发布求助
文献互助 智能选刊 最新文献

2019 International Conference on Cybersecurity (ICoCSec)最新文献

筛选
英文 中文
Unintentional Insider Threats Countermeasures Model (UITCM) 无意内部威胁对策模型(UITCM)
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970986
Z. A. A. Abdelsadeq, S. N. Omar, N. Basir, Nur Fatin Nabila Binti Mohd Rafei Heng
{"title":"Unintentional Insider Threats Countermeasures Model (UITCM)","authors":"Z. A. A. Abdelsadeq, S. N. Omar, N. Basir, Nur Fatin Nabila Binti Mohd Rafei Heng","doi":"10.1109/ICoCSec47621.2019.8970986","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970986","url":null,"abstract":"Most organisations see technological controls as the solution to their information security problems. However, with all these technologies, it was evidently investigated that human errors are unavoidable.Unintentional insider is the biggest insider threat of all.Thus the objective of this paper is to propose a conceptual model as a countermeasure towards unintentional insider threats The proposed model in this research was adapted from (Generic Mitigation Strategies for Information Leaks) developed by Wan (2018) and (2019), It was expanded by combining it with UIT Mitigation Strategies and Countermeasures recommendations mentioned by previous studies.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"225 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132127002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Qos Approach For Internet Of Things (Iot) Environment Using Mqtt Protocol 基于Mqtt协议的物联网(Iot)环境的Qos方法
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8971097
Abdulrahman Sameer Sadeq, R. Hassan, S. S. Al-Rawi, Ahmed Mahdi Jubair, A. Aman
{"title":"A Qos Approach For Internet Of Things (Iot) Environment Using Mqtt Protocol","authors":"Abdulrahman Sameer Sadeq, R. Hassan, S. S. Al-Rawi, Ahmed Mahdi Jubair, A. Aman","doi":"10.1109/ICoCSec47621.2019.8971097","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8971097","url":null,"abstract":"Internet of Things (IoT) has been emerged as promising technology. The limited resources of the IoT objects have resulted in restrictions in data transfer. New protocols have been proposed to meet these requirements and restrictions. Message Queue Telemetry Transport (MQTT), Constrain Application Protocol (CoAP) and many other IoT application protocols have been proposed. In this paper a Quality of Service (QoS) approach using MQTT for IoT environment is proposed. MQTT provides three levels of QoS for different classes of traffic. However, the traffic flow between subscribers and publishers is not controlled since publishers send data to broker and broker forwards it to subscribers. The absent of reliable end to end flow control can result in an increased number of packet loss and delay. A flow control mechanism is designed to overcome the flow control problem of MQTTwhere publisher can overwhelm subscriber. The suggested flow control mechanism reduced the packet drop to 98%, while e2e delay reduced to 64% compared to the standard MQTT implementation.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131074804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Using Text Annotation Tool on Cyber Security News — A Review 使用文本注释工具处理网络安全新闻综述
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970885
M. S. Abdullah, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim
{"title":"Using Text Annotation Tool on Cyber Security News — A Review","authors":"M. S. Abdullah, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim","doi":"10.1109/ICoCSec47621.2019.8970885","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970885","url":null,"abstract":"Cyber-attack has become one of the main concern in our everyday life and being reported throughout online news website. As thousands of news article existed, it is difficult to go through all the news which lead to a slower analyzing process. Hence, a vital text mining component known as Information Extraction (IE) is needed in order to ease the knowledge discovery process for the wide collection of the cyber security news. To make IE process better and easier, the usage of tool such as General Architecture for Text Engineering (GATE) can help a lot especially in creating annotated corpus. In this paper, we will introduce and reviewing several annotation tools that are freely available and also to discuss steps needed to create an annotated corpus for the cyber security text documents.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126450610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Feature Extraction and Selection Method of Cyber-Attack and Threat Profiling in Cybersecurity Audit 网络安全审计中网络攻击与威胁分析特征提取与选择方法
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970786
Khairun Nisyak Zakaria, A. Zainal, S. H. Othman, Mohamad Nizam Kassim
