Identifying a Criminal's Network of Trust

Tracing criminal ties and mining evidence from a large network to begin a crime case analysis has been difficult for criminal investigators due to large numbers of nodes and their complex relationships. In this paper, trust networks using blind carbon copy (BCC) emails were formed. We show that our new shortest paths network search algorithm combining shortest paths and network centrality measures can isolate and identify criminals' connections within a trust network. A group of BCC emails out of 1,887,305 Enron email transactions were isolated for this purpose. The algorithm uses two central nodes, most influential and middle man, to extract a shortest paths trust network.Comment: 2014 Tenth International Conference on Signal-Image Technology & Internet-Based Systems (Presented at Third International Workshop on Complex Networks and their Applications,SITIS 2014, Marrakesh, Morocco, 23-27, November 2014

Hybrid deep learning model using recurrent neural network and gated recurrent unit for heart disease prediction

This paper proposes a new hybrid deep learning model for heart disease prediction using recurrent neural network (RNN) with the combination of multiple gated recurrent units (GRU), long short-term memory (LSTM) and Adam optimizer. This proposed model resulted in an outstanding accuracy of 98.6876% which is the highest in the existing model of RNN. The model was developed in Python 3.7 by integrating RNN in multiple GRU that operates in Keras and Tensorflow as the backend for deep learning process, supported by various Python libraries. The recent existing models using RNN have reached an accuracy of 98.23% and deep neural network (DNN) has reached 98.5%. The common drawbacks of the existing models are low accuracy due to the complex build-up of the neural network, high number of neurons with redundancy in the neural network model and imbalance datasets of Cleveland. Experiments were conducted with various customized model, where results showed that the proposed model using RNN and multiple GRU with synthetic minority oversampling technique (SMOTe) has reached the best performance level. This is the highest accuracy result for RNN using Cleveland datasets and much promising for making an early heart disease prediction for the patients

Penetration Testing for IoT Security: The Case Study of a Wireless IP Security CAM

As the trend to use the Internet of Things (IoT) applications and devices increases, security and privacy have become key concerns. IoT application adoption has increased significantly over time, with sensitive data frequently gathered by IoT devices, accidentally or consciously. According to recent research, numerous types of IoT devices have substantial vulnerabilities, and in many cases, no security procedures are in place to secure them. The focus of this study was the security issues of Internet protocol (IP) cameras. The vulnerabilities of IP cameras were investigated in more depth, as well as their influence on security and privacy at the user level, in order to assist companies and security experts in predicting attacker behavior and securing the systems. The objective of this study was to research and uncover the security and privacy vulnerabilities associated with an IP camera. This was accomplished by performing a direct inspection of the camera. A real-world test was carried out with a VAVA Outdoor Wireless IP Security Cam, which was employed as a home security camera. Information was gathered from numerous sources on the Internet for this purpose, and then the software and hardware were used to examine the security features of this device. The findings of this study revealed that the IP camera contains security faults and vulnerabilities that put user safety at risk

Cybersecurity Vulnerabilities in Smart Grids with Solar Photovoltaic: A Threat Modelling and Risk Assessment Approach

Cybersecurity is a growing concern for smart grids, especially with the integration of solar photovoltaics (PVs). With the installation of more solar and the advancement of inverters, utilities are provided with real-time solar power generation and other information through various tools. However, these tools must be properly secured to prevent the grid from becoming more vulnerable to cyber-attacks. This study proposes a threat modeling and risk assessment approach tailored to smart grids incorporating solar PV systems. The approach involves identifying, assessing, and mitigating risks through threat modeling and risk assessment. A threat model is designed by adapting and applying general threat modeling steps to the context of smart grids with solar PV. The process involves the identification of device assets and access points within the smart grid infrastructure. Subsequently, the threats to these devices were classified utilizing the STRIDE model. To further prioritize the identified threat, the DREAD threat-risk ranking model is employed. The threat modeling stage reveals several high-risk threats to the smart grid infrastructure, including Information Disclosure, Elevation of Privilege, and Tampering. Targeted recommendations in the form of mitigation controls are formulated to secure the smart grid’s posture against these identified threats. The risk ratings provided in this study offer valuable insights into the cybersecurity risks associated with smart grids incorporating solar PV systems, while also providing practical guidance for risk mitigation. Tailored mitigation strategies are proposed to address these vulnerabilities. By taking proactive measures, energy sector stakeholders may strengthen the security of their smart grid infrastructure and protect critical operations from potential cyber threats

