Search results for: malware attacks

Authors: Mohammad Abdallah

Abstract:

Due to the constant increase in terrorist attacks, the research and engineering communities have given significant attention to building performance under explosions. This paper presents a methodology for studying and simulating the dynamic responses of steel structures during external detonations, particularly for accurately investigating the impact of incrementing charge weight on the members total behavior, resistance and failure. Prediction damage method was introduced to evaluate the damage level of the steel members based on five scenarios of explosions. Johnson–Cook strength and failure model have been used as well as ABAQUS finite element code to simulate the explicit dynamic analysis, and antecedent field tests were used to verify the acceptance and accuracy of the proposed material strength and failure model. Based on the structural response, evaluation criteria such as deflection, vertical displacement, drift index, and damage level; the obtained results show the vulnerability of steel columns and un-braced steel frames which are designed and optimized to carry dead and live load to resist and endure blast loading.

Keywords: steel structure, blast load, terrorist attacks, charge weight, damage level

Procedia PDF Downloads 340

Authors: Skiker Kaoutar, Mounir Maouene

Abstract:

Neuroimaging studies have shown that animal and tool concepts rely on distinct networks of brain areas. Animal concepts depend predominantly on temporal areas while tool concepts rely on fronto-temporo-parietal areas. However, the origin of this neurofunctional distinction for processing animal and tool concepts remains still unclear. Here, we address this question from a network perspective suggesting that the neural distinction between animals and tools might reflect the differences in their structural semantic networks. We build semantic networks for animal and tool concepts derived from Mc Rae and colleagues’s behavioral study conducted on a large number of participants. These two networks are thus analyzed through a large number of graph theoretical measures for small-worldness: centrality, clustering coefficient, average shortest path length, as well as resistance to random and targeted attacks. The results indicate that both animal and tool networks have small-world properties. More importantly, the animal network is more vulnerable to targeted attacks compared to the tool network a result that correlates with brain lesions studies.

Keywords: animals, tools, network, semantics, small-world, resilience to damage

Procedia PDF Downloads 508

Authors: R. Rama Kishore, Sunesh

Abstract:

This paper presents an optimized, robust, and secured watermarking technique. The methodology used in this work is the combination of entropy and chaotic grid map. The proposed methodology incorporates Discrete Cosine Transform (DCT) on the host image. To improve the imperceptibility of the method, the host image DCT blocks, where the watermark is to be embedded, are further optimized by considering the entropy of the blocks. Chaotic grid is used as a key to reorder the DCT blocks so that it will further increase security while selecting the watermark embedding locations and its sequence. Without a key, one cannot reveal the exact watermark from the watermarked image. The proposed method is implemented on four different images. It is concluded that the proposed method is giving better results in terms of imperceptibility measured through PSNR and found to be above 50. In order to prove the effectiveness of the method, the performance analysis is done after implementing different attacks on the watermarked images. It is found that the methodology is very strong against JPEG compression attack even with the quality parameter up to 15. The experimental results are confirming that the combination of entropy and chaotic grid map method is strong and secured to different image processing attacks.

Keywords: digital watermarking, discreate cosine transform, chaotic grid map, entropy

Procedia PDF Downloads 219

Authors: Ossama Al-Maliki

Abstract:

Europay, MasterCard, and Visa (EMV) is one of the most popular payment protocol in the world. The EMV protocol supports Chip and PIN Transactions, Chip and Signature transactions, and Contactless transactions. This protocol suffers from tens of £ millions of lost per year due to many fraudulent payments. This is due to several reported vulnerable points in the protocols used for such payments that allow skimming, replay, cloning, Mole Point of Sale (POS), relay, and other attacks to be conducted. In this paper, we are focusing on the EMV contactless specification and we have proposed two proposal solutions to the addition of a localization factor to enhance the payment authentication of such transactions designed to prevent relay, cloning, and Mole-POS attacks. Our proposed solution is a back-end localization scheme to help the Issuer-Bank compare the location of the genuine cardholder in relation to the used POS. Our scheme uses 'something you have' which is the Cardholder Smartphone (CSP) to provide the location of the cardholder at the time of the transaction and without impacting the contactless payment time/protocol. The Issuer-bank obtain the CSP Location using tried and tested localization techniques, and independently of the cardholder. Both of our proposal solutions do not require infrastructure changes, and it uses existing EMV/SP protocol messages to communicate our scheme information.

Keywords: NFC, RFID, contactless card, authentication, location, EMV

Procedia PDF Downloads 217

Authors: Faik Derya Ince, Ugur Topgul, Alp Gunay, Can Bayoglu, Dante J. Dorantes-Gonzalez

Abstract:

Explosive attacks are arguably the most lethal threat that may occur in terrorist attacks. In order to counteract this issue, explosive ordnance disposal operators put their lives on the line to dispose of a possible improvised explosive device. Robots can make the disposal process more accurately and saving human lives. For this purpose, there is a demand for more accurate and dexterous manipulating robotic hands that can be teleoperated from a distance. The aim of this project is to design a robotic hand that contains two active and two passive DOF for each finger, as well as a minimum set of tools for mechanical cutting and screw driving within the same robotic hand. Both hand and toolset, are teleoperated from a distance from a haptic robotic glove in order to manipulate dangerous objects such as improvised explosive devices. SolidWorks® Computer-Aided Design, computerized dynamic simulation, and MATLAB® kinematic and static analysis were used for the robotic hand and toolset design. Novel, dexterous and robust solutions for the fingers were obtained, and six servo motors are used in total to remotely control the multi-tooled robotic hand. This project is still undergoing and presents currents results. Future research steps are also presented.

