Information Security Commons^™

Detection Of Jamming Attacks In Vanets, Thomas Justice

Undergraduate Honors Theses

A vehicular network is a type of communication network that enables vehicles to communicate with each other and the roadside infrastructure. The roadside infrastructure consists of fixed nodes such as roadside units (RSUs), traffic lights, road signs, toll booths, and so on. RSUs are devices equipped with communication capabilities that allow vehicles to obtain and share real-time information about traffic conditions, weather, road hazards, and other relevant information. These infrastructures assist in traffic management, emergency response, smart parking, autonomous driving, and public transportation to improve roadside safety, reduce traffic congestion, and enhance the overall driving experience. However, communication between the …

Multi-Script Handwriting Identification By Fragmenting Strokes, Joshua Jude Thomas

<strong> Theses and Dissertations </strong>

This study tests the effectiveness of Multi-Script Handwriting Identification after simplifying character strokes, by segmenting them into sub-parts. Character simplification is performed through splitting the character by branching-points and end-points, a process called stroke fragmentation in this study. The resulting sub-parts of the character are called stroke fragments and are evaluated individually to identify the writer. This process shares similarities with the concept of stroke decomposition in Optical Character Recognition which attempts to recognize characters through the writing strokes that make them up. The main idea of this study is that the characters of different writing‑scripts (English, Chinese, etc.) may …

A Design Science Approach To Investigating Decentralized Identity Technology, Janelle Krupicka

Cybersecurity Undergraduate Research Showcase

The internet needs secure forms of identity authentication to function properly, but identity authentication is not a core part of the internet’s architecture. Instead, approaches to identity verification vary, often using centralized stores of identity information that are targets of cyber attacks. Decentralized identity is a secure way to manage identity online that puts users’ identities in their own hands and that has the potential to become a core part of cybersecurity. However, decentralized identity technology is new and continually evolving, which makes implementing this technology in an organizational setting challenging. This paper suggests that, in the future, decentralized identity …

Binder, Tyler A. Peaster, Lindsey M. Davenport, Madelyn Little, Alex Bales

ATU Research Symposium

Binder is a mobile application that aims to introduce readers to a book recommendation service that appeals to devoted and casual readers. The main goal of Binder is to enrich book selection and reading experience. This project was created in response to deficiencies in the mobile space for book suggestions, library management, and reading personalization. The tools we used to create the project include Visual Studio, .Net Maui Framework, C#, XAML, CSS, MongoDB, NoSQL, Git, GitHub, and Figma. The project’s selection of books were sourced from the Google Books repository. Binder aims to provide an intuitive interface that allows users …

Techniques To Detect Fake Profiles On Social Media Using The New Age Algorithms – A Survey, A K M Rubaiyat Reza Habib, Edidiong Elijah Akpan

ATU Research Symposium

This research explores the growing issue of fake accounts in Online Social Networks [OSNs]. While platforms like Twitter, Instagram, and Facebook foster connections, their lax authentication measures have attracted many scammers and cybercriminals. Fake profiles conduct malicious activities, such as phishing, spreading misinformation, and inciting social discord. The consequences range from cyberbullying to deceptive commercial practices. Detecting fake profiles manually is often challenging and causes considerable stress and trust issues for the users. Typically, a social media user scrutinizes various elements like the profile picture, bio, and shared posts to identify fake profiles. These evaluations sometimes lead users to conclude …

A Case Study Of The Crashoverride Malware, Its Effects And Possible Countermeasures, Samuel Rector

Cybersecurity Undergraduate Research Showcase

CRASHOVERRIDE is a modular malware tailor-made for electric grid Industrial Control System (ICS) equipment and was deployed by a group named ELECTRUM in a Ukrainian substation. The malware would launch a protocol exploit to flip breakers and would then wipe the system of ICS files. Finally, it would execute a Denial Of Service (DOS) attack on protective relays. In effect, months of damage and thousands out of power. However, due to oversights the malware only caused a brief power outage. Though the implications of the malware are cause for researching and implementing countermeasures against others to come. The CISA recommends …

