49 research outputs found
NLP-Based Techniques for Cyber Threat Intelligence
In the digital era, threat actors employ sophisticated techniques for which,
often, digital traces in the form of textual data are available. Cyber Threat
Intelligence~(CTI) is related to all the solutions inherent to data collection,
processing, and analysis useful to understand a threat actor's targets and
attack behavior. Currently, CTI is assuming an always more crucial role in
identifying and mitigating threats and enabling proactive defense strategies.
In this context, NLP, an artificial intelligence branch, has emerged as a
powerful tool for enhancing threat intelligence capabilities. This survey paper
provides a comprehensive overview of NLP-based techniques applied in the
context of threat intelligence. It begins by describing the foundational
definitions and principles of CTI as a major tool for safeguarding digital
assets. It then undertakes a thorough examination of NLP-based techniques for
CTI data crawling from Web sources, CTI data analysis, Relation Extraction from
cybersecurity data, CTI sharing and collaboration, and security threats of CTI.
Finally, the challenges and limitations of NLP in threat intelligence are
exhaustively examined, including data quality issues and ethical
considerations. This survey draws a complete framework and serves as a valuable
resource for security professionals and researchers seeking to understand the
state-of-the-art NLP-based threat intelligence techniques and their potential
impact on cybersecurity
Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation
The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU projectâs methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics
Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation
The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU projectâs methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics
Cognitive Machine Individualism in a Symbiotic Cybersecurity Policy Framework for the Preservation of Internet of Things Integrity: A Quantitative Study
This quantitative study examined the complex nature of modern cyber threats to propose the establishment of cyber as an interdisciplinary field of public policy initiated through the creation of a symbiotic cybersecurity policy framework. For the public good (and maintaining ideological balance), there must be recognition that public policies are at a transition point where the digital public square is a tangible reality that is more than a collection of technological widgets. The academic contribution of this research project is the fusion of humanistic principles with Internet of Things (IoT) technologies that alters our perception of the machine from an instrument of human engineering into a thinking peer to elevate cyber from technical esoterism into an interdisciplinary field of public policy. The contribution to the US national cybersecurity policy body of knowledge is a unified policy framework (manifested in the symbiotic cybersecurity policy triad) that could transform cybersecurity policies from network-based to entity-based. A correlation archival data design was used with the frequency of malicious software attacks as the dependent variable and diversity of intrusion techniques as the independent variable for RQ1. For RQ2, the frequency of detection events was the dependent variable and diversity of intrusion techniques was the independent variable. Self-determination Theory is the theoretical framework as the cognitive machine can recognize, self-endorse, and maintain its own identity based on a sense of self-motivation that is progressively shaped by the machineâs ability to learn. The transformation of cyber policies from technical esoterism into an interdisciplinary field of public policy starts with the recognition that the cognitive machine is an independent consumer of, advisor into, and influenced by public policy theories, philosophical constructs, and societal initiatives
Space Systems: Emerging Technologies and Operations
