Reconstructing what you said: Text Inference using Smartphone Motion

Smartphones and tablets are becoming ubiquitous within our connected lives and as a result these devices are increasingly being used for more and more sensitive applications, such as banking. The security of the information within these sensitive applications is managed through a variety of different processes, all of which minimise the exposure of this sensitive information to other potentially malicious applications. This paper documents experiments with the 'zero-permission' motion sensors on the device as a side-channel for inferring the text typed into a sensitive application. These sensors are freely accessible without the phone user having to give permission. The research was able to, on average, identify nearly 30 percent of typed bigrams from unseen words, using a very small volume of training data, which was less than the size of a tweet. Given the natural redundancy in language this performance is often enough to understand the phrase being typed. We found that large devices were typically more vulnerable, as were users who held the device in one hand whilst typing with fingers. Of those bigrams which were not correctly identified over 60 percent of the errors involved the space bar and nearly half of the errors are within two keys on the keyboard

Its Not All About the Money: Self-efficacy and Motivation in Defensive and Offensive Cyber Security Professionals

Two important factors that define how humans go about performing tasks are self-efficacy and motivation. Through a better understanding of these factors, and how they are displayed by professionals in different roles within the cyber security discipline we can start to explore better ways to exploit the human capability within our cyber security. From our study of 137 cyber security professionals we found that those in attack-focussed roles displayed significantly higher-levels of self-efficacy than those in defensive-focussed roles. We also found those in attack-focussed roles demonstrated significantly higher levels of intrinsic motivation and significantly lower levels of externally regulated motivation. It should be noted we found no correlation with age or experience with either the focus of the practitioners task (whether offensive or defensive focussed) or their levels of motivation or self-efficacy. These striking findings further highlight the differences between those performing tasks that are self-described as offensive and those that are self-described as defensive. This also demonstrates the asymmetry that has long existed in cyber security from both a technical and opportunity viewpoint also exists in the human dimension

Deconstructing who you play: character choice in online gaming

The major growth in gaming over the last five to ten years has been through the expansion in online gaming, with the most frequent gamers now playing more games online than with others in person. The increase in cooperative multiplayer online gaming, where players who do not know each other come together in teams to achieve a common goal, leads to interesting social situations. The research in this paper is focussed on the online multiplayer game Overwatch, in this game playable characters are grouped into a number of classes and characters within these classes. A player chooses the character at the start of a given round, and whilst they can change the character during the game round this is generally undesirable. In this research we were interested in how players go about selecting a character for a given round of the game, this is a complex interaction where a player has to balance between personal character preference (either a character they enjoy playing or is well-mapped to their playstyle and skill) and ensuring a team has a balance of player classes. The interaction is complicated by the online nature meaning it is difficult to reward a team-mate for selecting a character they may not wish to play or playing a character which may mean they will perform poorly but the team will win. We recruited over 1000 Overwatch players and surveyed them on how they make their character choices within the game, they were also asked to complete various psychometric tests. We found that a gamers player ‘type’ (i.e. Killer, Achiever, Explorer or Socialiser) was defined by their agreeableness and their gender. We also found that player’s choice of character class was related to their level of agreeableness and extroversion modulated by the player’s gender. We also found that those who rate highly in conscientiousness and agreeableness and are socialisers or achievers were more likely to choose a character in order to achieve a balanced team rather than personal preference. The research is unique in the scale and number of respondents, it also addresses a problem in co-operative gaming where players must negotiate the composition of a team. This negotiation is often performed without any background knowledge of other player’s skill levels, this is the first study at this scale considering this within the context of co-operative online gaming

Caught in the act of an insider attack: detection and assessment of insider threat

The greatest asset that any organisation has are its people, but they may also be the greatest threat. Those who are within the organisation may have authorised access to vast amounts of sensitive company records that are essential for maintaining competitiveness and market position, and knowledge of information services and procedures that are crucial for daily operations. In many cases, those who have such access do indeed require it in order to conduct their expected workload. However, should an individual choose to act against the organisation, then with their privileged access and their extensive knowledge, they are well positioned to cause serious damage. Insider threat is becoming a serious and increasing concern for many organisations, with those who have fallen victim to such attacks suffering significant damages including financial and reputational. It is clear then, that there is a desperate need for more effective tools for detecting the presence of insider threats and analyzing the potential of threats before they escalate. We propose Corporate Insider Threat Detection (CITD), an anomaly detection system that is the result of a multi-disciplinary research project that incorporates technical and behavioural activities to assess the threat posed by individuals. The system identifies user and role-based profiles, and measures how users deviate from their observed behaviours to assess the potential threat that a series of activities may pose. In this paper, we present an overview of the system and describe the concept of operations and practicalities of deploying the system. We show how the system can be utilised for unsupervised detection, and also how the human analyst can engage to provide an active learning feedback loop. By adopting an accept or reject scheme, the analyst is capable of refining the underlying detection model to better support their decisionmaking process and significant reduce the false positive rate

