SECURITY AND USER EXPERIENCE: A HOLISTIC MODEL FOR CAPTCHA USABILITY ISSUES

CAPTCHA is a widely adopted security measure in the Web, and is designed to effectively distinguish humans and bots by exploiting human’s ability to recognize patterns that an automated bot is incapable of. To counter this, bots are being designed to recognize patterns in CAPTCHAs. As a result, CAPTCHAs are now being designed to maximize the difficulty for bots to pass human interaction proof tests, while making it quite an arduous task even for humans as well. The approachability of CAPTCHA is increasingly being questioned because of the inconvenience it causes to legitimate users. Irrespective of the popularity, CAPTCHA is indispensable if one wants to avoid potential security threats. We investigated the usability issues associated with CAPTCHA. We built a holistic model by identifying the important concepts associated with CAPTCHAs and its usability. This model can be used as a guide for the design and evaluation of CAPTCHAs

Foundations, Properties, and Security Applications of Puzzles: A Survey

Cryptographic algorithms have been used not only to create robust ciphertexts but also to generate cryptograms that, contrary to the classic goal of cryptography, are meant to be broken. These cryptograms, generally called puzzles, require the use of a certain amount of resources to be solved, hence introducing a cost that is often regarded as a time delay---though it could involve other metrics as well, such as bandwidth. These powerful features have made puzzles the core of many security protocols, acquiring increasing importance in the IT security landscape. The concept of a puzzle has subsequently been extended to other types of schemes that do not use cryptographic functions, such as CAPTCHAs, which are used to discriminate humans from machines. Overall, puzzles have experienced a renewed interest with the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In this paper, we provide a comprehensive study of the most important puzzle construction schemes available in the literature, categorizing them according to several attributes, such as resource type, verification type, and applications. We have redefined the term puzzle by collecting and integrating the scattered notions used in different works, to cover all the existing applications. Moreover, we provide an overview of the possible applications, identifying key requirements and different design approaches. Finally, we highlight the features and limitations of each approach, providing a useful guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing Survey

Analisa Kerentanan Sis.trisakti.ac.id Menggunakan Teknik Vulnerability Scan

Security means freedom from the fear of losing the object, his or her secret known to others. According to the terminology of US DoD 2011, Information Security (InfoSec) is safeguardsfor information and information systems, from someone's access or unauthorized information modification that occurs on storage media or data transmission. The purpose of this study is to determine the "definition", system architecture, Misuse Cases Diagram, Categorizing and Detailing and recommendations for improvements the sis.trisakti.ac.id system. sis.trisakti.ac.id is one of the Trisakti University web site that provides academic information system services for the Trisakti University academic community. To test the system security level and the data on the website sis.trisakti.ac.id vulnerability scan method is required and the result will be recommended for improvement of the existing systems. From the test results using a vulnerability scan, there is a vulnerability gap in the form of SQL injection vulnerabilities on the sis.trisakti.ac.id system.Keamanan dapat diartikan bebas dari rasa takut akan kehilangan benda miliknya, ataupun rahasianya diketahui orang lain. Menurut terminologi dari DoD US 2011, Keamanan Informasi (InfoSec) adalah upaya perlindungan informasi dan sistem informasi terhadap akses atau modifikasi informasi yang tidak sah yang dapat terjadi pada media penyimpanan atau transmisi data. Tujuan penelitian ini digunakan untuk menentukan “definition”, system architecture, Misuse Cases Diagram, Categorizing and Detailing dan rekomendasi perbaikan untuk sistem sis.trisakti.ac.id. sis.trisakti.ac.id merupakan salah satu situs webTrisakti yang menyediakan layanan sistem informasi akademik bagi sivitas akademika Universitas Trisakti. Untuk menguji tingkat keamanan sistem dan data pada website sis.trisakti.ac.id diperlukan metode vulnerability scan yang hasilnya berupa rekomendasi perbaikan sistem yang telah ada. Dari hasil pengujian menggunakan vulnerability scan didapatkan informasi tentang celah kerentanan sistem dalam bentuk kerentanan injeksi SQL pada sistem sis.trisakti.ac.id

