Physical Sciences and Mathematics Commons^™

Architecture Of Aggression In Cyberspace. Testing Cyber Aggression In Young Adults In Hungary, Katalin Parti, Tibor Kiss, Gergely Koplányi

International Journal of Cybersecurity Intelligence & Cybercrime

In order to test whether and how violence is exacerbated in online social networking sites, we utilized the BryantSmith Aggression Scale (Bryant & Smith, 2001), and included examples in the questionnaire offering solutions for 7 different hypothetical cases occurring online (Kiss, 2017). The questionnaire was sent to social work and law school students in Hungary. Prevalence and levels of aggression and its manifestation as violence online proved to be not more severe than in offline social relations. Law students were more aware than students of social work that online hostile acts are discrediting. Students of social work were significantly more …

Juvenile Hackers: An Empirical Test Of Self-Control Theory And Social Bonding Theory, Sinchul Back, Sadhika Soor, Jennifer Laprade

International Journal of Cybersecurity Intelligence & Cybercrime

In accordance with a similar growth in information technology, computer hacking has become a pervasive issue as a form of crime worldwide in recent years. Self-control theory and social bonding theory have frequently been employed to explain various types of crimes, but rarely to explore computer hacking. Drawing from Gottfredson and Hirschi’s (1990) self-control theory and Hirschi’s (1969) social bonding theory, the purpose of this study is to empirically examine the suitability of these two theories in explaining juvenile computer hacking offenses. The self-report survey data utilized for the present study was derived from middle school and high school students …

An Argument For Interdisciplinary Programs In Cybersecurity, Dennis Giever

International Journal of Cybersecurity Intelligence & Cybercrime

In this commentary Dr. Giever presents a compelling argument for interdisciplinary programs in cybersecurity at the university level. He argues that we no longer have the luxury of allowing barriers to exist between those tasked with IT security and those who provide physical security. He recommends that any security program take an “all possible paths” or “balanced approach” to the protection of assets within an organization. Students in computer science, criminal justice, business, human resources, and others should work collaboratively within education programs learning these necessary skills. A team effort is needed to accomplish the myriad of tasks necessary to …

The Present And Future Of Cybercrime, Cyberterrorism, And Cybersecurity, Kyung-Shick Choi, Claire Seungeun Lee

International Journal of Cybersecurity Intelligence & Cybercrime

Cybercriminology combines knowledge from criminology, psychology, sociology, computer science, and cybersecurity to provide an in-depth understanding of cybercrime. Cybercrime and cybersecurity are interconnected across many places, platforms, and actors. Cybercrime issues are continuously and expeditiously changing and developing, especially with the advent of new technologies. The International Journal of Cybersecurity Intelligence and Cybercrime (IJCIC) aims to contribute to the growing field of cybercriminology and cybersecurity. The IJCIC is eager to work with scholars, policy analysts, practitioners, and others to enhance theory, methods, and practice within cybercrime and cybersecurity at the regional, national, and international levels.

Spreading Propaganda In Cyberspace: Comparing Cyber-Resource Usage Of Al Qaeda And Isis, Kyung-Shick Choi, Claire Seungeun Lee, Robert Cadigan

International Journal of Cybersecurity Intelligence & Cybercrime

Terrorists in cyberspace are increasingly utilizing social media to promote their ideologies, recruit new members, and justify terrorist attacks and actions. This study explores the ways in which types of social media, message contents, and motives for spreading propaganda take shape in cyberspace. In order to empirically test these relations, we created a dataset with annual terrorism reports from 2011 to 2016. In our global cyberterrorism dataset, we used and connected cyber-resources (Facebook, online forum, Twitter mentions, websites, and YouTube videos) and legal documents of individual cases that were mentioned in the reports. The results show that YouTube videos were …

Data Center Application Security: Lateral Movement Detection Of Malware Using Behavioral Models, Harinder Pal Singh Bhasin, Elizabeth Ramsdell, Albert Alva, Rajiv Sreedhar, Medha Bhadkamkar

SMU Data Science Review

Data center security traditionally is implemented at the external network access points, i.e., the perimeter of the data center network, and focuses on preventing malicious software from entering the data center. However, these defenses do not cover all possible entry points for malicious software, and they are not 100% effective at preventing infiltration through the connection points. Therefore, security is required within the data center to detect malicious software activity including its lateral movement within the data center. In this paper, we present a machine learning-based network traffic analysis approach to detect the lateral movement of malicious software within the …

Social Engineering In Non-Linear Warfare, Bill Gardner

Journal of Applied Digital Evidence

This paper explores the use of hacking, leaking, and trolling by Russia to influence the 2016 United States Presidential Elections. These tactics have been called “the weapons of the geek” by some researchers. By using proxy hackers and Russian malware to break into the email of the Democratic National Committee and then giving that email to Wikileaks to publish on the Internet, the Russian government attempted to swing the election in the favor of their preferred candidate.

The source of the malware used in the DNC hack was determined to be of Russian in nature and has been used on …

"Think Before You Click. Post. Type." Lessons Learned From Our University Cyber Security Awareness Campaign, Rachael L. Innocenzi, Kaylee Brown, Peggy Liggit, Samir Tout, Andrea Tanner, Theodore Coutilish, Rocky J. Jenkins

Journal of Cybersecurity Education, Research and Practice

This article discusses the lessons learned after implementing a successful university-wide cyber security campaign. The Cyber Security Awareness Committee (CyberSAC), a group comprised of diverse units across campus, collaborated together on resources, talent, people, equipment, technology, and assessment practices to meet strategic goals for cyber safety and education. The project involves assessing student learning and behavior changes after participating in a Cyber Security Password Awareness event that was run as a year-long campaign targeting undergraduate students. The results have implications for planning and implementing university-wide initiatives in the field of cyber security, and more broadly, higher education at large.

Experiential Learning Builds Cybersecurity Self-Efficacy In K-12 Students, Abdullah Konak

Journal of Cybersecurity Education, Research and Practice

In recent years, there have been increased efforts to recruit talented K-12 students into cybersecurity fields. These efforts led to many K-12 extracurricular programs organized by higher education institutions. In this paper, we first introduce a weeklong K-12 program focusing on critical thinking, problem-solving, and igniting interest in information security through hands-on activities performed in a state-of-the-art virtual computer laboratory. Then, we present an inquiry-based approach to design hands-on activities to achieve these goals. We claim that hands-on activities designed based on this inquiry-based framework improve K-12 students’ self-efficacy in cybersecurity as well as their problem-solving skills. The evaluation of …

From The Editors, Michael E. Whitman, Herbert J. Mattord, Carole L. Hollingsworth

Journal of Cybersecurity Education, Research and Practice

Welcome to the Spring 2018 issue of the Journal of Cybersecurity Education, Research, and Practice (JCERP). On behalf of the editorial team, we thank you for taking the time to read this issue and strongly encourage you to submit an article for consideration in an upcoming edition.

Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz

Journal of Cybersecurity Education, Research and Practice

This paper presents a voice hacking proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, …

A Case Study In The Implementation Of A Human-Centric Higher Education Cybersecurity Program, John W. Coffey, Melanie Haveard, Geissler Golding

Journal of Cybersecurity Education, Research and Practice

This article contains a description of the implementation of a comprehensive cyber security program at a regional comprehensive university. The program was designed to create an effective cyber security management infrastructure and to train end users and other categories of security management personnel in data protection and cyber security. This work addresses the impetus for the program, the rather extensive planning and development that went into the program, its implementation, and insights gleaned from the experience. The paper concludes with a summary of the strengths and weaknesses of the initiative.

Student Misconceptions About Cybersecurity Concepts: Analysis Of Think-Aloud Interviews, Julia D. Thompson, Geoffrey L. Herman, Travis Scheponik, Linda Oliva, Alan Sherman, Ennis Golaszewski, Dhananjay Phatak, Kostantinos Patsourakos

Journal of Cybersecurity Education, Research and Practice

We conducted an observational study to document student misconceptions about cybersecurity using thematic analysis of 25 think-aloud interviews. By understanding patterns in student misconceptions, we provide a basis for developing rigorous evidence-based recommendations for improving teaching and assessment methods in cybersecurity and inform future research. This study is the first to explore student cognition and reasoning about cybersecurity. We interviewed students from three diverse institutions. During these interviews, students grappled with security scenarios designed to probe their understanding of cybersecurity, especially adversarial thinking. We analyzed student statements using a structured qualitative method, novice-led paired thematic analysis, to document patterns in …

Evaluation Of Routing Protocols With Ftp And P2p, Tyler Wilson, Eman Abdelfattah, Samir Hamada

School of Computer Science & Engineering Faculty Publications

One of the decisions that need to be made when designing and configuring a computer network in which routing protocol should be used. This paper presents a simulation of a high load File Transfer Protocol (FTP) Application and a high load Peer to Peer (P2P) Application using Riverbed Academic Modeler 17.5. The simulation is configured and run in a World environment to replicate a global network. Each simulation employs either RIP, OSPF, or EIGRP routing protocol. The queuing delay, throughput, link utilization, and IP packets dropped are used as performance parameters to determine which routing protocol is the most efficient …

Comparative Study Of Deep Learning Models For Network Intrusion Detection, Brian Lee, Sandhya Amaresh, Clifford Green, Daniel Engels

SMU Data Science Review

In this paper, we present a comparative evaluation of deep learning approaches to network intrusion detection. A Network Intrusion Detection System (NIDS) is a critical component of every Internet connected system due to likely attacks from both external and internal sources. A NIDS is used to detect network born attacks such as Denial of Service (DoS) attacks, malware replication, and intruders that are operating within the system. Multiple deep learning approaches have been proposed for intrusion detection systems. We evaluate three models, a vanilla deep neural net (DNN), self-taught learning (STL) approach, and Recurrent Neural Network (RNN) based Long Short …

Blockchain In Payment Card Systems, Darlene Godfrey-Welch, Remy Lagrois, Jared Law, Russell Scott Anderwald, Daniel W. Engels

SMU Data Science Review

Payment cards (e.g., credit and debit cards) are the most frequent form of payment in use today. A payment card transaction entails many verification information exchanges between the cardholder, merchant, issuing bank, a merchant bank, and third-party payment card processors. Today, a record of the payment transaction often records to multiple ledgers. Merchant’s incur fees for both accepting and processing payment cards. The payment card industry is in dire need of technology which removes the need for third-party verification and records transaction details to a single tamper-resistant digital ledger. The private blockchain is that technology. Private blockchain provides a linked …

Hierarchical Bloom Filter Trees For Approximate Matching, David Lillis, Frank Breitinger, Mark Scanlon

Journal of Digital Forensics, Security and Law

Bytewise approximate matching algorithms have in recent years shown significant promise in detecting files that are similar at the byte level. This is very useful for digital forensic investigators, who are regularly faced with the problem of searching through a seized device for pertinent data. A common scenario is where an investigator is in possession of a collection of "known-illegal" files (e.g. a collection of child abuse material) and wishes to find whether copies of these are stored on the seized device. Approximate matching addresses shortcomings in traditional hashing, which can only find identical files, by also being able to …

Automated Man-In-The-Middle Attack Against Wi‑Fi Networks, Martin Vondráček, Jan Pluskal, Ondřej Ryšavý

Journal of Digital Forensics, Security and Law

Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated …

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Cover

Journal of Digital Forensics, Security and Law

No abstract provided.

Masthead

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Preface

Journal of Digital Forensics, Security and Law

No abstract provided.

Testing Memory Forensics Tools For The Macintosh Os X Operating System, Charles B. Leopard, Neil C. Rowe, Michael R. Mccarrin

Journal of Digital Forensics, Security and Law

Memory acquisition is essential to defeat anti-forensic operating-system features and investigate cyberattacks that leave little or no evidence in secondary storage. The forensic community has developed tools to acquire physical memory from Apple’s Macintosh computers, but they have not much been tested. This work tested three major OS X memory-acquisition tools. Although the tools could capture system memory accurately, the open-source tool OSXPmem appeared advantageous in size, reliability, and support for memory configurations and versions of the OS X operating system.

Subscription Information

Journal of Digital Forensics, Security and Law

No abstract provided.

Back Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Drone Forensic Analysis Using Open Source Tools, M A Hannan Bin Azhar, Thomas Edward Allen Barton, Tasmina Islam

Journal of Digital Forensics, Security and Law

Carrying capabilities of drones and their easy accessibility to public have led to an increase in crimes committed using drones in recent years. For this reason, the need for forensic analysis of drones captured from the crime scenes and the devices used for these drones is also paramount. This paper presents the extraction and identification of important artefacts from the recorded flight data as well as the associated mobile devices using open source tools and some basic scripts developed to aid the analysis of two popular drone systems- the DJI Phantom 3 Professional and Parrot AR. Drone 2.0. Although different …

Use Of House Arrest In The Context Of The Respecting The Constitutional Rights Of An Individual In Russia, Svetlana Afanasieva 2365999, Irina Kilina

Journal of Digital Forensics, Security and Law

The authors analyze the selection of preventive measures in the form of house arrest in Russian criminal procedures on the basis of universal and European standards of guaranteeing respect for individual rights. The article states that the application of preventive measures significantly restricts the right to protect the dignity of the individual, the right to freedom and personal inviolability, the right to free movement, choose the place of residence. The authors argue for the alternative method of applying the house arrest. as a form of prevention This preventive measure, unlike detention does not provide for the isolation of a person …