Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

3,831 Full-Text Articles 5,189 Authors 2,373,476 Downloads 161 Institutions

All Articles in Information Security

Faceted Search

3,831 full-text articles. Page 1 of 161.

Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach, Tien MAI, Arunesh SINHA 2023 Singapore Management University

Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach, Tien Mai, Arunesh Sinha

Research Collection School Of Computing and Information Systems

Vaccine delivery in under-resourced locations with security risks is not just challenging but also life threatening. The COVID pandemic and the need to vaccinate added even more urgency to this issue. Motivated by this problem, we propose a general framework to set-up limited temporary (vaccination) centers that balance physical security and desired (vaccine) service coverage with limited resources. We set-up the problem as a Stackelberg game between the centers operator (defender) and an adversary, where the set of centers is not fixed a priori but is part of the decision output. This results in a mixed combinatorial and continuous optimization …


Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs, Jazmin Collins, Vitaly Ford 2023 Arcadia University

Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs, Jazmin Collins, Vitaly Ford

Journal of Cybersecurity Education, Research and Practice

The use of the Capture the Flag (CTF)-style competitions has grown popular in a variety of environments as a method to improve or reinforce cybersecurity techniques. However, while these competitions have shown promise in student engagement, enjoyment, and the teaching of essential workforce cybersecurity concepts, many of these CTF challenges have largely focused on cybersecurity as a general topic. Further, most in-school CTF challenges are designed with technical institutes in mind, prepping only experienced or upper-level students in cybersecurity studies for real-world challenges. Our paper aims to focus on the setting of a liberal arts institute, emphasizing secure coding as …


Lightweight Pairwise Key Distribution Scheme For Iots, Kanwalinderjit Kaur 2023 California State University, Bakersfield

Lightweight Pairwise Key Distribution Scheme For Iots, Kanwalinderjit Kaur

Journal of Cybersecurity Education, Research and Practice

Embedding a pairwise key distribution approach in IoT systems is challenging as IoT devices have limited resources, such as memory, processing power, and battery life. This paper presents a secure and lightweight approach that is applied to IoT devices that are divided into Voronoi clusters. This proposed algorithm comprises XOR and concatenation operations for interactive authentication between the server and the IoT devices. Predominantly, the authentication is carried out by the server. It is observed that the algorithm is resilient against man-in-the-middle attacks, forward secrecy, Denial of Service (DoS) attacks, and offers mutual authentication. It is also observed that the …


Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman 2023 University of Southern Maine

Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman

Journal of Cybersecurity Education, Research and Practice

The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as cybersecurity workers prepared to do research, lead multidisciplinary, technical teams, and educate stakeholders and community members. CAP also reinforces leadership skills so that the next generation of cybersecurity professionals becomes a sustainable source of management talent for the program and profession. The remote curriculum innovatively builds non-technical professional skills (communications, teamwork, leadership) for cybersecurity research …


Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh 2023 University of Alabama at Birmingham

Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh

Journal of Cybersecurity Education, Research and Practice

Internet-of-Things (IoT) research has primarily focused on identifying IoT devices' organizational risks with little attention to consumer perceptions about IoT device risks. The purpose of this study is to understand consumer risk perceptions for personal IoT devices and translate these perceptions into guidance for future research directions. We conduct a sequential, mixed-methods study using multi-panel Delphi and thematic analysis techniques to understand consumer risk perceptions. The results identify four themes focused on data exposure and user experiences within IoT devices. Our thematic analysis also identified several emerging risks associated with the evolution of IoT device functionality and its potential positioning …


Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid 2023 University of West Florida

Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid

Journal of Cybersecurity Education, Research and Practice

The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted …


Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk 2023 University of Padua

Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk

Journal of Cybersecurity Education, Research and Practice

Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: 1) they store employees and students sensitive data, 2) they save confidential documents, 3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of Redacted aimed to identify the people, and the features of such people, that are more susceptible to phishing attacks. We delivered phishing emails to 1.508 subjects in three separate batches, collecting a clickrate equal to 30%, 11% and 13%, respectively. We considered several features (i.e., age, gender, role, working/studying field, email template) …


Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant 2023 Virginia Tech

Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant

Department of Electrical and Computer Engineering Faculty Publications

Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …


Challenges And Measurements For Governance Of Modern Cyber Space Society, Pinghui WANG, Hongbin PEI, Junzhou ZHAO, Tao QIN, Chao SHEN, Dongliang LIU, Xiaohong GUAN 2022 MOE Key Lab for Intelligent Networks and Network Security, Xi'an Jiaotong University, Xi'an 710049, China

