Search

Your search keyword '"Locasto, M E"' showing total 53 results
Start Over "Locasto, M E" Publication Year Range Last 10 years

Refine your results

more »

more »

more »

more »
53 results on '"Locasto, M E"'

1. Recommendations for Developing More Usable and Effective Hands-on Cybersecurity Education Materials Based on Critical Evaluation Criteria.

Author

Ibrahim, Ahmed and Ford, Vitaly

Subjects
INTERNET security, EDUCATIONAL resources
Abstract

Effective cybersecurity education requires offering hands-on exercises in addition to lecture-based learning. The study provides insights into the challenges of cybersecurity hands-on education and offers a pathway for developing better cybersecurity educational materials. The fast-paced nature of the cybersecurity field makes it difficult for educators to keep up and create realistic exercises. Hence, there is a need for a common framework that would enable educators to produce more usable and effective cybersecurity hands-on educational resources, avoiding the reinvention of the proverbial wheel. In this work, we developed criteria to categorize and evaluate existing cybersecurity education resources based on their technical and educational characteristics. We analyze and evaluate four existing cybersecurity resources and provide critical remarks on their usability and effectiveness. Finally, we propose recommendations for developing new cybersecurity labs or exercises as well as designing cybersecurity platforms. [ABSTRACT FROM AUTHOR]

Published
2023

2. Blending cybersecurity education with IoT devices: A u-Learning scenario for introducing the man-in-the-middle attack.

Author

Giannakas, Filippos, Troussas, Christos, Krouska, Akrivi, Voyiatzis, Ioannis, and Sgouropoulou, Cleo

Subjects
INTERNET security, INTERNET of things, VOCATIONAL school students, INFORMATION technology personnel, KNOWLEDGE acquisition (Expert systems), LEARNING
Abstract

Nowadays, due to the increasing number of cyberattacks, cybersecurity education, training, and awareness are considered crucial for preparing current and future IT professionals. Thus, it is essential for educational institutions to foster well-designed learning strategies in the field of cybersecurity that will not only focus on theory-based learning interventions but also on encapsulating authentic learning practices. In this context, the paper at hand presents a ubiquitous scenario-based learning (SBL) intervention, blended with IoT devices for introducing the topic of the man-in-the-middle attack to 1st-grade students in vocational education. The learning scenario enables two-way plain text communication through a LoRa network. For securing the transmission and assure confidentiality, basic encryption techniques are enabled for the transmitted messages. Meanwhile, an eavesdropper, acting as the man-in-the-middle attacker, tries to intercept the communication, by applying different decryption techniques. For this purpose, a u-Learning app was developed. The app was evaluated by ninety 1st-grade students of an educational institute of vocational training, in terms of effectiveness, efficiency, knowledge acquisition, and learners' satisfaction. Among others, the results show that the effectiveness and the efficiency of the proposed learning process were 92.03%, and 89.63%, respectively. Finally, learners' satisfaction was high, and their knowledge acquisition was improved. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

3. Applications of educational data mining and learning analytics on data from cybersecurity training.

Author

Švábenský, Valdemar, Vykopal, Jan, Čeleda, Pavel, and Kraus, Lydia

Subjects
DATA mining, INTERNET security, DATA science, LITERATURE reviews, COMPUTER security
Abstract

Cybersecurity professionals need hands-on training to prepare for managing the current advanced cyber threats. To practice cybersecurity skills, training participants use numerous software tools in computer-supported interactive learning environments to perform offensive or defensive actions. The interaction involves typing commands, communicating over the network, and engaging with the training environment. The training artifacts (data resulting from this interaction) can be highly beneficial in educational research. For example, in cybersecurity education, they provide insights into the trainees' learning processes and support effective learning interventions. However, this research area is not yet well-understood. Therefore, this paper surveys publications that enhance cybersecurity education by leveraging trainee-generated data from interactive learning environments. We identified and examined 3021 papers, ultimately selecting 35 articles for a detailed review. First, we investigated which data are employed in which areas of cybersecurity training, how, and why. Second, we examined the applications and impact of research in this area, and third, we explored the community of researchers. Our contribution is a systematic literature review of relevant papers and their categorization according to the collected data, analysis methods, and application contexts. These results provide researchers, developers, and educators with an original perspective on this emerging topic. To motivate further research, we identify trends and gaps, propose ideas for future work, and present practical recommendations. Overall, this paper provides in-depth insight into the recently growing research on collecting and analyzing data from hands-on training in security contexts. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

4. Stronger data poisoning attacks break data sanitization defenses.

Author

Koh, Pang Wei, Steinhardt, Jacob, and Liang, Percy

Subjects
POISONING, POISONS, INTRUSION detection systems (Computer security), CONSTRAINED optimization, MACHINE learning, CHEBYSHEV approximation
Abstract

