11,209 research outputs found

    Evaluation Methodologies in Software Protection Research

    Full text link
    Man-at-the-end (MATE) attackers have full control over the system on which the attacked software runs, and try to break the confidentiality or integrity of assets embedded in the software. Both companies and malware authors want to prevent such attacks. This has driven an arms race between attackers and defenders, resulting in a plethora of different protection and analysis methods. However, it remains difficult to measure the strength of protections because MATE attackers can reach their goals in many different ways and a universally accepted evaluation methodology does not exist. This survey systematically reviews the evaluation methodologies of papers on obfuscation, a major class of protections against MATE attacks. For 572 papers, we collected 113 aspects of their evaluation methodologies, ranging from sample set types and sizes, over sample treatment, to performed measurements. We provide detailed insights into how the academic state of the art evaluates both the protections and analyses thereon. In summary, there is a clear need for better evaluation methodologies. We identify nine challenges for software protection evaluations, which represent threats to the validity, reproducibility, and interpretation of research results in the context of MATE attacks

    Development of Open Backend Structures for Health Care Professionals to Improve Participation in App Developments: Pilot Usability Study of a Medical App

    Full text link
    BACKGROUND: Efficient digitization in medicine still is in its infancy but undeniably has great potential for current and future challenges in health care. Thus far, the rollout of medical apps has not resulted in widespread use of smartphones in the German health care sector-the reasons for this have not been clarified so far. Nevertheless, the lack of user involvement in the development process and content creation might contribute to low acceptance of these products. OBJECTIVE: This study aims to outline an approach to involve medical expertise without any coding knowledge for developing medical app content and functions. METHODS: An end user-operable backend was built. Its usability was evaluated using a usability evaluation test protocol. The results of the usability tests were evaluated by the app development team, and the usability test was repeated for optimizing backend usability. In total, 40 criteria to measure the ease of app usage were defined a priori. The usability test comprised 20 tasks that had to be fulfilled. Usability tasks were analyzed for completion, dropout, and test duration. Due to the COVID-19 pandemic, digital videoconferencing platforms (Zoom and QuickTime Player) were used to complete usability questionnaires. Finally, several backend-based apps for several specialties (infectiology, plastic and reconstructive surgery, and orthopedics) were developed by health care professionals as prototypes. RESULTS: Initial usability testing was conducted with 5 participants (4 men and 1 woman; mean age 39.2, SD 5.97 years). All of them could complete the assigned backend tasks with only a few workflow interruptions and some minor errors. After usability optimization, the workflow completion time decreased from 5.03 minutes to 3.50 minutes, indicating a time saving. The basic backend structure was clear to all test users and the handling was intuitive to learn. Some minor errors in the backend occurred during the test rounds. The apps developed using the aforementioned approach are in clinical use as a proof of concept. CONCLUSIONS: Backends offering operability for medical professionals might have great potential for app development in the mobile health sector. Sophisticated and time-saving usability are pivotal for the acceptance of medical software, as illustrated by the backend-based apps presented herein, which are in clinical use as a proof of concept. Basic interventions are essential and sufficient for adequate usability optimization. Practicable, well-structured software usability evaluation is possible based on the usability evaluation test protocol

    ACOUSTIC SPEECH MARKERS FOR TRACKING CHANGES IN HYPOKINETIC DYSARTHRIA ASSOCIATED WITH PARKINSON’S DISEASE

    Get PDF
    Previous research has identified certain overarching features of hypokinetic dysarthria associated with Parkinson’s Disease and found it manifests differently between individuals. Acoustic analysis has often been used to find correlates of perceptual features for differential diagnosis. However, acoustic parameters that are robust for differential diagnosis may not be sensitive to tracking speech changes. Previous longitudinal studies have had limited sample sizes or variable lengths between data collection. This study focused on using acoustic correlates of perceptual features to identify acoustic markers able to track speech changes in people with Parkinson’s Disease (PwPD) over six months. The thesis presents how this study has addressed limitations of previous studies to make a novel contribution to current knowledge. Speech data was collected from 63 PwPD and 47 control speakers using an online podcast software at two time points, six months apart (T1 and T2). Recordings of a standard reading passage, minimal pairs, sustained phonation, and spontaneous speech were collected. Perceptual severity ratings were given by two speech and language therapists for T1 and T2, and acoustic parameters of voice, articulation and prosody were investigated. Two analyses were conducted: a) to identify which acoustic parameters can track perceptual speech changes over time and b) to identify which acoustic parameters can track changes in speech intelligibility over time. An additional attempt was made to identify if these parameters showed group differences for differential diagnosis between PwPD and control speakers at T1 and T2. Results showed that specific acoustic parameters in voice quality, articulation and prosody could differentiate between PwPD and controls, or detect speech changes between T1 and T2, but not both factors. However, specific acoustic parameters within articulation could detect significant group and speech change differences across T1 and T2. The thesis discusses these results, their implications, and the potential for future studies

    Fairness Testing: A Comprehensive Survey and Analysis of Trends

    Full text link
    Unfair behaviors of Machine Learning (ML) software have garnered increasing attention and concern among software engineers. To tackle this issue, extensive research has been dedicated to conducting fairness testing of ML software, and this paper offers a comprehensive survey of existing studies in this field. We collect 100 papers and organize them based on the testing workflow (i.e., how to test) and testing components (i.e., what to test). Furthermore, we analyze the research focus, trends, and promising directions in the realm of fairness testing. We also identify widely-adopted datasets and open-source tools for fairness testing

    A Machine Learning based Empirical Evaluation of Cyber Threat Actors High Level Attack Patterns over Low level Attack Patterns in Attributing Attacks

