Open Access. Powered by Scholars. Published by Universities.®

Computer Security Commons

Open Access. Powered by Scholars. Published by Universities.®

1000 Full-Text Articles 1282 Authors 279948 Downloads 64 Institutions

All Articles in Computer Security

Faceted Search

1000 full-text articles. Page 1 of 36.

Securecoin: A Robust Secure And Effi#14;Cient Protocol For Anonymous Bitcoin Ecosystem, Maged H. Ibrahim 2017 Helwan University

Securecoin: A Robust Secure And Effi#14;Cient Protocol For Anonymous Bitcoin Ecosystem, Maged H. Ibrahim

Maged Ibrahim

Bitcoin is the #12;rst decentralized peer-to-peer electronic
virtual asset and payment cryptocurrency, through which,
users can transact digital currency directly, without the
need for an intermediary (or authority), using a hashed
version of cryptographic public keys, as pseudonyms
called addresses. The Bitcoin ecosystem was supposed
to be anonymous and untraceable. However, transactions
from input to output addresses of the Bitcoin users are
observed to be linkable, therefore, missing unlinkability
as an important requirement of anonymity. Several pro-
tocols appeared to enhance Bitcoin users' anonymity and
to ensure unlinkability of input-output addresses, to make
input and output addresses of transactions ...


From The Editor-In-Chief, Ibrahim A. Baggili 2016 JDFSL

From The Editor-In-Chief, Ibrahim A. Baggili

Journal of Digital Forensics, Security and Law

We are proud to share with you this special edition issue of the JDFSL. This year, JDFSL partnered with both the 6th International Conference on Digital Forensics and Cyber Crime (ICDF2C) and Systematic Approaches to Digital Forensic Engineering (SADFE)–two prominent conferences in our field that were co-hosted. Fifty-three papers were submitted, and the Technical Program Committee accepted only 17 after a rigorous review process.


Secure Software Engineering Education: Knowledge Area, Curriculum And Resources, Xiaohong Yuan, Li Yang, Bilan Jones, Huiming Yu, Bei-Tseng Chu 2016 North Carolina Agricultural and Technical University

Secure Software Engineering Education: Knowledge Area, Curriculum And Resources, Xiaohong Yuan, Li Yang, Bilan Jones, Huiming Yu, Bei-Tseng Chu

Journal of Cybersecurity Education, Research and Practice

This paper reviews current efforts and resources in secure software engineering education, with the goal of providing guidance for educators to make use of these resources in developing secure software engineering curriculum. These resources include Common Body of Knowledge, reference curriculum, sample curriculum materials, hands-on exercises, and resources developed by industry and open source community. The relationship among the Common Body of Knowledge proposed by the Department of Homeland Security, the Software Engineering Institute at Carnegie Mellon University, and ACM/IEEE are discussed. The recent practices on secure software engineering education, including secure software engineering related programs, courses, and course ...


Using A Virtual Computing Laboratory To Foster Collaborative Learning For Information Security And Information Technology Education, Abdullah Konak, Michael R. Bartolacci 2016 Penn State University - Berks

Using A Virtual Computing Laboratory To Foster Collaborative Learning For Information Security And Information Technology Education, Abdullah Konak, Michael R. Bartolacci

Journal of Cybersecurity Education, Research and Practice

Virtual computer laboratories have been an excellent technological solution to the problem of providing students with hands-on experimentation in information technology fields such as information security in a cost effective and secure manner. A virtual computer laboratory was utilized in this work as a collaborative environment for student learning with the goal of measuring its effect on student learning and attitudes toward laboratory assignments. Experiments were carried out utilizing specially-designed computer-based laboratory activities that included student assessments and surveys upon their completion. The experiments involved both small groups and individual students completing their respective laboratory activities and subsequent assessments ...


From The Editors, Michael E. Whitman, Herbert J. Mattord 2016 Kennesaw State University

From The Editors, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Welcome to the inaugural issue of the Journal of Cybersecurity Education, Research and Practice (JCERP).


Money Laundering Detection Framework To Link The Disparate And Evolving Schemes, Murad Mehmet, Duminda Wijesekera, Miguel F. Buchholtz 2016 George Mason University

Money Laundering Detection Framework To Link The Disparate And Evolving Schemes, Murad Mehmet, Duminda Wijesekera, Miguel F. Buchholtz

Journal of Digital Forensics, Security and Law

Money launderers hide traces of their transactions with the involvement of entities that participate in sophisticated schemes. Money laundering detection requires unraveling concealed connections among multiple but seemingly unrelated human money laundering networks, ties among actors of those schemes, and amounts of funds transferred among those entities. The link among small networks, either financial or social, is the primary factor that facilitates money laundering. Hence, the analysis of relations among money laundering networks is required to present the full structure of complex schemes. We propose a framework that uses sequence matching, case-based analysis, social network analysis, and complex event processing ...


