User Behavioral Modeling of Web-based Systems for Continuous User Authentication

Authentication plays an important role in how we interact with computers, mobile devices, the web, etc. The idea of authentication is to uniquely identify a user before granting access to system privileges. For example, in recent years more corporate information and applications have been accessible via the Internet and Intranet. Many employees are working from remote locations and need access to secure corporate files. During this time, it is possible for malicious or unauthorized users to gain access to the system. For this reason, it is logical to have some mechanism in place to detect whether the logged-in user is the same user in control of the user's session. Therefore, highly secure authentication methods must be used. We posit that each of us is unique in our use of computer systems. It is this uniqueness that is leveraged to "continuously authenticate users" while they use web software. To monitor user behavior, n-gram models are used to capture user interactions with web-based software. This statistical language model essentially captures sequences and sub-sequences of user actions, their orderings, and temporal relationships that make them unique by providing a model of how each user typically behaves. Users are then continuously monitored during software operations. Large deviations from "normal behavior" can possibly indicate malicious or unintended behavior. This approach is implemented in a system called Intruder Detector (ID) that models user actions as embodied in web logs generated in response to a user's actions. User identification through web logs is cost-effective and non-intrusive. We perform experiments on a large fielded system with web logs of approximately 4000 users. For these experiments, we use two classification techniques; binary and multi-class classification. We evaluate model-specific differences of user behavior based on coarse-grain (i.e., role) and fine-grain (i.e., individual) analysis. A specific set of metrics are used to provide valuable insight into how each model performs. Intruder Detector achieves accurate results when identifying legitimate users and user types. This tool is also able to detect outliers in role-based user behavior with optimal performance. In addition to web applications, this continuous monitoring technique can be used with other user-based systems such as mobile devices and the analysis of network traffic

Threat Modelling and Analysis of Web Application Attacks

There has been a rapid growth in the use of the Internet over the years with billions of businesses using it as a means of communication. The World Wide Web has served as the major tool for disseminating information which has resulted into the development of an architecture used in information sharing between remotely connected clients. A web application is a computer program that operates on web technologies and browsers to carry out assignments over the Internet. In designing a secured web application, it is essential to assess and model the viable threats. Threat Modelling is a process used to improve on the application security by pointing out threats and vulnerabilities, outlining mitigation measures to prevent or eliminate the effect of threats in a system. With the constant increase in the number of attacks on web applications, it has become essential to constantly improve on the existing threat models to increase the level of security posture of web applications for proactiveness and strategic goals in operational and application security. In this thesis, three different threat models; STRIDE, Kill Chain and Attack Tree were simulated and analyzed for SQL injection and Cross Site Scripting attacks using the Microsoft SDL threat modelling tool, Trike modelling tool and SeaMonster modelling tool respectively. This study would be useful for future research in developing a new and more efficient threat model based on the existing ones, it would also help organizations determine which of the models used in this research is best suited for the business’ security framework. The objective of this thesis is to analyze the three commonly used models, examining the strengths and weaknesses discovered during the simulation and compare the performances

Verificaciónn de firma y gráficos manuscritos: Características discriminantes y nuevos escenarios de aplicación biométrica

