Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

3,219 Full-Text Articles 4,265 Authors 1,559,674 Downloads 149 Institutions

All Articles in Information Security

Faceted Search

3,219 full-text articles. Page 1 of 133.

Enterprise Environment Modeling For Penetration Testing On The Openstack Virtualization Platform, Vincent Karovič Jr., Jakub Bartaloš, Vincent Karovič, Michal Greguš 2021 Comenius University

Enterprise Environment Modeling For Penetration Testing On The Openstack Virtualization Platform, Vincent Karovič Jr., Jakub Bartaloš, Vincent Karovič, Michal Greguš

Journal of Global Business Insights

The article presents the design of a model environment for penetration testing of an organization using virtualization. The need for this model was based on the constantly increasing requirements for the security of information systems, both in legal terms and in accordance with international security standards. The model was created based on a specific team from the unnamed company. The virtual working environment offered the same functions as the physical environment. The virtual working environment was created in OpenStack and tested with a Linux distribution Kali Linux. We demonstrated that the virtual environment is functional and its security testable. Virtualizing ...


Software-Based Side Channel Attacks And The Future Of Hardened Microarchitecture, Nathaniel Hatfield 2021 Liberty University

Software-Based Side Channel Attacks And The Future Of Hardened Microarchitecture, Nathaniel Hatfield

Senior Honors Theses

Side channel attack vectors found in microarchitecture of computing devices expose systems to potentially system-level breaches. This thesis consists of a comprehensive report on current exploits of this nature, describing their fundamental basis and usage, paving the way to further research into hardware mitigations that may be utilized to combat these and future vulnerabilities. It will discuss several modern software-based side channel attacks, describing the mechanisms they utilize to gain access to privileged information. Attack vectors will be exemplified, along with applicability to various architectures utilized in modern computing. Finally, discussion of how future architectural changes must successfully harden chips ...


Analysis Of Theoretical And Applied Machine Learning Models For Network Intrusion Detection, Jonah Baron 2021 Dakota State University

Analysis Of Theoretical And Applied Machine Learning Models For Network Intrusion Detection, Jonah Baron

Masters Theses & Doctoral Dissertations

Network Intrusion Detection System (IDS) devices play a crucial role in the realm of network security. These systems generate alerts for security analysts by performing signature-based and anomaly-based detection on malicious network traffic. However, there are several challenges when configuring and fine-tuning these IDS devices for high accuracy and precision. Machine learning utilizes a variety of algorithms and unique dataset input to generate models for effective classification. These machine learning techniques can be applied to IDS devices to classify and filter anomalous network traffic. This combination of machine learning and network security provides improved automated network defense by developing highly-optimized ...


How The Growth Of Technology Has Forced Accounting Firms To Put An Emphasis On Cybersecurity, Holden Halbach 2021 University of Arkansas, Fayetteville

How The Growth Of Technology Has Forced Accounting Firms To Put An Emphasis On Cybersecurity, Holden Halbach

Accounting Undergraduate Honors Theses

The advancement of technology has brought many changes to accounting firms. Computer applications such as Microsoft Excel have made calculators and physical spreadsheets obsolete. Then with the introduction of cloud computing employees can store, access, and exchange large amounts of data instantaneously from any location. These technological innovations have increased the accuracy and efficiency of firms substantially. However, this growth in technology has shown the importance of putting an emphasis on cybersecurity throughout the accounting industry. The emphasis placed on cybersecurity throughout accounting firms is more prevalent than any other industry. This is primarily because accounting firms not only deal ...


Data Forgery Detection In Automatic Generation Control: Exploration Of Automated Parameter Generation And Low-Rate Attacks, Yatish R. Dubasi 2021 University of Arkansas, Fayetteville

Data Forgery Detection In Automatic Generation Control: Exploration Of Automated Parameter Generation And Low-Rate Attacks, Yatish R. Dubasi

Computer Science and Computer Engineering Undergraduate Honors Theses

Automatic Generation Control (AGC) is a key control system utilized in electric power systems. AGC uses frequency and tie-line power flow measurements to determine the Area Control Error (ACE). ACE is then used by the AGC to adjust power generation and maintain an acceptable power system frequency. Attackers might inject false frequency and/or tie-line power flow measurements to mislead AGC into falsely adjusting power generation, which can harm power system operations. Various data forgery detection models are studied in this thesis. First, to make the use of predictive detection models easier for users, we propose a method for automated ...