Machine learning models trained on data from the outside world can be corrupted by data poisoning attacks that inject malicious points into the models' training sets. A common defense against these attacks is data sanitization: first filter out anomalous training points before training the model. In this paper, we develop three attacks that can bypass a broad range of common data sanitization defenses, including anomaly detectors based on nearest neighbors, training loss, and singular-value decomposition. By adding just 3% poisoned data, our attacks successfully increase test error on the Enron spam detection dataset from 3 to 24% and on the IMDB sentiment classification dataset from 12 to 29%. In contrast, existing attacks which do not explicitly account for these data sanitization defenses are defeated by them. Our attacks are based on two ideas: (i) we coordinate our attacks to place poisoned points near one another, and (ii) we formulate each attack as a constrained optimization problem, with constraints designed to ensure that the poisoned points evade detection. As this optimization involves solving an expensive bilevel problem, our three attacks correspond to different ways of approximating this problem, based on influence functions; minimax duality; and the Karush–Kuhn–Tucker (KKT) conditions. Our results underscore the need to develop more robust defenses against data poisoning attacks. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

7. Malware Detection in PDF and Office Documents: A survey.

Author

Singh, Priyansh, Tapaswi, Shashikala, and Gupta, Sanchit

Subjects
PDF (Computer file format), MALWARE, GROUNDWATER, OFFICES, SCIENTIFIC community
Abstract

In 2018, with the internet being treated as a utility on equal grounds as clean water or air, the underground malicious software economy is flourishing with an influx of growth and sophistication in the attacks. The use of malicious documents has increased rapidly in the last five years along with a spectrum of attacks. They offer flexibility in document structure with numerous features for attackers to exploit. Despite efforts from industry and research communities, this remains a viable security threat. In this paper, a broad classification of malicious documents based attacks is provided along with a detailed description of the attack opportunities available using Portable Document Format (PDF) and Office documents. Detailed structures of both file formats, state of the art tools as well as the current research in automatic detection methods have been discussed. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

9. WebMTD: Defeating Cross-Site Scripting Attacks Using Moving Target Defense.

Author

Niakanlahiji, Amirreza and Jafarian, Jafar Haadi

Subjects
WEB browsers, INTERNET servers, WEB-based user interfaces, UNCERTAINTY, COMPUTER programming
Abstract

Existing mitigation techniques for cross-site scripting attacks have not been widely adopted, primarily due to imposing impractical overheads on developers, Web servers, or Web browsers. They either enforce restrictive coding practices on developers, fail to support legacy Web applications, demand browser code modification, or fail to provide browser backward compatibility. Moving target defense (MTD) is a novel proactive class of techniques that aim to defeat attacks by imposing uncertainty in attack reconnaissance and planning. This uncertainty is achieved by frequent and random mutation (randomization) of system configuration in a manner that is not traceable (predictable) by attackers. In this paper, we present WebMTD, a proactive moving target defense mechanism that thwarts various kinds of cross-site scripting (XSS) attacks on Web applications. Relying on built-in features of modern Web browsers, WebMTD randomizes values of certain attributes of Web elements to differentiate the application code from the injected code and disallow its execution; this is done without requiring Web developer involvement or browser code modification. Through rigorous evaluation, we show that WebMTD has very a low performance overhead. Also, we argue that our technique outperforms all competing approaches due to its broad effectiveness, transparency, backward compatibility, and low overhead. [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

10. Interpersonal process recall: a novel approach to illuminating students' software development processes.

Author

Moskal, Adon Christian Michael and Wass, Rob

Abstract

Background and Context: Encouraging undergraduate programming students to think more about their software development processes is challenging. Most programming courses focus on coding skill development and mastering programming language features; subsequently software development processes (e.g. planning, code commenting, and error debugging) are undervalued. Moreover, many of these processes involve tacit thinking that is often seemingly invisible, meaning it can be difficult for teachers to identify and address shortcomings in student processes. Objective: In this paper, we employ a novel approach called Interpersonal Process Recall (IPR) to encourage students to think more about their software development processes. Method: We conducted IPR sessions with five undergraduate programming students—we screen captured them working on programming assignments, and then used the screen captures to stimulate reflection. IPR is hallmarked by several key features, namely its developmental (rather than evaluative) focus, and the use of a facilitator to guide reflection in a structured way. Findings: We found IPR was useful for both the teaching staff and the students, revealing incongruence between the value students placed on certain development processes and what they actually do in practice. Implications: IPR is a novel approach for shining a light on student software development processes. We hope this paper encourages other practitioners to consider adding IPR to their toolbox of approaches for encouraging students to reflect on their software development processes. [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

12. A Survey on the Moving Target Defense Strategies: An Architectural Perspective.

Author

Zheng, Jianjun and Namin, Akbar Siami

Subjects
COMPUTER network security, COMPUTER software development, CYBERTERRORISM, CLOUD computing, INTERNET of things
Abstract

