Computers Security

LUCELG and Cramer-Shoup are examples of public key cryptosystem. LUCELG uses a special group based on the Lucas function, also known as second order linear recurrence relation but the first practical Lucas function in a cryptosystem is LUC. Cramer-Shoup is a ...

Traceable sensor calibration constitutes a foundational step that underpins operational safety in the Industrial Internet of Things. Traceability is the property that ensures reliability of sensed data by ensuring sensor accuracy is within a small error margin of a highly-accurate reference sensor. This is typically achieved via a calibration infrastructure involving a long chain of reference-calibration devices between the master reference and the IoT sensor. While much attention has been given to IoT security such as the use of TLS to secure sensed data, little thought has been given to securing the calibration infrastructure itself. Currently traceability is achieved via manual verification using paper-based datasheets which is both time consuming and insecure. For instance, when the calibration status of parent devices is revoked as mistakes or mischance is detected, calibrated devices are not updated until the next calibration cycle, leaving much of the calibration parameters i...

Many governments consider the use of remote computing, communications and storage services provided by external service providers to process, store or transmit sensitive government data to increase scalability and decrease costs of maintaining services. The use of assurance approaches based on service level agreement (SLAs) is becoming increasingly important in procuring a wide range of such services from external service providers. However, such existing SLAs are not well-suited to a dynamic cyber threat environment because SLA security requirements (considering data confidentiality) have not been deeply studied by the academic computer security community. Such an understanding of the real needs of government is essential to the formulation of security-related SLAs. This paper seeks to provide such insights, by investigating 35 government participants using Indonesia as case study via a grounded adaptive Delphi study. We found that undeveloped SLA confidentiality requirements can illuminate other administrations to include government's security requirements and security capabilities of the service providers in SLAs when using such external services. Based on our findings, we make recommendations to the government agencies, service providers and researchers for improvement to existing SLA definition and future lines of research.

The results of botnet detection methods are usually presented without any comparison. Although it is generally accepted that more comparisons with third-party methods may help to improve the area, few papers could do it. Among the factors that prevent a comparison are the difficulties to share a dataset, the lack of a good dataset, the absence of a proper description of the methods and the lack of a comparison methodology. This paper compares the output of three different botnet detection methods by executing them over a new, real, labeled and large botnet dataset. This dataset includes botnet, normal and background traffic. The results of our two methods (BClus and CAMNEP) and BotHunter were compared using a methodology and a novel error metric designed for botnet detections methods. We conclude that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology.

Background and Objective: Information security is a vital issue in
the field of health and medicine. In most of the research conducted
in this field, the human factor has been ignored and a kind of
technical view and approach has been adopted. The present article
was conducted with the aim of determining the relationship between
personnel's perception of the consequences of information disclosure
and employees' commitment to their intention to violate information
security.
Materials and Methods: The sample of this study consisted of 181
specialists from specialized teaching hospitals in Kabul city who
were sampled using a locally developed questionnaire using a
convenient method. To measure the perceived consequences of
information disclosure, D’Arcy et al.’s questionnaire with 7
questions and two dimensions of perception of the certainty and
severity of punishments was used, and to measure organizational
commitment, Allen and Meyer’s 24-question questionnaire with
three dimensions of affective, normative, and continuum
commitment was used. After confirming the face validity, content
and construct reliability using Cronbach's alpha and composite
reliability, the hypotheses were tested using the partial least squares
method and Smart PLS software.
Findings: The findings of this study showed that the perception of
medical specialists of organizational policies that indicate the
certainty and severity of penalties for information disclosure had a
significant negative relationship with their intention to breach the
security of patient information (P<0.001). The results also showed

We examine the issue of password length leakage via encrypted traffic i.e., bicycle attacks. We aim to quantify both the prevalence of password length leakage bugs as well as the potential harm to users. In an observational study, we find that most of the Alexa top 100 rates sites are vulnerable to bicycle attacks meaning that an eavesdropping attacker can infer the exact length of a password based on the length the encrypted packet containing the password. We discuss several ways in which an eavesdropping attacker could link this password length with a particular user account e.g., a targeted campaign against a smaller group of users or via DNS hijacking for larger scale campaigns. We next use a decision-theoretic model to quantify the extent to which password length leakage might help an attacker to crack user passwords. In our analysis, we consider three different levels of password attackers: hacker, criminal and nation-state. In all cases, we find that such an attacker who knows the length of each user password gains a significant advantage over one without knowing the password length. As part of this analysis, we also release a new differentially private password frequency dataset from the 2016 LinkedIn breach using a differentially private algorithm of Blocki et al. (NDSS 2016) to protect user accounts. The differentially private dataset contains frequency lists split by length which allows us to simulate an online attacker's Bayesian updates after obtaining the length of a password. The LinkedIn frequency corpus is based on over 170 million passwords making it the largest frequency corpus publicly available to password researchers. While the defense against bicycle attacks is straightforward (i.e., ensure that passwords are always padded before encryption), we discuss several practical challenges organizations may face when attempting to patch this vulnerability. We advocate for a new W3C standard on how password fields are handled which would effectively eliminate most instances of password length leakage.

