Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Security (4)
- Anomaly detection (2)
- Information leakage (2)
- Information security (2)
- Security architecture (2)
-
- 802.11r (1)
- 802.11w (1)
- ADSL routers (1)
- Access Point Nonce authentication (1)
- Advanced persistent threats (1)
- Always best connected (1)
- Asset identification (1)
- Attack strings (1)
- Behavioural biometrics (1)
- Behavioural intrusion detection (1)
- Business practice (1)
- Cell security (1)
- Clam Antivirus (1)
- Client puzzle (1)
- Compliance (1)
- Computer security (1)
- Conceptual Modelling (1)
- Confidentiality (1)
- Consequences and counter measure for mobile threats (1)
- Contactless card (1)
- Cross-Site Scripting (1)
- Cyber espionage (1)
- Denial of Service (DoS) (1)
- Denial of Service attacks (1)
- Derivatives (1)
Articles 1 - 19 of 19
Full-Text Articles in Physical Sciences and Mathematics
Mahalanobis Distance Map Approach For Anomaly Detection, Aruna Jamdagnil, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
Mahalanobis Distance Map Approach For Anomaly Detection, Aruna Jamdagnil, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu
Australian Information Security Management Conference
Web servers and web-based applications are commonly used as attack targets. The main issues are how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction …
An Information Security Governance Framework For Australian Primary Care Health Providers, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A H Williams
An Information Security Governance Framework For Australian Primary Care Health Providers, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A H Williams
Australian Information Security Management Conference
The competitive nature of business and society means that the protection of information, and governance of the information security function, is increasingly important. This paper introduces the notion of a governance framework for information security for health providers. It refines the idea of an IT Balanced Scorecard into a scorecard process for use in governing information security for primary care health providers, where IT and security skills may be limited. The approach amends and justifies the four main elements of the scorecard process. The existence of a governance framework specifically tailored for the needs of primary care practice is a …
Information Security Disclosure: A Victorian Case Study, Ian Rosewall, Matthew Warren
Information Security Disclosure: A Victorian Case Study, Ian Rosewall, Matthew Warren
Australian Information Security Management Conference
This paper will focus upon the impact of Generation Y and their attitudes to security. The paper will be based around discussing the findings of a recent report by the Office of Police Integrity (OPI) on “Information Security and the Victoria Police State Surveillance Unit”. Issues that will be discussed include the context of Generation Y and how they contribute to the case study, their attitudes, or their perceived attitudes to security of information. A discussion of the OPI report itself, and the issues that have arisen. A brief overview of the key findings within this report and the implications …
Yet Another Symbian Vulnerability Update, Nizam Uddin Bhuiyan
Yet Another Symbian Vulnerability Update, Nizam Uddin Bhuiyan
Australian Information Security Management Conference
The more the mobile devices are approaching to advance their security, the numbers of vulnerabilities are also becoming more astonishing. The number of mobile phones including smart phones is rising vertically, and so has the amount of malware activity. This report documents the latest threats in Symbian mobile industry and analyses the consequence. In addition, it will suggest the possible solution that may help individuals to protect their device & ultimately maintain the privacy.
Organisational Learning And Incident Response: Promoting Effective Learning Through The Incident Response Process, Piya Shedden, Atif Ahmad, A B. Ruighaver
Organisational Learning And Incident Response: Promoting Effective Learning Through The Incident Response Process, Piya Shedden, Atif Ahmad, A B. Ruighaver
Australian Information Security Management Conference
Effective response to information security incidents is a critical function of modern organisations. However, recent studies have indicated that organisations have adopted a narrow and technical view of incident response (IR), focusing on the immediate concern of detection and subsequent corrective actions. Although some reflection on the IR process may be involved, it is typically limited to technical issues and does not leverage opportunities to learn about the organisational security threat environment and to adapt incident response capabilities. Given the science of incident response is rooted in practice, it is not surprising that the same criticisms can be applied to …
An Analytical Study Of It Security Governance And Its Adoption On Australian Organisations, Tanveer A. Zia
An Analytical Study Of It Security Governance And Its Adoption On Australian Organisations, Tanveer A. Zia
Australian Information Security Management Conference
Contemporary organisations are at infancy stages of adopting IT governance processes in Australia. Organisations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This study investigates IT security governance broadly and in Australian organisations specifically. The objective of this study is to bring the local organisations in alignment with international standards and frameworks in terms of integration of information security, IT audits, risks and control measures. A survey of selected organisations is completed and results are presented in this paper identifying the …
Detect And Sanitise Encoded Cross-Site Scripting And Sql Injection Attack Strings Using A Hash Map, Erwin Adi, Irene Salomo
Detect And Sanitise Encoded Cross-Site Scripting And Sql Injection Attack Strings Using A Hash Map, Erwin Adi, Irene Salomo
Australian Information Security Management Conference
Cross-Site Scripting (XSS) and SQL injection are the top vulnerabilities found in web applications. Attacks to these vulnerabilities could have been minimised through placing a good filter before the web application processes the malicious strings. However adversaries could craft variations on the attack strings in such a way that they do not get filtered. Checking through all of the possible attack strings was tedious and causes the web application performance to degrade. In this paper, we propose the use of a hash map as a data structure to address the issue. We implemented a proof-of-concept filter which we tested through …
Threat Modelling With Stride And Uml, Michael N. Johnstone
Threat Modelling With Stride And Uml, Michael N. Johnstone
Australian Information Security Management Conference
Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more …
A Novel Design And Implementation Of Dos-Resistant Authentication And Seamless Handoff Scheme For Enterprise Wlans, Isaac Lee, Ray Hunt
A Novel Design And Implementation Of Dos-Resistant Authentication And Seamless Handoff Scheme For Enterprise Wlans, Isaac Lee, Ray Hunt
Australian Information Security Management Conference
With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design …
Information Leakage Through Online Social Networking: Opening The Doorway For Advanced Persistence Threats, Nurul Nuha Abdul Molok, Shanton Chang, Atif Ahmad
Information Leakage Through Online Social Networking: Opening The Doorway For Advanced Persistence Threats, Nurul Nuha Abdul Molok, Shanton Chang, Atif Ahmad
Australian Information Security Management Conference
The explosion of online social networking (OSN) in recent years has caused damages to organisations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realise their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targeted on key employees of victim organisations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage and provides an explanation about the underlying factors of …
A Proposed Policy-Based Management Architecture For Wireless Clients Operating In A Heterogeneous Mobile Environment, Mayank Keshariya, Ray Hunt
A Proposed Policy-Based Management Architecture For Wireless Clients Operating In A Heterogeneous Mobile Environment, Mayank Keshariya, Ray Hunt
Australian Information Security Management Conference
The objective of this paper is to provide a managed always best connected service to mobile entities over underlying heterogeneous wireless and mobile platforms while maintaining negotiated security and quality of service (QoS). This paper proposes a new model and its architecture which is based upon Policy-based Management but provides a new framework based on layered-approach for the centralised management of mobile clients. In particular, we propose and implement a new model of a policy-managed mobile client and its architecture to support seamless handoff across multiple access networks. The proposed mobile client supports multi-domain authentication, authorisation and security based on …
Micro-Blogging In The Workplace, Chia Yao Lee, Matthew Warren
Micro-Blogging In The Workplace, Chia Yao Lee, Matthew Warren
Australian Information Security Management Conference
Micro-blogging services such as Twitter, Yammer, Plurk and Google Buzz have generated substantial interest among members of the business community in recent years. Many CEOs, managers and front-line employees have embraced micro-blogs as a tool for interacting with colleagues, employees, customers, suppliers and investors. Micro-blogs are considered a more informal channel than emails and official websites, and thus present a different set of challenges to businesses. As a positional paper, this paper uses a case study of a bogus Twitter account to emphasise security and ethical issues relating to (i) Trust, Accuracy and Authenticity of Information, (ii) Privacy and Confidentiality, …
Anomaly Detection Over User Profiles For Intrusion Detection, Grant Pannell, Helen Ashman
Anomaly Detection Over User Profiles For Intrusion Detection, Grant Pannell, Helen Ashman
Australian Information Security Management Conference
Intrusion detection systems (IDS) have often been used to analyse network traffic to help network administrators quickly identify and respond to intrusions. These detection systems generally operate over the entire network, identifying “anomalies” atypical of the network’s normal collective user activities. We show that anomaly detection could also be host-based so that the normal usage patterns of an individual user could be profiled. This enables the detection of masquerading intruders by comparing a learned user profile against the current session’s profile. A prototype behavioural IDS applies the concept of anomaly detection to user behaviour and compares the effects of using …
The Complexity Of Security Studies In Nfc Payment System, Marc Pasquet, Sylvie Gerbaix
The Complexity Of Security Studies In Nfc Payment System, Marc Pasquet, Sylvie Gerbaix
Australian Information Security Management Conference
If we compare the security problem of a face-to-face contactless card payment process with a mobile phone NFC payment process, we may easily consider that the latter is far more difficult to study. Indeed, the more partners from different organizations involved in the process there are, the more complex the studies are and, accordingly, its protection. As well as the current solutions applied to studying the electronic payment security chain (Common Criteria, ISO 27005, etc), the James Reason model has pointed out the specific risks implied by the interaction between the different links in a complex chain. His theory has …
Development And Evaluation Of A Secure Web Gateway Using Existing Icap Open Source Tools, Michael Pearce, Ray Hunt
Development And Evaluation Of A Secure Web Gateway Using Existing Icap Open Source Tools, Michael Pearce, Ray Hunt
Australian Information Security Management Conference
This work in progress paper discusses the development and evaluation of an open source secure web gateway. The proof of concept system uses a combination of open source software (including the Greasyspoon ICAP Server, Squid HTTP proxy, and Clam Antivirus) to perform the various security tasks that range from simple (such as passive content insertion) to more advanced (such as active content alteration) by modules installed on the server. After discussing the makeup of the proof of concept system we discuss our evaluation methodology for both effectiveness and performance. The effectiveness was tested using comparative analysis of groups of self-browsing …
Information Security Risk Assessment: Towards A Business Practice Perspective, Piya Shedden, Wally Smith, Atif Ahmad
Information Security Risk Assessment: Towards A Business Practice Perspective, Piya Shedden, Wally Smith, Atif Ahmad
Australian Information Security Management Conference
Information security risk assessments (ISRAs) are of great importance for organisations. Current ISRA methods identify an organisation’s security risks and provide a measured, analysed security risk profile of critical information assets in order to build plans to treat risk. However, despite prevalent use in organisations today, current methods adopt a limited view of information assets during risk identification. In the context of day-to-day activities, people copy, print and discuss information, leading to the ‘leakage’ of information assets. Employees will create and use unofficial assets as part of their day-to-day routines. Furthermore, employees will also possess important knowledge on how to …
Security Information Supplied By Australian Internet Service Providers, Patryk Szewczyk
Security Information Supplied By Australian Internet Service Providers, Patryk Szewczyk
Australian Information Security Management Conference
Results from previous studies indicate that numerous Internet Service Providers within Australia either have inadequately trained staff, or refuse to provide security support to end-users. This paper examines the security information supplied by Internet Service Providers on their website. Specifically content relating to securing; a wireless network, an ADSL router, and a Microsoft Windows based workstation. A further examination looked at the accuracy, currency, and accessibility of information provided. Results indicate that the information supplied by Internet Service Providers is either inadequate or may in fact further deter the end-user from appropriately securing their computer and networking devices.
The Economics Of Developing Security Embedded Software, Craig S. Wright, Tanveer A. Zia
The Economics Of Developing Security Embedded Software, Craig S. Wright, Tanveer A. Zia
Australian Information Security Management Conference
Market models for software vulnerabilities have been disparaged in the past citing how these do little to lower the risk of insecure software. In this paper we argue that the market models proposed are flawed and not the concept of a market itself. A well-defined software risk derivative market would improve the information exchange for both the software user and vendor removing the often touted imperfect information state that is said to believe the software industry. In this way, users could have a rational means of accurately judging software risks and costs and as such the vendor could optimally apply …
New Approaches To Mitigation Of Malicious Traffic In Voip Networks, Tobi Wulff, Ray Hunt
New Approaches To Mitigation Of Malicious Traffic In Voip Networks, Tobi Wulff, Ray Hunt
Australian Information Security Management Conference
Voice over IP (VoIP) telephony is becoming widespread in use, and is often integrated into computer networks. Because of this, malicious software threatens VoIP systems in the same way that traditional computer systems have been attacked by viruses, worms, and other automated agents. VoIP networks are a challenge to secure against such malware as much of the network intelligence is focused on the edge devices and access environment. This paper describes the design and implementation of a novel VoIP security architecture in which evaluation of, and mitigation against, malicious traffic is demonstrated by the use of virtual machines to emulate …