11,137 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    A Design Science Research Approach to Smart and Collaborative Urban Supply Networks

    Get PDF
    Urban supply networks are facing increasing demands and challenges and thus constitute a relevant field for research and practical development. Supply chain management holds enormous potential and relevance for society and everyday life as the flow of goods and information are important economic functions. Being a heterogeneous field, the literature base of supply chain management research is difficult to manage and navigate. Disruptive digital technologies and the implementation of cross-network information analysis and sharing drive the need for new organisational and technological approaches. Practical issues are manifold and include mega trends such as digital transformation, urbanisation, and environmental awareness. A promising approach to solving these problems is the realisation of smart and collaborative supply networks. The growth of artificial intelligence applications in recent years has led to a wide range of applications in a variety of domains. However, the potential of artificial intelligence utilisation in supply chain management has not yet been fully exploited. Similarly, value creation increasingly takes place in networked value creation cycles that have become continuously more collaborative, complex, and dynamic as interactions in business processes involving information technologies have become more intense. Following a design science research approach this cumulative thesis comprises the development and discussion of four artefacts for the analysis and advancement of smart and collaborative urban supply networks. This thesis aims to highlight the potential of artificial intelligence-based supply networks, to advance data-driven inter-organisational collaboration, and to improve last mile supply network sustainability. Based on thorough machine learning and systematic literature reviews, reference and system dynamics modelling, simulation, and qualitative empirical research, the artefacts provide a valuable contribution to research and practice

    Anuário científico da Escola Superior de Tecnologia da Saúde de Lisboa - 2021

    Get PDF
    É com grande prazer que apresentamos a mais recente edição (a 11.ª) do Anuário Científico da Escola Superior de Tecnologia da Saúde de Lisboa. Como instituição de ensino superior, temos o compromisso de promover e incentivar a pesquisa científica em todas as áreas do conhecimento que contemplam a nossa missão. Esta publicação tem como objetivo divulgar toda a produção científica desenvolvida pelos Professores, Investigadores, Estudantes e Pessoal não Docente da ESTeSL durante 2021. Este Anuário é, assim, o reflexo do trabalho árduo e dedicado da nossa comunidade, que se empenhou na produção de conteúdo científico de elevada qualidade e partilhada com a Sociedade na forma de livros, capítulos de livros, artigos publicados em revistas nacionais e internacionais, resumos de comunicações orais e pósteres, bem como resultado dos trabalhos de 1º e 2º ciclo. Com isto, o conteúdo desta publicação abrange uma ampla variedade de tópicos, desde temas mais fundamentais até estudos de aplicação prática em contextos específicos de Saúde, refletindo desta forma a pluralidade e diversidade de áreas que definem, e tornam única, a ESTeSL. Acreditamos que a investigação e pesquisa científica é um eixo fundamental para o desenvolvimento da sociedade e é por isso que incentivamos os nossos estudantes a envolverem-se em atividades de pesquisa e prática baseada na evidência desde o início dos seus estudos na ESTeSL. Esta publicação é um exemplo do sucesso desses esforços, sendo a maior de sempre, o que faz com que estejamos muito orgulhosos em partilhar os resultados e descobertas dos nossos investigadores com a comunidade científica e o público em geral. Esperamos que este Anuário inspire e motive outros estudantes, profissionais de saúde, professores e outros colaboradores a continuarem a explorar novas ideias e contribuir para o avanço da ciência e da tecnologia no corpo de conhecimento próprio das áreas que compõe a ESTeSL. Agradecemos a todos os envolvidos na produção deste anuário e desejamos uma leitura inspiradora e agradável.info:eu-repo/semantics/publishedVersio

    Deep Transfer Learning Applications in Intrusion Detection Systems: A Comprehensive Review

    Full text link
    Globally, the external Internet is increasingly being connected to the contemporary industrial control system. As a result, there is an immediate need to protect the network from several threats. The key infrastructure of industrial activity may be protected from harm by using an intrusion detection system (IDS), a preventive measure mechanism, to recognize new kinds of dangerous threats and hostile activities. The most recent artificial intelligence (AI) techniques used to create IDS in many kinds of industrial control networks are examined in this study, with a particular emphasis on IDS-based deep transfer learning (DTL). This latter can be seen as a type of information fusion that merge, and/or adapt knowledge from multiple domains to enhance the performance of the target task, particularly when the labeled data in the target domain is scarce. Publications issued after 2015 were taken into account. These selected publications were divided into three categories: DTL-only and IDS-only are involved in the introduction and background, and DTL-based IDS papers are involved in the core papers of this review. Researchers will be able to have a better grasp of the current state of DTL approaches used in IDS in many different types of networks by reading this review paper. Other useful information, such as the datasets used, the sort of DTL employed, the pre-trained network, IDS techniques, the evaluation metrics including accuracy/F-score and false alarm rate (FAR), and the improvement gained, were also covered. The algorithms, and methods used in several studies, or illustrate deeply and clearly the principle in any DTL-based IDS subcategory are presented to the reader