This report is an a&is of the 1989 12th U.S. Nitional Compu_ter Security Conference using the SIIS project's cybernetic analysis methodology SBC. The papers presented at the conference are classified using the SBC static classification scheme. Once the papers are classified the SBC dynamic classification scheme is used to chart trends and tendencies in the computer security problems and solutions.

Techniques to hide valuable information within seemingly harmless messages have been widely used for centuries. Typically, their use is appropriate when encryption is not available or not adequate (e.g. when available cryptography is too weak), or simply when it is convenient that no external observer can infer that some information is being exchanged. In the digital era, new cover mediums for hiding data in communication are constantly being proposed, fromthe classical image files (such as bmp, gif, and jpg formats) to audio files (i.e. wav and mp3), text and html documents, emails disguised as spam, TCP/IP packets, executables programs, DNA strands, etc. In this work, we present and analyze a novel methodology that illustrates how games (such as Chess, Backgammon, Go, etc.) can be used to hide digital contents. We also look at some of its possible advantages and limitations when compared with other techniques, discussing some improvements and extensions. Finally, we present the results of a first implementation of an open-source prototype, called STEGOGO, for hiding digital contents in Go games.

In this paper, initial results of an attitude survey on rhe security of medical information systems in Greece are reported. Greece for the moment lacks a gcncric data prorection act; therefore a systematic approach to introducing secure information systems in public health establishments rcquircs the determination of the security needs of the medical community. The survey was conducted using a properly designed questionnaire. This qucstionuaire addressed issues relevant to the extent of-infortllation technology currently in use, the need for information security, classification of used information with a view towards adopting methods, techniques and legislation providing sufficient sccurity guarantees, etc. The questionnaire was addressed to a sufticicnt number of cmployccs of organized health care establishments. so that the results would be worth while and reliable.

In todays world ,the most imp thing is data ,and to keep this data safe from different type of attack we need to encrypt this data .There are various techniques for encrption,so after comparing the available techniques the most secured techniques concluded is elliptical curve Elliptical curve cryptography is a method of encoding data files so that only specific individuals can decode them. ECC is based on the mathematics of elliptic curves and uses the location of points on an elliptic curve to encrypt and decrypt information. But in this paper we have discussed about the application of ECC with their issues if used without proper implementation Keywords-Elliptic curve cryptography, Security, Limitations • INTRODUCTION With the processing power of computers increasing at such a rapid rate, it makes sense that the security of information systems will begin to falter. In response, new methods will have to be developed to counteract this trend. Companies like IBM and Hewlett Packard ar...

Cloud computing is a new and most demandable technology in communication environment. Where computing resources such as hardware or/and software are processed as service over networks. SCADA implementation within cloud environment is relatively new and demandable over real time infrastructure (industrial infrastructure).The shifting (moving) of SCADA system (applications and resources) within cloud based infrastructure,meanfully overcome the cost and improve the reliability and performance of whole system. Cloud computing provides on-demand network access and batch of computing services for SCADA system. The current research paper takes two conceptual ideas to implement SCADA system within cloud computing (Hybrid Cloud) environment. In the first phase, SCADA applications are processed entirely inside the hybrid cloud. In the second phase, SCADA applications are running in separate application server directly connected to devices in a SCADA network and rest of paper discusses the security related to SCADA and cloud computing communication.

In this research, we propose to implement Secure Real Time Transport Protocol (SRTP) on VoIP services in campus environment. Today, the deployment of VoIP in campus environment over wireless local area network (WLAN) is not considered on security during communication between two parties. Therefore, this study is to analyzed SRTP performance on different VoIP codec selection over wired. We have implemented a real VoIP network in University of Kuala Lumpur (UniKL), Malaysia. We use softphone as our medium communication between two parties in campus environment. The results show that implementation of SRTP is able to improve the VoIP quality between one-to-one conversation and multi conference call (many-to-many). In our experiment, it shows that iLBC, SPEEX and GSM codec are able to improve significantly the multi conference (many-to-many) VoIP quality during conversation. In additional, implementation of SRTP on G.711 and G.726 codec will decrease the multi conference (many-to-many) VoIP quality.

In this research, we propose to implement Secure Real Time Transport Protocol (SRTP) on VoIP services in campus environment. Today, the deployment of VoIP in campus environment over wired is not considered on security during communication between two parties. Therefore, this study is to analyzed SRTP performance on different VoIP codec selection over wired. We have implemented a real VoIP network in University of Kuala Lumpur (UniKL), Malaysia. We use softphone as our medium communication between two parties in campus environment. The results show that implementation of SRTP is able to improve the VoIP quality between one-to-one conversation compare to many-to-many conversation (multi conference call). In our experiment, it shows that G.711, G.726 and GSM codec are able to improve the multi conference (many-to-many) VoIP quality during conversation. In additional, implementation of SRTP on iLBC and SPEEX codec will decrease the multi conference (many-to-many) VoIP quality.