As the complexity and the scale of networks continue to grow, the management of the network operations and security defense has become a challenging task for network administrators, and many network devices may not be updated timely, leaving the network vulnerable to potential attacks. Moreover, the static nature of our existing network infrastructure allows attackers to have enough time to study the static configurations of the network and to launch well-crafted attacks at their convenience while defenders have to work around the clock to defend the network. This asymmetry, in terms of time and money invested, has given attackers greater advantage than defenders and has made the security defense even more challenging. It calls for new and innovative ideas to fix the problem. Moving Target Defense (MTD) is one of the innovative ideas which implements diverse and dynamic configurations of network systems with the goal of puzzling the exact attack surfaces available to attackers. As a result, the system status with the MTD strategy is unpredictable to attackers, hard to exploit, and is more resilient to various forms of attacks. There are existing survey papers on various MTD techniques, but to the best of our knowledge, insufficient focus was given on the architectural perspective of MTD strategies or some new technologies such as Internet of Things (IoT). This paper presents a comprehensive survey on MTD and implementation strategies from the perspective of the architecture of the complete network system, covering the motivation for MTD, the explanation of main MTD concepts, ongoing research efforts of MTD and its implementation at each level of the network system, and the future research opportunities offered by new technologies such as Software-Defined Networking (SDN) and Internet of Things (IoT). [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

13. At the Crossroads of my Career Path and Social Network Clickstreams: Survey instrument design and development.

Author

Bagaya, Martin Hannington

Subjects
SOCIAL networks, CAREER development, EMPLOYMENT of college students, DNA fingerprinting, ARTIFICIAL intelligence
Abstract

College students face a real challenge of achieving a career dream. When the education process gets to a successful end, graduating with honors, and high GPA, it appears all things are possible. In the 21st century, social network activity, its experiences and excitements are all too real. It is imperative to network, stay in touch, be informed, collaborate, and keep up with a world that is constantly changing. Social network sites can construct a digital trail on an individual with unique information that could rival fingerprint imaging. The term to use here is the "Digital Footprint", it sets a new paradigm for personal identification, and it is pervasive, as it is ubiquitous. A digital footprint may be critical to future graduate hiring by use of bot hiring agents, and/or artificial intelligence. How tomorrows' graduate can better navigate the social network clickstreams without putting their career path at risk is the core topic of this research. This is an exploratory paper on this subject. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

14. Optimal Dissemination Strategy of Security Patch Based on Differential Game in Social Network.

Author

Miao, Li, Li, Shuai, and Wang, Zhongqin

Subjects
SOCIAL networks, SELECTIVE dissemination of information, DIFFERENTIAL games, RESOURCE allocation, NASH equilibrium, MATHEMATICAL models
Abstract

As one part of our life, there are many different types of security threats in social network, and the virtual assets of social networking users has become the attack target. It is of great importance to use security patches in social network to offset the security threats. However, the dissemination of security patches will bring challenges to energy consumptions and network resources which are limited in social networks. In this paper, we will construct a novel optimal dissemination strategy based on differential game to get the desired equilibrium between security risks and resource consumption. The optimal dissemination rate is obtained from the Nash equilibrium solution. Simulation analysis will be given to illustrate that resource consumption and virtual assets loss can be reduced based on the proposed scheme. [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

15. Improved Generic Attacks Against Hash-Based MACs and HAIFA.

Author

Dinur, Itai and Leurent, Gaëtan

Subjects
COMPUTER networks, COMPUTER security, CYBERTERRORISM, HASHING, COMPUTER science
Abstract

The security of HMAC (and more general hash-based MACs) against state-recovery and universal forgery attacks was shown to be suboptimal, following a series of results by Leurent et al. and Peyrin et al. These results have shown that such powerful attacks require significantly less than $$2^{\ell }$$ computations, contradicting the common belief (where $$\ell $$ denotes the internal state size). In this work, we revisit and extend these results, with a focus on concrete hash functions that limit the message length, and apply special iteration modes. We begin by devising the first state-recovery attack on HMAC with a HAIFA hash function (using a block counter in every compression function call), with complexity $$2^{4\ell /5}$$ . Then, we describe improved tradeoffs between the message length and the complexity of a state-recovery attack on HMAC with a Merkle-Damgård hash function. Consequently, we obtain improved attacks on several HMAC constructions used in practice, in which the hash functions limits the maximal message length (e.g., SHA-1 and SHA-2). Finally, we present the first universal forgery attacks, which can be applied with short message queries to the MAC oracle. In particular, we devise the first universal forgery attacks applicable to SHA-1 and SHA-2. Despite their theoretical interest, our attacks do not seem to threaten the practical security of the analyzed concrete HMAC constructions. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

16. Anonymous and leakage resilient IBE and IPE.

Author

Kurosawa, Kaoru and Phong, Le

Subjects
DATA encryption, INNER product, LEAKAGE, ANONYMITY, LINEAR algebra
Abstract

We construct identity-based encryption and inner product encryption schemes under the decision linear assumption. Their private user keys are leakage-resilient in several scenarios. In particular, In addition, we prove that our IBE schemes are anonymous under the DLIN assumption, so that ciphertexts leaks no information on the corresponding identities. Similarly, attributes in IPE are proved computationally hidden in the corresponding ciphertexts. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

17. Cyberterrorism and Cyber Attacks in the Public Sector: How Public Administration Copes with Digital Threats.

Author

Wirtz, Bernd W. and Weyerer, Jan C.

