Physical Sciences and Mathematics Commons^™

Security Of The Internet Of Things (Iot), Tyler Williams, Jordan Frantsvog, Saeed Almalki

Posters-at-the-Capitol

The rapidly adopted idea of everyday devices being interconnected and being controllable from across the globe has come to be known as the Internet of Things (IoT). In every home or business there are now connected devices such as lights, locks, thermostats, and even medical devices which have created a much larger attack surface for every network and could increase the possibility of serious damage if they are compromised. Connected devices are even found in hospitals, power plants, and other secure facilities. Safety and security of networks are imperative not only for secure military installations or infrastructure sites, but also …

Self Service Business Intelligence: An Analysis Of Tourists Preferences In Kosovo, Ardian Hyseni

UBT International Conference

The purpose of this paper is to analyze the preferences of tourists in Kosovo through the data from TripAdvisor.com. Top things to do in Kosovo, will be analyzed through the comments of tourists in TripAdvisor.com. By analyzing the data with PowerBI, will be analyzed what are the most preferred things to do and what the tourists like the most in Kosovo. This paper will contribute on defining the preferences of tourists in Kosovo, it also can help tourism to invest and attract more tourists in specific areas or improve and invest in places less preferred by tourists.

Security Assessment Of Web Applications, Renelada Kushe

UBT International Conference

A web application is an application that is accessed by users over a network such as the internet or intranet. The term also refers an application that is coded in a browser-supported programming language and reliant on a common web browser to render the application executable. Web applications are vulnerable to varies exploits from those which manipulate the application via its graphical web interface (HTTP exploits), to tampering the Uniform Resource Identifier (URI) or tampering HTTPS elements not contained in the URI. Getting started from the accessibility and the variety of exploits, the security assessment is a necessity for providing …

Implications Of Eu-Gdpr In Low-Grade Social, Activist And Ngo Settings, Lars Magnusson, Sarfraz Iqbal

UBT International Conference

Social support services are becoming popular among the citizens of every country and every age. Though, social support services easily accessible on mobile phones are used in different contexts, ranging from extending your presence and connectivity to friends, family and colleagues to using social media services for being a social activist seeking to help individuals confined in miserable situations such as homeless community, drug addicts or even revolutionists fighting against dictatorships etc. However, a very recent development in the European Parliament’s law (2016/679) on the processing and free movement of personal data in terms of EU-GDPR (General data protection rules) …

Learning Management Systems In Higher Education, Romina Agaçi

UBT International Conference

Learning Management Systems (LMSs) are improving learning processes and are widely used in higher education institutions. There are available various types of LMSs used by pedagogues to manage eLearning and to deliver course materials to students. Nowadays, LMSs have become essential tools that affect the quality of learning and teaching in higher education. In this article, we introduce LMSs and we choose Moodle as a tool to presentaninformation system that is used in our university. Moodle is an online learning environment that supports classroom teaching. We will focus on the advantages of LMSs and why we choose Moodle as the …

Web Scrapping And Self Service Business Intelligence: Analysis Of Preferences Of Tourists In Albania, Ardian Hyseni

UBT International Conference

The purpose of this paper is to analyze the preferences of tourists in Albania through the data web scrapped from TripAdvisor.com. Top things to do in Albania, will be analyzed through the comments of tourists in TripAdvisor.com. By using tools for web scrapping and analyzing of data with nVivo and PowerBI, will be analyzed what are the most preferred things to do and what the tourists like doing the most in Albania. This paper will contribute on defining the preferences of tourists in Albania, also can help tourism to invest and attract more tourists in specific areas or improve and …

An Approach To Information Security For Smes Based On The Resource-Based View Theory, Blerton Abazi

UBT International Conference

The main focus of this proposal is to analyze implementation challenges, benefits and requirements in implementation of Information Systems and managing information security in small and medium size companies in Western Balkans countries. In relation to the study, the proposal will focus in the following questions to investigate: What are the benefits that companies mostly find after the implementation of Information Systems has been implemented, efficiency, how to they manage security of the information’s, competitive advantage, return of investments etc. The study should give a clear approach to Information Systems implementation, information security, maintenance, measurable benefits, challenges companies have gone …