The default Java implementation for security policies based on policy files doesn't comply with the specific needs of metacomputing environments. Managing a large number of policy files for all Java runtime systems in the metacomputing system doesn't scale. This paper presents a federated approach for security policy management in Javabased metacomputing systems. Security policies are stored in a policy base, which is managed by its policy service provider (Policer). The policy base and its Policer are replicated and the replicated policy bases are synchronized with each other in order to avoid a single point of failure. Any bootstrapping service provider gets its security policy dynamically from any available Policer in the network. The proposed solution ensures uniform policy-based authorization for all the services in the SORCER metacomputing environment through the use of the dynamic policy management methodology.

Handling and mitigating the cybercrime incidents (CIs) have attracted significant research attention, over the last years, due to their increasing frequency of occurrence. However, the term cybercrime is often used interchangeably with other technologylinked malicious acts, such as cyberwarfare, and cyberterrorism, leading to misconceptions. In addition, there does not exist a management framework which would classify CIs, qualitatively and quantitatively evaluate their occurrence and promptly align them with appropriate measures and policies. This work introduces a Cybercrime Incident Architecture that enables a comprehensive cybercrime embodiment through feature identification, offence classification mechanisms, threats' severity labeling and a completely novel Adaptive Response Policy (ARP) that identifies and interconnects the relevant stakeholders with preventive measures and response actions. The proposed architecture consists of four separate complementary components that lead to a manually -and in the future automatically -generated ARP. The idea is to build a holistic framework toward automated cybercrime handling. A criminal case study is selected to validate the introduced framework and highlight its potentiality to evolve into a CI expert system.

Browser extensions are third-party add-ons that provide myriads
of features to their users while browsing on the Web. Extensions
often interact with the websites a user visits and perform various
operations such as DOM-based manipulation, script injections, and
so on. However, this also enables nefarious websites to track their
visitors by fingerprinting extensions. Researchers in the past have
shown that extensions are susceptible to fingerprinting based on
the resources they include, the styles they deploy, or the DOMbased modifications they perform. Fortunately, the current extension ecosystem contains safeguards against many such known
issues through appropriate defense mechanisms.
We present the first study to investigate the fingerprinting characteristics of extension-injected code in pages’ JavaScript namespace and through other observable side-effects like changed cookies.
Doing so, we find that many extensions inject JavaScript that pollutes the applications’ global namespace by registering variables. It
also enables the attacker application to monitor the execution of
the injected code by overwriting the JavaScript APIs and capturing
execution traces through the stacktrace, the set of APIs invoked,
etc. Further, extensions also store data on the client side and perform event-driven functionalities that aid in attribution. Through
our tests, we find 2,747 Chrome and 572 Firefox extensions to be
susceptible to fingerprinting. Unfortunately, none of the existing
defense mechanisms prevent extensions from being fingerprinted
through our proposed vectors. Therefore, we also suggest potential measures for developers and browser vendors to safeguard the
extension ecosystem against such fingerprinting attempts.

This report is intended to provide a conceptual framework for assessing the security risk to power systems assets and operations related to malicious attacks. The problem is analysed with reference to all the actors involved and the possible targets. The specific nature of the malicious attacks is discussed and representations in terms of strategic interaction are proposed. Models based on Game Theory and Multi Agent Systems techniques specifically developed for the representation of malicious attacks against power systems are presented and illustrated with reference to applications to small-scale test systems. The mission of the JRC is to provide customer-driven scientific and technical support for the conception, development, implementation and monitoring of EU policies. As a service of the European Commission, the JRC functions as a reference centre of science and technology for the Union. Close to the policy-making process, it serves the common interest of the Member States, whi...

Digitalization has interwoven the systems of various industries and rendered them interdependent, for the sake of the convenience of consumers in their products and services. Significantly however, this is accompanied by the increasing exploitations of their vulnerabilities, with financial and political motives. Microsoft Windows remains to be the most popular operating system, with a market share of 80.38% and 83% of malware targeting it, as of 2021. A Cyberattack is any unauthorized action that compromises the virtual assets and services of a system. It is pivotal for organization to understand these attacks to impede its increase and improve their responses and measures. The Windows Registry is a database that stores configuration and information regarding a Windows system. This is often abused by attackers by malicious configurations to conduct an attack. The MITRE ATT&CK framework is a knowledge base of tactics employed throughout a whole Cyberattack; it is particularly useful for organizations in understanding such. This manuscript evaluates and discusses an attack script that synthesizes various tactics of the MITRE ATT&CK framework regarding its effectivity across different metrics and applicability in understanding various tactics of a Cyberattack, which may contribute to the discussed improvements of an organization’s responses, measures, and prevention.