Keywords: Explosive Manipulation, Robotic Hand, Tele-Operation, Tool Integration

Procedia PDF Downloads 111

Authors: Vimala Rani P, Narasimha Malikarjunan, Mercy Shalinie S

Abstract:

Data Networking was brought forth as an instantiation of information-centric networking. The attackers can send a colossal number of spoofs to take hold of the Pending Interest Table (PIT) named an Interest Flooding attack (IFA) since the in- interests are recorded in the PITs of the intermediate routers until they receive corresponding Data Packets are go beyond the time limit. These attacks can be detrimental to network performance. PIT expiration rate or the Interest satisfaction rate, which cannot differentiate the IFA from attacks, is the criterion Traditional IFA detection techniques are concerned with. Threshold values can casually affect Threshold-based traditional methods. This article proposes an accurate IFA detection mechanism based on a Multiple Feature-based Extreme Learning Machine (MF-ELM). Accuracy of the attack detection can be increased by presenting the entropy of Internet names, Interest satisfaction rate and PIT usage as features extracted in the MF-ELM classifier. Furthermore, we deploy a queue-based hostile Interest prefix mitigation mechanism. The inference of this real-time test bed is that the mechanism can help the network to resist IFA with higher accuracy and efficiency.

Keywords: information-centric network, pending interest table, interest flooding attack, MF-ELM classifier, queue-based mitigation strategy

Procedia PDF Downloads 178

Authors: M. Moslehpour, S. Khorsandi

Abstract:

Due to shortage in IPv4 addresses, transition to IPv6 has gained significant momentum in recent years. Like Address Resolution Protocol (ARP) in IPv4, Neighbor Discovery Protocol (NDP) provides some functions like address resolution in IPv6. Besides functionality of NDP, it is vulnerable to some attacks. To mitigate these attacks, Internet Protocol Security (IPsec) was introduced, but it was not efficient due to its limitation. Therefore, SEND protocol is proposed to automatic protection of auto-configuration process. It is secure neighbor discovery and address resolution process. To defend against threats on NDP’s integrity and identity, Cryptographically Generated Address (CGA) and asymmetric cryptography are used by SEND. Besides advantages of SEND, its disadvantages like the computation process of CGA algorithm and sequentially of CGA generation algorithm are considerable. In this paper, we parallel this process between network resources in order to improve it. In addition, we compare the CGA generation time in self-computing and distributed-computing process. We focus on the impact of the malicious nodes on the CGA generation time in the network. According to the result, although malicious nodes participate in the generation process, CGA generation time is less than when it is computed in a one-way. By Trust Management System, detecting and insulating malicious nodes is easier.

Keywords: NDP, IPsec, SEND, CGA, modifier, malicious node, self-computing, distributed-computing

Procedia PDF Downloads 258

Authors: Abass Braimah, Maha Hussein Abdallah

Abstract:

The global ascendancy of terrorist attacks on building infrastructure with economic and heritage significance has increased awareness of the possibility of terrorism in Canada. Many structures in Canada that are at risk of terrorist attacks include government buildings, built many years ago of historic stone masonry construction. Although many researchers are investigating ways to retrofit masonry stone buildings to mitigate the effect of blast loadings, lack of knowledge on the dynamic behavior of historic stone masonry structures under blast loads makes it difficult to ascertain the effectiveness of the retrofitting techniques. This paper presents a review of open-source literature for the experimental and numerical stone masonry structures under blast loads. This review yielded very little information of the response of the historic stone masonry structures under blast loads. Thus, a comprehensive study is needed to understand the blast load effects on historic stone masonry buildings. The out-of-plane response of historic masonry structures to blast loads is investigated by using single-degree-of-freedom analysis. This approach presents equations that can be used effectively in the analysis of historic masonry walls to out-of-plane blast loading.

Keywords: blast loads, historical buildings, masonry structure, single-degree-of-freedom analysis

Procedia PDF Downloads 145

Authors: Maryam Vaezi

Abstract:

In this study, the Functional Theory of Political Campaign Discourse has been applied in order to investigate the 2016 Clinton-Trump presidential debates. All three kinds of utterances (acclaims, attacks, and defenses) were produced by the candidates supporting the usefulness of the Functional Theory of Political Campaign Discourse for the analysis of the presidential debates as a type of political discourse. Attacks comprised 45% of the candidates’ utterances, followed by acclaims at 33%; defenses were the least common function at 22%. The candidate from the Democratic Party, Hillary Clinton, acclaimed more, whereas the Republican Party presidential candidate, Donald Trump, attacked more. Simple denial was the most common form of defense used by the candidates. Both candidates directed more of their utterances to policy (past deeds, future plans, and general goals) than character (personal qualities, leadership abilities, and ideals). Analyzing debates in terms of the functions performed by the candidates to increase their desirability and chance of winning the election, can lead to a better understanding of these significant political events as well as other forms of political discourse.

