Search results for: cyber vetting

Authors: Muhammmad Fawad

Abstract:

The bridge construction industry has been revolutionized by the applications of Virtual Reality (VR) and Augmented Reality (AR). In this article, the author has focused on the field applications of digital technologies in structural, especially in bridge engineering. This research analyzed the use of VR/AR for the assessment of bridge concepts. For this purpose, the author has used Cyber-Physical Devices, i.e., Oculus Quest (OQ) for the implementation of VR, Trimble Microsoft HoloLens (THL), and Trimble Site Vision (TSV) for the implementation of AR/MR by visualizing the models of bridge planned to be constructed in Poland. The visualization of the models in Extended Reality (XR) is based on the development of BIM models of the bridge, which are further uploaded to the platforms required to implement these models in XR. This research helped to implement the models in MR so a bridge with a 1:1 scale at the exact location was placed, and authorities were presented with the possibility to visualize the exact scale and location of the bridge before its construction.

Keywords: augmented reality, virtual reality, HoloLens, BIM, bridges

Procedia PDF Downloads 122

Authors: Kevin Fernagut, Olivier Flauzac, Erick M. G. Robledo, Florent Nolot

Abstract:

The adoption of modern lightweight virtualization often comes with new threats and network vulnerabilities. This paper seeks to assess this with a different approach studying the behavior of a testbed built with tools such as Kernel-Based Virtual Machine (KVM), Linux Containers (LXC) and Docker, by performing stress tests within a platform where students experiment simultaneously with cyber-attacks, and thus observe the impact on the campus network and also find the best solution for cyber-security learning. Interesting outcomes can be found in the literature comparing these technologies. It is, however, difficult to find results of the effects on the global network where experiments are carried out. Our work shows that other physical hosts and the faculty network were impacted while performing these trials. The problems found are discussed, as well as security solutions and the adoption of new network policies.

Keywords: containerization, containers, cybersecurity, cyberattacks, isolation, performance, virtualization, virtual machines

Procedia PDF Downloads 149

Authors: Yuri Boiko, Iluju Kiringa, Tet Yeap

Abstract:

We use modeling and simulation tools, to introduce a novel bias injection attack, named the ’Induced Pulsation Attack’, which targets Cyber Physical Systems with closed-loop controlled Brushless DC (BLDC) motor and Kalman filter driver in the feedback loop. This attack involves engaging a linear function with a constant gradient to distort the coefficient of the injected bias, which falsifies the Kalman filter estimates of the rotor’s angular speed. As a result, this manipulation interaction inside the control system causes periodic pulsations in a form of asymmetric sine wave of both current and voltage in the circuit windings, with a high magnitude. It is shown that by varying the gradient of linear function, one can control both the frequency and structure of the induced pulsations. It is also demonstrated that terminating the attack at any point leads to additional compensating effort from the controller to restore the speed to its equilibrium value. This compensation effort produces an exponentially decaying wave, which we call the ’attack withdrawal syndrome’ wave. The conditions for maximizing or minimizing the impact of the attack withdrawal syndrome are determined. Linking the termination of the attack to the end of the full period of the induced pulsation wave has been shown to nullify the attack withdrawal syndrome wave, thereby improving the attack’s covertness.

Keywords: cyber-attack, induced pulsation, bias injection, Kalman filter, BLDC motor, control system, closed loop, P- controller, PID-controller, saw-function, cyber-physical system

Procedia PDF Downloads 71

Authors: Adnan Baig, Ishteeaq Naeem, Saad Mansoor

Abstract:

The Internet of Things (IoT) gadgets have advanced quickly in recent years, and their use is steadily rising daily. However, cyber-attackers can target these gadgets due to their distributed nature. Additionally, many IoT devices have significant security flaws in their implementation and design, making them vulnerable to security threats. Hence, these threats can cause important data security and privacy loss from a single attack on network devices or systems. Botnets are a significant security risk that can harm the IoT network; hence, sophisticated techniques are required to mitigate the risk. This work uses a machine learning-based method to identify IoT orchestrated by botnets. The proposed technique identifies the net attack by distinguishing between legitimate and malicious traffic. This article proposes a hyperparameter tuning model to improvise the method to improve the accuracy of existing processes. The results demonstrated an improved and more accurate indication of botnet-based cyber-attacks.