Bu çalışma, İslam'ın bir din olarak bireye ve topluma dair olan görüşünün hac temelinde araştırılmasını öngörmektedir. Dini tecrübe, kimlik, kutsal zaman ve kutsal mekân gibi kavram ve olguların merkezinde sembolik bir dille ifadesini bulan haccın, İslam için sahip olduğu anlam ve değeri, bireyi ve toplumu istenilen bir noktaya doğru dönüştürmesinde yatmaktadır. Haccın inanan için değeri ise her şeyden önce sadece Tanrı'yı razı etme amacına refere edilmesi gerekmektedir. Böylesi bir durum sosyolojinin işlevsel kuramlarınca açıklanması çok mümkün görünmemektedir. Dolayısıyla bu ibadete dair anlam ve yorum ikilisi dahilinde sistematize edilecek bir perspektiften bakmak gerekir. İşte bu çalışma hac ibadetinde karşımıza çıkan pratiklerin yanında haccın eda edildiği kutsal coğrafya üzerinden insan ve toplum tasavvurunu içeren anlamları açığa çıkarmayı hedefler. Çalışmanın birinci bölümünde haccın evrensel bir fenomen olduğu iddiasından hareketle dinlerde hac konusu işlenmiştir. Ayrıca yine evrensel bir fenomen olarak seyahat ve turizm olgusu temelinde hac yolculuğu değerlendirilmeye tabi tutulmuştur. İkinci bölümde haccın yüzyıllardır kesintisiz bicimde icra edilmesi gerçeğinden hareketle bu ibadetin tarihi boyutları ele alınarak süreç içinde toplumlar nezdinde değişime uğrayan uygulamalar psiko-sosyal açıdan analize tabi tutulmuştur. Üçüncü bölümde ise ritüel ve ayin kavramları ele alınarak İslam'da ibadet fenomeninin özgünlüğüne değinilmiştir. Aynı bölümde dönüştürücü gücü bağlamında haccın pratikleri ve ibadet mahalleri üzerinden haccın sembolik dili deşifre edilmeye çalışılmıştır. Sosyolojik perspektifin ön plana çıktığı dördüncü bölümde İslam'ın ortaya çıktığı toplumsal koşulların hac ibadeti temelinde analizi yapılmıştır. Ayrıca haccın en büyük işlevlerinden biri olan toplumsal bütünleşme kavramına değinilmiştir. Yine aynı bölümde hacı kimliğinin sosyal prestijin kaynaklarından biri olmasının anlam ve imkânlarına dair değerlendirmelerde bulunulmuştur. Nihayetinde bireysellikten toplumsallığa geçişte kritik eşiklerden söz edilerek tezin en önemli kavramlarından biri olan "fıtrat"a değinilmiş ve haccın bireyi, toplumu, tarihi, dini ve dünyeviliği bütünsel olarak kuşatan özüne yönelik anlamını açığa çıkaracak analizlere yer verilmiştir.

In this paper we present a new behavior-based anomaly detection system for detecting meaningful deviations in a mobile application's network behavior. The main goal of the proposed system is to protect mobile device users and cellular infrastructure companies from malicious applications by: (1) identification of malicious attacks or masquerading applications installed on a mobile device, and (2) identification of republished popular applications injected with a malicious code (i.e., repackaging). More specifically, we attempt to detect a new type of mobile malware with self-updating capabilities that were recently found on the official Google Android marketplace. Malware of this type cannot be detected using the standard signatures approach or by applying regular static or dynamic analysis methods. The detection is performed based on the application's network traffic patterns only. For each application, a model representing its specific traffic pattern is learned locally (i.e., on the device). Semi-supervised machine-learning methods are used for learning the normal behavioral patterns and for detecting deviations from the application's expected behavior. These methods were implemented and evaluated on Android devices. The evaluation experiments demonstrate that: (1) various applications have specific network traffic patterns and certain application categories can be distinguished by their network patterns; (2) different levels of deviation from normal behavior can be detected accurately; (3) in the case of self-updating malware, original (benign) and infected versions of an application have different and distinguishable network traffic patterns that in most cases, can be detected within a few minutes after the malware is executed while presenting very low false alarms rate; and (4) local learning is feasible and has a low performance overhead on mobile devices.

Cloud computing provides enormous business opportunities, but at the same time is a complex and challenging paradigm. The major concerns for users adopting the cloud are the loss of control over their data and the lack of transparency. Providing accountability to cloud systems could foster trust in the cloud and contribute towards its adoption. Assessing how accountable a cloud provider is becomes then a key issue, not only for demonstrating accountability, but to build it. To this end, we need techniques to measure the factors that influence on accountability. In this paper, we provide a methodology to elicit metrics for accountability in the cloud, which consists of three different stages. Since the nature of accountability attributes is very abstract and complex, in a first stage we perform a conceptual analysis of the accountability attributes in order to decompose them into concrete practices and mechanisms. Then, we analyze relevant control frameworks designed to guide the implementation of security and privacy mechanisms, and use them to identify measurable factors, related to the practices and mechanisms defined earlier. Lastly, specific metrics for these factors are derived. We also provide some strategies that we consider relevant for the empirical validation of the elicited accountability metrics.

