Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

1526 Full-Text Articles 1819 Authors 405536 Downloads 81 Institutions

All Articles in Information Security

Faceted Search

1526 full-text articles. Page 1 of 58.

Cybercrime Deterrence And International Legislation: Evidence From Distributed Denial Of Service Attacks, Kai-Lung HUI, Seung Hyun KIM, QIU-HONG WANG 2017 Singapore Management University

Cybercrime Deterrence And International Legislation: Evidence From Distributed Denial Of Service Attacks, Kai-Lung Hui, Seung Hyun Kim, Qiu-Hong Wang

Research Collection School Of Information Systems

In this paper, we estimate the impact of enforcing the Convention on Cybercrime (COC) on deterring distributed denial of service (DDOS) attacks. Our data set comprises a sample of real, random spoof-source DDOS attacks recorded in 106 countries in 177 days in the period 2004-2008. We find that enforcing the COC decreases DDOS attacks by at least 11.8 percent, but a similar deterrence effect does not exist if the enforcing countries make a reservation on international cooperation. We also find evidence of network and displacement effects in COC enforcement. Our findings imply attackers in cyberspace are rational, motivated by ...


Investigation Into The Formation Of Information Security Influence: Network Analysis Of An Emerging Organisation, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno 2017 RMIT University

Investigation Into The Formation Of Information Security Influence: Network Analysis Of An Emerging Organisation, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno

Siddhi Pittayachawan

While prior research has been examining information security behaviours in mature environments with formal policies and practices, there is less attention paid to new or transforming environments that lack security controls. It is crucial to understand what factors affect the formation of an emerging information security environment, so that security managers can make use of the forming mechanisms to improve the security environment without relying too much on enforcement. This research adopts exponential random graph modeling to predict the occurrence of information security influence among 114 employees in a recently established construction organisation. Our empirical findings show that physically co-locating ...


Applications Of Social Network Analysis In Behavioural Information Security Research: Concepts And Empirical Analysis, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno 2017 RMIT University

Applications Of Social Network Analysis In Behavioural Information Security Research: Concepts And Empirical Analysis, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno

Siddhi Pittayachawan

The rapid digital transformation and technological disruption in modern organisations demand the development of people-centric security workplaces, whereby the employees can build up their security awareness and accountability for their actions via participation in the organisation's social networks. The social network analysis approach offers a wide array of analytical capabilities to examine in-depth the interactions and relations within an organisation, which assists the development of such security workplaces. This paper proposes the novel and practical adoption of social network analysis methods in behavioural information security field. To this end, we discuss the core features of the social network analysis ...


How Much Should We Teach The Enigma Machine?, Jeffrey A. Livermore 2017 University of Michigan-Flint

How Much Should We Teach The Enigma Machine?, Jeffrey A. Livermore

Journal of Cybersecurity Education, Research and Practice

Developing courses and programs in Information Assurance can feel like trying to force ten pounds of flour into a five pound sack. We want to pack more into our courses than we have time to teach. As new technologies develop, we often find it necessary to drop old technologies out of the curriculum and our students miss out on the historical impacts the old technologies had. The discipline is so broad and deep that we have to carefully choose what concepts and technologies we study in depth, what we mention in passing, and what we leave out. Leaving out important ...


Cyber Security For Everyone: An Introductory Course For Non-Technical Majors, Marc J. Dupuis 3525016 2017 University of Washington Bothell

Cyber Security For Everyone: An Introductory Course For Non-Technical Majors, Marc J. Dupuis 3525016

Journal of Cybersecurity Education, Research and Practice

In this paper, we describe the need for and development of an introductory cyber security course. The course was designed for non-technical majors with the goal of increasing cyber security hygiene for an important segment of the population—college undergraduates. While the need for degree programs that focus on educating and training individuals for occupations in the ever-growing cyber security field is critically important, the need for improved cyber security hygiene from the average everyday person is of equal importance. This paper discusses the approach used, curriculum developed, results from two runs of the course, and frames the overall structure ...


Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia III, Greg Randall, Jay Snellen 2017 Jacksonville State University

Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia Iii, Greg Randall, Jay Snellen

Journal of Cybersecurity Education, Research and Practice

Industrial Control Systems (ICS), which are pervasive in our nation’s critical infrastructures, are becoming increasingly at risk and vulnerable to internal and external threats. It is imperative that the future workforce be educated and trained on the security of such systems. However, it is equally important that careful and deliberate considerations must be exercised in designing and implementing the educational and training activities that pertain to ICS. To that end, we designed and implemented pedagogical materials and tools to facilitate the teaching and learning processes in the area of ICS security. In this paper, we describe those resources, the ...