Significant Permission Identification For Android Malware Detection, Lichao Sun 2016 University of Nebraska-Lincoln

Significant Permission Identification For Android Malware Detection, Lichao Sun

Computer Science and Engineering: Theses, Dissertations, and Student Research

A recent report indicates that a newly developed malicious app for Android is introduced every 11 seconds. To combat this alarming rate of malware creation, we need a scalable malware detection approach that is effective and efficient. In this thesis, we introduce SigPID, a malware detection system based on permission analysis to cope with the rapid increase in the number of Android malware. Instead of analyzing all 135 Android permissions, our approach applies 3-level pruning by mining the permission data to identify only significant permissions that can be effective in distinguishing benign and malicious apps. Based on the identified significant ...


VigenèRe Score For Malware Detection, Suchita Deshmukh 2016 San Jose State University

VigenèRe Score For Malware Detection, Suchita Deshmukh

Master's Projects

Previous research has applied classic cryptanalytic techniques to the malware detection problem. Speci cally, scores based on simple substitution cipher cryptanal- ysis and various generalizations have been considered. In this research, we analyze two new malware scoring techniques based on classic cryptanalysis. Our rst ap- proach relies on the Index of Coincidence, which is used, for example, to determine the length of the keyword in a Vigenère ciphertext. We also consider a score based on a more complete cryptanalysis of a Vigenère cipher. We nd that the Vigenère score is competitive with previous statistical-based malware scores.


Defeating N-Gram Scores For Http Attack Detection, Samyuktha Sridharan 2016 San Jose State University

Defeating N-Gram Scores For Http Attack Detection, Samyuktha Sridharan

Master's Projects

Web applications that generate malicious HTTP requests provide a platform that attackers use to exploit vulnerable machines. Such malicious traffic should be identified by network intrusion detection systems, based on traffic analysis. Previous research has shown that n-gram techniques can be successfully applied to detect HTTP attacks. In this research, we analyze the robustness of these n-gram techniques. We show that n-gram scores are surprisingly robust, but can be defeated using certain obfuscation strategies. We also consider the need for a more costlier HMM-based intrusion detection system.


Static And Dynamic Analysis For Android Malware Detection, Ankita Kapratwar 2016 San Jose State University

Static And Dynamic Analysis For Android Malware Detection, Ankita Kapratwar

Master's Projects

Static analysis relies on features extracted without executing code, while dynamic analysis extracts features based on code execution (or emulation). In general, static analysis is more e cient, while static analysis is often more informative, particularly in cases of highly obfuscated code. Static analysis of an Android application can rely on features extracted from the manifest le or the Java bytecode, while dynamic analysis of Android applications can deal with features involving dynamic code loading and system calls that are collected while the application is running. In this research, we analyzed the e ectiveness of combining static and dynamic features ...


Image Spam Analysis, Annapurna Sowmya Annadatha 2016 San Jose State University

Image Spam Analysis, Annapurna Sowmya Annadatha

Master's Projects

Image spam is unsolicited bulk email, where the message is embedded in an image. This technique is used to evade text-based spam lters. In this research, we analyze and compare two novel approaches for detecting spam images. Our rst approach focuses on the extraction of a broad set of image features and selection of an optimal subset using a Support Vector Machine (SVM). Our second approach is based on Principal Component Analysis (PCA), where we determine eigenvectors for a set of spam images and compute scores by projecting images onto the resulting eigenspace. Both approaches provide high accuracy with low ...


Pervasive Ehealth Services A Security And Privacy Risk Awareness Survey, xavier bellekens 2016 Abertay University

Pervasive Ehealth Services A Security And Privacy Risk Awareness Survey, Xavier Bellekens

xavier bellekens

The human factor is often recognised as a major aspect of cyber-security research. Risk and situational perception
are identified as key factors in the decision making process, often playing a lead role in the adoption of security mechanisms. However, risk awareness and perception have been poorly investigated in the field of eHealth wearables. Whilst end-users often have limited understanding of privacy and security of wearables, assessing the perceived risks and consequences will help shape the usability of future security mechanisms. This paper present a survey of the the risks and situational awareness in eHealth services. An analysis of the lack ...


Raspberry Pi Vpn Travel Router, Daniel S. Pierson 2016 California Polytechnic State University, San Luis Obispo

Raspberry Pi Vpn Travel Router, Daniel S. Pierson

Computer Science

Consumers are increasingly relying on public wireless hotspots to access the internet from a growing number of devices. Usage of these hotspots has expanded from just laptops to everything from iPhones to tablets, which are expected to be internet-connected for full functionality. It has become common for one to check if there’s an open wireless hotspot connection available at places like coffee shops, hotels, restaurants, or even a doctor’s waiting room. The issue that arises is that these public connections present an inherent security risk, as anyone can connect and gain access to the network. For increased security ...