SPACE SYSTEMS: EMERGING TECHNOLOGIES AND OPERATIONS is our seventh textbook in a series covering the world of UASs / CUAS/ UUVs. Other textbooks in our series are Drone Delivery of CBNRECy â DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD); Disruptive Technologies with applications in Airline, Marine, Defense Industries; Unmanned Vehicle Systems & Operations On Air, Sea, Land; Counter Unmanned Aircraft Systems Technologies and Operations; Unmanned Aircraft Systems in the Cyber Domain: Protecting USAâs Advanced Air Assets, 2nd edition; and Unmanned Aircraft Systems (UAS) in the Cyber Domain Protecting USA\u27s Advanced Air Assets, 1st edition. Our previous six titles have received considerable global recognition in the field. (Nichols & Carter, 2022) (Nichols et al., 2021) (Nichols R. K. et al., 2020) (Nichols R. et al., 2020) (Nichols R. et al., 2019) (Nichols R. K., 2018)
Our seventh title takes on a new purview of Space. Let\u27s think of Space as divided into four regions. These are Planets, solar systems, the great dark void (which fall into the purview of astronomers and astrophysics), and the Dreamer Region. The earth, from a measurement standpoint, is the baseline of Space. It is the purview of geographers, engineers, scientists, politicians, and romantics. Flying high above the earth are Satellites. Military and commercial organizations govern their purview. The lowest altitude at which air resistance is low enough to permit a single complete, unpowered orbit is approximately 80 miles (125 km) above the earth\u27s surface. Normal Low Earth Orbit (LEO) satellite launches range between 99 miles (160 km) to 155 miles (250 km). Satellites in higher orbits experience less drag and can remain in Space longer in service. Geosynchronous orbit is around 22,000 miles (35,000 km). However, orbits can be even higher. UASs (Drones) have a maximum altitude of about 33,000 ft (10 km) because rotating rotors become physically limiting. (Nichols R. et al., 2019) Recreational drones fly at or below 400 ft in controlled airspace (Class B, C, D, E) and are permitted with prior authorization by using a LAANC or DroneZone. Recreational drones are permitted to fly at or below 400 ft in Class G (uncontrolled) airspace. (FAA, 2022) However, between 400 ft and 33,000 ft is in the purview of DREAMERS.
In the DREAMERS region, Space has its most interesting technological emergence. We see emerging technologies and operations that may have profound effects on humanity. This is the mission our book addresses. We look at the Dreamer Region from three perspectives:1) a Military view where intelligence, jamming, spoofing, advanced materials, and hypersonics are in play; 2) the Operational Dreamer Region; whichincludes Space-based platform vulnerabilities, trash, disaster recovery management, A.I., manufacturing, and extended reality; and 3) the Humanitarian Use of Space technologies; which includes precision agriculture wildlife tracking, fire risk zone identification, and improving the global food supply and cattle management.
Hereâs our bookâs breakdown:
SECTION 1 C4ISR and Emerging Space Technologies. C4ISR stands for Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance. Four chapters address the military: Current State of Space Operations; Satellite Killers and Hypersonic Drones; Space Electronic Warfare, Jamming, Spoofing, and ECD; and the challenges of Manufacturing in Space.
SECTION 2: Space Challenges and Operations covers in five chapters a wide purview of challenges that result from operations in Space, such as Exploration of Key Infrastructure Vulnerabilities from Space-Based Platforms; Trash Collection and Tracking in Space; Leveraging Space for Disaster Risk Reduction and Management; Bio-threats to Agriculture and Solutions From Space; and rounding out the lineup is a chapter on Modelling, Simulation, and Extended Reality.
SECTION 3: Humanitarian Use of Space Technologies is our DREAMERS section. It introduces effective use of Drones and Precision Agriculture; and Civilian Use of Space for Environmental, Wildlife Tracking, and Fire Risk Zone Identification.
SECTION 3 is our Hope for Humanity and Positive Global Change. Just think if the technologies we discuss, when put into responsible hands, could increase food production by 1-2%. How many more millions of families could have food on their tables?