Systematic literature review for malware visualization techniques

Analyzing the activities or the behaviors of malicious scripts highly depends on extracted features. It is also significant to know which features are more effective for certain visualization types. Similarly, selecting an appropriate visualization technique plays a key role for analytical descriptive, diagnostic, predictive and prescriptive. Thus, the visualization technique should provide understandable information about the malicious code activities. This paper followed systematic literature review method in order to review the extracted features that are used to identify the malware, different types of visualization techniques and guidelines to select the right visualization techniques. An advanced search has been performed in most relevant digital libraries to obtain potentially relevant articles. The results demonstrate significant resources and types of features that are important to analyze malware activities and common visualization techniques that are currently used and methods to choose the right visualization technique in order to analyze the security events effectively

Analysis of Feature Categories for Malware Visualization

It is important to know which features are more effective for certain visualization types. Furthermore, selecting an appropriate visualization tool plays a key role in descriptive, diagnostic, predictive and prescriptive analytics. Moreover, analyzing the activities of malicious scripts or codes is dependent on the extracted features. In this paper, the authors focused on reviewing and classifying the most common extracted features that have been used for malware visualization based on specified categories. This study examines the features categories and its usefulness for effective malware visualization. Additionally, it focuses on the common extracted features that have been used in the malware visualization domain. Therefore, the conducted literature review finding revealed that the features could be categorized into four main categories, namely, static, dynamic, hybrid, and application metadata. The contribution of this research paper is about feature selection for illustrating which features are effective with which visualization tools for malware visualization

Secure web application development prototype using Enterprise Security Application Programming interface (ESAPI)

The web application has been playing a key role in the development of modem society. Unlike traditional applications, modem web applications are generally more exposed to untrusted users, data and transmission medium. According to a cenzic 2014 report 96% of all applications tested in 2013 have one or more serious security vulnerability. The root causes behind these vulnerabilities are lack of application security awareness, design flaws and secure coding. Fwthennore, developers frequently see functionality as more important than security. Therefore, this study proposed a simple implementation of the single security Application Programming Interface (API) that could minimize web application security flaws and prevent from critical malicious attacks. A prototype application is developed with open web Application Security Project (OWASP) enterprise security application API based on Rapid Application Development (RAD) methodology. Thus, this study been carried out with an aim to fill the gap between web application development and application security domain

A pilot analysis of factors affecting defense against social engineering attacks in the armed forces environment

Social engineering is a technique of deceiving people into giving away confidential information that could be useful to gain unauthorized access to an information system. Even to the most secured system, social engineering is a formidable threat. It is one of the most devastating threats to organizations and businesses. Unlike traditional hacking, social engineering is less or non-technological. It manipulates characteristics of human nature, exploiting people’s desire to be kind and helpful. The psychology leverage makes social engineering hard to defend against. This paper presents the identification of factors related to social engineering in the context of armed forces through a review of related literature. Prior works from previous studies are discussed, and factors have been identified based on certain criterion. This study executed a pilot analysis on 30 samples of respondents among Malaysian armed forces personnel. As a result, nine factors are identified that may affect defense against social engineering in the armed forces: Authority, Reciprocation, Commitment and Consistency, Diffusion of Responsibility, Scarcity, Friendliness and Liking, Awareness, Social Proof, and Trust