Biola University
University of New Haven
Clark University
University of East London
Seton Hall University
CCT College Dublin
Eastern Michigan University
Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach,
2023
Singapore Management University
Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach, Tien Mai, Arunesh Sinha
Research Collection School Of Computing and Information Systems
Vaccine delivery in under-resourced locations with security risks is not just challenging but also life threatening. The COVID pandemic and the need to vaccinate added even more urgency to this issue. Motivated by this problem, we propose a general framework to set-up limited temporary (vaccination) centers that balance physical security and desired (vaccine) service coverage with limited resources. We set-up the problem as a Stackelberg game between the centers operator (defender) and an adversary, where the set of centers is not fixed a priori but is part of the decision output. This results in a mixed combinatorial and continuous optimization …
Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs,
2023
Arcadia University
Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs, Jazmin Collins, Vitaly Ford
Journal of Cybersecurity Education, Research and Practice
The use of the Capture the Flag (CTF)-style competitions has grown popular in a variety of environments as a method to improve or reinforce cybersecurity techniques. However, while these competitions have shown promise in student engagement, enjoyment, and the teaching of essential workforce cybersecurity concepts, many of these CTF challenges have largely focused on cybersecurity as a general topic. Further, most in-school CTF challenges are designed with technical institutes in mind, prepping only experienced or upper-level students in cybersecurity studies for real-world challenges. Our paper aims to focus on the setting of a liberal arts institute, emphasizing secure coding as …
Lightweight Pairwise Key Distribution Scheme For Iots,
2023
California State University, Bakersfield
Lightweight Pairwise Key Distribution Scheme For Iots, Kanwalinderjit Kaur
Journal of Cybersecurity Education, Research and Practice
Embedding a pairwise key distribution approach in IoT systems is challenging as IoT devices have limited resources, such as memory, processing power, and battery life. This paper presents a secure and lightweight approach that is applied to IoT devices that are divided into Voronoi clusters. This proposed algorithm comprises XOR and concatenation operations for interactive authentication between the server and the IoT devices. Predominantly, the authentication is carried out by the server. It is observed that the algorithm is resilient against man-in-the-middle attacks, forward secrecy, Denial of Service (DoS) attacks, and offers mutual authentication. It is also observed that the …
Reinventing Cybersecurity Internships During The Covid-19 Pandemic,
2023
University of Southern Maine
Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman
Journal of Cybersecurity Education, Research and Practice
The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as cybersecurity workers prepared to do research, lead multidisciplinary, technical teams, and educate stakeholders and community members. CAP also reinforces leadership skills so that the next generation of cybersecurity professionals becomes a sustainable source of management talent for the program and profession. The remote curriculum innovatively builds non-technical professional skills (communications, teamwork, leadership) for cybersecurity research …
Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study,
2023
University of Alabama at Birmingham
Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh
Journal of Cybersecurity Education, Research and Practice
Internet-of-Things (IoT) research has primarily focused on identifying IoT devices' organizational risks with little attention to consumer perceptions about IoT device risks. The purpose of this study is to understand consumer risk perceptions for personal IoT devices and translate these perceptions into guidance for future research directions. We conduct a sequential, mixed-methods study using multi-panel Delphi and thematic analysis techniques to understand consumer risk perceptions. The results identify four themes focused on data exposure and user experiences within IoT devices. Our thematic analysis also identified several emerging risks associated with the evolution of IoT device functionality and its potential positioning …
Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic,
2023
University of West Florida
Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid
Journal of Cybersecurity Education, Research and Practice
The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted …
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution,
2023
University of Padua
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk
Journal of Cybersecurity Education, Research and Practice
Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: 1) they store employees and students sensitive data, 2) they save confidential documents, 3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of Redacted aimed to identify the people, and the features of such people, that are more susceptible to phishing attacks. We delivered phishing emails to 1.508 subjects in three separate batches, collecting a clickrate equal to 30%, 11% and 13%, respectively. We considered several features (i.e., age, gender, role, working/studying field, email template) …
Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies,
2023
Virginia Tech
Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant
Department of Electrical and Computer Engineering Faculty Publications
Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …
Challenges And Measurements For Governance Of Modern Cyber Space Society,
2022
MOE Key Lab for Intelligent Networks and Network Security, Xi'an Jiaotong University, Xi'an 710049, China
Challenges And Measurements For Governance Of Modern Cyber Space Society, Pinghui Wang, Hongbin Pei, Junzhou Zhao, Tao Qin, Chao Shen, Dongliang Liu, Xiaohong Guan
Bulletin of Chinese Academy of Sciences (Chinese Version)
The rapid development of information technology has unprecedentedly created a prosperous cyber society and greatly enhanced productivity facilitated by social interaction. At the same time, many problems emerge in the cyber society, such as telecom fraud, privacy leakage, Internet pollution, and algorithmic discrimination. The problems bring new challenges to social order and security. In order to find the way of cyber society governance and promote the modernization of national governance, this paper first presents the analyses on the new problems encountered in the cyber society in three typical scenarios, i.e., identity governance, behavior governance, and algorithm governance, as well as …
Payload-Byte: A Tool For Extracting And Labeling Packet Capture Files Of Modern Network Intrusion Detection Datasets,
2022
Army Cyber Institute, United States Military Academy
Payload-Byte: A Tool For Extracting And Labeling Packet Capture Files Of Modern Network Intrusion Detection Datasets, Yasir Farrukh, Irfan Khan, Syed Wali, David A. Bierbrauer, John Pavlik, Nathaniel D. Bastian
ACI Journal Articles
Adapting modern approaches for network intrusion detection is becoming critical, given the rapid technological advancement and adversarial attack rates. Therefore, packet-based methods utilizing payload data are gaining much popularity due to their effectiveness in detecting certain attacks. However, packet-based approaches suffer from a lack of standardization, resulting in incomparability and reproducibility issues. Unlike flow-based datasets, no standard labeled dataset exists, forcing researchers to follow bespoke labeling pipelines for individual approaches. Without a standardized baseline, proposed approaches cannot be compared and evaluated with each other. One cannot gauge whether the proposed approach is a methodological advancement or is just being benefited …
Software Supply Chain Security Attacks And Analysis Of Defense,
2022
Kennesaw State University
Software Supply Chain Security Attacks And Analysis Of Defense, Juanjose Rodriguez-Cardenas, Jobair Hossain Faruk, Masura Tansim, Asia Shavers, Corey Brookins, Shamar Lake, Ava Norouzi, Marie Nassif, Kenneth Burke, Miranda Dominguez
Symposium of Student Scholars
The Software Supply chain or SSC is the backbone of the logistics industry and is crucial to a business's success and operation. The surge of attacks and risks for the SSC has grown in coming years with each attack's impact becoming more significant. These attacks have led to the leaking of both client and company sensitive information, corruption of the data, and having it subject to malware and ransomware installation, despite new practices implemented and investments into SSC security and its branches that have not stopped attackers from developing new vulnerabilities and exploits. In our research, we have investigated Software …
Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization,
2022
Kennesaw State University
Secure Cloud-Based Iot Water Quality Gathering For Analysis And Visualization, Soin Abdoul Kassif Baba M Traore
Symposium of Student Scholars
Water quality refers to measurable water characteristics, including chemical, biological, physical, and radiological characteristics usually relative to human needs. Dumping waste and untreated sewage are the reasons for water pollution and several diseases to the living hood. The quality of water can also have a significant impact on animals and plant ecosystems. Therefore, keeping track of water quality is a substantial national interest. Much research has been done for measuring water quality using sensors to prevent water pollution. In summary, those systems are built based on online and reagent-free water monitoring SCADA systems in wired networks. However, centralized servers, transmission …
Addressing Human Error Through Effective Cyber Policy Design,
2022
University at Albany, State University of New York
Addressing Human Error Through Effective Cyber Policy Design, Katherine Amoresano
Emergency Preparedness, Homeland Security, and Cybersecurity
Human error is a significant contributing factor to the rise in Cybersecurity attacks regardless of increased technical control implemented to safeguard Information systems. Adversaries can circumvent technical safeguards due to human errors which result from inadequate enforceable policies and training on Cybersecurity for the everyday user. Several studies and articles show that the majority of successful attacks are human enabled, proving the need for human-centric cybersecurity research and practices. This exploratory work reviews the human aspect of Cybersecurity by investigating the cybersecurity policies at SUNY Albany and other SUNY institutions. We used a survey of students and faculty members at …
Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing,
2022
University of South Alabama
Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing, Matthew A. Peterson
Theses and Dissertations
Selfish mining is an attack against a blockchain where miners hide newly discovered blocks instead of publishing them to the rest of the network. Selfish mining has been a potential issue for blockchains since it was first discovered by Eyal and Sirer. It can be used by malicious miners to earn a disproportionate share of the mining rewards or in conjunction with other attacks to steal money from network users. Several of these attacks were launched in 2018, 2019, and 2020 with the attackers stealing as much as $18 Million. Developers made several different attempts to fix this issue, but …
A Cybersecurity Assessment Of Health Data Ecosystems,
2022
Boise State University
A Cybersecurity Assessment Of Health Data Ecosystems, Michelle N. Halsey
Cyber Operations and Resilience Program Graduate Projects
This paper is an exploratory study that investigates data collected and used by health plans and reviews the laws and regulations governing this data to identify the gaps in protections and provide recommendations for eliminating these gaps. Health insurance companies collect a wide array of data about the people they insure, data that is often only peripherally relevant to the service these companies provide. The data environment currently consists of seven categories of data: personal health information, summary health information, personally identifiable information, financial information, professional information, biometric information, and lifestyle data or social indicators of health. Much of this …
Sleepmore: Inferring Sleep Duration At Scale Via Multi-Device Wifi Sensing,
2022
Singapore Management University
Sleepmore: Inferring Sleep Duration At Scale Via Multi-Device Wifi Sensing, Camellia Zakaria, Gizem Yilmaz, Priyanka Mammen, Michael Chee, Prashant Shenoy, Rajesh Krishna Balan
Research Collection School Of Computing and Information Systems
The availability of commercial wearable trackers equipped with features to monitor sleep duration and quality has enabled more useful sleep health monitoring applications and analyses. However, much research has reported the challenge of long-term user retention in sleep monitoring through these modalities. Since modern Internet users own multiple mobile devices, our work explores the possibility of employing ubiquitous mobile devices and passive WiFi sensing techniques to predict sleep duration as the fundamental measure for complementing long-term sleep monitoring initiatives. In this paper, we propose SleepMore, an accurate and easy-to-deploy sleep-tracking approach based on machine learning over the user's WiFi network …
Secure Decentralized Blockchain Based Web Application For Medical Records,
2022
Kennesaw State University
Secure Decentralized Blockchain Based Web Application For Medical Records, Sri Harshini Popuri, Liang Zhao
Symposium of Student Scholars
The online storage and sharing of electronic health records has undergone a paradigm shift in recent years. The introduction of a centralized cloud computing concept to streamline records transfer between patients and healthcare providers has been an easy task. As a result, the availability of electronically stored health records with minimal operational costs is made possible, but the primary concern is related to the privacy and security of records. How can we securely exchange medical documents online while maintaining strong security standards? This research suggests a framework that fuses online federated learning with blockchain technology. In particular, we develop a …
Studies On The Development Of China’S Network And Information Security,
2022
School of Cryptography, University of Chinese Academy of Sciences, Beijing 100049, China
Studies On The Development Of China’S Network And Information Security, Jiwu Jing
Bulletin of Chinese Academy of Sciences (Chinese Version)
No abstract provided.
Accurately Grasp The New Features Of Cybersecurity Technology Development And Fully Promote The Modernization Of National Security System And Capabilities,
2022
Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
Accurately Grasp The New Features Of Cybersecurity Technology Development And Fully Promote The Modernization Of National Security System And Capabilities, Dengguo Feng
Bulletin of Chinese Academy of Sciences (Chinese Version)
No abstract provided.
The Role Of It In Campus Sustainability Efforts: Model Sustainability In It Operations, Infrastructure, Cybersecurity, And Teaching And Learning,
2022
West Chester University of Pennsylvania
The Role Of It In Campus Sustainability Efforts: Model Sustainability In It Operations, Infrastructure, Cybersecurity, And Teaching And Learning, J. T. Singh, Kevin Partridge, Teresa Hudson, Pete Calvert
Sustainability Research & Practice Seminar Presentations
JT Singh (and colleagues), WCU Information Services and Technology - The Role of IT in Campus Sustainability Efforts