Keywords: acclaim, attack, defend, character, Democratic Party, Donald Trump, Hillary Clinton, policy, presidential debates, Republican Party

Procedia PDF Downloads 299

Authors: Sukhleen Kaur

Abstract:

In security groundwork, Intrusion Detection System (IDS) has become an important component. The IDS has received increasing attention in recent years. IDS is one of the effective way to detect different kinds of attacks and malicious codes in a network and help us to secure the network. Data mining techniques can be implemented to IDS, which analyses the large amount of data and gives better results. Data mining can contribute to improving intrusion detection by adding a level of focus to anomaly detection. So far the study has been carried out on finding the attacks but this paper detects the malicious files. Some intruders do not attack directly, but they hide some harmful code inside the files or may corrupt those file and attack the system. These files are detected according to some defined parameters which will form two lists of files as normal files and harmful files. After that data mining will be performed. In this paper a hybrid classifier has been used via Naive Bayes and Ripper classification methods. The results show how the uploaded file in the database will be tested against the parameters and then it is characterised as either normal or harmful file and after that the mining is performed. Moreover, when a user tries to mine on harmful file it will generate an exception that mining cannot be made on corrupted or harmful files.

Keywords: data mining, association, classification, clustering, decision tree, intrusion detection system, misuse detection, anomaly detection, naive Bayes, ripper

Procedia PDF Downloads 391

Authors: Beenish Urooj, Ubaid Ullah, Sidra Riasat

Abstract:

National Testing Service-Pakistan (NTS) is an agency in Pakistan that conducts student success appraisal examinations. In this research paper, we must present a security model for the NTS organization. The security model will depict certain security countermeasures for a better defense against certain types of breaches and system malware. We will provide a security roadmap, which will help the company to execute its further goals to maintain security standards and policies. We also covered multiple aspects in securing the environment of the organization. We introduced the processes, architecture, data classification, auditing approaches, survey responses, data handling, and also training and awareness of risk for the company. The primary contribution is the Risk Survey, based on the maturity model meant to assess and examine employee training and knowledge of risks in the company's activities.

Keywords: NTS, risk assessment, threat factors, security, services

Procedia PDF Downloads 46

Authors: Georgi Bebrov, Rozalina Dimova

Abstract:

In the field of quantum secure communication, there is no evaluation that characterizes quantum secure communication (QSC) protocols in a complete, general manner. The current paper addresses the problem concerning the lack of such an evaluation for QSC protocols by introducing an optimality evaluation, which is expressed as the average over the three main parameters of QSC protocols: efficiency, security, and practicality. For the efficiency evaluation, the common expression of this parameter is used, which incorporates all the classical and quantum resources (bits and qubits) utilized for transferring a certain amount of information (bits) in a secure manner. By using criteria approach whether or not certain criteria are met, an expression for the practicality evaluation is presented, which accounts for the complexity of the QSC practical realization. Based on the error rates that the common quantum attacks (Measurement and resend, Intercept and resend, probe attack, and entanglement swapping attack) induce, the security evaluation for a QSC protocol is proposed as the minimum function taken over the error rates of the mentioned quantum attacks. For the sake of clarity, an example is presented in order to show how the optimality is calculated.

Keywords: quantum cryptography, quantum secure communcation, quantum secure direct communcation security, quantum secure direct communcation efficiency, quantum secure direct communcation practicality

Procedia PDF Downloads 153

Authors: Stephen Hamafyelto, Hussaini Garba, Mary Pindar Ndahi

Abstract:

The study was carried out with the intent to mitigate the trauma experienced by victims of insurgent attacks by the so-called Boko Haram militants in Borno state of Nigeria. The area was ridden by the crisis over the past 9 years. As a result, many people were killed, maimed and raped. Some others suffered all manner of inhuman treatment at the hands of their captors. The extent to which this dehumanized treatment has gone and impacted on the people in this area has left most of them traumatised. Victims who survived the attacks have been resettled in camps provided by government where their needs have been cared for. This can never be the same with their natural habitats. Many interventions have also been done by government, non-governmental organisations and corporate and individual bodies. In this regard, social needs of the victims have been the immediate concerns of most organisations, where food, shelter, and clothing were provided. However, there is little that has been done to rehabilitate these victims psychosocially. In this regard, sports and games including the victims’ local games were used to provide psychosocial rehabilitation of victims. The intent was to bring them back to social reality, social inclusion, and stable emotions and peer integration. Descriptive statistics and Multivariate analysis were done. No statistically significant difference was found among male and female children and adults in terms of psychosocial rehabilitation using sports and games.