From The Editors, Carole L. Hollingsworth, Michael E. Whitman, Herbert J. Mattord 2017 Kennesaw State University

From The Editors, Carole L. Hollingsworth, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Welcome to the third issue of the Journal of Cybersecurity Education, Research and Practice (JCERP).


Stay Safe Online!, Jenny Blaine 2017 University of Minnesota

Stay Safe Online!, Jenny Blaine

Innovate! Teaching with Technology Conference

Inform audience of potential online threats to their online security and reasons for that; empower audience to employ best practices to protect themselves during online activities.

Multiple Audiences


Feature Selection In Intrusion Detection System Over Mobile Ad-Hoc Network, Xia Wang, Tu-liang Lin, Johnny S. Wong 2017 Iowa State University

Feature Selection In Intrusion Detection System Over Mobile Ad-Hoc Network, Xia Wang, Tu-Liang Lin, Johnny S. Wong

Johnny Wong

As Mobile ad-hoc network (MANET) has become a very important technology the security problem, especially, intrusion detection technique research has attracted many people�s effort. MANET is more vulnerable than wired network and suffers intrusion like wired network. This paper investigated some intrusion detection techniques using machine learning and proposed a profile based neighbor monitoring intrusion detection method. Further analysis shows that the features collected by each node are too many for wireless devices with limited capacity. We apply Markov Blanket algorithm [1] to the feature selection of the intrusion detection method. Experimental studies have shown that Markov Blanket algorithm ...


The Methodology For Evaluating Response Cost For Intrusion Response Systems, Christopher Roy Strasburg, Natalia Stakhanova, Samik Basu, Johnny S. Wong 2017 Iowa State University

The Methodology For Evaluating Response Cost For Intrusion Response Systems, Christopher Roy Strasburg, Natalia Stakhanova, Samik Basu, Johnny S. Wong

Johnny Wong

Recent advances in the field of intrusion detection brought new requirements to intrusion prevention and response. Traditionally, the response to the detected attack was selected and deployed manually, in the recent years the focus has shifted towards developing automated and semi-automated methodologies for responding to intrusions. In this context, the cost-sensitive intrusion response models have gained the most interest mainly due to their emphasis on the balance between potential damage incurred by the intrusion and cost of the response. However, one of the challenges in applying this approach is defining consistent and adaptable measurement of these cost factors on the ...


A Taxonomy Of Intrusion Response Systems, Natalia Stakhanova, Samik Basu, Johnny S. Wong 2017 Iowa State University

A Taxonomy Of Intrusion Response Systems, Natalia Stakhanova, Samik Basu, Johnny S. Wong

Johnny Wong

Recent advances in intrusion detection field brought new requirements to intrusion prevention and response. Traditionally, the response to an attack was manually triggered by an administrator. However, increased complexity and speed of the attack-spread during recent years showed acute necessity for complex dynamic response mechanisms. Although intrusion detection systems are being actively developed, research efforts in intrusion response are still isolated. In this work we present taxonomy of intrusion response systems, together with a review of current trends in intrusion response research. We also provide a set of essential fetures as a requirement for an ideal intrusion response system.


Distributed Denial Of Service Ddos Attack, robert joodat 2017 Selected Works

Distributed Denial Of Service Ddos Attack, Robert Joodat

User

This purpose of this report investigates the present state of Internet of Things (IoT) devices. It highlights the current security issues of using IoT devices, and discuss its possible solutions to maximise security and minimise DDoS and cyberattacks. The measures that needs to be considered to prevent attack on IoT devices from Mirai botnet has been highlighted, which include the use of cloudflare's orbit and other general security practices. Cloudflare’s orbit allows manufactures to implement virtual patchs for vulnerabilities found in IoT devices until those vulnerabilities are fixed through software updates. 


Encryption Backdoors: A Discussion Of Feasibility, Ethics, And The Future Of Cryptography, Jennifer A. Martin 2017 Seattle Pacific University

Encryption Backdoors: A Discussion Of Feasibility, Ethics, And The Future Of Cryptography, Jennifer A. Martin

Honors Projects

In the age of technological advancement and the digitization of information, privacy seems to be all but an illusion. Encryption is supposed to be the white knight that keeps our information and communications safe from unwanted eyes, but how secure are the encryption algorithms that we use? Do we put too much trust in those that are charged with implementing our everyday encryption systems? This paper addresses the concept of backdoors in encryption: ways that encryption systems can be implemented so that the security can be bypassed by those that know about its existence. Many governments around the world are ...


