Search results for: vulnerabilities

Authors: Hossein Mohammadi Rouzbahani, Hadis Karimipour, Evan Fraser, Ali Dehghantanha, Emily Duncan, Arthur Green, Conchobhair Russell

Abstract:

Human population growth has driven rising demand for food that has, in turn, imposed huge impacts on the environment. In an effort to reconcile our need to produce more sustenance while also protecting the world’s ecosystems, farming is becoming more reliant on smart tools and communication technologies. Developing a smart farming framework allows farmers to make more efficient use of inputs, thus protecting water quality and biodiversity habitat. Internet of Things (IoT), which has revolutionized every sphere of the economy, is being applied to agriculture by connecting on-farm devices and providing real-time monitoring of everything from environmental conditions to market signals through to animal health data. However, utilizing IoT means farming networks are now vulnerable to malicious activities, mostly when wireless communications are highly employed. With that in mind, this research aims to review different utilized communication technologies in smart farming. Moreover, possible cyber-attacks are investigated to discover the vulnerabilities of communication technologies considering the most frequent cyber-attacks that have been happened.

Keywords: smart farming, Internet of Things, communication layer, cyber-attack

Procedia PDF Downloads 202

Authors: Venkata Venugopal Rao Gudlur

Abstract:

The Proposed Policies referred to as “SOP”, on the Internet of Things (IoT) based Forensic Investigation into Process Management is the latest revolution to save time and quick solution for investigators. The forensic investigation process has been developed over many years from time to time it has been given the required information with no policies in investigation processes. This research reveals that the current IoT based forensic investigation into Process Management based is more connected to devices which is the latest revolution and policies. All future development in real-time information on gathering monitoring is evolved with smart sensor-based technologies connected directly to IoT. This paper present conceptual framework on process management. The smart devices are leading the way in terms of automated forensic models and frameworks established by different scholars. These models and frameworks were mostly focused on offering a roadmap for performing forensic operations with no policies in place. These initiatives would bring a tremendous benefit to process management and IoT forensic investigators proposing policies. The forensic investigation process may enhance more security and reduced data losses and vulnerabilities.

Keywords: Internet of Things, Process Management, Forensic Investigation, M2M Framework

Procedia PDF Downloads 73

Authors: Fouzia Mannan, Deepa Joshi

Abstract:

Millions of Bangladeshis move from low-income agrarian villages to the country’s urban landscape with the hope to gain from the rapidly-growing middle-income urban, industrial future. However, the economic gains are mostly offset by new forms of extreme depravity, indignity, and inequality. Nonetheless, many scholars report unique gendered gains through migration - the rupture of traditional, entrenched inequalities by gender, providing women not only reliable incomes but also the opportunity to re-negotiate gendered roles, responsibilities and identities. In this study, we present the reflections of ten long-term urban migrant women in Dhaka city: of their gains, their losses as well as their aspirations for the future. Our findings show the incredibly high costs of a migration that is induced by desperate rural poverty. Further, we find that patriarchy persists - within the often 'kutcha' walls of urban low-income homes to the nature of so-called economic opportunities - in the constant intertwining of capitalism, globalization, and patriarchy. Caught in between, women have little choice but to cope with these new vulnerabilities by relying on the very norms and boundaries established by patriarchy and by recreating patriarchy to celebrate the (if) gains from displacement and migration.

Keywords: gender, internal migration, patriarchy, urbanization

Procedia PDF Downloads 155

Authors: Samanwita Paul

Abstract:

Borrowing from Kabeer’s framework of empowerment, participation of women at Panchayat level politics (grassroots level of politics in India) has been conceptualized as a resource in the study and the impact of the same in influencing the policies at the grassroots as an agency. The study attempts to examine such intricacies in the dynamics of participation and policy formulation at the Panchayat level and to assess its overall impact in altering the recognition and redistribution of women. A conscious attempt has been made to go beyond formal politics and consider participants of the informal political processes as subjects of the study. Primary surveys were conducted for data collection in 4 Panchayat villages (from Jalpaiguri district in West Bengal) of which 2 wards from each were selected based on the nature of reservation of the panchayat seats. In-depth interviews with the Panchayat members and an approximate of 80 voters from each of the villages were conducted. This has been further analyzed with the aid of appropriate statistical tools and narratives. Preliminary findings show that women from vulnerable sections tend to participate more in the political process since it offers them a means of negotiating with their vulnerabilities however in case of its impact on policy formulation, the effect of women’s participation does to appear to be as profound.

