Wordlists Being Deployed Against Ssh Honeypots – Implications And Impacts, Priya Rabadia, Craig Valli

Australian Digital Forensics Conference

This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. The honeypots used the same base software and hardware configurations. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. Although all three honeypots are have the same configuration settings and …

Testing A Distributed Denial Of Service Defence Mechanism Using Red Teaming, Samaneh Rastegari, Philip Hingston, Chiou-Peng Lam, Murray Brand

Research outputs 2013

The increased number of security threats against the Internet has made communications more vulnerable to attacks. Despite much research and improvement in network security, the number of denial of service (DoS) attacks has rapidly grown in frequency, severity, and sophistication in recent years. Thus, serious attention needs to be paid to network security. However, to create a secure network that can stay ahead of all threats, detection and response features are real challenges. In this paper, we look at the the interaction between the attacker and the defender in a Red Team/Blue Team exercise. We also propose a quantitative decision …

On The Effectiveness Of Intrusions Into Zigbee-Based Wireless Sensor Networks, Michael Johnstone, Jeremy Jarvis

Research outputs 2012

Wireless Sensor Networks are becoming popular as a means of collecting data by military organisations, public utilities, motor vehicle manufacturers and security firms. Unfortunately, the devices on such networks are often insecure by default, which creates problems in terms of the confidentiality and integrity of data transmitted across such networks. This paper discusses attacks that were successful on a simple network consisting of nodes using the ZigBee protocol stack and proposes defences to thwart these attacks, thus leading to increased user confidence in the ability of organisations to provide secure and effective services. The outcomes were that it was possible …

A Longitudinal Study Of Wi-Fi Access Point Security Inthe Perth Central Business District, Emil Jacobson, Andrew Woodward

Australian Information Security Management Conference

This study collected data in 2008 and 2011 in relation to the level of apparent security of wireless network access points in the Perth CBD. It also compared this data to a comparable study conducted in 2004. The aim was to determine whether businesses were using an appropriate level of encryption to protect their wireless networks. A pre-determined route was followed which traced the Perth CBD and the open source wireless network auditing tool Kismet was used to survey the wireless networks. In 2008, approximately 1300 access points were discovered in the Perth CBD, this number climbing to approximately 3400 …

Tracing Vnc And Rdp Protocol Artefacts On Windows Mobile And Windows Smartphone For Forensic Purpose, Paresh Kerai

International Cyber Resilience conference

Remote access is the means of acquiring access to a computer or network remotely or from distance. It is typically achieved through the internet which connects people, corporate offices and telecommuters to the internal network of organizations or individuals. In recent years there has been a greater adoption of remote desktop applications that help administrators to configure and repair computers remotely over the network. However, this technology has also benefited cyber criminals. For example they can connect to computers remotely and perform illegal activity over the network. This research will focus on Windows mobile phones and the Paraben forensics software …

Information Security Surveys: A Review Of The Methodologies, The Critics And A Pragmatic Approach To Their Purposes And Usage, Alexis Guillot, Sue Kennedy

Australian Information Security Management Conference

Each year the latest information security surveys are released to the computing and business communities. Often their findings and their methodologies are subject to criticism from the information security community, professional bodies and others in the profession. This paper looks at the viewpoints of both the producers and the critics of the surveys. The criticisms cover such issues as the methodologies, the response rates, the experience of the respondents, the design of the questions and the interpretation of the results. This paper looks at these issues and discusses the validity of these criticisms, the impact of the surveys and their …

Network Security – Is Ip Telephony Helping The Cause?, Paul Hansen, Andrew Woodward

Australian Information Security Management Conference

The major players in the Public Branch Exchange (PBX) market are moving rapidly towards the implementation of IP Telephony. What will be the effect on network security overall? Will the push to IP Telephony damage the good work already devoted to security networks? As more doorways open up on our networks there is an increased chance we have opened another unseen vector for hackers and other malicious organisation or individuals to access the data stored on server and users workstations, corrupting that data or destroying it. Is it better from a security perspective to have IP telephony only between PBX …

A Comprehensive Firewall Testing Methodology, Murray Brand

Australian Information Security Management Conference

This paper proposes an all encompassing test methodology for firewalls. It extends the life cycle model to revisit the major phases of the life cycle after a firewall is in service as foundations for the tests. The focus of the tests is to show that the firewall is, or isn’t, still fit for purpose. It also focuses on the traceability between business requirements through to policy, rule sets, physical design, implementation, egress and ingress testing, monitoring and auditing. The guidelines are provided by a Test and Evaluation Master Plan (TEMP). The methodology is very much process driven and in keeping …

Increasing Security In The Physical Layer Of Wireless Communication, Luke Golygowski

Australian Information Security Management Conference

This paper introduces a concept of increasing securing in the Physical layer (PHY) of wireless communication. It gives a short description of current status of wireless standards and their security. Despite the existence of advanced security protocols such as IEEE 802.11i or WLAN VPNs, wireless networks still remain vulnerable to denial-of-service (DoS) attacks aiming at PHY and Data Link Layers. The new solution challenges the problems with the currently defined PHY and Data Link layers. The concept introduced here, holds a promise of descending with some of the security measures to the lower layers of the TCP/IP and in this …