Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

3,831 Full-Text Articles 5,189 Authors 2,373,476 Downloads 161 Institutions

All Articles in Information Security

Faceted Search

3,831 full-text articles. Page 7 of 161.

A Review Of Dark Web: Crawling And Discovery Of Information, Timothy Williams, Edwin Matthew, Juanjo Rodriguez-Cardenas, Jack Wright, Hossain Shahriar 2022 Kennesaw State University

A Review Of Dark Web: Crawling And Discovery Of Information, Timothy Williams, Edwin Matthew, Juanjo Rodriguez-Cardenas, Jack Wright, Hossain Shahriar

Symposium of Student Scholars

The dark web is often discussed in taboo by many who are unfamiliar with the subject. However, this essay takes a dive into the skeleton of what constructs the dark web by compiling the research of published essays. TOR and other discussed browsers are specialized web browsers that provide anonymity by going through multiple servers and encrypted networks between the host and client, hiding the IP address of both ends. This provides difficulty in terms of controlling or monitoring the dark web, leading to its popularity in criminal underworlds.

In this work, we provide an overview of data mining and …


Deapsecure Computational Training For Cybersecurity: Third-Year Improvements And Impacts, Bahador Dodge, Jacob Strother, Rosby Asiamah, Karina Arcaute, Wirawan Purwanto, Masha Sosonkina, Hongyi Wu 2022 Old Dominion University

Deapsecure Computational Training For Cybersecurity: Third-Year Improvements And Impacts, Bahador Dodge, Jacob Strother, Rosby Asiamah, Karina Arcaute, Wirawan Purwanto, Masha Sosonkina, Hongyi Wu

Modeling, Simulation and Visualization Student Capstone Conference

The Data-Enabled Advanced Training Program for Cybersecurity Research and Education (DeapSECURE) was introduced in 2018 as a non-degree training consisting of six modules covering a broad range of cyberinfrastructure techniques, including high performance computing, big data, machine learning and advanced cryptography, aimed at reducing the gap between current cybersecurity curricula and requirements needed for advanced research and industrial projects. By its third year, DeapSECURE, like many other educational endeavors, experienced abrupt changes brought by the COVID-19 pandemic. The training had to be retooled to adapt to fully online delivery. Hands-on activities were reformatted to accommodate self-paced learning. In this paper, …


Cybersecurity And Threat Modeling, Kumar Setty 2022 Loyola University Chicago

Cybersecurity And Threat Modeling, Kumar Setty

Computer Science Research Seminars and Symposia

An introduction to cybersecurity and threat modeling.


A False Sense Of Security - Organizations Need A Paradigm Shift On Protecting Themselves Against Apts, Srinivasulu R. Vuggumudi 2022 Dakota State University

A False Sense Of Security - Organizations Need A Paradigm Shift On Protecting Themselves Against Apts, Srinivasulu R. Vuggumudi

Masters Theses & Doctoral Dissertations

Organizations Advanced persistent threats (APTs) are the most complex cyberattacks and are generally executed by cyber attackers linked to nation-states. The motivation behind APT attacks is political intelligence and cyber espionage. Despite all the awareness, technological advancements, and massive investment, the fight against APTs is a losing battle for organizations. An organization may implement a security strategy to prevent APTs. However, the benefits to the security posture might be negligible if the measurement of the strategy’s effectiveness is not part of the plan. A false sense of security exists when the focus is on implementing a security strategy but not …


Passing Time And Syncing Secrets: Demonstrating Covert Channel Vulnerabilities In Precision Time Protocol (Ptp), Aron J. Smith-Donovan 2022 Macalester College

Passing Time And Syncing Secrets: Demonstrating Covert Channel Vulnerabilities In Precision Time Protocol (Ptp), Aron J. Smith-Donovan

Mathematics, Statistics, and Computer Science Honors Projects

Covert channels use steganographic approaches to transfer secret digital communications; when applied to network protocols, these strategies can facilitate undetectable data exfiltration and insertion attacks. Because covert channel techniques are protocol- and implementation-specific, individual case studies are necessary to assess for vulnerabilities under different conditions. While several investigations have been published evaluating covert channel potential in infrastructure- and manufacturing-based contexts, no existing research explores Precision Time Protocol (PTP), a time synchronization protocol commonly used in industrial control systems. This study aims to fill this gap by demonstrating the feasibility of a covert channel-based attack on a PTP-enabled network.