Tesis doctoral inédita leída en la Escuela Politécnica Superior, Departamento de Tecnología Electrónica y de las Comunicaciones. Fecha de lectura: Febrero 2015The proliferation of handheld devices such as smartphones and tablets brings a new scenario for biometric authentication, and in particular to automatic signature verification. Research on signature verification has been traditionally carried out using signatures acquired on digitizing tablets or Tablet-PCs. This PhD Thesis addresses the problem of user authentication on handled devices using handwritten signatures and graphical passwords based on free-form doodles, as well as the effects of biometric aging on signatures. The Thesis pretends to analyze: (i) which are the effects of mobile conditions on signature and doodle verification, (ii) which are the most distinctive features in mobile conditions, extracted from the pen or fingertip trajectory, (iii) how do different similarity computation (i.e. matching) algorithms behave with signatures and graphical passwords captured on mobile conditions, and (iv) what is the impact of aging on signature features and verification performance. Two novel datasets have been presented in this Thesis. A database containing free-form graphical passwords drawn with the fingertip on a smartphone is described. It is the first publicly available graphical password database to the extent of our knowledge. A dataset containing signatures from users captured over a period 15 months is also presented, aimed towards the study of biometric aging. State-of-the-art local and global matching algorithms are used, namely Hidden Markov Models, Gaussian Mixture Models, Dynamic Time Warping and distance-based classifiers. A large proportion of features presented in the research literature is considered in this Thesis. The experimental contribution of this Thesis is divided in three main topics: signature verification on handheld devices, the effects of aging on signature verification, and free-form graphical password-based authentication. First, regarding signature verification in mobile conditions, we use a database captured both on a handheld device and digitizing tablet in an office-like scenario. We analyze the discriminative power of both global and local features using discriminant analysis and feature selection techniques. The effects of the lack of pen-up trajectories on handheld devices (when the stylus tip is not in contact with the screen) are also studied. We then analyze the effects of biometric aging on the signature trait. Using three different matching algorithms, Hidden Markov Models (HMM), Dynamic Time Warping (DTW), and distance-based classifiers, the impact in verification performance is studied. We also study the effects of aging on individual users and individual signature features. Template update techniques are analyzed as a way of mitigating the negative impact of aging. Regarding graphical passwords, the DooDB graphical password database is first presented. A statistical analysis is performed comparing the database samples (free-form doodles and simplified signatures) with handwritten signatures. The sample variability (inter-user, intra-user and inter-session) is also analyzed, as well as the learning curve for each kind of trait. Benchmark results are also reported using state of the art classifiers. Graphical password verification is afterwards studied using features and matching algorithms from the signature verification state of the art. Feature selection is also performed and the resulting feature sets are analyzed. The main contributions of this work can be summarized as follows. A thorough analysis of individual feature performance has been carried out, both for global and local features and on signatures acquired using pen tablets and handheld devices. We have found which individual features are the most robust and which have very low discriminative potential (pen inclination and pressure among others). It has been found that feature selection increases verification performance dramatically, from example from ERRs (Equal Error Rates) over 30% using all available local features, in the case of handheld devices and skilled forgeries, to rates below 20% after feature selection. We study the impact of the lack of trajectory information when the pen tip is not in contact with the acquisition device surface (which happens when touchscreens are used for signature acquisitions), and we have found that the lack of pen-up trajectories negatively affects verification performance. As an example, the EER for the local system increases from 9.3% to 12.1% against skilled forgeries when pen-up trajectories are not available. We study the effects of biometric aging on signature verification and study a number of ways to compensate the observed performance degradation. It is found that aging does not affect equally all the users in the database and that features related to signature dynamics are more degraded than static features. Comparing the performance using test signatures from the first months with the last months, a variable effect of aging on the EER against random forgeries is observed in the three systems that are evaluated, from 0.0% to 0.5% in the DTW system, from 1.0% to 5.0% in the distance-based system using global features, and from 3.2% to 27.8% in the HMM system. A new graphical password database has been acquired and made publicly available. Verification algorithms for finger-drawn graphical passwords and simplified signatures are compared and feature analysis is performed. We have found that inter-session variability has a highly negative impact on verification performance, but this can be mitigated performing feature selection and applying fusion of different matchers. It has also been found that some feature types are prevalent in the optimal feature vectors and that classifiers have a very different behavior against skilled and random forgeries. An EER of 3.4% and 22.1% against random and skilled forgeries is obtained for free-form doodles, which is a promising performance