Keywords: recognition, redistribution, political participation, women

Procedia PDF Downloads 107

Authors: Cindy Sahera, Sarwono Sutikno

Abstract:

Rapid technological developments also have negative impacts, namely the increasing criminal cases based on technology or cybercrime. One technique that can be used to conduct cybercrime attacks are phishing email. The issue is whether the user is aware that email can be misused by others so that it can harm the user's own? This research was conducted to measure the susceptibility of selected targets against email abuse. The objectives of this research are measurement of targets’ susceptibility and find vulnerability in email recipient. There are three steps being taken in this research, (1) the information gathering phase, (2) the design phase, and (3) the execution phase. The first step includes the collection of the information necessary to carry out an attack on a target. The next step is to make the design of an attack against a target. The last step is to send phishing emails to the target. The levels of susceptibility are three: level 1, level 2 and level 3. Level 1 indicates a low level of targets’ susceptibility, level 2 indicates the intermediate level of targets’ susceptibility, and level 3 indicates a high level of targets’ susceptibility. The results showed that users who are on level 1 and level 2 more that level 3, which means the user is not too careless. However, it does not mean the user to be safe. There are still vulnerabilities that may occur, such as automatic location detection when opening emails and automatic downloaded malware as user clicks a link in the email.

Keywords: cybercrime, email phishing, susceptibility, vulnerability

Procedia PDF Downloads 250

Authors: Noureddine Mohtaram, Jeremy Patrix, Jerome Verny

Abstract:

As an enormous number of online services have been developed into web applications, security problems based on web applications are becoming more serious now. Most intrusion detection systems rely on each request to find the cyber-attack rather than on user behavior, and these systems can only protect web applications against known vulnerabilities rather than certain zero-day attacks. In order to detect new attacks, we analyze the HTTP protocols of web servers to divide them into two categories: normal attacks and malicious attacks. On the other hand, the quality of the results obtained by deep learning (DL) in various areas of big data has given an important motivation to apply it to cybersecurity. Deep learning for attack detection in cybersecurity has the potential to be a robust tool from small transformations to new attacks due to its capability to extract more high-level features. This research aims to take a new approach, deep learning to cybersecurity, to classify these two categories to eliminate attacks and protect web servers of the defense sector which encounters different web traffic compared to other sectors (such as e-commerce, web app, etc.). The result shows that by using a machine learning method, a higher accuracy rate, and a lower false alarm detection rate can be achieved.

Keywords: anomaly detection, HTTP protocol, logs, cyber attack, deep learning

Procedia PDF Downloads 175

Authors: Hyojung Shin, Munhee Kweon

Abstract:

Non-suicide Self Injuri (NSSI) can be defined as the act of an individual who does not intend to die directly and intentionally damaging his or her body tissues. According to a study conducted by the Korean Ministry of Education in 2018, the NSSI is widely spreading among teenagers, with 7.9 percent of all middle school students and 6.4 percent of high school students reporting experience in NSSI. As such, it is understood that the first time of the NSSI is in adolescence. However, the NSSI may not start and stop at a certain time, but may last longer. However, despite the widespread prevalence of NSSI among teenagers, little is known about the process and maintenance of NSSI college students on a continuous development basis. Korea's NSSI research trends are mainly focused on individual internal vulnerabilities (high levels of painful emotions/awareness, lack of pain tolerance) and interpersonal vulnerabilities (poor communication skills and social problem solving), and little studies have been done on individuals' unique characteristics and environmental factors such as substrate or environmental vulnerability factors. In particular, environmental factors are associated with the occurrence of NSSI by acting as a vulnerability factor that can interfere with the emotional control of individuals, whereas individual factors play a more direct role by contributing to the maintenance of NSSI, so it is more important to consider this for personal environmental involvement in NSSI. This study focused on the Fight-Flight-Freeze System as a factor in the defensive avoidance system of Reward Sensitivity in individual factors. Also, Environmental factors include the level of expressed emotion in family. Wedig and Nock (2007) said that if parents with a self-critical cognitive style take the form of criticizing their children, the experience of NSSI increases. The high level of parental criticism is related to the increasing frequency of NSSI acts as well as to serious levels of NSSI. If the normal coping mechanism fails to control emotions, people want to overcome emotional difficulties even through NSSI, and emotional disturbances experienced by individuals within an unsupported social relationship increase vulnerability to NSSI. Based on these theories, this study is to find ways to prevent NSSI and intervene in counseling effectively by verifying the differences between the characteristics experienced NSSI persons and non-experienced NSSI persons. Therefore, the purpose of this research was to examine the relationship of Fight-Flight-Freeze System (FFFS), level of expressed emotion in family and emotion regulation difficulties, comparing those who experienced Non-Suicidal Self-Injury (NSSI) with those who did not experienced Non-Suicidal Self-Injury (NSSI). The data were collected from university students in Seoul Korea and Gyeonggi-do province. 99 subjects were experienced student of NSSI, while 375 were non- experienced student of NSSI. The results of this study are as follows. First, the result of t-test indicated that NSSI attempters showed a significant difference in fight-flight-freeze system, level of expressed emotion and emotion regulation difficulties, compared with non-attempters. Second, fight-flight-freeze system, level of expressed emotion in family and emotion regulation difficulties of NSSI attempters showed a significant difference in correlation. The correlation was significant only freeze system of fight-flight-freeze system, Level of expressed emotion in family and emotion regulation difficulties. Third, freeze system and level of expressed emotion in family predicted emotion regulation difficulties of NSSI attempters. Fight-freeze system and level of expressed emotion in family predicted emotion regulation difficulties of non-NSSI attempters. Lastly, Practical implications for counselors and limitations of this study are discussed.

