Introduction to Deception, Digital Forensics, and Malware Minitrack

N/

A Risk Management Approach to the “Insider Threat”

Recent surveys indicate that the financial impact and operating losses due to insider intrusions are increasing. But these studies often disagree on what constitutes an "insider;" indeed, many define it only implicitly. In theory, appropriate selection of, and enforcement of, properly specified security policies should prevent legitimate users from abusing their access to computer systems, information, and other resources. However, even if policies could be expressed precisely, the natural mapping between the natural language expression of a security policy, and the expression of that policy in a form that can be implemented on a computer system or network, creates gaps in enforcement. This paper defines "insider" precisely, in terms of these gaps, and explores an access-based model for analyzing threats that include those usually termed "insider threats." This model enables an organization to order its resources based on the business value for that resource and of the information it contains. By identifying those users with access to high-value resources, we obtain an ordered list of users who can cause the greatest amount of damage. Concurrently with this, we examine psychological indicators in order to determine which users are at the greatest risk of acting inappropriately. We conclude by examining how to merge this model with one of forensic logging and auditing

How Crime-Based Media Affect Perceptions of Crime, Race, and Fear of Crime

The effects of crime-based media have long been an area of study among scholars. The problem addressed in this study is the media’s representation of how crimes are perpetrated and processed within the criminal justice system; it is difficult for society to separate and understand factual depictions from fictional portrayals. Researchers have demonstrated that media negatively influences society’s perceptions of police officers’ violent encounters with individuals, particularly African American men, but they have not established wide-ranging contributing factors. The purpose of this qualitative phenomenological study was to explore whether crime-based media influences society’s perceptions of others based on crime, race, and fear of crime. There were 8 participants interviewed for this study. The participants were residents of Louisiana who acknowledged being consumers and viewers of crime-based media. The theoretical framework for this study included the social cognitive theory and cultivation theory. In-depth individual interviews were analyzed through inductive coding and thematic analysis. The findings of this study indicate that participants distrust law enforcement officers, have of fear governmental control, and sense injustice and inequality within the criminal justice system. Understanding the results of the study may improve police-community relationships and minimize the perceptions of injustice and inequality among Americans

A flow-based multi-agent data exfiltration detection architecture for ultra-low latency networks

This is an accepted manuscript of an article published by ACM in ACM Transactions on Internet Technology on 16/07/2021, available online: https://dl.acm.org/doi/10.1145/3419103 The accepted version of the publication may differ from the final published version.Modern network infrastructures host converged applications that demand rapid elasticity of services, increased security and ultra-fast reaction times. The Tactile Internet promises to facilitate the delivery of these services while enabling new economies of scale for high-fdelity of machine-to-machine and human-to-machine interactions. Unavoidably, critical mission systems served by the Tactile Internet manifest high-demands not only for high speed and reliable communications but equally, the ability to rapidly identify and mitigate threats and vulnerabilities. This paper proposes a novel Multi-Agent Data Exfltration Detector Architecture (MADEX) inspired by the mechanisms and features present in the human immune system. MADEX seeks to identify data exfltration activities performed by evasive and stealthy malware that hides malicious trafc from an infected host in low-latency networks. Our approach uses cross-network trafc information collected by agents to efectively identify unknown illicit connections by an operating system subverted. MADEX does not require prior knowledge of the characteristics or behaviour of the malicious code or a dedicated access to a knowledge repository. We tested the performance of MADEX in terms of its capacity to handle real-time data and the sensitivity of our algorithm’s classifcation when exposed to malicious trafc. Experimental evaluation results show that MADEX achieved 99.97% sensitivity, 98.78% accuracy and an error rate of 1.21% when compared to its best rivals. We created a second version of MADEX, called MADEX level 2 that further improves its overall performance with a slight increase in computational complexity. We argue for the suitability of MADEX level 1 in non-critical environments, while MADEX level 2 can be used to avoid data exfltration in critical mission systems. To the best of our knowledge, this is the frst article in the literature that addresses the detection of rootkits real-time in an agnostic way using an artifcial immune system approach while it satisfes strict latency requirements

Security, Privacy, Confidentiality and Integrity of Emerging Healthcare Technologies: A Framework for Quality of Life Technologies to be HIPAA/HITECH Compliant, with Emphasis on Health Kiosk Design