SYNERGY OF BUILDING CYBERSECURITY SYSTEMS

The development of the modern world community is closely related to advances in computing resources and cyberspace. The formation and expansion of the range of services is based on the achievements of mankind in the field of high technologies. However, the rapid growth of computing resources, the emergence of a full-scale quantum computer tightens the requirements for security systems not only for information and communication systems, but also for cyber-physical systems and technologies. The methodological foundations of building security systems for critical infrastructure facilities based on modeling the processes of behavior of antagonistic agents in security systems are discussed in the first chapter. The concept of information security in social networks, based on mathematical models of data protection, taking into account the influence of specific parameters of the social network, the effects on the network are proposed in second chapter. The nonlinear relationships of the parameters of the defense system, attacks, social networks, as well as the influence of individual characteristics of users and the nature of the relationships between them, takes into account. In the third section, practical aspects of the methodology for constructing post-quantum algorithms for asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (elliptic and modified elliptic codes), their mathematical models and practical algorithms are considered. Hybrid crypto-code constructions of McEliece and Niederreiter on defective codes are proposed. They can significantly reduce the energy costs for implementation, while ensuring the required level of cryptographic strength of the system as a whole. The concept of security of corporate information and educational systems based on the construction of an adaptive information security system is proposed. ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print) ------------------------------------------------------------------------------------------------------------------ How to Cite: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2 ------------------------------------------------------------------------------------------------------------------ Indexing:                    Розвиток сучасної світової спільноти тісно пов’язаний з досягненнями в області обчислювальних ресурсів і кіберпростору. Формування та розширення асортименту послуг базується на досягненнях людства у галузі високих технологій. Однак стрімке зростання обчислювальних ресурсів, поява повномасштабного квантового комп’ютера посилює вимоги до систем безпеки не тільки інформаційно-комунікаційних, але і до кіберфізичних систем і технологій. У першому розділі обговорюються методологічні основи побудови систем безпеки для об'єктів критичної інфраструктури на основі моделювання процесів поведінки антагоністичних агентів у систем безпеки. У другому розділі пропонується концепція інформаційної безпеки в соціальних мережах, яка заснована на математичних моделях захисту даних, з урахуванням впливу конкретних параметрів соціальної мережі та наслідків для неї. Враховуються нелінійні взаємозв'язки параметрів системи захисту, атак, соціальних мереж, а також вплив індивідуальних характеристик користувачів і характеру взаємовідносин між ними. У третьому розділі розглядаються практичні аспекти методології побудови постквантових алгоритмів для асиметричних криптосистем Мак-Еліса та Нідеррейтера на алгебраїчних кодах (еліптичних та модифікованих еліптичних кодах), їх математичні моделі та практичні алгоритми. Запропоновано гібридні конструкції криптокоду Мак-Еліса та Нідеррейтера на дефектних кодах. Вони дозволяють істотно знизити енергетичні витрати на реалізацію, забезпечуючи при цьому необхідний рівень криптографічної стійкості системи в цілому. Запропоновано концепцію безпеки корпоративних інформаційних та освітніх систем, які засновані на побудові адаптивної системи захисту інформації. ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print) ------------------------------------------------------------------------------------------------------------------ Як цитувати: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: РС ТЕСHNOLOGY СЕNTЕR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2 ------------------------------------------------------------------------------------------------------------------ Індексація:                 &nbsp

Aviation System Analysis Capability Executive Assistant Design

In this technical document, we describe the design developed for the Aviation System Analysis Capability (ASAC) Executive Assistant (EA) Proof of Concept (POC). We describe the genesis and role of the ASAC system, discuss the objectives of the ASAC system and provide an overview of components and models within the ASAC system, and describe the design process and the results of the ASAC EA POC system design. We also describe the evaluation process and results for applicable COTS software. The document has six chapters, a bibliography, three appendices and one attachment

Improving the validity and usability of decision models: case studies with a focus on physical activity