Keywords: Internet of Things, Botnet, BoT-IoT dataset, ML techniques

Procedia PDF Downloads 11

Authors: Polychronis Kapalidis

Abstract:

In recent years, researchers have started to turn their attention to cyber security and maritime security independently, neglecting, in most cases, to examine the areas where these two critical issues are intertwined. The impact of cybersecurity issues on the maritime economy is emerging dramatically. Maritime transport and all related activities are conducted by technology-intensive platforms, which today rely heavily on information systems. The paper’s argument is that when no defense is completely effective against cyber attacks, it is vital to test responses to the inevitable incursions. Hence, preparedness in the form of testing existing cybersecurity structure via different tools for potential attacks is vital for minimizing risks. Traditional criminal activities may further be facilitated and evolved through the misuse of cyberspace. Kidnap, piracy, fraud, theft of cargo and imposition of ransomware are the major of these activities that mainly target the industry’s most valuable asset; the ship. The paper, adopting a case-study analysis, based on stakeholder consultation and secondary data analysis, namely policy and strategic-related documentation, presents the importance of holistic testing in the sector. Arguing that poor understanding of the issue leads to the adoption of ineffective policies the paper will present the level of awareness within the industry and assess the risks and vulnerabilities of ships to these cybercriminal activities. It will conclude by suggesting that testing procedures must be focused on three main pillars within the maritime transport sector: the human factor, the infrastructure, and the procedures.

Keywords: cybercrime, cybersecurity, organized crime, risk mitigation

Procedia PDF Downloads 157

Authors: Anum Ali, Kashaf ad Dooja, Asif Saleem

Abstract:

The future smart cities trend will be towards Internet of Things (IoT); IoT creates dynamic connections in a ubiquitous manner. Smart cities offer ease and flexibility for daily life matters. By using small devices that are connected to cloud servers based on IoT, network traffic between these devices is growing exponentially, whose security is a concerned issue, since ratio of cyber attack may make the network traffic vulnerable. This paper discusses the latest machine learning approaches in related work further to tackle the increasing rate of cyber attacks, machine learning algorithm is applied to IoT-based network traffic data. The proposed algorithm train itself on data and identify different sections of devices interaction by using supervised learning which is considered as a classifier related to a specific IoT device class. The simulation results clearly identify the attacks and produce fewer false detections.

Keywords: IoT, traffic security, deep learning, classification

Procedia PDF Downloads 152

Authors: Nirmala Gopal, Sheetal Bhoola, Audecious Mugwagwa

Abstract:

This paper discusses the continued infringement and exploitation of data by non-state actors for destructive purposes, emphasizing radical terrorist organizations. It will discuss how terrorist organizations access and use data to foster their nefarious agendas. It further examines how cybersecurity, designed as a tool to curb data exploitation, is ineffective in raising global citizens' concerns about how their data can be kept safe and used for its acquired purpose. The study interrogates several policies and data protection instruments, such as the Data Protection Act, Cyber Security Policies, Protection of Personal Information(PPI) and General Data Protection Regulations (GDPR), to understand data use and storage in democratic states. The study outcomes point to the fact that international cybersecurity and cybercrime legislation, policies, and conventions have not curbed violations of data access and use by radical terrorist groups. The study recommends ways to enhance cybersecurity and reduce cyber risks using democratic principles.

Keywords: cybersecurity, data exploitation, terrorist organizations, data democracy

Procedia PDF Downloads 204

Authors: Nihar Bheda

Abstract:

Protecting digital assets such as networks, systems, and data from advanced cyber threats is the aim of Digital Immunity Systems (DIS), which are a subset of cybersecurity. With features like continuous monitoring, coordinated reactions, and long-term adaptation, DIS seeks to mimic biological immunity. This minimizes downtime by automatically identifying and eliminating threats. Traditional security measures, such as firewalls and antivirus software, are insufficient for enterprises, such as healthcare providers, given the rapid evolution of cyber threats. The number of medical record breaches that have occurred in recent years is proof that attackers are finding healthcare data to be an increasingly valuable target. However, obstacles to enhancing security include outdated systems, financial limitations, and a lack of knowledge. DIS is an advancement in cyber defenses designed specifically for healthcare settings. Protection akin to an "immune system" is produced by core capabilities such as anomaly detection, access controls, and policy enforcement. Coordination of responses across IT infrastructure to contain attacks is made possible by automation and orchestration. Massive amounts of data are analyzed by AI and machine learning to find new threats. After an incident, self-healing enables services to resume quickly. The implementation of DIS is consistent with the healthcare industry's urgent requirement for resilient data security in light of evolving risks and strict guidelines. With resilient systems, it can help organizations lower business risk, minimize the effects of breaches, and preserve patient care continuity. DIS will be essential for protecting a variety of environments, including cloud computing and the Internet of medical devices, as healthcare providers quickly adopt new technologies. DIS lowers traditional security overhead for IT departments and offers automated protection, even though it requires an initial investment. In the near future, DIS may prove to be essential for small clinics, blood banks, imaging centers, large hospitals, and other healthcare organizations. Cyber resilience can become attainable for the whole healthcare ecosystem with customized DIS implementations.