Keywords: fight-flight-freeze system, level of expressed emotion in family, emotion regulation difficulty, non-suicidal self injury

Procedia PDF Downloads 82

Authors: Mohsen Mohammadi, Toshio Fujimi

Abstract:

High population and irregular urban development in Kabul city, Afghanistan's capital, are among factors that increase its vulnerability to earthquake disasters (on top of its location in a high seismic region); this can lead to widespread economic loss and casualties. This study aims to evaluate earthquake risks in Kabul's 13th district based on scientific data. The research data, which include hazard curves of Kabul, vulnerability curves, and a questionnaire survey through sampling in district 13, have been incorporated to develop risk curves. To estimate potential casualties, we used a set of M parameters in a model developed by Coburn and Spence. The results indicate that in the worst case scenario, more than 90% of district 13, which comprises mostly residential buildings, is exposed to high risk; this may lead to nearly 1000 million USD economic loss and 120 thousand casualties (equal to 25.88% of the 13th district's population) for a nighttime earthquake. To reduce risks, we present the reconstruction of the most vulnerable buildings, which are primarily adobe and masonry buildings. A comparison of risk reduction between reconstructing adobe and masonry buildings indicates that rebuilding adobe buildings would be more effective.

Keywords: earthquake risk evaluation, Kabul, mitigation, vulnerability

Procedia PDF Downloads 249

Authors: Anders Thorsén, Behrooz Sangchoolie, Peter Folkesson, Ted Strandberg

Abstract:

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment in order to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., intelligent distributed grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified in order to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Keywords: intelligent distribution grids, threat analysis, risk assessment, safety, cybersecurity

Procedia PDF Downloads 120

Authors: Warda Ajaz

Abstract:

This study uses the ‘Community Capitals Framework’ (CCF) to develop a community resilience index that can serve as a useful tool for measuring resilience of communities in diverse contexts and backgrounds. CCF is an important analytical tool to assess holistic community change. This framework identifies seven major types of community capitals: natural, cultural, human, social, political, financial and built, and claims that the communities that have been successful in supporting healthy sustainable community and economic development have paid attention to all these capitals. The framework, therefore, proposes to study the community development through identification of assets in these major capitals (stock), investment in these capitals (flow), and the interaction between these capitals. Capital based approaches have been extensively used to assess community resilience, especially in the context of natural disasters and extreme events. Therefore, this study identifies key indicators for estimating each of the seven capitals through an extensive literature review and then develops an index to calculate a community resilience score. The CCF-based community resilience index presents an innovative way of operationalizing the concept of community resilience and will contribute toward decision-relevant research regarding adaptation and mitigation of community vulnerabilities to climate change-induced, as well as other adverse events.

Keywords: adverse events, community capitals, community resilience, climate change, economic development, sustainability

Procedia PDF Downloads 236

Authors: Sara Patricia Ibarra-Zavaleta, Rabindranarth Romero-Lopez, Rosario Langrave, Annie Poulin, Gerald Corzo, Mathias Glaus, Ricardo Vega-Azamar, Norma Angelica Oropeza

Abstract:

The progressive change in climatic conditions worldwide has increased frequency and severity of extreme hydrometeorological events (EHE). Mexico is an example; this has been affected by the presence of EHE leaving economic, social and environmental losses. The objective of this research was to apply a Canadian distributed hydrological model (DHM) to tropical conditions and to evaluate its capacity to predict flows in a basin in the central Gulf of Mexico. In addition, the DHM (once calibrated and validated) was used to calculate the theoretical hydraulic power and the performance to predict streamflow before the presence of an EHE. The results of the DHM show that the goodness of fit indicators between the observed and simulated flows in the calibration process (NSE=0.83, RSR=0.021 and BIAS=-4.3) and validation: temporal was assessed at two points: point one (NSE=0.78, RSR=0.113 and BIAS=0.054) and point two (NSE=0.825, RSR=0.103 and BIAS=0.063) are satisfactory. The DHM showed its applicability in tropical environments and its ability to characterize the rainfall-runoff relationship in the study area. This work can serve as a tool for identifying vulnerabilities before floods and for the rational and sustainable management of water resources.

