发布求助
文献互助 智能选刊 最新文献

2016 Cybersecurity and Cyberforensics Conference (CCC)最新文献

筛选
英文 中文
Improving Resilience by Deploying Permuted Code onto Physically Unclonable Unique Processors 通过在物理上不可克隆的唯一处理器上部署排列代码来提高弹性
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-10-20 DOI: 10.1109/CCC.2016.30
A. Assmuth, W. Cockshott, Jana Kipke, K. Renaud, Lewis Mackenzie, W. Vanderbauwhede, Matthias Söllner, Tilo Fischer, G. Weir
{"title":"Improving Resilience by Deploying Permuted Code onto Physically Unclonable Unique Processors","authors":"A. Assmuth, W. Cockshott, Jana Kipke, K. Renaud, Lewis Mackenzie, W. Vanderbauwhede, Matthias Söllner, Tilo Fischer, G. Weir","doi":"10.1109/CCC.2016.30","DOIUrl":"https://doi.org/10.1109/CCC.2016.30","url":null,"abstract":"Industrial control systems (ICSs) are, at present, extremely vulnerable to cyber attack because they are homogenous and interconnected. Mitigating solutions are urgently required because systems breaches can feasibly lead to fatalities. In this paper we propose the deployment of permuted code onto Physically Unclonable Unique Processors in order to resist common cyber attacks. We present our proposal and explain how it would resist attacks from hostile agents.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134050164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Cybersecurity and the Unbearability of Uncertainty 网络安全和不确定性的不可承受性
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-10-20 DOI: 10.1109/CCC.2016.29
K. Renaud, G. Weir
{"title":"Cybersecurity and the Unbearability of Uncertainty","authors":"K. Renaud, G. Weir","doi":"10.1109/CCC.2016.29","DOIUrl":"https://doi.org/10.1109/CCC.2016.29","url":null,"abstract":"Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks. Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not. The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121704981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Management Attitudes toward Information Security in Omani Public Sector Organisations 阿曼公共部门组织对信息安全的管理态度
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-10-20 DOI: 10.1109/CCC.2016.28
Fathiya Al Izki, G. Weir
{"title":"Management Attitudes toward Information Security in Omani Public Sector Organisations","authors":"Fathiya Al Izki, G. Weir","doi":"10.1109/CCC.2016.28","DOIUrl":"https://doi.org/10.1109/CCC.2016.28","url":null,"abstract":"The incorporation of ICT in public sector organisations is progressing rapidly in Oman where the government sees this as a means to enhance the delivery of online services. In this context, preserving the security of information, and making Information Security a core organisational aspect in public sector organisations, requires attention from management. Our research is the first known attempt to gauge management attitudes toward Information Security in Oman. We also consider how such attitudes influence Information Security governance. In addressing these issues, we review current compliance with Information Security procedures in Omani public sector organisations, review management attitudes toward Information Security governance practices, and explore how management attitudes toward Information Security impact upon these aspects.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115795314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Exploiting Vulnerability Disclosures: Statistical Framework and Case Study 利用漏洞披露:统计框架和案例研究
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-10-18 DOI: 10.1109/CCC.2016.10
Mingjian Tang, M. Alazab, Yuxiu Luo
{"title":"Exploiting Vulnerability Disclosures: Statistical Framework and Case Study","authors":"Mingjian Tang, M. Alazab, Yuxiu Luo","doi":"10.1109/CCC.2016.10","DOIUrl":"https://doi.org/10.1109/CCC.2016.10","url":null,"abstract":"With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134443567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Android Forensics: Investigating Social Networking Cybercrimes against Man-in-the-Middle Attacks Android取证:针对中间人攻击调查社交网络网络犯罪
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-08-01 DOI: 10.1109/CCC.2016.15
K. Zaabi
{"title":"Android Forensics: Investigating Social Networking Cybercrimes against Man-in-the-Middle Attacks","authors":"K. Zaabi","doi":"10.1109/CCC.2016.15","DOIUrl":"https://doi.org/10.1109/CCC.2016.15","url":null,"abstract":"Cyber-attacks are on the rise due to the increased usage of social networking application's built-in Android devices via Wi-Fi connections, which has resulted in privacy issues. Several studies have been conducted to investigate Android phones, however, none of these have proposed a comprehensive Android investigation method, which begins with a Man-in-the-Middle attack and ending in a criminal investigation. The purpose of this research is to propose an Android forensics framework against such Wi-Fi attacks, using advanced forensic tools, such as the Cellebrite Universal Forensic Extraction Device and the Oxygen. This will assist the researcher to prove the suggested arguments in the following: 1. To implement guidelines for the forensic examiners, especially for those new in the field of forensics, and 2. To guide Android and social networking application developers to enhance the level of security. Furthermore, this study recommends the best data extraction methods designed for Android devices.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130771289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Proposed Model for Malicious Spam Detection in Email Systems of Educational Institutes 一种针对教育机构电子邮件系统的恶意垃圾邮件检测模型
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-08-01 DOI: 10.1109/CCC.2016.24
Aisha Zaid, Ja'far Alqatawna, Ammar Huneiti
{"title":"A Proposed Model for Malicious Spam Detection in Email Systems of Educational Institutes","authors":"Aisha Zaid, Ja'far Alqatawna, Ammar Huneiti","doi":"10.1109/CCC.2016.24","DOIUrl":"https://doi.org/10.1109/CCC.2016.24","url":null,"abstract":"The cheapest form of communication in the world today is email, and its simplicity makes it vulnerable to many threats. One of the most important threats to email is spam, unsolicited email, normally with an advertising content sent out as a mass mailing. Malicious spam is spam with malicious content in forms of harmful attachments or links to phishing websites. In the case of educational institutes, malicious spam threatens the privacy and security of large amount of sensitive data relating to staff and students. Hence, a system that can automatically learn how to classify malicious spam in educational institutes is highly desirable. In this paper, we aim to improve detection of malicious spam through feature selection, with focus on the educational field. We propose a model that employs a novel dataset for the process of feature selection, a step for improving classification in later stage. This dataset is unprecedented as no research in the literature was intended to serve malicious spam detection in a specific domain or field such as the educational field. Feature selection is expected to improve training time and accuracy of malicious spam detection.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114827471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Analyzing CyberCrimes Strategies: The Case of Phishing Attack 网络犯罪策略分析:以网络钓鱼攻击为例