Keywords: digital immunity system, cybersecurity, healthcare data, emerging technology

Procedia PDF Downloads 67

Authors: Mohamed El Fares Djellatou, Fracoise Filion

Abstract:

The Ashukin program that means bridge in Naskapi or Atikamekw language, has been designed to offer a partnership between nursing students and an indigenous community. The students design a health promotion project tailored to the needs of the community. The issues of intimidation in primary school and cyber-dependence in high school were some concerns in a rural Atikamekw community. The goal of the project was to have a conversation with indigenous youths, aged 10-16 years old, on the challenges presented by intimidation and cyber dependence as well as promoting healthy relationships online and within the community. Methods: Multiple progressive inquiry questions (PIQs) were used to assess the feasibility and importance of this project for the Atikamekw nation, and to determine a plan to follow. The theoretical foundations to guide the conception of the project were the Population Health Promotion Model (PHPM), the First Nations Holistic Lifelong Learning Model, and the Medicine Wheel. A broad array of social determinants of health were addressed, including healthy childhood development, personal health practices, and coping skills, and education. The youths were encouraged to participate in interactive educational sessions, using PowerPoint presentations and pamphlets as the main effective strategies. Additional tools such as cultural artworks and physical activities were introduced to strengthen the inter-relational and team spirit within the Indigenous population. A quality assurance tool (QAT) was developed specifically to determine the appropriateness of these health promotion tools. Improvements were guided by the feedback issued by the indigenous schools’ teachers and social workers who filled the QATs. Post educational sessions, quantitative results have shown that 93.48% of primary school students were able to identify the different types of intimidation, 72.65% recognized more than two strategies, and 52.1% were able to list at least four resources to diffuse intimidation. On the other hand, around 75% of the adolescents were able to name at least three negative effects, and 50% listed three strategies to reduce cyber-dependence. This project was meant to create a bridge with the First Nation through health promotion, a population that is known to be disadvantaged due to systemic health inequity and disparities. Culturally safe care was proposed to deal with the two identified priority issues, and an educational toolkit was given to both schools to ensure the sustainability of the project. The project was self-financed through fundraising activities, and it yielded better results than expected.

Keywords: indigenous, first nation, bullying, cyber-dependence, internet addiction, intimidation, youth, adolescents, school, community nursing, health promotion

Procedia PDF Downloads 98

Authors: Jeyaseelan Maria Michael

Abstract:

This study investigated the prevalence of cyberbullying among college female students and its effects on their psychological well-being. The respondents were from the age group of 17 and 18, doing the first-year college in Tamilnadu, India. In this study, 110 participants were selected through simple random sampling. The standardized questionnaire of David Alvare-Garcia’s Cybervictimization Questionnaire for Adolescents (CYVIC) and Ryff’s Psychological Well-Being (PWB) were administered for data collection. CYVIC has four subdomains namely, impersonation, visual-sexual cybervictimization, written-verbal cybervictimization, online exclusion. Ryff’s PWB has six domains namely, autonomy, environmental mastery, personal growth, positive relations with others, purpose in life, and self- acceptance. The collected data were analyzed by SPSS v.23. The results indicate that cyberbullying prevails among college female students (M=1.24, SD= .21). Among the participants, 17 are scored one standard deviation above the mean (1.45). Among the subdomains of the CYVIC, the respondents have the highest score (M=1.40, SD= .38) in written-verbal cybervictimization. Cyber victimization has a significant correlation at the 0.01 level with psychological well-being.

Keywords: college students, cyberbullying, cyber victimization, psychological well-being

Procedia PDF Downloads 127

Authors: Olasunkanmi Jame Ayodeji, Adebayo Adeyinka Victor

Abstract:

In a hyperconnected world, cybersecurity faces a continuous evolution of threats that challenge traditional defence mechanisms. This paper explores emerging cybersecurity threats like malware, ransomware, phishing, social engineering, and the Internet of Things (IoT) vulnerabilities. It delves into the inadequacies of existing cybersecurity defences in addressing these evolving risks and advocates for adaptive defence mechanisms that leverage AI, machine learning, and zero-trust architectures. The paper proposes collaborative approaches, including public-private partnerships and information sharing, as essential to building a robust defence strategy to address future cyber threats. The need for continuous monitoring, real-time incident response, and adaptive resilience strategies is highlighted to fortify digital infrastructures in the face of escalating global cyber risks.

Keywords: cybersecurity, hyperconnectivity, malware, adaptive defences, zero-trust architecture, internet of things vulnerabilities

Procedia PDF Downloads 20

Authors: Sneha Leslie

Abstract:

The current situation in the cyber world is that crimes performed by Botnets are increasing and the masterminds (botmaster) are not detectable easily. The botmaster in the botnet compromises the legitimate host machines in the network and make them bots or zombies to initiate the cyber-attacks. This paper will focus on the live detection of the botmaster in the network by using the strong framework 'metasploit', when distributed denial of service (DDOS) attack is performed by the botnet. The affected victim machine will be continuously monitoring its incoming packets. Once the victim machine gets to know about the excessive count of packets from any IP, that particular IP is noted and details of the noted systems are gathered. Using the vulnerabilities present in the zombie machines (already compromised by botmaster), the victim machine will compromise them. By gaining access to the compromised systems, applications are run remotely. By analyzing the incoming packets of the zombies, the victim comes to know the address of the botmaster. This is an effective and a simple system where no specific features of communication protocol are considered.