Background: Health economic evaluation has a crucial role to play in the allocation of scarce societal resources. Economic models used in these evaluations must have a high degree of external validity but must also be usable in order to effectively inform policy. However, there is sometimes a trade-off between the realism of models (external validity) and the ease with which stakeholders can understand and interact with them (usability). This trade-off is particularly relevant in the field of physical activity where modelling is complicated and data availability is limited. The aim of this thesis is to investigate the balance between the external-validity and usability of models used in health economic evaluations of physical activity interventions and develop ways to build models that are more externally valid and usable. Methods: The study begins by identifying limitations in the external-validity and usability of published physical activity models, with a particular focus on models used to inform National Institute for Health and Care Excellence (NICE) guidance. Three case studies of adaptations to improve external validity are provided, with a discussion of their implications for usability. Additionally, ways to improve the usability of models are examined, with methods proposed to make models more accessible, transparent, secure, and efficient to construct and maintain. Results: The results of this thesis demonstrate that models can be improved in terms of both external validity and/or usability. The case studies provided show that methodological developments to physical activity models are feasible given new modelling methods and advancements in computing power, but despite improving external validity may reduce usability. Additionally, this thesis outlines methods by which health economic models can be made more accessible, transparent, secure, and efficient to construct and maintain, thereby improving their usability. Discussion: The overall conclusion of this thesis is that economic evaluation models should be as externally valid and usable as possible. However, a trade-off sometimes exists between the two. With a fixed budget for evaluation, attempts to improve external validity can have an opportunity cost in terms of resources allocated to making models easy to use and understand. The incorporation of methods from computing and data science can help mitigate this trade-off

Enabling technologies and cyber-physical systems for mission-critical scenarios

Programa Oficial de Doutoramento en Tecnoloxías da Información e Comunicacións en Redes Móbiles . 5029P01[Abstract] Reliable transport systems, defense, public safety and quality assurance in the Industry 4.0 are essential in a modern society. In a mission-critical scenario, a mission failure would jeopardize human lives and put at risk some other assets whose impairment or loss would significantly harm society or business results. Even small degradations of the communications supporting the mission could have large and possibly dire consequences. On the one hand, mission-critical organizations wish to utilize the most modern, disruptive and innovative communication systems and technologies, and yet, on the other hand, need to comply with strict requirements, which are very different to those of non critical scenarios. The aim of this thesis is to assess the feasibility of applying emerging technologies like Internet of Things (IoT), Cyber-Physical Systems (CPS) and 4G broadband communications in mission-critical scenarios along three key critical infrastructure sectors: transportation, defense and public safety, and shipbuilding. Regarding the transport sector, this thesis provides an understanding of the progress of communications technologies used for railways since the implantation of Global System for Mobile communications-Railways (GSM-R). The aim of this work is to envision the potential contribution of Long Term Evolution (LTE) to provide additional features that GSM-R would never support. Furthermore, the ability of Industrial IoT for revolutionizing the railway industry and confront today's challenges is presented. Moreover, a detailed review of the most common flaws found in Radio Frequency IDentification (RFID) based IoT systems is presented, including the latest attacks described in the literature. As a result, a novel methodology for auditing security and reverse engineering RFID communications in transport applications is introduced. The second sector selected is driven by new operational needs and the challenges that arise from modern military deployments. The strategic advantages of 4G broadband technologies massively deployed in civil scenarios are examined. Furthermore, this