Physical Sciences and Mathematics Commons^™

A Systematic Review Of K-12 Cybersecurity Education Around The World, Ahmed Ibrahim, Marnie Mckee, Leslie F. Sikos, Nicola F. Johnson

Research outputs 2022 to 2026

This paper presents a systematic review of K-12 cybersecurity education literature from around the world. 24 academic papers dated from 2013-2023 were eligible for inclusion in the literature established within the research protocol. An additional 19 gray literature sources comprised the total. A range of recurring common topics deemed as aspects of cybersecurity behavior or practice were identified. A variety of cybersecurity competencies and skills are needed for K-12 students to apply their knowledge. As may be expected to be the case with interdisciplinary fields, studies are inherently unclear in the use of their terminology, and this is compounded in …

Malware Detection With Artificial Intelligence: A Systematic Literature Review, Matthew G. Gaber, Mohiuddin Ahmed, Helge Janicke

Research outputs 2022 to 2026

In this survey, we review the key developments in the field of malware detection using AI and analyze core challenges. We systematically survey state-of-the-art methods across five critical aspects of building an accurate and robust AI-powered malware-detection model: malware sophistication, analysis techniques, malware repositories, feature selection, and machine learning vs. deep learning. The effectiveness of an AI model is dependent on the quality of the features it is trained with. In turn, the quality and authenticity of these features is dependent on the quality of the dataset and the suitability of the analysis tool. Static analysis is fast but is …

Evaluating Staff Attitudes, Intentions, And Behaviors Related To Cyber Security In Large Australian Health Care Environments: Mixed Methods Study, Martin Dart, Mohiuddin Ahmed

Research outputs 2022 to 2026

Background: Previous studies have identified that the effective management of cyber security in large health care environments is likely to be significantly impacted by human and social factors, as well as by technical controls. However, there have been limited attempts to confirm this by using measured and integrated studies to identify specific user motivations and behaviors that can be managed to achieve improved outcomes.

Objective: This study aims to document and analyze survey and interview data from a diverse range of health care staff members, to determine the primary motivations and behaviors that influence their acceptance and application of cyber …

Edge-Iiotset: A New Comprehensive Realistic Cyber Security Dataset Of Iot And Iiot Applications For Centralized And Federated Learning, Mohamed A. Ferrag, Othmane Friha, Djallel Hamouda, Leandros Maglaras, Helge Janicke

Research outputs 2022 to 2026

In this paper, we propose a new comprehensive realistic cyber security dataset of IoT and IIoT applications, called Edge-IIoTset, which can be used by machine learning-based intrusion detection systems in two different modes, namely, centralized and federated learning. Specifically, the dataset has been generated using a purpose-built IoT/IIoT testbed with a large representative set of devices, sensors, protocols and cloud/edge configurations. The IoT data are generated from various IoT devices (more than 10 types) such as Low-cost digital sensors for sensing temperature and humidity, Ultrasonic sensor, Water level detection sensor, pH Sensor Meter, Soil Moisture sensor, Heart Rate Sensor, Flame …

Integration Of Biometrics And Steganography: A Comprehensive Review, Ian Mcateer, Ahmed Ibrahim, Guanglou Zhang, Wencheng Yang, Craig Valli

Research outputs 2014 to 2021

The use of an individual’s biometric characteristics to advance authentication and verification technology beyond the current dependence on passwords has been the subject of extensive research for some time. Since such physical characteristics cannot be hidden from the public eye, the security of digitised biometric data becomes paramount to avoid the risk of substitution or replay attacks. Biometric systems have readily embraced cryptography to encrypt the data extracted from the scanning of anatomical features. Significant amounts of research have also gone into the integration of biometrics with steganography to add a layer to the defence-in-depth security model, and this has …

Proceedings Of The 15th Australian Digital Forensics Conference, 5-6 December 2017, Edith Cowan University, Perth, Australia, Craig Valli

Australian Digital Forensics Conference

Conference Foreword This is the sixth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 8 papers were submitted and following a double blind peer review process, 5 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, …

The Proceedings Of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia, Craig Valli

Australian Digital Forensics Conference

Conference Foreword

This is the fifth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 11 papers were submitted and following a double blind peer review process, 8 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, …

The Proceedings Of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia, Mike Johnstone

Australian Information Security Management Conference

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year.

