Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

Discipline
Institution
Keyword
Publication Year
Publication
Publication Type
File Type

Articles 1 - 30 of 3831

Full-Text Articles in Information Security

Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach, Tien Mai, Arunesh Sinha Feb 2023

Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach, Tien Mai, Arunesh Sinha

Research Collection School Of Computing and Information Systems

Vaccine delivery in under-resourced locations with security risks is not just challenging but also life threatening. The COVID pandemic and the need to vaccinate added even more urgency to this issue. Motivated by this problem, we propose a general framework to set-up limited temporary (vaccination) centers that balance physical security and desired (vaccine) service coverage with limited resources. We set-up the problem as a Stackelberg game between the centers operator (defender) and an adversary, where the set of centers is not fixed a priori but is part of the decision output. This results in a mixed combinatorial and continuous optimization …


Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs, Jazmin Collins, Vitaly Ford Jan 2023

Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs, Jazmin Collins, Vitaly Ford

Journal of Cybersecurity Education, Research and Practice

The use of the Capture the Flag (CTF)-style competitions has grown popular in a variety of environments as a method to improve or reinforce cybersecurity techniques. However, while these competitions have shown promise in student engagement, enjoyment, and the teaching of essential workforce cybersecurity concepts, many of these CTF challenges have largely focused on cybersecurity as a general topic. Further, most in-school CTF challenges are designed with technical institutes in mind, prepping only experienced or upper-level students in cybersecurity studies for real-world challenges. Our paper aims to focus on the setting of a liberal arts institute, emphasizing secure coding as …


Lightweight Pairwise Key Distribution Scheme For Iots, Kanwalinderjit Kaur Jan 2023

Lightweight Pairwise Key Distribution Scheme For Iots, Kanwalinderjit Kaur

Journal of Cybersecurity Education, Research and Practice

Embedding a pairwise key distribution approach in IoT systems is challenging as IoT devices have limited resources, such as memory, processing power, and battery life. This paper presents a secure and lightweight approach that is applied to IoT devices that are divided into Voronoi clusters. This proposed algorithm comprises XOR and concatenation operations for interactive authentication between the server and the IoT devices. Predominantly, the authentication is carried out by the server. It is observed that the algorithm is resilient against man-in-the-middle attacks, forward secrecy, Denial of Service (DoS) attacks, and offers mutual authentication. It is also observed that the …


Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman Jan 2023

Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman

Journal of Cybersecurity Education, Research and Practice

The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as cybersecurity workers prepared to do research, lead multidisciplinary, technical teams, and educate stakeholders and community members. CAP also reinforces leadership skills so that the next generation of cybersecurity professionals becomes a sustainable source of management talent for the program and profession. The remote curriculum innovatively builds non-technical professional skills (communications, teamwork, leadership) for cybersecurity research …


Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh Jan 2023

Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh

Journal of Cybersecurity Education, Research and Practice

Internet-of-Things (IoT) research has primarily focused on identifying IoT devices' organizational risks with little attention to consumer perceptions about IoT device risks. The purpose of this study is to understand consumer risk perceptions for personal IoT devices and translate these perceptions into guidance for future research directions. We conduct a sequential, mixed-methods study using multi-panel Delphi and thematic analysis techniques to understand consumer risk perceptions. The results identify four themes focused on data exposure and user experiences within IoT devices. Our thematic analysis also identified several emerging risks associated with the evolution of IoT device functionality and its potential positioning …


Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid Jan 2023

Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid

Journal of Cybersecurity Education, Research and Practice

The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted …


Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk Jan 2023

Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk

Journal of Cybersecurity Education, Research and Practice

Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: 1) they store employees and students sensitive data, 2) they save confidential documents, 3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of Redacted aimed to identify the people, and the features of such people, that are more susceptible to phishing attacks. We delivered phishing emails to 1.508 subjects in three separate batches, collecting a clickrate equal to 30%, 11% and 13%, respectively. We considered several features (i.e., age, gender, role, working/studying field, email template) …


Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant Jan 2023

Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant

Department of Electrical and Computer Engineering Faculty Publications

Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …


Challenges And Measurements For Governance Of Modern Cyber Space Society, Pinghui Wang, Hongbin Pei, Junzhou Zhao, Tao Qin, Chao Shen, Dongliang Liu, Xiaohong Guan Dec 2022

Challenges And Measurements For Governance Of Modern Cyber Space Society, Pinghui Wang, Hongbin Pei, Junzhou Zhao, Tao Qin, Chao Shen, Dongliang Liu, Xiaohong Guan

Bulletin of Chinese Academy of Sciences (Chinese Version)

The rapid development of information technology has unprecedentedly created a prosperous cyber society and greatly enhanced productivity facilitated by social interaction. At the same time, many problems emerge in the cyber society, such as telecom fraud, privacy leakage, Internet pollution, and algorithmic discrimination. The problems bring new challenges to social order and security. In order to find the way of cyber society governance and promote the modernization of national governance, this paper first presents the analyses on the new problems encountered in the cyber society in three typical scenarios, i.e., identity governance, behavior governance, and algorithm governance, as well as …


Payload-Byte: A Tool For Extracting And Labeling Packet Capture Files Of Modern Network Intrusion Detection Datasets, Yasir Farrukh, Irfan Khan, Syed Wali, David A. Bierbrauer, John Pavlik, Nathaniel D. Bastian Dec 2022

Payload-Byte: A Tool For Extracting And Labeling Packet Capture Files Of Modern Network Intrusion Detection Datasets, Yasir Farrukh, Irfan Khan, Syed Wali, David A. Bierbrauer, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

Adapting modern approaches for network intrusion detection is becoming critical, given the rapid technological advancement and adversarial attack rates. Therefore, packet-based methods utilizing payload data are gaining much popularity due to their effectiveness in detecting certain attacks. However, packet-based approaches suffer from a lack of standardization, resulting in incomparability and reproducibility issues. Unlike flow-based datasets, no standard labeled dataset exists, forcing researchers to follow bespoke labeling pipelines for individual approaches. Without a standardized baseline, proposed approaches cannot be compared and evaluated with each other. One cannot gauge whether the proposed approach is a methodological advancement or is just being benefited …


Software Supply Chain Security Attacks And Analysis Of Defense, Juanjose Rodriguez-Cardenas, Jobair Hossain Faruk, Masura Tansim, Asia Shavers, Corey Brookins, Shamar Lake, Ava Norouzi, Marie Nassif, Kenneth Burke, Miranda Dominguez Dec 2022

Software Supply Chain Security Attacks And Analysis Of Defense, Juanjose Rodriguez-Cardenas, Jobair Hossain Faruk, Masura Tansim, Asia Shavers, Corey Brookins, Shamar Lake, Ava Norouzi, Marie Nassif, Kenneth Burke, Miranda Dominguez

Symposium of Student Scholars

The Software Supply chain or SSC is the backbone of the logistics industry and is crucial to a business's success and operation. The surge of attacks and risks for the SSC has grown in coming years with each attack's impact becoming more significant. These attacks have led to the leaking of both client and company sensitive information, corruption of the data, and having it subject to malware and ransomware installation, despite new practices implemented and investments into SSC security and its branches that have not stopped attackers from developing new vulnerabilities and exploits. In our research, we have investigated Software …


Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore Dec 2022

Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore

Symposium of Student Scholars

Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage are the reasons for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …


Addressing Human Error Through Effective Cyber Policy Design, Katherine Amoresano Dec 2022

Addressing Human Error Through Effective Cyber Policy Design, Katherine Amoresano

Emergency Preparedness, Homeland Security, and Cybersecurity

Human error is a significant contributing factor to the rise in Cybersecurity attacks regardless of increased technical control implemented to safeguard Information systems. Adversaries can circumvent technical safeguards due to human errors which result from inadequate enforceable policies and training on Cybersecurity for the everyday user. Several studies and articles show that the majority of successful attacks are human enabled, proving the need for human-centric cybersecurity research and practices. This exploratory work reviews the human aspect of Cybersecurity by investigating the cybersecurity policies at SUNY Albany and other SUNY institutions. We used a survey of students and faculty members at …


Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing, Matthew A. Peterson Dec 2022

Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing, Matthew A. Peterson

Theses and Dissertations

Selfish mining is an attack against a blockchain where miners hide newly discovered blocks instead of publishing them to the rest of the network. Selfish mining has been a potential issue for blockchains since it was first discovered by Eyal and Sirer. It can be used by malicious miners to earn a disproportionate share of the mining rewards or in conjunction with other attacks to steal money from network users. Several of these attacks were launched in 2018, 2019, and 2020 with the attackers stealing as much as $18 Million. Developers made several different attempts to fix this issue, but …


A Cybersecurity Assessment Of Health Data Ecosystems, Michelle N. Halsey Dec 2022

A Cybersecurity Assessment Of Health Data Ecosystems, Michelle N. Halsey

Cyber Operations and Resilience Program Graduate Projects

This paper is an exploratory study that investigates data collected and used by health plans and reviews the laws and regulations governing this data to identify the gaps in protections and provide recommendations for eliminating these gaps. Health insurance companies collect a wide array of data about the people they insure, data that is often only peripherally relevant to the service these companies provide. The data environment currently consists of seven categories of data: personal health information, summary health information, personally identifiable information, financial information, professional information, biometric information, and lifestyle data or social indicators of health. Much of this …


Sleepmore: Inferring Sleep Duration At Scale Via Multi-Device Wifi Sensing, Camellia Zakaria, Gizem Yilmaz, Priyanka Mammen, Michael Chee, Prashant Shenoy, Rajesh Krishna Balan Dec 2022

Sleepmore: Inferring Sleep Duration At Scale Via Multi-Device Wifi Sensing, Camellia Zakaria, Gizem Yilmaz, Priyanka Mammen, Michael Chee, Prashant Shenoy, Rajesh Krishna Balan

Research Collection School Of Computing and Information Systems

The availability of commercial wearable trackers equipped with features to monitor sleep duration and quality has enabled more useful sleep health monitoring applications and analyses. However, much research has reported the challenge of long-term user retention in sleep monitoring through these modalities. Since modern Internet users own multiple mobile devices, our work explores the possibility of employing ubiquitous mobile devices and passive WiFi sensing techniques to predict sleep duration as the fundamental measure for complementing long-term sleep monitoring initiatives. In this paper, we propose SleepMore, an accurate and easy-to-deploy sleep-tracking approach based on machine learning over the user's WiFi network …


Secure Decentralized Blockchain Based Web Application For Medical Records, Sri Harshini Popuri, Liang Zhao Nov 2022

Secure Decentralized Blockchain Based Web Application For Medical Records, Sri Harshini Popuri, Liang Zhao

Symposium of Student Scholars

The online storage and sharing of electronic health records has undergone a paradigm shift in recent years. The introduction of a centralized cloud computing concept to streamline records transfer between patients and healthcare providers has been an easy task. As a result, the availability of electronically stored health records with minimal operational costs is made possible, but the primary concern is related to the privacy and security of records. How can we securely exchange medical documents online while maintaining strong security standards? This research suggests a framework that fuses online federated learning with blockchain technology. In particular, we develop a …


Studies On The Development Of China’S Network And Information Security, Jiwu Jing Nov 2022

Studies On The Development Of China’S Network And Information Security, Jiwu Jing

Bulletin of Chinese Academy of Sciences (Chinese Version)

No abstract provided.


Accurately Grasp The New Features Of Cybersecurity Technology Development And Fully Promote The Modernization Of National Security System And Capabilities, Dengguo Feng Nov 2022

Accurately Grasp The New Features Of Cybersecurity Technology Development And Fully Promote The Modernization Of National Security System And Capabilities, Dengguo Feng

Bulletin of Chinese Academy of Sciences (Chinese Version)

No abstract provided.