{"title":"Feature Extraction and Selection Method of Cyber-Attack and Threat Profiling in Cybersecurity Audit","authors":"Khairun Nisyak Zakaria, A. Zainal, S. H. Othman, Mohamad Nizam Kassim","doi":"10.1109/ICoCSec47621.2019.8970786","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970786","url":null,"abstract":"Public sector and private organizations began using cybersecurity control in order to defend their assets against cybercriminals attack. Cybersecurity audits assist organizations to deal with cyber threats, cybercriminals, and cyber-attacks thatare growing in an aggressive cyber landscape. However, cyber-attacks and threats become more increase and complex in complicated cyber landscapes challenge auditors to perform an effective cybersecurity audit. This current situation puts in evidens ce the critical need for a new approach in the cybersecurity audit execution. This study reviews an alternative method in the execution of cybersecurity security checks. The analysis is on the character and behavioral of cyber-attacks and threats using feature extraction and selection method to get crucial elements from the common group of cyber-attacks and threats. Cyber-attacks and threats profile are systematic approaches driven by a clear understanding of the form of cyber-attacks and threats character and behavior patterns in cybersecurity requirements. As a result, this study proposes cyber-attacks and threats profiling for cybersecurity audit as a set of control elements that are harmonized with audit components that drive audits based on cyber threats.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115239293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Review of Digital Wallet Requirements 检讨数码钱包的要求
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970996
Md Arif Hassan, Z. Shukur
{"title":"Review of Digital Wallet Requirements","authors":"Md Arif Hassan, Z. Shukur","doi":"10.1109/ICoCSec47621.2019.8970996","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970996","url":null,"abstract":"The financial industry has proven to be an important factor in our daily lives through the adaption of new technology. Fintech companies are driven towards enhancing financial services currently being provided by consecutive financial institutions. Digital wallet is the latest invention of finance technology, which is a great tool for making our payment transaction very easily and fast. Many digital wallet applications have already been developed and implemented in payment transactions. An effective number of cyber threats targetting the monetary system have made security an imperative component of the banking system. This paper outlines the digital wallets’ threats and also provides the requirements of digital wallets that technically try to address the fear of security customers as usual providers,,while assisting in the successful implementation of digital wallets.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128929493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Mobile Malware Classification for Social Media Application 针对社交媒体应用的移动恶意软件分类
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970800
M. Saudi, Azuan Ahmad, Sharifah Roziah Mohd Kassim, M. A. Husainiamer, Anas Zulkifli Kassim, N. J. Zaizi
{"title":"Mobile Malware Classification for Social Media Application","authors":"M. Saudi, Azuan Ahmad, Sharifah Roziah Mohd Kassim, M. A. Husainiamer, Anas Zulkifli Kassim, N. J. Zaizi","doi":"10.1109/ICoCSec47621.2019.8970800","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970800","url":null,"abstract":"Organisations and users face many challenges against smartphone in detecting mobile malware attacks. Many techniques have been developed by different solution providers to ensure that smartphones remain free from such attacks. Nonetheless, we still lack efficient techniques to detect mobile malware attacks, especially for the social media application. Hence, this paper presents mobile malware classifications based on API and permission that can be used for mobile malware detection with regard to the social media applications. A mobile malware classification based on correlation of malware behaviour, vulnerability exploitation and mobile phone has been developed for this purpose and a mobile application (app) has been sought to support this new classification. This research was conducted in a controlled lab environment using open source tools and by applying hybrid analysis. Based on the testing conducted, the results showed that the mobile apps were categorized as dangerous with 16% for call log exploitation, 13% for audio exploitation and 9% for GPS exploitation. These results indicated that the attackers could launch possible different cyber attacks. In future, this paper can be used as reference for other researchers with the same interest.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114430131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
TAGraph: Knowledge Graph of Threat Actor 图表:威胁行为者的知识图谱
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970979
Eric Khoo Jiun Hooi, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim
{"title":"TAGraph: Knowledge Graph of Threat Actor","authors":"Eric Khoo Jiun Hooi, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim","doi":"10.1109/ICoCSec47621.2019.8970979","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970979","url":null,"abstract":"Understanding of cybersecurity threat landscape especially information about threat actor is a challenging task as these information are usually hidden and scattered. The online news had became one of the popular and important source of information for cybersecurity personnels to understand about the activities conducted by these threat actors. In this paper, we propose a framework to create knowledge graph of threat actor by building ontology of threat actor and named entity recognition system to extract cybersecurity-related entities. The resulting ontology and model can be used to automatically extract cybesecurity-related entities from an article and create knowledge graph of threatactor.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114912883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
A Theoretical Review: Risk Mitigation Through Trusted Human Framework for Insider Threats 理论综述:通过可信任的人的内部威胁框架降低风险
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970795
Mohd Nazer Apau, Muliati Sedek, R. Ahmad
