Information Security Commons^™

The Paradox Of Social Media Security: A Study Of It Students’ Perceptions Versus Behavior On Using Facebook, Zahra Y. Alqubaiti

Master of Science in Information Technology Theses

Social media plays an essential role in the modern society, enabling people to be better connected to each other and creating new opportunities for businesses. At the same time, social networking sites have become major targets for cyber-security attacks due to their massive user base. Many studies investigated the security vulnerabilities and privacy issues of social networking sites and made recommendations on how to mitigate security risks. Users are an integral part of any security mix. In this thesis, we explore the relationship between users’ security perceptions and their actual behavior on social networking sites. Protection motivation theory (PMT), initially …

A System For Detecting Malicious Insider Data Theft In Iaas Cloud Environments, Jason Nikolai, Yong Wang

Faculty Research & Publications

The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems.

Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work

Chancellor’s Honors Program Projects

No abstract provided.

Teaching Android Security Through Examples: A Publicly Available Database Of Vulnerable Apps, Daniel E. Krutz, Samuel A. Malachowsky

Articles

Security is hard, and teaching security can be even harder. Here we describe a public educational activity to assist in the instruction of both students and developers in creating secure Android apps. Our set of activities includes example vulnerable applications, information about each vulnerability, steps on how to repair the vulnerabilities, and information about how to confirm that the vulnerability has been properly repaired. Our primary goal is to make these activities available to other instructors for use in their classrooms ranging from the K-12 to university settings. A secondary goal of this project is to foster interest in security …

Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …

Chapter Five: The San Bernardino Iphone Case, Tracy Mitrano

Tracy Mitrano

Knowledge Modeling Of Phishing Emails, Courtney Falk

Open Access Dissertations

This dissertation investigates whether or not malicious phishing emails are detected better when a meaningful representation of the email bodies is available. The natural language processing theory of Ontological Semantics Technology is used for its ability to model the knowledge representation present in the email messages. Known good and phishing emails were analyzed and their meaning representations fed into machine learning binary classifiers. Unigram language models of the same emails were used as a baseline for comparing the performance of the meaningful data. The end results show how a binary classifier trained on meaningful data is better at detecting phishing …

Significant Permission Identification For Android Malware Detection, Lichao Sun

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

A recent report indicates that a newly developed malicious app for Android is introduced every 11 seconds. To combat this alarming rate of malware creation, we need a scalable malware detection approach that is effective and efficient. In this thesis, we introduce SigPID, a malware detection system based on permission analysis to cope with the rapid increase in the number of Android malware. Instead of analyzing all 135 Android permissions, our approach applies 3-level pruning by mining the permission data to identify only significant permissions that can be effective in distinguishing benign and malicious apps. Based on the identified significant …

A Survey On Future Internet Security Architectures, Wenxiu Ding, Zheng Yan, Robert H. Deng

Research Collection School Of Computing and Information Systems

Current host-centric Internet Protocol (IP) networks are facing unprecedented challenges, such as network attacks and the exhaustion of IP addresses. Motivated by emerging demands for security, mobility, and distributed networking, many research projects have been initiated to design the future Internet from a clean slate. In order to obtain a thorough knowledge of security in future Internet architecture, we review a number of well-known projects, including named data networking, Content Aware Searching Retrieval and sTreaming, MobilityFirst Future Internet Architecture Project (MobilityFirst), eXpressive Internet Architecture, and scalability, control, and isolation on next-generation network. These projects aim to move away from the …

Mobipot: Understanding Mobile Telephony Threats With Honeycards, Marco Balduzzi, Payas Gupta, Lion Gu, Debin Gao, Mustaque Ahamad

Research Collection School Of Computing and Information Systems

Over the past decade, the number of mobile phones has increased dramatically, overtaking the world population in October 2014. In developing countries like India and China, mobile subscribers outnumber traditional landline users and account for over 90% of the active population. At the same time, convergence of telephony with the Internet with technologies like VoIP makes it possible to reach a large number of telephone users at a low or no cost via voice calls or SMS (short message service) messages. As a consequence, cybercriminals are abusing the telephony channel to launch attacks, e.g., scams that offer fraudulent services and …

