Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

4,180 Full-Text Articles 5,787 Authors 3,061,789 Downloads 174 Institutions

All Articles in Information Security

Faceted Search

4,180 full-text articles. Page 1 of 178.

An Llm-Assisted Easy-To-Trigger Poisoning Attack On Code Completion Models: Injecting Disguised Vulnerabilities Against Strong Detection, Shenao YAN, Shen WANG, Yue DUAN, Hanbin HONG, Kiho LEE, Doowon KIM, Yuan HONG 2024 Singapore Management University

An Llm-Assisted Easy-To-Trigger Poisoning Attack On Code Completion Models: Injecting Disguised Vulnerabilities Against Strong Detection, Shenao Yan, Shen Wang, Yue Duan, Hanbin Hong, Kiho Lee, Doowon Kim, Yuan Hong

Research Collection School Of Computing and Information Systems

Large Language Models (LLMs) have transformed code completion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter the model outputs. To address this critical security challenge, we introduce CODEBREAKER, a pioneering LLM-assisted backdoor attack framework on code completion models. Unlike recent attacks that embed malicious payloads in detectable or irrelevant sections of the code (e.g., comments), CODEBREAKER leverages LLMs (e.g., GPT-4) for sophisticated payload transformation (without affecting functionalities), ensuring that both the poisoned data for fine-tuning and generated code can evade strong …


Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui SHI, Yang YANG, Yingjiu LI, Huamin FENG, Hwee Hwa PANG, Robert H. DENG 2024 Singapore Management University

Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

An anonymous transit pass system allows passengers to access transport services within fixed time periods, with their privileges automatically deactivating upon time expiration. Although existing transit pass systems are deployable on powerful devices like PCs, their adaptation to more user-friendly devices, such as mobile phones with smart cards, is inefficient due to their reliance on heavy-weight operations like bilinear maps. In this paper, we introduce an innovative anonymous transit pass system, dubbed Anopas, optimized for deployment on mobile phones with smart cards, where the smart card is responsible for crucial lightweight operations and the mobile phone handles key-independent and time-consuming …


Contextualizing Interpersonal Data Sharing In Smart Homes, Weijia He, Nathan Reitinger, Atheer Almogbil, Yi-Shyuan Chiang, Timothy J. Pierson, David Kotz 2024 Dartmouth College

Contextualizing Interpersonal Data Sharing In Smart Homes, Weijia He, Nathan Reitinger, Atheer Almogbil, Yi-Shyuan Chiang, Timothy J. Pierson, David Kotz

Dartmouth Scholarship

A key feature of smart home devices is monitoring the environment and recording data. These devices provide security via motion-detection video alerts, cost-savings via thermostat usage history, and peace of mind via functions like auto-locking doors or water leak detectors. At the same time, the sharing of this information in interpersonal relationships---though necessary---is currently accomplished on an all-or-nothing basis. This can easily lead to oversharing in a multi-user environment. Although prior work has studied people's perceptions of information sharing with vendors or ISPs, the sharing of household data among users who interact personally is less well understood. Interpersonal situations make …


Development Of Cyber Security Platform For Experiential Learning, Abhishek Vaish, Ravindra Kumar, Samo Bobek, Simona Sternad 2024 Department of IT, Indian Institute of Information Technology, Allahabad

Development Of Cyber Security Platform For Experiential Learning, Abhishek Vaish, Ravindra Kumar, Samo Bobek, Simona Sternad

Journal of Cybersecurity Education, Research and Practice

The cyber security education market has grown-up exponentially, with a CAGR of 13.9 % as reported by Data Intelo. The report published by the World Economic Fo- rum 2023 indicates a shortfall of 2.27 million cyber security experts in 2021 across different roles and hence manifest that Skill-based cyber security education is the need of the hour. Cybersecurity as a field has evolved as a multi-discipline, multi-stakeholder and multi-role discipline. Therefore, the need to address formal education with an outcome-based philosophy is imperative to address for a wider audience with varied past training in their formal education. With the Internet …


Federated Learning Based Autoencoder Ensemble System For Malware Detection On Internet Of Things Devices, Steven Edward Arroyo 2024 Rowan University

Federated Learning Based Autoencoder Ensemble System For Malware Detection On Internet Of Things Devices, Steven Edward Arroyo