thesis analyzes the great potential for applying IoT technologies to revolutionize modern warfare and provide benefits similar to those in industry. It identifies scenarios where defense and public safety could leverage better commercial IoT capabilities to deliver greater survivability to the warfighter or first responders, while reducing costs and increasing operation efficiency and effectiveness. The last part is devoted to the shipbuilding industry. After defining the novel concept of Shipyard 4.0, how a shipyard pipe workshop works and what are the requirements for building a smart pipe system are described in detail. Furthermore, the foundations for enabling an affordable CPS for Shipyards 4.0 are presented. The CPS proposed consists of a network of beacons that continuously collect information about the location of the pipes. Its design allows shipyards to obtain more information on the pipes and to make better use of it. Moreover, it is indicated how to build a positioning system from scratch in an environment as harsh in terms of communications as a shipyard, showing an example of its architecture and implementation.[Resumen] En la sociedad moderna, los sistemas de transporte fiables, la defensa, la seguridad pública y el control de la calidad en la Industria 4.0 son esenciales. En un escenario de misión crítica, el fracaso de una misión pone en peligro vidas humanas y en riesgo otros activos cuyo deterioro o pérdida perjudicaría significativamente a la sociedad o a los resultados de una empresa. Incluso pequeñas degradaciones en las comunicaciones que apoyan la misión podrían tener importantes y posiblemente terribles consecuencias. Por un lado, las organizaciones de misión crítica desean utilizar los sistemas y tecnologías de comunicación más modernos, disruptivos e innovadores y, sin embargo, deben cumplir requisitos estrictos que son muy diferentes a los relativos a escenarios no críticos. El objetivo principal de esta tesis es evaluar la viabilidad de aplicar tecnologías emergentes como Internet of Things (IoT), Cyber-Physical Systems (CPS) y comunicaciones de banda ancha 4G en escenarios de misión crítica en tres sectores clave de infraestructura crítica: transporte, defensa y seguridad pública, y construcción naval. Respecto al sector del transporte, esta tesis permite comprender el progreso de las tecnologías de comunicación en el ámbito ferroviario desde la implantación de Global System for Mobile communications-Railway (GSM-R). El objetivo de este trabajo es analizar la contribución potencial de Long Term Evolution (LTE) para proporcionar características adicionales que GSM-R nunca podría soportar. Además, se presenta la capacidad de la IoT industrial para revolucionar la industria ferroviaria y afrontar los retos actuales. Asimismo, se estudian con detalle las vulnerabilidades más comunes de los sistemas IoT basados en Radio Frequency IDentification (RFID), incluyendo los últimos ataques descritos en la literatura. Como resultado, se presenta una metodología innovadora para realizar auditorías de seguridad e ingeniería inversa de las comunicaciones RFID en aplicaciones de transporte. El segundo sector elegido viene impulsado por las nuevas necesidades operacionales y los desafíos que surgen de los despliegues militares modernos. Para afrontarlos, se analizan las ventajas estratégicas de las tecnologías de banda ancha 4G masivamente desplegadas en escenarios civiles. Asimismo, esta tesis analiza el gran potencial de aplicación de las tecnologías IoT para revolucionar la guerra moderna y proporcionar beneficios similares a los alcanzados por la industria. Se identifican escenarios en los que la defensa y la seguridad pública podrían aprovechar mejor las capacidades comerciales de IoT para ofrecer una mayor capacidad de supervivencia al combatiente o a los servicios de emergencias, a la vez que reduce los costes y aumenta la eficiencia y efectividad de las operaciones. La última parte se dedica a la industria de construcción naval. Después de definir el novedoso concepto de Astillero 4.0, se describe en detalle cómo funciona el taller de tubería de astillero y cuáles son los requisitos para construir un sistema de tuberías inteligentes. Además, se presentan los fundamentos para posibilitar un CPS asequible para Astilleros 4.0. El CPS propuesto consiste en una red de balizas que continuamente recogen información sobre la ubicación de las tuberías. Su diseño permite a los astilleros obtener más información sobre las tuberías y hacer un mejor uso de las mismas. Asimismo, se indica cómo construir un sistema de posicionamiento desde cero en un entorno tan hostil en términos de comunicaciones, mostrando un ejemplo de su arquitectura e implementación