Recent studies show that deep neural networks (DNNs) are vulnerable to backdoor attacks. A backdoor DNN model behaves normally with clean inputs, whereas outputs attacker's expected behaviors when the inputs contain a pre-defined pattern called a trigger. However, in some tasks, the attacker cannot know the exact target that shows his/her expected behavior, because the task may contain a large number of classes and the attacker does not have full access to know the semantic details of these classes. Thus, the attacker is willing to attack multiple suspected targets to achieve his/her purpose. In light of this, in this paper, we propose the M-to-N backdoor attack, a new attack paradigm that allows an attacker to launch a fuzzy attack by simultaneously attacking N suspected targets, and each of the N targets can be activated by any one of its M triggers. To achieve a better stealthiness, we randomly select M clean images from the training dataset as our triggers for each target. Since the triggers used in our attack have the same distribution as the clean images, the inputs poisoned by the triggers are difficult to be detected by the input-based defenses, and the backdoor models trained on the poisoned training dataset are also difficult to be detected by the model-based defenses. Thus, our attack is stealthier and has a higher probability of achieving the attack purpose by attacking multiple suspected targets simultaneously in contrast to prior backdoor attacks. Extensive experiments show that our attack is effective against different datasets with various models and achieves high attack success rates (e.g., 99.43% for attacking 2 targets and 98.23% for attacking 4 targets on the CIFAR-10 dataset) when poisoning only an extremely small portion of the training dataset (e.g., less than 2%). Besides, it is robust to pre-processing operations and can resist state-of-the-art defenses.

Machine learning-based malware detection dominates current security defense approaches for Android apps. However, due to the evolution of Android platforms and malware, existing such techniques are widely limited by their need for constant retraining that are costly, and reliance on new malware samples that may not be timely available. As a result, new and emerging malware slips through, as seen from the continued surging of malware in the wild. Thus, a more practical detector needs not only to be accurate but, more critically, to be able to sustain its capabilities over time without frequent retraining. In this paper, we study how Android apps evolve as a population over time, in terms of their behaviors related to accesses to sensitive information and operations. We first perform a longitudinal characterization of 6K benign and malicious apps developed across seven years, with focus on these sensitive accesses in app executions. Our study reveals, during the long evolution, a consistent, clear differentiation between malware and benign apps regarding such accesses, measured by relative statistics of relevant method calls. Following these findings, we developed DroidSpan, a novel classification system based on a new behavioral profile for Android apps. Through an extensive evaluation, we showed that DroidSpan can not only effectively detect malware but sustain high detection accuracy (93% F1 measure) for four years (with 81% F1 for five years). Through a dedicated study, we also showed its resiliency to sophisticated evasion schemes. By comparing to a state-of-the-art malware detector, we demonstrated the largely superior sustainability of our approach at reasonable costs.

Purpose of the paper: The research goal was exploratory. Its main objective was to collect data and describe the current state of selected aspects of establishing and maintaining ISMS in Polish manufacturing enterprises. In particular, the focus was on aspects such as the formalization level of ISMS, use of external support by specialized companies, and the budget allocated for information security questions.
Design/Methodology/Approach: The survey was conducted using the CATI (Computer- Assisted Telephone Interview) technique. The survey was conducted among 300 companies engaged in manufacturing activities in Poland included in the Dun & Bradstreet database. Selected companies were assigned to one of four employment ranges: Micro (0-9 employees), Small (10-49 employees), Medium (50-249 employees), and Large (over 249 employees). Findings: The text presents the survey results on information security frameworks/methods used by companies, popularity of employees’ certificates, use of external support, budgets allocated on information security management, and formal documentation of ISMS.
Practical Implications: The results constitute a knowledge base on the the examined aspects of ISMS in surveyed enterprises and can be a form of the basis for further, more in-depth analysis and research.
Originality/Value: To the authors' knowledge, this type of research has not been conducted in Poland yet. The results of this study were presented at 15th Scientific Conference. MASEP 2024 (Measurement and Assessment of Social and Economic Phenomena, 27-28.11.2024, Lodz).