State-of-the-Art research by a team of fifteen SMEs is incorporated into our book. We trust you will enjoy reading it as much as we have in its writing. There is hope for the future.https://newprairiepress.org/ebooks/1047/thumbnail.jp
Modeling Deception for Cyber Security
In the era of software-intensive, smart and connected systems, the growing power and so-
phistication of cyber attacks poses increasing challenges to software security. The reactive
posture of traditional security mechanisms, such as anti-virus and intrusion detection
systems, has not been sufficient to combat a wide range of advanced persistent threats
that currently jeopardize systems operation. To mitigate these extant threats, more ac-
tive defensive approaches are necessary. Such approaches rely on the concept of actively
hindering and deceiving attackers. Deceptive techniques allow for additional defense by
thwarting attackersâ advances through the manipulation of their perceptions. Manipu-
lation is achieved through the use of deceitful responses, feints, misdirection, and other
falsehoods in a system. Of course, such deception mechanisms may result in side-effects
that must be handled. Current methods for planning deception chiefly portray attempts
to bridge military deception to cyber deception, providing only high-level instructions
that largely ignore deception as part of the software security development life cycle. Con-
sequently, little practical guidance is provided on how to engineering deception-based
techniques for defense. This PhD thesis contributes with a systematic approach to specify
and design cyber deception requirements, tactics, and strategies. This deception approach
consists of (i) a multi-paradigm modeling for representing deception requirements, tac-
tics, and strategies, (ii) a reference architecture to support the integration of deception
strategies into system operation, and (iii) a method to guide engineers in deception mod-
eling. A tool prototype, a case study, and an experimental evaluation show encouraging
results for the application of the approach in practice. Finally, a conceptual coverage map-
ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan-
tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais
de segurança, como os sistemas antivĂrus e de detecção de intrusĂŁo, nĂŁo tĂȘm sido suficien-
tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas
de software actuais. Para mitigar estas ameaças são necessårias abordagens ativas de
defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os
adversĂĄrios (do inglĂȘs deception). As tĂ©cnicas de enganação (em portuguĂȘs, "ato ou efeito
de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa
frustrando o avanço dos atacantes por manipulação das suas perceçÔes. A manipula-
ção é conseguida através de respostas enganadoras, de "fintas", ou indicaçÔes erróneas
e outras falsidades adicionadas intencionalmente num sistema. Ă claro que esses meca-
nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os
métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas
tĂ©cnicas da ĂĄrea militar, fornecendo apenas instruçÔes de alto nĂvel que ignoram, em
grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software
seguro. Consequentemente, hĂĄ poucas referĂȘncias prĂĄticas em como gerar tĂ©cnicas de
defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda-
gem sistemåtica para especificar e desenhar requisitos, tåticas e estratégias de enganação
cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re-
presentar requisitos, tĂĄticas e estratĂ©gias de enganação, (ii) uma arquitetura de referĂȘncia
para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um
método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó-
tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores
para a aplicação da abordagem na pråtica. Finalmente, a expressividade da linguagem
de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos
Human Practice. Digital Ecologies. Our Future. : 14. Internationale Tagung Wirtschaftsinformatik (WI 2019) : Tagungsband
Erschienen bei: universi - UniversitÀtsverlag Siegen. - ISBN: 978-3-96182-063-4Aus dem Inhalt:
Track 1: Produktion & Cyber-Physische Systeme
Requirements and a Meta Model for Exchanging Additive Manufacturing Capacities
Service Systems, Smart Service Systems and Cyber- Physical SystemsâWhatâs the difference? Towards a Unified Terminology
Developing an Industrial IoT Platform â Trade-off between Horizontal and Vertical Approaches
Machine Learning und Complex Event Processing: Effiziente Echtzeitauswertung am Beispiel Smart Factory
Sensor retrofit for a coffee machine as condition monitoring and predictive maintenance use case
Stakeholder-Analyse zum Einsatz IIoT-basierter Frischeinformationen in der Lebensmittelindustrie
Towards a Framework for Predictive Maintenance Strategies in Mechanical Engineering - A Method-Oriented Literature Analysis
Development of a matching platform for the requirement-oriented selection of cyber physical systems for SMEs
Track 2: Logistic Analytics
An Empirical Study of Customersâ Behavioral Intention to Use Ridepooling Services â An Extension of the Technology Acceptance Model
Modeling Delay Propagation and Transmission in Railway Networks
What is the impact of company specific adjustments on the acceptance and diffusion of logistic standards?
Robust Route Planning in Intermodal Urban Traffic
Track 3: Unternehmensmodellierung & Informationssystemgestaltung (Enterprise Modelling & Information Systems Design)
Work System Modeling Method with Different Levels of Specificity and Rigor for Different Stakeholder Purposes
Resolving Inconsistencies in Declarative Process Models based on Culpability Measurement
Strategic Analysis in the Realm of Enterprise Modeling â On the Example of Blockchain-Based Initiatives for the Electricity Sector
Zwischenbetriebliche Integration in der Möbelbranche: Konfigurationen und Einflussfaktoren
Novicesâ Quality Perceptions and the Acceptance of Process Modeling Grammars
Entwicklung einer Definition fĂŒr Social Business Objects (SBO) zur Modellierung von Unternehmensinformationen
Designing a Reference Model for Digital Product Configurators
Terminology for Evolving Design Artifacts
Business Role-Object Specification: A Language for Behavior-aware Structural Modeling of Business Objects
Generating Smart Glasses-based Information Systems with BPMN4SGA: A BPMN Extension for Smart Glasses Applications
Using Blockchain in Peer-to-Peer Carsharing to Build Trust in the Sharing Economy
Testing in Big Data: An Architecture Pattern for a Development Environment for Innovative, Integrated and Robust Applications
Track 4: Lern- und Wissensmanagement (e-Learning and Knowledge Management)
eGovernment Competences revisited â A Literature Review on necessary Competences in a Digitalized Public Sector
Say Hello to Your New Automated Tutor â A Structured Literature Review on Pedagogical Conversational Agents
Teaching the Digital Transformation of Business Processes: Design of a Simulation Game for Information Systems Education
Conceptualizing Immersion for Individual Learning in Virtual Reality
Designing a Flipped Classroom Course â a Process Model
The Influence of Risk-Taking on Knowledge Exchange and Combination
Gamified Feedback durch Avatare im Mobile Learning
Alexa, Can You Help Me Solve That Problem? - Understanding the Value of Smart Personal Assistants as Tutors for Complex Problem Tasks
Track 5: Data Science & Business Analytics
Matching with Bundle Preferences: Tradeoff between Fairness and Truthfulness
Applied image recognition: guidelines for using deep learning models in practice
Yield Prognosis for the Agrarian Management of Vineyards using Deep Learning for Object Counting
Reading Between the Lines of Qualitative Data â How to Detect Hidden Structure Based on Codes
Online Auctions with Dual-Threshold Algorithms: An Experimental Study and Practical Evaluation
Design Features of Non-Financial Reward Programs for Online Reviews: Evaluation based on Google Maps Data
Topic Embeddings â A New Approach to Classify Very Short Documents Based on Predefined Topics
Leveraging Unstructured Image Data for Product Quality Improvement
Decision Support for Real Estate Investors: Improving Real Estate Valuation with 3D City Models and Points of Interest
Knowledge Discovery from CVs: A Topic Modeling Procedure
Online Product Descriptions â Boost for your Sales?
EntscheidungsunterstĂŒtzung durch historienbasierte Dienstreihenfolgeplanung mit Pattern
A Semi-Automated Approach for Generating Online Review Templates
Machine Learning goes Measure Management: Leveraging Anomaly Detection and Parts Search to Improve Product-Cost Optimization
Bedeutung von Predictive Analytics fĂŒr den theoretischen Erkenntnisgewinn in der IS-Forschung
Track 6: Digitale Transformation und Dienstleistungen
Heuristic Theorizing in Software Development: Deriving Design Principles for Smart Glasses-based Systems
Mirroring E-service for Brick and Mortar Retail: An Assessment and Survey
Taxonomy of Digital Platforms: A Platform Architecture Perspective
Value of Star Players in the Digital Age
Local Shopping Platforms â Harnessing Locational Advantages for the Digital Transformation of Local Retail Outlets: A Content Analysis
A Socio-Technical Approach to Manage Analytics-as-a-Service â Results of an Action Design Research Project
Characterizing Approaches to Digital Transformation: Development of a Taxonomy of Digital Units
Expectations vs. Reality â Benefits of Smart Services in the Field of Tension between Industry and Science
Innovation Networks and Digital Innovation: How Organizations Use Innovation Networks in a Digitized Environment
Characterising Social Reading Platformsâ A Taxonomy-Based Approach to Structure the Field
Less Complex than Expected â What Really Drives IT Consulting Value
Modularity Canvas â A Framework for Visualizing Potentials of Service Modularity
Towards a Conceptualization of Capabilities for Innovating Business Models in the Industrial Internet of Things
A Taxonomy of Barriers to Digital Transformation
Ambidexterity in Service Innovation Research: A Systematic Literature Review
Design and success factors of an online solution for cross-pillar pension information
Track 7: IT-Management und -Strategie
A Frugal Support Structure for New Software Implementations in SMEs
How to Structure a Company-wide Adoption of Big Data Analytics
The Changing Roles of Innovation Actors and Organizational Antecedents in the Digital Age
Bewertung des Kundennutzens von Chatbots fĂŒr den Einsatz im Servicedesk
Understanding the Benefits of Agile Software Development in Regulated Environments
Are Employees Following the Rules? On the Effectiveness of IT Consumerization Policies
Agile and Attached: The Impact of Agile Practices on Agile Team Membersâ Affective Organisational Commitment
The Complexity Trap â Limits of IT Flexibility for Supporting Organizational Agility in Decentralized Organizations
Platform Openness: A Systematic Literature Review and Avenues for Future Research
Competence, Fashion and the Case of Blockchain
The Digital Platform Otto.de: A Case Study of Growth, Complexity, and Generativity
Track 8: eHealth & alternde Gesellschaft
Security and Privacy of Personal Health Records in Cloud Computing Environments â An Experimental Exploration of the Impact of Storage Solutions and Data Breaches
Patientenintegration durch Pfadsysteme
Digitalisierung in der StressprĂ€vention â eine qualitative Interviewstudie zu Nutzenpotenzialen
User Dynamics in Mental Health Forums â A Sentiment Analysis Perspective
Intent and the Use of Wearables in the Workplace â A Model Development
Understanding Patient Pathways in the Context of Integrated Health Care Services - Implications from a Scoping Review
Understanding the Habitual Use of Wearable Activity Trackers
On the Fit in Fitness Apps: Studying the Interaction of Motivational Affordances and Usersâ Goal Orientations in Affecting the Benefits Gained
Gamification in Health Behavior Change Support Systems - A Synthesis of Unintended Side Effects
Investigating the Influence of Information Incongruity on Trust-Relations within Trilateral Healthcare Settings
Track 9: Krisen- und KontinuitÀtsmanagement
Potentiale von IKT beim Ausfall kritischer Infrastrukturen: Erwartungen, Informationsgewinnung und Mediennutzung der Zivilbevölkerung in Deutschland
Fake News Perception in Germany: A Representative Study of Peopleâs Attitudes and Approaches to Counteract Disinformation
Analyzing the Potential of Graphical Building Information for Fire Emergency Responses: Findings from a Controlled Experiment
Track 10: Human-Computer Interaction
Towards a Taxonomy of Platforms for Conversational Agent Design
Measuring Service Encounter Satisfaction with Customer Service Chatbots using Sentiment Analysis
Self-Tracking and Gamification: Analyzing the Interplay of Motivations, Usage and Motivation Fulfillment
Erfolgsfaktoren von Augmented-Reality-Applikationen: Analyse von Nutzerrezensionen mit dem Review-Mining-Verfahren
Designing Dynamic Decision Support for Electronic Requirements Negotiations
Who is Stressed by Using ICTs? A Qualitative Comparison Analysis with the Big Five Personality Traits to Understand Technostress
Walking the Middle Path: How Medium Trade-Off Exposure Leads to Higher Consumer Satisfaction in Recommender Agents
