Physical Sciences and Mathematics Commons^™

Enabling Secure Secret Updating For Unidirectional Key Distribution In Rfid-Enabled Supply Chains, Shaoying Cai, Tieyan Li, Changshe Ma, Yingjiu Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

In USENIX Security 08, Juels, Pappu and Parno proposed a secret sharing based mechanism to alleviate the key distribution problem in RFID-enabled supply chains. Compared to existing pseudonym based RFID protocols, the secret sharing based solution is more suitable for RFID-enabled supply chains since it does not require a database of keys be distributed among supply chain parties for secure ownership transfer of RFID tags. However, this mechanism cannot resist tag tracking and tag counterfeiting attacks in supply chain systems. It is also not convenient for downstream supply chain parties to adjust the size of RFID tag collections in recovering …

On Strategies For Imbalanced Text Classification Using Svm: A Comparative Study, Aixin Sun, Ee Peng Lim, Ying Liu

Research Collection School Of Computing and Information Systems

Many real-world text classification tasks involve imbalanced training examples. The strategies proposed to address the imbalanced classification (e.g., resampling, instance weighting), however, have not been systematically evaluated in the text domain. In this paper, we conduct a comparative study on the effectiveness of these strategies in the context of imbalanced text classification using Support Vector Machines (SVM) classifier. SVM is the interest in this study for its good classification accuracy reported in many text classification tasks. We propose a taxonomy to organize all proposed strategies following the training and the test phases in text classification tasks. Based on the taxonomy, …

Adaptive Type-2 Fuzzy Maintenance Advisor For Offshore Power Systems, Zhaoxia Wang, C. S. Chang, Fan Yang, W. W. Tan

Research Collection School Of Computing and Information Systems

Proper maintenance strategies are very desirable for minimizing the operational and maintenance costs of power systems without sacrificing reliability. Condition-based maintenance has largely replaced time-based maintenance because of the former's potential economic benefits. As offshore substations are often remotely located, they experience more adverse environments, higher failures, and therefore need more powerful analytical tools than their onshore counterpart. As reliability information collected during operation of an offshore substation can rarely avoid uncertainties, it is essential to obtain consistent estimates of reliability measures under changing environmental and operating conditions. Some attempts with type-1 fuzzy logic were made with limited success in …

Challenges In Improving Information Security Practice In Australian General Practice, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A. Williams

Australian Information Security Management Conference

The status of information security in Australian medical general practice is discussed together with a review of the challenges facing small practices that often lack the technical knowledge and skill to secure patient information by themselves. It is proposed that an information security governance framework is required to assist practices in identifying weaknesses and gaps and then to plan and implement how to overcome their shortcomings through policies, training and changes to processes and management structure.

Measuring Information Security Governance Within General Medical Practice, Rachel J. Mahncke, Donald C. Mcdermid, Patricia A. Williams

Australian Information Security Management Conference

Information security is becoming increasingly important within the Australian general medical practice environment as legal and accreditation compliance is being enforced. Using a literature review, approaches to measuring information security governance were analysed for their potential suitability and use within General Practice for the effective protection of confidential information. The models, frameworks and guidelines selected were analysed to evaluate if they were Key Performance Indicator (KPI), or process driven; whether the approach taken was strategic, tactical or operational; and if governance or management assessment tools were presented. To measure information security governance, and be both effective and practical, the approach …

The 2009 Personal Firewall Robustness Evaluation, Ken Pydayya, Peter Hannay, Patryk Szewczyk

Australian Information Security Management Conference

The evolution of the internet as a platform for commerce, banking, general information and personal communications has resulted in a situation where many individuals who may not have previously required internet access now require this connectivity as part of their everyday lives. In addition to this the widespread adoption of mobile broadband has lead to an increasing number of individuals having public facing IP addresses with no firewall appliances present. This situation has dramatically increased reliance on personal firewalls as the first and often last defence against intruders (human and malware alike). The evaluation performed demonstrates the capabilities of current …

