Pishing Attacks in Network Security

In the last few decays, phishing tricks have swiftly grown posing enormous threat to worldwide Internet security. These days, phishing attacks are one of the utmost common and serious threats over internet whereas cyber attackers are trying to steal users personal information regarding their financial assets by using different malwares and social engineering. The usual way of phishing attacks use some electronic messaging like emails or by providing the links that appears to be legitimate sites but actually these sites are malicious and controlled by the attackers. To detect phishing attack at high accuracy is always a crucial and has been great issue of interest. Recently many detection techniques has been introduced which are specifically designed for the detection of phishing with extreme accuracy. In this report the phishing attacks are discuss with some of the techniques which are proposed in various literature

Dynamic adversarial mining - effectively applying machine learning in adversarial non-stationary environments.

While understanding of machine learning and data mining is still in its budding stages, the engineering applications of the same has found immense acceptance and success. Cybersecurity applications such as intrusion detection systems, spam filtering, and CAPTCHA authentication, have all begun adopting machine learning as a viable technique to deal with large scale adversarial activity. However, the naive usage of machine learning in an adversarial setting is prone to reverse engineering and evasion attacks, as most of these techniques were designed primarily for a static setting. The security domain is a dynamic landscape, with an ongoing never ending arms race between the system designer and the attackers. Any solution designed for such a domain needs to take into account an active adversary and needs to evolve over time, in the face of emerging threats. We term this as the ‘Dynamic Adversarial Mining’ problem, and the presented work provides the foundation for this new interdisciplinary area of research, at the crossroads of Machine Learning, Cybersecurity, and Streaming Data Mining. We start with a white hat analysis of the vulnerabilities of classification systems to exploratory attack. The proposed ‘Seed-Explore-Exploit’ framework provides characterization and modeling of attacks, ranging from simple random evasion attacks to sophisticated reverse engineering. It is observed that, even systems having prediction accuracy close to 100%, can be easily evaded with more than 90% precision. This evasion can be performed without any information about the underlying classifier, training dataset, or the domain of application. Attacks on machine learning systems cause the data to exhibit non stationarity (i.e., the training and the testing data have different distributions). It is necessary to detect these changes in distribution, called concept drift, as they could cause the prediction performance of the model to degrade over time. However, the detection cannot overly rely on labeled data to compute performance explicitly and monitor a drop, as labeling is expensive and time consuming, and at times may not be a possibility altogether. As such, we propose the ‘Margin Density Drift Detection (MD3)’ algorithm, which can reliably detect concept drift from unlabeled data only. MD3 provides high detection accuracy with a low false alarm rate, making it suitable for cybersecurity applications; where excessive false alarms are expensive and can lead to loss of trust in the warning system. Additionally, MD3 is designed as a classifier independent and streaming algorithm for usage in a variety of continuous never-ending learning systems. We then propose a ‘Dynamic Adversarial Mining’ based learning framework, for learning in non-stationary and adversarial environments, which provides ‘security by design’. The proposed ‘Predict-Detect’ classifier framework, aims to provide: robustness against attacks, ease of attack detection using unlabeled data, and swift recovery from attacks. Ideas of feature hiding and obfuscation of feature importance are proposed as strategies to enhance the learning framework\u27s security. Metrics for evaluating the dynamic security of a system and recover-ability after an attack are introduced to provide a practical way of measuring efficacy of dynamic security strategies. The framework is developed as a streaming data methodology, capable of continually functioning with limited supervision and effectively responding to adversarial dynamics. The developed ideas, methodology, algorithms, and experimental analysis, aim to provide a foundation for future work in the area of ‘Dynamic Adversarial Mining’, wherein a holistic approach to machine learning based security is motivated

Cyber Security Concerns in Social Networking Service

Today’s world is unimaginable without online social networks. Nowadays, millions of people connect with their friends and families by sharing their personal information with the help of different forms of social media. Sometimes, individuals face different types of issues while maintaining the multimedia contents like, audios, videos, photos because it is difficult to maintain the security and privacy of these multimedia contents uploaded on a daily basis. In fact, sometimes personal or sensitive information could get viral if that leaks out even unintentionally. Any leaked out content can be shared and made a topic of popular talk all over the world within few seconds with the help of the social networking sites. In the setting of Internet of Things (IoT) that would connect millions of devices, such contents could be shared from anywhere anytime. Considering such a setting, in this work, we investigate the key security and privacy concerns faced by individuals who use different social networking sites differently for different reasons. We also discuss the current state-of-the-art defense mechanisms that can bring somewhat long-term solutions to tackling these threats

Best practices for publishing linked data

Este documento establece una serie de buenas prácticas destinadas a facilitar el desarrollo y la entrega de los datos de gobierno abierto como Linked Open Data. Linked Open Data convierte a la World Wide Web en una base de datos global, a veces denominada como "Web de datos". Utilizando los principios de Linked Data, los desarrolladores pueden consultar datos enlazados provenientes de múltiples fuentes a la vez y combinarlos sin la necesidad de un único esquema común que todos los datos comparten. Anteriormente a las normas internacionales para el intercambio de datos para datos en la Web, construir aplicaciones utilizando técnicas tradicionales de gestión de datos era lento y difícil. Dado que se publican en la web cada vez más los datos de gobierno abierto, las buenas prácticas están evolucionando también. El objetivo de este documento es compilar las prácticas de gestión de los datos más relevantes para la publicación y uso de datos de alta calidad publicados por los gobiernos de todo el mundo como Linked Open Data.W3