Theses and Dissertations

New technologies are being introduced at a rate faster than ever before and smaller in size. Due to the size of these devices, security is often difficult to implement. The existing solution is a firewall-segmented “IoT Network” that only limits the effect of these infected devices on other parts of the network. We propose a lightweight unsupervised hybrid-cloud ensemble anomaly detection system for malware detection. We perform transfer learning using a generalized model trained on multiple IoT device sources to learn network traffic on new devices with minimal computational resources. We further extend our proposed system to utilize federated learning …


An Alternative Approach To Data Carving Portable Document Format (Pdf) Files, Kevin Hughes, Michael Black 2024 University of South Alabama

An Alternative Approach To Data Carving Portable Document Format (Pdf) Files, Kevin Hughes, Michael Black

Journal of Cybersecurity Education, Research and Practice

Traditional data carving relies on the successful identification of headers and trailers, unique hexadecimal signatures which are exclusive to specific file types. This can present a challenge for digital forensics examiners when pitted against modern anti-forensics techniques. The interest of this study is file signature obfuscation, a technique which alters headers and trailers. This research will focus on the development of a new, proof-of-concept algorithm that analyzes content in segments based on unique elements found within the body of a file. The file type being targeted is the Portable Document Format (PDF) and this research is built upon previously successful …


Singleadv: Single-Class Target-Specific Attack Against Interpretable Deep Learning Systems, Eldor Abdukhamidov, Mohammed Abuhamad, George K. Thiruvathukal, Hyoungshick Kim, Tamer Abuhmed 2024 Sung Kyun Kwan University

Singleadv: Single-Class Target-Specific Attack Against Interpretable Deep Learning Systems, Eldor Abdukhamidov, Mohammed Abuhamad, George K. Thiruvathukal, Hyoungshick Kim, Tamer Abuhmed

Computer Science: Faculty Publications and Other Works

In this paper, we present a novel Single-class target-specific Adversarial attack called SingleADV. The goal of SingleADV is to generate a universal perturbation that deceives the target model into confusing a specific category of objects with a target category while ensuring highly relevant and accurate interpretations. The universal perturbation is stochastically and iteratively optimized by minimizing the adversarial loss that is designed to consider both the classifier and interpreter costs in targeted and non-targeted categories. In this optimization framework, ruled by the first- and second-moment estimations, the desired loss surface promotes high confidence and interpretation score of adversarial samples. By …


Supporting South Korea’S Aging Population: How Ai And Iot Acceptance Connects The Young And Old, Bobby Im 2024 USF

Supporting South Korea’S Aging Population: How Ai And Iot Acceptance Connects The Young And Old, Bobby Im

Master's Projects and Capstones

In 2024, South Korea surpassed every other nation by becoming the country with the lowest fertility rate (below 0.7%). Population decline will hinder future ability to care for their aging population and although the government and private corporations are investing millions of dollars on developing Artificial Intelligence-Internet of Things (AI-IoT) devices to support the aging, the acceptance levels and the amount of family support required is undervalued. By examining AI-IoT’s current use and role in South Korea’s public health system this paper shows how intergenerational support helps optimize existing procedures and equipment, increases the level of acceptance and use, and …


Securing The Internet Of Things At Scale, Steven L. Willoughby 2024 Portland State University

Securing The Internet Of Things At Scale, Steven L. Willoughby

Student Research Symposium

The world of the connected “Internet of Things” (IoT), including the "Industrial Internet of Things" (IIoT) is expanding to include more devices which observe and influence our daily lives, routines, locations, and even our state of health. But have the underlying protocols by which they communicate this data kept pace with the need to protect our privacy and security?

My talk will introduce my research into an approach to better secure this information flow using appropriate access controls without sacrificing performance. I will assess the historical challenges and simple access controls applied to IoT networking protocols and how they can …


A Novel Caching Algorithm For Efficient Fine-Grained Access Control In Database Management Systems, Anadi Shakya 2024 Portland State University

A Novel Caching Algorithm For Efficient Fine-Grained Access Control In Database Management Systems, Anadi Shakya

Student Research Symposium

Fine-grained access Control (FGAC) in DBMS is vital for restricting user access to authorized data and enhancing security. FGAC policies govern how users are granted access to specific resources based on detailed criteria, ensuring security and privacy measures. Traditional methods struggle with scaling policies to thousands, causing delays in query responses. This paper introduces a novel caching algorithm designed to address this challenge by accelerating query processing and ensuring compliance with FGAC policies. In our approach, we create a circular hashmap and employ different replacement techniques to efficiently manage the cache, prioritizing entries that are visited more frequently. To evaluate …