Brave New World Reboot: Technology’S Role In Consumer Manipulation And Implications For Privacy And Transparency, Allie Mertensotto 2021 University of Arkansas, Fayetteville

Brave New World Reboot: Technology’S Role In Consumer Manipulation And Implications For Privacy And Transparency, Allie Mertensotto

Marketing Undergraduate Honors Theses

Most consumers are aware that our data is being obtained and collected through the use of our devices we keep in our homes or even on our person throughout the day. But, it is understated how much data is being collected. Conversations you have with your peers – in a close proximity of a device – are being used to tailor advertising. The advertisements you receive on your devices are uniquely catered to your individual person, due to the fact it consistently uses our data to produce efficient and personal ads. On the flip side, our government is also tapping into our ...


Security Fatigue And Its Effects On Perceived Password Strength Among University Students, Chase Carroll 2021 University of Tennessee at Chattanooga

Security Fatigue And Its Effects On Perceived Password Strength Among University Students, Chase Carroll

Honors Theses

This study was performed with the goal of observing the effect, if any, that security fatigue has on students’ perceived strength of passwords. In doing so, it was hoped to find some correlation between the two that would help in establishing a measurable effect of the phenomenon in students. This could potentially aid organizational decision-makers, such as security policy writers and system admins, to make more informed decisions about implementing security measures. To achieve the goal of observing this fatigue and attempting to measure it, a survey was distributed to numerous students on the University of Tennessee at Chattanooga campus ...


Privacy Is Infringed In Plain Sight And How To Dissapear, Zachary Taylor 2021 California State University, San Bernardino

Privacy Is Infringed In Plain Sight And How To Dissapear, Zachary Taylor

Electronic Theses, Projects, and Dissertations

This culminating project explored how Amazon, Apple, Facebook, Google, and Microsoft infringe on their user's information privacy. Focus was on tools and techniques one can use to strengthen their information privacy. Privacy or information privacy was defined as the right to have some control over how your personal information is collected and used. This project will also introduce a verity of open-source tools and techniques that would help the unsuspected user to maintain their privacy.The questions asked were: what are some common techniques that Amazon, Apple, Facebook, Google, or Microsoft use to gain personal information?, At what cost ...


A Novel Dynamic Analysis Infrastructure To Instrument Untrusted Execution Flow Across User-Kernel Spaces, Jiaqi HONG, Xuhua DING 2021 Singapore Management University

A Novel Dynamic Analysis Infrastructure To Instrument Untrusted Execution Flow Across User-Kernel Spaces, Jiaqi Hong, Xuhua Ding

Research Collection School Of Computing and Information Systems

Code instrumentation and hardware based event trapping are two primary approaches used in dynamic malware analysis systems. In this paper, we propose a new approach called Execution Flow Instrumentation (EFI) where the analyzer execution flow is interleaved with the target flow in user- and kernel-mode, at junctures flexibly chosen by the analyzer at runtime. We also propose OASIS as the system infrastructure to realize EFI with virtues of the current two approaches, however without their drawbacks. Despite being securely and transparently isolated from the target, the analyzer introspects and controls it in the same native way as instrumentation code. We ...


Trust Models And Risk In The Internet Of Things, Jeffrey Hemmes 2021 Regis University

Trust Models And Risk In The Internet Of Things, Jeffrey Hemmes

Regis University Faculty Publications

The Internet of Things (IoT) is envisaged to be a large-scale, massively heterogeneous ecosystem of devices with varying purposes and capabilities. While architectures and frameworks have focused on functionality and performance, security is a critical aspect that must be integrated into system design. This work proposes a method of risk assessment of devices using both trust models and static capability profiles to determine the level of risk each device poses. By combining the concepts of trust and secure device fingerprinting, security mechanisms can be more efficiently allocated across networked IoT devices. Simultaneously, devices can be allowed a greater degree of ...