Cyber Physical Systems (CPS) are networked systems of cyber (computation and communication) and physical (sensors and actuators) components that interact in a feedback loop with the possible help of human intervention, interaction and utilization. These systems will empower our critical infrastructure and have the potential to significantly impact our daily lives as they form the basis for emerging and future smart services. On the other hand, the increased use of CPS brings more threats that could have major consequences for users. Security problems in this area have become a global issue, thus, designing robust, secure and efficient CPS is an active area of research. Security issues are not new, but advances in technology make it necessary to develop new approaches to protect data against undesired consequences. New threats will continue to be exploited and cyber-attacks will continue to emerge, hence the need for new methods to protect CPS. This paper presents an analysis of the security issues at the various layers of CPS architecture, risk assessment and techniques for securing CPS. Finally, challenges, areas for future research and possible solutions are presented and discussed.

In January 2005, the Mexican Tributary Administration System (SAT) introduced an official norm that stipulates how to generate electronic invoices that were termed by SAT, Comprobante Fiscal Digital (CFD). Supporting the CFD service implies the exchange of confidential information over Internet and other communication channels that are intrinsically highly vulnerable. Therefore, it becomes indispensable to incorporate to this service reliable and sound information security mechanisms. In the case of SAT's CFD, its security guarantees depend on customary cryptographic mechanisms such as, digital signatures, hash functions, etc. In this paper we point out several security flaws in the procedure specified by SAT for generating such electronic invoices. Furthermore, we provide recommendations for avoiding the security problems detected, which include the usage of more robust cryptographic mechanisms, alternative authentication protocols, time stamps authorities and a safe storage system.

As the use of internet increasing users need more and more secure network for communication. For maintaining the security of network it has been monitor actively. The detection of threat is must for any network before it will affects to the services of network so for monitoring the network the Darknet was introduced as a network telescope. Darknet is the routed and unallocated IP address space of existing network. Main advantage of Darknet is it provides the anonymous infrastructure and also it will monitor the network passively as there are no services running of network so the packets which are fallen in the Darknet consider as a suspicious packets. Because it is the unused space of the network, no false positive packets cannot be fallen over there. So when any suspicious packets captured to the Darknet it will generate the alert massage to the network. This paper represents the method for detection the threat as well as preventing the threat by deploying the IPS in the Darknet.

The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their overestimating the "value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect. In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines.

This paper proposes a unique information security training and awareness approach (ISTAAP) that can be used to instil an information security-positive culture which will assist in addressing the risk that human behaviour poses to the protection of information. An information security culture assessment tool is used as the critical diagnostic instrument to assess the information security culture within the context of ISTAAP. A case study is discussed where the ISTAAP was deployed. This provided empirical data to illustrate the value of ISTAAP to direct employee behaviour through focused training and awareness based on the outcome of the information security culture assessment data.

The ideal or strong information security culture can aid in minimising the threat of humans to information protection and thereby aid in reducing data breaches or incidents in organisations. This research sets out to understand how information security culture is defined from an academic and industry perspective using a mixed-method approach. The definition, factors necessary to instil the ideal information security culture and the potential impact of the ideal information security culture were investigated from both perspectives. A survey approach was implemented to obtain the views from industry and 512 respondents from organisations, many of which operate at an international level, participated in the survey. The research presents a description of information security culture, integrating the existing literature and expanding on it with the views of industry, thereby giving clarity to the concept. The ideal information security culture was identified with the top traits relating to aspects such as an aware and knowledgeable workforce implementing conscientious, caring behaviour to comply with policies as guided by management. The factors that could positively influence an information security culture were identified, consolidated and expanded to five external factors and twenty internal factors. Organisations that have a strong information security culture were identified as achieving mutual trust and integrity through the protection of their information. The description of an information security culture can be used as a baseline to define and understand the concept, identify a single, comprehensive set of factors to be implemented, comprehend the traits of such a culture, as well as what an organisation can achieve by having a strong information security culture. The analysis showed that scientific interpretations of the definitions and factors of information security culture are much wider than their understanding of the industry. Both the results from the scoping review of papers and the feedback from the industry experts are synthesised visually to provide an organisational information security culture model (OISCM). The definition, factors, and model that influence the organisational culture of information security, have prognostic value for industry. For scientists, this is an important topic of research on methods and forms of increasing the level of this knowledge.

When considering an information security culture in an organisation, researchers have to consider the possibility of several information security subcultures that could be present in the organisation. This means that different geographical, ethnic or age groups of employees could have different assumptions, values and beliefs about the protection of information, resulting in unique information security subcultures. This research sets out to understand how dominant information security cultures and subcultures develop and how they can be influenced positively over time through targeted interventions. An empirical case study was conducted using a survey approach with a validated information security culture questionnaire to illustrate how to identify dominant information security cultures and subcultures. The survey was conducted at four intervals in the same organisation over a number of years to identify potential information security subcultures and to monitor the change, if targeted interventions for each are implemented. Using t-tests and ANOVA tests, a number of information security subcultures were identified, mostly evident across the organisation's office locations (which are separated geographically), as well as between employees that worked in the IT division compared to those who did not. The data indicates that the dominant information security culture and subcultures improved over time to a more positive information security culture after the implementation of targeted interventions. This illustrates how the identification and targeting of information security subcultures with customised interventions can influence the information security culture positively. By using information security interventions, organisations can target their high-risk subcultures and monitor the change over time through continuous assessment, thereby minimising the risk to information protection from a human perspective.