Keywords: social reality, social inclusion, emotional intellegence, peer model

Procedia PDF Downloads 179

Authors: Ghodhbani Salah, Jemili Farah

Abstract:

With the growth of cyber attacks, information safety has become an important issue all over the world. Many firms rely on security technologies such as intrusion detection systems (IDSs) to manage information technology security risks. IDSs are considered to be the last line of defense to secure a network and play a very important role in detecting large number of attacks. However the main problem with today’s most popular commercial IDSs is generating high volume of alerts and huge number of false positives. This drawback has become the main motivation for many research papers in IDS area. Hence, in this paper we present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by an IDS and increase detection accuracy. Our data mining technique is unsupervised clustering method based on hybrid ANT algorithm. This algorithm discovers clusters of intruders’ behavior without prior knowledge of a possible number of classes, then we apply K-means algorithm to improve the convergence of the ANT clustering. Experimental results on real dataset show that our proposed approach is efficient with high detection rate and low false alarm rate.

Keywords: intrusion detection system, alarm filtering, ANT class, ant clustering, intruders’ behaviors, false alarms

Procedia PDF Downloads 379

Authors: Mohamed Rasslan, Doaa Abdelrahman, Mahmoud M. Nasreldin, Ghada Farouk, Heba K. Aslan

Abstract:

Blockchain is a distributed database that endorses transparency while bitcoin is a decentralized cryptocurrency (electronic cash) that endorses anonymity and is powered by blockchain technology. Smart contracts are programs that are stored on a blockchain. Smart contracts are executed when predetermined conditions are fulfilled. Smart contracts automate the agreement execution in order to make sure that all participants immediate-synchronism of the outcome-certainty, without any intermediary's involvement or time loss. Currently, the Bitcoin market worth billions of dollars. Bitcoin could be transferred from one purchaser to another without the need for an intermediary bank. Network nodes through cryptography verify bitcoin transactions, which are registered in a public-book called “blockchain”. Bitcoin could be replaced by other coins, merchandise, and services. Rapid growing of the bitcoin market-value, encourages its counterparts to make use of its weaknesses and exploit vulnerabilities for profit. Moreover, it motivates scientists to define known vulnerabilities, offer countermeasures, and predict future threats. In his paper, we study blockchain technology and bitcoin from the attacker’s point of view. Furthermore, mitigations for the attacks are suggested, and contemporary security solutions are discussed. Finally, research methods that achieve strict security and privacy protocol are elaborated.

Keywords: Cryptocurrencies, Blockchain, Bitcoin, Smart Contracts, Peer-to-Peer Network, Security Issues, Privacy Techniques

Procedia PDF Downloads 50

Authors: Sri Lakshmi Kanniah, Mohd Naz’ri Mahrin

Abstract:

More and more businesses and services are depending on software to run their daily operations and business services. At the same time, cyber-attacks are becoming more covert and sophisticated, posing threats to software. Vulnerabilities exist in the software due to the lack of security practices during the phases of software development. Implementation of secure software development practices can improve the resistance to attacks. Many methods, models and standards for secure software development have been developed. However, despite the efforts, they still come up against difficulties in their deployment and the processes are not institutionalized. There is a set of factors that influence the successful deployment of secure software development processes. In this study, the methodology and results from a systematic literature review of factors influencing the implementation of secure software development practices is described. A total of 44 primary studies were analysed as a result of the systematic review. As a result of the study, a list of twenty factors has been identified. Some of factors that affect implementation of secure software development practices are: Involvement of the security expert, integration between security and development team, developer’s skill and expertise, development time and communication between stakeholders. The factors were further classified into four categories which are institutional context, people and action, project content and system development process. The results obtained show that it is important to take into account organizational, technical and people issues in order to implement secure software development initiatives.

Keywords: secure software development, software development, software security, systematic literature review

Procedia PDF Downloads 340

Authors: Adam Gorine, Faten Spondon

Abstract:

Python is considered the most popular programming language and offers its own ecosystem for archiving and maintaining open-source software packages. This system is called the python package index (PyPI), the repository of this programming language. Unfortunately, one-third of these software packages have vulnerabilities that allow attackers to execute code automatically when a vulnerable or malicious package is installed. This paper contributes to large-scale empirical studies investigating security issues in the python ecosystem by evaluating package vulnerabilities. These provide a series of implications that can help the security of software ecosystems by improving the process of discovering, fixing, and managing package vulnerabilities. The vulnerable dataset is generated using the NVD, the national vulnerability database, and the Snyk vulnerability dataset. In addition, we evaluated 807 vulnerability reports in the NVD and 3900 publicly known security vulnerabilities in Python Package Manager (pip) from the Snyk database from 2002 to 2022. As a result, many Python vulnerabilities appear in high severity, followed by medium severity. The most problematic areas have been improper input validation and denial of service attacks. A hybrid scanning tool that combines the three scanners bandit, snyk and dlint, which provide a clear report of the code vulnerability, is also described.