Ultrasonic Data Steganography, Alexander Orosz Edwards

KSU Journey Honors College Capstones and Theses

What started off as a question on the possibly of data transmission via sound above the level of human hearing evolved into a project exploring the possibility of ultrasonic data infiltration and exfiltration in an information security context. It is well known that sound can be used to transmit data as this can be seen in many old technologies, most notably and simply DTMF tones for phone networks. But what if the sound used to transmit signals was in in the ultrasonic range? It would go generally unnoticed to anyone not looking for it with tools such as a spectrum …

A Survey Of Social Media Users Privacy Settings & Information Disclosure, Mashael Aljohani, Alastair Nisbet, Kelly Blincoe

Australian Information Security Management Conference

This research utilises a comprehensive survey to ascertain the level of social networking site personal information disclosure by members at the time of joining the membership and their subsequent postings to the sites. Areas examined are the type of information they reveal, their level of knowledge and awareness regarding how their information is protected by SNSs and the awareness of risks that over-sharing may pose. Additionally, this research studies the effect of gender, age, education, and level of privacy concern on the amount and kind of personal information disclosure and privacy settings applied. A social experiment was then run for …

Empirical Analysis Of Socio-Cognitive Factors Affecting Security Behaviors And Practices Of Smartphone Users, Joseph P. Simpson

CCE Theses and Dissertations

The overall security posture of information systems (IS) depends on the behaviors of the IS users. Several studies have shown that users are the greatest vulnerability to IS security. The proliferation of smartphones is introducing an entirely new set of risks, threats, and vulnerabilities. Smartphone devices amplify this data exposure problem by enabling instantaneous transmission and storage of personally identifiable information (PII) by smartphone users, which is becoming a major security risk. Moreover, companies are also capitalizing on the availability and powerful computing capabilities of these smartphone devices and developing a bring-your-own-device (BYOD) program, which makes companies susceptible to divulgence …

An Empirical Assessment Of Employee Cyberslacking In The Public Sector, Wilnelia Hernández

CCE Theses and Dissertations

With the increasing use of the Internet, new challenges are presented to employees in the workplace. Employees spend time during work hours on non-work related activities including visiting e-commerce Websites, managing personal email accounts, and engaging in e-banking. These types of actions in the workplace are known as cyberslacking. Cyberslacking affects the employees’ productivity, presents legal concerns, and undermines the security of the organization’s network. This research study addressed the problem of cyberslacking in the public sector, by assessing the ethical severity of cyberslacking activities, as well as how employees perceived that the frequency of such activities occurred by their …

Understanding The Impact Of Hacker Innovation Upon Is Security Countermeasures, Sean M. Zadig

CCE Theses and Dissertations

Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.

Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining …

A Privacy Gap Around The Internet Of Things For Open-Source Projects, Brian Cusack, Reza Khaleghparast

Australian Information Security Management Conference

The Internet of Things (IoT) is having a more important role in the everyday lives of people. The distribution of connectivity across social and personal interaction discloses personalised information and gives access to a sphere of sensitivities that were previously masked. Privacy measures and security to protect personal sensitivities are weak and in their infancy. In this paper we review the issue of privacy in the context of IoT open-source projects, and the IoT security concerns. A proposal is made to create a privacy bubble around the interoperability of devices and systems and a filter layer to mitigate the exploitation …

A Forensic Examination Of Several Mobile Device Faraday Bags & Materials To Test Their Effectiveness, Ashleigh Lennox-Steele, Alastair Nisbet

Australian Digital Forensics Conference

A Faraday bag is designed to shield a mobile phone or small digital device from radio waves entering the bag and reaching the device, or to stop radio waves escaping through the bag from the device. The effectiveness of these shields is vital for security professionals and forensic investigators who seize devices and wish to ensure that their contents are not read, modified or deleted prior to a forensic examination. This research tests the effectiveness of several readily available Faraday bags. The Faraday bags tested are all available through online means and promise complete blocking of all signals through the …

