Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351935
T. Manesh, S. M. Abd El-atty, M. Sha, B. Brijith, K. Vivekanandan
The deployment of Voice over Internet Protocol (VoIP) in place of traditional communication facilities has helped in huge reduction in operating costs, as well as enabled adoption of next generation communication services-based IP. At the same time, cyber criminals have also started intercepting environment and creating challenges for law enforcement system in any Country. At this instant, we propose a framework for the forensic analysis of the VoIP traffic over the network. This includes identifying and analyzing of network patterns of VoIP- SIP which is used for the setting up a session for the communication, and VoIP-RTP which is used for sending the data. Our network forensic investigation framework also focus on developing an efficient packet reordering and reconstruction algorithm for tracing the malicious users involved in conversation. The proposed framework is based on network forensics which can be used for content level observation of VoIP and regenerate original malicious content or session between malicious users for their prosecution in the court.
{"title":"Forensic investigation framework for VoIP protocol","authors":"T. Manesh, S. M. Abd El-atty, M. Sha, B. Brijith, K. Vivekanandan","doi":"10.1109/ANTI-CYBERCRIME.2015.7351935","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351935","url":null,"abstract":"The deployment of Voice over Internet Protocol (VoIP) in place of traditional communication facilities has helped in huge reduction in operating costs, as well as enabled adoption of next generation communication services-based IP. At the same time, cyber criminals have also started intercepting environment and creating challenges for law enforcement system in any Country. At this instant, we propose a framework for the forensic analysis of the VoIP traffic over the network. This includes identifying and analyzing of network patterns of VoIP- SIP which is used for the setting up a session for the communication, and VoIP-RTP which is used for sending the data. Our network forensic investigation framework also focus on developing an efficient packet reordering and reconstruction algorithm for tracing the malicious users involved in conversation. The proposed framework is based on network forensics which can be used for content level observation of VoIP and regenerate original malicious content or session between malicious users for their prosecution in the court.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124815911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351938
M. Basharat, W. Ejaz, Syed Hassan Ahmed
Recently cognitive radio technology gets attention to enhance the performance of smart grid communication networks. In this paper, we present a cognitive radio enabled smart grid architecture. We then discuss major cyber security challenges in smart grid deployment and additional challenges introduced by cognitive radio technology. Spectrum sensing is one of the important aspect for opportunistic spectrum access in cognitive radio enabled smart grid networks. Cooperative spectrum sensing can improve the sensing performance in which multiple cognitive radio users cooperate to sense primary user bands. However, cooperative spectrum sensing is vulnerable to incumbent emulation and spectrum sensing data falsification (SSDF) attacks. Thus, we propose a two-stage scheme for defense against SSDF attacks. Simulation results show that the proposed two-stage scheme can identify and exclude the attackers accurately.
{"title":"Securing cognitive radio enabled smart grid systems against cyber attacks","authors":"M. Basharat, W. Ejaz, Syed Hassan Ahmed","doi":"10.1109/ANTI-CYBERCRIME.2015.7351938","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351938","url":null,"abstract":"Recently cognitive radio technology gets attention to enhance the performance of smart grid communication networks. In this paper, we present a cognitive radio enabled smart grid architecture. We then discuss major cyber security challenges in smart grid deployment and additional challenges introduced by cognitive radio technology. Spectrum sensing is one of the important aspect for opportunistic spectrum access in cognitive radio enabled smart grid networks. Cooperative spectrum sensing can improve the sensing performance in which multiple cognitive radio users cooperate to sense primary user bands. However, cooperative spectrum sensing is vulnerable to incumbent emulation and spectrum sensing data falsification (SSDF) attacks. Thus, we propose a two-stage scheme for defense against SSDF attacks. Simulation results show that the proposed two-stage scheme can identify and exclude the attackers accurately.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117225264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351949
Baber Majid Bhatti, N. Sami
In today's fast changing world, cybercrimes are growing at perturbing pace. At the very definition of it, cybercrimes get engendered by capitalizing on threats and exploitation of vulnerabilities. However, recent history reveals that such crimes often come with surprises and seldom follow the trends. This puts the defense systems behind in the race, because of their inability to identify new patters of cybercrime and to ameliorate to the required levels of security. This paper visualizes the empowerment of security systems through real-time data mining by the virtue of which these systems will be able to dynamically identify patterns of cybercrimes. This will help those security systems stepping up their defense capabilities, while adapting to the required levels posed by newly germinating patterns. In order to confine within scope of this paper, the application of this approach is being discussed in the context of selected scenarios ofcybercrime.
