Search results for: cyber vetting
265 Technical and Legal Definitions in Cyber Terrorism
Authors: Pardis Moslemzadeh Tehrani, Nazura Abdul Manap, Hamed Ladoni Damghani, Rohimi Bin Shapiee
Abstract:
In recent years the speed of new technology has brought forth so many new issues. Cyberspace is among the new technologies that need novel ways to address the various issues that have arisen. While cyberspace is a technical notion that defies a single definition, this new technology requires the adoption and application of new laws. In order to manage issues arising from the existence of cyberspace, proper policies and definitions must be formulated which satisfy both technical and legal aspects. One difficulty in this regard is due to the unique features of cyberspace architecture. This article proposes to define cyberspace and cyber terrorism. This will allow for a more effective and comprehensive addressing of legal issues as they can then be handled better by introducing a new factor to the otherwise ordinary analysis in whichever field is implicated such as the nature and place of use.Keywords: cyberspace, cyber terrorism, technical definition, legal definition
Procedia PDF Downloads 590264 Cyber-Victimization among Higher Education Students as Related to Academic and Personal Factors
Authors: T. Heiman, D. Olenik-Shemesh
Abstract:
Over the past decade, with the rapid growth of electronic communication, the internet and, in particular, social networking has become an inseparable part of people's daily lives. Along with its benefits, a new type of online aggression has emerged, defined as cyber bullying, a form of interpersonal aggressive behavior that takes place through electronic means. Cyber-bullying is characterized by repetitive behavior over time of maladaptive authority and power usage using computers and cell phones via sending insulting messages and hurtful pictures. Preliminary findings suggest that the prevalence of involvement in cyber-bullying among higher education students varies between 10 and 35%. As to date, universities are facing an uphill effort in trying to restrain online misbehavior. As no studies examined the relationships between cyber-bullying involvement with personal aspects, and its impacts on academic achievement and work functioning, this present study examined the nature of cyber-bullying involvement among 1,052 undergraduate students (mean age = 27.25, S.D = 4.81; 66.2% female), coping with, as well as the effects of social support, perceived self-efficacy, well-being, and body-perception, in relation to cyber-victimization. We assume that students in higher education are a vulnerable population and at high risk of being cyber-victims. We hypothesize that social support might serve as a protective factor and will moderate the relationships between the socio-emotional variables and the occurrence of cyber- victimization. The findings of this study will present the relationships between cyber-victimization and the social-emotional aspects, which constitute risk and protective factors. After receiving approval from the Ethics Committee of the University, a Google Drive questionnaire was sent to a random sample of students, studying in the various University study centers. Students' participation was voluntary, and they completed the five questionnaires anonymously: Cyber-bullying, perceived self-efficacy, subjective well-being, social support and body perception. Results revealed that 11.6% of the students reported being cyber-victims during last year. Examining the emotional and behavioral reactions to cyber-victimization revealed that female emotional and behavioral reactions were significantly greater than the male reactions (p < .001). Moreover, females reported on a significant higher social support compared to men; male reported significantly on a lower social capability than female; and men's body perception was significantly more positive than women's scores. No gender differences were observed for subjective well-being scale. Significant positive correlations were found between cyber-victimization and fewer friends, lower grades, and work ineffectiveness (r = 0.37- .40, p < 0 .001). The results of the Hierarchical regression indicated significantly that cyber-victimization can be predicted by lower social support, lower body perception, and gender (female), that explained 5.6% of the variance (R2 = 0.056, F(5,1047) = 12.47, p < 0.001). The findings deepen our understanding of the students' involvement in cyber-bullying, and present the relationships of the social-emotional and academic aspects on cyber-victim students. In view of our findings, higher education policy could help facilitate coping with cyber-bullying incidents, and student support units could develop intervention programs aimed at reducing cyber-bullying and its impacts.Keywords: academic and personal factors, cyber-victimization, social support, higher education
Procedia PDF Downloads 289263 Data Security: An Enhancement of E-mail Security Algorithm to Secure Data Across State Owned Agencies
Authors: Lindelwa Mngomezulu, Tonderai Muchenje
Abstract:
Over the decades, E-mails provide easy, fast and timely communication enabling businesses and state owned agencies to communicate with their stakeholders and with their own employees in real-time. Moreover, since the launch of Microsoft office 365 and many other clouds based E-mail services, many businesses have been migrating from the on premises E-mail services to the cloud and more precisely since the beginning of the Covid-19 pandemic, there has been a significant increase of E-mails utilization, which then leads to the increase of cyber-attacks. In that regard, E-mail security has become very important in the E-mail transportation to ensure that the E-mail gets to the recipient without the data integrity being compromised. The classification of the features to enhance E-mail security for further from the enhanced cyber-attacks as we are aware that since the technology is advancing so at the cyber-attacks. Therefore, in order to maximize the data integrity we need to also maximize security of the E-mails such as enhanced E-mail authentication. The successful enhancement of E-mail security in the future may lessen the frequency of information thefts via E-mails, resulting in the data of South African State-owned agencies not being compromised.Keywords: e-mail security, cyber-attacks, data integrity, authentication
Procedia PDF Downloads 136262 The Need for a Tool to Support Users of E-Science Infrastructures in a Virtual Laboratory Environment
Authors: Hashim Chunpir
Abstract:
Support processes play an important role to facilitate researchers (users) to accomplish their research activities with the help of cyber-infrastructure(s). However, the current user-support process in cyber-infrastructure needs a feasible tool to support users. This tool must enable the users of a cyber-infrastructure to communicate efficiently with the staffs of a cyber-infrastructure in order to get technical and scientific assistance, whilst saving resources at the same time. This research paper narrates the real story of employing various forms of tools to support the user and staff communication. In addition, this paper projects the lessons learned from an exploration of the help-desk tools in the current state of user support process in Earth System Grid Federation (ESGF) from support staffs’ perspective. ESGF is a climate cyber-infrastructure that facilitates Earth System Modeling (ESM) and is taken as a case study in this paper. Finally, this study proposes a need for a tool, a framework or a platform that not only improves the user support process to address support servicing needs of end-users of e-Science infrastructures but also eases the life of staffs in providing assistance to the users. With the help of such a tool; the collaboration between users and the staffs of cyber-infrastructures is made easier. Consequently, the research activities of the users of e-Science infrastructure will thrive as the scientific and technical support will be available to users. Finally, this results into painless and productive e-Research.Keywords: e-Science User Services, e-Research in Earth Sciences, Information Technology Services Management (ITSM), user support process, service desk, management of support activities, help desk tools, application of social media
Procedia PDF Downloads 473261 Cyber Violence Behaviors Among Social Media Users in Ghana: An Application of Self-Control Theory and Social Learning Theory
Authors: Aisha Iddrisu
Abstract:
The proliferation of cyberviolence in the wave of increased social media consumption calls for immediate attention both at the local and global levels. With over 4.70 billion social media users worldwide and 8.8 social media users in Ghana, various forms of violence have become the order of the day in most countries and communities. Cyber violence is defined as producing, retrieving, and sharing of hurtful or dangerous online content to cause emotional, psychological, or physical harm. The urgency and severity of cyber violence have led to the enactment of laws in various countries though lots still need to be done, especially in Ghana. In Ghana, studies on cyber violence have not been extensively dealt with. Existing studies concentrate only on one form or the other form of cyber violence, thus cybercrime and cyber bullying. Also, most studies in Africa have not explored cyber violence forms using empirical theories and the few that existed were qualitatively researched, whereas others examine the effect of cyber violence rather than examining why those who involve in it behave the way they behave. It is against this backdrop that this study aims to examine various cyber violence behaviour among social media users in Ghana by applying the theory of Self-control and Social control theory. This study is important for the following reasons. The outcome of this research will help at both national and international level of policymaking by adding to the knowledge of understanding cyberviolence and why people engage in various forms of cyberviolence. It will also help expose other ways by which such behaviours are enforced thereby serving as a guide in the enactment of the rightful rules and laws to curb such behaviours. It will add to literature on consequences of new media. This study seeks to confirm or reject to the following research hypotheses. H1 Social media usage has direct significant effect of cyberviolence behaviours. H2 Ineffective parental management has direct significant positive relation to Low self-control. H3 Low self-control has direct significant positive effect on cyber violence behaviours among social, H4 Differential association has significant positive effect on cyberviolence behaviour among social media users in Ghana. H5 Definitions have a significant positive effect on cyberviolence behaviour among social media users in Ghana. H6 Imitation has a significant positive effect on cyberviolence behaviour among social media users in Ghana. H7 Differential reinforcement has a significant positive effect on cyberviolence behaviour among social media users in Ghana. H8 Differential association has a significant positive effect on definitions. H9 Differential association has a significant positive effect on imitation. H10 Differential association has a significant positive effect on differential reinforcement. H11 Differential association has significant indirect positive effects on cyberviolence through the learning process.Keywords: cyberviolence, social media users, self-control theory, social learning theory
Procedia PDF Downloads 86260 Identity and Access Management for Medical Cyber-Physical Systems: New Technology and Security Solutions
Authors: Abdulrahman Yarali, Machica McClain
Abstract:
In the context of the increasing use of Cyber-Physical Systems (CPS) across critical infrastructure sectors, this paper addresses a crucial and emerging topic: the integration of Identity and Access Management (IAM) with Internet of Things (IoT) devices in Medical Cyber-Physical Systems (MCPS). It underscores the significance of robust IAM solutions in the expanding interconnection of IoT devices in healthcare settings, leveraging AI, ML, DL, Zero Trust Architecture (ZTA), biometric authentication advancements, and blockchain technologies. The paper advocates for the potential benefits of transitioning from traditional, static IAM frameworks to dynamic, adaptive solutions that can effectively counter sophisticated cyber threats, ensure the integrity and reliability of CPS, and significantly bolster the overall security posture. The paper calls for strategic planning, collaboration, and continuous innovation to harness these benefits. By emphasizing the importance of securing CPS against evolving threats, this research contributes to the ongoing discourse on cybersecurity and advocates for a collaborative approach to foster innovation and enhance the resilience of critical infrastructure in the digital era.Keywords: CPS, IAM, IoT, AI, ML, authentication, models, policies, healthcare
Procedia PDF Downloads 21259 Strategic Workplace Security: The Role of Malware and the Threat of Internal Vulnerability
Authors: Modesta E. Ezema, Christopher C. Ezema, Christian C. Ugwu, Udoka F. Eze, Florence M. Babalola
Abstract:
Some employees knowingly or unknowingly contribute to loss of data and also expose data to threat in the process of getting their jobs done. Many organizations today are faced with the challenges of how to secure their data as cyber criminals constantly devise new ways of attacking the organization’s secret data. However, this paper enlists the latest strategies that must be put in place in order to protect these important data from being attacked in a collaborative work place. It also introduces us to Advanced Persistent Threats (APTs) and how it works. The empirical study was conducted to collect data from the employee in data centers on how data could be protected from malicious codes and cyber criminals and their responses are highly considered to help checkmate the activities of malicious code and cyber criminals in our work places.Keywords: data, employee, malware, work place
Procedia PDF Downloads 383258 Supervised Learning for Cyber Threat Intelligence
Authors: Jihen Bennaceur, Wissem Zouaghi, Ali Mabrouk
Abstract:
The major aim of cyber threat intelligence (CTI) is to provide sophisticated knowledge about cybersecurity threats to ensure internal and external safeguards against modern cyberattacks. Inaccurate, incomplete, outdated, and invaluable threat intelligence is the main problem. Therefore, data analysis based on AI algorithms is one of the emergent solutions to overcome the threat of information-sharing issues. In this paper, we propose a supervised machine learning-based algorithm to improve threat information sharing by providing a sophisticated classification of cyber threats and data. Extensive simulations investigate the accuracy, precision, recall, f1-score, and support overall to validate the designed algorithm and to compare it with several supervised machine learning algorithms.Keywords: threat information sharing, supervised learning, data classification, performance evaluation
Procedia PDF Downloads 149257 The Legal Position of Criminal Prevention in the Metaverse World
Authors: Andi Intan Purnamasari, Supriyadi, Sulbadana, Aminuddin Kasim
Abstract:
Law functions as social control. Providing arrangements not only for legal certainty, but also in the scope of justice and expediency. The three values achieved by law essentially function to bring comfort to each individual in carrying out daily activities. However, it is undeniable that global conditions have changed the orientation of people's lifestyles. Some people want to ensure their existence in the digital world which is popularly known as the metaverse. Some countries even project their city to be a metaverse city. The order of life is no longer limited to the real space, but also to the cyber world. Not infrequently, legal events that occur in the cyber world also force the law to position its position and even prevent crime in cyberspace. Through this research, conceptually it provides a view of the legal position in crime prevention in the Metaverse world. when the law acts to regulate the situation in the virtual world, of course some people will feel disturbed, this is due to the thought that the virtual world is a world in which an avatar can do things that cannot be done in the real world, or can be called a world without boundaries. Therefore, when the law is present to provide boundaries, of course the concept of the virtual world itself becomes no longer a cyber world that is not limited by space and time, it becomes a new order of life. approach, approach, approach, approach, and approach will certainly be the method used in this research.Keywords: crime, cyber, metaverse, law
Procedia PDF Downloads 149256 Cybersecurity Awareness through Laboratories and Cyber Competitions in the Education System: Practices to Promote Student Success
Authors: Haydar Teymourlouei
Abstract:
Cybersecurity is one of the greatest challenges society faces in an age revolving around technological development. With cyber-attacks on the continuous rise, the nation needs to understand and learn ways that can prevent such attacks. A major contribution that can change the education system is to implement laboratories and competitions into academia. This method can improve and educate students with more hands-on exercises in a highly motivating setting. Considering the fact that students are the next generation of the nation’s workforce, it is important for students to understand concepts not only through books, but also through actual hands-on experiences in order for them to be prepared for the workforce. An effective cybersecurity education system is critical for creating a strong cyber secure workforce today and for the future. This paper emphasizes the need for awareness and the need for competitions and cybersecurity laboratories to be implemented into the education system.Keywords: awareness, competition, cybersecurity, laboratories, workforce
Procedia PDF Downloads 334255 A Collaborative Learning Model in Engineering Science Based on a Cyber-Physical Production Line
Authors: Yosr Ghozzi
Abstract:
The Cyber-Physical Systems terminology has been well received by the industrial community and specifically appropriated in educational settings. Indeed, our latest educational activities are based on the development of experimental platforms on an industrial scale. In fact, we built a collaborative learning model because of an international market study that led us to place ourselves at the heart of this technology. To align with these findings, a competency-based approach study was conducted, and program content was revised by reflecting the projectbased approach. Thus, this article deals with the development of educational devices according to a generated curriculum and specific educational activities while respecting the repository of skills adopted from what constitutes the educational cyber-physical production systems and the laboratories that are compliant and adapted to them. The implementation of these platforms was systematically carried out in the school's workshops spaces. The objective has been twofold, both research and teaching for the students in mechatronics and logistics of the electromechanical department. We act as trainers and industrial experts to involve students in the implementation of possible extension systems around multidisciplinary projects and reconnect with industrial projects for better professional integration.Keywords: education 4.0, competency-based learning, teaching factory, project-based learning, cyber-physical systems, industry 4.0
Procedia PDF Downloads 107254 A Framework for Protecting Teenagers from Cyber Crimes and Cyberbullying
Authors: Sultan Alanazi, Adwan Alanazi
Abstract:
Social applications consist of powerful tools that allow people to connect and interact with each other. However, its negative use cannot be ignored. Cyberbullying is a new and serious Internet problem. Cyberbullying is one of the most common risks for teenagers to go online. More than half of young people report that they do not tell their parents when this will occur, which can have significant physiological consequences. Cyberbullying involves the deliberate use of digital media on the Internet to convey false or embarrassing information about others. Therefore, this article provides a way to detect cyber-bullying in social media applications for parents. The purpose of our work is to develop an architectural model for identifying and measuring the state of Cyberbullying faced by children on social media applications. For parents, this will be a good tool for monitoring their children without invading their privacy. Finally, some interesting open-ended questions were raised, suggesting promising ideas for starting new research in this new field.Keywords: cyberbullying, cyber bullying, internet crimes, social media security, E-crimes
Procedia PDF Downloads 138253 Criminal Laws Associated with Cyber-Medicine and Telemedicine in Current Law Systems in the World
Authors: Shahryar Eslamitabar
Abstract:
Currently, the internet plays an important role in the various scientific, commercial and service practices. Thanks to information and communication technology, the healthcare industry via the internet, generally known as cyber-medicine, can offer professional medical service in a wider geographical area. Having some appealing benefits such as convenience in offering healthcare services, improved accessibility to the services, enhanced information exchange, cost-effectiveness, time-saving, etc. Tele-health has increasingly developed innovative models of healthcare delivery. However, it presents many potential hazards to cyber-patients, inherent in the use of the system. First, there are legal issues associated with the communication and transfer of information on the internet. These include licensure, malpractice, liabilities and jurisdictions as well as privacy, confidentiality and security of personal data as the most important challenge brought about by this system. Additional items of concern are technological and ethical. Although, there are some rules to deal with pitfalls associated with cyber-medicine practices in the USA and some European countries, yet for all developments, it is being practiced in a legal vacuum in many countries. In addition to the domestic legislations to deal with potential problems arisen from the system, it is also imperative that some international or regional agreement should be developed to achieve the harmonization of laws among countries and states. This article discusses some implications posed by the practice of cyber-medicine in the healthcare system according to the experience of some developed countries using a comparative study of laws. It will also review the status of tele-health laws in Iran. Finally, it is intended to pave the way to outline a plan for countries like Iran, with newly-established judicial system for health laws, to develop appropriate regulations through providing some recommendations.Keywords: tele-health, cyber-medicine, telemedicine, criminal laws, legislations, time-saving
Procedia PDF Downloads 661252 Cybersecurity Strategies for Protecting Oil and Gas Industrial Control Systems
Authors: Gaurav Kumar Sinha
Abstract:
The oil and gas industry is a critical component of the global economy, relying heavily on industrial control systems (ICS) to manage and monitor operations. However, these systems are increasingly becoming targets for cyber-attacks, posing significant risks to operational continuity, safety, and environmental integrity. This paper explores comprehensive cybersecurity strategies for protecting oil and gas industrial control systems. It delves into the unique vulnerabilities of ICS in this sector, including outdated legacy systems, integration with IT networks, and the increased connectivity brought by the Industrial Internet of Things (IIoT). We propose a multi-layered defense approach that includes the implementation of robust network security protocols, regular system updates and patch management, advanced threat detection and response mechanisms, and stringent access control measures. We illustrate the effectiveness of these strategies in mitigating cyber risks and ensuring the resilient and secure operation of oil and gas industrial control systems. The findings underscore the necessity for a proactive and adaptive cybersecurity framework to safeguard critical infrastructure in the face of evolving cyber threats.Keywords: cybersecurity, industrial control systems, oil and gas, cyber-attacks, network security, IoT, threat detection, system updates, patch management, access control, cybersecurity awareness, critical infrastructure, resilience, cyber threats, legacy systems, IT integration, multi-layered defense, operational continuity, safety, environmental integrity
Procedia PDF Downloads 44251 SAFECARE: Integrated Cyber-Physical Security Solution for Healthcare Critical Infrastructure
Authors: Francesco Lubrano, Fabrizio Bertone, Federico Stirano
Abstract:
Modern societies strongly depend on Critical Infrastructures (CI). Hospitals, power supplies, water supplies, telecommunications are just few examples of CIs that provide vital functions to societies. CIs like hospitals are very complex environments, characterized by a huge number of cyber and physical systems that are becoming increasingly integrated. Ensuring a high level of security within such critical infrastructure requires a deep knowledge of vulnerabilities, threats, and potential attacks that may occur, as well as defence and prevention or mitigation strategies. The possibility to remotely monitor and control almost everything is pushing the adoption of network-connected devices. This implicitly introduces new threats and potential vulnerabilities, posing a risk, especially to those devices connected to the Internet. Modern medical devices used in hospitals are not an exception and are more and more being connected to enhance their functionalities and easing the management. Moreover, hospitals are environments with high flows of people, that are difficult to monitor and can somehow easily have access to the same places used by the staff, potentially creating damages. It is therefore clear that physical and cyber threats should be considered, analysed, and treated together as cyber-physical threats. This means that an integrated approach is required. SAFECARE, an integrated cyber-physical security solution, tries to respond to the presented issues within healthcare infrastructures. The challenge is to bring together the most advanced technologies from the physical and cyber security spheres, to achieve a global optimum for systemic security and for the management of combined cyber and physical threats and incidents and their interconnections. Moreover, potential impacts and cascading effects are evaluated through impact propagation models that rely on modular ontologies and a rule-based engine. Indeed, SAFECARE architecture foresees i) a macroblock related to cyber security field, where innovative tools are deployed to monitor network traffic, systems and medical devices; ii) a physical security macroblock, where video management systems are coupled with access control management, building management systems and innovative AI algorithms to detect behavior anomalies; iii) an integration system that collects all the incoming incidents, simulating their potential cascading effects, providing alerts and updated information regarding assets availability.Keywords: cyber security, defence strategies, impact propagation, integrated security, physical security