Keywords: bonet, DDoS attack, network security, detection system, metasploit framework

Procedia PDF Downloads 254

Authors: James Kaweesa

Abstract:

The Internet of Things (IoT) has become a critical component of modern technology, enabling the connection of numerous devices to the internet. The interconnected nature of IoT devices, along with their heterogeneous and resource-constrained nature, makes them vulnerable to various types of attacks, such as malware, denial-of-service attacks, and network scanning. Intrusion Detection Systems (IDSs) are a key mechanism for protecting IoT networks and from attacks by identifying and alerting administrators to suspicious activities. In this review, the paper will discuss the different types of IDSs available for IoT systems and evaluate their effectiveness in detecting and preventing attacks. Also, examine the various evaluation methods used to assess the performance of IDSs and the challenges associated with evaluating them in IoT environments. The review will highlight the need for effective and efficient IDSs that can cope with the unique characteristics of IoT networks, including their heterogeneity, dynamic topology, and resource constraints. The paper will conclude by indicating where further research is needed to develop IDSs that can address these challenges and effectively protect IoT systems from cyber threats.

Keywords: cyber-threats, iot, intrusion detection system, networks

Procedia PDF Downloads 80

Authors: Washima Tuleun

Abstract:

Cybercrime is a global concern, and Nigeria is not immune to its effects. This paper investigates the cybercrimes and significant cyber-attacks that have targeted businesses and institutions in Nigeria, examining their various forms and the financial and economic impacts they have on individuals, businesses, and the nation as a whole. As technological advancements rapidly evolve and online services gain widespread adoption, there has been a corresponding rise in cyber-related attacks. These attacks often target personal data, exploit system vulnerabilities, and result in the theft of sensitive information, leading to financial losses, reputational damage, and broader impacts on organizations. The study conducts a thorough review of existing literature, case studies, and statistical data to provide a comprehensive understanding of Nigeria’s cybercrime landscape. Additionally, it assesses the efforts by both the government and the private sector to address these challenges and offers recommendations for more effective strategies to mitigate and reduce their impact.

Keywords: cybersecurity, telecommunications engineering, information technology, threat intelligence, vulnerability management, computing

Procedia PDF Downloads 29

Authors: Chao Jen-Chih, Kuo-Wei Hsu

Abstract:

Many venues and spaces in cities gradually become old and decayed as time goes by and develops. Urban regeneration is the critical strategy to promote local development, but the method of spatial reconstruction which is emphasized in the issue of urban regeneration is questioned for bringing cultural, social and economic impacts on old city areas. The idea of “Urban Regeneration Station (URS)” is proposed for Taipei City Government to introduce the entry and disturbance of communities and related groups with the concept of creative city. This study explored how an URS promotes local development again through the strength of communities and the energy of local residence community, and it established the Platform Strategy for URS. The research results are as follows: URS through the promotion of government agencies, experts, scholars and the third sector, to the selection of different types of units stationed in business, through exhibitions, seminars, and other activities to explore local development issues, vetting each stationed execution efficiency units, and different units stationed by URS establish URS overall network platform strategy.

Keywords: urban regeneration, platform strategy, creative city, Taipei city

Procedia PDF Downloads 456

Authors: Sunil Chaudhary, Rajendra Bahadur Thapa, Eleni Berki, Marko Helenius

Abstract:

The increasing number of Internet and mobile phone users, and essentially those, who use these electronic media to perform online transactions makes Nepal lucrative for phishing attacks. It is one of the reasons behind escalating phishing attacks in the country. Therefore, in this paper we examine various phishing attempts and real scenarios in Nepal to determine the seriousness of the problem. We also want to find out how prepared are the Internet and mobile phone users and how well-equipped are the private sector and government authorities responsible to handle cybercrime in the country. We considered five areas of research study, i.e., legal measures, technical and procedural measures, organizational structure, capacity building and international cooperation. These constitute important factors in cyber security and are recommended by the Global Cyber security Agenda (GCA). On the basis of our findings, we provide essential suggestions to make anti-phishing measures more appropriate to Nepalese State and society.

Keywords: internet banking, mobile banking, e-commerce, phishing, anti-phishing, Nepal

Procedia PDF Downloads 487

Authors: Niyi Adegoke, Saanumi Jimmy Omolou

Abstract:

The prevalence rate of youth involving in cybercrime is alarming, which calls for concern among the government, parents, NGO and religious bodies, hence this paper aims at examining youth involvement in cybercrime in Nigeria. Achievement motivation theory was used to explain the activities of cyber-criminals in Nigerian society. A descriptive survey method was adopted for the study. The sample for the study was one hundred and fifty (150) respondents randomly selected from the population of the study. A questionnaire was used to gather information and data from the respondents. Data collected through the questionnaire were analyzed using percentage tool for the respondents’ bio-data while chi-square was employed to test the hypotheses. Findings from the study have revealed that parental negligence, unemployment, peer influence, and quest for materialism were responsible for cyber-crimes in Nigeria. The study concludes with the following recommendations among which are: creating employment opportunities for the youths and ensure good governance and accountability among other things will go a long way to solve the problem of cybercrime in our society.