Keywords: Python vulnerabilities, bandit, Snyk, Dlint, Python package index, ecosystem, static analysis, malicious attacks

Procedia PDF Downloads 98

Authors: John Hardy

Abstract:

Over the last decade, the increasing utility of extremist narratives to the operational effectiveness of terrorist organizations has been evidenced by the proliferation of inspired or affiliated attacks across the world. Famous examples such as regional al-Qaeda affiliates and the self-styled “Islamic State” demonstrate the effectiveness of leveraging communication technologies to disseminate propaganda, recruit members, and orchestrate attacks. Terrorist organizations with the capacity to harness the communicative power offered by digital communication technologies and effective political narratives have held an advantage over their targets in recent years. Terrorists have leveraged the perceived legitimacy of grass-roots actors to appeal to a global audience of potential supporters and enemies alike, and have wielded a proficiency in profile-raising which remains unmatched by counter terrorism narratives around the world. In contrast, many attempts at propagating official counter-narratives have been received by target audiences as illegitimate, top-down and impersonally bureaucratic. However, the benefits provided by widespread communication and extremist narratives have come at an operational cost. Terrorist organizations now face a significant challenge in protecting their access to communications technologies and authority over the content they create and endorse. The dissemination of effective narratives has emerged as a core function of terrorist organizations with international reach via inspired or affiliated attacks. As such, it has become a critical function which can be targeted by intelligence and security forces. This study applies network targeting principles which have been used by coalition forces against a range of non-state actors in the Middle East and South Asia to the communicative function of terrorist organizations. This illustrates both a conceptual link between functional targeting and operational disruption in the abstract and a tangible impact on the operational effectiveness of terrorists by degrading communicative ability and legitimacy. Two case studies highlight the utility of applying functional targeting against terrorist organizations. The first case is the targeted killing of Anwar al-Awlaki, an al-Qaeda propagandist who crafted a permissive narrative and effective propaganda videos to attract recruits who committed inspired terrorist attacks in the US and overseas. The second is a series of operations against Islamic State propagandists in Syria, including the capture or deaths of a cadre of high profile Islamic State members, including Junaid Hussain, Abu Mohammad al-Adnani, Neil Prakash, and Rachid Kassim. The group of Islamic State propagandists were linked to a significant rise in affiliated and enabled terrorist attacks and were subsequently targeted by law enforcement and military agencies. In both cases, the disruption of communication between the terrorist organization and recruits degraded both communicative and operational functions. Effective functional targeting on member recruitment and operational tempo suggests that narratives are a critical function which can be leveraged against terrorist organizations. Further application of network targeting methods to terrorist narratives may enhance the efficacy of a range of counter terrorism techniques employed by security and intelligence agencies.

Keywords: countering violent extremism, counter terrorism, intelligence, terrorism, violent extremism

Procedia PDF Downloads 271

Authors: Hailyie Tekleselase

Abstract:

Deep learning is increasingly used as a building block of security systems. However, neural networks are hard to interpret and typically solid to the practitioner. This paper presents a detail survey of computing methods in cyber security, and analyzes the prospects of enhancing the cyber security capabilities by suggests that of accelerating the intelligence of the security systems. There are many AI-based applications used in industrial scenarios such as Internet of Things (IoT), smart grids, and edge computing. Machine learning technologies require a training process which introduces the protection problems in the training data and algorithms. We present machine learning techniques currently applied to the detection of intrusion, malware, and spam. Our conclusions are based on an extensive review of the literature as well as on experiments performed on real enterprise systems and network traffic. We conclude that problems can be solved successfully only when methods of artificial intelligence are being used besides human experts or operators.

Keywords: artificial intelligence, machine learning, deep learning, cyber security, big data

Procedia PDF Downloads 100

Authors: Evy Latifah, Eli Korlina, Hanik Anggraeni, Kuntoro Boga, Joko Mariyono

Abstract:

During the rainy season, the tomato plants are vulnerable to various diseases. A disease that attacks the leaves of tomato plants (foliar diseases) such as late blight (Phytophtora infestans) and spotting bacteria (bacterial spot / Xanthomonas sp.) In addition, there is a disease that attacks the roots such as fusarium and bacterial wilt. If not immediately anticipated, it will decrease the quality and quantity of crop yields. In fact, it can lead to crop failure. The aim of this research is to know the production of tomato grafting by using Timoty and CLN 3024 tomatoes at rain shelter during rainy season in lowland. Data were analyzed using analysis of variance and tested further by Least Significant Difference (LSD) level of 5 %. The parameters measured were plant height (cm), stem diameter (cm), number of fruit space, canopy extended, number of branches, number of productive branches, and the number of stem segments. The results show at the beginning of growth until the end of the treatment without grafting with relative rain shelter displays the highest plant height. This was followed by extensive crop canopy. For tomato grafting and non-grafting using rain shelter able to produce the number of branches and number of productive branches at most. While at the end of the growth in the number of productive branches generated as much. Highest production of tomatoes produced by tomato dig rafting to use the shelter.