Improving Tattle-Tale K-Deniability, Nicholas G.E. Morales 2024 Portland State University

Improving Tattle-Tale K-Deniability, Nicholas G.E. Morales

Student Research Symposium

Ensuring privacy for databases is an ongoing struggle. While the majority of work has focused on using access control lists to protect sensitive data these methods are vulnerable to inference attacks. A set of algorithms, referred to as Tattle-Tale, was developed that could protect sensitive data from being inferred however its runtime performance wasn’t suitable for production code. This set of algorithms contained two main subsets, Full Deniability and K-Deniability. My research focused on improving the runtime or utility of the K-Deniability algorithms. I investigated the runtime of the K-Deniability algorithms to identify what was slowing the process down. Aside …


Generative Machine Learning For Cyber Security, James Halvorsen, Dr. Assefaw Gebremedhin 2024 Washington State University

Generative Machine Learning For Cyber Security, James Halvorsen, Dr. Assefaw Gebremedhin

Military Cyber Affairs

Automated approaches to cyber security based on machine learning will be necessary to combat the next generation of cyber-attacks. Current machine learning tools, however, are difficult to develop and deploy due to issues such as data availability and high false positive rates. Generative models can help solve data-related issues by creating high quality synthetic data for training and testing. Furthermore, some generative architectures are multipurpose, and when used for tasks such as intrusion detection, can outperform existing classifier models. This paper demonstrates how the future of cyber security stands to benefit from continued research on generative models.


Detection Of Jamming Attacks In Vanets, Thomas Justice 2024 East Tennessee State University

Detection Of Jamming Attacks In Vanets, Thomas Justice

Undergraduate Honors Theses

A vehicular network is a type of communication network that enables vehicles to communicate with each other and the roadside infrastructure. The roadside infrastructure consists of fixed nodes such as roadside units (RSUs), traffic lights, road signs, toll booths, and so on. RSUs are devices equipped with communication capabilities that allow vehicles to obtain and share real-time information about traffic conditions, weather, road hazards, and other relevant information. These infrastructures assist in traffic management, emergency response, smart parking, autonomous driving, and public transportation to improve roadside safety, reduce traffic congestion, and enhance the overall driving experience. However, communication between the …


Multi-Script Handwriting Identification By Fragmenting Strokes, Joshua Jude Thomas 2024 University of South Alabama

Multi-Script Handwriting Identification By Fragmenting Strokes, Joshua Jude Thomas

<strong> Theses and Dissertations </strong>

This study tests the effectiveness of Multi-Script Handwriting Identification after simplifying character strokes, by segmenting them into sub-parts. Character simplification is performed through splitting the character by branching-points and end-points, a process called stroke fragmentation in this study. The resulting sub-parts of the character are called stroke fragments and are evaluated individually to identify the writer. This process shares similarities with the concept of stroke decomposition in Optical Character Recognition which attempts to recognize characters through the writing strokes that make them up. The main idea of this study is that the characters of different writing‑scripts (English, Chinese, etc.) may …


Examining Outcomes Of Privacy Risk And Brand Trust On The Adoption Of Consumer Smart Devices, Marianne C. Loes 2024 University of South Alabama

Examining Outcomes Of Privacy Risk And Brand Trust On The Adoption Of Consumer Smart Devices, Marianne C. Loes

<strong> Theses and Dissertations </strong>

With more connected devices on earth than there are people, Internet of Things (IoT) is arguably just as innovative as the original introduction of the Internet. Though much of the research on technology acceptance and adoption has been conducted in organizational settings, the consumer use of IoT technologies, such as smart devices, is becoming a fertile field of research. The merger of these research streams is especially relevant from a societal perspective as smart devices become more embedded in consumer’s daily lives, particularly with the introduction of the “meta verse.” While original technology acceptance research is limited to two system-specific …


Agriculture 4.0 And Beyond: Evaluating Cyber Threat Intelligence Sources And Techniques In Smart Farming Ecosystems, Hang T. Bui, Hamed Aboutorab, Arash Mahboubi, Yansong Gao, Nazatul H. Sultan, Aufeef Chauhan, Mohammad Z. Parvez, Michael Bewong, Rafiqul Islam, Zahid Islam, Seyit A. Camtepe, Praveen Gauravaram, Dineshkumar Singh, M. A. Babar, Shihao Yan 2024 Edith Cowan University