This dissertation research focused on the following: 1. Determined possible vulnerabilities that exist in multi-user kiosks and the computer systems that make up multi-user kiosk systems. 2. Developed an evaluation system and audit checklist for multi-user kiosk systems adapted from the Office for Civil Rights (OCR) audit protocols to address the vulnerabilities identified from our research. 3. Improved the design of a multi-user health kiosk to meet the HIPAA/HITECH standards by incorporating P&S policies. 4. Explored the feasibility and preliminary efficacy of an intervention to explore the magnitude of differences in users’ perceived risk of privacy and security (P&S) breaches as well as correlation between perceived risk and their intention to use a multi-user health kiosk. A gap analysis demonstrated that we successfully incorporated 81% of our P&S polices into the current design of our kiosk that is undergoing pilot testing. This is higher than our initial target of 50%. Repeated measures ANOVA was performed to analyze baseline and six-month follow-up of 36 study participants to measure the magnitude of the change in their “perceived risk”. Results from the ANOVA found significant group-by-time interaction (Time*Group) F (2, 33) = .27, P=.77, ηp2=.02, significant time interaction F (1, 33) = 4.73, P=.04, ηp2=.13, and no significant group interaction F (2, 33) =1.27, P=.30 ηp2=.07. The study intervention was able to significantly reduce users’ “perceived risk with time (baseline and six-month follow-up), even though the magnitude of the change was small. We were however, unable to perform the correlation analysis as intended since all the kiosk participants used in the analysis intended to use the kiosk both at baseline and at six-month follow-up. These findings will help in direct research into methods to reduce “perceived risk” as well as using education and communication to affect human behavior to reduce risky behavior on both internal and external use of new health IT applications and technologies. It could then serve as framework to drive policy in P&S of health applications, technologies and health IT systems

A hybrid e-learning framework: Process-based, semantically-enriched and service-oriented

Despite the recent innovations in e-Learning, much development is needed to ensure better learning experience for everyone and bridge the research gap in the current state of the art e-Learning artefacts. Contemporary e-learning artefacts possess various limitations as follows. First, they offer inadequate variations of adaptivity, since their recommendations are limited to e-learning resources, peers or communities. Second, they are often overwhelmed with technology at the expense of proper pedagogy and learning theories underpinning e-learning practices. Third, they do not comprehensively capture the e-learning experiences as their focus shifts to e-learning activities instead of e-learning processes. In reality, learning is a complex process that includes various activities and interactions between different roles to achieve certain gaols in a continuously evolving environment. Fourth, they tend more towards legacy systems and lack the agility and flexibility in their structure and design. To respond to the above limitations, this research aims at investigating the effectiveness of combining three advanced technologies (i.e., Business Process Modelling and Enactment, Semantics and Service Oriented Computing – SOC–) with learning pedagogy in order to enhance the e-learner experience. The key design artefact of this research is the development of the HeLPS e-Learning Framework – Hybrid e-Learning Framework that is Process-based, Semantically-enriched and Service Oriented-enabled. In this framework, a generic e-learning process has been developed bottom-up based on surveying a wide range of e-learning models (i.e., practical artefacts) and their underpinning pedagogies/concepts (i.e., theories); and then forming a generic e-learning process. Furthermore, an e-Learning Meta-Model has been developed in order to capture the semantics of e-learning domain and its processes. Such processes have been formally modelled and dynamically enacted using a service-oriented enabled architecture. This framework has been evaluated using a concern-based evaluation employing both static and dynamic approaches. The HeLPS e-Learning Framework along with its components have been evaluated by applying a data-driven approach and artificially-constructed case study to check its effectiveness in capturing the semantics, enriching e-learning processes and deriving services that can enhance the e-learner experience. Results revealed the effectiveness of combining the above-mentioned technologies in order to enhance the e-learner experience. Also, further research directions have been suggested.This research contributes to enhancing the e-learner experience by making the e-learning artefacts driven by pedagogy and informed by the latest technologies. One major novel contribution of this research is the introduction of a layered architectural framework (i.e., HeLPS) that combines business process modelling and enactment, semantics and SOC together. Another novel contribution is adopting the process-based approach in e-learning domain through: identifying these processes and developing a generic business process model from a set of related e-learning business process models that have the same goals and associated objectives. A third key contribution is the development of the e-Learning Meta-Model, which captures a high-abstract view of learning domain and encapsulates various domain rules using the Semantic Web Rule Language. Additional contribution is promoting the utilisation of Service-Orientation in e-learning through developing a semantically-enriched approach to identify and discover web services from e-learning business process models. Fifth, e-Learner Experience Model (eLEM) and e-Learning Capability Maturity Model (eLCMM) have been developed, where the former aims at identifying and quantifying the e-learner experience and the latter represents a well-defined evolutionary plateau towards achieving a mature e-learning process from a technological perspective. Both models have been combined with a new developed data-driven Validation and Verification Model to develop a Concern-based Evaluation Approach for e-Learning artefacts, which is considered as another contribution