Case Study On An Investigation Of Information Security Management Among Law Firms, Sameera Mubarak, Elena Sitnikova

Australian Information Security Management Conference

The integrity of lawyers trust accounts as come under scrutiny in the last few years. There have been many incidents of trust account fraud reported internationally, including a case in Australia, where an employee of a law firm stole $4,500,000 from the trust funds of forty-two clients. Our study involved interviewing principles of ten law companies to find out solicitors’ attitudes to computer security and the possibility of breaches of their trust accounts. An overall finding highlights that law firms were not current with technology to combat computer crime, and inadequate access control was a major concern in safeguarding account …

Improving An Organisations Existing Information Technology Policy To Increase Security, Shane Talbot, Andrew Woodward

Australian Information Security Management Conference

A security policy which includes the appropriate phases of implementation, enforcement, auditing and review is vital to protecting an organisations information security. This paper examined the information security policy of a government organisation in response to a number of perceived shortcomings. The specific issues identified relating to the organisations security policy as a result of this investigation were as follows: a culture of ignoring policies, minimal awareness of policies, minimal policy enforcement, policy updating and review ad hoc at best, policy framework, lengthy policy development and approval process, no compliance program, no formal non-compliance reporting and an apparent inconsistent enforcement …

A Spoofing Attack Against An Epc Class One Rfid System, Christopher Bolan

Australian Information Security Management Conference

In computing the term spoofing historically referred to the creation of TCP/IP packets using another device’s valid IP address to gain an advantage. The Electronic Product Code (EPC) RFID system was investigated to test the efficacy of spoofing a valid tag response to basic requests. A radio frequency transmission device was constructed to determine whether a valid reader could distinguish between the response of an actual tag and a spoofed response. The results show that the device was able to successfully deceive the EPC reader and further, to replace actual tag responses with a spoofed response. The potential for such …

Information Security Disclosure: A Case Study, I Rosewall, M J. Warren

Australian Information Security Management Conference

New social networking systems such as Facebook are an ever evolving and developing means of social interaction, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with "strangers" through the advent of a large number of social applications. This paper will focus upon the impact of Generation F - the Facebook Generation and their attitudes to security. The paper will be based around discussing the findings of a major UK case study and the implications that this has. The case study identifies 51 recommendations to improve the …

What Does Security Culture Look Like For Small Organizations?, Patricia A. Williams

Australian Information Security Management Conference

The human component is a significant factor in information security, with a large numbers of breaches occurring due to unintentional user error. Technical solutions can only protect information so far and thus the human aspect of security has become a major focus for discussion. Therefore, it is important for organisations to create a security conscious culture. However, currently there is no established representation of security culture from which to assess how it can be manoeuvred to improve the overall information security of an organization. This is of particular importance for small organizations who lack the resources in information security and …

Strong Authentication For Web Services Using Smartcards, D S. Stienne, Nathan Clarke, Paul Reynolds

Australian Information Security Management Conference

The popularity of the Internet and the variety of services it provides has been immense. Unfortunately, many of these services require the user to register and subsequently login to the system in order to access them. This has resulted in the user having to remember a multitude of username and password combinations in order to use the service securely. However, literature has clearly demonstrated this is not an effective approach, as users will frequently choose simple passwords, write them down, share them or use the same password for multiple systems. This paper proposes a novel concept where Internet users authenticate …

Exploring The Relationship Between Organizational Culture And Information Security Culture, Joo S. Lim, Shanton Chang, Sean Maynard, Atif Ahmad

Australian Information Security Management Conference

Managing Information Security is becoming more challenging in today’s business because people are both a cause of information security incidents as well as a key part of the protection from them. As the impact of organizational culture (OC) on employees is significant, many researchers have called for the creation of information security culture (ISC) in organizations to influence the actions and behaviour of employees towards better organizational information security. Although researchers have called for the creation of ISC to be embedded in organizations, nonetheless, literature suggests that little past research examining the relationship between the nature of OC and ISC. …