Keywords: HYDROTEL, hydraulic power, extreme hydrometeorological events, streamflow

Procedia PDF Downloads 296

Authors: Marieta Safta

Abstract:

The separation and balance of state powers constitute the basis of the rule of law. Observance of this principle requires framing of public authorities within the limits of competence established by the Constitution and the law, as well as loyal cooperation between them. From this perspective, the attribution of the constitutional courts for settling legal conflicts of a constitutional nature is an important tool for correcting the tendencies of violation of these limits, as well as for identifying solutions for situations that do not find an explicit regulation in the constitutional texts. The present study analyzes the jurisprudence of the Constitutional Court of Romania in the field of legal conflicts of a constitutional nature, revealing, together with the presentation of conflict situations, the vulnerabilities of the constitutional reference texts. It is also highlighted the role of the constitutional courts in the evolution of constitutional law institutions, even in terms of defining and redefining the regime of the forms of government. The conclusion of the study, beyond the subject of legal conflicts of a constitutional nature, bears on the necessity, even more so in this matter, of the certainty of jurisdictional interpretation. This certainty cannot be achieved as long as the interpretation is not authoritative; consequently, the assurance of the effectiveness of constitutional justice constitute a key issue of the rule of law.

Keywords: legal conflicts of constitutional nature, the Constitutional Court of Romania, the separation and balance of powers in the state, the effectiveness of constitutional justice

Procedia PDF Downloads 95

Authors: Vikram Chowdhary, Marek Vins

Abstract:

The profitability of the pharmaceutical drug business has attracted considerable interest, but it also faces significant challenges. Counterfeiters take advantage of the industry's vulnerabilities, which are further exacerbated by the globalization of the market, online trading, and complex supply chains. Governments and organizations worldwide are dedicated to creating a secure environment that ensures a consistent and genuine supply of pharmaceutical products. In 2019, the European authorities implemented regulation EU 2016/161 to strengthen traceability and transparency throughout the entire drug supply chain. This regulation requires the addition of enhanced security features, such as serializing items to the saleable unit level or individual packs. Despite these efforts, the incidents of pharmaceutical counterfeiting continue to rise globally, with regulated territories being particularly affected. This paper examines the effectiveness of the drug serialization system implemented by European authorities. By conducting a systematic literature review, we assess the implementation of drug serialization and explore the potential benefits of integrating emerging digital technologies, such as RFID and Blockchain, to improve traceability and management. The objective is to fortify pharmaceutical supply chains against counterfeiters and manipulators and ensure their security.

Keywords: blockchain, counterfeit drugs, EU drug serialization, pharmaceutical industry, RFID

Procedia PDF Downloads 68

Authors: Salha Abdullah Ali Al-Shamrani, Maha Muhammad Dhaher Aljuhani, Eman Ali Ahmed Aldhaheri

Abstract:

With the proliferation of Internet of Things (IoT) devices in various industries, there has been a concurrent rise in security vulnerabilities, particularly spoofing attacks. This study explores the potential of blockchain technology in enhancing the security of IoT systems and mitigating these attacks. Blockchain's decentralized and immutable ledger offers significant promise for improving data integrity, transaction transparency, and tamper-proofing. This research develops and implements a blockchain-based IoT architecture and a reference network to simulate real-world scenarios and evaluate a blockchain-integrated intrusion detection system. Performance measures including time delay, security, and resource utilization are used to assess the system's effectiveness, comparing it to conventional IoT networks without blockchain. The results provide valuable insights into the practicality and efficacy of employing blockchain as a security mechanism, shedding light on the trade-offs between speed and security in blockchain deployment for IoT. The study concludes that despite minor increases in time consumption, the security benefits of incorporating blockchain technology into IoT systems outweigh potential drawbacks, demonstrating a significant potential for blockchain in bolstering IoT security.

Keywords: internet of things, spoofing, IoT, access control, blockchain, raspberry pi

Procedia PDF Downloads 31

Authors: Cao Jiayu, Lan Ximing, Huang Jingjia, Burra Venkata Durga Kumar

Abstract:

The first virus to attack personal computers was born in early 1986, called C-Brain, written by a pair of Pakistani brothers. In those days, people still used dos systems, manipulating computers with the most basic command lines. In the 21st century today, computer performance has grown geometrically. But computer viruses are also evolving and escalating. We never stop fighting against security problems. Stack overflow is one of the most common security vulnerabilities in operating systems. It may result in serious security issues for an operating system if a program in it has a vulnerability with administrator privileges. Certain viruses change the value of specific memory through a stack overflow, allowing computers to run harmful programs. This study developed a mechanism to detect and respond to time whenever a stack overflow occurs. We demonstrate the effectiveness of standard machine learning algorithms and control flow enforcement techniques in predicting computer OS security using generating suspicious vulnerability functions (SVFS) and associated suspect areas (SAS). The method can minimize the possibility of stack overflow attacks occurring.