Keywords: cybercrime, youth, Nigeria, unemployment, information communication technology

Procedia PDF Downloads 228

Authors: Angsumalin Puntho

Abstract:

Disruptive technology has had a great influence on our everyday lives and the existence of an organization. Geologists in the public sector need to keep up with digital technology and be able to work and collaborate in a more effective manner. The result from SWOT and 7S McKinsey analyses suggest that there are inadequate IT personnel, no individual digital literacy development plan, and a misunderstanding of management policies. The Office of Civil Service Commission develops digital literacy skills that civil servants and government officers should possess in order to work effectively; it consists of nine dimensions, including computer skills, internet skills, cyber security awareness, word processing, spreadsheets, presentation programs, online collaboration, graphics editors and cyber security practices; and six steps of digital literacy development including self-assessment, individual development plan, self-learning, certified test, learning reflection, and practices. Geologists can use digital literacy as a learning tool to develop themselves for better career opportunities.

Keywords: disruptive technology, digital technology, digital literacy, computer skills

Procedia PDF Downloads 116

Authors: Yohannes Haile, Dipo Onipede, Jr., Omar Ashour

Abstract:

The main thrust of our research is to determine Industry 4.0 readiness of small and mid-size manufacturing companies in our region and assist them to implement Cyber Physical Production System (CPPS) capabilities. Adopting CPPS capabilities will help organizations realize improved quality, order delivery, throughput, new value creation, and reduced idle time of machines and work centers of their manufacturing operations. The key metrics for the assessment include the level of intelligence, internal and external connections, responsiveness to internal and external environmental changes, capabilities for customization of products with reference to cost, level of additive manufacturing, automation, and robotics integration, and capabilities to manufacture hybrid products in the near term, where near term is defined as 0 to 18 months. In our initial evaluation of several manufacturing firms which are profitable and successful in what they do, we found low level of Physical-Digital-Physical (PDP) loop in their manufacturing operations, whereas 100% of the firms included in this research have specialized manufacturing core competencies that have differentiated them from their competitors. The level of automation and robotics integration is low to medium range, where low is defined as less than 30%, and medium is defined as 30 to 70% of manufacturing operation to include automation and robotics. However, there is a significant drive to include these capabilities at the present time. As it pertains to intelligence and connection of manufacturing systems, it is observed to be low with significant variance in tying manufacturing operations management to Enterprise Resource Planning (ERP). Furthermore, it is observed that the integration of additive manufacturing in general, 3D printing, in particular, to be low, but with significant upside of integrating it in their manufacturing operations in the near future. To hasten the readiness of the local and regional manufacturing companies to Industry 4.0 and transitions towards CPPS capabilities, our working group (ADMAR Working Group) in partnership with our university have been engaged with the local and regional manufacturing companies. The goal is to increase awareness, share know-how and capabilities, initiate joint projects, and investigate the possibility of establishing the Center for Cyber Physical Production Systems Innovation (C2P2SI). The center is intended to support the local and regional university-industry research of implementing intelligent factories, enhance new value creation through disruptive innovations, the development of hybrid and data enhanced products, and the creation of digital manufacturing enterprises. All these efforts will enhance local and regional economic development and educate students that have well developed knowledge and applications of cyber physical manufacturing systems and Industry 4.0.

Keywords: automation, cyber-physical production system, digital manufacturing enterprises, disruptive innovation, new value creation, physical-digital-physical loop

Procedia PDF Downloads 140

Authors: V. Reyes, P. Ferreira

Abstract:

In response to high levels of competitiveness, industrial systems have evolved to improve productivity. As a consequence, a rapid increase in volume production and simultaneously, a customization process require lower costs, more variety, and accurate quality of products. Reducing time-cycle production, enabling customizability, and ensure continuous quality improvement are key features in advance intelligent industry. In this scenario, customers and producers will be able to participate in the ongoing production life cycle through real-time interaction. To achieve this vision, transparency, predictability, and adaptability are key features that provide the industrial systems the capability to adapt to customer demands modifying the manufacturing process through an autonomous response and acting preventively to avoid errors. The industrial system incorporates a diversified number of components that in advanced industry are expected to be decentralized, end to end communicating, and with the capability to make own decisions through feedback. The evolving process towards advanced intelligent industry defines a set of stages to empower components of intelligence and enhancing efficiency to achieve the decision-making stage. The integrated system follows an industrial cyber-physical system (CPS) architecture whose real-time integration, based on a set of enabler technologies, links the physical and virtual world generating the digital twin (DT). This instance allows incorporating sensor data from real to virtual world and the required transparency for real-time monitoring and control, contributing to address important features of the advanced intelligent industry and simultaneously improve sustainability. Assuming the industrial CPS as the core technology toward the latest advanced intelligent industry stage, this paper reviews and highlights the correlation and contributions of the enabler technologies for the operationalization of each stage in the path toward advanced intelligent industry. From this research, a real-time integration architecture for a cyber-physical system with applications to collaborative robotics is proposed. The required functionalities and issues to endow the industrial system of adaptability are identified.