Data Profits Vs. Privacy Rights: Ethical Concerns In Data Commerce, Amiah Armstrong

Cybersecurity Undergraduate Research Showcase

In today’s digital age, the collection and sale of customer data for advertising is gaining a growing number of ethical concerns. The act of amassing extensive datasets encompassing customer preferences, behaviors, and personal information raises questions of its true purpose. It is widely acknowledged that companies track and store their customer’s digital activities under the pretext of benefiting the customer, but at what cost? Are users aware of how much of their data is being collected? Do they understand the trade-off between personalized services and the potential invasion of their privacy? This paper aims to show the advantages and disadvantages …

What Students Have To Say On Data Privacy For Educational Technology, Stephanie Choi

Cybersecurity Undergraduate Research Showcase

The literature on data privacy in terms of educational technology is a growing area of study. The perspective of educators has been captured extensively. However, the literature on students’ perspectives is missing, which is what we explore in this paper. We use a pragmatic qualitative approach with an experiential lens to capture students’ attitudes towards data privacy in terms of educational technology. We identified preliminary, common themes that appeared in the survey responses. The paper concludes by calling for more research on how students perceive data privacy in terms of educational technology.

Investigating Vulnerabilities In The Bluetooth Host Layer In Linux, Jack Dibari

Cybersecurity Undergraduate Research Showcase

This paper investigates vulnerabilities within the Bluetooth host layer in Linux systems. It examines the Bluetooth protocol's evolution, focusing on its implementation in Linux, particularly through the BlueZ host software. Various vulnerabilities, including BleedingTooth, BLESA, and SweynTooth, are analyzed.

Comparing Cognitive Theories Of Learning Transfer To Advance Cybersecurity Instruction, Assessment, And Testing, Daniel T. Hickey Ph.D., Ronald J. Kantor

Journal of Cybersecurity Education, Research and Practice

The cybersecurity threat landscape evolves quickly, continually, and consequentially. This means that the transfer of cybersecurity learning is crucial. We compared how different recognized “cognitive” transfer theories might help explain and synergize three aspects of cybersecurity education. These include teaching and training in diverse settings, assessing learning formatively & summatively, and testing & measuring achievement, proficiency, & readiness. We excluded newer sociocultural theories and their implications for inclusion as we explore those theories elsewhere. We first summarized the history of cybersecurity education and proficiency standards considering transfer theories. We then explored each theory and reviewed the most relevant cybersecurity education …

Improving Educational Delivery And Content In Juvenile Detention Centers, Yomna Elmousalami

Undergraduate Research Symposium

Students in juvenile detention centers have the greatest need to receive improvements in educational delivery and content; however, they are one of the “truly disadvantaged” populations in terms of receiving those improvements. This work presents a qualitative data analysis based on a focus group meeting with stakeholders at a local Juvenile Detention Center. The current educational system in juvenile detention centers is based on paper worksheets, single-room style teaching methods, outdated technology, and a shortage of textbooks and teachers. In addition, detained students typically have behavioral challenges that are deemed "undesired" in society. As a result, many students miss classes …

An Analysis And Ontology Of Teaching Methods In Cybersecurity Education, Sarah Buckley

LSU Master's Theses

The growing cybersecurity workforce gap underscores the urgent need to address deficiencies in cybersecurity education: the current education system is not producing competent cybersecurity professionals, and current efforts are not informing the non-technical general public of basic cybersecurity practices. We argue that this gap is compounded by a fundamental disconnect between cybersecurity education literature and established education theory. Our research addresses this issue by examining the alignment of cybersecurity education literature concerning educational methods and tools with education literature.

