A torture-free cyber space : a human right

Definitions of torture range from the emotive to the legal. The media sometimes uses the term in a loose or informal sense – for example, to refer to the pain felt when one's sports team loses a crucial game. This dangerous practice detracts from the severity of torture as defined in law. When international human rights instruments describe the treatment of prisoners as torture, they are referring to severe suffering. News reports also use the term in a non-legal, informal sense to refer to the effects of cyber-bullying. In some instances cyber-bullying can meet the severity-of-suffering aspect of the legal definition of torture, as we will examine

A multilabel fuzzy relevance clustering system for malware attack attribution in the edge layer of cyber-physical networks

The rapid increase in the number of malicious programs has made malware forensics a daunting task and caused users’ systems to become in danger. Timely identification of malware characteristics including its origin and the malware sample family would significantly limit the potential damage of malware. This is a more profound risk in Cyber-Physical Systems (CPSs), where a malware attack may cause significant physical damage to the infrastructure. Due to limited on-device available memory and processing power in CPS devices, most of the efforts for protecting CPS networks are focused on the edge layer, where the majority of security mechanisms are deployed. Since the majority of advanced and sophisticated malware programs are combining features from different families, these malicious programs are not similar enough to any existing malware family and easily evade binary classifier detection. Therefore, in this article, we propose a novel multilabel fuzzy clustering system for malware attack attribution. Our system is deployed on the edge layer to provide insight into applicable malware threats to the CPS network. We leverage static analysis by utilizing Opcode frequencies as the feature space to classify malware families. We observed that a multilabel classifier does not classify a part of samples. We named this problem the instance coverage problem. To overcome this problem, we developed an ensemble-based multilabel fuzzy classification method to suggest the relevance of a malware instance to the stricken families. This classifier identified samples of VirusShare, RansomwareTracker, and BIG2015 with an accuracy of 94.66%, 94.26%, and 97.56%, respectively

Investigating the antecedents to the adoption of SCRM technologies by start-up companies

Despite their fairly recent emergence, start-up companies now play an important role in the economic development of countries around the globe. These companies have fewer tangible assets and capital, and therefore, the efficient delivery of services and products is a key business priority for them. Customer relationship management (CRM) technologies, which are designed to facilitate customer engagement during the design, development and delivery of services and products may play a significant role in the success or failure of start-up companies. Developments in new communication technologies have transformed traditional CRM into electronic CRM (eCRM), mobile CRM (mCRM); and more recently, social CRM (SCRM). However, there remains very little understanding of the factors affecting SCRM adoption in start-up businesses. The relative newness of SCRM technologies, coupled with the swiftly evolving nature of start-up companies: which has made them difficult cases to study – has limited the amount of research undertaken in this area. This paper aims to close this gap by proposing a framework that depicts the factors affecting start-up companies’ intention to adopt SCRM applications, and explores the relative importance of these factors. Inspired by an extended Technological, Organisational and Environmental (TOE) framework, this paper investigates effects of technological characteristics (TC), organisational characteristics (OC), environmental characteristics (EC) and managerial characteristics (MC) on start-up companies’ intentions to adopt SCRM applications. The results outlined in this research indicate that the observability, compatibility and trialability of SCRM solutions positively affect SCRM adoption in start-up businesses. Moreover, the availability of internal financial resources has a similarly positive effect. When considering environmental characteristics, it was found that support from venture capitalists, crowd funding support, governmental support, business angels support and external pressure all positively affect the intention to adopt SCRM applications within start-up businesses

Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning

Internet of Things (IoT) in military setting generally consists of a diverse range of Internet-connected devices and nodes (e.g. medical devices to wearable combat uniforms), which are a valuable target for cyber criminals, particularly state-sponsored or nation state actors. A common attack vector is the use of malware. In this paper, we present a deep learning based method to detect Internet Of Battlefield Things (IoBT) malware via the device's Operational Code (OpCode) sequence. We transmute OpCodes into a vector space and apply a deep Eigenspace learning approach to classify malicious and bening application. We also demonstrate the robustness of our proposed approach in malware detection and its sustainability against junk code insertion attacks. Lastly, we make available our malware sample on Github, which hopefully will benefit future research efforts (e.g. for evaluation of proposed malware detection approaches)