Systematic Literature Review

Mutemi, A., & Bação, F. (2023). E-Commerce Fraud Detection Based on Machine Learning Techniques: Systematic Literature Review. Big Data Mining and Analytics, 1-27. https://doi.org/10.26599/BDMA.2023.9020023The e-commerce industry's rapid growth, accelerated by the COVID-19 pandemic, has led to an alarming increase in digital fraud and associated losses. To establish a healthy e-commerce ecosystem, robust cyber security and anti-fraud measures are crucial. However, research on fraud detection systems has struggled to keep pace due to limited real-world datasets. Advances in artificial intelligence, machine learning, and cloud computing have revitalized research and applications in this domain. While machine learning and data mining techniques are popular in fraud detection, specific reviews focusing on their application in ecommerce platforms like eBay and Facebook are lacking depth. Existing reviews provide broad overviews but fail to grasp the intricacies of machine learning algorithms in the e-commerce context. To bridge this gap, our study conducts a systematic literature review using the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) methodology. We aim to explore the effectiveness of these techniques in fraud detection within digital marketplaces and the broader e-commerce landscape. Understanding the current state of the literature and emerging trends is crucial given the rising fraud incidents and associated costs. Through our investigation, we identify research opportunities and provide insights to industry stakeholders on key machine learning and data mining techniques for combating e-commerce fraud. Our paper examines the research on these techniques as published in the past decade. Employing the PRISMA approach, we conducted a content analysis of 101 publications, identifying research gaps, recent techniques, and highlighting the increasing utilization of artificial neural networks in fraud detection within the industry.publishersversionepub_ahead_of_prin

Cyber risks and Swiss SMEs : an investigation of employee attitudes and behavioral vulnerabilities

Cyber attacks are an increasingly significant issue for Swiss SMEs. About one third have already experienced cyber attacks, and four percent have been blackmailed as a result. Most of these problems began with phishing attacks, where criminal elements gained access to the IT system by exploiting an employee error or oversight. We interviewed several employees of Swiss SMEs to understand how their attitudes towards cyber attacks may affect this vulnerability and to develop practical suggestions for corrective action. The interviews were conducted using deep metaphors to understand the hidden cultural and emotional drivers of behavior rather than the rational, visible components. We developed three recommendations to take advantage of the proactive culture at SMEs and decrease their dependence on third-party providers: raise awareness, empower employees, and train a recovery mode

Evaluation of Fruška Gora National Park (Serbia) for sport and recreational tourism

The Fruška Gora National Park has one of the biggest sport and recreational potentials in Vojvodina, Serbia. Because of its favorable natural and geographical features Fruška Gora National Park. Since sports and recreational tourism is of growing importance in the tourism industry, the evaluation method to create a high quality tourism product becomes inevitable. Empirical research conducted on a sample of 304 respondents was aimed at showing the existing potentials of Fruška Gora National Park related to sport and recreational tourism. The interviews with experts from the Provincial Secretariat for Environmental Protection, the National Park and the Cycling Association of Vojvodina helped the SWOT analysis of sport and recreational tourism on Fruška Gora National Park

ACUTA Journal of Telecommunications in Higher Education

In This Issue President\u27s Message From the ACUTA GEO Privacy Matters Crisis on Campus Appropriate and Reasonable Protections Securing the Cloud: Key Contract Provisions for lnstitutions Changing Behavior...Changing Mindsets Holes in University BYOD Policies The impact of the Smartphone Ecosystem Phishing, the Path of Least Resistance 2014 lnstitutional Excellence Awar

Strategies That Mitigate IT Infrastructure Demands Produced by Student BYOD Usa

The use of bring your own devices (BYOD) is a global phenomenon, and nowhere is it more evident than on a college campus. The use of BYOD on academic campuses has grown and evolved through time. The purpose of this qualitative multiple case study was to identify the successful strategies used by chief information officers (CIOs) to mitigate information technology infrastructure demands produced by student BYOD usage. The diffusion of innovation model served as the conceptual framework. The population consisted of CIOs from community colleges within North Carolina. The data collection process included semistructured, in-depth face-to-face interviews with 9 CIOs and the analysis of 25 documents, all from participant case organizations. Member checking was used to increase the validity of the findings. During the data analysis phase, the data were coded, sorted, queried, and analyzed obtained from semistructured interviews and organizational documentation with NVivo, a qualitative data analysis computer software package. Through methodological triangulation, 3 major themes emerged from the study: the importance of technology management tools, the importance of security awareness training, and the importance of BYOD security policies and procedures. These themes highlight successful strategies employed by CIOs. The implications for positive social change as a result of this study include creating a more positive experience for students interacting with technology on campus. Effects on social change will also arise by increasing a student\u27s mindfulness through security awareness programs, which will empower the student to take more control of their online presence and as they pass that information along to family and friends

Improving Social Bot Detection Through Aid And Training

Objective: We test the effects of three aids on individuals\u27 ability to detect social bots among Twitter personas: a bot indicator score, a training video, and a warning. Background: Detecting social bots can prevent online deception. We use a simulated social media task to evaluate three aids. Method: Lay participants judged whether each of 60 Twitter personas was a human or social bot in a simulated online environment, using agreement between three machine learning algorithms to estimate the probability of each persona being a bot. Experiment 1 compared a control group and two intervention groups, one provided a bot indicator score for each tweet; the other provided a warning about social bots. Experiment 2 compared a control group and two intervention groups, one receiving the bot indicator scores and the other a training video, focused on heuristics for identifying social bots. Results: The bot indicator score intervention improved predictive performance and reduced overconfidence in both experiments. The training video was also effective, although somewhat less so. The warning had no effect. Participants rarely reported willingness to share content for a persona that they labeled as a bot, even when they agreed with it. Conclusions: Informative interventions improved social bot detection; warning alone did not. Application: We offer an experimental testbed and methodology that can be used to evaluate and refine interventions designed to reduce vulnerability to social bots. We show the value of two interventions that could be applied in many settings