The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia …

Ransomware: Emergence Of The Cyber-Extortion Menace, Nikolai Hampton, Zubair A. Baig

Australian Information Security Management Conference

Ransomware is increasingly posing a threat to the security of information resources. Millions of dollars of monetary loss have been afflicted on end-users and corporations alike through unlawful deployment of ransomware. Through malware injection into end-user devices and subsequent extortion of their system or data, ransomware has emerged as a threat requiring immediate attention and containment by the cyber-security community. We conduct a detailed analysis of the steps of execution involved in ransomware deployment to facilitate readiness of the cyber-security community in containing the rapid proliferation of ransomware. This paper examines the evolution of malware over a period of 26 …

Design Requirements For Generating Deceptive Content To Protect Document Repositories, Ben Whitham

Australian Information Warfare and Security Conference

For nearly 30 years, fake digital documents have been used to identify external intruders and malicious insider threats. Unfortunately, while fake files hold potential to assist in data theft detection, there is little evidence of their application outside of niche organisations and academic institutions. The barrier to wider adoption appears to be the difficulty in constructing deceptive content. The current generation of solutions principally: (1) use unrealistic random data; (2) output heavily formatted or specialised content, that is difficult to apply to other environments; (3) require users to manually build the content, which is not scalable, or (4) employ an …

Securing The Internet Of Things Infrastructure – Standards And Techniques, Zubair A. Baig

Australian Information Security Management Conference

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards …

12th Australian Information Security Management Conference, 2014, Edith Cowan University: Conference Details, Security Research Institute, Edith Cowan University

Australian Information Security Management Conference

No abstract provided.

Human-Readable Real-Time Classifications Of Malicious Executables, Anselm Teh, Arran Stewart

Australian Information Security Management Conference

Shafiq et al. (2009a) propose a non–signature-based technique for detecting malware which applies data mining techniques to features extracted from executable files. Their technique has a high level of accuracy, a low false positive rate, and a speed on par with commercial anti-virus products. One portion of their technique uses a multi-layer perceptron as a classifier, which provides little insight into the reasons for classification. Our experience is that network security analysts prefer tools which provide human-comprehensible reasons for a classification, rather than operating as “black boxes”. We therefore build on the results of Shafiq et al. by demonstrating a …

The 2011 Idn Homograph Attack Mitigation Survey, Peter Hannay, Gregory Baatard

Research outputs 2012

The advent of internationalized domain names (IDNs) has introduced a new threat, with the non-English character sets allowing for visual mimicry of domain names. Whilst this potential for this form of attack has been well recognized, many applications such as Internet browsers and e-mail clients have been slow to adopt successful mitigation strategies and countermeasures. This research examines those strategies and countermeasures, identifying areas of weakness that allow for homograph attacks. As well as examining the presentation of IDNs in e-mail clients and Internet browser URL bars, this year’s study examines the presentation of IDNs in browser-based security certificates and …

A Survey Of Computer And Network Security Support From Computer Retailers To Consumers In Australia, Patryk Szewczyk

Australian Information Security Management Conference

Previously undertaken research suggests that novice end-users rely on computer retailers for security advice and support during and after a sale has occurred. This paper documents the survey results of computer and network security support provided to consumers by retailers in Perth, Western Australia between 2011 and 2012. The conducted survey shows that in the majority of cases, computers retailers were favourable in providing support and recommendations. However, these views were found to be flawed, confusing and do little to ensure that end-users are not victimized by cyber crime.

Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryk Szewczyk, Krishnun Sansurooah

International Cyber Resilience conference

Whilst security threats to the general public continue to evolve, elderly computer users with limited skill and knowledge are left playing catch-up in an ever-widening gap in fundamental cyber-related comprehension. As a definable cohort, the elderly generally lack awareness of current security threats, and remain under-educated in terms of applying appropriate controls and safeguards to their computers and networking devices. This paper identifies that web-based computer security information sources do not adequately provide helpful information to senior citizen end-users in terms of both design and content. It subsequently demonstrates a solution designed with the elderly, yet novice, end-user in mind. …

Security Information Supplied By Australian Internet Service Providers, Patryk Szewczyk

Australian Information Security Management Conference

Results from previous studies indicate that numerous Internet Service Providers within Australia either have inadequately trained staff, or refuse to provide security support to end-users. This paper examines the security information supplied by Internet Service Providers on their website. Specifically content relating to securing; a wireless network, an ADSL router, and a Microsoft Windows based workstation. A further examination looked at the accuracy, currency, and accessibility of information provided. Results indicate that the information supplied by Internet Service Providers is either inadequate or may in fact further deter the end-user from appropriately securing their computer and networking devices.