{"title":"A Theoretical Review: Risk Mitigation Through Trusted Human Framework for Insider Threats","authors":"Mohd Nazer Apau, Muliati Sedek, R. Ahmad","doi":"10.1109/ICoCSec47621.2019.8970795","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970795","url":null,"abstract":"This paper discusses the possible effort to mitigate insider threats risk and aim to inspire organizations to consider identifying insider threats as one of the risks in the company’s enterprise risk management activities. The paper suggests Trusted Human Framework (THF) as the on-going and cyclic process to detect and deter potential employees who bound to become the fraudster or perpetrator violating the access and trust given. The mitigation’s control statements were derived from the recommended practices in the “Common Sense Guide to Mitigating Insider Threats” produced by the Software Engineering Institute, Carnegie Mellon University (SEI-CMU). The statements validated via a survey which was responded by fifty respondents who work in Malaysia.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"589 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133910891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Spear Phishing Simulation in Critical Sector: Telecommunication and Defense Sub-sector 关键部门的鱼叉式网络钓鱼模拟:电信和国防分部门
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970803
Ahmad Syukri Abdullah, M. Mohd
{"title":"Spear Phishing Simulation in Critical Sector: Telecommunication and Defense Sub-sector","authors":"Ahmad Syukri Abdullah, M. Mohd","doi":"10.1109/ICoCSec47621.2019.8970803","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970803","url":null,"abstract":"Phishing is an attack that uses social engineering techniques to steal users’ confidential information like passwords and banking information. It happens when cyber criminals disguised as a trusted entity and deceived users to click on fake links in e-mail received by the user. Cyber criminals also act to target phishing attacks from individuals to organizations that are specific to the country's critical sector, and this is known as a spear phishing. In fact, the telecommunication sector is one of the main targets of cyber criminals using spear phishing attacks to obtain user-sensitive information. The main objective of this work is to identify the level of cyber security in the organization under the telecommunication sector and defense sub-sector by using existing general simulation procedure. The procedure is adapted and modified according to the organization’s working environment. The first simulation was conducted on June 4, 2018 involving 39 employees. Findings showed that all respondents did not respond to the spear phishing e-mails received. In fact, the results of the questionnaire conducted after the end of the simulation found that all respondents were able to identify all indicators on spear phishing e-mails quickly and easily. This proves that the level of awareness and knowledge of cyber security of the population is high. The second simulation was conducted in stages, from October 29 to November 15, 2018 using a different approach. Of the 39 e-mails sent, 12 respondents (31%) responded to the received e-mail by clicking on the link in the e-mail content. Based on the results of this second simulation, this spear phishing attack was successfully implemented and proved that the new simulation procedure can be used in the telecommunication sector and defense sub-sector.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122926414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Framework Design for Secured Local Cloud Data Query Processing Analysis 安全本地云数据查询处理分析框架设计
2019 International Conference on Cybersecurity (ICoCSec) Pub Date : 2019-09-01 DOI: 10.1109/ICoCSec47621.2019.8970973
A. Aman, Zainalabideen Ali Rahemm Al-Mayyah, R. Hassan, A. Hashim, Amjed Sid Ahmed Mohamed Sid, Ahmed Mahdi Jubair
{"title":"Framework Design for Secured Local Cloud Data Query Processing Analysis","authors":"A. Aman, Zainalabideen Ali Rahemm Al-Mayyah, R. Hassan, A. Hashim, Amjed Sid Ahmed Mohamed Sid, Ahmed Mahdi Jubair","doi":"10.1109/ICoCSec47621.2019.8970973","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970973","url":null,"abstract":"Cloud computing is a vastly growing technology that enables more users and organizations to transfer their services to the cloud. With the exploitation of public cloud computing infrastructures, the usage of clouds to provide data query services is becoming an attractive solution due to its numerous benefits on scalability and cost-minimizing. The cloud services especially the database-as-a-service have tended to encrypt sensitive data before the migration over the cloud. Encrypting data would facilitate protecting private information from any violation by the service provider. Several studies have addressed the handling of cloud query processing by providing approaches to maintain the privacy of the data stored within the cloud. During their studies, researchers have proposed different types of encryption methods, each encryption method provides a specific level of security which comes with an opposite level of efficiency. This research is focused on framework design to evaluate cloud data query processing locally using two encryption methods namely AES and RSA. The parameters chosen are time consumption for encryption and decryption along with secrecy or the strength of the encryption and decryption.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"176 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131731235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信