Procedia PDF Downloads 165250 An Exploration of Cyberspace Security, Strategy for a New Era
Authors: Laxmi R. Kasaraneni
Abstract:
The Internet connects all the networks, including the nation’s critical infrastructure that are used extensively by not only a nation’s government and military to protect sensitive information and execute missions, but also the primary infrastructure that provides services that enable modern conveniences such as education, potable water, electricity, natural gas, and financial transactions. It has become the central nervous system for the government, the citizens, and the industries. When it is attacked, the effects can ripple far and wide impacts not only to citizens’ well-being but nation’s economy, civil infrastructure, and national security. As such, these critical services may be targeted by malicious hackers during cyber warfare, it is imperative to not only protect them and mitigate any immediate or potential threats, but to also understand the current or potential impacts beyond the IT networks or the organization. The Nation’s IT infrastructure which is now vital for communication, commerce, and control of our physical infrastructure, is highly vulnerable to attack. While existing technologies can address some vulnerabilities, fundamentally new architectures and technologies are needed to address the larger structural insecurities of an infrastructure developed in a more trusting time when mass cyber attacks were not foreseen. This research is intended to improve the core functions of the Internet and critical-sector information systems by providing a clear path to create a safe, secure, and resilient cyber environment that help stakeholders at all levels of government, and the private sector work together to develop the cybersecurity capabilities that are key to our economy, national security, and public health and safety. This research paper also emphasizes the present and future cyber security threats, the capabilities and goals of cyber attackers, a strategic concept and steps to implement cybersecurity for maximum effectiveness, enabling technologies, some strategic assumptions and critical challenges, and the future of cyberspace.Keywords: critical challenges, critical infrastructure, cyber security, enabling technologies, national security
Procedia PDF Downloads 294249 An Investigation of Cyber Financial Crimes After the Enactment of PECA: A Case Study of Pakistan’s Banking Sector During 2016 to 2022
Authors: Zain Khalid
Abstract:
The paper outlines the trends of cyber financial crimes and frauds – approximating upto – in Pakistan after the enactment of The Prevention of Electronic Crimes Act in 2016. The paper elaborates on the newer methods that fraudsters have adopted after tighter preventive and counter measures were employed in Pakistan partly as a result of following the international finance related commitments, particularly the FATF regulations. The paper adopts case studies methods to highlight various aspects of the financial frauds and crimes committed and later investigated jointly by Pakistan’s one of the federal law enforcement agencies, the Federal Investigation Agency, and Mobilink Microfinance Bank , Pakistan’s premier microfinance bank. It additionally enriches the data through expert interviews – with crime investigators and the experts to carry out an in-depth analysis of the various factors involving the crime. This paper emphasizes the structural and situational factors that shape up the cyber financial crimes in Pakistan vis-à-vis digital illiteracy and lack of awareness among the users of financial services. This paper, thus, on the basis of findings and expert interviews, suggests policy reforms to reduce the instances of the financial crimes, especially in the remotest areas of the country.Keywords: financial crimes, cyber crimes, digital literacy, terrorism financing, banking sector
Procedia PDF Downloads 88248 Modeling of Timing in a Cyber Conflict to Inform Critical Infrastructure Defense
Authors: Brian Connett, Bryan O'Halloran
Abstract:
Systems assets within critical infrastructures were seemingly safe from the exploitation or attack by nefarious cyberspace actors. Now, critical infrastructure is a target and the resources to exploit the cyber physical systems exist. These resources are characterized in terms of patience, stealth, replication-ability and extraordinary robustness. System owners are obligated to maintain a high level of protection measures. The difficulty lies in knowing when to fortify a critical infrastructure against an impending attack. Models currently exist that demonstrate the value of knowing the attacker’s capabilities in the cyber realm and the strength of the target. The shortcomings of these models are that they are not designed to respond to the inherent fast timing of an attack, an impetus that can be derived based on open-source reporting, common knowledge of exploits of and the physical architecture of the infrastructure. A useful model will inform systems owners how to align infrastructure architecture in a manner that is responsive to the capability, willingness and timing of the attacker. This research group has used an existing theoretical model for estimating parameters, and through analysis, to develop a decision tool for would-be target owners. The continuation of the research develops further this model by estimating the variable parameters. Understanding these parameter estimations will uniquely position the decision maker to posture having revealed the vulnerabilities of an attacker’s, persistence and stealth. This research explores different approaches to improve on current attacker-defender models that focus on cyber threats. An existing foundational model takes the point of view of an attacker who must decide what cyber resource to use and when to use it to exploit a system vulnerability. It is valuable for estimating parameters for the model, and through analysis, develop a decision tool for would-be target owners.Keywords: critical infrastructure, cyber physical systems, modeling, exploitation
Procedia PDF Downloads 192247 Fusion Models for Cyber Threat Defense: Integrating Clustering, Random Forests, and Support Vector Machines to Against Windows Malware
Authors: Azita Ramezani, Atousa Ramezani
Abstract:
In the ever-escalating landscape of windows malware the necessity for pioneering defense strategies turns into undeniable this study introduces an avant-garde approach fusing the capabilities of clustering random forests and support vector machines SVM to combat the intricate web of cyber threats our fusion model triumphs with a staggering accuracy of 98.67 and an equally formidable f1 score of 98.68 a testament to its effectiveness in the realm of windows malware defense by deciphering the intricate patterns within malicious code our model not only raises the bar for detection precision but also redefines the paradigm of cybersecurity preparedness this breakthrough underscores the potential embedded in the fusion of diverse analytical methodologies and signals a paradigm shift in fortifying against the relentless evolution of windows malicious threats as we traverse through the dynamic cybersecurity terrain this research serves as a beacon illuminating the path toward a resilient future where innovative fusion models stand at the forefront of cyber threat defense.Keywords: fusion models, cyber threat defense, windows malware, clustering, random forests, support vector machines (SVM), accuracy, f1-score, cybersecurity, malicious code detection
Procedia PDF Downloads 71246 Saudi Human Awareness Needs: A Survey in How Human Causes Errors and Mistakes Leads to Leak Confidential Data with Proposed Solutions in Saudi Arabia
Authors: Amal Hussain Alkhaiwani, Ghadah Abdullah Almalki
Abstract:
Recently human errors have increasingly become a very high factor in security breaches that may affect confidential data, and most of the cyber data breaches are caused by human errors. With one individual mistake, the attacker will gain access to the entire network and bypass the implemented access controls without any immediate detection. Unaware employees will be vulnerable to any social engineering cyber-attacks. Providing security awareness to People is part of the company protection process; the cyber risks cannot be reduced by just implementing technology; the human awareness of security will significantly reduce the risks, which encourage changes in staff cyber-awareness. In this paper, we will focus on Human Awareness, human needs to continue the required security education level; we will review human errors and introduce a proposed solution to avoid the breach from occurring again. Recently Saudi Arabia faced many attacks with different methods of social engineering. As Saudi Arabia has become a target to many countries and individuals, we needed to initiate a defense mechanism that begins with awareness to keep our privacy and protect the confidential data against possible intended attacks.Keywords: cybersecurity, human aspects, human errors, human mistakes, security awareness, Saudi Arabia, security program, security education, social engineering
Procedia PDF Downloads 160245 The Difference Between Islamic Terrorism and Tha Human Rights In The Middle East
Authors: Mina Latif Ghaly Sawiras
Abstract:
The difference between Islamic terrorism and human-rights has become a big question in the fight against Islamic terrorism globally. This is was raised on the fact that terrorism and human rights are interrelated to the extent that, when the former starts, the latter is violated. This direct linkage was recognized in the Vienna Declaration and Program of Action as adopted by the World Conference on Human Rights in Vienna on 25 June 1993 which agreed that acts of terrorism in all its forms and manifestations are aimed at the destruction of human rights. Hence, Islamic-terrorism constitutes a violation on our most basic human rights. To this end, the first part of this paper will focus on the nexus between terrorism and human rights and endeavors to draw a co-relation between these two concepts. The second part thereafter will analyse the emerging concept of cyber-terrorism and how it takes place. Further, an analysis of cyber counter-terrorism balanced as against human rights will also be undertaken. This will be done through the analysis of the concept of ‘securitization’ of human rights as well as the need to create a balance between counterterrorism efforts as against the protection of human rights at all costs. The paper will then conclude with recommendations on how to balance counter-terrorism and human rights in the modern age.Keywords: balance, counter-terrorism, cyber-terrorism, human rights, security, violation
Procedia PDF Downloads 64244 Cyber-Med: Practical Detection Methodology of Cyber-Attacks Aimed at Medical Devices Eco-Systems
Authors: Nir Nissim, Erez Shalom, Tomer Lancewiki, Yuval Elovici, Yuval Shahar
Abstract:
Background: A Medical Device (MD) is an instrument, machine, implant, or similar device that includes a component intended for the purpose of the diagnosis, cure, treatment, or prevention of disease in humans or animals. Medical devices play increasingly important roles in health services eco-systems, including: (1) Patient Diagnostics and Monitoring; Medical Treatment and Surgery; and Patient Life Support Devices and Stabilizers. MDs are part of the medical device eco-system and are connected to the network, sending vital information to the internal medical information systems of medical centers that manage this data. Wireless components (e.g. Wi-Fi) are often embedded within medical devices, enabling doctors and technicians to control and configure them remotely. All these functionalities, roles, and uses of MDs make them attractive targets of cyber-attacks launched for many malicious goals; this trend is likely to significantly increase over the next several years, with increased awareness regarding MD vulnerabilities, the enhancement of potential attackers’ skills, and expanded use of medical devices. Significance: We propose to develop and implement Cyber-Med, a unique collaborative project of Ben-Gurion University of the Negev and the Clalit Health Services Health Maintenance Organization. Cyber-Med focuses on the development of a comprehensive detection framework that relies on a critical attack repository that we aim to create. Cyber-Med will allow researchers and companies to better understand the vulnerabilities and attacks associated with medical devices as well as providing a comprehensive platform for developing detection solutions. Methodology: The Cyber-Med detection framework will consist of two independent, but complementary detection approaches: one for known attacks, and the other for unknown attacks. These modules incorporate novel ideas and algorithms inspired by our team's domains of expertise, including cyber security, biomedical informatics, and advanced machine learning, and temporal data mining techniques. The establishment and maintenance of Cyber-Med’s up-to-date attack repository will strengthen the capabilities of Cyber-Med’s