Journal of Applied Security Research最新文献

{"title":"Understanding the Users’ Intention to Use the Three-Factor Authentication for Preserving the Privacy of Patient Data","authors":"Niranjan Gandhi, Kanchan Patil","doi":"10.1080/19361610.2022.2060025","DOIUrl":"https://doi.org/10.1080/19361610.2022.2060025","url":null,"abstract":"Abstract Digital health is the foundation for the future growth of healthcare. The healthcare industry is leveraging digital transformation to empower the association between physicians and patients and ameliorate health results. Researchers and experts in health informatics are eager to see how new technologies can be used in the healthcare domain to enable real-time health monitoring, such as remote access to users' health data, tracking and alerts, and real-time reporting, allowing doctors to better care for their patients. By improving the security, privacy, and interoperability of health records, as well as easing Health Information Exchanges (HIE), the adoption of healthcare technologies can be encouraged. This can be accomplished through the use of a three-factor authentication architecture, which not only increases information assurance at a cheap rate but also defends patients' privacy in dispersed systems. Hence, using Technology Acceptance Model (TAM), this paper reflects patients’ and health professionals’ intention to use and implement the three-factor authentication in the master component of information technology in health: Electronic Health Records (EHR) systems. User authentication is an important component that possibly is incorporated in Electronic Health Records (EHRs) to shield patient information and restrict access to the medical server by unauthorized individuals. This research aimed to discover the relationship between perceived usefulness, perceived ease of use, perceived risk, trust, security and privacy, Information Integrity, and computer self-efficacy and the intention to use three-factor authentication for EHR systems. Respondents were requested to fill the questionnaire on their health data using google forms and partial least squares structural equation modeling was used to analyze around 193 responses. Results stipulated that intention to use was directly influenced mainly by perceived usefulness, perceived ease of use, perceived risk, trust, and information integrity. Age, gender, and knowledge of data security and privacy were used to conduct a moderation analysis, which revealed significant variations between the groups in terms of the effectiveness of certain associations and the average responses between the variables. This will aid the researchers in identifying the latest trends and recognizing areas in the authentication system that need improvement.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46904550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improving Classification Performance for Malware Detection Using Genetic Programming Feature Selection Techniques","authors":"Heba Harahsheh, M. Alshraideh, S. Al-Sharaeh, R. Al-Sayyed","doi":"10.1080/19361610.2022.2067459","DOIUrl":"https://doi.org/10.1080/19361610.2022.2067459","url":null,"abstract":"Abstract Malware is the term used to describe any malicious software or code that is harmful to systems. From day to day, new malicious programs appear. To classify malware according to its characteristics, machine learning is now being used; this is because most new malware contains patterns that are similar to old ones. This paper proposes two feature selection methods based on Genetic Programming (GP) for predicting malware; the first is called Genetic Programming-Mean (GPM), and the second is called Genetic Programming-Mean Plus (GPMP). The results of these two methods were compared with three state-of-the-art popular feature selection techniques: filter-based, wrapper-based, and Chi-square. In this work, we compare the two proposed methods (GPM and GPMP) with these three widely used feature selection techniques. The results demonstrate that the proposed techniques beat these state-of-the-art ones in terms of accuracy and F-score. The results also revealed that the proposed methods employed less computation time and hence an enhanced performance when compared with filter-based, and wrapper-based feature selection. The proposed methods were evaluated using four datasets. Two classifiers were used to evaluate the proposed feature selection methods: Random Forest and Decision Tree. When a Random Forest classifier is used, our results showed that it outperformed the Decision Tree classifier in indicators, such as F1-score, recall, and precision. The analysis of results using Random Forest and Decision Tree proves that the proposed method is highly efficient.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44410983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"New Signature Scheme Based on Elliptic Curve and Factoring Problems Using Chaotic Map","authors":"N. Tahat, S. Shatnawi","doi":"10.1080/19361610.2022.2041157","DOIUrl":"https://doi.org/10.1080/19361610.2022.2041157","url":null,"abstract":"Abstract In this paper, we present the new signature scheme based on elliptic curve (EC) and factoring (FAC) problems using chaotic maps (CMs). The newly developed scheme requires only minimal and low-complexity computations, which makes it very efficient. We compare our scheme with the other schemes with respect to signature generation cost, signature size, and verification cost and show that our scheme is superior to the other schemes. To the best of our knowledge, this is the first time a signature scheme based on EC and FAC problems using CMs has been proposed.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45707981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Statement of Retraction: A Survey on Malware Detection and Classification","authors":"Rupali Komatwara, M. Kokare, A. Souri","doi":"10.1080/19361610.2022.2039530","DOIUrl":"https://doi.org/10.1080/19361610.2022.2039530","url":null,"abstract":"Alireza Souri & Rahil Hosseini (2018). A state-of-the-art survey of malware detection approaches using data mining techniques. Human-centric Computing and Information Sciences, 8. Lakshmanan Nataraj, Gregorie Jacob & B. S. Manjunath (2010). Detecting Packed Executables Based on Raw Binary Data. Technical Report, Vision Research Lab, University of California Santa Barbara. Lakshmanan Nataraj (2011). Malware Images: Visualization and Automatic Classification. Proceedings of the 8th International Symposium on Visualization for Cyber Security. Lakshmanan Nataraj (2015). A Signal Processing Approach to Malware Analysis. Ph.D. thesis, University of California Santa Barbara.