Unreasonable: A Strict Liability Solution To The Ftc’S Data Security Problem, James C. Cooper, Bruce H. Kobayashi 2022 Antonin Scalia Law School

Unreasonable: A Strict Liability Solution To The Ftc’S Data Security Problem, James C. Cooper, Bruce H. Kobayashi

Michigan Technology Law Review

For over two decades, the FTC creatively employed its capacious statute to police against shoddy data practices. Although the FTC’s actions were arguably needed at the time to fill a gap in enforcement, there are reasons to believe that its current approach has outlived its usefulness and is in serious need of updating. In particular, our analysis shows that the FTC’s current approach to data security is unlikely to instill anything close to optimal incentives for data holders. These shortcomings cannot be fixed through changes to the FTC enforcement approach, as they are largely generated by a mismatch between the …


Medical Devices And Cybersecurity, Hilary Finch 2022 Old Dominion University

Medical Devices And Cybersecurity, Hilary Finch

School of Cybersecurity Posters

I begin by looking at the role of cybersecurity in the medical world. The healthcare industry adopted information technology quite quickly. While the advancement was obviously beneficial and necessary to keep up with an ever-growing demand, the healthcare industry did not place any kind of pointed focus on the security of their IT department, or the sensitive information housed therein.

When rapid advancements of technology outpaced the gradual advancement of hospital cybersecurity, security concerns became a difficult issue to control. There is a serious need for more advancements in hospital security. Each interconnected medical device has its own unique security …


Security Posture: A Systematic Review Of Cyber Threats And Proactive Security, Amanda Jones 2022 Liberty University

Security Posture: A Systematic Review Of Cyber Threats And Proactive Security, Amanda Jones

Senior Honors Theses

In the last decade, several high-profile cyber threats have occurred with global impact and devastating consequences. The tools, techniques, and procedures used to prevent cyber threats from occurring fall under the category of proactive security. Proactive security methodologies, however, vary among professionals where differing tactics have proved situationally effective. To determine the most effective tactics for preventing exploitation of vulnerabilities, the author examines the attack vector of three incidents from the last five years in a systematic review format: the WannaCry incident, the 2020 SolarWinds SUNBURST exploit, and the recently discovered Log4j vulnerability. From the three cases and existing literature, …


Lyapunov-Based Economic Model Predictive Control For Detecting And Handling Actuator And Simultaneous Sensor/Actuator Cyberattacks On Process Control Systems, Henrique Oyama, Dominic Messina, Keshav Kasturi Rangan, Helen Durand 2022 Department of Chemical Engineering and Materials Science, Wayne State University, Detroit, MI

Lyapunov-Based Economic Model Predictive Control For Detecting And Handling Actuator And Simultaneous Sensor/Actuator Cyberattacks On Process Control Systems, Henrique Oyama, Dominic Messina, Keshav Kasturi Rangan, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

The controllers for a cyber-physical system may be impacted by sensor measurement cyberattacks, actuator signal cyberattacks, or both types of attacks. Prior work in our group has developed a theory for handling cyberattacks on process sensors. However, sensor and actuator cyberattacks have a different character from one another. Specifically, sensor measurement attacks prevent proper inputs from being applied to the process by manipulating the measurements that the controller receives, so that the control law plays a role in the impact of a given sensor measurement cyberattack on a process. In contrast, actuator signal attacks prevent proper inputs from being applied …


Chosen-Instruction Attack Against Commercial Code Virtualization Obfuscators, Shijia LI, Chunfu JIA, Pengda QIU, Qiyuan CHEN, Jiang MING, Debin GAO 2022 Singapore Management University

Chosen-Instruction Attack Against Commercial Code Virtualization Obfuscators, Shijia Li, Chunfu Jia, Pengda Qiu, Qiyuan Chen, Jiang Ming, Debin Gao

Research Collection School Of Computing and Information Systems

—Code virtualization is a well-known sophisticated obfuscation technique that uses custom virtual machines (VM) to emulate the semantics of original native instructions. Commercial VM-based obfuscators (e.g., Themida and VMProtect) are often abused by malware developers to conceal malicious behaviors. Since the internal mechanism of commercial obfuscators is a black box, it is a daunting challenge for the analyst to understand the behavior of virtualized programs. To figure out the code virtualization mechanism and design deobfuscation techniques, the analyst has to perform reverse-engineering on large-scale highly obfuscated programs. This knowledge learning process suffers from painful cost and imprecision. In this project, …