detection framework. Major Findings: Based on our initial survey, we have already found more than 15 types of vulnerabilities and possible attacks aimed at MDs and their eco-system. Many of these attacks target individual patients who use devices such pacemakers and insulin pumps. In addition, such attacks are also aimed at MDs that are widely used by medical centers such as MRIs, CTs, and dialysis engines; the information systems that store patient information; protocols such as DICOM; standards such as HL7; and medical information systems such as PACS. However, current detection tools, techniques, and solutions generally fail to detect both the known and unknown attacks launched against MDs. Very little research has been conducted in order to protect these devices from cyber-attacks, since most of the development and engineering efforts are aimed at the devices’ core medical functionality, the contribution to patients’ healthcare, and the business aspects associated with the medical device.Keywords: medical device, cyber security, attack, detection, machine learning
Procedia PDF Downloads 357243 Modeling and Analyzing Controversy in Large-Scale Cyber-Argumentation
Authors: Najla Althuniyan
Abstract:
Online discussions take place across different platforms. These discussions have the potential to extract crowd wisdom and capture the collective intelligence from a different perspective. However, certain phenomena, such as controversy, often appear in online argumentation that makes the discussion between participants heated. Heated discussions can be used to extract new knowledge. Therefore, detecting the presence of controversy is an essential task to determine if collective intelligence can be extracted from online discussions. This paper uses existing measures for estimating controversy quantitatively in cyber-argumentation. First, it defines controversy in different fields, and then it identifies the attributes of controversy in online discussions. The distributions of user opinions and the distance between opinions are used to calculate the controversial degree of a discussion. Finally, the results from each controversy measure are discussed and analyzed using an empirical study generated by a cyber-argumentation tool. This is an improvement over the existing measurements because it does not require ground-truth data or specific settings and can be adapted to distribution-based or distance-based opinions.Keywords: online argumentation, controversy, collective intelligence, agreement analysis, collaborative decision-making, fuzzy logic
Procedia PDF Downloads 116242 Understanding Cyber Kill Chains: Optimal Allocation of Monitoring Resources Using Cooperative Game Theory
Authors: Roy. H. A. Lindelauf
Abstract:
Cyberattacks are complex processes consisting of multiple interwoven tasks conducted by a set of agents. Interdictions and defenses against such attacks often rely on cyber kill chain (CKC) models. A CKC is a framework that tries to capture the actions taken by a cyber attacker. There exists a growing body of literature on CKCs. Most of this work either a) describes the CKC with respect to one or more specific cyberattacks or b) discusses the tools and technologies used by the attacker at each stage of the CKC. Defenders, facing scarce resources, have to decide where to allocate their resources given the CKC and partial knowledge on the tools and techniques attackers use. In this presentation CKCs are analyzed through the lens of covert projects, i.e., interrelated tasks that have to be conducted by agents (human and/or computer) with the aim of going undetected. Various aspects of covert project models have been studied abundantly in the operations research and game theory domain, think of resource-limited interdiction actions that maximally delay completion times of a weapons project for instance. This presentation has investigated both cooperative and non-cooperative game theoretic covert project models and elucidated their relation to CKC modelling. To view a CKC as a covert project each step in the CKC is broken down into tasks and there are players of which each one is capable of executing a subset of the tasks. Additionally, task inter-dependencies are represented by a schedule. Using multi-glove cooperative games it is shown how a defender can optimize the allocation of his scarce resources (what, where and how to monitor) against an attacker scheduling a CKC. This study presents and compares several cooperative game theoretic solution concepts as metrics for assigning resources to the monitoring of agents.Keywords: cyber defense, cyber kill chain, game theory, information warfare techniques
Procedia PDF Downloads 140241 Cybersecurity Protection Structures: The Case of Lesotho
Authors: N. N. Mosola, K. F. Moeketsi, R. Sehobai, N. Pule
Abstract:
The Internet brings increasing use of Information and Communications Technology (ICT) services and facilities. Consequently, new computing paradigms emerge to provide services over the Internet. Although there are several benefits stemming from these services, they pose several risks inherited from the Internet. For example, cybercrime, identity theft, malware etc. To thwart these risks, this paper proposes a holistic approach. This approach involves multidisciplinary interactions. The paper proposes a top-down and bottom-up approach to deal with cyber security concerns in developing countries. These concerns range from regulatory and legislative areas, cyber awareness, research and development, technical dimensions etc. The main focus areas are highlighted and a cybersecurity model solution is proposed. The paper concludes by combining all relevant solutions into a proposed cybersecurity model to assist developing countries in enhancing a cyber-safe environment to instill and promote a culture of cybersecurity.Keywords: cybercrime, cybersecurity, computer emergency response team, computer security incident response team
Procedia PDF Downloads 156240 The Proactive Approach of Digital Forensics Methodology against Targeted Attack Malware
Authors: Mohamed Fadzlee Sulaiman, Mohd Zabri Adil Talib, Aswami Fadillah Mohd Ariffin
Abstract:
Each individual organization has their own mechanism to build up cyber defense capability in protecting their information infrastructures from data breaches and cyber espionage. But, we can not deny the possibility of failing to detect and stop cyber attacks especially for those targeting credential information and intellectual property (IP). In this paper, we would like to share the modern approach of effective digital forensic methodology in order to identify the artifacts in tracing the trails of evidence while mitigating the infection from the target machine/s. This proposed approach will suit the digital forensic investigation to be conducted while resuming the business critical operation after mitigating the infection and minimizing the risk from the identified attack to transpire. Therefore, traditional digital forensics methodology has to be improvised to be proactive which not only focusing to discover the root caused and the threat actor but to develop the relevant mitigation plan in order to prevent from the same attack.Keywords: digital forensic, detection, eradication, targeted attack, malware