Keywords: cyber-physical systems, digital twin, sensor data, system integration, virtual model

Procedia PDF Downloads 118

Authors: Damola O. Lawal, David W. Gresty, Diane E. Gan, Louise Hewitt

Abstract:

This paper investigates the feasibility of using a programmable USB such as the O.MG Cable to perform a file tampering attack. Here, the O.MG Cable, an apparently harmless mobile device charger, is used in an unauthorized way to alter the content of a file (accounts record-January_Contributions.xlsx). The aim is to determine if a forensics analyst can reliably determine who has altered the target file; the O.MG Cable or the user of the machine. This work highlights some of the traces of the O.MG Cable left behind on the target computer itself, such as the Product ID (PID) and Vendor ID (ID). Also discussed is the O.MG Cable’s behavior during the experiments. We determine if a forensics analyst could identify if any evidence has been left behind by the programmable device on the target file once it has been removed from the computer to establish if the analyst would be able to link the traces left by the O.MG Cable to the file tampering. It was discovered that the forensic analyst might mistake the actions of the O.MG Cable for the computer users. Experiments carried out in this work could further the discussion as to whether an innocent user could be punished for the unauthorized changes made by a programmable device.

Keywords: O.MG cable, programmable USB, file tampering attack, digital evidence credibility, miscarriage of justice, cyber fraud

Procedia PDF Downloads 158

Authors: Atma Sahu

Abstract:

After 9/11, there will only be cyberwars. The cyberwars increase in intensity the country's cybersecurity workforce's hiring and retention issues. Currently, many organizations have unfilled cybersecurity positions, and to a lesser degree, their cybersecurity teams are understaffed. Therefore, there is a critical need to develop a new program to help meet the market demand for cybersecurity engineers (CYSE) and personnel. Coppin State University in the United States was responsible for developing a cybersecurity engineering BS degree program. The CYSE curriculum design methodology consisted of three parts. First, the ACM Cross-Cutting Concepts standard's pervasive framework helped curriculum designers and students explore connections among the core courses' knowledge areas and reinforce the security mindset conveyed in them. Second, the core course context was created to assist students in resolving security issues in authentic cyber situations involving cyber security systems in various aspects of industrial work while adhering to the NIST standards framework. The last part of the CYSE curriculum design aspect was the institutional student learning outcomes (SLOs) integrated and aligned in content courses, representing more detailed outcomes and emphasizing what learners can do over merely what they know. The CYSE program's core courses express competencies and learning outcomes using action verbs from Bloom's Revised Taxonomy. This aspect of the CYSE BS degree program's design is based on these three pillars: the ACM, NIST, and SLO standards, which all CYSE curriculum designers should know. This unique CYSE curriculum design methodology will address how students and the CYSE program will be assessed and evaluated. It is also critical that educators, program managers, and students understand the importance of staying current in this fast-paced CYSE field.

Keywords: cyber security, cybersecurity engineering, systems engineering, NIST standards, physical systems

Procedia PDF Downloads 95

Authors: Mireille Elhajj, Washington Ochieng, Deeph Chana

Abstract:

The challenges of the rapid growth in the demand for transport has traditionally been seen within the context of the problems of congestion, air quality, climate change, safety, and affordability. However, there are increasing threats including those related to crime such as cyber-attacks that threaten the security of the transport of people and goods. To the best of the authors’ knowledge, this paper presents for the first time, a comprehensive framework for the assessment of the current and future security issues of multi-modal transport systems. The approach or method proposed is based on a structured framework starting with a detailed specification of the transport asset map (transport system architecture), followed by the identification of vulnerabilities. The asset map and vulnerabilities are used to identify the various approaches for exploitation of the vulnerabilities, leading to the creation of a set of threat scenarios. The threat scenarios are then transformed into risks and their categories, and include insights for their mitigation. The consideration of the mitigation space is holistic and includes the formulation of appropriate policies and tactics and/or technical interventions. The quality of the framework is ensured through a structured and logical process that identifies the stakeholders, reviews the relevant documents including policies and identifies gaps, incorporates targeted surveys to augment the reviews, and uses subject matter experts for validation. The approach to categorising security risks is an extension of the current methods that are typically employed. Specifically, the partitioning of risks into either physical or cyber categories is too limited for developing mitigation policies and tactics/interventions for transport systems where an interplay between physical and cyber processes is very often the norm. This interplay is rapidly taking on increasing significance for security as the emergence of cyber-physical technologies, are shaping the future of all transport modes. Examples include: Connected Autonomous Vehicles (CAVs) in road transport; the European Rail Traffic Management System (ERTMS) in rail transport; Automatic Identification System (AIS) in maritime transport; advanced Communications, Navigation and Surveillance (CNS) technologies in air transport; and the Internet of Things (IoT). The framework adopts a risk categorisation scheme that considers risks as falling within the following threat→impact relationships: Physical→Physical, Cyber→Cyber, Cyber→Physical, and Physical→Cyber). Thus the framework enables a more complete risk picture to be developed for today’s transport systems and, more importantly, is readily extendable to account for emerging trends in the sector that will define future transport systems. The framework facilitates the audit and retro-fitting of mitigations in current transport operations and the analysis of security management options for the next generation of Transport enabling strategic aspirations such as systems with security-by-design and co-design of safety and security to be achieved. An initial application of the framework to transport systems has shown that intra-modal consideration of security measures is sub-optimal and that a holistic and multi-modal approach that also addresses the intersections/transition points of such networks is required as their vulnerability is high. This is in-line with traveler-centric transport service provision, widely accepted as the future of mobility services. In summary, a risk-based framework is proposed for use by the stakeholders to comprehensively and holistically assess the security of transport systems. It requires a detailed understanding of the transport architecture to enable a detailed vulnerabilities analysis to be undertaken, creates threat scenarios and transforms them into risks which form the basis for the formulation of interventions.