A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment

Vulnerability assessment (e.g., vulnerability identification and exploitation; also referred to as penetration testing) is a relatively mature industry, although attempting to keep pace with the diversity of computing and digital devices that need to be examined is challenging. Hence, there has been ongoing interest in exploring the potential of artificial intelligence to enhance penetration testing and vulnerability identification of systems, as evidenced by the systematic literature review performed in this paper. In this review, we focus only on empirical papers, and based on the findings, we identify a number of potential research challenges and opportunities, such as scalability and the need for real-time identification of exploitable vulnerabilities

Detecting crypto-ransomware in IoT networks based on energy consumption footprint

An Internet of Things (IoT) architecture generally consists of a wide range of Internet-connected devices or things such as Android devices, and devices that have more computational capabilities (e.g., storage capacities) are likely to be targeted by ransomware authors. In this paper, we present a machine learning based approach to detect ransomware attacks by monitoring power consumption of Android devices. Specifically, our proposed method monitors the energy consumption patterns of different processes to classify ransomware from non-malicious applications. We then demonstrate that our proposed approach out-performs K-Nearest Neighbors, Neural Networks, Support Vector Machine and Random Forest, in terms of accuracy rate, recall rate, precision rate and F-measure

CloudMe forensics : a case of big-data investigation

The significant increase in the volume, variety and velocity of data complicates cloud forensic efforts, as such big data will, at some point, become computationally expensive to be fully extracted and analyzed in a timely manner. Thus, it is important for a digital forensic practitioner to have a well-rounded knowledge about the most relevant data artefacts that could be forensically recovered from the cloud product under investigation. In this paper, CloudMe, a popular cloud storage service, is studied. The types and locations of the artefacts relating to the installation and uninstallation of the client application, logging in and out, and file synchronization events from the computer desktop and mobile clients are described. Findings from this research will pave the way towards the development of tools and techniques (e.g. data mining techniques) for cloud-enabled big data endpoint forensics investigation

A survey on privacy issues in digital forensics

Privacy issues have always been a major concern in computer forensics and security and in case of any investigation whether it is pertaining to computer or not always privacy issues appear. To enable privacy’s protection in the physical world we need the law that should be legislated, but in a digital world by rapidly growing of technology and using the digital devices more and more that generate a huge amount of private data it is impossible to provide fully protected space in cyber world during the transfer, store and collect data. Since its introduction to the field, forensics investigators, and developers have faced challenges in finding the balance between retrieving key evidences and infringing user privacy. This paper looks into developmental trends in computer forensics and security in various aspects in achieving such a balance. In addition, the paper analyses each scenario to determine the trend of solutions in these aspects and evaluate their effectiveness in resolving the aforementioned issues

Trends in android malware detection

This paper analyzes different Android malware detection techniques from several research papers, some of these techniques are novel while others bring a new perspective to the research work done in the past. The techniques are of various kinds ranging from detection using host based frameworks and static analysis of executable to feature extraction and behavioral patterns. Each paper is reviewed extensively and the core features of each technique are highlighted and contrasted with the others. The challenges faced during the development of such techniques are also discussed along with the future prospects for Android malware detection. The findings of the review have been well documented in this paper to aid those making an effort to research in the area of Android malware detection by understanding the current scenario and developments that have happened in the field thus far

Digital forensics trends and future

Nowadays, rapid evolution of computers and mobile phones has caused these devices to be used in criminal activities. Providing appropriate and sufficient security measures is a difficult job due to complexity of devices which makes investigating crimes involving these devices even harder. Digital forensic is the procedure of investigating computer crimes in the cyber world. Many researches have been done in this area to help forensic investigation to resolve existing challenges. This paper attempts to look into trends of applications of digital forensics and security at hand in various aspects and provide some estimations about future research trends in this area