Theory-Based Affordances of Utilitarian, Hedonic and Dual-Purposed Technologies: A Literature Review
Eliciting Customer Preferences for Shopping Companion Apps: A Service Quality Approach
The Role of Early User Participation in Discovering Software â A Case Study from the Context of Smart Glasses
The Fluidity of the Self-Concept as a Framework to Explain the Motivation to Play Video Games
Heart over Heels? An Empirical Analysis of the Relationship between Emotions and Review Helpfulness for Experience and Credence Goods
Track 11: Information Security and Information Privacy
Unfolding Concerns about Augmented Reality Technologies: A Qualitative Analysis of User Perceptions
To (Psychologically) Own Data is to Protect Data: How Psychological Ownership Determines Protective Behavior in a Work and Private Context
Understanding Data Protection Regulations from a Data Management Perspective: A Capability-Based Approach to EU-GDPR
On the Difficulties of Incentivizing Online Privacy through Transparency: A Qualitative Survey of the German Health Insurance Market
What is Your Selfie Worth? A Field Study on Individualsâ Valuation of Personal Data
Justification of Mass Surveillance: A Quantitative Study
An Exploratory Study of Risk Perception for Data Disclosure to a Network of Firms
Track 12: Umweltinformatik und nachhaltiges Wirtschaften
KommunikationsfĂ€den im Nadelöhr â Fachliche Prozessmodellierung der Nachhaltigkeitskommunikation am Kapitalmarkt
Potentiale und Herausforderungen der Materialflusskostenrechnung
Computing Incentives for User-Based Relocation in Carsharing
Sustainabilityâs Coming Home: Preliminary Design Principles for the Sustainable Smart District
Substitution of hazardous chemical substances using Deep Learning and t-SNE
A Hierarchy of DSMLs in Support of Product Life-Cycle Assessment
A Survey of Smart Energy Services for Private Households
Door-to-Door Mobility Integrators as Keystone Organizations of Smart Ecosystems: Resources and Value Co-Creation â A Literature Review
Ein EntscheidungsunterstĂŒtzungssystem zur ökonomischen Bewertung von Mieterstrom auf Basis der Clusteranalyse
Discovering Blockchain for Sustainable Product-Service Systems to enhance the Circular Economy
Digitale RĂŒckverfolgbarkeit von Lebensmitteln: Eine verbraucherinformatische Studie
Umweltbewusstsein durch audiovisuelles Content Marketing? Eine experimentelle Untersuchung zur Konsumentenbewertung nachhaltiger Smartphones
Towards Predictive Energy Management in Information Systems: A Research Proposal
A Web Browser-Based Application for Processing and Analyzing Material Flow Models using the MFCA Methodology
Track 13: Digital Work - Social, mobile, smart
On Conversational Agents in Information Systems Research: Analyzing the Past to Guide Future Work
The Potential of Augmented Reality for Improving Occupational First Aid
Prevent a Vicious Circle! The Role of Organizational IT-Capability in Attracting IT-affine Applicants
Good, Bad, or Both? Conceptualization and Measurement of Ambivalent User Attitudes Towards AI
A Case Study on Cross-Hierarchical Communication in Digital Work Environments
âShow Me Your People Skillsâ - Employing CEO Branding for Corporate Reputation Management in Social Media
A Multiorganisational Study of the Drivers and Barriers of Enterprise Collaboration Systems-Enabled Change
The More the Merrier? The Effect of Size of Core Team Subgroups on Success of Open Source Projects
The Impact of Anthropomorphic and Functional Chatbot Design Features in Enterprise Collaboration Systems on User Acceptance
Digital Feedback for Digital Work? Affordances and Constraints of a Feedback App at InsurCorp
The Effect of Marker-less Augmented Reality on Task and Learning Performance
Antecedents for Cyberloafing â A Literature Review
Internal Crowd Work as a Source of Empowerment - An Empirical Analysis of the Perception of Employees in a Crowdtesting Project
Track 14: GeschÀftsmodelle und digitales Unternehmertum
Dividing the ICO Jungle: Extracting and Evaluating Design Archetypes