이해관계자 접근을 통한 베트남 중소도시의 스마트시티 개발에 관한 연구

학위논문 (박사) -- 서울대학교 대학원 : 환경대학원 협동과정 조경학, 2021. 2. 송영근.베트남은 지난 30년 이상의 혁신을 통해 경제적 및 사회적 측면에서 많은 변화와 성과가 있었다. 그러나 이러한 발전에 따라 급속한 도시화가 나타났으며, 많은 지역에서 계획의 과정과 내용에 있어 큰 혼란을 야기하고 있다. 이와 같은 문제는 도시환경 개선을 위하여 계획하는 거버넌스 및 인프라에 압력을 더하고 있다. 다시 말하면, 도시의 발전은 성장 속도 뿐만 아니라 모든 측면에서의 조화가 요구되며, 도시의 발전은 스마트 솔루션에 의해 이루어져야 한다. 스마트 시티로의 전환은 전세계적인 트렌드일 뿐만 아니라, 베트남의 많은 도시에서도 확산되고 있다. 스마트 시티에 있어 필수적인 논의, 특히 전통적인 도시 관리 정책의 관점에서 스마트 기술에 대한 논의가 많이 있었다. 하지만, 기술 측면에서 초점을 맞춘 개발 방식은 스마트 시티를 둘러싼 다양한 요소의 수준을 고려하지 않았다는 비판을 받았다. 스마트 시티는 기술적인 요소뿐만 아니라 복잡한 주변 환경을 고려하여야하기 때문에, 정부가 스마트 정책을 적용함에 있어 다양한 요소를 고려하지 않으면 시민들에게 양질의 서비스를 효과적으로 제공할 수 없을 것이다. 물리적 시스템과 사람 간 상호 작용을 이끌어내는 공공서비스의 최종사용자로서 이해관계자(Stakeholder) 는 정책결정 과정에 있어 아이디어를 제공하고 성공적인 도시 솔루션을 함께 구축하여야 한다. 스마트 시티 개발 과정에서 이해관계자의 역할 정립은 전세계 모든 도시에서 주요 과제로 확인되었다. 모든 과정에서 이해관계자의 참여는 정책결정자가 효과적인 데이터 수집 및 분석과 스마트 시티 개발 과정에서 올바른 의사 결정을 내리는데 도움을 줄 수 있다. 따라서 본 논문은 스마트 시티 개발에 있어 과학적 연구로서 이해관계자 접근을 통해 베트남 중소 도시의 스마트 시티 개발 준비에 있어 통합적인 시사점을 제공하고자 한다. 논문은 우선 스마트 시티 개발 전략과 관련된 선행 연구에 대한 검토와 요인을 추출하였다. 이 과정에서 AHP분석을 통해 요인의 순위를 평가하였다. 분석 결과, 내부 요인 가운데, 시민참여 (0.4141), 행정 , 인프라 (0.2234) 순으로 나타났으며, 외부 요인으로는 정치적 의지 (0.5093), 이해관계자 (0.3373), 기술의 시대 (0.1535) 순으로 나타났다. 또한, 달랏(Da Lat), 냐짱(Nha Trang)과 박닌(Bac Ninh) 등 베트남 3개의 중소도시에서의 설문조사를 실시하여 선형 구조방정식모형(Structural Equation Modeling)을 통해 스마트 시티 개발 준비에 영향을 미치는 요인을 파악하고자 하였다 (adjusted R2=0.589) . 그 결과, 스마트 시티 개발 준비에 영향을 미치는 3개의 주요 요인으로 기술적, 조직적, 환경적 측면으로 나타났으며, 특히 조직 측면에서의 준비는 스마트 시티 개발 준비에 가장 큰 영향을 미친다는 것을 확인하였다 (β coefficient = 0.415; t-value = 8.960; p = 0.000). 마지막으로 초기 단계부터 성공적인 스마트 시티 개발을 위하여 효과적인 전략 지침과 관리 및 운영 원칙에 대한 프레임워크를 제시하였다.After more than 30 years of renovation in economic and social aspects, Vietnam has brought many outstanding achievements. However, rapid urbanization is the defect of this development, accompanied by burly disturbance in planning that municipalities across the country be facing many problems. All of these challenges have put pressure on governance and infrastructure planning to shift the quality of life in cities. Can notice that urban development not only reflected in the growth rate but also harmony in all aspects, the urban development process accordingly must be handle by smart solutions. Smart city evolution is becoming a trend not only in mega-urban areas but also spread to many medium-sized cities in Vietnam. There is quite a lot of discussion on smart cities at an essential period, in particular, smart technology from the perspective of traditional urban policy. However, the ways of development focused on technology aspects have criticized because of removing different levels of elements surrounding smart cities. When the government does not consider the various factors in the implementation of smart policy, it may not effectively provide quality services to citizens, because smart cities are not only concerned with technical factors, but also the intricate surroundings. As an end-user of public services, carrying out interactions between the physical system and human, stakeholders must also contribute ideas for policy-making processes and co-create successful city solutions. Establishing the role of stakeholders in smart city development journey has identified as the main challenge for all cities around the world. Prompt stakeholder participation in all steps, which can help regulators effectively collect and analyze data thence right decision making in smart city development process. Thus, the purpose of this thesis conducts scientific research on smart city development, providing integrated guidelines about the smart city development readiness for medium-sized cities in Vietnam by the stakeholder approach. The thesis begins with