Search results for: cyber attack

Authors: Jean Rosemond Dora, Karol Nemoga

Abstract:

In this work, we tackle a frequent problem that frequently occurs in the cybersecurity field which is the exploitation of websites by XSS attacks, which are nowadays considered a complicated attack. These types of attacks aim to execute malicious scripts in a web browser of the client by including code in a legitimate web page. A serious matter is when a website accepts the “user-input” option. Attackers can exploit the web application (if vulnerable), and then steal sensitive data (session cookies, passwords, credit cards, etc.) from the server and/or from the client. However, the difficulty of the exploitation varies from website to website. Our focus is on the usage of ontology in cybersecurity against XSS attacks, on the importance of the ontology, and its core meaning for cybersecurity. We explain how a vulnerable website can be exploited, and how different JavaScript payloads can be used to detect vulnerabilities. We also enumerate some tools to use for an efficient analysis. We present detailed reasoning on what can be done to improve the security of a website in order to resist attacks, and we provide supportive examples. Then, we apply an ontology model against XSS attacks to strengthen the protection of a web application. However, we note that the existence of ontology does not improve the security itself, but it has to be properly used and should require a maximum of security layers to be taken into account.

Keywords: cybersecurity, web application vulnerabilities, cyber threats, ontology model

Procedia PDF Downloads 136

Authors: Ankur Bansal, Shashank Bishnoi

Abstract:

Degradation of Sewage pipes, sewage pumping station and Sewage treatment plants(STP) is of major concern due to difficulty in their maintenance and the high cost of replacement. Most of these systems undergo degradation due to Biogenic sulphuric acid (BSA) attack. Since most of Waste water treatment system are underground, detection of this deterioration remains hidden. This paper presents a literature review, outlining the mechanism of this attack focusing on critical parameters of BSA attack, along with available models and software to predict the deterioration due to this attack. This paper critically examines the various steps and equation in various Models of BSA degradation, detail on assumptions and working of different softwares are also highlighted in this paper. The paper also focuses on the service life design technique available through various codes and method to integrate the servile life design with BSA degradation on concrete. In the end, various methods enhancing the resistance of concrete against Biogenic sulphuric acid attack are highlighted. It may be concluded that the effective modelling for degradation phenomena may bring positive economical and environmental impacts. With current computing capabilities integrated degradation models combining the various durability aspects can bring positive change for sustainable society.

Keywords: concrete degradation, modelling, service life, sulphuric acid attack

Procedia PDF Downloads 285

Authors: Richard McGregor, Carmen Reaiche, Stephen Boyle

Abstract:

Cyber threats are a relatively recent phenomenon and offer cyber insurers a dynamic and intelligent peril. As individuals en mass become increasingly digitally dependent, Personal Cyber Insurance (PCI) offers an attractive option to mitigate cyber risk at a personal level. This abstract proposes a literature review that conceptualises a framework for siting Personal Cyber Insurance (PCI) within the context of cyberspace. The lack of empirical research within this domain demonstrates an immediate need to define the scope of PCI to allow cyber insurers to understand personal cyber risk threats and vectors, customer awareness, capabilities, and their associated needs. Additionally, this will allow cyber insurers to conceptualise appropriate frameworks allowing effective management and distribution of PCI products and services within a landscape often in-congruent with risk attributes commonly associated with traditional personal line insurance products. Cyberspace has provided significant improvement to the quality of social connectivity and productivity during past decades and allowed enormous capability uplift of information sharing and communication between people and communities. Conversely, personal digital dependency furnish ample opportunities for adverse cyber events such as data breaches and cyber-attacksthus introducing a continuous and insidious threat of omnipresent cyber risk–particularly since the advent of the COVID-19 pandemic and wide-spread adoption of ‘work-from-home’ practices. Recognition of escalating inter-dependencies, vulnerabilities and inadequate personal cyber behaviours have prompted efforts by businesses and individuals alike to investigate strategies and tactics to mitigate cyber risk – of which cyber insurance is a viable, cost-effective option. It is argued that, ceteris parabus, the nature of cyberspace intrinsically provides characteristic peculiarities that pose significant and bespoke challenges to cyber insurers, often in-congruent with risk attributes commonly associated with traditional personal line insurance products. These challenges include (inter alia) a paucity of historical claim/loss data for underwriting and pricing purposes, interdependencies of cyber architecture promoting high correlation of cyber risk, difficulties in evaluating cyber risk, intangibility of risk assets (such as data, reputation), lack of standardisation across the industry, high and undetermined tail risks, and moral hazard among others. This study proposes a thematic overview of the literature deemed necessary to conceptualise the challenges to issuing personal cyber coverage. There is an evident absence of empirical research appertaining to PCI and the design of operational business models for this business domain, especially qualitative initiatives that (1) attempt to define the scope of the peril, (2) secure an understanding of the needs of both cyber insurer and customer, and (3) to identify elements pivotal to effective management and profitable distribution of PCI - leading to an argument proposed by the author that postulates that the traditional general insurance customer journey and business model are ill-suited for the lineaments of cyberspace. The findings of the review confirm significant gaps in contemporary research within the domain of personal cyber insurance.