Keywords: mitigations, risk, transport, security, vulnerabilities

Procedia PDF Downloads 165

Authors: Sulaiman Al Amro

Abstract:

There are currently considerable challenges concerning data security and privacy, particularly in relation to modern technologies. This includes the virtual world known as the Metaverse, which consists of a virtual space that integrates various technologies and is therefore susceptible to cyber threats such as malware, phishing, and identity theft. This has led recent studies to propose the development of Metaverse forensic frameworks and the integration of advanced technologies, including machine learning for intrusion detection and security. In this context, the application of first-order logic offers a formal and systematic approach to defining the conditions of cyberattacks, thereby contributing to the development of effective detection mechanisms. In addition, formalizing the rules and patterns of cyber threats has the potential to enhance the overall security posture of the Metaverse and, thus, the integrity and safety of this virtual environment. The current paper focuses on the primary actions employed by avatars for potential attacks, including Interval Temporal Logic (ITL) and behavior-based detection to detect an avatar’s abnormal activities within the Metaverse. The research established that the proposed framework attained an accuracy of 92.307%, resulting in the experimental results demonstrating the efficacy of ITL, including its superior performance in addressing the threats posed by avatars within the Metaverse domain.

Keywords: security, privacy, metaverse, cyberattacks, detection, first-order logic

Procedia PDF Downloads 40

Authors: Abdulrahman S. Alqahtani

Abstract:

The revolution of computing and networks could revolutionise terrorism in the same way that it has brought about changes in other aspects of life. The modern technological era has faced countries with a new set of security challenges. There are many states and potential adversaries who have the potential and capacity in cyberspace, which makes them able to carry out cyber-attacks in the future. Some of them are currently conducting surveillance, gathering and analysis of technical information, and mapping of networks and nodes and infrastructure of opponents, which may be exploited in future conflicts. This poster presents the results of the quantitative study (survey) to test the validity of the proposed theoretical framework for the cyber terrorist threats. This theoretical framework will help to in-depth understand these new digital terrorist threats. It may also be a practical guide for managers and technicians in critical infrastructure, to understand and assess the threats they face. It might also be the foundation for building a national strategy to counter cyberterrorism. In the beginning, it provides basic information about the data. To purify the data, reliability and exploratory factor analysis, as well as confirmatory factor analysis (CFA) were performed. Then, Structural Equation Modelling (SEM) was utilised to test the final model of the theory and to assess the overall goodness-of-fit between the proposed model and the collected data set.

Keywords: cyberterrorism, critical infrastructure, , national security, theoretical framework, terrorism

Procedia PDF Downloads 404

Authors: Violeta Damjanovic-Behrendt

Abstract:

This paper presents an approach for optimal cyber security decisions to protect instances of a federated Internet of Things (IoT) platform in the cloud. The presented solution implements the repeated Stackelberg Security Game (SSG) and a model called Stochastic Human behaviour model with AttRactiveness and Probability weighting (SHARP). SHARP employs the Subjective Utility Quantal Response (SUQR) for formulating a subjective utility function, which is based on the evaluations of alternative solutions during decision-making. We augment the repeated SSG (including SHARP and SUQR) with a reinforced learning algorithm called Naïve Q-Learning. Naïve Q-Learning belongs to the category of active and model-free Machine Learning (ML) techniques in which the agent (either the defender or the attacker) attempts to find an optimal security solution. In this way, we combine GT and ML algorithms for discovering optimal cyber security policies. The proposed security optimization components will be validated in a collaborative cloud platform that is based on the Industrial Internet Reference Architecture (IIRA) and its recently published security model.