Viability Of Consumer Grade Hardware For Learning Computer Forensics Principles, Lazaro A. Herrera 2021 Nova Southeastern University

Viability Of Consumer Grade Hardware For Learning Computer Forensics Principles, Lazaro A. Herrera

Journal of Digital Forensics, Security and Law

We propose utilizing budget consumer hardware and software to teach computer forensics principles and for non-case work, research and developing new techniques. Consumer grade hardware and free / open source software is more easily accessible in most developing markets and can be used as a first purchase for education, technique development and even when developing new techniques. These techniques should allow for small forensics laboratories or classroom settings to have the tooling and framework for trying existing forensics techniques or creating new forensics techniques on consumer grade hardware. We'll be testing how viable each individual piece of hardware is as ...


A Critical Review Of: The Perfect Weapon: War, Sabotage, And Fear In The Cyber Age, Steven Cauthron 2021 Augusta University

A Critical Review Of: The Perfect Weapon: War, Sabotage, And Fear In The Cyber Age, Steven Cauthron

International Journal of Security Studies

Book Review: A Critical Review of: The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age


Assessing The Credibility Of Cyber Adversaries, Jenny A. Wells, Dana S. LaFon, Margaret Gratian 2021 Bridgewater State University

Assessing The Credibility Of Cyber Adversaries, Jenny A. Wells, Dana S. Lafon, Margaret Gratian

International Journal of Cybersecurity Intelligence & Cybercrime

Online communications are ever increasing, and we are constantly faced with the challenge of whether online information is credible or not. Being able to assess the credibility of others was once the work solely of intelligence agencies. In the current times of disinformation and misinformation, understanding what we are reading and to who we are paying attention to is essential for us to make considered, informed, and accurate decisions, and it has become everyone’s business. This paper employs a literature review to examine the empirical evidence across online credibility, trust, deception, and fraud detection in an effort to consolidate ...


Cyberbullying: Its Social And Psychological Harms Among Schoolers, Hyeyoung Lim, Hannarae Lee 2021 Bridgewater State University

Cyberbullying: Its Social And Psychological Harms Among Schoolers, Hyeyoung Lim, Hannarae Lee

International Journal of Cybersecurity Intelligence & Cybercrime

Criminal justice around the world has prioritized the prevention and protection of bullying and its victims due to the rapid increases in peer violence. Nevertheless, relatively few studies have examined what treatments or assistance are effective for peer victims to reduce and recover from their social and psychological suffering, especially in cyberbullying cases. Using data derived from the National Crime Victimization Survey-School Crime Supplement data in 2011 and 2013 (N=823), the current study examined the impact of two emotional support groups (i.e., adult and peer groups) on cyberbullying victims' social and psychological harm. The findings indicated that both ...


Cyber-Victimization Trends In Trinidad & Tobago: The Results Of An Empirical Research, Troy Smith, Nikolaos Stamatakis 2021 Bridgewater State University

Cyber-Victimization Trends In Trinidad & Tobago: The Results Of An Empirical Research, Troy Smith, Nikolaos Stamatakis

International Journal of Cybersecurity Intelligence & Cybercrime

Cybertechnology has brought benefits to the Caribbean in the form of new regional economic and social growth. In the last years, Caribbean countries have also become attractive targets for cybercrime due to increased economic success and online presence with a low level of cyber resilience. This study examines the online-related activities that affect cybercrime victimization by using the Routine Activity Theory (RAT). The present study seeks to identify activities that contribute to different forms of cybercrime victimization and develop risk models for these crimes, particularly the understudied cyber-dependent crimes of Hacking and Malware. It also aims to explore if there ...