Subjects
INTERNET security, PUBLIC sector, CYBERTERRORISM, COUNTERTERRORISM, INTERNET in public administration, PUBLIC risk management, MANAGEMENT
Abstract

Cybersecurity concerns among citizens and public administration officials are considered to be one of the major barriers to e-government implementation. While cyberterrorism is on the rise, the operational state of cybersecurity in the public sector appears as a black box and previous literature has scarcely examined how public authorities perceive and cope with cyber attacks. This study investigates public employees' attitudes toward cybersecurity in the public sector, as well as the arrangements and measures in place to protect sensitive governmental data and securely manage it for privacy and regulatory compliance. Thus, it contributes to the e-government literature by presenting a comprehensive framework of cybersecurity in the public sector and by providing empirical evidence thereof. Furthermore, it gives an insight into the prevalent attitudes and cybersecurity infrastructure within the realm of public administration. Finally, the article derives research and managerial implications and provides suggestions for future research. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

18. Elliptic Curve Multiset Hash.

Author

MAITIN-SHEPARD, JEREMY, TIBOUCHI, MEHDI, and ARANHA, DIEGO F.

Subjects
ELLIPTIC curves, HASHING, LINEAR network coding, HOMOMORPHISMS, DATA caps (Internet)
Abstract

A multiset hash function associates a hash value to arbitrary collections of objects with possible repetitions. Such a hash function is said to be homomorphic, or incremental, when the hash of the union of two collections is easy to compute from the hashes of the two collections themselves: it is usually their sum under a suitable group operation. In particular, hash values of large collections can be computed incrementally and/or in parallel. This makes homomorphic hashing a very useful primitive, with applications ranging from database integrity verification to streaming set/multiset comparison and network coding. Unfortunately, constructions of homomorphic hash functions proposed in the literature are hampered by two main drawbacks. They tend to be much longer than usual hash functions at the same security level (e.g. to achieve a collision resistance of 2128, they are several thousand bits long, as opposed to 256 bits for usual hash functions), and they are also quite slow. In this paper, we introduce the Elliptic Curve Multiset Hash (ECMH), which combines a usual bit string-valued hash function like BLAKE2 with an efficient encoding into binary elliptic curves to overcome both difficulties. On the one hand, the size of ECMH digests is essentially optimal: 2m-bit hash values provide O(2m) collision resistance. On the other hand, we demonstrate a highly-efficient software implementation of ECMH, which our thorough empirical evaluation shows to be capable of processing over 3 million set elements per second on a 4 GHz Intel Haswell machine at the 128 bit security level-many times faster than previous practical methods. While incremental hashing based on elliptic curves has been considered previously (Brown, D.R.L. (2008) The encrypted elliptic curve hash. IACR Cryptology ePrint Archive, 2008, 12.), the proposed method was less efficient, susceptible to timing attacks, and potentially patent-encumbered (Brown, D. and Yamada, A. (2007) Method and apparatus for performing validation of elliptic curve public keys. US Patent, 7, 257, 709.), and no practical implementation was demonstrated. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

24. Instruction set randomization based on compilation.

Author

Man, Y. J., Yin, Q., and Lin, J.

Subjects
COMPUTER network security, MALWARE prevention, COMPUTER programming, COMPUTER security, COMPUTER systems, INFORMATION technology security
Published
2016

26. Locating Zero-day Exploits With Course-Grained Forensics.

Author

Kuhn, Stephen and Taylor, Stephen

Subjects
FORENSIC sciences, SECURITY management, COMMUNICATION, DATA corruption, CLIENT/SERVER computing equipment, MANAGEMENT
Abstract

This paper describes a novel coarse-grained forensics capability for locating zero-day exploits by recording and correlating on-host actions with network packets, with no discernible impact on user experience. The capability provides an alternative to fine-grained techniques, such as memory taint tracking, that are intractable approaches for typical high volume internet facing servers. Two associated network attack scenarios are described, based upon typical website designs, to illustrate how the technique can be used. These have been implemented and tested to verify the capability. Many government and businesses entities already record large volumes of network traffic for regulatory compliance and security analysis; specialized, high-performance hardware appliances are now available to support this activity. To augment this store, the course-grain forensics capability utilizes a small-footprint (i.e. attack surface) custom hypervisor with built in virtual machine introspection (VMI) mechanisms. These mechanisms allow forensic observation to extract exploits by observing the running micro-kernel's process creation, communications and network activities. This allows recorded network events to be directly correlated with on host actions. A custom micro-kernel has been developed to explore the core ideas which, in common with other designs such as Minix, uses a message passing for inter-process communication. This communication model enables strict enforcement of process interactions, which must pass through the kernel, creating a natural observation point for events of interest. Recording only process interactions minimizes the storage requirements to a manageable level -- sixteen bytes per event. This imparts minimal performance impact -- less than six micro seconds to record each event on host, enables recording of the process communication ontology in a computationally efficient manner. The process history allows an analyst to observe the past actions taken by a malicious or compromised process; supporting post-mortem analysis of on system events tracing back to the initial network packets containing the exploit. The results were experimental verified by non-deterministically injecting fake exploits into a vulnerable webserver running on top of the kernel. The LARIAT network traffic generator was used to simulate high-density, real world network loads over a period of 18 and 35 days respectively. The techniques were able to record all associations in real-time. Post-mortem, the forensics capability was able to isolate the packets containing the exploit and highlight the process interaction history in less than 5 minutes, reducing the numbers of packets subject to manual search by more than 99%. Two scenarios were constructed using a typical website with and without a connected database. These scenarios were chosen to exercise two specific cases: one in which there was a direct path to the exploit via the process history, the other demonstrates the isolation of an exploit where there is no direct discernible trace in the process history. The forensics capability provides more than just isolation of zero-day exploits: this represents a jumping off point for further investigation into the process / network interaction history. These further investigations can then determine the impact of the attack, the processes affected, and the spread of tainted data to provide a basis for clean-up operations. [ABSTRACT FROM AUTHOR]

