Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165941
Jie Gu, Heng Xu, An'an Hu, Lihua Huang
Privacy invasion via mobile applications is a big issue in the mobile age. This study focuses on China's Android market where a few application stores are available to adopt applications. Recognizing that these stores vary in presenting permission notice, this study examines the effect of two features of a permission notice, i.e., permission sensitivity and permission explanation, on Android users' privacy-related perceptions. Results of our scenario-based study suggest that while the disclosure of highly sensitive permissions increases users' privacy concerns to an application, it also boosts users' initial trust to an unfamiliar application store. Moreover, users' trust to the application store is a necessary condition for the efficiency of permission explanation to reduce users' privacy concerns. In addition to enhancing our theoretical understanding of the role of initial trust in Chinese Android users' elaboration of permission notice, these findings have important implications for both China's application stores and application developers.
{"title":"Exploring the effect of permission notice on users' initial trust to an application store: The case of China's Android application market","authors":"Jie Gu, Heng Xu, An'an Hu, Lihua Huang","doi":"10.1109/ISI.2015.7165941","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165941","url":null,"abstract":"Privacy invasion via mobile applications is a big issue in the mobile age. This study focuses on China's Android market where a few application stores are available to adopt applications. Recognizing that these stores vary in presenting permission notice, this study examines the effect of two features of a permission notice, i.e., permission sensitivity and permission explanation, on Android users' privacy-related perceptions. Results of our scenario-based study suggest that while the disclosure of highly sensitive permissions increases users' privacy concerns to an application, it also boosts users' initial trust to an unfamiliar application store. Moreover, users' trust to the application store is a necessary condition for the efficiency of permission explanation to reduce users' privacy concerns. In addition to enhancing our theoretical understanding of the role of initial trust in Chinese Android users' elaboration of permission notice, these findings have important implications for both China's application stores and application developers.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115597003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165944
Victor A. Benjamin, Weifeng Li, T. Holt, Hsinchun Chen
Cybersecurity is a problem of growing relevance that impacts all facets of society. As a result, many researchers have become interested in studying cybercriminals and online hacker communities in order to develop more effective cyber defenses. In particular, analysis of hacker community contents may reveal existing and emerging threats that pose great risk to individuals, businesses, and government. Thus, we are interested in developing an automated methodology for identifying tangible and verifiable evidence of potential threats within hacker forums, IRC channels, and carding shops. To identify threats, we couple machine learning methodology with information retrieval techniques. Our approach allows us to distill potential threats from the entirety of collected hacker contents. We present several examples of identified threats found through our analysis techniques. Results suggest that hacker communities can be analyzed to aid in cyber threat detection, thus providing promising direction for future work.
{"title":"Exploring threats and vulnerabilities in hacker web: Forums, IRC and carding shops","authors":"Victor A. Benjamin, Weifeng Li, T. Holt, Hsinchun Chen","doi":"10.1109/ISI.2015.7165944","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165944","url":null,"abstract":"Cybersecurity is a problem of growing relevance that impacts all facets of society. As a result, many researchers have become interested in studying cybercriminals and online hacker communities in order to develop more effective cyber defenses. In particular, analysis of hacker community contents may reveal existing and emerging threats that pose great risk to individuals, businesses, and government. Thus, we are interested in developing an automated methodology for identifying tangible and verifiable evidence of potential threats within hacker forums, IRC channels, and carding shops. To identify threats, we couple machine learning methodology with information retrieval techniques. Our approach allows us to distill potential threats from the entirety of collected hacker contents. We present several examples of identified threats found through our analysis techniques. Results suggest that hacker communities can be analyzed to aid in cyber threat detection, thus providing promising direction for future work.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122960990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165939
Wingyan Chung, Saike He, D. Zeng, Victor A. Benjamin
Emotion plays an important role in shaping public policy and business decisions. The growth of social media has allowed people to express their emotion publicly in an unprecedented manner. Textual content and user linkages fostered by social media networks can be used to examine emotion types, intensity, and contagion. However, research into how emotion evolves and entrains in social media that influence security issues is scarce. In this research, we developed an approach to analyzing emotion expressed in political social media. We compared two methods of emotion analysis to identify influential users and to trace their contagion effects on public emotion, and report preliminary findings of analyzing the emotion of 105,304 users who posted 189,012 tweets on the U.S. immigration and border security issues in November 2014. The results provide strong implication for understanding social actions and for collecting social intelligence for security informatics. This research should contribute to helping decision makers and security personnel to use public emotion effectively to develop appropriate strategies.
{"title":"Emotion extraction and entrainment in social media: The case of U.S. immigration and border security","authors":"Wingyan Chung, Saike He, D. Zeng, Victor A. Benjamin","doi":"10.1109/ISI.2015.7165939","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165939","url":null,"abstract":"Emotion plays an important role in shaping public policy and business decisions. The growth of social media has allowed people to express their emotion publicly in an unprecedented manner. Textual content and user linkages fostered by social media networks can be used to examine emotion types, intensity, and contagion. However, research into how emotion evolves and entrains in social media that influence security issues is scarce. In this research, we developed an approach to analyzing emotion expressed in political social media. We compared two methods of emotion analysis to identify influential users and to trace their contagion effects on public emotion, and report preliminary findings of analyzing the emotion of 105,304 users who posted 189,012 tweets on the U.S. immigration and border security issues in November 2014. The results provide strong implication for understanding social actions and for collecting social intelligence for security informatics. This research should contribute to helping decision makers and security personnel to use public emotion effectively to develop appropriate strategies.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123679410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165967
Faisal Quader, V. Janeja, Justin Stauffer
Advanced Persistent Threat (APT) is a complex (Advanced) cyber-attack (Threat) against specific targets over long periods of time (Persistent) carried out by nation states or terrorist groups with highly sophisticated levels of expertise to establish entries into organizations, which are critical to a country's socio-economic status. The key identifier in such persistent threats is that patterns are long term, could be high priority, and occur consistently over a period of time. This paper focuses on identifying persistent threat patterns in network data, particularly data collected from Intrusion Detection Systems. We utilize Association Rule Mining (ARM) to detect persistent threat patterns on network data. We identify potential persistent threat patterns, which are frequent but at the same time unusual as compared with the other frequent patterns.