An Analysis Of Chosen Alarm Code Pin Numbers & Their Weakness Against A Modified Brute Force Attack, Alastair Nisbet, Maria Kim

Australian Information Security Management Conference

Home and commercial alarms are an integral physical security measure that have become so commonplace that little thought is given to the security that they may or may not provide. Whilst the focus has shifted from physical security in the past to cyber security in the present, physical security for protecting assets may be just as important for many business organisations. This research looks at 700 genuine alarm PIN codes chosen by users to arm and disarm alarm systems in a commercial environment. A comparison is made with a study of millions of PIN numbers unrelated to alarms to compare …

Optical Fiber Sensors In Physical Intrusion Detection Systems: A Review, Gary Andrew Allwood, Graham Wild, Steven Hinkley

Research outputs 2014 to 2021

Fiber optic sensors have become a mainstream sensing technology within a large array of applications due to their inherent benefits. They are now used significantly in structural health monitoring, and are an essential solution for monitoring harsh environments. Since their first development over 30 years ago, they have also found promise in security applications. This paper reviews all of the optical fiber-based techniques used in physical intrusion detection systems. It details the different approaches used for sensing, interrogation, and networking, by research groups, attempting to secure both commercial and residential premises from physical security breaches. The advantages and the disadvantages …

New Secure Solutions For Privacy And Access Control In Health Information Exchange, Ahmed Fouad Shedeed Ibrahim

Theses and Dissertations--Computer Science

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing …

Using Graphic Methods To Challenge Cryptographic Performance, Brian Cusack, Erin Chapman

Australian Information Security Management Conference

Block and stream ciphers have formed the traditional basis for the standardisation of commercial ciphers in the DES, AES, RC4, and so on. More recently alternative graphic methods such as Elliptic Curve Cryptography (ECC) have been adopted for performance gains. In this research we reviewed a range of graphic and non-graphic methods and then designed our own cipher system based on several graphic methods, including Visual Cryptography (VC). We then tested our cipher against RC4 and the AES algorithms for performance and security. The results showed that a graphics based construct may deliver comparable or improved security and performance in …

Establishing Effective And Economical Traffic Surveillance In Tonga, Brian Cusack, George Maeakafa

Australian Digital Forensics Conference

The Pacific Islands are seriously challenged by the growth in wealth and the expansion of international material possessions. On the roads traffic has grown dramatically and the types of vehicles now using Island roads has greatly changed. With the importation of cheap second hand vehicles designed for freeway speeds serious safety issues have grown proportionally with the increasing numbers. In this research we consider the prohibitive costs of traditional traffic controls to economy and propose a light weight highly mobile aerial surveillance system that integrates with ground policing capability. Our research question was: How can road safety and security be …

Technetium: Productivity Tracking For Version Control Systems, David Leonard

Dissertations and Theses

In recent years, the City College of New York has seen its Computer Science program grow immensely, to the point of overcrowding. This has negative implications for both students and professors, particularly in introductory computer science courses in which constant feedback, iteration and collaboration with others is key to success. In this paper we propose various models for collaboration among students in all course levels using distributed version control systems and implement a secure and efficient tool for visualizing collaborative efforts by observing past work [5]. Lastly, we lay the foundation for future work around additional collaborative metrics, features and …

The Corporate Security Stratum Of Work: Identifying Levels Of Work In The Domain, Codee Roy Ludbey

Theses : Honours

Corporate security is a practicing domain and developing academic discipline that provides for the protection of people, information and assets, as well as the self-protection of organisations. Fayol (1949) articulated such an activity within organisations to be a core business function of significant importance; embedding security operations within all aspects of organisational work. This embedded nature of security within organisations has led to difficulty in the literature delineating roles and responsibilities of security practitioners; consequently leading to a nebulous understanding of security as a whole. Therefore, an investigation of the corporate security stratum of work has been undertaken to address …