Detecting and Mitigating Adversarial Attack

Automating arrhythmia detection from ECG requires a robust and trusted system that retains high accuracy under electrical disturbances. Deep neural networks have become a popular technique for tracing ECG signals, outperforming human experts. Many approaches have reached human-level performance in classifying arrhythmia from ECGs. Even convolutional neural networks are susceptible to adversarial examples as well that can also misclassify ECG signals. Moreover, they do not generalize well on the out-of-distribution dataset. Adversarial attacks are small crafted perturbations injected in the original data which manifest the out-of-distribution shifts in signal to misclassify the correct class. However, these architectures are vulnerable to adversarial attacks as well. The GAN architecture has been employed in recent works to synthesize adversarial ECG signals to increase existing training data. However, they use a disjointed CNN-based classification architecture to detect arrhythmia. Till now, no versatile architecture has been proposed that can detect adversarial examples and classify arrhythmia simultaneously. In this work, we propose two novel conditional generative adversarial networks (GAN), ECG-Adv-GAN and ECG-ATK-GAN, to simultaneously generate ECG signals for different categories and detect cardiac abnormalities. The model is conditioned on class-specific ECG signals to synthesize realistic adversarial examples. Moreover, the ECG-ATK-GAN is robust against adversarial attacked ECG signals and retains high accuracy when exposed to various types of adversarial attacks while classifying arrhythmia. We benchmark our architecture on six different white and black-box attacks and compare them with other recently proposed arrhythmia classification models. When considering the defense strategy, the variation of the adversarial attacks, both targeted and non-targeted, can determine the perturbation by calculating the gradient. Novel defenses are being introduced to improve upon existing techniques to fend off each new attack. This back-and-forth game between attack and defense is persistently recurring, and it became significant to understand the pattern and behavior of the attacker to create a robust defense. One widespread tactic is applying a mathematically based model like Game theory. To analyze this circumstance, we propose a computational framework of game theory to analyze the CNN Classifier's vulnerability, strategy, and outcomes by forming a simultaneous two-player game. We represent the interaction in the Stackelberg Game in Kuhn tree to study players' possible behaviors and actions by applying our Classifier's actual predicted values in CAPTCHA dataset. Thus, we interpret potential attacks in deep learning applications while representing viable defense strategies from the Game theoretical perspective

Mothers\u27 Adaptation to Caring for a New Baby

To date, most research on parents\u27 adjustment after adding a new baby to their family unit has focused on mothers\u27 initial transition to parenthood. This past research has examined changes in mothers\u27 marital satisfaction and perceived well-being across the transition, and has compared their prenatal expectations to their postnatal experiences. This project assessed first-time and experienced mothers\u27 stress and satisfaction associated with parenting, their adjustment to competing demands, and their perceived well-being longitudinally before and after the birth of a baby. Additionally, how maternal and child-related variables influenced the trajectory of mothers\u27 postnatal adaptation was assessed. These variables included mothers\u27 age, their education level, their prenatal expectations and postnatal experiences concerning shared infant care, their satisfaction with the division of infant caregiving, and their perceptions of their infant\u27s temperament. Mothers (N = 136) completed an online survey during their third trimester and additional online surveys when their baby was approximately 2, 4, 6, and 8 weeks old.;First-time mothers prenatally expected a more equal division of infant caregiving between themselves and their partners than did experienced mothers. Both first-time and experienced mothers reported less assistance from their partners than they had prenatally expected. Additionally, they experienced almost twice as many violated expectations than met expectations. Growth curve modeling revealed that a cubic function of time best fit the trajectory of mothers\u27 postnatal parenting satisfaction. Mothers reported less parenting satisfaction at 4 weeks, compared to 2 and 6 weeks, and reported stability in their satisfaction between 6 and 8 weeks. A quadratic function of time best fit the trajectories of mothers\u27 postnatal parenting stress and adjustment to the demands of their baby. Mothers reported more stress and difficulty adjusting to their baby\u27s demands at 4 and 6 weeks, compared to 2 and 8 weeks. A linear function of time best fit the trajectories of mothers\u27 adjustment to home demands, generalized state anxiety, and depressive symptoms. Mothers reported less difficulty meeting home demands, less generalized anxiety, and fewer depressive symptoms across the postnatal period. Mothers\u27 violated expectations were associated with level differences in all aspects of mothers\u27 postnatal adaptation except their adjustment to home demands. Specifically, more violated expectations, in number or in magnitude, were associated with poorer postnatal adaptation. Mothers\u27 violated expectations were not associated with the slope of mothers\u27 postnatal adaptation trajectories. Exploratory models revealed that other maternal and child-related variables also impacted the level and slope of mothers\u27 postnatal adaptation.;Overall, first-time and experienced mothers were more similar than different in regards to their postnatal adaptation. This study suggests that prior findings concerning adults\u27 initial transition to parenthood may also apply to adults during each addition of a new baby into the family unit. Additionally, mothers who reported less of a mismatch between their expectations and experiences concerning shared infant care had fewer issues adapting the postnatal period. Thus, methods to increase the assistance mothers receive from their partner should be sought. Limitations of this study and suggestions for future research are also discussed

