发布求助
文献互助 智能选刊 最新文献

2015 World Congress on Internet Security (WorldCIS)最新文献

筛选
英文 中文
An ethnographic study to assess the enactment of information security culture in a retail store 一项评估零售商店资讯安全文化制定的人种志研究
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-12-16 DOI: 10.1109/WorldCIS.2015.7359415
A. Greig, K. Renaud, Stephen Flowerday
{"title":"An ethnographic study to assess the enactment of information security culture in a retail store","authors":"A. Greig, K. Renaud, Stephen Flowerday","doi":"10.1109/WorldCIS.2015.7359415","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359415","url":null,"abstract":"The behaviour of the employee has the potential to either strengthen or weaken security, and it is therefore vital to foster a culture of security within organizations. The hope is that such a culture will ensure that behaviour becomes more secure over time, essentially reducing security incidents. Organizations attempt to nurture such a culture, mostly by means of educating their employees and having a comprehensive set of regularly-updated security policies. They are required to carry out regular security audits. These are usually in the form of checkbox-type assessments, ascertaining that the organization has all the correct mechanisms in place to maximize security of information. We carried out an ethnographic investigation into the security culture of a single retail store that is part of a large nationwide organization in the United Kingdom. The study surprisingly revealed poor security culture, despite the organization as a whole seemingly following good practice with respect to education and policy.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122536425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Securing the internet through the detection of anonymous proxy usage 通过检测匿名代理使用来保护互联网
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-22 DOI: 10.1109/WorldCIS.2015.7359434
Shane Miller, K. Curran, T. Lunney
{"title":"Securing the internet through the detection of anonymous proxy usage","authors":"Shane Miller, K. Curran, T. Lunney","doi":"10.1109/WorldCIS.2015.7359434","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359434","url":null,"abstract":"Businesses and educational facilities employ network filtering to control what internet sites their users access. This is done to help protect network assets, to protect data from being stolen and to comply with company policies on internet usage. Anonymous proxies can be used to bypass most filtering systems put in place and this can remove the protection that the filtering systems provide. Unless the web proxy being used is being hosted by the end user or someone they know, then the identity of whoever is hosting the proxy is unknown and they are potentially untrustworthy. The proxy website could have been set up to eavesdrop on the data flow between the end user's machine and the internet. Sites like this would normally log information for later inspection and data sent from a business user's machine could contain confidential information about the company or the user. This research aims to identify the characteristics or signatures whenever a user is using a web proxy by developing a Detection System that records packets and analyses them looking for identifying patterns of web proxies. One of the main focuses of the research will be detecting the usage of proxy websites that use SSL encryption.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133621124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Analysing threats in cloud storage 分析云存储中的威胁
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359411
F. Yahya, R. Walters, G. Wills
{"title":"Analysing threats in cloud storage","authors":"F. Yahya, R. Walters, G. Wills","doi":"10.1109/WorldCIS.2015.7359411","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359411","url":null,"abstract":"Cloud storage is becoming an option for users in keeping their data online, but it comes with the security threats and challenges of protecting their data from threats. Many security frameworks have been suggested by existing studies, governing bodies, industry standards etc. as guidelines to be implemented by cloud service providers (CSPs) but the complete set of controls cannot be fully implemented due to several challenges such as decreasing availability, less user convenience, need of a robust infrastructure etc. Therefore, there is a need to investigate the security requirements and threats which will enable efficient security protection to protect data in cloud storage. This paper will discuss security requirements and analyses existing cloud security threats. The threats will be modelled in a cloud storage scenario. Future work will involve confirming the security framework using a triangulation method. This will involve confirming the idea with experts and simulations of the designated security requirements on cloud storage that will be used to test the framework.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125990261","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Provoking security: Spoofing attacks against crypto-biometric systems 挑衅安全:针对加密生物识别系统的欺骗攻击
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359416
Christina-Angeliki Toli, B. Preneel
{"title":"Provoking security: Spoofing attacks against crypto-biometric systems","authors":"Christina-Angeliki Toli, B. Preneel","doi":"10.1109/WorldCIS.2015.7359416","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359416","url":null,"abstract":"Over the past decade, the trustworthiness of biometrics during authentication, and mostly, verification processes has been compromised by spoofing attackers sprang up to exploit the security gaps. In terms of spoofing, a non-colluding honest entity tries to fake somebody else's identity by presenting samples of that person's traits, or tries to gain benefit from the “leakage” of stored biometric information in a database or an electronic chip. Literature efforts are devoted to studying model threats and problems raised by targeted malicious actions for biometric systems. However, prevention mechanisms for supporting complicated schemes and the cryptography's role in the area have not received much attention. This paper presents crypto-biometric techniques, analyzing comparatively the different categories according to the main goal of the design and the methodology used in. Intrusions and countermeasures for single and multiple modalities based cryptographic approaches are covered. Finally, a novel bimodal system is suggested, able to reject such kind of attacks, presenting an anti-spoofing behavior under the cooperation between user and the function. The aim of this multidisciplinary work is to organize the current performances on how to develop security, pinpoint the potentiality for improvements and contribute to research in addressing fraud for real-world cases.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124869609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Development of an anti-forensic tool for hiding message in a directory index of NTFS 在NTFS目录索引中隐藏消息的反取证工具的开发
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359431
Gyusang Cho