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-08-01 DOI: 10.1109/CCC.2016.25
Rola Al Halaseh, Ja'far Alqatawna
{"title":"Analyzing CyberCrimes Strategies: The Case of Phishing Attack","authors":"Rola Al Halaseh, Ja'far Alqatawna","doi":"10.1109/CCC.2016.25","DOIUrl":"https://doi.org/10.1109/CCC.2016.25","url":null,"abstract":"The growth in technology usage came along with many risks and increase in cybercrimes incidents. Phishing attacks are a form of cybercrimes by which attackers trick victims in order to obtain personal and sensitive information. Phishers motivations include gaining unauthorized information and access, cause financial loss and many more negative impacts. While cybercriminals keep developing their techniques, investigating different attack styles and methodologies are important steps toward developing effective protection mechanisms. This paper contributes to this direction by presenting and analyzing various phishing attack styles including Nigerian, Ghanaian, Chinese and Russian cybercrime styles. Due to richness of learning resources Russians and Chinese were found to be using more advanced techniques than Ghanaians and Nigerians who has limited resources.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132498820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Fraud Prevention Framework for Electronic Business Environments: Automatic Segregation of Online Phishing Attempts 电子商业环境的欺诈预防框架:自动隔离网络钓鱼企图
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-08-01 DOI: 10.1109/CCC.2016.17
Nazeeh Ghatasheh
{"title":"Fraud Prevention Framework for Electronic Business Environments: Automatic Segregation of Online Phishing Attempts","authors":"Nazeeh Ghatasheh","doi":"10.1109/CCC.2016.17","DOIUrl":"https://doi.org/10.1109/CCC.2016.17","url":null,"abstract":"In the era of digital economy and high penetration rate of technology, cybercrime is taking over a great span of the cyberworld. Novice to experienced users are subject to being victims to cyber criminals. Phishing attempts lead to critical issues and risks for online users, and for companies as well. This research proposes a framework for fraud prevention by enabling the automatic detection of malicious websites. The applicability of the framework is validated by various types of experiments. The experiments tries to model phishing websites using various algorithms and approaches, including hybrid approaches. It is apparent that the performance of Random Forest Trees algorithm overperformed several other algorithms. Accordingly, the framework is proved to be useful in the segregation of malicious online content and phishing attempts. In addition the results call for more investigation and improvement in fraud prevention approaches.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126409281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Websites' Input Validation and Input-Misuse-Based Attacks 网站输入验证和基于输入滥用的攻击
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-08-01 DOI: 10.1109/CCC.2016.31
I. Alsmadi, Iyad Alazzam
{"title":"Websites' Input Validation and Input-Misuse-Based Attacks","authors":"I. Alsmadi, Iyad Alazzam","doi":"10.1109/CCC.2016.31","DOIUrl":"https://doi.org/10.1109/CCC.2016.31","url":null,"abstract":"Websites typically include many forms or web elements that allow users to enter and submit data. This data will be eventually executed in the back-end databases. Users can, intentionally or unintentionally enter improper input data that, if reach those back-end databases, may cause some serious security or damaging problems. For proper user interface design as well as for security reasons, it is important for web-designers to consider input-validation techniques at the user interface level or as early as possible. The goal is to stop further actions for any invalid input data. In this paper, we conducted an evaluation study of how much input validation is used by web-designers. We used some of the web attacks that target improper input validations as indicators to show the quality of the input validation process for the evaluated websites. Results showed that those types of attacks continue to be effective and serious methods. Results showed also that there is a need for systematic and frequent evaluation for those websites to ensure that basic input validation guidelines are observed.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131648487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Boosting Usability for Protecting Online Banking Applications Against APTs 提高保护网上银行应用程序免受apt攻击的可用性
2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-08-01 DOI: 10.1109/CCC.2016.13
Mohannad J. Alhanahnah, D. Chadwick
{"title":"Boosting Usability for Protecting Online Banking Applications Against APTs","authors":"Mohannad J. Alhanahnah, D. Chadwick","doi":"10.1109/CCC.2016.13","DOIUrl":"https://doi.org/10.1109/CCC.2016.13","url":null,"abstract":"With the advent of Advanced Persistent Threats (APTs) and exploits such as Eurograbber, we can no longer trust the user's PC or mobile phone to be honest in their transactions with banks. This paper reviews the current state of the art in protecting PCs from malware and APTs that can modify banking transactions, and identifies their strengths and weaknesses. It then proposes an enhanced USB device based on speech and vision. User trials with a software prototype show that such a device is both user friendly and that users are less susceptible to accepting subtly modified transaction with this device than with other vision only USB devices. Since human factors are usually the weakest point in the security chain, and are often the way that APT actors perform their attacks, the focus of the proposed solution is on improving the usability of existing USB devices. However the device is still not failsafe, and therefore may not be as preferable as Sm@rt TAN-plus that is currently used by many German banks.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134201339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信