{"title":"Building adaptive defense against cybercrimes using real-time data mining","authors":"Baber Majid Bhatti, N. Sami","doi":"10.1109/ANTI-CYBERCRIME.2015.7351949","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351949","url":null,"abstract":"In today's fast changing world, cybercrimes are growing at perturbing pace. At the very definition of it, cybercrimes get engendered by capitalizing on threats and exploitation of vulnerabilities. However, recent history reveals that such crimes often come with surprises and seldom follow the trends. This puts the defense systems behind in the race, because of their inability to identify new patters of cybercrime and to ameliorate to the required levels of security. This paper visualizes the empowerment of security systems through real-time data mining by the virtue of which these systems will be able to dynamically identify patterns of cybercrimes. This will help those security systems stepping up their defense capabilities, while adapting to the required levels posed by newly germinating patterns. In order to confine within scope of this paper, the application of this approach is being discussed in the context of selected scenarios ofcybercrime.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127099266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351951
Sultan Ullah, Muhammad Amir, Mudasser A. Khan, Hamid Asmat, K. Habib
The growth of Internet in Pakistan is exceptional; it reached to the heights of popularity for an ever changing medium of information and communication in a major conservative society. This brings freedom of expression, communication and information across the country which struggled to provide free speech and information access to its people. The Internet penetration is increasing very rapidly; it is very important to observe the impact of it on the society; especially when the government is constantly trying to formulate the regulation for controlling the cyber space. A well regulated cyber space leads to the expansion of information technology services speedily. This paper focuses on the prevailing development of governance policies for cyber space and defies among the agencies and information technology venders. Moreover, the case study of national bank of Pakistan and other cyber crime survey shows that a lot of law making is needed in order to reduce the chances of cyber crime.
{"title":"Pakistan and cyber crimes: Problems and preventions","authors":"Sultan Ullah, Muhammad Amir, Mudasser A. Khan, Hamid Asmat, K. Habib","doi":"10.1109/ANTI-CYBERCRIME.2015.7351951","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351951","url":null,"abstract":"The growth of Internet in Pakistan is exceptional; it reached to the heights of popularity for an ever changing medium of information and communication in a major conservative society. This brings freedom of expression, communication and information across the country which struggled to provide free speech and information access to its people. The Internet penetration is increasing very rapidly; it is very important to observe the impact of it on the society; especially when the government is constantly trying to formulate the regulation for controlling the cyber space. A well regulated cyber space leads to the expansion of information technology services speedily. This paper focuses on the prevailing development of governance policies for cyber space and defies among the agencies and information technology venders. Moreover, the case study of national bank of Pakistan and other cyber crime survey shows that a lot of law making is needed in order to reduce the chances of cyber crime.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127034954","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351958
Andrew T. M. Phillips, J. Impagliazzo
This conference presentation describes a process for developing a multidisciplinary curriculum in cyberscience. The process presented is a broad-based approach designed to support a four-year undergraduate cyberscience curriculum applicable to diverse institutions of higher learning.
{"title":"Toward an multidisciplinary curriculum in cyberscience","authors":"Andrew T. M. Phillips, J. Impagliazzo","doi":"10.1109/ANTI-CYBERCRIME.2015.7351958","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351958","url":null,"abstract":"This conference presentation describes a process for developing a multidisciplinary curriculum in cyberscience. The process presented is a broad-based approach designed to support a four-year undergraduate cyberscience curriculum applicable to diverse institutions of higher learning.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122220740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351952
Adnan Amin, S. Anwar, A. Adnan, Muhammad Aamir Khan, Zafar Iqbal
The rapidly rising usage of telecommunication and information networks which inter-connect modern society through computers, smart phones and other electronic devices has led to security threats and cyber-crimes (CC) activities. These cybercrime activities has ultimately resulted in CC attack classification as a serious problem in network security domain while machine learning has been subjected to extensive research area in intrusion classification with emphasis on improving the rate of classifier's accuracy or improving the data mining model performance. This study is another attempt, using rough set theory (RST), a rule based decision making approach to extract rules for intrusion attacks classification. Experiments were performed on publicly available data to explore the performance of four different algorithms e.g. genetic algorithm, covering algorithm, LEM2 and Exhaustive algorithms. It is observed that RST classification based on genetic algorithm for rules generation yields best performance as compared to other mentioned rules generation algorithms. Moreover, by applying the proposed technique on publicly available dataset about intrusion attacks, the results show that the proposed approach can fully predict all intrusion attacks and also provides prior useful information to the security engineers or developers to conduct a mandating action.