    Full text link
    Cyber threat attribution is the process of identifying the actor of an attack incident in cyberspace. An accurate and timely threat attribution plays an important role in deterring future attacks by applying appropriate and timely defense mechanisms. Manual analysis of attack patterns gathered by honeypot deployments, intrusion detection systems, firewalls, and via trace-back procedures is still the preferred method of security analysts for cyber threat attribution. Such attack patterns are low-level Indicators of Compromise (IOC). They represent Tactics, Techniques, Procedures (TTP), and software tools used by the adversaries in their campaigns. The adversaries rarely re-use them. They can also be manipulated, resulting in false and unfair attribution. To empirically evaluate and compare the effectiveness of both kinds of IOC, there are two problems that need to be addressed. The first problem is that in recent research works, the ineffectiveness of low-level IOC for cyber threat attribution has been discussed intuitively. An empirical evaluation for the measure of the effectiveness of low-level IOC based on a real-world dataset is missing. The second problem is that the available dataset for high-level IOC has a single instance for each predictive class label that cannot be used directly for training machine learning models. To address these problems in this research work, we empirically evaluate the effectiveness of low-level IOC based on a real-world dataset that is specifically built for comparative analysis with high-level IOC. The experimental results show that the high-level IOC trained models effectively attribute cyberattacks with an accuracy of 95% as compared to the low-level IOC trained models where accuracy is 40%.Comment: 20 page

    Consumer Shopping Lifestyle Analysis on Buying Decisions

    Get PDF
    This study aims to clarify how consumers lifestyle influences on their buying decisions. More specifically, we aimed to determine consumer’s preference of products is based on product, price and brand of the products and whether consumers’ demographic variables such as age, and gender, influence their decision. It is necessary to segment people based on their lifestyle and to develop marketing strategies that influence Mongolian consumers' decision-making process. Researchers spread out a thousand surveys to the participants and eight hundred eighty-eight questionnaires were analyzed using SPSS 28 and Smart PLS 4.The findings indicate that consumers' shopping orientations have a significant impact on their buying behavior, and demographic variables such as age and gender strongly influence purchasing decisions. Specifically, male consumers prioritize product quality, while females are more price-conscious when making purchases. Keywords: consumer lifestyle, brand-oriented, price-oriented, quality-oriented, buying decision DOI: 10.7176/EJBM/15-8-01 Publication date: April 30th 2023

    History, Features, Challenges, and Critical Success Factors of Enterprise Resource Planning (ERP) in The Era of Industry 4.0

    Get PDF
    ERP has been adopting newer features over the last several decades and shaping global businesses with the advent of newer technologies. This research article uses a state-of-the-art review method with the purpose to review and synthesize the latest information on the possible integration of potential Industry 4.0 technologies into the future development of ERP. Different software that contributed to the development of the existing ERP is found to be Material Requirement Planning (MRP), Manufacturing Resource Planning (MRPII), and Computer Integrated Manufacturing (CIM). Potential disruptive Industry 4.0 technologies that are featured to be integrated into future ERP are artificial intelligence, business intelligence, the internet of things, big data, blockchain technology, and omnichannel strategy. Notable Critical Success Factors of ERP have been reported to be top management support, project team, IT infrastructure, communication, skilled staff, training & education, and monitoring & evaluation. Moreover, cybersecurity has been found to be the most challenging issue to overcome in future versions of ERP. This review article could help future ERP researchers and respective stakeholders contribute to integrating newer features in future versions of ERP

    Tourism and heritage in the Chornobyl Exclusion Zone

    Get PDF
    Tourism and Heritage in the Chornobyl Exclusion Zone (CEZ) uses an ethnographic lens to explore the dissonances associated with the commodification of Chornobyl's heritage. The book considers the role of the guides as experience brokers, focusing on the synergy between tourists and guides in the performance of heritage interpretation. Banaszkiewicz proposes to perceive tour guides as important actors in the bottom-up construction of heritage discourse contributing to more inclusive and participatory approach to heritage management. Demonstrating that the CEZ has been going through a dynamic transformation into a mass tourism attraction, the book offers a critical reflection on heritagisation as a meaning-making process in which the resources of the past are interpreted, negotiated, and recognised as a valuable legacy. Applying the concepts of dissonant heritage to describe the heterogeneous character of the CEZ, the book broadens the interpretative scope of dark tourism which takes on a new dimension in the context of the war in Ukraine. Tourism and Heritage in the Chornobyl Exclusion Zone argues that post-disaster sites such as Chornobyl can teach us a great deal about the importance of preserving cultural and natural heritage for future generations. The book will be of interest to academics and students who are engaged in the study of heritage, tourism, memory, disasters and Eastern Europe

    Security and Privacy Problems in Voice Assistant Applications: A Survey

    Full text link
    Voice assistant applications have become omniscient nowadays. Two models that provide the two most important functions for real-life applications (i.e., Google Home, Amazon Alexa, Siri, etc.) are Automatic Speech Recognition (ASR) models and Speaker Identification (SI) models. According to recent studies, security and privacy threats have also emerged with the rapid development of the Internet of Things (IoT). The security issues researched include attack techniques toward machine learning models and other hardware components widely used in voice assistant applications. The privacy issues include technical-wise information stealing and policy-wise privacy breaches. The voice assistant application takes a steadily growing market share every year, but their privacy and security issues never stopped causing huge economic losses and endangering users' personal sensitive information. Thus, it is important to have a comprehensive survey to outline the categorization of the current research regarding the security and privacy problems of voice assistant applications. This paper concludes and assesses five kinds of security attacks and three types of privacy threats in the papers published in the top-tier conferences of cyber security and voice domain.Comment: 5 figure

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research
    • …
    corecore