Ignorant Experts: Computer And Network Security Support From Internet Service Providers, Patryk Szewczyk, Craig Valli

Research outputs pre 2011

The paper examines the advice and support provided by seven major Internet Service Providers in Australia through late 2009 and early 2010 in relation to computer and network security. Previous research has indicated that many end-users will attempt to utilise the support provided by Internet Service Providers as a simple and effective method by which to obtain key information in regards to computer security. This paper demonstrates that in many cases the individuals working at the help desk are either reluctant to provide IT security support or have insufficient skill to provide the correct information.

The Significance Of Learning Style With Respect To Achievement In First Year Programming Students, Vivian Campbell, Michael Johnstone

Research outputs pre 2011

Study investigates the relationship between the Kolb learning style of first-year programming students and their level of achievement. The method of data collection is described and the process of hypothesis testing is explained. The students in this study were predominately converger and accommodator learning styles. Statistical tests indicated no overall difference between the results of students with different learning styles but a difference was found along Kolb's concrete-abstract axis. A number of possible impacts on teaching are discussed and suggestions made for future research.

Theory Of Entropic Security Decay: The Gradual Degradation In Effectiveness Of Commissioned Security Systems, Michael P. Coole

Theses: Doctorates and Masters

As a quantitative auditing tool for Physical Protection Systems (PPS) the Estimated Adversary Sequence Interruption (EASI) model has been available for many years. Nevertheless, once a systems macro-state measure has been commissioned (Pi) against its defined threat using EASI, there must be a means of articulating its continued efficacy (steady state) or its degradation over time. The purpose of this multi-phase study was to develop the concept and define the term entropic security decay. Phase one presented documentary benchmarks for security decay. This phase was broken into three stages; stage one presented General Systems Theory (GST) as a systems benchmark …

Case Analysis Of Information Security Risk Perceptions, Alexis Guillot

Theses : Honours

The scientific rationality used by experts towards risk evaluation is expressed as the product of its likelihood of occurrence with its consequences or impacts (ENISA, 2006a). This directly opposes the subjective nature of risk perception, often appearing as inconsistent if not completely irrational (Byrne, 2003). Risk perception theories are a pathway to explain the subjective nature of risk and a deeper insight into the human's cognitive system. Those theories may help to explain why people see, act and plan for risks in the way that they do, the weaknesses that exist in the human decision mechanisms and their impact on …

Information Governance: A Model For Security In Medical Practice, Patricia Williams

Research outputs pre 2011

Information governance is becoming an important aspect of organisational accountability. In consideration that information is an integral asset of most organisations, the protection of this asset will increasingly rely on organisational capabilities in security. In the medical arena this information is primarily sensitive patient-based information'. Previous research has shown that application of security measures is a low priority for primary care medical practice and that awareness of the risks are seriously underestimated. Consequently, information security governance will be a key issue for medical practice in the future. Information security governance is a relatively new term ,and there is little existing …

Information Security: A Misnomer, William Hutchinson

Research outputs pre 2011

This paper argues that the definition of 'information' is crucial to the understanding of 'information security'. At present, information security concentrates on the technological aspects of data, computer and network security. This computer-centric approach ignores the fact that the majority of information within an organisation is derived from other sources than computer stored data. The implications for security are that much data can be leaked from an organisation even if the computer and network systems are secured.

Computer Security: Investigating The Impact That Security Specific Education Has On Users’ Behaviour, Samuel David Jones

Theses : Honours

A lack in end-user awareness in computer security issues provides the rationale for this investigation. The research considers whether or not the provision of an educational package addressing computer security issues will improve awareness and transform behaviour of end-users in assessing and enacting appropriate responses in computer security situations. A group of twenty participants was studied in detail using a mixed methods research approach. The participants were drawn from a cross section of computer end-users, from elementary to advanced levels of computer literacy. Outcomes include a positive response to the provision of material, however human factors were found to be …