Published
2015

30. Game-theoretic strategies for IDS deployment in peer-to-peer networks.

Author

Narang, Pratik and Hota, Chittaranjan

Subjects
COMPUTER networks, BIG data, TECHNOLOGICAL innovations, ELECTRONIC data processing, COMPUTER architecture
Abstract

This work studies the problem of optimal positioning of Intrusion Detection Systems (IDSs) in a Peer-to-Peer (P2P) environment involving a number of peers and super-peers. This scenario applies to network architectures like that of Gnutella, Skype or Tor, which involve a huge number of leaf-peers and a selected number of super-peers who have higher responsibilities in the network. A malicious entity may become part of the P2P network by joining from any part of the network. It can attack a super-peer and thus disrupt the functioning of the P2P network. Peers may try to secure the network by running IDSs at certain strategically-chosen locations in the network. But a deterministic schedule of running and positioning the IDSs can be observed and thwarted by an adversary. In this paper, we explore the problem of strategically positioning IDSs in a P2P network with a randomized, game-theoretic approach. Our approach distributes the responsibility of running the IDSs between the peers in a randomized fashion and minimizes the probability of a successful attack. [ABSTRACT FROM AUTHOR]

Published
2015
Full Text
View/download PDF

32. Efficient Secure-Channel Free Public Key Encryption with Keyword Search for EMRs in Cloud Storage.

Author

Guo, Lifeng and Yau, Wei-Chuen

Subjects
ALGORITHMS, DATA encryption, KEYBOARDS (Electronics), MEDICAL ethics, PRIVACY, DATA security, CLOUD computing, ELECTRONIC health records
Abstract

Searchable encryption is an important cryptographic primitive that enables privacy-preserving keyword search on encrypted electronic medical records (EMRs) in cloud storage. Efficiency of such searchable encryption in a medical cloud storage system is very crucial as it involves client platforms such as smartphones or tablets that only have constrained computing power and resources. In this paper, we propose an efficient secure-channel free public key encryption with keyword search (SCF-PEKS) scheme that is proven secure in the standard model. We show that our SCF-PEKS scheme is not only secure against chosen keyword and ciphertext attacks (IND-SCF-CKCA), but also secure against keyword guessing attacks (IND-KGA). Furthermore, our proposed scheme is more efficient than other recent SCF-PEKS schemes in the literature. [ABSTRACT FROM AUTHOR]

Published
2015
Full Text
View/download PDF

34. Realizing Complex Integrated Systems

Author

Anthony P. Ambler, John W. Sheppard, Anthony P. Ambler, and John W. Sheppard

Subjects
QA76.9.S88
Abstract

The creation of complex integrated systems is, in itself, complex. It requires immense planning and a large team of people with diverse backgrounds based in dispersed geographical locations (and countries) supposedly working to a coordinated schedule and cost. The systems engineering task is not new, but recent scales most definitely are. The world is now capable of designing and manufacturing systems whose complexity was not considered possible 10 years ago. While many are trained to think in terms of a complete system, where ‘everything'is designed and produced by a single project team, today such systems involve integrating subsystems and components (which are also complex) that have been developed by other project teams. Inevitably, this introduces additional complexities, involving elements out of the direct control of the project, but which are essential to its overall success.In addition to traditional systems engineering topics of hardware and software design, testability, and manufacturability, there are wider issues to be contemplated: project planning; communication language (an issue for international teams); units of measure (imperial vs. metric) used across members of the team; supply chains (pandemics, military action, and natural disasters); legal issues based on place of production and sale; the ethics associated with target use; and the threat of cyberattack. This book is the first attempt to bring many of these issues together to highlight the complexities that need to be considered in modern system design. It is neither exhaustive nor comprehensive, but it gives pointers to the topics for the reader to follow up on in more detail.