In our research, we endeavor to bridge this gap by critically analyzing the alignment of cybersecurity education literature with education theory. …

An Efficient Privacy-Preserving Framework For Video Analytics, Tian Zhou

Doctoral Dissertations

With the proliferation of video content from surveillance cameras, social media, and live streaming services, the need for efficient video analytics has grown immensely. In recent years, machine learning based computer vision algorithms have shown great success in various video analytic tasks. Specifically, neural network models have dominated in visual tasks such as image and video classification, object recognition, object detection, and object tracking. However, compared with classic computer vision algorithms, machine learning based methods are usually much more compute-intensive. Powerful servers are required by many state-of-the-art machine learning models. With the development of cloud computing infrastructures, people are able …

Artificial Intelligence Usage And Data Privacy Discoveries Within Mhealth, Jennifer Schulte

Faculty Research & Publications

Advancements in artificial intelligence continue to impact nearly every aspect of human life by providing integration options that aim to supplement or improve current processes. One industry that continues to benefit from artificial intelligence integration is healthcare. For years now, elements of artificial intelligence have been used to assist in clinical decision making, helping to identify potential health risks at earlier stages, and supplementing precision medicine. An area of healthcare that specifically looks at wearable devices, sensors, phone applications, and other such devices is mobile health (mHealth). These devices are used to aid in health data collection and delivery. This …

Developing Singapore As A Smart Nation, Josephine Teo

Asian Management Insights

Mrs Josephine Teo, Singapore’s Minister for Communications and Information, and Minister-in-charge of Smart Nation and Cybersecurity, speaks about leading the country’s Smart Nation drive.

Sigmadiff: Semantics-Aware Deep Graph Matching For Pseudocode Diffing, Lian Gao, Yu Qu, Sheng Yu, Yue Duan, Heng Yin

Research Collection School Of Computing and Information Systems

Pseudocode diffing precisely locates similar parts and captures differences between the decompiled pseudocode of two given binaries. It is particularly useful in many security scenarios such as code plagiarism detection, lineage analysis, patch, vulnerability analysis, etc. However, existing pseudocode diffing and binary diffing tools suffer from low accuracy and poor scalability, since they either rely on manually-designed heuristics (e.g., Diaphora) or heavy computations like matrix factorization (e.g., DeepBinDiff). To address the limitations, in this paper, we propose a semantics-aware, deep neural network-based model called SIGMADIFF. SIGMADIFF first constructs IR (Intermediate Representation) level interprocedural program dependency graphs (IPDGs). Then it uses …

Harnessing The Advances Of Meda To Optimize Multi-Puf For Enhancing Ip Security Of Biochips, Chen Dong, Xiaodong Guo, Sihuang Lian, Yinan Yao, Zhenyi Chen, Yang Yang, Zhanghui Liu

Research Collection School Of Computing and Information Systems

Digital microfluidic biochips (DMFBs) have a significant stride in the applications of medicine and the biochemistry in recent years. DMFBs based on micro-electrode-dot-array (MEDA) architecture, as the next-generation DMFBs, aim to overcome drawbacks of conventional DMFBs, such as droplet size restriction, low accuracy, and poor sensing ability. Since the potential market value of MEDA biochips is vast, it is of paramount importance to explore approaches to protect the intellectual property (IP) of MEDA biochips during the development process. In this paper, an IP authentication strategy based on the multi-PUF applied to MEDA biochips is presented, called bioMPUF, consisting of Delay …

Stopguess: A Framework For Public-Key Authenticated Encryption With Keyword Search, Tao Xiang, Zhongming Wang, Biwen Chen, Xiaoguo Li, Peng Wang, Fei Chen

Research Collection School Of Computing and Information Systems

Public key encryption with keyword search (PEKS) allows users to search on encrypted data without leaking the keyword information from the ciphertexts. But it does not preserve keyword privacy within the trapdoors, because an adversary (e.g., untrusted server) might launch inside keyword-guessing attacks (IKGA) to guess keywords from the trapdoors. In recent years, public key authenticated encryption with keyword search (PAEKS) has become a promising primitive to counter the IKGA. However, existing PAEKS schemes focus on the concrete construction of PAEKS, making them unable to support modular construction, intuitive proof, or flexible extension. In this paper, our proposal called “StopGuess” …

A Study On Ethical Hacking In Cybersecurity Education Within The United States, Jordan Chew