Keywords: security, internet of things, cloud computing, stackelberg game, machine learning, naive q-learning

Procedia PDF Downloads 354

Authors: Beverly Komen

Abstract:

Online crimes have been on the rise in the recent days, especially with the hit of the covid-19 pandemic. The coronavirus pandemic has led to an unprecedented rise in screen time, this means more families are relying on technology and digital solutions to keep children learning, spending more time on the virtual platforms can leave children vulnerable to online abuse and exploitation. With ease access of affordable phones, internet, and increased online activities, all children are at risk of being abused online hence making the digital space unsafe for children. With these increased use of technology and its accessibility, children are at risk of facing challenges such as access to inappropriate content, online grooming, identity theft, cyber bullying, among other risks. The big question is; as we enjoy the benefits brought in by technology, how do we ensure that our children are save in this digital space? With the analysis of the current trends, there is a gap in knowledge on people’s understanding on child online protection and safety measures when using the digital space. A survey conducted among 50 parents in Nairobi in Kenya indicated that there is a gap in knowledge on online protection of children and over 50 % of the participants shared that for sure they have no idea on how to protect children online. This paper seeks to address the concept of child protection in the digital space and come up with viable solutions in protecting children from online vices.

Keywords: child protection, digital space, online risks, online grooming, cyber bulying, online child sexual exploitation, and abuse

Procedia PDF Downloads 185

Authors: Odoh Ben Uruchi

Abstract:

Information Technology is an outcome of the nexus between the computer technology and the communication technology which has grown as silver fiber in Nigeria. Information Technology represents the fourth generation of human communication after sight, oral and written communications. The internet, as with all path-breaking technological developments gives us all the ample privileges to act as a global community; advertise and operate across all frontiers; over boarders and beyond the control of any government. The security concerns, computer abuse and the side effects of this technology have moved to the forefront of the consciousness of law enforcement agencies. Unfortunately, Nigeria is one of the very few countries in the world to have not legislated Cyber Laws, although several unsuccessful attempts have been made in recent times at providing the legal framework for regulating the activities in Nigerian cyberspace. Traditional legal systems have led to great difficulty in keeping pace with the rapid growth of the internet and its impact throughout Nigeria. The only existing legal frameworks are constantly being challenged by technological advancement. This has created a need to constantly update and adapt the way in which we organize ourselves as Legal Practitioners in order to maintain overall control of its domestic and national interests. This paper seeks to appraise the challenges facing the legal profession in Nigeria because of want of Cyber Laws. In doing this, the paper shall highlight the loopholes in the existing laws and recommends the way forward.

Keywords: information technology, challenges, legal profession, Nigeria

Procedia PDF Downloads 516

Authors: Otto Kakhidze, Hoda Alkhzaimi, Adam Ramey, Nasir Memon

Abstract:

This paper provides an alternative, cyber security based a conceptual framework for the ethics of automated warfare. The large body of work produced on fully or partially autonomous warfare systems tends to overlook malicious security factors as in the possibility of technical attacks on these systems when it comes to the moral and legal decision-making. The argument provides a risk-oriented justification to why technical malicious risks cannot be dismissed in legal, ethical and policy considerations when warfare models are being implemented and deployed. The assumptions of the paper are supported by providing a broader model that contains the perspective of technological vulnerabilities through the lenses of the Game Theory, Just War Theory as well as standard and non-standard defense ethics. The paper argues that a conventional risk-benefit analysis without considering ethical factors is insufficient for making legal and policy decisions on automated warfare. This approach will provide the substructure for security and defense experts as well as legal scholars, ethicists and decision theorists to work towards common justificatory grounds that will accommodate the technical security concerns that have been overlooked in the current legal and policy models.

Keywords: automated warfare, ethics of automation, inherent hijacking, security vulnerabilities, risk, uncertainty

Procedia PDF Downloads 357

Authors: Naveen Kumar, Shyambihari Prajapati

Abstract:

Industry 4.0 is the fourth industrial revolution that focuses on interconnectivity of machine to machine, human to machine and human to human via Internet of Things (IoT). Technologies of industry 4.0 facilitate communication between human and machine through IoT and forms Cyber-Physical Production System (CPPS). In CPPS, multiple shop floors sensor data are connected through IoT and displayed through sensor dashboard to the operator. These sensor dashboards have enormous amount of information to be presented which becomes complex for operators to perform monitoring, controlling and interpretation tasks. Designing handheld sensor dashboards for supervision task will become a challenge for the interface designers. This paper reports emerging technologies of industry 4.0, changing context of increasing information complexity in consecutive industrial revolutions and upcoming design challenges for interface designers in context of Industry 4.0. Authors conclude that information complexity of sensor dashboards design has increased with consecutive industrial revolutions and designs of sensor dashboard causes cognitive load on users. Designing such complex dashboards interfaces in Industry 4.0 context will become main challenges for the interface designers.

Keywords: Industry4.0, sensor dashboard design, cyber-physical production system, Interface designer

Procedia PDF Downloads 128