Published
2025

35. Leveraging Futuristic Machine Learning and Next-Generational Security for E-Governance

Author

Rajeev Kumar, Abu Bakar Abdul Hamid, Noor Inayah Binti Ya’akub, Tadiwa Elisha Nyamasvisva, Rajesh Kumar Tiwari, Rajeev Kumar, Abu Bakar Abdul Hamid, Noor Inayah Binti Ya’akub, Tadiwa Elisha Nyamasvisva, and Rajesh Kumar Tiwari

Subjects
Internet in public administration--Security meas, Deep learning (Machine learning)--Security measu
Published
2024

36. Cybersecurity Ethics : An Introduction

Author

Mary Manjikian and Mary Manjikian

Subjects
Computer crimes, Internet--Moral and ethical aspects, Computer networks--Security measures--Moral and ethical aspects
Abstract

This textbook offers an accessible introduction to the topic of cybersecurity ethics. The second edition has been revised and updated, and contains new chapters on social justice, AI, and Big Data. The book is split into three parts. Part I provides an introduction to the field of ethics, philosophy, and philosophy of science, three ethical frameworks – virtue ethics, utilitarian ethics, and communitarian ethics – and the notion of ethical hacking. Part II applies these frameworks to particular issues within the field of cybersecurity, including privacy rights, surveillance, and intellectual property. The third part concludes by exploring current codes of ethics used in cybersecurity, with chapters on artificial intelligence, social diversity, Big Data, and cyberwarfare. The overall aims of the book are to: Provide ethical frameworks to aid decision-making Present the key ethical issues in relation to computer security Highlight the connection between values and beliefs and the professional code of ethics The textbook also includes three different features to aid students:'Going Deeper'features provide background on individuals, events, and institutions in cybersecurity;'Critical Issues'features contemporary case studies; and'Tech Talks'contain features that assume some familiarity with technological developments.The book will be of much interest to students of cybersecurity, cyberethics, hacking, surveillance studies, ethics, and information science.

Published
2023

37. Dynamically Enabled Cyber Defense

Author

Lin Yang, Quan Yu, Lin Yang, and Quan Yu

Subjects
Electronic apparatus and appliances--Security measures, Internet of things--Security measures, Computer security
Abstract

The book puts forward dynamically enabled cyber defense technology as a solution to the system homogenization problem. Based on the hierarchy of the protected information system entity, the book elaborates on current mainstream dynamic defense technologies from four aspects: the internal hardware platform, software service, information data and external network communication. It also ascertains their possible evolution routes, clarifies their relationship with existing security products, and makes macro analyses and discussions on security gain and overall system efficiency of these technologies.This book can be used as both a textbook for graduate courses related to electronic information as well as a reference for scientific researchers engaged in relevant research. It helps graduate students majoring in electronics and information sciences to gain an understanding in dynamically-enabled cyber defense. Scientists and engineers specialising in network security research should also find this book to be a useful guide on recent developments in network security.

Published
2021

38. Research Anthology on Advancements in Cybersecurity Education

Author

Information Resources Management Association and Information Resources Management Association

Subjects
Computer security--Study and teaching, Computer networks--Security measures--Study an
Abstract

Modern society has become dependent on technology, allowing personal information to be input and used across a variety of personal and professional systems. From banking to medical records to e-commerce, sensitive data has never before been at such a high risk of misuse. As such, organizations now have a greater responsibility than ever to ensure that their stakeholder data is secured, leading to the increased need for cybersecurity specialists and the development of more secure software and systems. To avoid issues such as hacking and create a safer online space, cybersecurity education is vital and not only for those seeking to make a career out of cybersecurity, but also for the general public who must become more aware of the information they are sharing and how they are using it. It is crucial people learn about cybersecurity in a comprehensive and accessible way in order to use the skills to better protect all data. The Research Anthology on Advancements in Cybersecurity Education discusses innovative concepts, theories, and developments for not only teaching cybersecurity, but also for driving awareness of efforts that can be achieved to further secure sensitive data. Providing information on a range of topics from cybersecurity education requirements, cyberspace security talents training systems, and insider threats, it is ideal for educators, IT developers, education professionals, education administrators, researchers, security analysts, systems engineers, software security engineers, security professionals, policymakers, and students.

Published
2021

39. Research Anthology on Business Aspects of Cybersecurity

Author

Information Resources Management Association and Information Resources Management Association

Subjects
Computer crimes--Prevention, Business enterprises--Security measures, Data protection, Computer security
Abstract

Cybersecurity is vital for all businesses, regardless of sector. With constant threats and potential online dangers, businesses must remain aware of the current research and information available to them in order to protect themselves and their employees. Maintaining tight cybersecurity can be difficult for businesses as there are so many moving parts to contend with, but remaining vigilant and having protective measures and training in place is essential for a successful company. The Research Anthology on Business Aspects of Cybersecurity considers all emerging aspects of cybersecurity in the business sector including frameworks, models, best practices, and emerging areas of interest. This comprehensive reference source is split into three sections with the first discussing audits and risk assessments that businesses can conduct to ensure the security of their systems. The second section covers training and awareness initiatives for staff that promotes a security culture. The final section discusses software and systems that can be used to secure and manage cybersecurity threats. Covering topics such as audit models, security behavior, and insider threats, it is ideal for businesses, business professionals, managers, security analysts, IT specialists, executives, academicians, researchers, computer engineers, graduate students, and practitioners.