Keywords: cyberspace, personal cyber risk, personal cyber insurance, customer journey, business model

Procedia PDF Downloads 76

Authors: Azene Zenebe

Abstract:

Deep learning is a subset of machine learning which incorporates techniques for the construction of artificial neural networks and found to be useful for modeling complex problems with large dataset. Deep learning requires a very high power computational and longer time for training. By aggregating computing power, high performance computer (HPC) has emerged as an approach to resolving advanced problems and performing data-driven research activities. Cyber threat intelligence (CIT) is actionable information or insight an organization or individual uses to understand the threats that have, will, or are currently targeting the organization. Results of review of literature will be presented along with results of experimental study that compares the performance of tree-based and function-base machine learning including deep learning algorithms using secondary dataset collected from darknet.

Keywords: deep-learning, cyber security, cyber threat modeling, tree-based machine learning, function-based machine learning, data science

Procedia PDF Downloads 120

Authors: Daniel Kliewe, Arno Kühn, Roman Dumitrescu, Jürgen Gausemeier

Abstract:

This paper examines the system protection for cyber-physical systems (CPS). CPS are particularly characterized by their networking system components. This means they are able to adapt to the needs of their users and its environment. With this ability, CPS have new, specific requirements on the protection against anti-counterfeiting, know-how loss and manipulation. They increase the requirements on system protection because piracy attacks can be more diverse, for example because of an increasing number of interfaces or through the networking abilities. The new requirements were identified and in a next step matched with existing protective measures. Due to the found gap the development of new protection measures has to be forced to close this gap. Moreover a comparison of the effectiveness between selected measures was realized and the first results are presented in the paper.

Keywords: anti-counterfeiting, cyber physical systems, intellectual property (IP), knowledge management, system protection

Procedia PDF Downloads 459

Authors: Faraji Sepideh

Abstract:

Nowadays, purchase rate of the smart device is increasing and user authentication is one of the important issues in information security. Alphanumeric strong passwords are difficult to memorize and also owners write them down on papers or save them in a computer file. In addition, text password has its own flaws and is vulnerable to attacks. Graphical password can be used as an alternative to alphanumeric password that users choose images as a password. This type of password is easier to use and memorize and also more secure from pervious password types. In this paper we have designed a more secure graphical password system to prevent shoulder surfing, smudge and brute force attack. This scheme is a combination of two types of graphical passwords recognition based and Cued recall based. Evaluation the usability and security of our proposed scheme have been explained in conclusion part.

Keywords: brute force attack, graphical password, shoulder surfing attack, smudge attack

Procedia PDF Downloads 121

Authors: Pardis Moslemzadeh Tehrani, Nazura Abdul Manap, Hamed Ladoni Damghani, Rohimi Bin Shapiee

Abstract:

In recent years the speed of new technology has brought forth so many new issues. Cyberspace is among the new technologies that need novel ways to address the various issues that have arisen. While cyberspace is a technical notion that defies a single definition, this new technology requires the adoption and application of new laws. In order to manage issues arising from the existence of cyberspace, proper policies and definitions must be formulated which satisfy both technical and legal aspects. One difficulty in this regard is due to the unique features of cyberspace architecture. This article proposes to define cyberspace and cyber terrorism. This will allow for a more effective and comprehensive addressing of legal issues as they can then be handled better by introducing a new factor to the otherwise ordinary analysis in whichever field is implicated such as the nature and place of use.

Keywords: cyberspace, cyber terrorism, technical definition, legal definition

Procedia PDF Downloads 553

Authors: M. Mansouri, P. Jaklitsch, E. Teiniker

Abstract:

SQL injection on web applications is a very popular kind of attack. There are mechanisms such as intrusion detection systems in order to detect this attack. These strategies often rely on techniques implemented at high layers of the application but do not consider the low level of system calls. The problem of only considering the high level perspective is that an attacker can circumvent the detection tools using certain techniques such as URL encoding. One technique currently used for detecting low-level attacks on privileged processes is the tracing of system calls. System calls act as a single gate to the Operating System (OS) kernel; they allow catching the critical data at an appropriate level of detail. Our basic assumption is that any type of application, be it a system service, utility program or Web application, “speaks” the language of system calls when having a conversation with the OS kernel. At this level we can see the actual attack while it is happening. We conduct an experiment in order to demonstrate the suitability of system call analysis for detecting SQL injection. We are able to detect the attack. Therefore we conclude that system calls are not only powerful in detecting low-level attacks but that they also enable us to detect high-level attacks such as SQL injection.

