Information Security Commons^™

Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach, Tien Mai, Arunesh Sinha

Research Collection School Of Computing and Information Systems

Vaccine delivery in under-resourced locations with security risks is not just challenging but also life threatening. The COVID pandemic and the need to vaccinate added even more urgency to this issue. Motivated by this problem, we propose a general framework to set-up limited temporary (vaccination) centers that balance physical security and desired (vaccine) service coverage with limited resources. We set-up the problem as a Stackelberg game between the centers operator (defender) and an adversary, where the set of centers is not fixed a priori but is part of the decision output. This results in a mixed combinatorial and continuous optimization …

Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant

Department of Electrical and Computer Engineering Faculty Publications

Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …

Challenges And Measurements For Governance Of Modern Cyber Space Society, Pinghui Wang, Hongbin Pei, Junzhou Zhao, Tao Qin, Chao Shen, Dongliang Liu, Xiaohong Guan

Bulletin of Chinese Academy of Sciences (Chinese Version)

The rapid development of information technology has unprecedentedly created a prosperous cyber society and greatly enhanced productivity facilitated by social interaction. At the same time, many problems emerge in the cyber society, such as telecom fraud, privacy leakage, Internet pollution, and algorithmic discrimination. The problems bring new challenges to social order and security. In order to find the way of cyber society governance and promote the modernization of national governance, this paper first presents the analyses on the new problems encountered in the cyber society in three typical scenarios, i.e., identity governance, behavior governance, and algorithm governance, as well as …

Payload-Byte: A Tool For Extracting And Labeling Packet Capture Files Of Modern Network Intrusion Detection Datasets, Yasir Farrukh, Irfan Khan, Syed Wali, David A. Bierbrauer, John Pavlik, Nathaniel D. Bastian

ACI Journal Articles

Adapting modern approaches for network intrusion detection is becoming critical, given the rapid technological advancement and adversarial attack rates. Therefore, packet-based methods utilizing payload data are gaining much popularity due to their effectiveness in detecting certain attacks. However, packet-based approaches suffer from a lack of standardization, resulting in incomparability and reproducibility issues. Unlike flow-based datasets, no standard labeled dataset exists, forcing researchers to follow bespoke labeling pipelines for individual approaches. Without a standardized baseline, proposed approaches cannot be compared and evaluated with each other. One cannot gauge whether the proposed approach is a methodological advancement or is just being benefited …

Software Supply Chain Security Attacks And Analysis Of Defense, Juanjose Rodriguez-Cardenas, Jobair Hossain Faruk, Masura Tansim, Asia Shavers, Corey Brookins, Shamar Lake, Ava Norouzi, Marie Nassif, Kenneth Burke, Miranda Dominguez

Symposium of Student Scholars

The Software Supply chain or SSC is the backbone of the logistics industry and is crucial to a business's success and operation. The surge of attacks and risks for the SSC has grown in coming years with each attack's impact becoming more significant. These attacks have led to the leaking of both client and company sensitive information, corruption of the data, and having it subject to malware and ransomware installation, despite new practices implemented and investments into SSC security and its branches that have not stopped attackers from developing new vulnerabilities and exploits. In our research, we have investigated Software …

Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore

Symposium of Student Scholars

Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage are the reasons for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …

Addressing Human Error Through Effective Cyber Policy Design, Katherine Amoresano

Emergency Preparedness, Homeland Security, and Cybersecurity

Human error is a significant contributing factor to the rise in Cybersecurity attacks regardless of increased technical control implemented to safeguard Information systems. Adversaries can circumvent technical safeguards due to human errors which result from inadequate enforceable policies and training on Cybersecurity for the everyday user. Several studies and articles show that the majority of successful attacks are human enabled, proving the need for human-centric cybersecurity research and practices. This exploratory work reviews the human aspect of Cybersecurity by investigating the cybersecurity policies at SUNY Albany and other SUNY institutions. We used a survey of students and faculty members at …

Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing, Matthew A. Peterson

Theses and Dissertations

Selfish mining is an attack against a blockchain where miners hide newly discovered blocks instead of publishing them to the rest of the network. Selfish mining has been a potential issue for blockchains since it was first discovered by Eyal and Sirer. It can be used by malicious miners to earn a disproportionate share of the mining rewards or in conjunction with other attacks to steal money from network users. Several of these attacks were launched in 2018, 2019, and 2020 with the attackers stealing as much as $18 Million. Developers made several different attempts to fix this issue, but …

A Cybersecurity Assessment Of Health Data Ecosystems, Michelle N. Halsey

Cyber Operations and Resilience Program Graduate Projects

This paper is an exploratory study that investigates data collected and used by health plans and reviews the laws and regulations governing this data to identify the gaps in protections and provide recommendations for eliminating these gaps. Health insurance companies collect a wide array of data about the people they insure, data that is often only peripherally relevant to the service these companies provide. The data environment currently consists of seven categories of data: personal health information, summary health information, personally identifiable information, financial information, professional information, biometric information, and lifestyle data or social indicators of health. Much of this …

Secure Decentralized Blockchain Based Web Application For Medical Records, Sri Harshini Popuri, Liang Zhao

Symposium of Student Scholars

The online storage and sharing of electronic health records has undergone a paradigm shift in recent years. The introduction of a centralized cloud computing concept to streamline records transfer between patients and healthcare providers has been an easy task. As a result, the availability of electronically stored health records with minimal operational costs is made possible, but the primary concern is related to the privacy and security of records. How can we securely exchange medical documents online while maintaining strong security standards? This research suggests a framework that fuses online federated learning with blockchain technology. In particular, we develop a …

Studies On The Development Of China’S Network And Information Security, Jiwu Jing

Bulletin of Chinese Academy of Sciences (Chinese Version)

No abstract provided.