{"title":"Classification of cyber attacks based on rough set theory","authors":"Adnan Amin, S. Anwar, A. Adnan, Muhammad Aamir Khan, Zafar Iqbal","doi":"10.1109/ANTI-CYBERCRIME.2015.7351952","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351952","url":null,"abstract":"The rapidly rising usage of telecommunication and information networks which inter-connect modern society through computers, smart phones and other electronic devices has led to security threats and cyber-crimes (CC) activities. These cybercrime activities has ultimately resulted in CC attack classification as a serious problem in network security domain while machine learning has been subjected to extensive research area in intrusion classification with emphasis on improving the rate of classifier's accuracy or improving the data mining model performance. This study is another attempt, using rough set theory (RST), a rule based decision making approach to extract rules for intrusion attacks classification. Experiments were performed on publicly available data to explore the performance of four different algorithms e.g. genetic algorithm, covering algorithm, LEM2 and Exhaustive algorithms. It is observed that RST classification based on genetic algorithm for rules generation yields best performance as compared to other mentioned rules generation algorithms. Moreover, by applying the proposed technique on publicly available dataset about intrusion attacks, the results show that the proposed approach can fully predict all intrusion attacks and also provides prior useful information to the security engineers or developers to conduct a mandating action.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124879541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351956
Saad Zafar, Muhammad Babar Tiwana
The modern malware poses serious security threats because of its evolved capability of using staged and persistent attack while remaining undetected over a long period of time to perform a number of malicious activities. The challenge for malicious actors is to gain initial control of the victim's machine by bypassing all the security controls. The most favored bait often used by attackers is to deceive users through a trusting or interesting email containing a malicious attachment or a malicious link. To make the email credible and interesting the cybercriminals often perform reconnaissance activities to find background information on the potential target. To this end, the value of information found on the discarded or stolen storage devices is often underestimated or ignored. In this paper, we present the partial results of analysis of one such hard disk that was purchased from the open market. The data found on the disk contained highly sensitive personal and organizational data. The results from the case study will be useful in not only understanding the involved risk but also creating awareness of related threats.
{"title":"Discarded hard disks — A treasure trove for cybercriminals: A case study of recovered sensitive data from a discarded hard disk","authors":"Saad Zafar, Muhammad Babar Tiwana","doi":"10.1109/ANTI-CYBERCRIME.2015.7351956","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351956","url":null,"abstract":"The modern malware poses serious security threats because of its evolved capability of using staged and persistent attack while remaining undetected over a long period of time to perform a number of malicious activities. The challenge for malicious actors is to gain initial control of the victim's machine by bypassing all the security controls. The most favored bait often used by attackers is to deceive users through a trusting or interesting email containing a malicious attachment or a malicious link. To make the email credible and interesting the cybercriminals often perform reconnaissance activities to find background information on the potential target. To this end, the value of information found on the discarded or stolen storage devices is often underestimated or ignored. In this paper, we present the partial results of analysis of one such hard disk that was purchased from the open market. The data found on the disk contained highly sensitive personal and organizational data. The results from the case study will be useful in not only understanding the involved risk but also creating awareness of related threats.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126069808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351957
Laura Jacob
Participants attending this special lecture will learn why current laws prohibiting cyberstalking are difficult to enforce and how an additional protocol to the Budapest Convention could help.