Keywords: field trail, wet and dry season, production, diseases, rain shelter

Procedia PDF Downloads 197

Authors: Pubudu K. Hitigala Kaluarachchilage, Champike Attanayake, Sasith Rajasooriya, Chris P. Tsokos

Abstract:

Operating system (OS) security is a key component of computer security. Assessing and improving OSs strength to resist against vulnerabilities and attacks is a mandatory requirement given the rate of new vulnerabilities discovered and attacks occurring. Frequency and the number of different kinds of vulnerabilities found in an OS can be considered an index of its information security level. In the present study five mostly used OSs, Microsoft Windows (windows 7, windows 8 and windows 10), Apple’s Mac and Linux are assessed for their discovered vulnerabilities and the risk associated with each. Each discovered and reported vulnerability has an exploitability score assigned in CVSS score of the national vulnerability database. In this study the risk from vulnerabilities in each of the five Operating Systems is compared. Risk Indexes used are developed based on the Markov model to evaluate the risk of each vulnerability. Statistical methodology and underlying mathematical approach is described. Initially, parametric procedures are conducted and measured. There were, however, violations of some statistical assumptions observed. Therefore the need for non-parametric approaches was recognized. 6838 vulnerabilities recorded were considered in the analysis. According to the risk associated with all the vulnerabilities considered, it was found that there is a statistically significant difference among average risk levels for some operating systems, indicating that according to our method some operating systems have been more risk vulnerable than others given the assumptions and limitations. Relevant test results revealing a statistically significant difference in the Risk levels of different OSs are presented.

Keywords: cybersecurity, Markov chain, non-parametric analysis, vulnerability, operating system

Procedia PDF Downloads 156

Authors: J. Yan, B. Pieper, B. Bucsky, B. Nasseri, S. Klotz, H. H. Sievers, S. Mohamed

Abstract:

Cryoablation is evermore applied for interventional treatment of paroxysmal (PAAF) or persistent atrial fibrillation (PEAF). In the cardiac surgery, this procedure is often combined with coronary arterial bypass graft (CABG) and valve operations. Three different methods are feasible in this sense in respect to practicing extents and mechanisms such as lone left atrial cryoablation, Cox-Maze IV and III in our heart center. 415 patients (68 ± 0.8ys, male 68.2%) with predisposed atrial fibrillation who initially required either coronary or valve operations were enrolled and divided into 3 matched groups according to deployed procedures: CryoLA-group (cryoablation of lone left atrium, n=94); Cox-Maze-IV-group (n=93) and Cox-Maze-III-group (n=8). All patients additionally received closure of the left atrial appendage (LAA) and regularly underwent three-year ambulant follow-up assessments (3, 6, 9, 12, 18, 24, 30 and 36 months). Burdens of atrial fibrillation were assessed directly by means of cardiac monitor (Reveal XT, Medtronic) or of 3-day Holter electrocardiogram. Herewith, attacks frequencies of AF and their circadian patterns were systemically analyzed. Furthermore, anticoagulants and regular rate-/rhythm-controlling medications were evaluated and listed in terms of anti-rate and anti-rhythm regimens. Concerning PAAF treatment, Cox Maze IV procedure provided therapeutically acceptable effect as lone left atrium (LA) cryoablation did (5.25 ± 5.25% vs. 10.39 ± 9.96% AF-burden, p > 0.05). Interestingly, Cox Maze III method presented a better short-term effect in the PEAF therapy in comparison to lone cryoablation of LA and Cox Maze IV (0.25 ± 0.23% vs. 15.31 ± 5.99% and 9.10 ± 3.73% AF-burden within the first year, p < 0.05). But this therapeutic advantage went lost during ongoing follow-ups (26.65 ± 24.50% vs. 8.33 ± 8.06% and 15.73 ± 5.88% in 3rd follow-up year). In this way, lone LA-cryoablation established its antiarrhythmic efficacy and 69.5% patients were released from the Vit-K-antagonists, while Cox Maze IV liberated 67.2% patients from continuous anticoagulant medication. The AF-recurrences mostly performed such attacks property as less than 60min duration for all 3 procedures (p > 0.05). In the sense of the circadian distribution of the recurrence attacks, weighted by ongoing follow-ups, lone LA cryoablation achieved and stabilized the antiarrhythmic effects over time, which was especially observed in the treatment of PEAF, while Cox Maze IV and III had their antiarrhythmic effects weakened progressively. This phenomenon was likewise evaluable in the therapy of circadian rhythm of reverting AF-attacks. Furthermore, the strategy of rate control was much more often applied to support and maintain therapeutic successes obtained than the one of rhythm control. Derived from experiences in our heart center, lone LA cryoablation presented equivalent effects in the treatment of AF in comparison to Cox Maze IV and III procedures. These therapeutic successes were especially investigable in the patients suffering from persistent AF (PEAF). Additional supportive strategies such as rate control regime should be initialized and implemented to improve the therapeutic effects of the cryoablations according to appropriate criteria.