Accurately Grasp The New Features Of Cybersecurity Technology Development And Fully Promote The Modernization Of National Security System And Capabilities, Dengguo Feng

Bulletin of Chinese Academy of Sciences (Chinese Version)

No abstract provided.

The Role Of It In Campus Sustainability Efforts: Model Sustainability In It Operations, Infrastructure, Cybersecurity, And Teaching And Learning, J. T. Singh, Kevin Partridge, Teresa Hudson, Pete Calvert

Sustainability Research & Practice Seminar Presentations

JT Singh (and colleagues), WCU Information Services and Technology - The Role of IT in Campus Sustainability Efforts

The Infosys Times, Vol. 7, No. 1, Collen

The Infosys TIMES

• Cyber Security Awareness Week
• Anderson Trucking Field Visit
• The Values of Data Analytic Skills
• Information Systems Club: Meeting with CentraCare's IT Department
• Graduate Assistant for Digital Forensic Lab
• Data Analytics Certificates
• Study Abroad for 2 Weeks & Earn 6 Credits!

The Infosys Times, Vol.6, No.2, Collen

The Infosys TIMES

• Teaching in the Challenging Times of Covid-19 Pandemic
• Farewell to Dr. Dien Phan
• Grants Received for Installing the Department's First Digital Forensic Lab
• Meet the New Faculty
• Stringline Video Shoot
• Cyber Security Awareness Week
• Today's Technology Opportunities for Women Leaders
• Excellence in Leadership Award Recipients
• Alumni Updates
• InfoSys Diaries
• $9,332 Research Fund received from Jazan University, Saudi Arabia
• The National Society of Leadership and Success Experience

Emerging Trends In Cybercrime Awareness In Nigeria, Ogochukwu Favour Nzeakor, Bonaventure N. Nwokeoma, Ibrahim Hassan, Benjamin Okorie Ajah, John T. Okpa

International Journal of Cybersecurity Intelligence & Cybercrime

The study examined the current trend in cybercrime awareness and the relationship such trend has with cybercrime vulnerability or victimization. Selecting a sample of 1104 Internet users from Umuahia, Abia State, Nigeria, We found that: 1) awareness of information security was high in that about 2 in every 3 (68%) participants demonstrated a favorable awareness of information security and cybercrime. It was, however, revealed that such a high level of awareness could be partial and weak. 2) most Internet users demonstrated the awareness of fraud-related cybercrime categories (39%), e-theft (15%), hacking (12%), and ATM theft (10%). However, they were rarely …

Understanding Deviance And Victimization In Cyber Space Among Diverse Populations, Insun Park

International Journal of Cybersecurity Intelligence & Cybercrime

Recent years have witnessed a growing academic interest in deviance and victimization in the cyber space. The current issue of the International Journal of Cybersecurity Intelligence and Cybercrime features three empirical research articles on online behavior of traditionally under-researched populations and a review of much waited book on digital forensics and investigation. This paper was prepared to introduce these important scholarly works in the context of newly emerging scholarship that focuses on the experiences of diverse subgroups in cyberspace.

Aggressive Reality Docuseries And Cyberbullying: A Partial Test Of Glaser’S Differential Identification Theory, J. Ra’Chel Fowler, Darren R. Beneby, Kenethia L. Fuller

International Journal of Cybersecurity Intelligence & Cybercrime

Reality docuseries have dominated primetime airwaves for the greater part of three decades. However, little is known about how viewers who are enamored with the genre’s most aggressive characters are influenced. Using Glaser’s (1956) theory of differential identification, this study employs survey data from 210 college students at a historically Black college and university to explore whether identification with characters from aggressive reality docuseries (ARDs) and the frequency of viewing ARD are positively associated with cyberbullying. Results of multivariate analyses revealed that men were more likely than women to publicly shame others and air other’s dirty laundry online. Additionally, the …

Book Review: Digital Forensics And Cyber Investigation

International Journal of Cybersecurity Intelligence & Cybercrime

No abstract provided.

Vulcurator: A Vulnerability-Fixing Commit Detector, Truong Giang Nguyen, Cong Thanh Le, Hong Jin Kang, Xuan-Bach D. Le, David Lo

Research Collection School Of Computing and Information Systems

Open-source software (OSS) vulnerability management process is important nowadays, as the number of discovered OSS vulnerabilities is increasing over time. Monitoring vulnerability-fixing commits is a part of the standard process to prevent vulnerability exploitation. Manually detecting vulnerability-fixing commits is, however, time-consuming due to the possibly large number of commits to review. Recently, many techniques have been proposed to automatically detect vulnerability-fixing commits using machine learning. These solutions either: (1) did not use deep learning, or (2) use deep learning on only limited sources of information. This paper proposes VulCurator, a tool that leverages deep learning on richer sources of information, …