Keywords: operating system, security, stack overflow, buffer overflow, machine learning, control-flow enforcement technology

Procedia PDF Downloads 85

Authors: Awad A. Younis, Elise Stronberg, Shifa Noor

Abstract:

Malware attacks due to end-user vulnerabilities have been noticeably increased in the past few years. Investigating the factors that make an end-user vulnerable to those attacks is critical because they can be utilized to set up proactive strategies such as awareness and education to mitigate the impacts of those attacks. Some existing studies investigated demographic, behavioral, and cultural factors that make an end-user susceptible to malware attacks. However, it has been challenging to draw more general conclusions from individual studies due to the varieties in the type of end-users and different types of malware. Therefore, we conducted a systematic literature review (SLR) of the existing research for end-user susceptibility factors to malware attacks. The results showed while some demographic factors are mostly associated with malware infection regardless of the end users' type, age, and gender are not consistent among the same and different types of end-users. Besides, the association of culture and personality factors with malware infection are consistent in most of the selected studies and for all type of end-users. Moreover, malware infection varies based on age, geographic location, and host types. We propose that future studies should carefully take into consideration the type of end-users because different end users may be exposed to different threats or be targeted based on their user domains’ characteristics. Additionally, as different types of malware use different tactics to trick end-users, taking the malware types into consideration is important.

Keywords: cybersecurity, malware, end-users, demographics, personality, culture, systematic literature review

Procedia PDF Downloads 201

Authors: Michał Witas

Abstract:

This paper presents a technical approach to analysis of security of SCADA systems. Main goal of the paper is to make SCADA administrators aware of risks resulting from SCADA systems usage and to familiarize with methods that can be adopt to existing or planned system, to increase overall system security level. Because SCADA based systems become a industrial standard, more attention should be paid to the security of that systems. Industrial Control Systems (ICS) like SCADA are responsible for controlling crucial aspects of wide range of industrial processes. In pair with that responsibility, goes a lot of money that can be earned or lost – this fact is main reason of increased interest of attackers. Additionally ICS are often responsible for maintaining resources strategic from the point of view of national economy, like electricity (including nuclear power plants), heating, water resources or military facilities, so they can be targets of terrorist cybernetic attacks. Without proper risk analysis and management, vulnerabilities resulting from the usage of SCADA can be easily exploited by potential attacker. Paper is based mostly on own experience in systems security, gathered during academic studies and professional work in international company. As title suggests, it will cover only basics of topic, because every of points mentioned in the document can be base for additional research and papers.

Keywords: denial of service, SCADA, security policy, distributed network

Procedia PDF Downloads 340

Authors: Muhammad Bilal Mustafa, Javed Hussain, Simeon Babatunde

Abstract:

The Covid-19 pandemic has exposed the vulnerabilities of countless organisations beyond their size, type, and location. However, some groups and sectors are disproportionally get impacted by the pandemic. In the context of the UK, ethnic Small and Medium Enterprises (SMEs) turn out to be the most precarious group among all private sectors. Many ethnic SMEs shut down their business operations during a pandemic. A large portion of Black, Asian and minority ethnic (BAME) owners have huge concerns regarding their business’ survival and resilience. The current UK-centric studies have focused on the large business population, and there is a gap in ethnic SMEs and how they get affected by the Covid-19 pandemic. Moreover, there is a need to further knowledge and academic research to investigate the fundamental factors that could strengthen the resilience of ethnic SMEs as well as contribute to long-term sustainability. Therefore, this study aims to capture the effect of the Covid-19 pandemic on ethnic SMEs in the UK and assess the survival measures taken by ethnic SMEs during Covid-19. Besides, this study adopts a dynamic capabilities perspective that how firms' specific capabilities enable ethnic SMEs to exploit entrepreneurial opportunities during the Covid-19 pandemic. Finally, this research will help ethnic SMEs to develop vigorous resilience to address future external shocks and market uncertainties.

Keywords: COVID-19 pandemic, ethnic minority SMEs, entrepreneurial resilience, dynamic capabilities, sustainability

Procedia PDF Downloads 125

Authors: Preston Nabors, Nasseh Tabrizi

Abstract:

Portable Document Format (PDF) files have gained significant popularity for sharing and distributing documents due to their universal compatibility. However, the widespread use of PDF files has made them attractive targets for cybercriminals, who exploit vulnerabilities to deliver malware and compromise the security of end-user systems. This paper reviews notable contributions in PDF malware detection, including static, dynamic, signature-based, and hybrid analysis. It presents a comprehensive examination of PDF malware detection techniques, focusing on the emerging threat of adversarial sampling and the need for robust defense mechanisms. The paper highlights the vulnerability of machine learning classifiers to evasion attacks. It explores adversarial sampling techniques in PDF malware detection to produce mimicry and reverse mimicry evasion attacks, which aim to bypass detection systems. Improvements for future research are identified, including accessible methods, applying adversarial sampling techniques to malicious payloads, evaluating other models, evaluating the importance of features to malware, implementing adversarial defense techniques, and conducting comprehensive examination across various scenarios. By addressing these opportunities, researchers can enhance PDF malware detection and develop more resilient defense mechanisms against adversarial attacks.

