Draining the Water Hole: Mitigating Social Engineering Attacks with CyberTWEAK

Cyber adversaries have increasingly leveraged social engineering attacks to breach large organizations and threaten the well-being of today's online users. One clever technique, the "watering hole" attack, compromises a legitimate website to execute drive-by download attacks by redirecting users to another malicious domain. We introduce a game-theoretic model that captures the salient aspects for an organization protecting itself from a watering hole attack by altering the environment information in web traffic so as to deceive the attackers. Our main contributions are (1) a novel Social Engineering Deception (SED) game model that features a continuous action set for the attacker, (2) an in-depth analysis of the SED model to identify computationally feasible real-world cases, and (3) the CyberTWEAK algorithm which solves for the optimal protection policy. To illustrate the potential use of our framework, we built a browser extension based on our algorithms which is now publicly available online. The CyberTWEAK extension will be vital to the continued development and deployment of countermeasures for social engineering.Comment: IAAI-20, AICS-2020 Worksho

SOFT SKILLS DEVELOPMENT STRATEGIES FOR COMPUTER ENGINEERING AND INFORMATION TECHNOLOGIES UNDERGRADUATE STUDENTS DEVISED IN THE PROCESS OF LEARNING ENGLISH

The aim of the study was to devise soft skills development strategies for Computer Engineering and Information Technologies undergraduate students in the process of learning English. The research consisted of total 347 Computer Engineering and Information Technologies undergraduate students including 45 female students (13.00%) and 302 male students (87.00%) aged from 17 to 21. The research which was non-experimental in nature was conducted at four higher education institutions in Ukraine between October 2020 and November 2020. To reach the main aim of the study the team of researchers developed a web-based questionnaire containing open-ended and closed-ended questions. The use of the web-based questionnaire seemed to be quite logical for collecting the data necessary for devising soft skills development strategies for Computer Engineering and Information Technologies undergraduate students in the process of learning English taking into account the situation connected with the Covid-19 pandemic. The respondents who volunteered to take part in the survey were sent a link to the web-based questionnaire and guaranteed the complete anonymity. The data analysis covered processing of information collected from the anonymous web-based survey, displaying the data obtained in the form of tables and figures, devising soft skills development strategies based on research results and drawing general conclusions. The findings obtained enabled the authors to present six development strategies aimed at enhancing soft skills among Computer Engineering and Information Technology undergraduate students that could be applied in the process of learning English: a) combination of competence-based, action-oriented and blended-learning approaches in the English for Specific Purposes classroom, b) integration of formal, non-formal and informal learning, c) participation in specially focused network professional communities, d) use of open educational resources for learning English, e) use of open professionally-oriented educational resources, f) introduction of learning-style based activities in the English for Specific Purposes classroom for boosting students’ soft skills.

The compression chord capacity model for the shear design and assessment of reinforced and prestressed concrete beams

This is the accepted version of the following article: [Cladera, A., Marí, A., Bairán, J. M., Ribas, C., Oller, E. and Duarte, N. (2016), The compression chord capacity model for the shear design and assessment of reinforced and prestressed concrete beams. Structural Concrete, 17: 1017–1032. doi:10.1002/suco.201500214], which has been published in final form at http://onlinelibrary.wiley.com/doi/10.1002/suco.201500214/fullA simplified mechanical model is presented for the shear strength prediction of reinforced and prestressed concrete members with and without transverse reinforcement, with I, T or rectangular cross-section. The model, derived with further simplifications from a previous one developed by the authors, incorporates the contributions of the concrete compression chord, the cracked web, the dowel action and the shear reinforcement in a compact formulation. The mechanical character of the model provides valuable information about the physics of the problem and incorporates the most relevant parameters governing the shear strength of structural concrete members. The predictions of the model fit very well the experimental results collected in the ACI-DAfStb databases of shear tests on slender reinforced and prestressed concrete beams with and without stirrups. Due to this fact and the simplicity of the derived equations it may become a very useful tool for structural design and assessment in engineering practice.Peer ReviewedPostprint (author's final draft

Blended Learning between Team Games Tournament and Web-Based Module to Improve Students’ Competency of Light Vehicle Programs

Education plays an important role in printing Human Resources (HR), includingvocational schools. Learning methods and the availability of learning resources becomes very important and needed. The existence of the internet needs to be utilized to create innovative and interesting learning. The research method used is Classroom Action Research (CAR) which aims to determine the effect of the implementation of the blended learning team games tournament (TGT) and the Web-Based Module as an Effort to Increase the Achievement of Student Competencies in the Light Vehicle Engineering Program. The study was onducted in class X TKR 1, SMKN 1 Singosari in the 2017-2018 school year as many as 32 students. The treatment is given consisted of Action 1and Action 2 by observing the activities of the teacher, students, and post-test scores. In the pre-action, the percentage of completeness obtained was 67.74% while the Minimum Completeness Standard was 75%. After action 1, the achievement of student competence reached 93.5% with an average value of 86.53. While in Action 2, student learning completeness was 87.09% with an average value of 81.3. From the two actions implemented, it is found that the average results are above the minimum standard of a predetermined value of 75. The application of blended learning can improve student learning outcomes because the learning process is more interesting, active and innovative. students are more enthusiastic and happy with the learning model. With the tournament, students are trained to be responsible, care for friends, study independently and compete healthily. The application of Blended Learning team games tournament (TGT) and Web-based modules are recommended to be applied to other subjects because it is proven to be able to increase the achievement of student competencies and to be creative, innovative and interesting method

Web service interfaces design for e-business applications

University of Technology Sydney. Faculty of Engineering and Information Technology.As a result of the rapid developments in Web Service standards and technologies during the last decade, many organisations are implementing applications using Web Services. Some organisations are making significant commitments to Web Service standards and technology platforms. Successful projects using Web Services will to a large extent depend on the effective design and development methodologies used in the construction of an e-business application. While the importance of application design in general is recognised, so far only limited attention has been paid to design issues for service-oriented e-business applications. Currently there are no comprehensive methodologies for designing service interfaces. The traditional e-business interoperability approach is for business partners to interchange the industry standard business documents or XML messages (i.e. UBL, OTA). This approach is complex and inefficient because the business document is large and results in many optional and repeated elements that are redundant. Developing Web Services for e-business is time-consuming due to the considerable effort required to define the interfaces and maintaining a large volume of standard business documents. This work proposes to use the minimalist design approach to optimise a set of standard business documents and interfaces. The proposed interface is exposed as an abstract layer to the external parties and is able to process multiple actions corresponding to a business document. The method is based on analysing existing business documents, identifying the key elements responsible for an operation, and then exposing the operation interface that corresponds to the business document rather than the business event. This can be achieved by inserting business event action elements into the XML schema. Doing so will not only reduce the number of operation interfaces but also increase the Web Service interface’s flexibility and extendibility. Web Service implementation projects conducted in the absence of a design framework are likely to suffer from poor reuse and extensibility. In order to achieve reusability, this method enables the operation to be invoked based on individual action or multiple actions for the same interface. This is because a single action operation typically represents a fine-grained business task. Consequently, the interface is always extendable due to using multiple actions in the operation. Finally, this thesis will detail the above mentioned methodology to optimise e-business Web Service interface to become more flexible, reusable and extendable. We will illustrate the design methodology using a purchase order business process example based on the Universal Business Language specification in order to demonstrate its effectiveness

Engineering E-Collaboration Processes to Obtain Innovative End-User Feedback on Advanced Web-Based Information Systems

In recent years, web-based information systems (WIS) and services have proliferated in all sectors of the economy. Unlike traditional IS, the development of WIS is evolutionary due to unceasing changes in the technological environment, regulation, and user needs. A new discipline, Web Engineering (WE), has emerged to promote systematic and disciplined approaches toward successful development of high-quality and ubiquitously usable WIS. User involvement is also a must for all organizations that aim to stay competitive and provide superior services for their customers. We have designed two structured e-collaboration processes for obtaining innovative end-user feedback on an advanced WIS under continuous evolution. Our feedback processes are purported for the perfective maintenance of WIS, where enhancements such as new functionality or increased efficiency are introduced continuously. We reflect on our experiences of two action research cycles through a Collaboration Engineering (CE) lens, and analyze the usefulness and suitability of the designed processes in these and other contexts. Our study contributes to the WE and CE streams of research by adding to the discussion of user-centered development and WIS evolution employing disciplined methods. For organizations, the developed e-collaboration processes offer novel means to involve end-users in their WIS development process. We believe that the designed processes may be applied in various WIS as well as in traditional IS contexts in different industries

Portinari: A Data Exploration Tool to Personalize Cervical Cancer Screening

Socio-technical systems play an important role in public health screening programs to prevent cancer. Cervical cancer incidence has significantly decreased in countries that developed systems for organized screening engaging medical practitioners, laboratories and patients. The system automatically identifies individuals at risk of developing the disease and invites them for a screening exam or a follow-up exam conducted by medical professionals. A triage algorithm in the system aims to reduce unnecessary screening exams for individuals at low-risk while detecting and treating individuals at high-risk. Despite the general success of screening, the triage algorithm is a one-size-fits all approach that is not personalized to a patient. This can easily be observed in historical data from screening exams. Often patients rely on personal factors to determine that they are either at high risk or not at risk at all and take action at their own discretion. Can exploring patient trajectories help hypothesize personal factors leading to their decisions? We present Portinari, a data exploration tool to query and visualize future trajectories of patients who have undergone a specific sequence of screening exams. The web-based tool contains (a) a visual query interface (b) a backend graph database of events in patients' lives (c) trajectory visualization using sankey diagrams. We use Portinari to explore diverse trajectories of patients following the Norwegian triage algorithm. The trajectories demonstrated variable degrees of adherence to the triage algorithm and allowed epidemiologists to hypothesize about the possible causes.Comment: Conference paper published at ICSE 2017 Buenos Aires, at the Software Engineering in Society Track. 10 pages, 5 figure

Educational data mining for tutoring support in Higher Education: a web-based tool case study in engineering degrees

This paper presents a web-based software tool for tutoring support of engineering students without any need of data scientist background for usage. This tool is focused on the analysis of students' performance, in terms of the observable scores and of the completion of their studies. For that purpose, it uses a data set that only contains features typically gathered by university administrations about the students, degrees and subjects. The web-based tool provides access to results from different analyses. Clustering and visualization in a low-dimensional representation of students' data help an analyst to discover patterns. The coordinated visualization of aggregated students' performance into histograms, which are automatically updated subject to custom filters set interactively by an analyst, can be used to facilitate the validation of hypotheses about a set of students. Classification of students already graduated over three performance levels using exploratory variables and early performance information is used to understand the degree of course-dependency of students' behavior at different degrees. The analysis of the impact of the student's explanatory variables and early performance in the graduation probability can lead to a better understanding of the causes of dropout. Preliminary experiments on data of the engineering students from the 6 institutions associated to this project were used to define the final implementation of the web-based tool. Preliminary results for classification and drop-out were acceptable since accuracies were higher than 90% in some cases. The usefulness of the tool is discussed with respect to the stated goals, showing its potential for the support of early profiling of students. Real data from engineering degrees of EU Higher Education institutions show the potential of the tool for managing high education and validate its applicability on real scenarios.This work was supported by the Erasmus+ Key Action 2 Strategic Partnerships KA203, funded by the European Commission, under Grant 2016-1-ES01-KA203-025452.info:eu-repo/semantics/publishedVersio

Strength of webs of I-beams and girders,

Cover title

MDA-based ATL transformation to generate MVC 2 web models

Development and maintenance of Web application is still a complex and error-prone process. We need integrated techniques and tool support for automated generation of Web systems and a ready prescription for easy maintenance. The MDA approach proposes an architecture taking into account the development and maintenance of large and complex software. In this paper, we apply MDA approach for generating PSM from UML design to MVC 2Web implementation. That is why we have developed two meta-models handling UML class diagrams and MVC 2 Web applications, then we have to set up transformation rules. These last are expressed in ATL language. To specify the transformation rules (especially CRUD methods) we used a UML profiles. To clearly illustrate the result generated by this transformation, we converted the XMI file generated in an EMF (Eclipse Modeling Framework) model.Comment: International Journal of Computer Science & Information Technology-201