{"title":"Cyberstalking: An international crime [IEEE SSIT special lecture]","authors":"Laura Jacob","doi":"10.1109/ANTI-CYBERCRIME.2015.7351957","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351957","url":null,"abstract":"Participants attending this special lecture will learn why current laws prohibiting cyberstalking are difficult to enforce and how an additional protocol to the Budapest Convention could help.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128285877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351934
Taher Ahmed Ghaleb
The mass-production of online websites is one of the most confrontations of detecting cybercriminal activities. Monitoring the construction or visitation of such websites is somewhat unsophisticated process if it relies on filtering the URL addresses alone, like Proxy. However, user online interactions can be concealed if passed through security protocols or anonymity networks, like Tor. Nowadays, Tor has been widely used to conceal website addresses, web page contents, user actions, and user anonymity. On the other hand, website traffic analysis and fingerprinting techniques endeavor to break such privacy by revealing user actions and anonymity. Basically, this is considered as a negative behavior. However, in this paper, we study how fingerprinting techniques can positively be adapted by Internet Service Providers to be used against Cybercrime activities. In other words, fingerprinting techniques can play a vital role for investigating and mitigating cybercrimes. We present several fingerprinting techniques and countermeasures from a cybercrime point of view. Then, we (1) illustrate how fingerprinting techniques can be applied as cybercrime investigation models, and (2) discuss the expected challenges of such application.
{"title":"Website fingerprinting as a cybercrime investigation model: Role and challenges","authors":"Taher Ahmed Ghaleb","doi":"10.1109/ANTI-CYBERCRIME.2015.7351934","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351934","url":null,"abstract":"The mass-production of online websites is one of the most confrontations of detecting cybercriminal activities. Monitoring the construction or visitation of such websites is somewhat unsophisticated process if it relies on filtering the URL addresses alone, like Proxy. However, user online interactions can be concealed if passed through security protocols or anonymity networks, like Tor. Nowadays, Tor has been widely used to conceal website addresses, web page contents, user actions, and user anonymity. On the other hand, website traffic analysis and fingerprinting techniques endeavor to break such privacy by revealing user actions and anonymity. Basically, this is considered as a negative behavior. However, in this paper, we study how fingerprinting techniques can positively be adapted by Internet Service Providers to be used against Cybercrime activities. In other words, fingerprinting techniques can play a vital role for investigating and mitigating cybercrimes. We present several fingerprinting techniques and countermeasures from a cybercrime point of view. Then, we (1) illustrate how fingerprinting techniques can be applied as cybercrime investigation models, and (2) discuss the expected challenges of such application.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"133 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122014109","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-12-10DOI: 10.1109/ANTI-CYBERCRIME.2015.7351928
Mohammed S. Al-Sanea, Ahmad A. Al-Daraiseh
Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people's life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia's websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia's websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.
{"title":"Security evaluation of Saudi Arabia's websites using open source tools","authors":"Mohammed S. Al-Sanea, Ahmad A. Al-Daraiseh","doi":"10.1109/ANTI-CYBERCRIME.2015.7351928","DOIUrl":"https://doi.org/10.1109/ANTI-CYBERCRIME.2015.7351928","url":null,"abstract":"Using e-services in Saudi Arabia is growing. Using such services offers a wide range of benefits and makes people's life easier. However, the development and the deployment of these e-services on the Internet increase the likelihood of exposure to cyber-attacks. Attackers take advantage of vulnerabilities in these e-services. Vulnerabilities arise as a result of weaknesses in the programming, miss-configuration or lack of updates. It is unfortunate that only little effort is done to evaluate the security posture of Saudi Arabia's websites. In this paper, 150 Financial, Academic, Governmental and commercial organizations websites were assessed using open source tools. In addition, a comparison between governmental and commercial websites was done based on the numbers of vulnerabilities found. The results show that Saudi Arabia's websites suffer from high, medium and low impact vulnerabilities. For example; 17.5% of websites are vulnerable to SQL injection, 13.5% are vulnerable to Shell injection, and 61% are vulnerable to Clickjacking. Finally, the evaluation showed that commercial websites are more secure than governmental websites.","PeriodicalId":220556,"journal":{"name":"2015 First International Conference on Anti-Cybercrime (ICACC)","volume":"12 9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125649764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: