Physical Sciences and Mathematics Commons^™

Challenges And Measurements For Governance Of Modern Cyber Space Society, Pinghui Wang, Hongbin Pei, Junzhou Zhao, Tao Qin, Chao Shen, Dongliang Liu, Xiaohong Guan

Bulletin of Chinese Academy of Sciences (Chinese Version)

The rapid development of information technology has unprecedentedly created a prosperous cyber society and greatly enhanced productivity facilitated by social interaction. At the same time, many problems emerge in the cyber society, such as telecom fraud, privacy leakage, Internet pollution, and algorithmic discrimination. The problems bring new challenges to social order and security. In order to find the way of cyber society governance and promote the modernization of national governance, this paper first presents the analyses on the new problems encountered in the cyber society in three typical scenarios, i.e., identity governance, behavior governance, and algorithm governance, as well as …

Is Cybersecurity Training Practical Or Not?, Bhawnish Sharma

Cybersecurity Undergraduate Research Showcase

With technology growing, there has been an increase in cybercrime. Because of this, private and public sectors face global problems, i.e., phishing, security breaches, and identity theft. With cybersecurity software available on the internet, anyone can access it. As technology advances, cybersecurity experts must answer the tough question of, “is cybersecurity training practical or not”?

Secure Authentication Scheme Based On Numerical Series Cryptography For Internet Of Things, Dr Khaled Nagaty, Maha Aladin, Abeer Hamdy Dr.

Computer Science

The rapid advancement of cellular networks and wireless networks has laid a solid basis for the Internet of Things. IoT has evolved into a unique standard that allows diverse physical devices to collaborate with one another. A service provider gives a variety of services that may be accessed via smart apps anywhere, at any time, and from any location over the Internet. Because of the public environment of mobile communication and the Internet, these services are highly vulnerable to a several malicious attacks, such as unauthorized disclosure by hostile attackers. As a result, the best option for overcoming these vulnerabilities …

Federated Learning And Applications In Cybersecurity, Ani Sreekumar

Cybersecurity Undergraduate Research Showcase

Machine learning is a subfield of artificial intelligence that focuses on making predictions about some outcome based on information from a dataset. In cybersecurity, machine learning is often used to improve intrusion detection systems and identify trends in data that could indicate an oncoming cyber attack. Data privacy is an extremely important aspect of cybersecurity, and there are many industries that have more demanding laws to ensure the security of user data. Due to these regulations, machine learning algorithms can not be widely utilized in these industries to improve outcomes and accuracy of predictions. However, federated learning is a recent …

Ethical Concerns In Self-Driving Cars, Victoria Shand

Cybersecurity Undergraduate Research Showcase

Automobiles have been in existence since 1672 and only went up from there. Self-driving cars are a fantastic piece of technology; they can self-park, laser ranger finder, and near vision; they can map the road in advance, understand road signs, and, in some cases, handle certain variables on the road.

When talking about any form of technology, the possibilities are endless technology is a continuously evolving idea. When discussing self-driving cars, they have some fantastic and encouraging benefits and ideas. Some ideas would be that vehicles could communicate with each other, we could eliminate the need for traffic lights, and …

Investigating Privacy Policies Using Policylint Tool, Tricia Camaya

Cybersecurity Undergraduate Research Showcase

Organizations essentially inform clients about data collection and sharing practices through privacy policies. Recent research has proposed tools to help users better comprehend these lengthy and intricate legal documents that summarize collection and sharing. However, these instruments have a significant flaw. They overlook the possibility of contradictions within a particular policy. This paper introduces PolicyLint, a tool for analyzing privacy policies that simultaneously considers negation and varying semantic levels of data objects and entities. PolicyLint accomplishes this by using sentence-level natural language processing to automatically create ontologies from a large corpus of privacy policies and capturing both positive and negative …

A Brief Review Of Dns, Root Servers, Vulnerabilities And Decentralization, Mallory Runyan

Cybersecurity Undergraduate Research Showcase

Since the 1980’s and creation of the World Wide Web, Internet utilization is a common and arguably, necessary, part of daily life. The internet is young and still relatively new, but as of 2016, 3.4 billion people were online, and that number has since grown [1]. This is a significant number, but as such a common part of daily life, how elements of the internet or its infrastructure work is complex. The world would very likely be thrown into dark ages if DNS or any other significant aspect of the internet's infrastructure were to succumb to an attack. The Colonial …

Software Supply Chain Security Attacks And Analysis Of Defense, Juanjose Rodriguez-Cardenas, Jobair Hossain Faruk, Masura Tansim, Asia Shavers, Corey Brookins, Shamar Lake, Ava Norouzi, Marie Nassif, Kenneth Burke, Miranda Dominguez

Symposium of Student Scholars

The Software Supply chain or SSC is the backbone of the logistics industry and is crucial to a business's success and operation. The surge of attacks and risks for the SSC has grown in coming years with each attack's impact becoming more significant. These attacks have led to the leaking of both client and company sensitive information, corruption of the data, and having it subject to malware and ransomware installation, despite new practices implemented and investments into SSC security and its branches that have not stopped attackers from developing new vulnerabilities and exploits. In our research, we have investigated Software …

Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore

Symposium of Student Scholars

Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage are the reasons for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …

The History Of The Enigma Machine, Jenna Siobhan Parkinson

History Publications

The history of the Enigma machine begins with the invention of the rotor-based cipher machine in 1915. Various models for rotor-based cipher machines were developed somewhat simultaneously in different parts of the world. However, the first documented rotor machine was developed by Dutch naval officers in 1915. Nonetheless, the Enigma machine was officially invented following the end of World War I by Arthur Scherbius in 1918 (Faint, 2016).

Addressing Human Error Through Effective Cyber Policy Design, Katherine Amoresano

Emergency Preparedness, Homeland Security, and Cybersecurity

Human error is a significant contributing factor to the rise in Cybersecurity attacks regardless of increased technical control implemented to safeguard Information systems. Adversaries can circumvent technical safeguards due to human errors which result from inadequate enforceable policies and training on Cybersecurity for the everyday user. Several studies and articles show that the majority of successful attacks are human enabled, proving the need for human-centric cybersecurity research and practices. This exploratory work reviews the human aspect of Cybersecurity by investigating the cybersecurity policies at SUNY Albany and other SUNY institutions. We used a survey of students and faculty members at …

Multivariate Fairness For Paper Selection, Reem Alsaffar

Graduate Theses and Dissertations

Peer review is the process by which publishers select the best publications for inclusion in a journal or a conference. Bias in the peer review process can impact which papers are selected for inclusion in conferences and journals. Although often implicit, race, gender and other demographics can prevent members of underrepresented groups from presenting at major conferences. To try to avoid bias, many conferences use a double-blind review process to increase fairness during reviewing. However, recent studies argue that the bias has not been removed completely. Our research focuses on developing fair algorithms that correct for these biases and select …

A Cybersecurity Assessment Of Health Data Ecosystems, Michelle N. Halsey

Cyber Operations and Resilience Program Graduate Projects

This paper is an exploratory study that investigates data collected and used by health plans and reviews the laws and regulations governing this data to identify the gaps in protections and provide recommendations for eliminating these gaps. Health insurance companies collect a wide array of data about the people they insure, data that is often only peripherally relevant to the service these companies provide. The data environment currently consists of seven categories of data: personal health information, summary health information, personally identifiable information, financial information, professional information, biometric information, and lifestyle data or social indicators of health. Much of this …

Post Pandemic Cyberbiosecurity Threats From Terrorist Groups, Haley D. Dodge

Master's Theses

The research in this thesis explored the research question: Are United States (US) health systems accessible to cyber-bio terrorist attacks post-pandemic, within the context of the emerging discipline of cyberbiosecurity? Key findings of the analysis demonstrated how US health systems are more accessible to cyber-bio terrorist attacks specifically from cyber hacking groups based on the increasing sophistication of their cyber capabilities and the lack of cyber protection for biological systems. The concept of cyberbiosecurity was first introduced in 2018 by researchers exploring the converging threat landscape of the cyber and biology domains. As biology is growing more dependent upon vulnerable …

Differentiate Metasploit Framework Attacks From Others, Gina Liu Ajero

Electronic Theses and Dissertations

Metasploit Framework is a very popular collection of penetration testing tools. From auxiliaries such as network scanners and mappers to exploits and payloads, Metasploit Framework offers a plethera of apparatuses to implement all the stages of a penetration test. There are two versions: both a free open-source community version and a commercial professional version called Metasploit Pro. The free version, Metasploit Framework, is heavily used by cyber crimininals to carry out illegal activities to gain unauthorized access to targets.

In this paper, I conduct experiments in a virtual environment to discover whether attacks originated from Metasploit Framework are marked with …

Differentiated Security Architecture For Secure And Efficient Infotainment Data Communication In Iov Networks, Jiani Fan, Lwin Khin Shar, Jiale Guo, Wenzhuo Yang, Dusit Niyato, Kwok-Yan Lam

Research Collection School Of Computing and Information Systems

This paper aims to provide differentiated security protection for infotainment data commu- nication in Internet-of-Vehicle (IoV) networks. The IoV is a network of vehicles that uses various sensors, software, built-in hardware, and communication technologies to enable information exchange between pedestrians, cars, and urban infrastructure. Negligence on the security of infotainment data commu- nication in IoV networks can unintentionally open an easy access point for social engineering attacks. The attacker can spread false information about traffic conditions, mislead drivers in their directions, and interfere with traffic management. Such attacks can also cause distractions to the driver, which has a potential implication …

Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing, Matthew A. Peterson

<strong> Theses and Dissertations </strong>

Selfish mining is an attack against a blockchain where miners hide newly discovered blocks instead of publishing them to the rest of the network. Selfish mining has been a potential issue for blockchains since it was first discovered by Eyal and Sirer. It can be used by malicious miners to earn a disproportionate share of the mining rewards or in conjunction with other attacks to steal money from network users. Several of these attacks were launched in 2018, 2019, and 2020 with the attackers stealing as much as $18 Million. Developers made several different attempts to fix this issue, but …

Divide-And-Conquer Distributed Learning: Privacy-Preserving Offloading Of Neural Network Computations, Lewis C.L. Brown

Graduate Theses and Dissertations

Machine learning has become a highly utilized technology to perform decision making on high dimensional data. As dataset sizes have become increasingly large so too have the neural networks to learn the complex patterns hidden within. This expansion has continued to the degree that it may be infeasible to train a model from a singular device due to computational or memory limitations of underlying hardware. Purpose built computing clusters for training large models are commonplace while access to networks of heterogeneous devices is still typically more accessible. In addition, with the rise of 5G networks, computation at the edge becoming …

Towards Privacy And Security Concerns Of Adversarial Examples In Deep Hashing Image Retrieval, Yanru Xiao

Computer Science Theses & Dissertations

With the explosive growth of images on the internet, image retrieval based on deep hashing attracts spotlights from both research and industry communities. Empowered by deep neural networks (DNNs), deep hashing enables fast and accurate image retrieval on large-scale data. However, inheriting from deep learning, deep hashing remains vulnerable to specifically designed input, called adversarial examples. By adding imperceptible perturbations on inputs, adversarial examples fool DNNs to make wrong decisions. The existence of adversarial examples not only raises security concerns for real-world deep learning applications, but also provides us with a technique to confront malicious applications.

In this dissertation, we …

Secure Decentralized Blockchain Based Web Application For Medical Records, Sri Harshini Popuri, Liang Zhao

Symposium of Student Scholars

The online storage and sharing of electronic health records has undergone a paradigm shift in recent years. The introduction of a centralized cloud computing concept to streamline records transfer between patients and healthcare providers has been an easy task. As a result, the availability of electronically stored health records with minimal operational costs is made possible, but the primary concern is related to the privacy and security of records. How can we securely exchange medical documents online while maintaining strong security standards? This research suggests a framework that fuses online federated learning with blockchain technology. In particular, we develop a …

The Importance Of Social Engineering, Jalaya Allen

Cybersecurity Undergraduate Research Showcase

Most people are afraid of being attacked when walking to their car, relaxing at home, or doing normal things like shopping. Though the unlikeliest of attacks have become one of the most dangerous. Just imagine someone having the ability to watch your every move online and virtually. They can find your credit card information, passwords, social security number and so much more. Then with that information, they can steal your identity and sell it on the black market as well as threaten you for money. Attacks like these use something called Social Engineering to trick the user into giving up …

Accurately Grasp The New Features Of Cybersecurity Technology Development And Fully Promote The Modernization Of National Security System And Capabilities, Dengguo Feng

Bulletin of Chinese Academy of Sciences (Chinese Version)

No abstract provided.

Studies On The Development Of China’S Network And Information Security, Jiwu Jing

Bulletin of Chinese Academy of Sciences (Chinese Version)

No abstract provided.

Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore, Maria Valero, Amy Gruss

KSU Proceedings on Cybersecurity Education, Research and Practice

Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage is the reason for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …

Cybercrime In The Developing World, David A. Ghelerter, John E. Wilson, Noah L. Welch, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper attempts to discover the reasons behind the increase in cybercrime in developing nations over the past two decades. It discusses many examples and cases of projects to increase internet access in developing countries and how they enabled cybercrime. This paper examines how nations where many cybercrimes occurred, did not have the necessary resources or neglected to react appropriately. The other primary focus is how cybercrimes are not viewed the same as other crimes in many of these countries and how this perception allows cybercriminals to do as they please with no stigma from their neighbors. It concludes that …

Microtransactions And Gambling In The Video Game Industry, Christopher L. Antepenko, Samuel R. Rickey, Angel L. Hibbets, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

The beginning of the 21st century has had a drastic effect on the video game industry. The advent of almost universal Internet access, the release of inexpensive broadband-enabled consoles, and the availability of mobile gaming have led to game developers and publishers heavily relying on premium in-game currencies, exclusive paid items, and loot boxes to subsidize or even replace profits from traditional video game business models. By 2020, in-game purchases made up a market of $92.6B worldwide and, in the US, experienced growth of over 30%.[1] In this highly lucrative market, the legal and ethical landscape is constantly bubbling with …

Social Media Platforms And Responsibility For Disinformation, Matt T. Figlia, Brandon M. Henschen, Joseph T. Sims, John-David Rusk

KSU Proceedings on Cybersecurity Education, Research and Practice

Researchers are paying closer attention to the rise of disinformation on social media platforms and what responsibility, if any, the companies that control these platforms have for false information being spread on their websites. In this paper, we highlight the recent growth in concern regarding online disinformation, discuss other works regarding the use of social media as a tool for spreading disinformation, and discuss how coordinated disinformation campaigns on social media platforms are used to spread propaganda and lies about current political events. We also evaluate the reactions of social media platforms in combatting disinformation and the difficulty in policing …

Using Experts For Improving Project Cybersecurity Risk Scenarios, Steven S. Presley, Jeffrey P. Landry, Jordan Shropshire, Philip Menard

KSU Proceedings on Cybersecurity Education, Research and Practice

This study implemented an expert panel to assess the content validity of hypothetical scenarios to be used in a survey of cybersecurity risk across project meta-phases. Six out of 10 experts solicited completed the expert panel exercise. Results indicate that although experts often disagreed with each other and on the expected mapping of scenario to project meta-phase, the experts generally found risk present in the scenarios and across all three project meta-phases, as hypothesized.

Authentication Based On Periocular Biometrics And Skin Tone, Kennedy Marsh, Clifton Wallace, Jeffrey Hernandez, Rodney Dejournett, Xiaohong Yuan, Kaushik Roy

KSU Proceedings on Cybersecurity Education, Research and Practice

Face images with masks have a major effect on the identification and authentication of people with masks covering key facial features such as noses and mouths. In this paper, we propose to use periocular region and skin tone for authenticating users with masked faces. We first extract the periocular region of faces with masks, then detect the skin tone for each face. We then train models using machine learning algorithms Random Forest, XGBoost, and Decision Trees using skin tone information and perform classification on two datasets. Experiment results show these models had good performance.

Towards Assessing Organizational Cybersecurity Risks Via Remote Workers’ Cyberslacking And Their Computer Security Posture, Ariel Luna, Yair Levy, Gregory Simco, Wei Li

KSU Proceedings on Cybersecurity Education, Research and Practice

Cyberslacking is conducted by employees who are using their companies’ equipment and network for personal purposes instead of performing their work duties during work hours. Cyberslacking has a significant adverse effect on overall employee productivity, however, recently, due to COVID19 pandemic move to remote working also pose a cybersecurity risk to organizations networks and infrastructure. In this work-in-progress research study, we are developing, validating, and will empirically test taxonomy to assess an organization’s remote workers’ risk level of cybersecurity threats. This study includes a three-phased developmental approach in developing the Remote Worker Cyberslacking Security Risk Taxonomy. With feedback from cybersecurity …