Master's Theses

As the field of computer security continues to grow, it becomes increasingly important to educate the next generation of security professionals. However, much of the current education landscape primarily focuses on teaching defensive skills. Teaching offensive security, otherwise known as ethical hacking, is an important component in the education of all students who hope to contribute to the field of cybersecurity. Doing so requires a careful consideration of what ethical, legal, and practical issues arise from teaching students skills that can be used to cause harm. In this thesis, we first examine the current state of cybersecurity education in the …

Navigating The Digital Frontier: The Intersection Of Cybersecurity Challenges And Young Adult Life, Hannarae Lee

International Journal of Cybersecurity Intelligence & Cybercrime

Papers from this issue advocate for empowering young adults with knowledge and tools to navigate cyberspace safely, emphasizing the necessity of heightened cybersecurity measures and proactive education. As we advance into the digital abyss, this call becomes imperative, ensuring that the young adults' experience remains a journey of growth and enlightenment, unaffected by the shadows of unseen online threats.

The Need For A Cybersecurity Education Program For Internet Users With Limited English Proficiency: Results From A Pilot Study, Fawn T. Ngo, Rustu Deryol, Brian Turnbull, Jack Drobisz

International Journal of Cybersecurity Intelligence & Cybercrime

According to security experts, cybersecurity education and awareness at the user level are key in combating cybercrime. Hence, in the U.S., cybersecurity and Internet safety workshops, classes, and resources targeting children, adolescents, adults, and senior citizens abound. However, most cybercrime prevention programs are only available in English, thus, ignoring a substantial proportion of Internet users and potential cybercrime victims—Internet users with limited English proficiency (LEP). Yet, successfully combating cybercrime requires that all computer and Internet users, regardless of their language abilities and skills, have access to pertinent cybersecurity information and resources to protect themselves online. This paper presents the results …

Book Review: Tracers In The Dark: The Global Hunt For The Crime Lords Of Cryptocurrency, Marion Jones

International Journal of Cybersecurity Intelligence & Cybercrime

Doubleday released Andy Greenberg’s Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency in November 2022. Through vivid case studies of global criminal investigations, the book dispels myths about the anonymizing power of cryptocurrency. The book details how the ability to identify cryptocurrency users and payment methods successfully brought down several large criminal empires, while also highlighting the continuous cat-and-mouse game between law enforcement officials and criminal actors using cryptocurrency. The book is an excellent resource for law enforcement officials, academics, and general cybersecurity practitioners interested in cryptocurrency-related criminal activities and law enforcement techniques.

Blockchain Applications In Higher Education Based On The Nist Cybersecurity Framework, Brady Lund Ph.D.

Journal of Cybersecurity Education, Research and Practice

This paper investigates the integration of blockchain technology into core systems within institutions of higher education, utilizing the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework as a guiding framework. It supplies definitions of key terminology including blockchain, consensus mechanisms, decentralized identity, and smart contracts, and examines the application of secure blockchain across various educational functions such as enrollment management, degree auditing, and award processing. Each facet of the NIST Framework is utilized to explore the integration of blockchain technology and address persistent security concerns. The paper contributes to the literature by defining blockchain technology applications and opportunities within …

Improving Belonging And Connectedness In The Cybersecurity Workforce: From College To The Profession, Mary Beth Klinger

Journal of Cybersecurity Education, Research and Practice

This article explores the results of a project aimed at supporting community college students in their academic pursuit of an Associate of Applied Science (AAS) degree in Cybersecurity through mentorship, collaboration, skill preparation, and other activities and touch points to increase students’ sense of belonging and connectedness in the cybersecurity profession. The goal of the project was focused on developing diverse, educated, and skilled cybersecurity personnel for employment within local industry and government to help curtail the current regional cybersecurity workforce gap that is emblematic of the lack of qualified cybersecurity personnel that presently exists nationwide. Emphasis throughout the project …

University Of Johannesburg Institutional Repository Cybersecurity Output: 2015-2021 Interdisciplinary Study, Mancha J. Sekgololo