Keywords: Linux system calls, web attack detection, interception, SQL

Procedia PDF Downloads 324

Authors: T. Heiman, D. Olenik-Shemesh

Abstract:

Over the past decade, with the rapid growth of electronic communication, the internet and, in particular, social networking has become an inseparable part of people's daily lives. Along with its benefits, a new type of online aggression has emerged, defined as cyber bullying, a form of interpersonal aggressive behavior that takes place through electronic means. Cyber-bullying is characterized by repetitive behavior over time of maladaptive authority and power usage using computers and cell phones via sending insulting messages and hurtful pictures. Preliminary findings suggest that the prevalence of involvement in cyber-bullying among higher education students varies between 10 and 35%. As to date, universities are facing an uphill effort in trying to restrain online misbehavior. As no studies examined the relationships between cyber-bullying involvement with personal aspects, and its impacts on academic achievement and work functioning, this present study examined the nature of cyber-bullying involvement among 1,052 undergraduate students (mean age = 27.25, S.D = 4.81; 66.2% female), coping with, as well as the effects of social support, perceived self-efficacy, well-being, and body-perception, in relation to cyber-victimization. We assume that students in higher education are a vulnerable population and at high risk of being cyber-victims. We hypothesize that social support might serve as a protective factor and will moderate the relationships between the socio-emotional variables and the occurrence of cyber- victimization. The findings of this study will present the relationships between cyber-victimization and the social-emotional aspects, which constitute risk and protective factors. After receiving approval from the Ethics Committee of the University, a Google Drive questionnaire was sent to a random sample of students, studying in the various University study centers. Students' participation was voluntary, and they completed the five questionnaires anonymously: Cyber-bullying, perceived self-efficacy, subjective well-being, social support and body perception. Results revealed that 11.6% of the students reported being cyber-victims during last year. Examining the emotional and behavioral reactions to cyber-victimization revealed that female emotional and behavioral reactions were significantly greater than the male reactions (p < .001). Moreover, females reported on a significant higher social support compared to men; male reported significantly on a lower social capability than female; and men's body perception was significantly more positive than women's scores. No gender differences were observed for subjective well-being scale. Significant positive correlations were found between cyber-victimization and fewer friends, lower grades, and work ineffectiveness (r = 0.37- .40, p < 0 .001). The results of the Hierarchical regression indicated significantly that cyber-victimization can be predicted by lower social support, lower body perception, and gender (female), that explained 5.6% of the variance (R2 = 0.056, F(5,1047) = 12.47, p < 0.001). The findings deepen our understanding of the students' involvement in cyber-bullying, and present the relationships of the social-emotional and academic aspects on cyber-victim students. In view of our findings, higher education policy could help facilitate coping with cyber-bullying incidents, and student support units could develop intervention programs aimed at reducing cyber-bullying and its impacts.

Keywords: academic and personal factors, cyber-victimization, social support, higher education

Procedia PDF Downloads 264

Authors: Lindelwa Mngomezulu, Tonderai Muchenje

Abstract:

Over the decades, E-mails provide easy, fast and timely communication enabling businesses and state owned agencies to communicate with their stakeholders and with their own employees in real-time. Moreover, since the launch of Microsoft office 365 and many other clouds based E-mail services, many businesses have been migrating from the on premises E-mail services to the cloud and more precisely since the beginning of the Covid-19 pandemic, there has been a significant increase of E-mails utilization, which then leads to the increase of cyber-attacks. In that regard, E-mail security has become very important in the E-mail transportation to ensure that the E-mail gets to the recipient without the data integrity being compromised. The classification of the features to enhance E-mail security for further from the enhanced cyber-attacks as we are aware that since the technology is advancing so at the cyber-attacks. Therefore, in order to maximize the data integrity we need to also maximize security of the E-mails such as enhanced E-mail authentication. The successful enhancement of E-mail security in the future may lessen the frequency of information thefts via E-mails, resulting in the data of South African State-owned agencies not being compromised.

Keywords: e-mail security, cyber-attacks, data integrity, authentication

Procedia PDF Downloads 102

Authors: Hashim Chunpir

Abstract:

Support processes play an important role to facilitate researchers (users) to accomplish their research activities with the help of cyber-infrastructure(s). However, the current user-support process in cyber-infrastructure needs a feasible tool to support users. This tool must enable the users of a cyber-infrastructure to communicate efficiently with the staffs of a cyber-infrastructure in order to get technical and scientific assistance, whilst saving resources at the same time. This research paper narrates the real story of employing various forms of tools to support the user and staff communication. In addition, this paper projects the lessons learned from an exploration of the help-desk tools in the current state of user support process in Earth System Grid Federation (ESGF) from support staffs’ perspective. ESGF is a climate cyber-infrastructure that facilitates Earth System Modeling (ESM) and is taken as a case study in this paper. Finally, this study proposes a need for a tool, a framework or a platform that not only improves the user support process to address support servicing needs of end-users of e-Science infrastructures but also eases the life of staffs in providing assistance to the users. With the help of such a tool; the collaboration between users and the staffs of cyber-infrastructures is made easier. Consequently, the research activities of the users of e-Science infrastructure will thrive as the scientific and technical support will be available to users. Finally, this results into painless and productive e-Research.