E-Commerce Implementation In Kosovo, Besnik Skenderi, Diamanta Skenderi

UBT International Conference

In this paper, author had analyzed journal articles that were published by Alemayehu & Heeks, (2007) and Hwang, Jung, & Selvendy (2006). Both articles are about e-commerce and in first article (Alemayehu & Heeks, 2007) authors had analyzed impact of cultural differences, telecomunication infrastructure and local market. In addition, authors of this research paper were focused on consumers that are purchasing through e-commerce companies.

Second analyzed article (Hwang, Jung, & Selvendy, 2006) is about exploring e-commerce benefits in developing countries and developing countries are home to more than 80% of the world’s population, and are the site for growing use …

Towards Secure Data Flow Oriented Multi-Vendor Ict Governance Model, Lars Magnusson, Patrik Elm, Anita Mirijamdotter

UBT International Conference

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICT plans, more vivacious …

Towards A Development Of A Social Engineering Exposure Index (Sexi) Using Publicly Available Personal Information, W. Shawn Wilkerson, Yair Levy, James Richard Kiper, Martha Snyder

KSU Proceedings on Cybersecurity Education, Research and Practice

Millions of people willingly expose their lives via Internet technologies every day, and even those who stay off the Internet find themselves exposed through data breaches. Trillions of private information records flow through the Internet. Marketers gather personal preferences to coerce shopping behavior, while providers gather personal information to provide enhanced services. Few users have considered where their information is going or who has access to it. Even fewer are aware of how decisions made in their own lives expose significant pieces of information, which can be used to harm the very organizations they are affiliated with by cyber attackers. …

A Comparison Of Personal Social Media Risk Perceptions Between Undergraduate Students And Human Resource Professionals, Julio C. Rivera, Jack Howard, Samuel Goh, James Worrell, Paul Di Gangi

KSU Proceedings on Cybersecurity Education, Research and Practice

This study contrasts the social media risk perceptions of undergraduate students, versus those of certified Human Resource professionals. Social media is widely used by most segments of the population, and particularly among the age group that includes most undergraduate students. Organizations hiring employees are increasingly examining job applicant's social media postings as part of the applicant screening process. In this study we examine how these groups differ in their perceptions of the risks inherent in using social media, and what these differences may mean for students seeking employment. Recommendations are made for raising undergraduate student awareness of these risks.

Experiments With Applying Artificial Immune System In Network Attack Detection, Alexis Cooper

KSU Proceedings on Cybersecurity Education, Research and Practice

The assurance of security within a network is difficult due to the variations of attacks. This research conducts various experiments to implement an Artificial Immune System based Intrusion Detection System to identify intrusions using the Negative Selection Algorithm. This research explores the implementation of an Artificial Immune System opposed to the industry standard of machine learning. Various experiments were conducted to identify a method to separate data to avoid false-positive results. The use of an Artificial Immune System requires a self and nonself classification to determine if an intrusion is present within the network. The results of an Artificial Immune …

Reducing Human Error In Cyber Security Using The Human Factors Analysis Classification System (Hfacs)., Tommy Pollock

KSU Proceedings on Cybersecurity Education, Research and Practice

For several decades, researchers have stated that human error is a significant cause of information security breaches, yet it still remains to be a major issue today. Quantifying the effects of security incidents is often a difficult task because studies often understate or overstate the costs involved. Human error has always been a cause of failure in many industries and professions that is overlooked or ignored as an inevitability. The problem with human error is further exacerbated by the fact that the systems that are set up to keep networks secure are managed by humans. There are several causes of …

A Developmental Study On Assessing The Cybersecurity Competency Of Organizational Information System Users, Richard Nilsen, Yair Levy, Steven Terrell, Dawn Beyer