Adding Differential Privacy In An Open Board Discussion Board System, Pragya Rana 2017 San Jose State University

Adding Differential Privacy In An Open Board Discussion Board System, Pragya Rana

Master's Projects

This project implements a privacy system for statistics generated by the Yioop search and discussion board system. Statistical data for such a system consists of various counts, sums, and averages that might be displayed for groups, threads, etc. When statistical data is made publicly available, there is no guarantee of preserving the privacy of an individual. Ideally, any data extracted should not reveal any sensitive information about an individual. In order to help achieve this, we implemented a Differential Privacy mechanism for Yioop. Differential privacy preserves privacy up to some controllable parameters of the number of items or individuals being ...


Transcriptase–Light: A Polymorphic Virus Construction Kit, Saurabh Borwankar 2017 San Jose State University

Transcriptase–Light: A Polymorphic Virus Construction Kit, Saurabh Borwankar

Master's Projects

Many websites use JavaScript to display dynamic and interactive content. Hence, attackers are developing JavaScript–based malware. In this paper, we focus on Transcriptase JavaScript malware.

The high–level and dynamic nature of the JavaScript language helps malware writers to create polymorphic and metamorphic malware using obfuscation techniques. These types of malware change their internal structure on each infection, making them difficult to detect with traditional methods. These types of malware can be detected using machine learning methods.

This project creates Transcriptase–Light, a new polymorphic construction kit. We perform an experiment with the Transcriptase–Light against a hidden Markov ...


Policy-Agnostic Programming On The Client-Side, Kushal Palesha 2017 San Jose State University

Policy-Agnostic Programming On The Client-Side, Kushal Palesha

Master's Projects

Browser security has become a major concern especially due to web pages becoming more complex. These web applications handle a lot of information, including sensitive data that may be vulnerable to attacks like data exfiltration, cross-site scripting (XSS), etc. Most modern browsers have security mechanisms in place to prevent such attacks but they still fall short in preventing more advanced attacks like evolved variants of data exfiltration. Moreover, there is no standard that is followed to implement security into the browser.

A lot of research has been done in the field of information flow security that could prove to be ...


Implementing Dynamic Coarse & Fine Grained Taint Analysis For Rhino Javascript, Tejas Saoji 2017 San Jose State University

Implementing Dynamic Coarse & Fine Grained Taint Analysis For Rhino Javascript, Tejas Saoji

Master's Projects

Web application systems today are at great risk from attackers. They use methods like cross-site scripting, SQL injection, and format string attacks to exploit vulnerabilities in an application. Standard techniques like static analysis, code audits seem to be inadequate in successfully combating attacks like these. Both the techniques point out the vulnerabilities before an application is run. However, static analysis may result in a higher rate of false positives, and code audits are time-consuming and costly. Hence, there is a need for reliable detection mechanisms.

Dynamic taint analysis offers an alternate solution — it marks the incoming data from the untrusted ...


Dynamic Information Flow Analysis In Ruby, Vigneshwari Chandrasekaran 2017 San Jose State University

Dynamic Information Flow Analysis In Ruby, Vigneshwari Chandrasekaran

Master's Projects

With the rapid increase in usage of the internet and online applications, there is a huge demand for applications to handle data privacy and integrity. Applications are already complex with business logic; adding the data safety logic would make them more complicated. The more complex the code becomes, the more possibilities it opens for security-critical bugs. To solve this conundrum, we can push this data safety handling feature to the language level rather than the application level. With a secure language, developers can write their application without having to worry about data security.

This project introduces dynamic information flow analysis ...


Development Of Peer Instruction Material For A Cybersecurity Curriculum, William Johnson 2017 University of New Orleans

Development Of Peer Instruction Material For A Cybersecurity Curriculum, William Johnson

University of New Orleans Theses and Dissertations

Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses ...


Malware Analysis And Privacy Policy Enforcement Techniques For Android Applications, Aisha Ibrahim Ali-Gombe 2017 University of New Orleans

Malware Analysis And Privacy Policy Enforcement Techniques For Android Applications, Aisha Ibrahim Ali-Gombe

University of New Orleans Theses and Dissertations

The rapid increase in mobile malware and deployment of over-privileged applications over the years has been of great concern to the security community. Encroaching on user’s privacy, mobile applications (apps) increasingly exploit various sensitive data on mobile devices. The information gathered by these applications is sufficient to uniquely and accurately profile users and can cause tremendous personal and financial damage.

On Android specifically, the security and privacy holes in the operating system and framework code has created a whole new dynamic for malware and privacy exploitation. This research work seeks to develop novel analysis techniques that monitor Android applications ...


Digital Commons powered by bepress