11,209 research outputs found
Evaluation Methodologies in Software Protection Research
Man-at-the-end (MATE) attackers have full control over the system on which
the attacked software runs, and try to break the confidentiality or integrity
of assets embedded in the software. Both companies and malware authors want to
prevent such attacks. This has driven an arms race between attackers and
defenders, resulting in a plethora of different protection and analysis
methods. However, it remains difficult to measure the strength of protections
because MATE attackers can reach their goals in many different ways and a
universally accepted evaluation methodology does not exist. This survey
systematically reviews the evaluation methodologies of papers on obfuscation, a
major class of protections against MATE attacks. For 572 papers, we collected
113 aspects of their evaluation methodologies, ranging from sample set types
and sizes, over sample treatment, to performed measurements. We provide
detailed insights into how the academic state of the art evaluates both the
protections and analyses thereon. In summary, there is a clear need for better
evaluation methodologies. We identify nine challenges for software protection
evaluations, which represent threats to the validity, reproducibility, and
interpretation of research results in the context of MATE attacks
Development of Open Backend Structures for Health Care Professionals to Improve Participation in App Developments: Pilot Usability Study of a Medical App
BACKGROUND: Efficient digitization in medicine still is in its infancy but undeniably has great potential for current and future challenges in health care. Thus far, the rollout of medical apps has not resulted in widespread use of smartphones in the German health care sector-the reasons for this have not been clarified so far. Nevertheless, the lack of user involvement in the development process and content creation might contribute to low acceptance of these products.
OBJECTIVE: This study aims to outline an approach to involve medical expertise without any coding knowledge for developing medical app content and functions.
METHODS: An end user-operable backend was built. Its usability was evaluated using a usability evaluation test protocol. The results of the usability tests were evaluated by the app development team, and the usability test was repeated for optimizing backend usability. In total, 40 criteria to measure the ease of app usage were defined a priori. The usability test comprised 20 tasks that had to be fulfilled. Usability tasks were analyzed for completion, dropout, and test duration. Due to the COVID-19 pandemic, digital videoconferencing platforms (Zoom and QuickTime Player) were used to complete usability questionnaires. Finally, several backend-based apps for several specialties (infectiology, plastic and reconstructive surgery, and orthopedics) were developed by health care professionals as prototypes.
RESULTS: Initial usability testing was conducted with 5 participants (4 men and 1 woman; mean age 39.2, SD 5.97 years). All of them could complete the assigned backend tasks with only a few workflow interruptions and some minor errors. After usability optimization, the workflow completion time decreased from 5.03 minutes to 3.50 minutes, indicating a time saving. The basic backend structure was clear to all test users and the handling was intuitive to learn. Some minor errors in the backend occurred during the test rounds. The apps developed using the aforementioned approach are in clinical use as a proof of concept.
CONCLUSIONS: Backends offering operability for medical professionals might have great potential for app development in the mobile health sector. Sophisticated and time-saving usability are pivotal for the acceptance of medical software, as illustrated by the backend-based apps presented herein, which are in clinical use as a proof of concept. Basic interventions are essential and sufficient for adequate usability optimization. Practicable, well-structured software usability evaluation is possible based on the usability evaluation test protocol
ACOUSTIC SPEECH MARKERS FOR TRACKING CHANGES IN HYPOKINETIC DYSARTHRIA ASSOCIATED WITH PARKINSON’S DISEASE
Previous research has identified certain overarching features of hypokinetic dysarthria
associated with Parkinson’s Disease and found it manifests differently between
individuals. Acoustic analysis has often been used to find correlates of perceptual
features for differential diagnosis. However, acoustic parameters that are robust for
differential diagnosis may not be sensitive to tracking speech changes. Previous
longitudinal studies have had limited sample sizes or variable lengths between data
collection. This study focused on using acoustic correlates of perceptual features to
identify acoustic markers able to track speech changes in people with Parkinson’s
Disease (PwPD) over six months. The thesis presents how this study has addressed
limitations of previous studies to make a novel contribution to current knowledge.
Speech data was collected from 63 PwPD and 47 control speakers using an online
podcast software at two time points, six months apart (T1 and T2). Recordings of a
standard reading passage, minimal pairs, sustained phonation, and spontaneous speech
were collected. Perceptual severity ratings were given by two speech and language
therapists for T1 and T2, and acoustic parameters of voice, articulation and prosody
were investigated. Two analyses were conducted: a) to identify which acoustic
parameters can track perceptual speech changes over time and b) to identify which
acoustic parameters can track changes in speech intelligibility over time. An additional
attempt was made to identify if these parameters showed group differences for
differential diagnosis between PwPD and control speakers at T1 and T2.
Results showed that specific acoustic parameters in voice quality, articulation and
prosody could differentiate between PwPD and controls, or detect speech changes
between T1 and T2, but not both factors. However, specific acoustic parameters within
articulation could detect significant group and speech change differences across T1 and
T2. The thesis discusses these results, their implications, and the potential for future
studies
Fairness Testing: A Comprehensive Survey and Analysis of Trends
Unfair behaviors of Machine Learning (ML) software have garnered increasing
attention and concern among software engineers. To tackle this issue, extensive
research has been dedicated to conducting fairness testing of ML software, and
this paper offers a comprehensive survey of existing studies in this field. We
collect 100 papers and organize them based on the testing workflow (i.e., how
to test) and testing components (i.e., what to test). Furthermore, we analyze
the research focus, trends, and promising directions in the realm of fairness
testing. We also identify widely-adopted datasets and open-source tools for
fairness testing
A Machine Learning based Empirical Evaluation of Cyber Threat Actors High Level Attack Patterns over Low level Attack Patterns in Attributing Attacks
Cyber threat attribution is the process of identifying the actor of an attack
incident in cyberspace. An accurate and timely threat attribution plays an
important role in deterring future attacks by applying appropriate and timely
defense mechanisms. Manual analysis of attack patterns gathered by honeypot
deployments, intrusion detection systems, firewalls, and via trace-back
procedures is still the preferred method of security analysts for cyber threat
attribution. Such attack patterns are low-level Indicators of Compromise (IOC).