Challenges And Measurements For Governance Of Modern Cyber Space Society, Pinghui Wang, Hongbin Pei, Junzhou Zhao, Tao Qin, Chao Shen, Dongliang Liu, Xiaohong Guan

Bulletin of Chinese Academy of Sciences (Chinese Version)

The rapid development of information technology has unprecedentedly created a prosperous cyber society and greatly enhanced productivity facilitated by social interaction. At the same time, many problems emerge in the cyber society, such as telecom fraud, privacy leakage, Internet pollution, and algorithmic discrimination. The problems bring new challenges to social order and security. In order to find the way of cyber society governance and promote the modernization of national governance, this paper first presents the analyses on the new problems encountered in the cyber society in three typical scenarios, i.e., identity governance, behavior governance, and algorithm governance, as well as …


Payload-Byte: A Tool For Extracting And Labeling Packet Capture Files Of Modern Network Intrusion Detection Datasets, Yasir Farrukh, Irfan Khan, Syed Wali, David A. Bierbrauer, John Pavlik, Nathaniel D. Bastian 2022 Army Cyber Institute, United States Military Academy

Payload-Byte: A Tool For Extracting And Labeling Packet Capture Files Of Modern Network Intrusion Detection Datasets, Yasir Farrukh, Irfan Khan, Syed Wali, David A. Bierbrauer, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

Adapting modern approaches for network intrusion detection is becoming critical, given the rapid technological advancement and adversarial attack rates. Therefore, packet-based methods utilizing payload data are gaining much popularity due to their effectiveness in detecting certain attacks. However, packet-based approaches suffer from a lack of standardization, resulting in incomparability and reproducibility issues. Unlike flow-based datasets, no standard labeled dataset exists, forcing researchers to follow bespoke labeling pipelines for individual approaches. Without a standardized baseline, proposed approaches cannot be compared and evaluated with each other. One cannot gauge whether the proposed approach is a methodological advancement or is just being benefited …


Software Supply Chain Security Attacks And Analysis Of Defense, Juanjose Rodriguez-Cardenas, Jobair Hossain Faruk, Masura Tansim, Asia Shavers, Corey Brookins, Shamar Lake, Ava Norouzi, Marie Nassif, Kenneth Burke, Miranda Dominguez 2022 Kennesaw State University

Software Supply Chain Security Attacks And Analysis Of Defense, Juanjose Rodriguez-Cardenas, Jobair Hossain Faruk, Masura Tansim, Asia Shavers, Corey Brookins, Shamar Lake, Ava Norouzi, Marie Nassif, Kenneth Burke, Miranda Dominguez

Symposium of Student Scholars

The Software Supply chain or SSC is the backbone of the logistics industry and is crucial to a business's success and operation. The surge of attacks and risks for the SSC has grown in coming years with each attack's impact becoming more significant. These attacks have led to the leaking of both client and company sensitive information, corruption of the data, and having it subject to malware and ransomware installation, despite new practices implemented and investments into SSC security and its branches that have not stopped attackers from developing new vulnerabilities and exploits. In our research, we have investigated Software …


Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore 2022 Kennesaw State University

Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore

Symposium of Student Scholars

Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage are the reasons for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …


Addressing Human Error Through Effective Cyber Policy Design, Katherine Amoresano 2022 University at Albany, State University of New York

Addressing Human Error Through Effective Cyber Policy Design, Katherine Amoresano

Emergency Preparedness, Homeland Security, and Cybersecurity

Human error is a significant contributing factor to the rise in Cybersecurity attacks regardless of increased technical control implemented to safeguard Information systems. Adversaries can circumvent technical safeguards due to human errors which result from inadequate enforceable policies and training on Cybersecurity for the everyday user. Several studies and articles show that the majority of successful attacks are human enabled, proving the need for human-centric cybersecurity research and practices. This exploratory work reviews the human aspect of Cybersecurity by investigating the cybersecurity policies at SUNY Albany and other SUNY institutions. We used a survey of students and faculty members at …


Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing, Matthew A. Peterson 2022 University of South Alabama

Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing, Matthew A. Peterson

Theses and Dissertations

Selfish mining is an attack against a blockchain where miners hide newly discovered blocks instead of publishing them to the rest of the network. Selfish mining has been a potential issue for blockchains since it was first discovered by Eyal and Sirer. It can be used by malicious miners to earn a disproportionate share of the mining rewards or in conjunction with other attacks to steal money from network users. Several of these attacks were launched in 2018, 2019, and 2020 with the attackers stealing as much as $18 Million. Developers made several different attempts to fix this issue, but …


A Cybersecurity Assessment Of Health Data Ecosystems, Michelle N. Halsey 2022 Boise State University

A Cybersecurity Assessment Of Health Data Ecosystems, Michelle N. Halsey

Cyber Operations and Resilience Program Graduate Projects

This paper is an exploratory study that investigates data collected and used by health plans and reviews the laws and regulations governing this data to identify the gaps in protections and provide recommendations for eliminating these gaps. Health insurance companies collect a wide array of data about the people they insure, data that is often only peripherally relevant to the service these companies provide. The data environment currently consists of seven categories of data: personal health information, summary health information, personally identifiable information, financial information, professional information, biometric information, and lifestyle data or social indicators of health. Much of this …


Sleepmore: Inferring Sleep Duration At Scale Via Multi-Device Wifi Sensing, Camellia ZAKARIA, Gizem YILMAZ, Priyanka MAMMEN, Michael CHEE, Prashant SHENOY, Rajesh Krishna BALAN 2022 Singapore Management University

Sleepmore: Inferring Sleep Duration At Scale Via Multi-Device Wifi Sensing, Camellia Zakaria, Gizem Yilmaz, Priyanka Mammen, Michael Chee, Prashant Shenoy, Rajesh Krishna Balan

Research Collection School Of Computing and Information Systems

The availability of commercial wearable trackers equipped with features to monitor sleep duration and quality has enabled more useful sleep health monitoring applications and analyses. However, much research has reported the challenge of long-term user retention in sleep monitoring through these modalities. Since modern Internet users own multiple mobile devices, our work explores the possibility of employing ubiquitous mobile devices and passive WiFi sensing techniques to predict sleep duration as the fundamental measure for complementing long-term sleep monitoring initiatives. In this paper, we propose SleepMore, an accurate and easy-to-deploy sleep-tracking approach based on machine learning over the user's WiFi network …


Secure Decentralized Blockchain Based Web Application For Medical Records, Sri Harshini Popuri, Liang Zhao 2022 Kennesaw State University

Secure Decentralized Blockchain Based Web Application For Medical Records, Sri Harshini Popuri, Liang Zhao

Symposium of Student Scholars

The online storage and sharing of electronic health records has undergone a paradigm shift in recent years. The introduction of a centralized cloud computing concept to streamline records transfer between patients and healthcare providers has been an easy task. As a result, the availability of electronically stored health records with minimal operational costs is made possible, but the primary concern is related to the privacy and security of records. How can we securely exchange medical documents online while maintaining strong security standards? This research suggests a framework that fuses online federated learning with blockchain technology. In particular, we develop a …


Studies On The Development Of China’S Network And Information Security, Jiwu JING 2022 School of Cryptography, University of Chinese Academy of Sciences, Beijing 100049, China

Studies On The Development Of China’S Network And Information Security, Jiwu Jing

Bulletin of Chinese Academy of Sciences (Chinese Version)

No abstract provided.


Accurately Grasp The New Features Of Cybersecurity Technology Development And Fully Promote The Modernization Of National Security System And Capabilities, Dengguo FENG 2022 Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

Accurately Grasp The New Features Of Cybersecurity Technology Development And Fully Promote The Modernization Of National Security System And Capabilities, Dengguo Feng

Bulletin of Chinese Academy of Sciences (Chinese Version)

No abstract provided.


The Role Of It In Campus Sustainability Efforts: Model Sustainability In It Operations, Infrastructure, Cybersecurity, And Teaching And Learning, J. T. Singh, Kevin Partridge, Teresa Hudson, Pete Calvert 2022 West Chester University of Pennsylvania

The Role Of It In Campus Sustainability Efforts: Model Sustainability In It Operations, Infrastructure, Cybersecurity, And Teaching And Learning, J. T. Singh, Kevin Partridge, Teresa Hudson, Pete Calvert

Sustainability Research & Practice Seminar Presentations

JT Singh (and colleagues), WCU Information Services and Technology - The Role of IT in Campus Sustainability Efforts


Digital Commons powered by bepress