Keywords: adversarial attacks, adversarial defense, adversarial machine learning, intrusion detection, PDF malware, malware detection, malware detection evasion

Procedia PDF Downloads 11

Authors: Andrii Shalaginov, Katrin Franke, Xiongwei Huang

Abstract:

One of the leading problems in Cyber Security today is the emergence of targeted attacks conducted by adversaries with access to sophisticated tools. These attacks usually steal senior level employee system privileges, in order to gain unauthorized access to confidential knowledge and valuable intellectual property. Malware used for initial compromise of the systems are sophisticated and may target zero-day vulnerabilities. In this work we utilize common behaviour of malware called ”beacon”, which implies that infected hosts communicate to Command and Control servers at regular intervals that have relatively small time variations. By analysing such beacon activity through passive network monitoring, it is possible to detect potential malware infections. So, we focus on time gaps as indicators of possible C2 activity in targeted enterprise networks. We represent DNS log files as a graph, whose vertices are destination domains and edges are timestamps. Then by using four periodicity detection algorithms for each pair of internal-external communications, we check timestamp sequences to identify the beacon activities. Finally, based on the graph structure, we infer the existence of other infected hosts and malicious domains enrolled in the attack activities.

Keywords: malware detection, network security, targeted attack, computational intelligence

Procedia PDF Downloads 224

Authors: Kenny Onayemi

Abstract:

In an era where academic institutions increasingly rely on information technology, the security of academic networks has emerged as a paramount concern. This comprehensive study delves into the effectiveness of security practices, including network mapping, vulnerability scanning, and penetration testing, within academic networks. Leveraging data from surveys administered to faculty, staff, IT professionals and IT students in the university, the study assesses their familiarity with these practices, perceived effectiveness, and frequency of implementation. The findings reveal that a significant portion of respondents exhibit a strong understanding of network mapping, vulnerability scanning, and penetration testing, highlighting the presence of knowledgeable professionals within academic institutions. Additionally, active scanning using network scanning tools and automated vulnerability scanning tools emerge as highly effective methods. However, concerns arise as the respondents show that the academic institutions conduct these practices rarely or never. Notably, many respondents have reported significant vulnerabilities or security incidents through these security measures within their institution. This study concludes with recommendations to enhance network security awareness and practices among faculty, staff, IT personnel, and students, ultimately fortifying the security posture of academic networks in the digital age.

Keywords: network security, academic networks, vulnerability scanning, penetration testing, information security

Procedia PDF Downloads 17

Authors: Sri Lakshmi Kanniah, Mohd Naz’ri Mahrin

Abstract:

More and more businesses and services are depending on software to run their daily operations and business services. At the same time, cyber-attacks are becoming more covert and sophisticated, posing threats to software. Vulnerabilities exist in the software due to the lack of security practices during the phases of software development. Implementation of secure software development practices can improve the resistance to attacks. Many methods, models and standards for secure software development have been developed. However, despite the efforts, they still come up against difficulties in their deployment and the processes are not institutionalized. There is a set of factors that influence the successful deployment of secure software development processes. In this study, the methodology and results from a systematic literature review of factors influencing the implementation of secure software development practices is described. A total of 44 primary studies were analysed as a result of the systematic review. As a result of the study, a list of twenty factors has been identified. Some of factors that affect implementation of secure software development practices are: Involvement of the security expert, integration between security and development team, developer’s skill and expertise, development time and communication between stakeholders. The factors were further classified into four categories which are institutional context, people and action, project content and system development process. The results obtained show that it is important to take into account organizational, technical and people issues in order to implement secure software development initiatives.

Keywords: secure software development, software development, software security, systematic literature review

Procedia PDF Downloads 337

Authors: Serzhan Ashirov, Dana Nour, Rafat Rob, Khaled Alotaibi

Abstract:

There has been a fast growth in the introduction and use of communications, information, monitoring, and sensing technologies. The new technologies are making their way to the Industrial Control Systems as embedded in products, software applications, IT services, or commissioned to enable integration and automation of increasingly global supply chains. As a result, the lines that separated the physical, digital, and cyber world have diminished due to the vast implementation of the new, disruptive digital technologies. The variety and increased use of these technologies introduce many cybersecurity risks affecting cyber-resilience of the supply chain, both in terms of the product or service delivered to a customer and members of the supply chain operation. US department of energy considers supply chain in the IR4 space to be the weakest link in cybersecurity. The IR4 identified the digitization of the field devices, followed by digitalization that eventually moved through the digital transformation space with little care for the new introduced cybersecurity risks. This paper will examine the best methodologies for securing the electrical substations from cybersecurity attacks due to supply chain risks, and due to digitization effort. SCADA systems are the most vulnerable part of the power system infrastructure due to digitization and due to the weakness and vulnerabilities in the supply chain security. The paper will discuss in details how create a secure supply chain methodology, secure substations, and mitigate the risks due to digitization