Keywords: e-Science User Services, e-Research in Earth Sciences, Information Technology Services Management (ITSM), user support process, service desk, management of support activities, help desk tools, application of social media

Procedia PDF Downloads 447

Authors: Aisha Iddrisu

Abstract:

The proliferation of cyberviolence in the wave of increased social media consumption calls for immediate attention both at the local and global levels. With over 4.70 billion social media users worldwide and 8.8 social media users in Ghana, various forms of violence have become the order of the day in most countries and communities. Cyber violence is defined as producing, retrieving, and sharing of hurtful or dangerous online content to cause emotional, psychological, or physical harm. The urgency and severity of cyber violence have led to the enactment of laws in various countries though lots still need to be done, especially in Ghana. In Ghana, studies on cyber violence have not been extensively dealt with. Existing studies concentrate only on one form or the other form of cyber violence, thus cybercrime and cyber bullying. Also, most studies in Africa have not explored cyber violence forms using empirical theories and the few that existed were qualitatively researched, whereas others examine the effect of cyber violence rather than examining why those who involve in it behave the way they behave. It is against this backdrop that this study aims to examine various cyber violence behaviour among social media users in Ghana by applying the theory of Self-control and Social control theory. This study is important for the following reasons. The outcome of this research will help at both national and international level of policymaking by adding to the knowledge of understanding cyberviolence and why people engage in various forms of cyberviolence. It will also help expose other ways by which such behaviours are enforced thereby serving as a guide in the enactment of the rightful rules and laws to curb such behaviours. It will add to literature on consequences of new media. This study seeks to confirm or reject to the following research hypotheses. H1 Social media usage has direct significant effect of cyberviolence behaviours. H2 Ineffective parental management has direct significant positive relation to Low self-control. H3 Low self-control has direct significant positive effect on cyber violence behaviours among social, H4 Differential association has significant positive effect on cyberviolence behaviour among social media users in Ghana. H5 Definitions have a significant positive effect on cyberviolence behaviour among social media users in Ghana. H6 Imitation has a significant positive effect on cyberviolence behaviour among social media users in Ghana. H7 Differential reinforcement has a significant positive effect on cyberviolence behaviour among social media users in Ghana. H8 Differential association has a significant positive effect on definitions. H9 Differential association has a significant positive effect on imitation. H10 Differential association has a significant positive effect on differential reinforcement. H11 Differential association has significant indirect positive effects on cyberviolence through the learning process.

Keywords: cyberviolence, social media users, self-control theory, social learning theory

Procedia PDF Downloads 46

Authors: Modesta E. Ezema, Christopher C. Ezema, Christian C. Ugwu, Udoka F. Eze, Florence M. Babalola

Abstract:

Some employees knowingly or unknowingly contribute to loss of data and also expose data to threat in the process of getting their jobs done. Many organizations today are faced with the challenges of how to secure their data as cyber criminals constantly devise new ways of attacking the organization’s secret data. However, this paper enlists the latest strategies that must be put in place in order to protect these important data from being attacked in a collaborative work place. It also introduces us to Advanced Persistent Threats (APTs) and how it works. The empirical study was conducted to collect data from the employee in data centers on how data could be protected from malicious codes and cyber criminals and their responses are highly considered to help checkmate the activities of malicious code and cyber criminals in our work places.

Keywords: data, employee, malware, work place

Procedia PDF Downloads 357

Authors: Sayed A. Elsayed, Emad Z. Ibrahim, Osama M. Mesalhy, Mohamed A. Abdelatief

Abstract:

An experimental and numerical study has been conducted to clarify fluid flow characteristics and pressure drop distributions of a cross-flow heat exchanger employing staggered wing-shaped tubes at different angels of attack. The water-side Rew and the air-side Rea were at 5 x 102 and at from 1.8 x 103 to 9.7 x 103, respectively. Three cases of the tubes arrangements with various angles of attack, row angles of attack and 90° cone angles were employed at the considered Rea range. Correlation of pressure drop coefficient Pdc in terms of Rea, design parameters for the studied cases were presented. The flow pattern around the staggered wing-shaped tubes bundle were predicted by using commercial CFD FLUENT 6.3.26 software package. Results indicated that the values of Pdc were increased by increasing the angle of attack from 0° to 45°, while the opposite was true for angles of attack from 135° to 180°. Comparisons between the experimental and numerical results of the present study and those, previously, obtained for similar available studies showed good agreements.