Automated insider threat detection system using user and role-based profile assessment

© 2007-2012 IEEE. Organizations are experiencing an ever-growing concern of how to identify and defend against insider threats. Those who have authorized access to sensitive organizational data are placed in a position of power that could well be abused and could cause significant damage to an organization. This could range from financial theft and intellectual property theft to the destruction of property and business reputation. Traditional intrusion detection systems are neither designed nor capable of identifying those who act maliciously within an organization. In this paper, we describe an automated system that is capable of detecting insider threats within an organization. We define a tree-structure profiling approach that incorporates the details of activities conducted by each user and each job role and then use this to obtain a consistent representation of features that provide a rich description of the user's behavior. Deviation can be assessed based on the amount of variance that each user exhibits across multiple attributes, compared against their peers. We have performed experimentation using ten synthetic data-driven scenarios and found that the system can identify anomalous behavior that may be indicative of a potential threat. We also show how our detection system can be combined with visual analytics tools to support further investigation by an analyst

A Comparison of the Effects of Moderate-Intensity Continuous Cycling and High-Intensity Interval Cycling on Postprandial Lipemia and Glycemia

Both moderate-intensity continuous exercise (MICE) and high-intensity interval exercise (HIIE) has been reported to reduce the magnitude of postprandial lipemia and glycemia. It is unclear if performing MICE or HIIE of similar duration and work would have a comparable effect on postprandial lipemia or glycemia. PURPOSE: Examine the postprandial lipemic and glycemic response following the completion of high-intensity interval cycling (HIIC) and moderate-intensity continuous cycling (MICC) that is of equal duration and comparable work output. METHODS: Participants were mildly active males (n = 12; age = 21.9 ± 1.8 yrs; body mass = 90.1 ± 16.8 kg; BF% = 25.9 ± 8.6). Each participant completed a graded exercise test on a cycle ergometer to determine their maximal work rate (WRmax). For the study, each participant completed a bout of 1) REST, 2) MICC, and 3) HIIC in a randomized order. Each bout was performed for 20 minutes on the afternoon of Day 1. Each bout was separated by at least 1 week. Rest involved sitting quietly in the laboratory. MICC required continuous cycling at 60% WRmax. HIIC involved 15-second cycling sprints at 120% WRmax followed with 45 seconds of cycling at 40% WRmax. A mixed meal (50% carbohydrate (CHO), 35% fat, 6.4 ± 1.2 kcal/kgBW) was provided 30 minutes following the completion of each bout. Blood samples were acquired just prior to each bout and at 0, 0.5, 1, and 2 hours following the completion of the meal (post-meal). The next morning (Day 2), following a 10-hour fast, a 2nd mixed meal was provided. Blood samples on Day 2 were acquired at 0, 2, and 4 hours post-meal. Blood samples were analyzed for glucose, insulin, and triglyceride (TG) concentration. The postprandial (PP) response was quantified via the total (AUCT)and incremental area under the curve (AUCI) using the trapezoidal method. Significant differences (pRESULTS: The average heart rate was significantly higher (p=.037, ES = 1.1) during HIIC (163.3 ± 7.3) compared to MICC (154.4 ± 8.5). Average work output (Watts) was similar between MICC (122.5 ± 25.4) and HIIC (110.3 ± 14.7) (p = .091, ES = .51). On Day 1, there was no significant difference in the PP glucose, insulin, or TG response between the 3 bouts. On Day 2, there was no significant difference in the PP glucose or insulin response. On Day 2, MICC did reduce the TG AUCT (442.9 ± 76.4mg·dl-1·4hr-1) when compared to rest (487.4 ± 104.4mg·dl-1·4hr-1) (p = .02, ES = .43). HIIC did not reduce the TG AUCT on Day 2 (454.8 ± 72.3mg·dl-1·4hr-1), (p = .076, ES = .31). There was no difference in the AUCI between the 3 bouts for any of the postprandial measurements on Day 1 or Day 2. CONCLUSION: A brief bout of MICC and HIIC does not influence the PP response when completed just prior to a mixed meal. There may be a delayed response to exercise as MICC reduced the postprandial triglyceride (PPTG) concentration when completed approximately 16 hours prior to a mixed meal. While HIIC did not reduce PPTG on Day 2 there was a trend towards a significant reduction. The delayed reduction in the PPTG concentration may be associated with a delayed increase in lipoprotein lipase activity which may occur 4 – 18 hours following the completion of exercise. The lack of change in the PP glucose and insulin response might be explained by a wide inter-individual variance as half of the participants appeared to have responded to the exercise bouts based on their PP glucose and insulin concentration