Keywords: cybersecurity, supply chain methodology, secure substation, digitization

Procedia PDF Downloads 36

Authors: Natalia Limones, Javier Marzo, Marcus Wijnen, Aleix Serrat-Capdevila

Abstract:

In this research we developed a structured approach for the detection of areas under the highest levels of drought risk that is suitable for data-scarce environments. The methodology is based on recent scientific outcomes and methods and can be easily adapted to different contexts in successive exercises. The research reviews the history of drought in the south of Angola and characterizes the experienced hazard in the episode from 2012, focusing on the meteorological and the hydrological drought types. Only global open data information coming from modeling or remote sensing was used for the description of the hydroclimatological variables since there is almost no ground data in this part of the country. Also, the study intends to portray the socioeconomic vulnerabilities and the exposure to the phenomenon in the region to fully understand the risk. As a result, a map of the areas under the highest risk in the south of the country is produced, which is one of the main outputs of this work. It was also possible to confirm that the set of indicators used revealed different drought vulnerability profiles in the South of Angola and, as a result, several varieties of priority areas prone to distinctive impacts were recognized. The results demonstrated that most of the region experienced a severe multi-year meteorological drought that triggered an unprecedent exhaustion of the surface water resources, and that the majority of their socioeconomic impacts started soon after the identified onset of these processes.

Keywords: drought risk, exposure, hazard, vulnerability

Procedia PDF Downloads 165

Authors: Crispin Rakibu Mbamba

Abstract:

Twenty-two years after the adoption of the United Nation Trafficking Protocol, evidence suggest that child trafficking continues to rise. Community level factors, like poverty which creates the conditions for children’s vulnerability is key to the rise in trafficking cases in Ghana. Albeit, growing evidence suggestthat despite the vulnerabilities, communities have the capacity to prevent and address child trafficking issues. This study contributes to this positive agenda by exploring the ways in which communities (and the key actors) in Ghana contribute to child trafficking interventions.The study objective is explored through in-depth interviews with practitioners (including social workers) from an organization working in trafficking hotspots in Ghana. Interviews wereanalyzed thematically with the help of HyperRESEARCH software. From the in-depth interviews, three themes were identified as the ways in which communities are involved in child trafficking interventions: 1) engagement of community leaders, 2) community-led anti-trafficking committees and 3) knowledge about trafficking. Albeit the cultural differences, evidence on the instrumental role of community chiefs and leaders provide important learning on how to harness trafficking intervention measures and ensure better child protection practices. Based on the findings, we recommend the need to intensify trafficking awareness campaigns in rural communities where education is lacking to contribute to United Nations (UN) promoting Just, Peaceful and Inclusive societies’ mandate.

Keywords: child trafficking, community interventions, knowledge on trafficking, human trafficking intervention

Procedia PDF Downloads 76

Authors: Lauren Provost

Abstract:

The digital world remains increasingly vulnerable, making the development of effective cybersecurity approaches even more critical in supporting the success of the digital economy and national security. Although approaches to cybersecurity have shifted and improved in the last decade with new models, especially with cloud computing and mobility, a record number of high severity vulnerabilities were recorded in the National Institute of Standards and Technology (NIST), and its National Vulnerability Database (NVD) in 2020. This is due, in part, to the increasing complexity of cyber ecosystems. Security must be approached with a more comprehensive, multi-tool strategy that addresses the complexity of cyber ecosystems, including the human factor. Ethical hacking has emerged as such an approach: a more effective, multi-strategy, comprehensive approach to cyber security's most pressing needs, especially understanding the human factor. Research on ethical hacking, however, is limited in scope. The two main objectives of this work are to (1) provide highlights of case studies in ethical hacking, (2) provide a conceptual framework for research in ethical hacking that embraces and addresses both technical and nontechnical security measures. Recommendations include an improved conceptual framework for research centered on ethical hacking that addresses many factors and attributes of significant attacks that threaten computer security; a more robust, integrative multi-layered framework embracing the complexity of cybersecurity ecosystems.