The Role Of It In Campus Sustainability Efforts: Model Sustainability In It Operations, Infrastructure, Cybersecurity, And Teaching And Learning, J. T. Singh, Kevin Partridge, Teresa Hudson, Pete Calvert Nov 2022

The Role Of It In Campus Sustainability Efforts: Model Sustainability In It Operations, Infrastructure, Cybersecurity, And Teaching And Learning, J. T. Singh, Kevin Partridge, Teresa Hudson, Pete Calvert

Sustainability Research & Practice Seminar Presentations

JT Singh (and colleagues), WCU Information Services and Technology - The Role of IT in Campus Sustainability Efforts


The Infosys Times, Vol. 7, No. 1, Collen Nov 2022

The Infosys Times, Vol. 7, No. 1, Collen

The Infosys TIMES

  • Cyber Security Awareness Week
  • Anderson Trucking Field Visit
  • The Values of Data Analytic Skills
  • Information Systems Club: Meeting with CentraCare's IT Department
  • Graduate Assistant for Digital Forensic Lab
  • Data Analytics Certificates
  • Study Abroad for 2 Weeks & Earn 6 Credits!


The Infosys Times, Vol.6, No.2, Collen Nov 2022

The Infosys Times, Vol.6, No.2, Collen

The Infosys TIMES

  • Teaching in the Challenging Times of Covid-19 Pandemic
  • Farewell to Dr. Dien Phan
  • Grants Received for Installing the Department's First Digital Forensic Lab
  • Meet the New Faculty
  • Stringline Video Shoot
  • Cyber Security Awareness Week
  • Today's Technology Opportunities for Women Leaders
  • Excellence in Leadership Award Recipients
  • Alumni Updates
  • InfoSys Diaries
  • $9,332 Research Fund received from Jazan University, Saudi Arabia
  • The National Society of Leadership and Success Experience


Emerging Trends In Cybercrime Awareness In Nigeria, Ogochukwu Favour Nzeakor, Bonaventure N. Nwokeoma, Ibrahim Hassan, Benjamin Okorie Ajah, John T. Okpa Nov 2022

Emerging Trends In Cybercrime Awareness In Nigeria, Ogochukwu Favour Nzeakor, Bonaventure N. Nwokeoma, Ibrahim Hassan, Benjamin Okorie Ajah, John T. Okpa

International Journal of Cybersecurity Intelligence & Cybercrime

The study examined the current trend in cybercrime awareness and the relationship such trend has with cybercrime vulnerability or victimization. Selecting a sample of 1104 Internet users from Umuahia, Abia State, Nigeria, We found that: 1) awareness of information security was high in that about 2 in every 3 (68%) participants demonstrated a favorable awareness of information security and cybercrime. It was, however, revealed that such a high level of awareness could be partial and weak. 2) most Internet users demonstrated the awareness of fraud-related cybercrime categories (39%), e-theft (15%), hacking (12%), and ATM theft (10%). However, they were rarely …


Understanding Deviance And Victimization In Cyber Space Among Diverse Populations, Insun Park Nov 2022

Understanding Deviance And Victimization In Cyber Space Among Diverse Populations, Insun Park

International Journal of Cybersecurity Intelligence & Cybercrime

Recent years have witnessed a growing academic interest in deviance and victimization in the cyber space. The current issue of the International Journal of Cybersecurity Intelligence and Cybercrime features three empirical research articles on online behavior of traditionally under-researched populations and a review of much waited book on digital forensics and investigation. This paper was prepared to introduce these important scholarly works in the context of newly emerging scholarship that focuses on the experiences of diverse subgroups in cyberspace.


Aggressive Reality Docuseries And Cyberbullying: A Partial Test Of Glaser’S Differential Identification Theory, J. Ra’Chel Fowler, Darren R. Beneby, Kenethia L. Fuller Nov 2022

Aggressive Reality Docuseries And Cyberbullying: A Partial Test Of Glaser’S Differential Identification Theory, J. Ra’Chel Fowler, Darren R. Beneby, Kenethia L. Fuller

International Journal of Cybersecurity Intelligence & Cybercrime

Reality docuseries have dominated primetime airwaves for the greater part of three decades. However, little is known about how viewers who are enamored with the genre’s most aggressive characters are influenced. Using Glaser’s (1956) theory of differential identification, this study employs survey data from 210 college students at a historically Black college and university to explore whether identification with characters from aggressive reality docuseries (ARDs) and the frequency of viewing ARD are positively associated with cyberbullying. Results of multivariate analyses revealed that men were more likely than women to publicly shame others and air other’s dirty laundry online. Additionally, the …


Book Review: Digital Forensics And Cyber Investigation Nov 2022

Book Review: Digital Forensics And Cyber Investigation

International Journal of Cybersecurity Intelligence & Cybercrime

No abstract provided.


Applications Of Blockchain In Business Processes: A Comprehensive Review, Wattana Viriyasitavat, Li Xu, Dusit Niyato, Zhuming Bi, Danupol Hoonsopon Nov 2022

Applications Of Blockchain In Business Processes: A Comprehensive Review, Wattana Viriyasitavat, Li Xu, Dusit Niyato, Zhuming Bi, Danupol Hoonsopon

Information Technology & Decision Sciences Faculty Publications

Blockchain (BC), as an emerging technology, is revolutionizing Business Process Management (BPM) in multiple ways. The main adoption is to serve as a trusted infrastructure to guarantee the trust of collaborations among multiple partners in trustless environments. Especially, BC enables trust of information by using Distributed Ledger Technology (DLT). With the power of smart contracts, BC enforces the obligations of counterparties that transact in a business process (BP) by programming the contracts as transactions. This paper aims to study the state-of-the-art of BC technologies by (1) exploring its applications in BPM with the focus on how BC provides the trust …


Vulcurator: A Vulnerability-Fixing Commit Detector, Truong Giang Nguyen, Cong Thanh Le, Hong Jin Kang, Xuan-Bach D. Le, David Lo Nov 2022

Vulcurator: A Vulnerability-Fixing Commit Detector, Truong Giang Nguyen, Cong Thanh Le, Hong Jin Kang, Xuan-Bach D. Le, David Lo

Research Collection School Of Computing and Information Systems

Open-source software (OSS) vulnerability management process is important nowadays, as the number of discovered OSS vulnerabilities is increasing over time. Monitoring vulnerability-fixing commits is a part of the standard process to prevent vulnerability exploitation. Manually detecting vulnerability-fixing commits is, however, time-consuming due to the possibly large number of commits to review. Recently, many techniques have been proposed to automatically detect vulnerability-fixing commits using machine learning. These solutions either: (1) did not use deep learning, or (2) use deep learning on only limited sources of information. This paper proposes VulCurator, a tool that leverages deep learning on richer sources of information, …


An Evaluation Framework For Digital Image Forensics Tools, Zainab Khalid, Sana Qadir Oct 2022

An Evaluation Framework For Digital Image Forensics Tools, Zainab Khalid, Sana Qadir

Journal of Digital Forensics, Security and Law

The boom of digital cameras, photography, and social media has drastically changed how humans live their day-to-day, but this normalization is accompanied by malicious agents finding new ways to forge and tamper with images for unlawful monetary (or other) gains. Disinformation in the photographic media realm is an urgent threat. The availability of a myriad of image editing tools renders it almost impossible to differentiate between photo-realistic and original images. The tools available for image forensics require a standard framework against which they can be evaluated. Such a standard framework can aid in evaluating the suitability of an image forensics …


A Study Of The Data Remaining On Second-Hand Mobile Devices In The Uk, Olga Angelopoulou, Andy Jones, Graeme Horsman, Seyedali Pourmoafi Oct 2022

A Study Of The Data Remaining On Second-Hand Mobile Devices In The Uk, Olga Angelopoulou, Andy Jones, Graeme Horsman, Seyedali Pourmoafi

Journal of Digital Forensics, Security and Law

This study was carried out intending to identify the level and type of information that remained on portable devices that were purchased from the second-hand market in the UK over the last few years. The sample for this study consisted of 100 second hand mobile phones and tablets. The aim of the study was to determine the proportion of devices that still contained data and the type of data that they contained. Where data was identified, the study attempted to determine the level of personal identifiable information that is associated with the previous owner. The research showed that when sensitive …