Development Of A Critical Factors Model For The Knowledge Economy In Saudi Arabia, Fahad A. Alothman, Peter Busch

Australian Information Security Management Conference

If knowledge-based economic systems are to be adopted, succeed and be disseminated, many significant barriers must be overcome regardless of how advanced a country is in terms of its infrastructure and domestic production. This paper describes an investigation of the critical factors associated with the adoption and dissemination of a knowledge economy initiative. The focus of the research is on knowledge management, national culture and other country-specific factors and how they are influencing Saudi Arabia’s efforts to develop a knowledge economy.

Method For Securing Online Community Service: A Study Of Selected Western Australian Councils, Sunsern Limwiriyakul

Australian Information Security Management Conference

Since the Internet was publicly made available, it has become popular and widely used in a range of services such as Email, News, IRC, World Wide Web around the globe. Progressively other services such as telephony, video conferencing, video on demand, interactive TV, Geospatial Information System (GIS), have emerged and become available on the Internet. Nowadays, Internet broadband communication infrastructure, both wired and wireless, make the concept of a Digital Community possible. The Digital Community has been growing and expanding rapidly around the world. This changes the way we live, work and play. Creating a Digital Community can empower local …

Review Of Browser Extensions, A Man-In-The-Browser Phishing Techniques Targeting Bank Customers, Nattakant Utakrit

Australian Information Security Management Conference

Initially, online scammers (phishers) used social engineering techniques to send emails to solicit personal information from customer in order to steal money from their Internet banking account. Data, such as passwords or bank account details, could be further used for other criminal activities. For instance, the scammers may intend to leave the victim’s information behind after they have successfully committed the crime so that the police can suspect the visible evidence as a suspicious criminal. Many customers are now aware of the need to protect their banking details from the phishers by not providing any sensitive information. Recently, phishing attacks …

A Contrast Pattern Based Clustering Quality Index For Categorical Data, Qingbao Liu, Guozhu Dong

Kno.e.sis Publications

Since clustering is unsupervised and highly explorative, clustering validation (i.e. assessing the quality of clustering solutions) has been an important and long standing research problem. Existing validity measures have significant shortcomings. This paper proposes a novel contrast pattern based clustering quality index (CPCQ) for categorical data, by utilizing the quality and diversity of the contrast patterns (CPs) which contrast the clusters in clusterings. High quality CPs can characterize clusters and discriminate them against each other. Experiments show that the CPCQ index (1) can recognize that expert-determined classes are the best clusters for many datasets from the UCI repository; (2) does …

Sparql Query Re-Writing For Spatial Datasets Using Partonomy Based Transformation Rules, Prateek Jain, Cory Andrew Henson, Amit P. Sheth, Peter Z. Yeh, Kunal Verma

Kno.e.sis Publications

Often the information present in a spatial knowledge base is represented at a different level of granularity and abstraction than the query constraints. For querying ontology’s containing spatial information, the precise relationships between spatial entities has to be specified in the basic graph pattern of SPARQL query which can result in long and complex queries. We present a novel approach to help users intuitively write SPARQL queries to query spatial data, rather than relying on knowledge of the ontology structure. Our framework re-writes queries, using transformation rules to exploit part-whole relations between geographical entities to address the mismatches between query …

Protein Secondary Structure Prediction Using Parallelized Rule Induction From Coverings, Leong Lee, Cyriac Kandoth, Jennifer Leopold, Ronald L. Frank

Computer Science Faculty Research & Creative Works

Protein 3D structure prediction has always been an important research area in bioinformatics. In particular, the prediction of secondary structure has been a well-studied research topic. Despite the recent breakthrough of combining multiple sequence alignment information and artificial intelligence algorithms to predict protein secondary structure, the Q3 accuracy of various computational prediction algorithms rarely has exceeded 75%. In a previous paper [1], this research team presented a rule-based method called RT-RICO (Relaxed Threshold Rule Induction from Coverings) to predict protein secondary structure. The average Q3 accuracy on the sample datasets using RT-RICO was 80.3%, an improvement over comparable computational methods. …

To Trust Or Not To Trust? Predicting Online Trusts Using Trust Antecedent Framework, Viet-An Nguyen, Ee Peng Lim, Jing Jiang, Aixin Sun

Research Collection School Of Computing and Information Systems

This paper analyzes the trustor and trustee factors that lead to inter-personal trust using a well studied Trust Antecedent framework in management science. To apply these factors to trust ranking problem in online rating systems, we derive features that correspond to each factor and develop different trust ranking models. The advantage of this approach is that features relevant to trust can be systematically derived so as to achieve good prediction accuracy. Through a series of experiments on real data from Epinions, we show that even a simple model using the derived features yields good accuracy and outperforms MoleTrust, a trust …

A Local Qualitative Approach To Referral And Functional Trust, Krishnaprasad Thirunarayan, Dharan Althuru, Cory Andrew Henson, Amit P. Sheth

Kno.e.sis Publications

Trust and confidence are becoming key issues in diverse applications such as ecommerce, social networks, semantic sensor web, semantic web information retrieval systems, etc. Both humans and machines use some form of trust to make informed and reliable decisions before acting. In this work, we briefly review existing work on trust networks, pointing out some of its drawbacks. We then propose a local framework to explore two different kinds of trust among agents called referral trust and functional trust, that are modelled using local partial orders, to enable qualitative trust personalization. The proposed approach formalizes reasoning with trust, distinguishing between …

Cyber Attacks: Does Physical Boundary Matter?, Qiu-Hong Wang, Seung-Hyun Kim

Research Collection School Of Computing and Information Systems

Information security issues are characterized with interdependence. Particularly, cyber criminals can easily cross national boundaries and exploit jurisdictional limitations between countries. Thus, whether cyber attacks are spatially autocorrelated is a strategic issue for government authorities and a tactic issue for insurance companies. Through an empirical study of cyber attacks across 62 countries during the period 2003-2007, we find little evidence on the spatial autocorrelation of cyber attacks at any week. However, after considering economic opportunity, IT infrastructure, international collaboration in enforcement and conventional crimes, we find strong evidence that cyber attacks were indeed spatially autocorrelated as they moved over time. …

A Robust Damage Assessment Model For Corrupted Database Systems, Ge Fu, Hong Zhu, Yingjiu Li

Research Collection School Of Computing and Information Systems

An intrusion tolerant database uses damage assessment techniques to detect damage propagation scales in a corrupted database system. Traditional damage assessment approaches in a intrusion tolerant database system can only locate damages which are caused by reading corrupted data. In fact, there are many other damage spreading patterns that have not been considered in traditional damage assessment model. In this paper, we systematically analyze inter-transaction dependency relationships that have been neglected in the previous research and propose four different dependency relationships between transactions which may cause damage propagation. We extend existing damage assessment model based on the four novel dependency …

A New Approach For Anonymous Password Authentication, Yanjiang Yang, Jianying Zhou, Jian Weng, Feng Bao

Research Collection School Of Computing and Information Systems

Anonymous password authentication reinforces password authentication with the protection of user privacy. Considering the increasing concern of individual privacy nowadays, anonymous password authentication represents a promising privacy-preserving authentication primitive. However, anonymous password authentication in the standard setting has several inherent weaknesses, making its practicality questionable. In this paper, we propose a new and efficient approach for anonymous password authentication. Our approach assumes a different setting where users do not register their passwords to the server; rather, they use passwords to protect their authentication credentials. We present a concrete scheme, and get over a number of challenges in securing password-protected credentials …

Learning Bregman Distance Functions And Its Application For Semi-Supervised Clustering, Lei Wu, Rong Jin, Steven C. H. Hoi, Jianke Zhu, Nenghai Yu