    A direct-laser-written heart-on-a-chip platform for generation and stimulation of engineered heart tissues

    Full text link
    In this dissertation, we first develop a versatile microfluidic heart-on-a-chip model to generate 3D-engineered human cardiac microtissues in highly-controlled microenvironments. The platform, which is enabled by direct laser writing (DLW), has tailor-made attachment sites for cardiac microtissues and comes with integrated strain actuators and force sensors. Application of external pressure waves to the platform results in controllable time-dependent forces on the microtissues. Conversely, oscillatory forces generated by the microtissues are transduced into measurable electrical outputs. After characterization of the responsivity of the transducers, we demonstrate the capabilities of this platform by studying the response of cardiac microtissues to prescribed mechanical loading and pacing. Next, we tune the geometry and mechanical properties of the platform to enable parametric studies on engineered heart tissues. We explore two geometries: a rectangular seeding well with two attachment sites, and a stadium-like seeding well with six attachment sites. The attachment sites are placed symmetrically in the longitudinal direction. The former geometry promotes uniaxial contraction of the tissues; the latter additionally induces diagonal fiber alignment. We systematically increase the length for both configurations and observe a positive correlation between fiber alignment at the center of the microtissues and tissue length. However, progressive thinning and “necking” is also observed, leading to the failure of longer tissues over time. We use the DLW technique to improve the platform, softening the mechanical environment and optimizing the attachment sites for generation of stable microtissues at each length and geometry. Furthermore, electrical pacing is incorporated into the platform to evaluate the functional dynamics of stable microtissues over the entire range of physiological heart rates. Here, we typically observe a decrease in active force and contraction duration as a function of frequency. Lastly, we use a more traditional ?TUG platform to demonstrate the effects of subthreshold electrical pacing on the rhythm of the spontaneously contracting cardiac microtissues. Here, we observe periodic M:N patterns, in which there are ? cycles of stimulation for every ? tissue contractions. Using electric field amplitude, pacing frequency, and homeostatic beating frequencies of the tissues, we provide an empirical map for predicting the emergence of these rhythms

    CONTROL OF ADVENTITIOUS ROOT FORMATION IN ARABIDOPSIS

    Get PDF
    Adventitious or de novo root organogenesis is a process that occurs from wounded or detached plant tissues or organs. In tissue culture experiments, the available hormone concentrations in the medium play significant roles in inducing adventitious roots. However, regeneration from detached organs in natural conditions depends on endogenous hormones. To imitate natural conditions, Arabidopsis thaliana Col-0 leaf explants were cultured on B5 medium without any added hormones, in order to investigate the endogenous hormonal signalling and molecular mechanisms that lead to de novo root organogenesis. Use was made of a series of hormone signalling reporter lines in transgenic Arabidopsis, to understand better the roles of auxin, cytokinin, ethylene and gibberellin signalling. Cell proliferation was monitored over a developmental time course, and the expression of a number of genes, and their functional roles through mutant analysis, was also investigated during the regeneration process. It was demonstrated that auxin, gibberellin and cytokinin signalling becomes focused at the wound site in the petiole, associated with the induction of adventitious roots. Auxin signalling-defective mutants such as axr1, axr3 and pls were unable to form adventitious roots as well as wild type, reflected in defective expression of auxin pathway genes such as YUC family genes and WOX5. pls and axr1 were also found to be defective in the expression of the transcription factor gene NAC1. Mutants and transgenic overexpression lines for transcriptional regulators RAP2.7, MDF1 and NAC1 showed that the three genes are required for adventitious root formation, and function in an auxin-independent manner to mediate root regeneration. Adventitious root formation from the Arabidopsis leaf therefore requires coordinated expression of a number of transcription factors that work in both an auxin-dependent and -independent manner, and cross talk between auxin and other hormones is important for correct organogenesis

    Investigating and mitigating the role of neutralisation techniques on information security policies violation in healthcare organisations

    Get PDF
    Healthcare organisations today rely heavily on Electronic Medical Records systems (EMRs), which have become highly crucial IT assets that require significant security efforts to safeguard patients’ information. Individuals who have legitimate access to an organisation’s assets to perform their day-to-day duties but intentionally or unintentionally violate information security policies can jeopardise their organisation’s information security efforts and cause significant legal and financial losses. In the information security (InfoSec) literature, several studies emphasised the necessity to understand why employees behave in ways that contradict information security requirements but have offered widely different solutions. In an effort to respond to this situation, this thesis addressed the gap in the information security academic research by providing a deep understanding of the problem of medical practitioners’ behavioural justifications to violate information security policies and then determining proper solutions to reduce this undesirable behaviour. Neutralisation theory was used as the theoretical basis for the research. This thesis adopted a mixed-method research approach that comprises four consecutive phases, and each phase represents a research study that was conducted in light of the results from the preceding phase. The first phase of the thesis started by investigating the relationship between medical practitioners’ neutralisation techniques and their intention to violate information security policies that protect a patient’s privacy. A quantitative study was conducted to extend the work of Siponen and Vance [1] through a study of the Saudi Arabia healthcare industry. The data was collected via an online questionnaire from 66 Medical Interns (MIs) working in four academic hospitals. The study found that six neutralisation techniques—(1) appeal to higher loyalties, (2) defence of necessity, (3) the metaphor of ledger, (4) denial of responsibility, (5) denial of injury, and (6) condemnation of condemners—significantly contribute to the justifications of the MIs in hypothetically violating information security policies. The second phase of this research used a series of semi-structured interviews with IT security professionals in one of the largest academic hospitals in Saudi Arabia to explore the environmental factors that motivated the medical practitioners to evoke various neutralisation techniques. The results revealed that social, organisational, and emotional factors all stimulated the behavioural justifications to breach information security policies. During these interviews, it became clear that the IT department needed to ensure that security policies fit the daily tasks of the medical practitioners by providing alternative solutions to ensure the effectiveness of those policies. Based on these interviews, the objective of the following two phases was to improve the effectiveness of InfoSec policies against the use of behavioural justification by engaging the end users in the modification of existing policies via a collaborative writing process. Those two phases were conducted in the UK and Saudi Arabia to determine whether the collaborative writing process could produce a more effective security policy that balanced the security requirements with daily business needs, thus leading to a reduction in the use of neutralisation techniques to violate security policies. The overall result confirmed that the involvement of the end users via a collaborative writing process positively improved the effectiveness of the security policy to mitigate the individual behavioural justifications, showing that the process is a promising one to enhance security compliance

    Examining the Impact of Personal Social Media Use at Work on Workplace Outcomes

    Get PDF
    A noticable shift is underway in today’s multi-generational workforce. As younger employees propel digital workforce transformation and embrace technology adoption in the workplace, organisations need to show they are forward-thinking in their digital transformation strategies, and the emergent integration of social media in organisations is reshaping internal communication strategies, in a bid to improve corporate reputations and foster employee engagement. However, the impact of personal social media use on psychological and behavioural workplace outcomes is still debatebale with contrasting results in the literature identifying both positive and negative effects on workplace outcomes among organisational employees. This study seeks to examine this debate through the lens of social capital theory and study personal social media use at work using distinct variables of social use, cognitive use, and hedonic use. A quantitative analysis of data from 419 organisational employees in Jordan using SEM-PLS reveals that personal social media use at work is a double-edged sword as its impact differs by usage types. First, the social use of personal social media at work reduces job burnout, turnover intention, presenteeism, and absenteeism; it also increases job involvement and organisational citizen behaviour. Second, the cognitive use of personal social media at work increases job involvement, organisational citizen behaviour, employee adaptability, and decreases presenteeism and absenteeism; it also increases job burnout and turnover intention. Finally, the hedonic use of personal social media at work carries only negative effects by increasing job burnout and turnover intention. This study contributes to managerial understanding by showing the impact of different types of personal social media usage and recommends that organisations not limit employee access to personal social media within work time, but rather focus on raising awareness of the negative effects of excessive usage on employee well-being and encourage low to moderate use of personal social media at work and other personal and work-related online interaction associated with positive workplace outcomes. It also clarifies the need for further research in regions such as the Middle East with distinct cultural and socio-economic contexts

    Full stack development toward a trapped ion logical qubit

    Get PDF
    Quantum error correction is a key step toward the construction of a large-scale quantum computer, by preventing small infidelities in quantum gates from accumulating over the course of an algorithm. Detecting and correcting errors is achieved by using multiple physical qubits to form a smaller number of robust logical qubits. The physical implementation of a logical qubit requires multiple qubits, on which high fidelity gates can be performed. The project aims to realize a logical qubit based on ions confined on a microfabricated surface trap. Each physical qubit will be a microwave dressed state qubit based on 171Yb+ ions. Gates are intended to be realized through RF and microwave radiation in combination with magnetic field gradients. The project vertically integrates software down to hardware compilation layers in order to deliver, in the near future, a fully functional small device demonstrator. This thesis presents novel results on multiple layers of a full stack quantum computer model. On the hardware level a robust quantum gate is studied and ion displacement over the X-junction geometry is demonstrated. The experimental organization is optimized through automation and compressed waveform data transmission. A new quantum assembly language purely dedicated to trapped ion quantum computers is introduced. The demonstrator is aimed at testing implementation of quantum error correction codes while preparing for larger scale iterations.Open Acces
    • …
    corecore