Keywords: wing-shaped tubes, cross-flow cooling, staggered arrangement, CFD

Procedia PDF Downloads 334

Authors: Jihen Bennaceur, Wissem Zouaghi, Ali Mabrouk

Abstract:

The major aim of cyber threat intelligence (CTI) is to provide sophisticated knowledge about cybersecurity threats to ensure internal and external safeguards against modern cyberattacks. Inaccurate, incomplete, outdated, and invaluable threat intelligence is the main problem. Therefore, data analysis based on AI algorithms is one of the emergent solutions to overcome the threat of information-sharing issues. In this paper, we propose a supervised machine learning-based algorithm to improve threat information sharing by providing a sophisticated classification of cyber threats and data. Extensive simulations investigate the accuracy, precision, recall, f1-score, and support overall to validate the designed algorithm and to compare it with several supervised machine learning algorithms.

Keywords: threat information sharing, supervised learning, data classification, performance evaluation

Procedia PDF Downloads 114

Authors: Andi Intan Purnamasari, Supriyadi, Sulbadana, Aminuddin Kasim

Abstract:

Law functions as social control. Providing arrangements not only for legal certainty, but also in the scope of justice and expediency. The three values ​​achieved by law essentially function to bring comfort to each individual in carrying out daily activities. However, it is undeniable that global conditions have changed the orientation of people's lifestyles. Some people want to ensure their existence in the digital world which is popularly known as the metaverse. Some countries even project their city to be a metaverse city. The order of life is no longer limited to the real space, but also to the cyber world. Not infrequently, legal events that occur in the cyber world also force the law to position its position and even prevent crime in cyberspace. Through this research, conceptually it provides a view of the legal position in crime prevention in the Metaverse world. when the law acts to regulate the situation in the virtual world, of course some people will feel disturbed, this is due to the thought that the virtual world is a world in which an avatar can do things that cannot be done in the real world, or can be called a world without boundaries. Therefore, when the law is present to provide boundaries, of course the concept of the virtual world itself becomes no longer a cyber world that is not limited by space and time, it becomes a new order of life. approach, approach, approach, approach, and approach will certainly be the method used in this research.

Keywords: crime, cyber, metaverse, law

Procedia PDF Downloads 119

Authors: Haydar Teymourlouei

Abstract:

Cybersecurity is one of the greatest challenges society faces in an age revolving around technological development. With cyber-attacks on the continuous rise, the nation needs to understand and learn ways that can prevent such attacks. A major contribution that can change the education system is to implement laboratories and competitions into academia. This method can improve and educate students with more hands-on exercises in a highly motivating setting. Considering the fact that students are the next generation of the nation’s workforce, it is important for students to understand concepts not only through books, but also through actual hands-on experiences in order for them to be prepared for the workforce. An effective cybersecurity education system is critical for creating a strong cyber secure workforce today and for the future. This paper emphasizes the need for awareness and the need for competitions and cybersecurity laboratories to be implemented into the education system.

Keywords: awareness, competition, cybersecurity, laboratories, workforce

Procedia PDF Downloads 308

Authors: Jian Xu, Xiaochun Yun, Yongzheng Zhang, Yafei Sang, Zhenyu Cheng

Abstract:

Network attack prevention is a critical research area of information security. Network attack would be oppressed if attribution techniques are capable to trace back to the attackers after the hacking event. Therefore attributing these attacks to a particular identification becomes one of the important tasks when analysts attempt to differentiate and profile the attacker behind a piece of attack trace. To assist analysts in expose attackers behind the scenes, this paper researches on the connections between attribution traces and proposes probabilistic relevance based attribution patterns. This method facilitates the evaluation of the plausibility relevance between different traceable identifications. Furthermore, through analyzing the connections among traces, it could confirm the existence probability of a certain organization as well as discover its affinitive partners by the means of drawing relevance matrix from attribution traces.

Keywords: attribution trace, probabilistic relevance, network attack, attacker identification

Procedia PDF Downloads 329

Authors: Yosr Ghozzi

Abstract:

The Cyber-Physical Systems terminology has been well received by the industrial community and specifically appropriated in educational settings. Indeed, our latest educational activities are based on the development of experimental platforms on an industrial scale. In fact, we built a collaborative learning model because of an international market study that led us to place ourselves at the heart of this technology. To align with these findings, a competency-based approach study was conducted, and program content was revised by reflecting the projectbased approach. Thus, this article deals with the development of educational devices according to a generated curriculum and specific educational activities while respecting the repository of skills adopted from what constitutes the educational cyber-physical production systems and the laboratories that are compliant and adapted to them. The implementation of these platforms was systematically carried out in the school's workshops spaces. The objective has been twofold, both research and teaching for the students in mechatronics and logistics of the electromechanical department. We act as trainers and industrial experts to involve students in the implementation of possible extension systems around multidisciplinary projects and reconnect with industrial projects for better professional integration.