Agriculture 4.0 And Beyond: Evaluating Cyber Threat Intelligence Sources And Techniques In Smart Farming Ecosystems, Hang T. Bui, Hamed Aboutorab, Arash Mahboubi, Yansong Gao, Nazatul H. Sultan, Aufeef Chauhan, Mohammad Z. Parvez, Michael Bewong, Rafiqul Islam, Zahid Islam, Seyit A. Camtepe, Praveen Gauravaram, Dineshkumar Singh, M. A. Babar, Shihao Yan

Research outputs 2022 to 2026

The digitisation of agriculture, integral to Agriculture 4.0, has brought significant benefits while simultaneously escalating cybersecurity risks. With the rapid adoption of smart farming technologies and infrastructure, the agricultural sector has become an attractive target for cyberattacks. This paper presents a systematic literature review that assesses the applicability of existing cyber threat intelligence (CTI) techniques within smart farming infrastructures (SFIs). We develop a comprehensive taxonomy of CTI techniques and sources, specifically tailored to the SFI context, addressing the unique cyber threat challenges in this domain. A crucial finding of our review is the identified need for a virtual Chief Information …


Exploring Decentralized Computing Using Solid And Ipfs For Social Media Applications, Pranav Balasubramanian Natarajan 2024 University of Arkansas, Fayetteville

Exploring Decentralized Computing Using Solid And Ipfs For Social Media Applications, Pranav Balasubramanian Natarajan

Computer Science and Computer Engineering Undergraduate Honors Theses

As traditional centralized social media platforms face growing concerns over data privacy, censorship, and lack of user control, there has been an increasing interest in decentralized alternatives. This thesis explores the design and implementation of a decentralized social media application by integrating two key technologies: Solid and the InterPlanetary File System (IPFS). Solid, led by Sir Tim Berners-Lee, enables users to store and manage their personal data in decentralized "Pods," giving them ownership over their digital identities. IPFS, a peer-to-peer hypermedia protocol, facilitates decentralized file storage and sharing, ensuring content availability and resilience against censorship. By leveraging these technologies, the …


Security And Interpretability In Large Language Models, Lydia Danas 2024 William & Mary

Security And Interpretability In Large Language Models, Lydia Danas

Undergraduate Honors Theses

Large Language Models (LLMs) have the capability to model long-term dependencies in sequences of tokens, and are consequently often utilized to generate text through language modeling. These capabilities are increasingly being used for code generation tasks; however, LLM-powered code generation tools such as GitHub's Copilot have been generating insecure code and thus pose a cybersecurity risk. To generate secure code we must first understand why LLMs are generating insecure code. This non-trivial task can be realized through interpretability methods, which investigate the hidden state of a neural network to explain model outputs. A new interpretability method is rationales, which obtains …


An In-Network Approach For Pmu Missing Data Recovery With Data Plane Programmability, Jack Norris 2024 University of Arkansas, Fayetteville

An In-Network Approach For Pmu Missing Data Recovery With Data Plane Programmability, Jack Norris

Computer Science and Computer Engineering Undergraduate Honors Theses

Phasor measurement unit (PMU) systems often experience unavoidable missing and erroneous measurements, which undermine power system observability and operational effectiveness. Traditional solutions for recovering missing PMU data employ a centralized approach at the control center, resulting in lengthy recovery times due to data transmission and aggregation. In this work, we leverage P4-based programmable networks to expedite missing data recovery. Our approach utilizes the data plane programmability offered by P4 to present an in-network solution for PMU data recovery. We establish a data-plane pipeline on P4 switches, featuring a customized PMU protocol parser, a missing data detection module, and an auto-regressive …


Side Channel Detection Of Pc Rootkits Using Nonlinear Phase Space, Rebecca Clark 2024 University of South Alabama

Side Channel Detection Of Pc Rootkits Using Nonlinear Phase Space, Rebecca Clark

Honors Theses

Cyberattacks are increasing in size and scope yearly, and the most effective and common means of attack is through malicious software executed on target devices of interest. Malware threats vary widely in terms of behavior and impact and, thus, effective methods of detection are constantly being sought from the academic research community to offset both volume and complexity. Rootkits are malware that represent a highly feared threat because they can change operating system integrity and alter otherwise normally functioning software. Although normal methods of detection that are based on signatures of known malware code are the standard line of defense, …


Digital Commons powered by bepress