The Language of Biometrics: Analysing Public Perceptions

There is an increasing shift in technology towards biometric solutions, but one of the biggest barriers to widespread use is the acceptance by the users. In this paper we investigate the understanding, awareness and acceptance of biometrics by the general public. The primary research method was a survey, which had 282 respondents, designed to gauge public opinion around biometrics. Additionally, qualitative data was captured in the form of the participants' definition of the term biometrics. We applied thematic analysis as well as an automated Word Vector analysis to this data to provide a deeper insight into the perceptions and understanding of the term. Our results demonstrate that while there is generally a reasonable level of understanding of what biometrics are, this is typically limited to the techniques that are most familiar to participants (e.g., fingerprints or facial recognition). Most notably individuals' awareness overlooks emerging areas such as behavioural biometrics (e.g., gait). This was also apparent when we compared participants' views to definitions provided by official, published sources (e.g., ISO, NIST, OED, DHS). Overall, this article provides unique insight into the perceptions and understanding of biometrics as well as areas where users may lack knowledge on biometric applications

Towards Supply Chain 5.0: Redesigning Supply Chains as Resilient, Sustainable, and Human-Centric Systems in a Post-pandemic World

From Springer Nature via Jisc Publications RouterHistory: received 2023-03-19, registration 2023-06-08, accepted 2023-06-08, epub 2023-07-29, online 2023-07-29, collection 2023-09Publication status: PublishedStefania Paladini - ORCID: 0000-0002-1526-3589 https://orcid.org/0000-0002-1526-3589The purpose was to investigate the impact of the Industry 5.0 paradigm on the supply chain research field. Our study contributes to the conceptualization of supply chain 5.0, a term that has been receiving increased attention as supply chains adapt to the fifth industrial revolution. We conducted a systematic literature network analysis (SLNA) to examine the research landscape of Industry 5.0 supply chains. We used VOSViewer software and Bibliometrix R-package for multiple bibliometric analyses using 682 documents published between 2016 and 2022. We present a comprehensive framework of supply chain 5.0, including its key concepts, technologies, and trends. Additionally, this research offers a future research agenda to inspire and support further development in this field. We utilized three academic databases for bibliometric analyses: Dimension, Scopus and Lens. Additional databases could provide a wider research landscape and better field representation. We demonstrate how Industry 5.0 enables supply chain evaluation and optimization to assist companies in navigating disruptions without compromising competitiveness and profitability and provide a unique contribution to the field of supply chain 5.0 by exploring promising research areas and guiding the transition to this new paradigm for practitioners and scholars.pubpu

Increasing the accessibility of NLP techniques for Defence and Security using a web-based tool

As machine learning becomes more common in defence and security, there is a real risk that the low accessibility of techniques to non-specialists will hinder the process of operationalising the technologies. This poster will present a tool to support a variety of Natural Language Processing (NLP) techniques including the management of corpora – data sets of documents used for NLP tasks, creating and training models, in addition to visualising the output of the models. The aim of this tool is to allow non-specialists to exploit complex NLP techniques to understand the content of large volumes of reports. NLP techniques are the mechanisms by which a machine can process and analyse text written by humans. These methods can used for a range of tasks including categorising documents, translation and summarising text. For many of these tasks the ability to process and analyse large corpora of text is key. With current methods, the ability to manage corpora is rarely considered, instead relying on researchers and practitioners to do this manually in their file system. To train models, researchers use ad-hoc code directly, writing scripts or code and compiling or running them through an interpreter. These approaches can be a challenge when working in multidisciplinary fields, such as defence and security and cyber security. This is even more salient when delivering research where outputs may be operationalised and the accessibility can be a limiting factor in their deployment and use. We present a web interface that uses an asynchronous service-based architecture to enable non-specialists to easily manage multiple large corpora and create and operationalise a variety of different models – at this early stage we have focussed on one NLP technique, that of topic models. This tool-support has been created as part of a project considering the use of NLP to better understand reports of insider threat attacks. These are security incidents where the attacker is a member of staff or another trusted individual. Insider threat attacks are particularly difficult to defend against due to the level of access these individuals gain during the regular course of their employment. The wider use of these techniques would generate greater impact both tactically in defending against these attacks and strategically in developing policy and procedures. There are tools available, however they are often complex and perform a single-task, limiting their use. To generate maximum impact from our research we have developed this web-based software to make the tools more accessible, especially to non-specialist researchers, customers and potential users