Packet Filter Approach To Detect Denial Of Service Attacks, Essa Yahya M Muharish 2016 California State University, San Bernardino

Packet Filter Approach To Detect Denial Of Service Attacks, Essa Yahya M Muharish

Electronic Theses, Projects, and Dissertations

Denial of service attacks (DoS) are a common threat to many online services. These attacks aim to overcome the availability of an online service with massive traffic from multiple sources. By spoofing legitimate users, an attacker floods a target system with a high quantity of packets or connections to crash its network resources, bandwidth, equipment, or servers. Packet filtering methods are the most known way to prevent these attacks via identifying and blocking the spoofed attack from reaching its target. In this project, the extent of the DoS attacks problem and attempts to prevent it are explored. The attacks categories ...


Malicious Javascript Detection Using Statistical Language Model, Anumeha Shah 2016 San Jose State University

Malicious Javascript Detection Using Statistical Language Model, Anumeha Shah

Master's Projects

The Internet has an immense importance in our day to day life, but at the same time, it has become the medium of infecting computers, attacking users, and distributing malicious code. As JavaScript is the principal language of client side pro- gramming, it is frequently used in conducting such attacks. Various approaches have been made to overcome the JavaScript security issues. Some advanced approaches utilize machine learning technology in combination with de-obfuscation and emula- tion. Many methods of analysis incorporate static analysis and dynamic analysis. Our solution is entirely based on static analysis, which avoids unnecessary runtime overhead.

The central ...


Tracking User Activity While Safeguarding Data From Attackers, Justin Dahmubed 2016 San Jose State University

Tracking User Activity While Safeguarding Data From Attackers, Justin Dahmubed

Master's Projects

Companies constantly look for ways to better understand customer activity on their websites. Website owners may want to be able to analyze customer activity without having to concern themselves with a government agency forcing them to reveal their information. Multiple analytical tools have been created, most notably Google Analytics.

In my thesis, I demonstrate how analytics data can be stored so that only the site owners can view the data about their customers. With my design, even the analytics site itself cannot decrypt the data after a given window of time has elapsed. The novel aspect of my design is ...


Library Writers Reward Project, Saravana Kumar Gajendran 2016 San Jose State University

Library Writers Reward Project, Saravana Kumar Gajendran

Master's Projects

Open-source library development exploits the distributed intelligence of participants in Internet communities. Nowadays, contribution to the open-source community is fading [16] (Stackalytics, 2016) as there is not much recognition for library writers. They can start exploring ways to generate revenue as they actively contribute to the open-source community.

This project helps library writers to generate revenue in the form of bitcoins for their contribution. Our solution to generate revenue for library writers is to integrate bitcoin mining with existing JavaScript libraries, such as jQuery. More use of the library leads to more revenue for the library writers. It uses the ...


Secure Declassification In Faceted Javascript, Tam Wing 2016 San Jose State University

Secure Declassification In Faceted Javascript, Tam Wing

Master's Projects

Information leaks currently represent a major security vulnerability. Malicious code, when injected into a trusted environment and executed in the context of the victim’s privileges, often results in the loss of sensitive information. To address this security issue, this paper focuses on the idea of information flow control using faceted execution [3]. This mechanism allows the interpreter to efficiently keep track of variables across multiple security levels, achieving termination-insensitive non-interference (TINI). With TINI, a program can only leak one bit of data, caused by the termination of a program. One key benefit of having faceted execution is that flow ...


Analyzing Proactive Fraud Detection Software Tools And The Push For Quicker Solutions, Kerri Aiken 2016 La Salle University

Analyzing Proactive Fraud Detection Software Tools And The Push For Quicker Solutions, Kerri Aiken

Economic Crime Forensics Capstones

This paper focuses on proactive fraud detection software tools and how these tools can help detect and prevent possible fraudulent schemes. In addition to relying on routine audits, companies are designing proactive methods that involve the inclusion of software tools to detect and deter instances of fraud and abuse. This paper discusses examples of companies using ACL and SAS software programs and how the software tools have positively changed their auditing systems.

Novelis Inc., an aluminum and recycling company, implemented ACL into their internal audit software system. Competitive Health Analytics (Division of Humana) implemented SAS in order to improve their ...


Cyber Security Awareness In Higher Education, Toni Hunt 2016 Central Washington University

Cyber Security Awareness In Higher Education, Toni Hunt

Symposium Of University Research and Creative Expression (SOURCE)

With technology advancing every day our society is becoming more connected than we have ever been before. While these advances are making our daily lives easier they are also adding extra risks to our personal information. Most people do not think about their identities getting stolen when they make an online purchase, check their email, or use social media. However, each time that you put your personal information on the Internet you are at risk of that information getting stolen. This is especially true for students, who spend so much time online doing school activities. Every time that they login ...


Digital Commons powered by bepress