Capturing Value from Data: Exploring Factors Influencing Revenue Model Design for Data-Driven Services
Understanding the Role of Data for Innovating Business Models: A System Dynamics Perspective
Business Model Innovation and Stakeholder: Exploring Mechanisms and Outcomes of Value Creation and Destruction
Business Models for Internet of Things Platforms: Empirical Development of a Taxonomy and Archetypes
Revitalizing established Industrial Companies: State of the Art and Success Principles of Digital Corporate Incubators
When 1+1 is Greater than 2: Concurrence of Additional Digital and Established Business Models within Companies
Special Track 1: Student Track
Investigating Personalized Price Discrimination of Textile-, Electronics- and General Stores in German Online Retail
From Facets to a Universal Definition â An Analysis of IoT Usage in Retail
Is the Technostress Creators Inventory Still an Up-To-Date Measurement Instrument? Results of a Large-Scale Interview Study
Application of Media Synchronicity Theory to Creative Tasks in Virtual Teams Using the Example of Design Thinking
TrustyTweet: An Indicator-based Browser-Plugin to Assist Users in Dealing with Fake News on Twitter
Application of Process Mining Techniques to Support Maintenance-Related Objectives
How Voice Can Change Customer Satisfaction: A Comparative Analysis between E-Commerce and Voice Commerce
Business Process Compliance and Blockchain: How Does the Ethereum Blockchain Address Challenges of Business Process Compliance?
Improving Business Model Configuration through a Question-based Approach
The Influence of Situational Factors and Gamification on Intrinsic Motivation and Learning
Evaluation von ITSM-Tools fĂŒr Integration und Management von Cloud-Diensten am Beispiel von ServiceNow
How Software Promotes the Integration of Sustainability in Business Process Management
Criteria Catalog for Industrial IoT Platforms from the Perspective of the Machine Tool Industry
Special Track 3: Demos & Prototyping
Privacy-friendly User Location Tracking with Smart Devices: The BeaT Prototype
Application-oriented robotics in nursing homes
Augmented Reality for Set-up Processe
Mixed Reality for supporting Remote-Meetings
Gamification zur Motivationssteigerung von Werkern bei der Betriebsdatenerfassung
Automatically Extracting and Analyzing Customer Needs from Twitter: A âNeedminingâ Prototype
GaNEsHA: Opportunities for Sustainable Transportation in Smart Cities
TUCANA: A platform for using local processing power of edge devices for building data-driven services
Demonstrator zur Beschreibung und Visualisierung einer kritischen Infrastruktur
Entwicklung einer alltagsnahen persuasiven App zur Bewegungsmotivation fĂŒr Ă€ltere Nutzerinnen und Nutzer
A browser-based modeling tool for studying the learning of conceptual modeling based on a multi-modal data collection approach
Exergames & Dementia: An interactive System for People with Dementia and their Care-Network
Workshops
Workshop Ethics and Morality in Business Informatics (Workshop Ethik und Moral in der Wirtschaftsinformatik â EMoWIâ19)
Model-Based Compliance in Information Systems - Foundations, Case Description and Data Set of the MobIS-Challenge for Students and Doctoral Candidates
Report of the Workshop on Concepts and Methods of Identifying Digital Potentials in Information Management
Control of Systemic Risks in Global Networks - A Grand Challenge to Information Systems Research
Die Mitarbeiter von morgen - Kompetenzen kĂŒnftiger Mitarbeiter im Bereich Business Analytics
Digitaler Konsum: Herausforderungen und Chancen der Verbraucherinformati
Computational Resource Abuse in Web Applications
Internet browsers include Application Programming Interfaces (APIs) to support Web applications that require complex functionality, e.g., to let end users watch videos, make phone calls, and play video games. Meanwhile, many Web applications employ the browser APIs to rely on the user's hardware to execute intensive computation, access the Graphics Processing Unit (GPU), use persistent storage, and establish network connections.