Keywords: AF-burden, atrial fibrillation, cardiac monitor, COX MAZE, cryoablation, Holter, LAA

Procedia PDF Downloads 170

Authors: Walid Abdallah, Noureddine Boudriga

Abstract:

Wireless sensor networks have shown their effectiveness in the deployment of many critical applications especially in the military domain. Border surveillance is one of these applications where a set of wireless sensors are deployed along a country border line to detect illegal intrusion attempts to the national territory and report this to a control center to undergo the necessary measures. Regarding its nature, this wireless sensor network can be the target of many security attacks trying to compromise its normal operation. Particularly, in this application the deployment and location of sensor nodes are of great importance for detecting and tracking intruders. This paper proposes a location-based authentication and key distribution mechanism to secure wireless sensor networks intended for border surveillance where the key establishment is performed using elliptic curve cryptography and identity-based public key scheme. In this scheme, the public key of each sensor node will be authenticated by keys that depend on its position in the monitored area. Before establishing a pairwise key between two nodes, each one of them must verify the neighborhood location of the other node using a message authentication code (MAC) calculated on the corresponding public key and keys derived from encrypted beacon messages broadcast by anchor nodes. We show that our proposed public key authentication and key distribution scheme is more resilient to node capture and node replication attacks than currently available schemes. Also, the achievement of the key distribution between nodes in our scheme generates less communication overhead and hence increases network performances.

Keywords: wireless sensor networks, border surveillance, security, key distribution, location-based

Procedia PDF Downloads 634

Authors: Jyoti Rani, Ashima Anand, Shivendra Shivani

Abstract:

In recent years, physiological signals obtained in telemedicine have been stored independently from patient information. In addition, people have increasingly turned to mobile devices for information on health-related topics. Major authentication and security issues may arise from this storing, degrading the reliability of diagnostics. This study introduces an approach to reversible watermarking, which ensures security by utilizing the electrocardiogram (ECG) signal as a carrier for embedding patient information. In the proposed work, Pan-Tompkins++ is employed to convert the 1D ECG signal into a 2D signal. The frequency subbands of a signal are extracted using RDWT(Redundant discrete wavelet transform), and then one of the subbands is subjected to MSVD (Multiresolution singular valued decomposition for masking. Finally, the encrypted watermark is embedded within the signal. The experimental results show that the watermarked signal obtained is indistinguishable from the original signals, ensuring the preservation of all diagnostic information. In addition, the DnCNN (Denoising convolutional neural network) concept is used to denoise the retrieved watermark for improved accuracy. The proposed ECG signal-based watermarking method is supported by experimental results and evaluations of its effectiveness. The results of the robustness tests demonstrate that the watermark is susceptible to the most prevalent watermarking attacks.

Keywords: ECG, VMD, watermarking, PanTompkins++, RDWT, DnCNN, MSVD, chaotic encryption, attacks

Procedia PDF Downloads 61

Authors: A. V. Popa, C. Barna, V. Mihalache

Abstract:

Being the largest port at the Black Sea and functioning as a civil and military nodal point between Europe and Asia, Constantza Port has become a potential target on the terrorist international agenda. The authors use qualitative research based on both face-to-face and online semi-structured interviews with relevant stakeholders (top decision-makers in the Romanian Naval Authority, Romanian Maritime Training Centre, National Company "Maritime Ports Administration" and military staff) in order to detect potential vulnerabilities which might be exploited by terrorists in the case of Constantza Port. Likewise, this will enable bringing together the experts’ opinions on potential mitigation measures. Subsequently, this paper formulates various counter-terrorism policies to enhance the robustness of Constantza Port under potential terror attacks and connects them with the attributions in the field of critical infrastructure protection conferred by the law to the lead national authority for preventing and countering terrorism, namely the Romanian Intelligence Service. Extending the national counterterrorism efforts to an international level, the authors propose the establishment – among the experts of the NATO member states of the Wider Black Sea Region – of a platform for the exchange of know-how and best practices in the field of critical infrastructure protection.

Keywords: Constantza Port, counter-terrorism policies, critical infrastructure protection, security, Wider Black Sea Region

Procedia PDF Downloads 272

Authors: Nasa'i Muhammad Gwadabe

Abstract:

This study seeks to find the extent to which the old Islamophobic prejudice was tilted towards a more negative direction in the United States following the 9/11 terrorist attacks. It is hypothesized that, the 9/11 attacks in the United States reshaped the old Islamophobic prejudice through the reinforcement of a strong social identity construction of Muslims as “out-group”. The “social identity” and “discourse representation” theories are used as framework for analysis. To test the hypothesis, two categories were created: the prejudice (out-group) and the tolerance (in-group) categories. The Prejudice (out-group) against Muslims category was coded to include six attributes: (Terrorist, Threat, Women's Rights violation, Undemocratic, Backward and Intolerant); while the tolerance (In-group) for Muslims category was also coded to include six attributes: (Peaceful, civilized, educated, partners trustworthy and honest). Data are generated from the archives of three American newspapers: The Los Angeles Times, New York Times and USA Today using specific search terms and specific date range; from 9/11/1996 to 9/11/2006, that is five years before and five years after the 9/11. An aggregate of 20595 articles were generated from the search of the three newspapers throughout the search periods. Conclusively, for both pre and post 9/11 periods, the articles generated under the category of prejudice (out-group) against Muslims revealed a higher frequency, against that of tolerance (in-group) for them, which is lesser. Finally, The comparison between the pre and post 9/11 periods showed that, the increased Prejudice (out-group) against Muslims was most influenced through libeling them as terrorist, which signaled a skyrocketed increase from pre to post 9/11.