They represent Tactics, Techniques, Procedures (TTP), and software tools used
by the adversaries in their campaigns. The adversaries rarely re-use them. They
can also be manipulated, resulting in false and unfair attribution. To
empirically evaluate and compare the effectiveness of both kinds of IOC, there
are two problems that need to be addressed. The first problem is that in recent
research works, the ineffectiveness of low-level IOC for cyber threat
attribution has been discussed intuitively. An empirical evaluation for the
measure of the effectiveness of low-level IOC based on a real-world dataset is
missing. The second problem is that the available dataset for high-level IOC
has a single instance for each predictive class label that cannot be used
directly for training machine learning models. To address these problems in
this research work, we empirically evaluate the effectiveness of low-level IOC
based on a real-world dataset that is specifically built for comparative
analysis with high-level IOC. The experimental results show that the high-level
IOC trained models effectively attribute cyberattacks with an accuracy of 95%
as compared to the low-level IOC trained models where accuracy is 40%.Comment: 20 page
Consumer Shopping Lifestyle Analysis on Buying Decisions
This study aims to clarify how consumers lifestyle influences on their buying decisions. More specifically, we aimed to determine consumer’s preference of products is based on product, price and brand of the products and whether consumers’ demographic variables such as age, and gender, influence their decision. It is necessary to segment people based on their lifestyle and to develop marketing strategies that influence Mongolian consumers' decision-making process. Researchers spread out a thousand surveys to the participants and eight hundred eighty-eight questionnaires were analyzed using SPSS 28 and Smart PLS 4.The findings indicate that consumers' shopping orientations have a significant impact on their buying behavior, and demographic variables such as age and gender strongly influence purchasing decisions. Specifically, male consumers prioritize product quality, while females are more price-conscious when making purchases. Keywords: consumer lifestyle, brand-oriented, price-oriented, quality-oriented, buying decision DOI: 10.7176/EJBM/15-8-01 Publication date: April 30th 2023
History, Features, Challenges, and Critical Success Factors of Enterprise Resource Planning (ERP) in The Era of Industry 4.0
ERP has been adopting newer features over the last several decades and shaping global businesses with the advent of newer technologies. This research article uses a state-of-the-art review method with the purpose to review and synthesize the latest information on the possible integration of potential Industry 4.0 technologies into the future development of ERP. Different software that contributed to the development of the existing ERP is found to be Material Requirement Planning (MRP), Manufacturing Resource Planning (MRPII), and Computer Integrated Manufacturing (CIM). Potential disruptive Industry 4.0 technologies that are featured to be integrated into future ERP are artificial intelligence, business intelligence, the internet of things, big data, blockchain technology, and omnichannel strategy. Notable Critical Success Factors of ERP have been reported to be top management support, project team, IT infrastructure, communication, skilled staff, training & education, and monitoring & evaluation. Moreover, cybersecurity has been found to be the most challenging issue to overcome in future versions of ERP. This review article could help future ERP researchers and respective stakeholders contribute to integrating newer features in future versions of ERP
Tourism and heritage in the Chornobyl Exclusion Zone
Tourism and Heritage in the Chornobyl Exclusion Zone (CEZ) uses an ethnographic lens to explore the dissonances associated with the commodification of Chornobyl's heritage.
The book considers the role of the guides as experience brokers, focusing on the synergy between tourists and guides in the performance of heritage interpretation. Banaszkiewicz proposes to perceive tour guides as important actors in the bottom-up construction of heritage discourse contributing to more inclusive and participatory approach to heritage management. Demonstrating that the CEZ has been going through a dynamic transformation into a mass tourism attraction, the book offers a critical reflection on heritagisation as a meaning-making process in which the resources of the past are interpreted, negotiated, and recognised as a valuable legacy. Applying the concepts of dissonant heritage to describe the heterogeneous character of the CEZ, the book broadens the interpretative scope of dark tourism which takes on a new dimension in the context of the war in Ukraine.
Tourism and Heritage in the Chornobyl Exclusion Zone argues that post-disaster sites such as Chornobyl can teach us a great deal about the importance of preserving cultural and natural heritage for future generations. The book will be of interest to academics and students who are engaged in the study of heritage, tourism, memory, disasters and Eastern Europe
Security and Privacy Problems in Voice Assistant Applications: A Survey
Voice assistant applications have become omniscient nowadays. Two models that
provide the two most important functions for real-life applications (i.e.,
Google Home, Amazon Alexa, Siri, etc.) are Automatic Speech Recognition (ASR)
models and Speaker Identification (SI) models. According to recent studies,
security and privacy threats have also emerged with the rapid development of
the Internet of Things (IoT). The security issues researched include attack
techniques toward machine learning models and other hardware components widely
used in voice assistant applications. The privacy issues include technical-wise
information stealing and policy-wise privacy breaches. The voice assistant
application takes a steadily growing market share every year, but their privacy
and security issues never stopped causing huge economic losses and endangering
users' personal sensitive information. Thus, it is important to have a
comprehensive survey to outline the categorization of the current research
regarding the security and privacy problems of voice assistant applications.
This paper concludes and assesses five kinds of security attacks and three
types of privacy threats in the papers published in the top-tier conferences of
cyber security and voice domain.Comment: 5 figure
The Viability and Potential Consequences of IoT-Based Ransomware
With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested.
As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed.
For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim.
Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research
- …