Enhancing Online Security with Image-based Captchas

Given the data loss, productivity, and financial risks posed by security breaches, there is a great need to protect online systems from automated attacks. Completely Automated Public Turing Tests to Tell Computers and Humans Apart, known as CAPTCHAs, are commonly used as one layer in providing online security. These tests are intended to be easily solvable by legitimate human users while being challenging for automated attackers to successfully complete. Traditionally, CAPTCHAs have asked users to perform tasks based on text recognition or categorization of discrete images to prove whether or not they are legitimate human users. Over time, the efficacy of these CAPTCHAs has been eroded by improved optical character recognition, image classification, and machine learning techniques that can accurately solve many CAPTCHAs at rates approaching those of humans. These CAPTCHAs can also be difficult to complete using the touch-based input methods found on widely used tablets and smartphones.;This research proposes the design of CAPTCHAs that address the shortcomings of existing implementations. These CAPTCHAs require users to perform different image-based tasks including face detection, face recognition, multimodal biometrics recognition, and object recognition to prove they are human. These are tasks that humans excel at but which remain difficult for computers to complete successfully. They can also be readily performed using click- or touch-based input methods, facilitating their use on both traditional computers and mobile devices.;Several strategies are utilized by the CAPTCHAs developed in this research to enable high human success rates while ensuring negligible automated attack success rates. One such technique, used by fgCAPTCHA, employs image quality metrics and face detection algorithms to calculate a fitness value representing the simulated performance of human users and automated attackers, respectively, at solving each generated CAPTCHA image. A genetic learning algorithm uses these fitness values to determine customized generation parameters for each CAPTCHA image. Other approaches, including gradient descent learning, artificial immune systems, and multi-stage performance-based filtering processes, are also proposed in this research to optimize the generated CAPTCHA images.;An extensive RESTful web service-based evaluation platform was developed to facilitate the testing and analysis of the CAPTCHAs developed in this research. Users recorded over 180,000 attempts at solving these CAPTCHAs using a variety of devices. The results show the designs created in this research offer high human success rates, up to 94.6\% in the case of aiCAPTCHA, while ensuring resilience against automated attacks

Marble Slabs Classification System Based on Image Processing (Ark Marble Mine in Birjand)

Marble is one of the semi-precious stones that has been used in decorating building façade and making decorative things. This stone is present in the nature in the form of rock or layered stone. Examining the kind of stone, extent of impurity and different streaks in white marble is a widely confronted subject by those who are involved in this industry. Obtaining the extent of impurity of white marble using methods of detecting and analyzing material is expensive and time-consuming. In this research carried out on while marbles of Arc Mine in Birjand, it has been attempted to present very fast method using Image Processing Techniques so that while preserving identity and appearance of stone and without any damage to it, we compute the impurity level and different streaks on white marble surface. The proposed method includes two stages; in the first stage applying image processing functions, it is attempted to segment the present impurities and streaks on marble surface from the stone background and in the second stage, the area of these impurities and streaks is computed. Results obtained in this paper (97.8%) in comparison with other researches and experimental methods indicate acceptability of this algorithm

Mitigating Botnet Attack Using Encapsulated Detection Mechanism (EDM)

Botnet as it is popularly called became fashionable in recent times owing to it embedded force on network servers. Botnet has an exponential growth of about 170, 000 within network server and client infrastructures per day. The networking environment on monthly basis battle over 5 million bots. Nigeria as a country loses above one hundred and twenty five (N125) billion naira to network fraud annually, end users such as Banks and other financial institutions battle daily the botnet threats.Comment: This paper addresses critical area of networ

Hyp3rArmor: reducing web application exposure to automated attacks

Web applications (webapps) are subjected constantly to automated, opportunistic attacks from autonomous robots (bots) engaged in reconnaissance to discover victims that may be vulnerable to specific exploits. This is a typical behavior found in botnet recruitment, worm propagation, largescale fingerprinting and vulnerability scanners. Most anti-bot techniques are deployed at the application layer, thus leaving the network stack of the webapp’s server exposed. In this paper we present a mechanism called Hyp3rArmor, that addresses this vulnerability by minimizing the webapp’s attack surface exposed to automated opportunistic attackers, for JavaScriptenabled web browser clients. Our solution uses port knocking to eliminate the webapp’s visible network footprint. Clients of the webapp are directed to a visible static web server to obtain JavaScript that authenticates the client to the webapp server (using port knocking) before making any requests to the webapp. Our implementation of Hyp3rArmor, which is compatible with all webapp architectures, has been deployed and used to defend single and multi-page websites on the Internet for 114 days. During this time period the static web server observed 964 attempted attacks that were deflected from the webapp, which was only accessed by authenticated clients. Our evaluation shows that in most cases client-side overheads were negligible and that server-side overheads were minimal. Hyp3rArmor is ideal for critical systems and legacy applications that must be accessible on the Internet. Additionally Hyp3rArmor is composable with other security tools, adding an additional layer to a defense in depth approach.This work has been supported by the National Science Foundation (NSF) awards #1430145, #1414119, and #1012798