Resil: Revivifying Function Signature Inference Using Deep Learning With Domain-Specific Knowledge, Yan LIN, Debin GAO, David LO 2022 Singapore Management University

Resil: Revivifying Function Signature Inference Using Deep Learning With Domain-Specific Knowledge, Yan Lin, Debin Gao, David Lo

Research Collection School Of Computing and Information Systems

Function signature recovery is important for binary analysis and security enhancement, such as bug finding and control-flow integrity enforcement. However, binary executables typically have crucial information vital for function signature recovery stripped off during compilation. To make things worse, recent studies show that many compiler optimization strategies further complicate the recovery of function signatures with intended violations to function calling conventions.In this paper, we first perform a systematic study to quantify the extent to which compiler optimizations (negatively) impact the accuracy of existing deep learning techniques for function signature recovery. Our experiments show that a state-of-the-art deep learning technique has …


Verifiable Searchable Encryption Framework Against Insider Keyword-Guessing Attack In Cloud Storage, Yinbin MIAO, Robert H. DENG, Kim-Kwang Raymond CHOO, Ximeng LIU, Hongwei LI 2022 Xidian University

Verifiable Searchable Encryption Framework Against Insider Keyword-Guessing Attack In Cloud Storage, Yinbin Miao, Robert H. Deng, Kim-Kwang Raymond Choo, Ximeng Liu, Hongwei Li

Research Collection School Of Computing and Information Systems

Searchable encryption (SE) allows cloud tenants to retrieve encrypted data while preserving data confidentiality securely. Many SE solutions have been designed to improve efficiency and security, but most of them are still susceptible to insider Keyword-Guessing Attacks (KGA), which implies that the internal attackers can guess the candidate keywords successfully in an off-line manner. Also in existing SE solutions, a semi-honest-but-curious cloud server may deliver incorrect search results by performing only a fraction of retrieval operations honestly (e.g., to save storage space). To address these two challenging issues, we first construct the basic Verifiable SE Framework (VSEF), which can withstand …


Securead: A Secure Video Anomaly Detection Framework On Convolutional Neural Network In Edge Computing Environment, Hang CHENG, Ximeng LIU, Huaxiong WANG, Yan FANG, Meiqing WANG, Xiaopeng ZHAO 2022 Fuzhou University

Securead: A Secure Video Anomaly Detection Framework On Convolutional Neural Network In Edge Computing Environment, Hang Cheng, Ximeng Liu, Huaxiong Wang, Yan Fang, Meiqing Wang, Xiaopeng Zhao

Research Collection School Of Computing and Information Systems

Anomaly detection offers a powerful approach to identifying unusual activities and uncommon behaviors in real-world video scenes. At present, convolutional neural networks (CNN) have been widely used to tackle anomalous events detection, which mainly rely on its stronger ability of feature representation than traditional hand-crafted features. However, massive video data and high cost of CNN model training are a challenge to achieve satisfactory detection results for resource-limited users. In this paper, we propose a secure video anomaly detection framework (SecureAD) based on CNN. Specifically, we introduce additive secret sharing to design several calculation protocols for achieving safe CNN training and …


Proposed L-Shape Pattern On Ufs Acm For Risk Analysis, Abhishek Asthana, Padma Lochan Pradhan Dr 2022 Shri Rawatpura Sarkar University, Raipur, India

Proposed L-Shape Pattern On Ufs Acm For Risk Analysis, Abhishek Asthana, Padma Lochan Pradhan Dr

Journal of Digital Forensics, Security and Law

At this cloud age, there is tremendous growth in business, services, resources, and cloud technology. This growth comes with a risk of unsafe, unordered, and uncertainty due to unauthorized access and theft of confidential propriety data. Our objective is to model around Read, Write and Execute to resolve these unordered, unsafe, and uncertain issues. We will develop a L-Shape pattern model matching UFS ACM to minimize the accessibilities based on RIGHT & ROLE of the resources and maximize the quality of services for safety and high availability. The preventive, detective, corrective (PDC) services are the major roles for all levels …


A Combined Approach For Private Indexing Mechanism, Pranita Maruti Desai Ms., Vijay Maruti Shelake Mr. 2022 University of Mumbai

A Combined Approach For Private Indexing Mechanism, Pranita Maruti Desai Ms., Vijay Maruti Shelake Mr.

Journal of Digital Forensics, Security and Law

Private indexing is a set of approaches for analyzing research data that are similar or resemble similar ones. This is used in the database to keep track of the keys and their values. The main subject of this research is private indexing in record linkage to secure the data. Because unique personal identification numbers or social security numbers are not accessible in most countries or databases, data linkage is limited to attributes such as date of birth and names to distinguish between the number of records and the real-life entities they represent. For security reasons, the encryption of these identifiers …


Zero Trust And Advanced Persistent Threats: Who Will Win The War?, Bilge Karabacak, Todd Whittaker 2022 Franklin University

Zero Trust And Advanced Persistent Threats: Who Will Win The War?, Bilge Karabacak, Todd Whittaker

All Faculty and Staff Scholarship

Advanced Persistent Threats (APTs) are state-sponsored actors who break into computer networks for political or industrial espionage. Because of the nature of cyberspace and ever-changing sophisticated attack techniques, it is challenging to prevent and detect APT attacks. 2020 United States Federal Government data breach once again showed how difficult to protect networks from targeted attacks. Among many other solutions and techniques, zero trust is a promising security architecture that might effectively prevent the intrusion attempts of APT actors. In the zero trust model, no process insider or outside the network is trusted by default. Zero trust is also called perimeterless …


An Optimized Machine Learing Framework For Extracting Suicide Factors Using K-Means++ Clustering, Naren S R Mr., Thirumal P C Dr., Sudharson D Dr. 2022 Kumaraguru College of Technology, Coimbatore, India

An Optimized Machine Learing Framework For Extracting Suicide Factors Using K-Means++ Clustering, Naren S R Mr., Thirumal P C Dr., Sudharson D Dr.

International Journal of Computer Science and Informatics

Suicide has emerged as one of the serious problems which should be eradicated from the society. People with suicidal thoughts restrict themselves by not expressing thoughts to the people around them. Studies have shown that people show more interest in expressing their thoughts over social media platforms. So, research has been conducted to identify people with suicidal ideation by analyzing the posts which they posted in social media platforms. Certain studies mined out new factors which influenced people to commit suicide, but those factors had certain drawbacks in it. This paper mainly focuses on overcoming those drawbacks in the factors. …


Intrusion Attacks On Automotive Can And Their Detection, Halley M. Paulson 2022 University of Minnesota - Morris

Intrusion Attacks On Automotive Can And Their Detection, Halley M. Paulson

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

The main highway of communication in a vehicle is the Controller Area Network, commonly known by the acronym CAN. Any vulnerability in this network could allow bad actors to block communication between vehicle subsystems, risking the safety of the vehicle’s occupants. With the ever growing list of vulnerabilities being exposed in the CAN, it is critical to address its safety. This paper looks at one of the known vulnerabilities in the data link layer of the CAN and an Intrusion Detection System that could detect attacks on this network. We detail a few processes of the CAN, arbitration and error …


A Critical Comparison Of Brave Browser And Google Chrome Forensic Artefacts, Stuart Berham, Sarah Morris 2022 Cranfield University

A Critical Comparison Of Brave Browser And Google Chrome Forensic Artefacts, Stuart Berham, Sarah Morris

Journal of Digital Forensics, Security and Law

Digital forensic practitioners are tasked with the identification, recovery and analysis of Internet browser artefacts which may have been used in the pursuit of committing a civil or criminal offence. This research paper critically compares the most downloaded browser, Google Chrome, against an increasingly popular Chromium browser known as Brave, said to offer privacy-by-default. With increasing forensic caseloads, data complexity, and requirements for method validation to satisfy ISO 17025 accreditation, recognising the similarities and differences between the browsers, developed on the same underlying technology is essential. The paper describes a series of conducted experiments and subsequent analysis to identify artefacts …


The Mathematics Of Risk: An Introduction To Guaranteed Data De-Identification, Kristi Thompson 2022 Western University

The Mathematics Of Risk: An Introduction To Guaranteed Data De-Identification, Kristi Thompson

Western Libraries Presentations

This webinar is devoted to the mathematical and theoretical underpinnings of guaranteed data anonymization. Topics covered include an overview of identifiers and quasi-identifiers, an introduction to k-anonymity, a look at some cases where k-anonymity breaks down, and anonymization hierarchies. The presenter will describe a method to assess a survey dataset for anonymization using standard statistical software and consider the question of "anonymization overkill". Much of the academic material looking at data anonymization is quite abstract and aimed at computer scientists, while material aimed at data curators does not always consider recent developments. This webinar is intended to help bridge the …


Digital Commons powered by bepress