The Challenges Of Identifying Dangers Online And Predictors Of Victimization, Catherine D. Marcum 2021 Appalachian State University, U.S.A.

The Challenges Of Identifying Dangers Online And Predictors Of Victimization, Catherine D. Marcum

International Journal of Cybersecurity Intelligence & Cybercrime

This short paper will provide an overview of the impressive pieces included in this issue of the International Journal of Cybersecurity Intelligence and Cybercrime. This issue includes articles on the following pertinent topic, utilizing a range of approaches and methodologies: 1) online credibility; 2) cyberbullying; and 3) unauthorized access of information. An emphasis on the importance of policy development and better protection of potential victims is a common thread throughout the issue.


Traffic Collision Avoidance System: False Injection Viability, John Hannah, Robert F. Mills, Richard A. Dill, Douglas D. Hodson 2021 Air Force Institute of Technology

Traffic Collision Avoidance System: False Injection Viability, John Hannah, Robert F. Mills, Richard A. Dill, Douglas D. Hodson

Faculty Publications

Safety is a simple concept but an abstract task, specifically with aircraft. One critical safety system, the Traffic Collision Avoidance System II (TCAS), protects against mid-air collisions by predicting the course of other aircraft, determining the possibility of collision, and issuing a resolution advisory for avoidance. Previous research to identify vulnerabilities associated with TCAS’s communication processes discovered that a false injection attack presents the most comprehensive risk to veritable trust in TCAS, allowing for a mid-air collision. This research explores the viability of successfully executing a false injection attack against a target aircraft, triggering a resolution advisory. Monetary constraints ...


Buffer Overflow And Sql Injection In C++, Noah Warren Kapley 2021 Western Kentucky University

Buffer Overflow And Sql Injection In C++, Noah Warren Kapley

Masters Theses & Specialist Projects

Buffer overflows and SQL Injection have plagued programmers for many years. A successful buffer overflow, innocuous or not, damages a computer’s permanent memory. Safer buffer overflow programs are presented in this thesis for the C programs characterizing string concatenation, string copy, and format get string, a C program which takes input and output from a keyboard, in most cases. Safer string concatenation and string copy programs presented in this thesis require the programmer to specify the amount of storage space necessary for the program’s execution. This safety mechanism is designed to help programmers avoid over specifying the amount ...


Improving Memory Forensics Through Emulation And Program Analysis, Ryan Dominick Maggio 2021 Louisiana State University and Agricultural and Mechanical College

Improving Memory Forensics Through Emulation And Program Analysis, Ryan Dominick Maggio

LSU Doctoral Dissertations

Memory forensics is an important tool in the hands of investigators. However, determining if a computer is infected with malicious software is time consuming, even for experts. Tasks that require manual reverse engineering of code or data structures create a significant bottleneck in the investigative workflow. Through the application of emulation software and symbolic execution, these strains have been greatly lessened, allowing for faster and more thorough investigation. Furthermore, these efforts have reduced the barrier for forensic investigation, so that reasonable conclusions can be drawn even by non-expert investigators. While previously Volatility had allowed for the detection of malicious hooks ...


Analysis Of System Performance Metrics Towards The Detection Of Cryptojacking In Iot Devices, Richard Matthews 2021 Dakota State University

Analysis Of System Performance Metrics Towards The Detection Of Cryptojacking In Iot Devices, Richard Matthews

Masters Theses & Doctoral Dissertations

This single-case mechanism study examined the effects of cryptojacking on Internet of Things (IoT) device performance metrics. Cryptojacking is a cyber-threat that involves stealing the computational resources of devices belonging to others to generate cryptocurrencies. The resources primarily include the processing cycles of devices and the additional electricity needed to power this additional load. The literature surveyed showed that cryptojacking has been gaining in popularity and is now one of the top cyberthreats. Cryptocurrencies offer anyone more freedom and anonymity than dealing with traditional financial institutions which make them especially attractive to cybercriminals. Other reasons for the increasing popularity of ...


Digital Commons powered by bepress