Keywords: education 4.0, competency-based learning, teaching factory, project-based learning, cyber-physical systems, industry 4.0

Procedia PDF Downloads 68

Authors: Sultan Alanazi, Adwan Alanazi

Abstract:

Social applications consist of powerful tools that allow people to connect and interact with each other. However, its negative use cannot be ignored. Cyberbullying is a new and serious Internet problem. Cyberbullying is one of the most common risks for teenagers to go online. More than half of young people report that they do not tell their parents when this will occur, which can have significant physiological consequences. Cyberbullying involves the deliberate use of digital media on the Internet to convey false or embarrassing information about others. Therefore, this article provides a way to detect cyber-bullying in social media applications for parents. The purpose of our work is to develop an architectural model for identifying and measuring the state of Cyberbullying faced by children on social media applications. For parents, this will be a good tool for monitoring their children without invading their privacy. Finally, some interesting open-ended questions were raised, suggesting promising ideas for starting new research in this new field.

Keywords: cyberbullying, cyber bullying, internet crimes, social media security, E-crimes

Procedia PDF Downloads 113

Authors: Shahryar Eslamitabar

Abstract:

Currently, the internet plays an important role in the various scientific, commercial and service practices. Thanks to information and communication technology, the healthcare industry via the internet, generally known as cyber-medicine, can offer professional medical service in a wider geographical area. Having some appealing benefits such as convenience in offering healthcare services, improved accessibility to the services, enhanced information exchange, cost-effectiveness, time-saving, etc. Tele-health has increasingly developed innovative models of healthcare delivery. However, it presents many potential hazards to cyber-patients, inherent in the use of the system. First, there are legal issues associated with the communication and transfer of information on the internet. These include licensure, malpractice, liabilities and jurisdictions as well as privacy, confidentiality and security of personal data as the most important challenge brought about by this system. Additional items of concern are technological and ethical. Although, there are some rules to deal with pitfalls associated with cyber-medicine practices in the USA and some European countries, yet for all developments, it is being practiced in a legal vacuum in many countries. In addition to the domestic legislations to deal with potential problems arisen from the system, it is also imperative that some international or regional agreement should be developed to achieve the harmonization of laws among countries and states. This article discusses some implications posed by the practice of cyber-medicine in the healthcare system according to the experience of some developed countries using a comparative study of laws. It will also review the status of tele-health laws in Iran. Finally, it is intended to pave the way to outline a plan for countries like Iran, with newly-established judicial system for health laws, to develop appropriate regulations through providing some recommendations.

Keywords: tele-health, cyber-medicine, telemedicine, criminal laws, legislations, time-saving

Procedia PDF Downloads 631

Authors: Zheni S. Stefanova, Kandethody M. Ramachandran

Abstract:

With the increasing dependency on our computer devices, we face the necessity of adequate, efficient and effective mechanisms, for protecting our network. There are two main problems that Intrusion Detection Systems (IDS) attempt to solve. 1) To detect the attack, by analyzing the incoming traffic and inspect the network (intrusion detection). 2) To produce a prompt response when the attack occurs (intrusion prevention). It is critical creating an Intrusion detection model that will detect a breach in the system on time and also challenging making it provide an automatic and with an acceptable delay response at every single stage of the monitoring process. We cannot afford to adopt security measures with a high exploiting computational power, and we are not able to accept a mechanism that will react with a delay. In this paper, we will propose an intrusion response mechanism that is based on artificial intelligence, and more precisely, reinforcement learning techniques (RLT). The RLT will help us to create a decision agent, who will control the process of interacting with the undetermined environment. The goal is to find an optimal policy, which will represent the intrusion response, therefore, to solve the Reinforcement learning problem, using a Q-learning approach. Our agent will produce an optimal immediate response, in the process of evaluating the network traffic.This Q-learning approach will establish the balance between exploration and exploitation and provide a unique, self-learning and strategic artificial intelligence response mechanism for IDS.