a review of documents related to the strategy for developing smart cities and estimate research factors. In this process, the study examines uses the Analytic Hierarchy Process to conduct ranking of factors. The result shows that a top priority of internal factors is citizen participation (0.4141) then administration (0.3625), infrastructure (0.2234). External factors took the order of political will (0.5093), stakeholders (0.3373), and the technology era (0.1535). The thesis continues to present survey results in three medium-sized cities in Vietnam including Da Lat, Nha Trang, and Bac Ninh. The study based on linear Structural Equation Modeling (SEM) conducted to identify factors that influence smart city development readiness (adjusted R2=0.589) . The result shows that there are three main factors affecting the readiness to develop a smart city including; Technological Readiness, Organizational Readiness, and Environmental Readiness. In particular, Organizational Readiness has the strongest impact on Smart City Development Readiness (β coefficient = 0.415; t-value = 8.960; p = 0.000). Finally, the thesis concludes with comprises the integrated framework of effective strategic guidelines, managerial, and operational principles that characterize successful smart city development from the foundation stage for Vietnam medium-sized cities.Table of Contents Chapter 1. Introduction 1 1.1. Overview 1 1.2 Purpose of the Research 6 1.3 Contribution of the Research 7 1.4 Research Outline 8 Chapter 2. Literature Review 11 2.1 Smart City 11 2.1.1 The Fourth Industrial Revolution and Smart City Emergence 11 2.1.2 Smart City Definitions 13 2.1.3 Smart City Paradigms 17 2.2 Vietnam Smart City Development Context 19 2.3 The foundation of smart city development components 21 2.3.1 Internal Factors 21 2.3.1.1 Citizen Participation 21 2.3.1.2 Administration 23 2.3.1.3 Infrastructure 25 2.3.2 External Factors 28 2.3.2.1 Political Will 28 2.3.2.2 Stakeholder 29 2.3.2.3 Technology Era 31 2.4 Stakeholder Approach to Smart City Development 33 2.5 Existing Stakeholder Study and Lesson Learned 35 2.6 Conclusion 39 Chapter 3. Determinant Factors in Smart City Development 41 3.1 Methodology 41 3.1.1 Model approach 41 3.1.2 Analytic Hierarchy Process (AHP) method research 43 3.1.3 Experts Evaluation Synthesis 47 3.1.4 Data Collection 47 3.2 Estimation of Results 50 3.2.1 Synthesis of Priorities 50 3.2.2 The Relative Importance and Priority of Primary Layer 55 3.2.3 The Relative Importance and Priority of Secondary Layer 58 3.3 Conclusion 61 Chapter 4. Study on the Role of Stakeholder Approach for Sustainable Smart City Development 63 4.1 Hypotheses Development 63 4.1.1 Smart City Development Readiness 63 4.1.2 Technological Readiness 64 4.1.3 Organizational Readiness 66 4.1.4 Environmental Readiness 68 4.2 Methodology 71 4.2.1 Model 71 4.2.2 Preliminary Research 73 4.2.3 Primary Research 76 4.2.3.1 Survey Approach 76 4.2.3.2 Survey questionnaire 78 4.2.3.3 Data Collecting 79 4.2.3.4 Distribution of Respondents 80 4.3 Estimation of Results 83 4.3.1 Measurement Model 83 4.3.1.1 Cronbach’s Alpha Test 83 4.3.1.2 Confirmatory Factor Analysis 85 4.3.2 Structural Model 89 4.3.2.1 Measurement structural 89 4.3.2.2 Bootstrapping Test 91 4.3.2.3 Hypothesis Testing 93 4.4 Conclusion 97 Chapter 5. Discussion & Conclusion 99 5.1 Discussion and Implication 99 5.1.1 Discussion 99 5.1.2 Implication 108 5.2 Conclusion 120 5.3 Limitation and Future Work 122 References 123 국문 요약 152 Appendix A: Survey Questionnaire for AHP 154 Appendix B: Survey Questionnaire for smart city development readiness: Stakeholder approach 160 Appendix C: Discriminant Validity & Variance inflation factor 163Docto