KSU Proceedings on Cybersecurity Education, Research and Practice

Organizational information system users (OISUs) that are open to cyber threats vectors are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. The main goal of this research study was to propose and validate, using subject matter experts (SMEs), a reliable hands-on assessment prototype tool for measuring the knowledge, skills, and abilities (KSAs) that comprise the cybersecurity competency of an OISU. Primarily using the Delphi methodology, this study implemented four phases of data collection using cybersecurity SMEs for proposing and …

Voice Hacking Proof Of Concept: Using Smartphones To Spread Ransomware To Traditional Pcs, Leonardo I. Mazuran, Bryson R. Payne, Tamirat T. Abegaz

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper presents a working proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit, spreading …

Security Device Roles, Vabrice Wilder

KSU Proceedings on Cybersecurity Education, Research and Practice

“An abstract of this article was published in the proceedings of the Conference on Cybersecurity Education, Research & Practice, 2017”. Communication has evolved since the beginning of mankind from smoke signals to drones to now the internet. In a world filled with technology the security of one’s device is not to be taken for granted. A series of research was done in order to gather details about network devices that can aid in the protection of one’s information while being transferred through the internet. The findings included but not limited to, switches, the seven layers of OSI, routers, firewalls, load …

"Think Before You Click. Post. Type." Lessons Learned From Our University Cyber Secuity Awareness Campaign, Rachael Innocenzi, Kaylee Brown, Peggy Liggit, Samir Tout, Andrea Tanner, Theodore Coutilish, Rocky Jenkins

KSU Proceedings on Cybersecurity Education, Research and Practice

This article discusses the lessons learned after implementing a successful university-wide cyber security campaign. The Cyber Security Awareness Committee (CyberSAC), a group comprised of diverse units across campus, collaborated together on resources, talent, people, equipment, technology, and assessment practices to meet strategic goals for cyber safety and education. The project involves assessing student learning and behavior changes after participating in a Cyber Security Password Awareness event that was run as a year-long campaign targeting undergraduate students. The results have implications for planning and implementing university-wide initiatives in the field of cyber security, and more broadly, higher education at large.

Ssetgami: Secure Software Education Through Gamification, Hector Suarez, Hooper Kincannon, Li Yang

KSU Proceedings on Cybersecurity Education, Research and Practice

Since web browsers have become essential to accomplishing everyday tasks, developing secure web applications has become a priority in order to protect user data, corporate databases and critical infrastructure against cyber-crimes . This research presents a game-like (gamification) approach to teach key concepts and skills on how to develop secure web applications. Gamification draws on motivational models, one of psychological theories. Gamification design has great potential over traditional education where we often find students demotivated and lecturers failing to engage them in learning activities. This research created game-like learning modules to teach top vulnerabilities and countermeasures for these top vulnerabilities …

Stay Safe Online!, Jenny Blaine

Innovate! Teaching with Technology Conference

Inform audience of potential online threats to their online security and reasons for that; empower audience to employ best practices to protect themselves during online activities.

Multiple Audiences

Downstream Competence Challenges And Legal/Ethical Risks In Digital Forensics, Michael M. Losavio, Antonio Losavio

Annual ADFSL Conference on Digital Forensics, Security and Law

Forensic practice is an inherently human-mediated system, from processing and collection of evidence to presentation and judgment. This requires attention to human factors and risks which can lead to incorrect judgments and unjust punishments.

For digital forensics, such challenges are magnified by the relative newness of the discipline and the use of electronic evidence in forensic proceedings. Traditional legal protections, rules of procedure and ethics rules mitigate these challenges. Application of those traditions better ensures forensic findings are reliable. This has significant consequences where findings may impact a person's liberty or property, a person's life or even the political direction …

Detecting Deception In Asynchronous Text, Fletcher Glancy

Annual ADFSL Conference on Digital Forensics, Security and Law

Glancy and Yadav (2010) developed a computational fraud detection model (CFDM) that successfully detected financial reporting fraud in the text of the management’s discussion and analysis (MDA) portion of annual filings with the United States Securities and Exchange Commission (SEC). This work extends the use of the CFDM to additional genres, demonstrates the generalizability of the CFDM and the use of text mining for quantitatively detecting deception in asynchronous text. It also demonstrates that writers committing fraud use words differently from truth tellers.

Understanding Deleted File Decay On Removable Media Using Differential Analysis, James H. Jones Jr, Anurag Srivastava, Josh Mosier, Connor Anderson, Seth Buenafe

Annual ADFSL Conference on Digital Forensics, Security and Law

Digital content created by picture recording devices is often stored internally on the source device, on either embedded or removable media. Such storage media is typically limited in capacity and meant primarily for interim storage of the most recent image files, and these devices are frequently configured to delete older files as necessary to make room for new files. When investigations involve such devices and media, it is sometimes these older deleted files that would be of interest. It is an established fact that deleted file content may persist in part or in its entirety after deletion, and identifying the …

Development Of A Professional Code Of Ethics In Digital Forensics, Kathryn C. Seigfried-Spellar, Marcus Rogers, Danielle M. Crimmins 2184089

Annual ADFSL Conference on Digital Forensics, Security and Law

Academics, government officials, and practitioners suggest the field of digital forensics is in need of a professional code of ethics. In response to this need, the authors developed and proposed a professional code of ethics in digital forensics. The current paper will discuss the process of developing the professional code of ethics, which included four sets of revisions based on feedback and suggestions provided by members of the digital forensic community. The final version of the Professional Code of Ethics in Digital Forensics includes eight statements, and we hope this is a step toward unifying the field of digital forensics …

Fast Filtering Of Known Png Files Using Early File Features, Sean Mckeown, Gordon Russell, Petra Leimich

Annual ADFSL Conference on Digital Forensics, Security and Law

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual digests with a database of known contraband. However, the large capacities of modern storage media, and increased time pressure on forensics examiners, necessitates that more efficient processing mechanisms be developed. This work describes a technique for creating signatures for images of the PNG format which only requires a tiny fraction of the file to effectively distinguish between a large number of images. Highly …

Harnessing Predictive Models For Assisting Network Forensic Investigations Of Dns Tunnels, Irvin Homem, Panagiotis Papapetrou

Annual ADFSL Conference on Digital Forensics, Security and Law

In recent times, DNS tunneling techniques have been used for malicious purposes, however network security mechanisms struggle to detect them. Network forensic analysis has been proven effective, but is slow and effort intensive as Network Forensics Analysis Tools struggle to deal with undocumented or new network tunneling techniques. In this paper, we present a machine learning approach, based on feature subsets of network traffic evidence, to aid forensic analysis through automating the inference of protocols carried within DNS tunneling techniques. We explore four network protocols, namely, HTTP, HTTPS, FTP, and POP3. Three features are extracted from the DNS tunneled traffic: …

Detect Kernel-Mode Rootkits Via Real Time Logging & Controlling Memory Access, Satoshi Tanda, Irvin Homem, Igor Korkin

Annual ADFSL Conference on Digital Forensics, Security and Law

Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis, support of multi-core CPUs and 64-bit Windows 10. MemoryMonRWX …

An Accidental Discovery Of Iot Botnets And A Method For Investigating Them With A Custom Lua Dissector, Max Gannon, Gary Warner, Arsh Arora

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper presents a case study that occurred while observing peer-to-peer network communications on a botnet monitoring station and shares how tools were developed to discover what ultimately was identified as Mirai and many related IoT DDOS Botnets. The paper explains how researchers developed a customized protocol dissector in Wireshark using the Lua coding language, and how this enabled them to quickly identify new DDOS variants over a five month period of study.

Kelihos Botnet: A Never-Ending Saga, Arsh Arora, Max Gannon, Gary Warner

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper investigates the recent behavior of the Kelihos botnet, a spam-sending botnet that accounts for many millions of emails sent each day. The paper demonstrates how a team of students are able to perform a longitudinal malware study, making significant observations and contributions to the understanding of a major botnet using tools and techniques taught in the classroom. From this perspective the paper has two objectives: encouragement and observation. First, by providing insight into the methodology and tools used by student researchers to document and understand a botnet, the paper strives to embolden other academic programs to follow a …