Procedia PDF Downloads 275239 Balancing Security and Human Rights: A Comprehensive Approach to Security and Defense Policy
Authors: Babatunde Osabiya
Abstract:
Cybersecurity has emerged as a pressing policy problem in recent years, affecting individuals, businesses, and governments worldwide. This research paper aims to critically review the literature on cybersecurity policy and apply policy theory to propose a policy approach that balances the freedom to access and use technology with the human rights risks and threats posed by cyber. Drawing on various credible sources, the paper examines the scale and seriousness of cyber threats, highlighting the growing threat posed by cybercriminals, hackers, and nation-states. The paper also identifies the key challenges facing policymakers, including the need for more significant investment in cybersecurity research and development and the importance of balancing the benefits of technological innovation with the risks to privacy, security, and human rights. To address these challenges, the paper proposes a policy approach emphasizing investing in cybersecurity research and development to maintain a technological edge over potential adversaries. This approach also highlights the need for greater collaboration between government, industry, and civil society to develop effective cybersecurity policies and practices that protect the rights and freedoms of people while mitigating the risks posed by cyber threats. This paper will contribute to the growing body of literature on cybersecurity policy and offers a policy framework for addressing this critical policy challenge.Keywords: security risk, legal framework, cyber security and policy, national security
Procedia PDF Downloads 93238 Cyber-Softbook: A Platform for Collaborative Content Development and Delivery for Cybersecurity Education
Authors: Eniye Tebekaemi, Martin Zhao
Abstract:
The dichotomy between the skills set of newly minted college graduates and the skills required by cybersecurity employers is on the rise. Colleges are struggling to cope with the rapid pace of technology evolution using outdated tools and practices. Industries are getting frustrated due to the need to retrain fresh college graduates on skills they should have acquired. There is a dire need for academic institutions to develop new tools and systems to deliver cybersecurity education to meet the ever-evolving technology demands of the industry. The Cyber-Softbook project’s goal is to bridge the tech industry and tech education gap by providing educators a framework to collaboratively design, manage, and deliver cybersecurity academic courses that meet the needs of the tech industry. The Cyber-Softbook framework, when developed, will provide a platform for academic institutions and tech industries to collaborate on tech education and for students to learn about cybersecurity with all the resources they need to understand concepts and gain valuable skills available on a single platform.Keywords: cybersecurity, education, skills, labs, curriculum
Procedia PDF Downloads 92237 Enhanced Model for Risk-Based Assessment of Employee Security with Bring Your Own Device Using Cyber Hygiene
Authors: Saidu I. R., Shittu S. S.
Abstract:
As the trend of personal devices accessing corporate data continues to rise through Bring Your Own Device (BYOD) practices, organizations recognize the potential cost reduction and productivity gains. However, the associated security risks pose a significant threat to these benefits. Often, organizations adopt BYOD environments without fully considering the vulnerabilities introduced by human factors in this context. This study presents an enhanced assessment model that evaluates the security posture of employees in BYOD environments using cyber hygiene principles. The framework assesses users' adherence to best practices and guidelines for maintaining a secure computing environment, employing scales and the Euclidean distance formula. By utilizing this algorithm, the study measures the distance between users' security practices and the organization's optimal security policies. To facilitate user evaluation, a simple and intuitive interface for automated assessment is developed. To validate the effectiveness of the proposed framework, design science research methods are employed, and empirical assessments are conducted using five artifacts to analyze user suitability in BYOD environments. By addressing the human factor vulnerabilities through the assessment of cyber hygiene practices, this study aims to enhance the overall security of BYOD environments and enable organizations to leverage the advantages of this evolving trend while mitigating potential risks.Keywords: security, BYOD, vulnerability, risk, cyber hygiene
Procedia PDF Downloads 76236 Bystander Perceived Severity on Traditional versus Cyber Bullying
Authors: C. Smith, T. Goga, T. Hancock
Abstract:
Bullying has been an increasingly prevalent problem among society for decades. Approximately one out of every four students report being bullied at least once during the school year. Additionally, these instances of bullying are often witnessed but not reported by the bystanders, which could be dependent on the type of bullying situation. Thus, the present study aims to investigate any possible perceptual differences which may exist between traditional bullying (i.e., face to face) and cyberbullying from the bystander’s point of view. Undergraduate students were given a bullying scenario to read from either the traditional condition or the cyber condition. They were then asked to rate how severe they perceived this behavior on a Likert based scale. Participants were also asked if they would intervene (yes or no) and what their individual response would be to the witnessed behavior (report/ignore/confront/other). Results indicated that, while there was no significant difference in perceived severity between the two bullying conditions, there was a significant difference in whether or not participants would intervene between the two types of scenarios. A significant effect was also found between the scenarios for response type. Together, these findings suggest that even though individuals may not be aware of how severe they perceive certain bullying behaviors, the responses they exhibit might suggest otherwise.Keywords: bullying, bystander, cyber, severity, traditional
Procedia PDF Downloads 136