Keywords: ethical hacking, literature review, penetration testing, social engineering

Procedia PDF Downloads 176

Authors: Neha Ahirwar

Abstract:

In the contemporary digital era, the rise of credit card fraud poses a significant threat to both financial institutions and consumers. As fraudulent activities become more sophisticated, there is an escalating demand for robust and effective fraud detection mechanisms. Advanced machine learning algorithms have become crucial tools in addressing this challenge. This paper conducts a thorough examination of the design and evaluation of a credit card fraud detection system, utilizing four prominent machine learning algorithms: random forest, logistic regression, decision tree, and XGBoost. The surge in digital transactions has opened avenues for fraudsters to exploit vulnerabilities within payment systems. Consequently, there is an urgent need for proactive and adaptable fraud detection systems. This study addresses this imperative by exploring the efficacy of machine learning algorithms in identifying fraudulent credit card transactions. The selection of random forest, logistic regression, decision tree, and XGBoost for scrutiny in this study is based on their documented effectiveness in diverse domains, particularly in credit card fraud detection. These algorithms are renowned for their capability to model intricate patterns and provide accurate predictions. Each algorithm is implemented and evaluated for its performance in a controlled environment, utilizing a diverse dataset comprising both genuine and fraudulent credit card transactions.

Keywords: efficient credit card fraud detection, random forest, logistic regression, XGBoost, decision tree

Procedia PDF Downloads 22

Authors: Bagul Abhijeet

Abstract:

Background: Client-Server model is the backbone of today’s internet communication. In which normal user can not have control over particular website or server? By using the same processing model one can have unauthorized access to particular server. In this paper, we discussed about application scenario of hacking for simple website or server consist of unauthorized way to access the server database. This application emerges to autonomously take direct access of simple website or server and retrieve all essential information maintain by administrator. In this system, IP address of server given as input to retrieve user-id and password of server. This leads to breaking administrative security of server and acquires the control of server database. Whereas virus helps to escape from server security by crashing the whole server. Objective: To control malicious attack and preventing all government website, and also find out illegal work to do hackers activity. Results: After implementing different hacking as well as non-hacking techniques, this system hacks simple web sites with normal security credentials. It provides access to server database and allow attacker to perform database operations from client machine. Above Figure shows the experimental result of this application upon different servers and provides satisfactory results as required. Conclusion: In this paper, we have presented a to view to hack the server which include some hacking as well as non-hacking methods. These algorithms and methods provide efficient way to hack server database. By breaking the network security allow to introduce new and better security framework. The terms “Hacking” not only consider for its illegal activities but also it should be use for strengthen our global network.

Keywords: Hacking, Vulnerabilities, Dummy request, Virus, Server monitoring

Procedia PDF Downloads 220

Authors: Mayank Mundhra, Chester Rebeiro

Abstract:

Cryptocurrencies are rapidly finding wide application in areas such as Real Time Gross Settlements and Payments Systems. Ripple is a cryptocurrency that has gained prominence with banks and payment providers. It solves the Byzantine General’s Problem with its Ripple Protocol Consensus Algorithm (RPCA), where each server maintains a list of servers, called Unique Node List (UNL) that represents the network for the server, and will not collectively defraud it. The server believes that the network has come to a consensus when members of the UNL come to a consensus on a transaction. In this paper we improve Ripple to achieve better speed, security, last mile connectivity and ease of use. We implement guidelines and automated systems for building and maintaining UNLs for resilience, robustness, improved security, and efficient information propagation. We enhance the system so as to ensure that each server receives information from across the whole network rather than just from the UNL members. We also introduce the paradigm of UNL overlap as a function of information propagation and the trust a server assigns to its own UNL. Our design not only reduces vulnerabilities such as eclipse attacks, but also makes it easier to identify malicious behaviour and entities attempting to fraudulently Double Spend or stall the system. We provide experimental evidence of the benefits of our approach over the current Ripple scheme. We observe ≥ 4.97x and 98.22x in speedup and success rate for information propagation respectively, and ≥ 3.16x and 51.70x in speedup and success rate in consensus.

Keywords: Ripple, Kelips, unique node list, consensus, information propagation

Procedia PDF Downloads 105

Authors: A. V. Popa, C. Barna, V. Mihalache

Abstract:

Being the largest port at the Black Sea and functioning as a civil and military nodal point between Europe and Asia, Constantza Port has become a potential target on the terrorist international agenda. The authors use qualitative research based on both face-to-face and online semi-structured interviews with relevant stakeholders (top decision-makers in the Romanian Naval Authority, Romanian Maritime Training Centre, National Company "Maritime Ports Administration" and military staff) in order to detect potential vulnerabilities which might be exploited by terrorists in the case of Constantza Port. Likewise, this will enable bringing together the experts’ opinions on potential mitigation measures. Subsequently, this paper formulates various counter-terrorism policies to enhance the robustness of Constantza Port under potential terror attacks and connects them with the attributions in the field of critical infrastructure protection conferred by the law to the lead national authority for preventing and countering terrorism, namely the Romanian Intelligence Service. Extending the national counterterrorism efforts to an international level, the authors propose the establishment – among the experts of the NATO member states of the Wider Black Sea Region – of a platform for the exchange of know-how and best practices in the field of critical infrastructure protection.

Keywords: Constantza Port, counter-terrorism policies, critical infrastructure protection, security, Wider Black Sea Region

Procedia PDF Downloads 270