In this paper, we propose a novel and efficient way to improve the computational complexity of the Elliptic Curve Cryptography [ECC] algorithm. ECC is a public key cryptography system, where the underlying calculations are performed over elliptic curves. The security of ECC is based on solving the Elliptic Curve Discrete Logarithm Problem [EDCLP]. We propose an algorithm to double the computational complexity of the conventional algorithm. The proposed algorithm generates two ECDLP opposed to one problem that was generated by the conventional algorithm being used till now. With the same key size, the proposed algorithm provides more security when compared to public key cryptography systems like RSA and ECC. It can be implemented efficiently in even less time when compared to ECC. The paper discuses the underlying protocol and proves how the enhancement in security and reduction in implementation time is achieved, thereby making it well suited for wireless communication.

6LoWPAN (modified version of IPv6 for low power devices) inherits security threats from its predecessor protocols, IPv4 and IPv6. IP spoofing is one such classic attack. There are vulnerabilities in 6LoWPAN and associated routing protocol, which open up new spoofing paths to the attacker. This study aims at profiling the feasibility to carry IPv6 spoofing attack on the 6LoWPAN Network. Two new different attack paths are identified, which associate wrong IPv6 address with the MAC address of a node. These two paths use spoofed RPL and 6LoWPAN-ND Page 1 of 39 messages to perform the IPv6 spoofing attack in an unsecured wireless medium. Probability of attack success is analyzed using the radio propagation environment parameters which affects the correct reception of a signal. It is shown that the success of an attack is highly dependent on the signal path loss. To perform the systematic mathematical analysis, attack tree model is used and attack is simulated in cooja simulator as well as performed in real experimental network. Our mathematical and simulated analysis show that path loss exponent which represents distance based path loss, affects the probability of attack success. Attack feasibility analysis is done to find cost to the attacker with respect to energy and memory consumption. It is observed that attacker code can be accommodated in memory constrained devices, and uses less energy to perform the attack, which manifest its feasibility.

This research paper explores the significant transformative potential of Mixed Reality (MR) technology as enabler of the metaverse, specifically aimed at enhancing mental health therapies. The emerging world of the metaverse, a multiuser, adaptive, three-dimensional digital space, paired with the interactive and immersive benefits of MR technology, promises a paradigm shift in how mental health support is delivered. Unlike traditional platforms, MR allows for therapy within the comfort of the user's familiar surroundings, while incorporating the benefits of social collaboration and interactions. The metaverse environment fosters heightened personalization and deeper user engagement, thereby o ering a more tailored approach to computerized therapy. Beyond its immersive capabilities, MR o ers potential for real-time, smart adaptations to the users' psycho-physiological state, targeting unique patients' needs on a diverse spectrum of therapeutic techniques, thus broadening the scope of mental health support. Furthermore, it opens avenues for continuous emotional support in everyday life situations. This research discusses the benefits and potentials of integrating MR within a mental health metaverse, highlighting how this innovative approach could significantly complement traditional therapeutic methods, fostering improved treatment eficacy, focusing on social and collective experiences, and increasing patient engagement.

In a lab-based empirical study, we examined how individual differences and an aspect of national culture impacted on participants' responses to phishing and spear-phishing emails. Results showed that the strongest predictor of the participants' ability to detect these malicious emails was cultural orientation towards the needs of the individual rather than the needs of society. For both types of emails, there was also a positive association between self-reported information security awareness and detection ability. Impulsivity in decision making predicted poorer detection of phishing emails, but not spear-phishing emails, and different personality traits predicted detection ability for the two email types.

In a lab-based empirical study, we examined how individual differences and an aspect of national culture impacted on participants’ responses to phishing and spear-phishing emails. Results showed that the strongest predictor of the participants’ ability to detect these malicious emails was cultural orientation towards the needs of the individual rather than the needs of society. For both types of emails, there was also a positive association between self-reported information security awareness and detection ability. Impulsivity in decision making predicted poorer detection of phishing emails, but not spear-phishing emails, and different personality traits predicted detection ability for the two email types.

Internet services heavily rely on CAPTCHAs for determining whether or not a user is a human being. The recent advances in ML and AI make the efficacy of CAPTCHAs in strengthening Internet services against bots questionable. In this paper, we conduct a systematic analysis and classification of the state-of-theart ML-based techniques for the automated text-based CAPTCHA breaking problem. The current state and robustness of text-based CAPTCHAs as are utilized by modern Internet applications, against ML-based automated breaking tools, is examined and reported. Our study suggests that ML can be very effective in increasing: (a) accuracy, (b) speed, and (c) abstraction in CAPTCHA solving. Especially, as far as (c) is concerned, ML-based techniques are easier to be applied in different classes of text-based CAPTCHA schemes. To assess the importance of ML in breaking CAPTCHAs, we build our own ML-only classifiers. Surprisingly, an ML-only approach for solving CAPTCHAs is not sufficient. Overall, our study suggests that fundamentally different ways of conducting reverse Turing test, that will be painless for legitimate users (i.e., humans) but at the same time challenging for automated systems (i.e., software), should be considered for ensuring the healthy operation of current Internet services.