Journal of Cybersecurity Education, Research and Practice

This study examines cybersecurity awareness in universities by analyzing related research output across different disciplines at the University of Johannesburg. The diffusion of innovation theory is used in this study as a theoretical framework to explain how cybersecurity awareness diffuses across disciplines. The University of Johannesburg Institutional Repository database was the data source for this study. Variations in cybersecurity keyword searches and topic modeling techniques were used to identify the frequency and distribution of research output across different disciplines. The study reveals that cybersecurity awareness has diffused across various disciplines, including non-computer science disciplines such as business, accounting, and social …

Privacy Principles And Harms: Balancing Protection And Innovation, Samuel Aiello

Journal of Cybersecurity Education, Research and Practice

In today's digitally connected world, privacy has transformed from a fundamental human right into a multifaceted challenge. As technology enables the seamless exchange of information, the need to protect personal data has grown exponentially. Privacy has emerged as a critical concern in the digital age, as technological advancements continue to reshape how personal information is collected, stored, and utilized. This paper delves into the fundamental principles of privacy and explores the potential harm that can arise from the mishandling of personal data. It emphasizes the delicate balance between safeguarding individuals' privacy rights and fostering innovation in a data-driven society. By …

Board Of Directors Role In Data Privacy Governance: Making The Transition From Compliance Driven To Good Business Stewardship, David Warner, Lisa Mckee

Journal of Cybersecurity Education, Research and Practice

Data collection, use, leveraging, and sharing as a business practice and advantage has proliferated over the past decade. Along with this proliferation of data collection is the increase in regulatory activity which continues to morph exponentially around the globe. Adding to this complexity are the increasing business disruptions, productivity and revenue losses, settlements, fines, and penalties which can amount to over $15 million, with many penalties now being ascribed to the organization’s leadership, to include the Board of Directors (BoD), the CEO and members of the senior leadership team (SLT). Thus, boards of directors can no longer ignore and in …

When Evolutionary Computation Meets Privacy, Bowen Zhao, Wei-Neng Chen, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Jun Zhang

Research Collection School Of Computing and Information Systems

Recently, evolutionary computation (EC) has experienced significant advancements due to the integration of machine learning, distributed computing, and big data technologies. These developments have led to new research avenues in EC, such as distributed EC and surrogate-assisted EC. While these advancements have greatly enhanced the performance and applicability of EC, they have also raised concerns regarding privacy leakages, specifically the disclosure of optimal results and surrogate models. Consequently, the combination of evolutionary computation and privacy protection becomes an increasing necessity. However, a comprehensive exploration of privacy concerns in evolutionary computation is currently lacking, particularly in terms of identifying the object, …

Examination Of Traditional Botnet Detection On Iot-Based Bots, Ashley Woodiss-Field, Michael N. Johnstone, Paul Haskell-Dowland

Research outputs 2022 to 2026

A botnet is a collection of Internet-connected computers that have been suborned and are controlled externally for malicious purposes. Concomitant with the growth of the Internet of Things (IoT), botnets have been expanding to use IoT devices as their attack vectors. IoT devices utilise specific protocols and network topologies distinct from conventional computers that may render detection techniques ineffective on compromised IoT devices. This paper describes experiments involving the acquisition of several traditional botnet detection techniques, BotMiner, BotProbe, and BotHunter, to evaluate their capabilities when applied to IoT-based botnets. Multiple simulation environments, using internally developed network traffic generation software, were …

Crack-Ers (Crack Riddles Applying Cybersecurity Knowledge - Escape Room Scenario), Benjamin Acuff

Posters-at-the-Capitol

CRACK-ERS (Crack Riddles Applying Cybersecurity Knowledge - Escape Room Scenario) is a unique, beginner's level CTF game with riddle-based challenges on various cybersecurity topics. The game is driven by an adventure story-based escape room format. Existing literature indicates that traditional CTFs pose challenges for beginners with no cybersecurity background. The novelty of CRACK-ERS lies in its non-traditional design as an unplugged CTF with an adventure scenario-driven script, encouraging participants to solve cybersecurity-related riddles. CRACK-ERS targets beginner-level learners, fostering teamwork, explorative research, cybersecurity problem-solving, and riddle-cracking skills. Prior cybersecurity educational research notes limited instances of escape room-style CTF games and fewer …