Keywords: cyber security, intrusion prevention, optimal policy, Q-learning

Procedia PDF Downloads 203

Authors: Se-Han Lee, Kwang-Woo Go, Gwang-Hyun Ahn, Hee-Sung Park, Cheol-Kyu Han, Jun-Bo Shim, Geun-Chul Kang, Hyun-Jung Lee

Abstract:

In recent years, with the advent of smart cars and the expansion of the market, the announcement of 'Adventures in Automotive Networks and Control Units' at the DEFCON21 conference in 2013 revealed that cars are not safe from hacking. As a result, the HEAVENS model considering not only the functional safety of the vehicle but also the security has been suggested. However, the HEAVENS model only presents a simple process, and there are no detailed procedures and activities for each process, making it difficult to apply it to the actual vehicle security vulnerability check. In this paper, we propose an automated attack database that systematically summarizes attack vectors, attack types, and vulnerable vehicle models to prepare for various car hacking attacks, and data flow diagrams that can detect various vulnerabilities and suggest a way to materialize the HEAVENS model.

Keywords: automotive security, HEAVENS, car hacking, security model, information security

Procedia PDF Downloads 323

Authors: Francesco Lubrano, Fabrizio Bertone, Federico Stirano

Abstract:

Modern societies strongly depend on Critical Infrastructures (CI). Hospitals, power supplies, water supplies, telecommunications are just few examples of CIs that provide vital functions to societies. CIs like hospitals are very complex environments, characterized by a huge number of cyber and physical systems that are becoming increasingly integrated. Ensuring a high level of security within such critical infrastructure requires a deep knowledge of vulnerabilities, threats, and potential attacks that may occur, as well as defence and prevention or mitigation strategies. The possibility to remotely monitor and control almost everything is pushing the adoption of network-connected devices. This implicitly introduces new threats and potential vulnerabilities, posing a risk, especially to those devices connected to the Internet. Modern medical devices used in hospitals are not an exception and are more and more being connected to enhance their functionalities and easing the management. Moreover, hospitals are environments with high flows of people, that are difficult to monitor and can somehow easily have access to the same places used by the staff, potentially creating damages. It is therefore clear that physical and cyber threats should be considered, analysed, and treated together as cyber-physical threats. This means that an integrated approach is required. SAFECARE, an integrated cyber-physical security solution, tries to respond to the presented issues within healthcare infrastructures. The challenge is to bring together the most advanced technologies from the physical and cyber security spheres, to achieve a global optimum for systemic security and for the management of combined cyber and physical threats and incidents and their interconnections. Moreover, potential impacts and cascading effects are evaluated through impact propagation models that rely on modular ontologies and a rule-based engine. Indeed, SAFECARE architecture foresees i) a macroblock related to cyber security field, where innovative tools are deployed to monitor network traffic, systems and medical devices; ii) a physical security macroblock, where video management systems are coupled with access control management, building management systems and innovative AI algorithms to detect behavior anomalies; iii) an integration system that collects all the incoming incidents, simulating their potential cascading effects, providing alerts and updated information regarding assets availability.

Keywords: cyber security, defence strategies, impact propagation, integrated security, physical security

Procedia PDF Downloads 140

Authors: Zain Khalid

Abstract:

The paper outlines the trends of cyber financial crimes and frauds – approximating upto – in Pakistan after the enactment of The Prevention of Electronic Crimes Act in 2016. The paper elaborates on the newer methods that fraudsters have adopted after tighter preventive and counter measures were employed in Pakistan partly as a result of following the international finance related commitments, particularly the FATF regulations. The paper adopts case studies methods to highlight various aspects of the financial frauds and crimes committed and later investigated jointly by Pakistan’s one of the federal law enforcement agencies, the Federal Investigation Agency, and Mobilink Microfinance Bank , Pakistan’s premier microfinance bank. It additionally enriches the data through expert interviews – with crime investigators and the experts to carry out an in-depth analysis of the various factors involving the crime. This paper emphasizes the structural and situational factors that shape up the cyber financial crimes in Pakistan vis-à-vis digital illiteracy and lack of awareness among the users of financial services. This paper, thus, on the basis of findings and expert interviews, suggests policy reforms to reduce the instances of the financial crimes, especially in the remotest areas of the country.

Keywords: financial crimes, cyber crimes, digital literacy, terrorism financing, banking sector

Procedia PDF Downloads 54

Authors: Nishit L. Sanil, Raza M. Khan

Abstract:

Increasing lift effectively at higher angles of attack has always been a daunting challenge in aviation especially on a delta wing. These are used on military jet fighter planes and has some undesirable characteristics, notably flow separation at high angles of attack and high drag at low speeds. In order to solve this problem, a design modification is modeled on a delta wing which would increase the lift so that we can improve maneuverability. To attain an increase in the lift of a 65 degree delta wing at higher angles of attack, a step-wise discontinuity is created at the upper surface of the delta wing. A normal delta wing is validated for comparison which would thereby give us a measure of flow separation and coefficient of lift affected by the modification. The results obtained deliver a significant increase in lift at higher angles of attack thereby delaying stall. Hence the benefits of the modification would aid the potential designs of aircraft’s in the time to come.