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45807993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Comprehensive Comparison of Security Measurement Models","authors":"M. Khaleghi, M. Aref, M. Rasti","doi":"10.1080/19361610.2021.1981089","DOIUrl":"https://doi.org/10.1080/19361610.2021.1981089","url":null,"abstract":"Abstract Security measurement models (SMMs) and their corresponding derived metrics form the main pillars of a systematic security measurement. Providing a desirable SMM is very challenging and has been investigated over the past two decades, so that numerous SMMs have been proposed and several surveys on SMMs have been performed. However, to the best of our knowledge, neither a systematic taxonomy nor a comprehensive comparison has yet been proposed for SMMs. This paper focuses on the comprehensive comparison of SMMs relying on a feature-based approach. The plurality and diversity of the compared SMMs enable us to deduce all the open issues.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43201293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Queen of Cuba","authors":"A. R. Pereira","doi":"10.1080/19361610.2022.2034476","DOIUrl":"https://doi.org/10.1080/19361610.2022.2034476","url":null,"abstract":"Abstract Ana Montes, a senior intelligence analyst, spied on the Defense Intelligence Agency for Cubans. Highly specialized in Latin American military intelligence, she was known as “Queen of Cuba.” Her traumatic childhood made her susceptible to recruitment and her motivation was ideological. Using classic espionage techniques, mainly memorization, she managed to spy for 16 years until she was discovered. The findings of an American spy in Cuba, a bad relationship with coworkers, and the lack of a support agent led to her exposure. Ana was sentenced to 25 years in prison and five to probation. Her case indicates 10 conclusions about espionage.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-02-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48649583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Internet-of-Things Security and Vulnerabilities: Case Study","authors":"Ghaida Alqarawi, Bashayer Alkhalifah, N. Alharbi, Salim El Khediri","doi":"10.1080/19361610.2022.2031841","DOIUrl":"https://doi.org/10.1080/19361610.2022.2031841","url":null,"abstract":"Abstract The incorporation of IoT in the world has had tremendous popularity in the field of Technology. This great innovation has enabled seamless transformation in business and operation transformation. However, significant usage of this innovation also poses a security threat which has become a more critical point of concern to many businesses across the globe. Many companies that depend on IoT have faced security breaches and threats. The IoT countermeasures have not been well-factored upon, which poses a more significant challenge to many organizations that heavily rely on this technology. In this survey, we propose a security survey that will help tackle the problems associated with IoT and offer security solutions on all the IoT layers. The results show that authentication is the most critical security measure to implement in IoT.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47481848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reverse Social Engineering to Counter Social Engineering in Mobile Money Theft: A Tanzanian Context","authors":"Hassan Kilavo, Leonard J. Mselle, Ramadhani I. Rais, Salehe I. Mrutu","doi":"10.1080/19361610.2022.2031702","DOIUrl":"https://doi.org/10.1080/19361610.2022.2031702","url":null,"abstract":"Abstract Social engineering entails deception where one manipulates individuals into divulging confidential or any personal information that may be used for fraudulent purposes. In mobile money theft, the attackers plan a “lure” to tempt a victim directly, via mobile phones; mostly to gain money by proposing a phony undertaking. The victim is often asked to pay some money to facilitate a lucrative undertaking, which in reality is phony. Once the victim has paid the money, the attackers become inaccessible. Reverse social engineering entails deception of the predator by the pray in order to capture or discourage the predator. Through a case study, this paper investigates and presents an incident where a victim of mobile social engineering attempts to reverse the process in order to arraign the attackers.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42572329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance Analysis of Channel Estimation for Massive MIMO Communication Using DL-Based Fully Connected Neural Network (DL-FCNN) Architecture","authors":"Swapna Tangelapalli, Pokkunuri PardhaSaradhi, R. Pandya, S. Iyer","doi":"10.1080/19361610.2021.2024050","DOIUrl":"https://doi.org/10.1080/19361610.2021.2024050","url":null,"abstract":"Abstract The latest research for applying deep learning in wireless communications gives several opportunities to reduce complex signal processing. The channel estimation is important to study the nature of the varying channel and to calculate channel state information (CSI) value which is utilized at the receiver to nullify the interference which occurs during multipath transmission. In the current article, considering the massive Multiple Input Multiple Output (MIMO) channel model, a DL approach is developed with a fully connected neural network (NN) architecture which is used to estimate the channel with minimum error. The proposed DL architecture uses an openly available channel dataset. Further, using generated pilot symbols of lengths 2 and 4, the performance of DL-based Fully connected NN (DL-FCNN) is analyzed to estimate the channel in uplink massive MIMO communication. The obtained results demonstrate that the channel estimation performance was calculated in terms of normalized mean square error((NMSE) for different values of SNR added at receiver base station (BS) to the signals over the range of BS antennas. Also, the channel estimation error over a large number of BS antennas for massive MIMO scenarios is observed, and it is observed that the NMSE reduces with a greater number of antennas. Hence, it can be inferred that the DL models will be the future for most physical layer signal processing techniques such as channel estimation, modulation detection, etc. within massive MIMO networks.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41680643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Investigation of Card Skimming Cases: An Indian Perspective","authors":"A. Shetty, K. V. Murthy","doi":"10.1080/19361610.2021.2024049","DOIUrl":"https://doi.org/10.1080/19361610.2021.2024049","url":null,"abstract":"Abstract Card frauds are one of the most common types of banking frauds out of which card skimming contributes the major share. Investigation and prosecution of card skimming cases are mainly dependent on digital evidence requiring trained and skilled law enforcement officers. Further, a single incident of card skimming leads to collection of information from hundreds of cards and hence the identification of all the victims is the real challenge for an investigating officer. This paper discusses different issues pertaining to card skimming providing a general overview of the modus operandi, investigation process and constraints faced by law enforcement agencies.","PeriodicalId":44585,"journal":{"name":"Journal of Applied Security Research","volume":null,"pages":null},"PeriodicalIF":1.3,"publicationDate":"2022-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45542977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}