Keywords: in-group, Islam, Islamophobia, Muslims, out-group, prejudice, terrorism, the 9/11 and tolerance

Procedia PDF Downloads 276

Authors: N. N. Mosola, K. F. Moeketsi, R. Sehobai, N. Pule

Abstract:

The Internet brings increasing use of Information and Communications Technology (ICT) services and facilities. Consequently, new computing paradigms emerge to provide services over the Internet. Although there are several benefits stemming from these services, they pose several risks inherited from the Internet. For example, cybercrime, identity theft, malware etc. To thwart these risks, this paper proposes a holistic approach. This approach involves multidisciplinary interactions. The paper proposes a top-down and bottom-up approach to deal with cyber security concerns in developing countries. These concerns range from regulatory and legislative areas, cyber awareness, research and development, technical dimensions etc. The main focus areas are highlighted and a cybersecurity model solution is proposed. The paper concludes by combining all relevant solutions into a proposed cybersecurity model to assist developing countries in enhancing a cyber-safe environment to instill and promote a culture of cybersecurity.

Keywords: cybercrime, cybersecurity, computer emergency response team, computer security incident response team

Procedia PDF Downloads 126

Authors: Laura Bishop, Isabel Jones, Linn Halvorsen, Angela Smith

Abstract:

Phishing emails are a form of social engineering where attackers deceive email users into revealing sensitive information or installing malware such as ransomware. Scammers often use persuasion techniques to influence email users to interact with malicious content. This study will use eye-tracking equipment to analyze how participants respond to and process Cialdini’s persuasion principles when utilized within phishing emails. Eye tracking provides insights into what is happening on the subconscious level of the brain that the participant may not be aware of. An experiment is conducted to track participant eye movements, whilst interacting with and then filing a series of persuasive emails delivered at random. Eye tracking metrics will be analyzed in relation to whether a malicious email has been identified as phishing (filed as ‘suspicious’) or not phishing (filed in any other folder). This will help determine the most influential persuasion techniques and those 'areas of interest' within an email that require intervention. The results will aid further research on how to reduce the effects of persuasion on human decision-making when interacting with phishing emails.

Keywords: cybersecurity, human-centric, phishing, psychology

Procedia PDF Downloads 51

Authors: Esther Chiramal, Kelvin Soh Boon Kai

Abstract:

Explainable AI is a strong strategy implemented to understand complex black-box model predictions in a human-interpretable language. It provides the evidence required to execute the use of trustworthy and reliable AI systems. On the other hand, however, it also opens the door to locating possible vulnerabilities in an AI model. Traditional adversarial text attack uses word substitution, data augmentation techniques, and gradient-based attacks on powerful pre-trained Bidirectional Encoder Representations from Transformers (BERT) variants to generate adversarial sentences. These attacks are generally white-box in nature and not practical as they can be easily detected by humans e.g., Changing the word from “Poor” to “Rich”. We proposed a simple yet effective Grey-box cum Black-box approach that does not require the knowledge of the model while using a set of surrogate Transformer/BERT models to perform the attack using Explainable AI techniques. As Transformers are the current state-of-the-art models for almost all Natural Language Processing (NLP) tasks, an attack generated from BERT1 is transferable to BERT2. This transferability is made possible due to the attention mechanism in the transformer that allows the model to capture long-range dependencies in a sequence. Using the power of BERT generalisation via attention, we attempt to exploit how transformers learn by attacking a few surrogate transformer variants which are all based on a different architecture. We demonstrate that this approach is highly effective to generate semantically good sentences by changing as little as one word that is not detectable by humans while still fooling other BERT models.

Keywords: BERT, explainable AI, Grey-box text attack, transformer

Procedia PDF Downloads 112

Authors: Eugene Wong, Felix Chan, Linsey Chen, Joey Cheung

Abstract:

The widespread use of technologies and cyber/digital means for complex maritime operations have led to a sharp rise in global cyber-attacks. They have generated an increasing number of liability disputes, insurance claims, and legal proceedings. An array of antiquated case law, regulations, international conventions, and obsolete contractual clauses drafted in the pre-technology era have become grossly inadequate in addressing the contemporary challenges. This paper offers a critique of the ambiguity of cybersecurity liabilities under the obligation of seaworthiness entailed in the Hague-Visby Rules, which apply either by law in a large number of jurisdictions or by express incorporation into the shipping documents. This paper also evaluates the legal and technological criteria for assessing whether a vessel is properly equipped with the latest offshore technologies for navigation and cargo delivery operations. Examples include computer applications, networks and servers, enterprise systems, global positioning systems, and data centers. A critical analysis of the carriers’ obligations to exercise due diligence in preventing or mitigating cyber-attacks is also conducted in this paper. It is hoped that the present study will offer original and crucial insights to policymakers, regulators, carriers, cargo interests, and insurance underwriters closely involved in dispute prevention and resolution arising from cybersecurity liabilities.

Keywords: seaworthiness, cybersecurity, liabilities, risks, maritime, transport

Procedia PDF Downloads 111