Keywords: coefficient of lift, delta wing, flow separation, step-wise discontinuity

Procedia PDF Downloads 275

Authors: Azita Ramezani, Atousa Ramezani

Abstract:

In the ever-escalating landscape of windows malware the necessity for pioneering defense strategies turns into undeniable this study introduces an avant-garde approach fusing the capabilities of clustering random forests and support vector machines SVM to combat the intricate web of cyber threats our fusion model triumphs with a staggering accuracy of 98.67 and an equally formidable f1 score of 98.68 a testament to its effectiveness in the realm of windows malware defense by deciphering the intricate patterns within malicious code our model not only raises the bar for detection precision but also redefines the paradigm of cybersecurity preparedness this breakthrough underscores the potential embedded in the fusion of diverse analytical methodologies and signals a paradigm shift in fortifying against the relentless evolution of windows malicious threats as we traverse through the dynamic cybersecurity terrain this research serves as a beacon illuminating the path toward a resilient future where innovative fusion models stand at the forefront of cyber threat defense.

Keywords: fusion models, cyber threat defense, windows malware, clustering, random forests, support vector machines (SVM), accuracy, f1-score, cybersecurity, malicious code detection

Procedia PDF Downloads 36

Authors: Amal Hussain Alkhaiwani, Ghadah Abdullah Almalki

Abstract:

Recently human errors have increasingly become a very high factor in security breaches that may affect confidential data, and most of the cyber data breaches are caused by human errors. With one individual mistake, the attacker will gain access to the entire network and bypass the implemented access controls without any immediate detection. Unaware employees will be vulnerable to any social engineering cyber-attacks. Providing security awareness to People is part of the company protection process; the cyber risks cannot be reduced by just implementing technology; the human awareness of security will significantly reduce the risks, which encourage changes in staff cyber-awareness. In this paper, we will focus on Human Awareness, human needs to continue the required security education level; we will review human errors and introduce a proposed solution to avoid the breach from occurring again. Recently Saudi Arabia faced many attacks with different methods of social engineering. As Saudi Arabia has become a target to many countries and individuals, we needed to initiate a defense mechanism that begins with awareness to keep our privacy and protect the confidential data against possible intended attacks.

Keywords: cybersecurity, human aspects, human errors, human mistakes, security awareness, Saudi Arabia, security program, security education, social engineering

Procedia PDF Downloads 125

Authors: Sergio N. P. Laitón, Paulo G. P. Toro, João F. Martos

Abstract:

A numerical study has been carried out to investigate the flow characteristics and performance of the 14-X B inlet with blunted cowl-lip. The Brazilian aerospace hypersonic vehicle 14-X B is a technology demonstrator of a hypersonic air-breathing propulsion system, based on supersonic combustion ramjet (scramjet). It is designed for Earth's atmospheric flight at Mach number of 6 and an altitude of 30 km. Currently, it is under development in the aerothermodynamics and hypersonic Professor Henry T. Nagamatsu laboratory at Advanced Studies Institute (IEAv). Numerical simulations were conducted at nominal freestream Mach number and altitude for two cowl-lip blunting radius and several angles of attack close to horizontal flight. The results show that the shock interference behavior on the blunted cowl-lip change with the angle of attack and blunted radius. The type VI or V together with III shock interferences are more likely to occur simultaneously at small negative angles of attack. When the inlet operates in positive angles of attack higher to 1, no shock interference occurs, only the bow shock conditions. The results indicate a high air pressure at beginning of the combustor and higher pressure recovery with 2 mm radius and positives angles of attack.

Keywords: blunted cowl-lip, hypersonic inlet, inlet unstart, shock interference

Procedia PDF Downloads 292

Authors: M. Dinesh, V. Kenny Mark, Dharni Vasudhevan Venkatesan, B. Santhosh Kumar, R. Sree Radesh, V. R. Sanal Kumar

Abstract:

Comprehensive numerical studies have been carried out to examine the best aerodynamic performance of subsonic aircraft at different winglet cant angles using a validated 3D k-ω SST model. In the parametric analytical studies, NACA series of airfoils are selected. Basic design of the winglet is selected from the literature and flow features of the entire wing including the winglet tip effects have been examined with different cant angles varying from 150 to 600 at different angles of attack up to 140. We have observed, among the cases considered in this study that a case with 150 cant angle the aerodynamics performance of the subsonic aircraft during takeoff was found better up to an angle of attack of 2.80 and further its performance got diminished at higher angles of attack. Analyses further revealed that increasing the winglet cant angle from 150 to 600 at higher angles of attack could negate the performance deterioration and additionally it could enhance the peak CL/CD on the order of 3.5%. The investigated concept of variable-cant-angle winglets appears to be a promising alternative for improving the aerodynamic efficiency of aircraft.

Keywords: aerodynamic efficiency, cant angle, drag reduction, flexible winglets

Procedia PDF Downloads 496