Published
2021

40. Cyber Security Education : Principles and Policies

Author

Greg Austin and Greg Austin

Subjects
Computer networks--Security measures--Study and teaching, Computer security--Study and teaching
Abstract

This book investigates the goals and policy aspects of cyber security education in the light of escalating technical, social and geopolitical challenges.The past ten years have seen a tectonic shift in the significance of cyber security education. Once the preserve of small groups of dedicated educators and industry professionals, the subject is now on the frontlines of geopolitical confrontation and business strategy. Global shortages of talent have created pressures on corporate and national policy for workforce development. Cyber Security Education offers an updated approach to the subject as we enter the next decade of technological disruption and political threats. The contributors include scholars and education practitioners from leading research and education centres in Europe, North America and Australia. This book provides essential reference points for education policy on the new social terrain of security in cyberspace and aims to reposition global debates on what education for security in cyberspace can and should mean.This book will be of interest to students of cyber security, cyber education, international security and public policy generally, as well as practitioners and policy-makers.

Published
2021

41. Cyber Warfare and Terrorism : Concepts, Methodologies, Tools, and Applications

Author

Information Resources Management Association and Information Resources Management Association

Subjects
Terrorism--Prevention, Cyberterrorism--Prevention
Abstract

Through the rise of big data and the internet of things, terrorist organizations have been freed from geographic and logistical confines and now have more power than ever before to strike the average citizen directly at home. This, coupled with the inherently asymmetrical nature of cyberwarfare, which grants great advantage to the attacker, has created an unprecedented national security risk that both governments and their citizens are woefully ill-prepared to face. Examining cyber warfare and terrorism through a critical and academic perspective can lead to a better understanding of its foundations and implications. Cyber Warfare and Terrorism: Concepts, Methodologies, Tools, and Applications is an essential reference for the latest research on the utilization of online tools by terrorist organizations to communicate with and recruit potential extremists and examines effective countermeasures employed by law enforcement agencies to defend against such threats. Highlighting a range of topics such as cyber threats, digital intelligence, and counterterrorism, this multi-volume book is ideally designed for law enforcement, government officials, lawmakers, security analysts, IT specialists, software developers, intelligence and security practitioners, students, educators, and researchers.

Published
2020

42. التكنولوجيا التطبيقية وادارة الابداع

Author

هينريـش ارنـولد - ميـشـــــــيل ايرنــــير and هينريـش ارنـولد - ميـشـــــــيل ايرنــــير

Subjects
Technological innovations--Management
Abstract

Rapid application of new technologies and highly leveraged innovation processes are key for the success of companies and organizations in dynamic markets. Based on the experiences of one of the industry's most modern innovation centers this book provides an insight into the tools and methods used to align customer requirements, competitive challenges and technological development. Both, scientists and practitioners, will benefit from the lessons learned and presented in this volume.

Published
2019

43. Global Cyber Security Labor Shortage and International Business Risk

Author

Bryan Christiansen, Agnieszka Piekarz, Bryan Christiansen, and Agnieszka Piekarz

Subjects
Data protection, Computer security, International business enterprises--Security measures, Computer crimes--Prevention, Information technology--Security measures
Abstract

Global events involving cybersecurity breaches have highlighted the ever-growing dependence on interconnected online systems in international business. The increasing societal dependence on information technology has pushed cybersecurity to the forefront as one of the most urgent challenges facing the global community today. Poor cybersecurity is the primary reason hackers are able to penetrate safeguards in business computers and other networks, and the growing global skills gap in cybersecurity simply exacerbates the problem. Global Cyber Security Labor Shortage and International Business Risk provides emerging research exploring the theoretical and practical aspects of protecting computer systems against online threats as well as transformative business models to ensure sustainability and longevity. Featuring coverage on a broad range of topics such as cybercrime, technology security training, and labor market understanding, this book is ideally designed for professionals, managers, IT consultants, programmers, academicians, and students seeking current research on cyber security's influence on business, education, and social networks.

Published
2019

44. Cyber Defence in Industry 4.0 Systems and Related Logistics and IT Infrastructures

Author

Dimitrov, Konstantin, IOS Press, Dimitrov, Konstantin, and IOS Press

Subjects
Computer security--Congresses, Computer networks--Security measures--Congresses
Abstract

Industry and government are increasingly reliant on an intelligent – or ‘smart'– and interconnected computer infrastructure, but the reality is that it is extremely difficult to provide full cyber defense and/or intrusion prevention for the smart networks that connect intelligent industrial and logistics modules, since the more intelligent the systems are, the more vulnerable they become. This book presents papers from the NATO Advanced Research Workshop (ARW) on Cyber Defence in Industry 4.0 Systems and Related Logistics and IT Infrastructures, held in Jyvaskyla, Finland, in October 2017. The main focus of the 11 papers included here is the creation and implementation of cyber systems and cyber platforms capable of providing enhanced cyber security and interoperability for smart IT infrastructure. Topics covered include: smart intrusion prevention; adaptive cyber defense; smart recovery of systems; and the smart monitoring, control and management of Industry 4.0 complexes and related logistics systems such as robotic equipment, logistics modules, units and technologic equipment, as well as their IT infrastructure.