Research Collection School Of Computing and Information Systems

Learning distance functions with side information plays a key role in many machine learning and data mining applications. Conventional approaches often assume a Mahalanobis distance function. These approaches are limited in two aspects: (i) they are computationally expensive (even infeasible) for high dimensional data because the size of the metric is in the square of dimensionality; (ii) they assume a fixed metric for the entire input space and therefore are unable to handle heterogeneous data. In this paper, we propose a novel scheme that learns nonlinear Bregman distance functions from side information using a nonparametric approach that is similar to …

Coherent Phrase Model For Efficient Image Near-Duplicate Retrieval, Yiqun Hu, Xiangang Cheng, Liang-Tien Chia, Xing Xie, Deepu Rajan, Ah-Hwee Tan

Research Collection School Of Computing and Information Systems

This paper presents an efficient and effective solution for retrieving image near-duplicate (IND) from image database. We introduce the coherent phrase model which incorporates the coherency of local regions to reduce the quantization error of the bag-of-words (BoW) model. In this model, local regions are characterized by visual phrase of multiple descriptors instead of visual word of single descriptor. We propose two types of visual phrase to encode the coherency in feature and spatial domain, respectively. The proposed model reduces the number of false matches by using this coherency and generates sparse representations of images. Compared to other method, the …

Object Oriented Program Correctness With Oosiml, José M. Garrido

Faculty and Research Publications

Software reliability depends on program correctness and robustness and these are extremely important in developing high-quality software. Correctness is also essential when considering aspects of software security. However, experience applying these concepts, associated methods, and supporting software with Eiffel and Java have shown that students find some diffculty learning program correctness and in learning the software tools provided. We have developed an experimental language, OOSimL, that includes an assertion notation similar to that of Eiffel but which has much more flexibility, and that provides the same semantics as Java.

The first part of this paper provides an overview of concepts …

Gpu-Accelerated Hierarchical Dense Correspondence For Real-Time Aerial Video Processing, Stephen Cluff, Bryan S. Morse, Jonathan D. Cohen, Mark Duchaineau

Faculty Publications

Video from aerial surveillance can provide a rich source of data for many applications and can be enhanced for display and analysis through such methods as mosaic construction, super-resolution, and mover detection. All of these methods require accurate frame-to-frame registration, which for live use must be performed in real time. In many situations, scene parallax may make alignment using global transformations impossible or error-prone, limiting the performance of subsequent processing and applications. For these cases, dense (per-pixel) correspondence is required, but this can be computationally prohibitive. This paper presents a hierarchical dense correspondence algorithm designed for implementation on graphics processing …

Denial-Of-Service Attacks On Host-Based Generic Unpackers, Limin Liu, Jiang Ming, Zhi Wang, Debin Gao, Chunfu Jia

Research Collection School Of Computing and Information Systems

With the advance of packing techniques, a few generic and automatic unpackers have been proposed. These unpackers are designed to automatically unpack packed binaries without specific knowledge of the packing techniques used. In this paper, we present an automatic packer with which packed malware forges spurious unpacking behaviors that lead to a denial-of-service attack on host-based generic unpackers. We present the design, implementation, and evaluation of the proposed packer and malware produced using the proposed packer, and show the success of denial-of-service attacks on host-based generic unpackers.

Structured P2p Technologies For Distributed Command And Control, Daniel R. Karrels, Gilbert L. Peterson, Barry E. Mullins

Faculty Publications

The utility of Peer-to-Peer (P2P) systems extends far beyond traditional file sharing. This paper provides an overview of how P2P systems are capable of providing robust command and control for Distributed Multi-Agent Systems (DMASs). Specifically, this article presents the evolution of P2P architectures to date by discussing supporting technologies and applicability of each generation of P2P systems. It provides a detailed survey of fundamental design approaches found in modern large-scale P2P systems highlighting design considerations for building and deploying scalable P2P applications. The survey includes unstructured P2P systems, content retrieval systems, communications structured P2P systems, flat structured P2P systems and …