Modeling a systems-based framework for effective IT auditing and assurance for less regulatory environments

Information Technology (IT) has become indispensable in contemporary business processes and in business value creation strategies. Those charged with governance, risk management and compliance are, often, challenged by sophisticated IT oriented decision-making dilemmas due to complex IT use in contemporary business processes. Investors and other stakeholders increasingly expect very rich, reliable and transparent assurance that their interests are safe. Auditors, as a result, are looked upon to expand their role to leverage the functions of those charged with governance and management. IT audit literature, hence, demonstrates existence of several best practices aimed at meeting the increasing demand for more audit and assurance outcomes that bridge the widening audit expectations gaps. In developing countries with less stringent regulatory systems, however, attempts to implement many of these frameworks have proved unsuccessful. Reasons include paucity of guidance in the frameworks and lack of suitable theoretical foundations to resort to for solutions to implementation challenges. Extant literature review reveals scanty research effort by practitioners or academicians in the field in the empirical situation to design a more suitable framework to serve as intervention. In this research an attempt has been made to create an intervention by designing a framework, i.e. an artefact for IT auditing for less regulated business environments. By adductive inference the cybernetics theory of viable systems approach was ingrained as the theoretical foundation from which the variables for the design were extracted. The abduction was based on the diagnostic power and ability to support self-regulation in a less regulatory environment. Action design research (ADR) approach was employed to achieve the research objective. Both qualitative and quantitative techniques were found to be useful for the evaluation and data analysis. At the design phase, a multiple case study method together with workshops were employed to gain insight into the problem and to collect data to support the design process. Four organisations from both public and private sectors in Ghana were selected to participate in the research. At the evaluation stage a survey technique was used to collect data mainly for the validation of construct variables and the refinement of the framework. The questionnaire scale used was 1=Strongly Disagree; 2=Disagree; 3=Somewhat Agree; 4=Agree and 5=Strongly Agree. A total of 136 respondents who included IT audit and Internal audit practitioners, Audit trainees and students, Directors and management staff were involved from four selected organisations. A factor analysis yielded twenty variables extracted from the ingrained theory for the building of a conceptual model which were grouped into six factors or domains. The entire conceptual model was tested with PLS-SEM technique because of the causal relationships that motivated the development of the conceptual hypotheses. A composite reliability used to assess the internal consistency of the model was overall adequate with values greater than 0.7. Similarly, a convergent validity of the model showed that all the variables were above the threshold value of 0.5. Thus, the model and design theory were found to be reliable and valid. Correlation and regression analysis was applied in testing individual hypotheses and the results helped to reorganise the final framework. The study contributed an artefact in the field of IT audit which represents a comprehensive teachable practitioner’s guide for the improvement of the IT audit practice. The framework also serves as guidance to those charged with governance and management in monitoring, self-review and as framework to attain IT audit readiness in less regulatory environments. Implementation challenges are expected to be resolved by reverting to the ingrained theory

The role and impact of social media in white informal settlements

Abstract: Little is known and understood about social media and social capital in urban informal settlements. Moreover, white informal settlements are anomalous in South Africa – hidden and understudied in a country where wealth distribution is skewed in favour of the minority white population. Limited information is available on these impoverished white communities. In fact, even their physical locations mostly remain officially undocumented. This does not suggest or imply, however, that the residents of white informal settlements are silent or disconnected from the world outside their immediate communities. This study addresses a void in the body of knowledge available on social media and social capital in white informal settlements in South Africa. This doctoral study explores the role and impact of social media in five white informal settlements in Gauteng – South Africa’s financial capital and most densely populated province. Through in-depth interviews, the researcher learned that Facebook and WhatsApp are enormously popular among the study’s participants. They use these platforms to connect with others (some who are previously known to them and others who are part of shared-interest groups), for emotional support, for important information about their immediate environment, and, perhaps most remarkably, to survive. Facebook itself has emerged as a powerful fundraising tool for participants bridging a divide between themselves, who are in need, and those who are willing and able to donate and provide aid (“sponsors”). In this regard, Facebook and WhatsApp groups have rendered themselves essential platforms to source food, clothing, furniture and other necessities...Ph.D. (Communication Studies