Internet services heavily rely on CAPTCHAs for determining whether or not a user is a human being. The recent advances in ML and AI make the efficacy of CAPTCHAs in strengthening Internet services against bots questionable. In this paper, we conduct a systematic analysis and classification of the state-of-theart ML-based techniques for the automated text-based CAPTCHA breaking problem. The current state and robustness of text-based CAPTCHAs as are utilized by modern Internet applications, against ML-based automated breaking tools, is examined and reported. Our study suggests that ML can be very effective in increasing: (a) accuracy, (b) speed, and (c) abstraction in CAPTCHA solving. Especially, as far as (c) is concerned, ML-based techniques are easier to be applied in different classes of text-based CAPTCHA schemes. To assess the importance of ML in breaking CAPTCHAs, we build our own ML-only classifiers. Surprisingly, an ML-only approach for solving CAPTCHAs is not sufficient. Overall, our study suggests that fundamentally different ways of conducting reverse Turing test, that will be painless for legitimate users (i.e., humans) but at the same time challenging for automated systems (i.e., software), should be considered for ensuring the healthy operation of current Internet services.

Authentication in service oriented computing is vulnerable to various security concerns. The core concept of authentication is dependent on credentials offered at the present moment without verifying how or when the credential was obtained by the subject. Secure authentication

Cloaking-based location privacy preserving mechanisms have been widely adopted to protect users' location privacy when using location-based services. A fundamental limitation of such mechanisms is that users and their location information in the system are inherently trusted by the Anonymization Server without any verification. In this paper, we show that such an issue could lead to a new class of attacks called location injection attacks which can successfully violate users' in-distinguishability (guaranteed by k-Anonymity) among a set of users. We propose and characterize location injection attacks by presenting a set of attack models and quantify the costs associated with them. We then propose and evaluate k-Trustee, a trust-aware location cloaking mechanism that is resilient to location injection attacks and guarantees a lower bound on the user's in-distinguishability. k-Trustee guarantees that each user in a given cloaked region can achieve the required privacy level of k-Anonymity by including at least k-1 other trusted users in the cloaked region. We demonstrate the effectiveness of k-Trustee through extensive experiments in a real-world geographic map and our experimental results show that the proposed cloaking algorithm guaranteeing k-Trustee is effective against various location injection attacks.

In this work we propose a graph-based model that, utilizing relations between groups of System-calls, distinguishes malicious from benign software samples and classifies the detected malicious samples to one of a set of known malware families. More precisely, given a Systemcall Dependency Graph (ScDG) that depicts the malware's behavior, we first transform it to a more abstract representation, utilizing the indexing of System-calls to a set of groups of similar functionality, constructing thus an abstract and mutation-tolerant graph that we call Group Relation Graph (GrG); then, we construct another graph representation, which we call Coverage Graph (CvG), that depicts the dominating relations between the nodes of a GrG graph. Based on the research so far in the field, we pointed out that behavior-based graph representations had not leveraged the aspect of the temporal evolution of the graph. Hence, the novelty of our work is that, preserving the initial representations of GrG and CvG graphs, we focus on augmenting the potentials of theses graphs by adding further features that enhance its abilities on detecting and further classifying to a known malware family an unknown malware sample. To that end, we construct periodical instances of the graph that represent its temporal evolution concerning its structural modifications, creating another graph representation that we call Temporal Graphs. In this paper, we present the theoretical background behind our approach, discuss the current technological status on malware detection and classification and demonstrate the overall architecture of our proposed detection and classification model alongside with its underlying main principles and its structural key-components.

In this paper we describe an approach to resolve strategic games in which players can assume differ-ent types along the game. Our goal is to infer which type the opponent is adopting at each moment so that we can increase the player’s odds. To achieve that we use Markov games combined with hidden Markov model. We discuss a hypothetical example of a tennis game whose solution can be applied to any game with similar characteristics. 1

Networks are evolving rapidly into huge, omnipresent, multiservice entities. They are connected worldwide into an Internet that has many different administrations, purposes, resource owners, and users. As the network grows, design parameters are exceeded and new vulnerabilities are introduced. Network security solutions must accommodate enormous changes in the network itself, in the network security requirements, and in the mechanisms and constraints that drive appropriate security mechanisms. As the network serves a larger and more diverse group of users, multiple, flexible security approaches will be necessary to meet their requirements.