However, providing access to the system's computational resources, i.e., processing, storage, and networking, through the browser creates an opportunity for attackers to abuse resources. Principally, the problem occurs when an attacker compromises a Web site and includes malicious code to abuse its visitor's computational resources. For example, an attacker can abuse the user's system networking capabilities to perform a Denial of Service (DoS) attack against third parties. What is more, computational resource abuse has not received widespread attention from the Web security community because most of the current specifications are focused on content and session properties such as isolation, confidentiality, and integrity.
Our primary goal is to study computational resource abuse and to advance the state of the art by providing a general attacker model, multiple case studies, a thorough analysis of available security mechanisms, and a new detection mechanism. To this end, we implemented and evaluated three scenarios where attackers use multiple browser APIs to abuse networking, local storage, and computation. Further, depending on the scenario, an attacker can use browsers to perform Denial of Service against third-party Web sites, create a network of browsers to store and distribute arbitrary data, or use browsers to establish anonymous connections similarly to The Onion Router (Tor). Our analysis also includes a real-life resource abuse case found in the wild, i.e., CryptoJacking, where thousands of Web sites forced their visitors to perform crypto-currency mining without their consent. In the general case, attacks presented in this thesis share the attacker model and two key characteristics: 1) the browser's end user remains oblivious to the attack, and 2) an attacker has to invest little resources in comparison to the resources he obtains.
In addition to the attack's analysis, we present how existing, and upcoming, security enforcement mechanisms from Web security can hinder an attacker and their drawbacks. Moreover, we propose a novel detection approach based on browser API usage patterns. Finally, we evaluate the accuracy of our detection model, after training it with the real-life crypto-mining scenario, through a large scale analysis of the most popular Web sites
AN ENHANCEMENT ON TARGETED PHISHING ATTACKS IN THE STATE OF QATAR
The latest report by Kaspersky on Spam and Phishing, listed Qatar as one of the top 10 countries by percentage of email phishing and targeted phishing attacks. Since the Qatari economy has grown exponentially and become increasingly global in nature, email phishing and targeted phishing attacks have the capacity to be devastating to the Qatari economy, yet there are no adequate measures put in place such as awareness training programmes to minimise these threats to the state of Qatar. Therefore, this research aims to explore targeted attacks in specific organisations in the state of Qatar by presenting a new technique to prevent targeted attacks. This novel enterprise-wide email phishing detection system has been used by organisations and individuals not only in the state of Qatar but also in organisations in the UK. This detection system is based on domain names by which attackers carefully register domain names which victims trust. The results show that this detection system has proven its ability to reduce email phishing attacks. Moreover, it aims to develop email phishing awareness training techniques specifically designed for the state of Qatar to complement the presented technique in order to increase email phishing awareness, focused on targeted attacks and the content, and reduce the impact of phishing email attacks. This research was carried out by developing an interactive email phishing awareness training website that has been tested by organisations in the state of Qatar. The results of this training programme proved to get effective results by training users on how to spot email phishing and targeted attacks
Measuring and Disrupting Malware Distribution Networks: An Interdisciplinary Approach
Malware Delivery Networks (MDNs) are networks of webpages, servers, computers, and computer files that are used by cybercriminals to proliferate malicious software (or malware) onto victim machines. The business of malware delivery is a complex and multifaceted one that has become increasingly profitable over the last few years. Due to the ongoing arms race between cybercriminals and the security community, cybercriminals are constantly evolving and streamlining their techniques to beat security countermeasures and avoid disruption to their operations, such as by security researchers infiltrating their botnet operations, or law enforcement taking down their infrastructures and arresting those involved. So far, the research community has conducted insightful but isolated studies into the different facets of malicious file distribution. Hence, only a limited picture of the malicious file delivery ecosystem has been provided thus far, leaving many questions unanswered. Using a data-driven and interdisciplinary approach, the purpose of this research is twofold. One, to study and measure the malicious file delivery ecosystem, bringing prior research into context, and to understand precisely how these malware operations respond to security and law enforcement intervention. And two, taking into account the overlapping research efforts of the information security and crime science communities towards preventing cybercrime, this research aims to identify mitigation strategies and intervention points to disrupt this criminal economy more effectively