Published
2018

45. Coping with Illness Digitally

Author

Stephen A. Rains and Stephen A. Rains

Subjects
Patients--Social networks, Online social networks, Communication in medicine, Social media in medicine
Abstract

An examination of “digital coping” involving the use of communication technologies, particularly social media, in responding to illness.Communication technologies have become a valuable resource for responding to the profound challenges posed by illness. Medical websites make it possible to find information about specific health conditions, e-mail provides a means to communicate with health care providers, social network sites can be used to solidify existing relationships, online communities provide opportunities for expanding support networks, and blogs offer a forum for articulating illness-related experiences. In this book, Stephen Rains examines this kind of “digital coping” involving the use of communication technologies, particularly social media, in responding to illness. Synthesizing a diverse body of existing empirical research, Rains offers the first book-length exploration of what it means to cope with illness digitally. Rains examines the implications of digital communication technologies on a series of specific challenges raised by illness and discusses the unique affordances of these technologies as coping resources. He considers patients'motivations for forging relationships online and the structure of those networks; the exchange of social support and the outcomes of sharing illness experiences; online health information searches by patients and surrogates; the effects of Internet use on patient-provider communication; and digital coping mechanisms for end-of-life and bereavement, including telehospice, social media memorials, and online grief support. Finally, Rains presents an original model of digital coping that builds on issues discussed to summarize how and with what effects patients use communication technologies to cope with illness.

Published
2018

46. Deep Learning Innovations and Their Convergence With Big Data

Author

S. Karthik, Anand Paul, N. Karthikeyan, S. Karthik, Anand Paul, and N. Karthikeyan

Subjects
Big data, Machine learning--Technological innovations
Abstract

The expansion of digital data has transformed various sectors of business such as healthcare, industrial manufacturing, and transportation. A new way of solving business problems has emerged through the use of machine learning techniques in conjunction with big data analytics. Deep Learning Innovations and Their Convergence With Big Data is a pivotal reference for the latest scholarly research on upcoming trends in data analytics and potential technologies that will facilitate insight in various domains of science, industry, business, and consumer applications. Featuring extensive coverage on a broad range of topics and perspectives such as deep neural network, domain adaptation modeling, and threat detection, this book is ideally designed for researchers, professionals, and students seeking current research on the latest trends in the field of deep learning techniques in big data analytics.

Published
2018

47. Security and Management

Author

Daimi, Kevin, Arabnia, Hamid R., Daimi, Kevin, and Arabnia, Hamid R.

Subjects
Computer networks-Security measures-Congresses, Computer security
Abstract

This volume contains the proceedings of the 2017 International Conference on Security and Management (SAM'17).

Published
2018

48. Electronics, Electrical Engineering And Information Science - Proceedings Of The 2015 International Conference (Eeeis2015)

Author

Xiaolong Li, Jian Wang, Xiaolong Li, and Jian Wang

Subjects
Electronics--Congresses, Information technology--Congresses, Electrical engineering--Congresses
Abstract

This book consists of one hundred and seventeen selected papers presented at the 2015 International Conference on Electronics, Electrical Engineering and Information Science (EEEIS2015), which was held in Guangzhou, China, during August 07-09, 2015. EEEIS2015 provided an excellent international exchange platform for researchers to share their knowledge and results and to explore new areas of research and development.Global researchers and practitioners will find coverage of topics involving Electronics Engineering, Electrical Engineering, Computer Science, Technology for Road Traffic, Mechanical Engineering, Materials Science and Engineering Management. Experts in these fields contributed to the collection of research results and development activities.This book will be a valuable reference for researchers working in the field of Electronics, Electrical Engineering and Information Science.

Published
2016

49. DDoS Attacks : Evolution, Detection, Prevention, Reaction, and Tolerance

Author

Dhruba Kumar Bhattacharyya, Jugal Kumar Kalita, Dhruba Kumar Bhattacharyya, and Jugal Kumar Kalita

Subjects
Denial of service attacks
Abstract

DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance discusses the evolution of distributed denial-of-service (DDoS) attacks, how to detect a DDoS attack when one is mounted, how to prevent such attacks from taking place, and how to react when a DDoS attack is in progress, with the goal of tolerating the attack. It introduces typ

Published
2016

50. Handbook of Research on Threat Detection and Countermeasures in Network Security

Author

Alaa Hussein Al-Hamami, Ghossoon M. Waleed al-Saadoon, Alaa Hussein Al-Hamami, and Ghossoon M. Waleed al-Saadoon

Subjects
Computer networks--Security measures
Abstract

Cyber attacks are rapidly becoming one of the most prevalent issues in the world. As cyber crime continues to escalate, it is imperative to explore new approaches and technologies that help ensure the security of the online community. The Handbook of Research on Threat Detection and Countermeasures in Network Security presents the latest methodologies and trends in detecting and preventing network threats. Investigating the potential of current and emerging security technologies, this publication is an all-inclusive reference source for academicians, researchers, students, professionals, practitioners, network analysts, and technology specialists interested in the simulation and application of computer network protection.

Published
2015

Catalog

Books, media, physical & digital resources
See catalog results