{"title":"Development of an anti-forensic tool for hiding message in a directory index of NTFS","authors":"Gyusang Cho","doi":"10.1109/WorldCIS.2015.7359431","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359431","url":null,"abstract":"This research is about a development of software tool for hiding message in a directory index in Windows NTFS file system. A method of hiding message in directory index slack space is a newly proposed technique. A B-tree is adopted to manage file indexes in a directory in NTFS. Operating characteristics of the B-tree is utilized for hiding message in the slack space of an index record. Not to be revealed the hidden message, we make use of a disguised file name for a MFT entry. To develop the tool for the proposed method, we use Visual Studio 2013 with C/C++ and MFC class and a program type is a Windows dialog based application. The program has features to control a message length from 8 characters to n characters, to select working path, to make directory name and to attach file name prefix and suffix. We show screen shots of the developed tool and the case of the hidden messages in the index record.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122328523","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Ecurrency threat modeling and hardening 货币威胁建模和强化
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359412
Aspen Olmsted
{"title":"Ecurrency threat modeling and hardening","authors":"Aspen Olmsted","doi":"10.1109/WorldCIS.2015.7359412","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359412","url":null,"abstract":"In this paper we investigate the problem of providing application domain security constraints to distributed systems will maintaining high availability. This study uses the application domain of business loyalty incentives as a motivating example. The loyalty incentives are earned through electronic point and currency programs while the modeled system ensures the incentives are not vulnerable to cyber-attack. We consider five loyalty activity categories rewarded by companies to their patrons; social networking rewards, web-site browsing rewards, mobile browsing rewards and referral/social circle rewards. We document vulnerabilities with each activity category, propose and implement a solution that will ensure the activity being rewarded is the activity that is intended by the reward program.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"418 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121822918","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Security analysis of revocable and bipartite biotokens 可撤销和二分生物令牌的安全性分析
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359422
Neyire Deniz Sarier
{"title":"Security analysis of revocable and bipartite biotokens","authors":"Neyire Deniz Sarier","doi":"10.1109/WorldCIS.2015.7359422","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359422","url":null,"abstract":"In this paper, we analyze the security of bipartite biotokens that release a secret key hidden in the biotoken by using biometrics. We show that the biotoken encoding of 80/112/128-bit symmetric encryption keys are vulnerable to brute force attacks, whose complexity is lower than cryptographic security. Also, we present the weaknesses in the design of revocable biotokens that form the basis for bipartite biotokens. Finally, we propose countermeasures to prevent these attacks and discuss the employment of other efficient cryptographic techniques that possess provable security guarantees.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128386454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Runtime-behavior based malware classification using online machine learning 使用在线机器学习的基于运行时行为的恶意软件分类
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359437
Abdurrahman Pektas, T. Acarman, Yliès Falcone, Jean-Claude Fernandez
{"title":"Runtime-behavior based malware classification using online machine learning","authors":"Abdurrahman Pektas, T. Acarman, Yliès Falcone, Jean-Claude Fernandez","doi":"10.1109/WorldCIS.2015.7359437","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359437","url":null,"abstract":"Identification of malware's family is an intricate process whose success and accuracy depends on different factors. These factors are mainly related to the process of extracting of meaningful and distinctive features from a set of malware samples, modeling malware via its static or dynamic features and particularly techniques used to classify malware samples. In this paper, we propose a new malware classification method based on behavioral features. File system, network, registry activities observed during the execution traces of the malware samples are used to represent behavior based features. Existing classification schemes apply machine-learning algorithms to the stored data, i.e., they are off-line. In this study, we use on-line machine learning algorithms that can provide instantaneous update about the new malware sample by following its introduction to the classification scheme. To validate the effectiveness and scalability of our method, we have evaluated our method by using 18,000 recent malicious files. Experimental results show that our method classifies malware with an accuracy of 92.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129509901","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Ensemble learning utilising feature pairings for intrusion detection 利用特征对进行入侵检测的集成学习
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359407
Michael Milliken, Y. Bi, L. Galway, G. Hawe
{"title":"Ensemble learning utilising feature pairings for intrusion detection","authors":"Michael Milliken, Y. Bi, L. Galway, G. Hawe","doi":"10.1109/WorldCIS.2015.7359407","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359407","url":null,"abstract":"Network intrusions may illicitly retrieve data/information, or prevent legitimate access. Reliable detection of network intrusions is an important problem, misclassification of an intrusion is an issue in and of itself reducing overall accuracy of detection. A variety of potential methods exist to develop an improved system to perform classification more accurately. Feature selection is one potential area that may be utilized to successfully improve performance by initially identifying sets and subsets of features that are relevant and nonredundant. Within this paper explicit pairings of features have been investigated in order to determine if the presence of pairings has a positive effect on classification, potentially increasing the accuracy of detecting intrusions correctly. In particular, classification using the ensemble algorithm, StackingC, with F-Measure performance and derived Information Gain Ratio, as well as their subsequent correlation as a combined measure, is presented.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"103 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117312256","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Founding a cybersecurity club in a higher education environment: A case study 在高等教育环境中建立网络安全俱乐部:一个案例研究
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359430
M. Piazza, Aspen Olmsted
{"title":"Founding a cybersecurity club in a higher education environment: A case study","authors":"M. Piazza, Aspen Olmsted","doi":"10.1109/WorldCIS.2015.7359430","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359430","url":null,"abstract":"There are numerous concerns on an enterprise network. Especially one populated by uncontrollable users and devices. The network this paper focuses on is the network of an academic higher education institution. This paper will concentrate on a case study of how to facilitate the formation of an on-campus cybersecurity student-run club. In our case, we had to find a way to segregate unwanted, possibly malicious traffic and activity from the sensitive main campus network. We propose the use of an entirely separate private network for the club's use only. The club must manage the private network to provide ample learning opportunities for the members. Appropriate safeguards should be in place between the private network and the Internet. However, those safeguards should be entirely selected, deployed, and maintained by the club. Approval from and consultations with the university's Information and security divisions is crucial for members' learning.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130910674","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信