INTEGRATING KANO MODEL WITH DATA MINING TECHNIQUES TO ENHANCE CUSTOMER SATISFACTION

The business world is becoming more competitive from time to time; therefore, businesses are forced to improve their strategies in every single aspect. So, determining the elements that contribute to the clients\u27 contentment is one of the critical needs of businesses to develop successful products in the market. The Kano model is one of the models that help determine which features must be included in a product or service to improve customer satisfaction. The model focuses on highlighting the most relevant attributes of a product or service along with customers’ estimation of how these attributes can be used to predict satisfaction with specific services or products. This research aims at developing a method to integrate the Kano model and data mining approaches to select relevant attributes that drive customer satisfaction, with a specific focus on higher education. The significant contribution of this research is to improve the quality of United Arab Emirates University academic support and development services provided to their students by solving the problem of selecting features that are not methodically correlated to customer satisfaction, which could reduce the risk of investing in features that could ultimately be irrelevant to enhancing customer satisfaction. Questionnaire data were collected from 646 students from United Arab Emirates University. The experiment suggests that Extreme Gradient Boosting Regression can produce the best results for this kind of problem. Based on the integration of the Kano model and the feature selection method, the number of features used to predict customer satisfaction is minimized to four features. It was found that either Chi-Square or Analysis of Variance (ANOVA) features selection model’s integration with the Kano model giving higher values of Pearson correlation coefficient and R2. Moreover, the prediction was made using union features between the Kano model\u27s most important features and the most frequent features among 8 clusters. It shows high-performance results

Actas de la XIII Reunión Española sobre Criptología y Seguridad de la Información RECSI XIII : Alicante, 2-5 de septiembre de 2014

Si tuviéramos que elegir un conjunto de palabras clave para definir la sociedad actual, sin duda el término información sería uno de los más representativos. Vivimos en un mundo caracterizado por un continuo flujo de información en el que las Tecnologías de la Información y Comunicación (TIC) y las Redes Sociales desempeñan un papel relevante. En la Sociedad de la Información se generan gran variedad de datos en formato digital, siendo la protección de los mismos frente a accesos y usos no autorizados el objetivo principal de lo que conocemos como Seguridad de la Información. Si bien la Criptología es una herramienta tecnológica básica, dedicada al desarrollo y análisis de sistemas y protocolos que garanticen la seguridad de los datos, el espectro de tecnologías que intervienen en la protección de la información es amplio y abarca diferentes disciplinas. Una de las características de esta ciencia es su rápida y constante evolución, motivada en parte por los continuos avances que se producen en el terreno de la computación, especialmente en las últimas décadas. Sistemas, protocolos y herramientas en general considerados seguros en la actualidad dejarán de serlo en un futuro más o menos cercano, lo que hace imprescindible el desarrollo de nuevas herramientas que garanticen, de forma eficiente, los necesarios niveles de seguridad. La Reunión Española sobre Criptología y Seguridad de la Información (RECSI) es el congreso científico español de referencia en el ámbito de la Criptología y la Seguridad en las TIC, en el que se dan cita periódicamente los principales investigadores españoles y de otras nacionalidades en esta disciplina, con el fin de compartir los resultados más recientes de su investigación. Del 2 al 5 de septiembre de 2014 se celebrará la decimotercera edición en la ciudad de Alicante, organizada por el grupo de Criptología y Seguridad Computacional de la Universidad de Alicante. Las anteriores ediciones tuvieron lugar en Palma de Mallorca (1991), Madrid (1992), Barcelona (1994), Valladolid (1996), Torremolinos (1998), Santa Cruz de Tenerife (2000), Oviedo (2002), Leganés (2004), Barcelona (2006), Salamanca (2008), Tarragona (2010) y San Sebastián (2012)