{"title":"Persistent threat pattern discovery","authors":"Faisal Quader, V. Janeja, Justin Stauffer","doi":"10.1109/ISI.2015.7165967","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165967","url":null,"abstract":"Advanced Persistent Threat (APT) is a complex (Advanced) cyber-attack (Threat) against specific targets over long periods of time (Persistent) carried out by nation states or terrorist groups with highly sophisticated levels of expertise to establish entries into organizations, which are critical to a country's socio-economic status. The key identifier in such persistent threats is that patterns are long term, could be high priority, and occur consistently over a period of time. This paper focuses on identifying persistent threat patterns in network data, particularly data collected from Intrusion Detection Systems. We utilize Association Rule Mining (ARM) to detect persistent threat patterns on network data. We identify potential persistent threat patterns, which are frequent but at the same time unusual as compared with the other frequent patterns.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125558397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165975
L. Deligiannidis
The strength of public key cryptography utilizing Elliptic Curves relies on the difficulty of computing discrete logarithms in a finite field. Other public key cryptographic algorithms, such as RSA, rely on the difficulty of integer factorization. We will describe how we can implement several cryptographic ECC algorithms in java, such as digital signatures, encryption/decryption and key-exchange. We will show implementation details that would help students, practitioners, and researchers implement and experiment with such algorithms.
{"title":"Elliptic curve cryptography in Java","authors":"L. Deligiannidis","doi":"10.1109/ISI.2015.7165975","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165975","url":null,"abstract":"The strength of public key cryptography utilizing Elliptic Curves relies on the difficulty of computing discrete logarithms in a finite field. Other public key cryptographic algorithms, such as RSA, rely on the difficulty of integer factorization. We will describe how we can implement several cryptographic ECC algorithms in java, such as digital signatures, encryption/decryption and key-exchange. We will show implementation details that would help students, practitioners, and researchers implement and experiment with such algorithms.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123955501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165953
Chuan Luo, Xiaolong Zheng, D. Zeng
Revealing underlying social influence among users in social media is critical to understanding how users interact, on which a lot of security intelligence applications can be built. Existing methods fail to take into account the interaction relationships among memes. In this paper, we propose to simultaneously model social influence and meme interaction in information diffusion with novel multidimensional Hawkes processes. Experimental results on both synthetic and real world social media data show the efficacy of the proposed approach.
{"title":"Inferring social influence and meme interaction with Hawkes processes","authors":"Chuan Luo, Xiaolong Zheng, D. Zeng","doi":"10.1109/ISI.2015.7165953","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165953","url":null,"abstract":"Revealing underlying social influence among users in social media is critical to understanding how users interact, on which a lot of security intelligence applications can be built. Existing methods fail to take into account the interaction relationships among memes. In this paper, we propose to simultaneously model social influence and meme interaction in information diffusion with novel multidimensional Hawkes processes. Experimental results on both synthetic and real world social media data show the efficacy of the proposed approach.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129219850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165964
Mohammad Vahidalizadehdizaj, Lixin Tao
According to the advancement of mobile devices and wireless network technology, these portable devices became the potential devices that can be used for different types of payments. Recently, most of the people would rather to do their activities by their cellphones. On the other hand, there are some issues that hamper the widespread acceptance of mobile payment among people. The traditional ways of mobile payment are not secure enough, since they follow the traditional flow of data. This paper is going to suggest a new protocol named Golden Mobile Pay Center Protocol that is based on client centric model. The suggested protocol downgrade the computational operations and communications that are necessary between the engaging parties and achieves a completely privacy protection for the engaging parties. It avoids transaction repudiation among the engaging parties and will decrease replay attack s risk. The goal of the protocol is to help n users to have payments to each others'. Besides, it will utilize a new key agreement protocol named Golden Circle that is working by employing symmetric key operations. GMPCP uses GC for generating a shared session key between n users.
{"title":"A new mobile payment protocol (GMPCP) by using a new key agreement protocol (GC)","authors":"Mohammad Vahidalizadehdizaj, Lixin Tao","doi":"10.1109/ISI.2015.7165964","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165964","url":null,"abstract":"According to the advancement of mobile devices and wireless network technology, these portable devices became the potential devices that can be used for different types of payments. Recently, most of the people would rather to do their activities by their cellphones. On the other hand, there are some issues that hamper the widespread acceptance of mobile payment among people. The traditional ways of mobile payment are not secure enough, since they follow the traditional flow of data. This paper is going to suggest a new protocol named Golden Mobile Pay Center Protocol that is based on client centric model. The suggested protocol downgrade the computational operations and communications that are necessary between the engaging parties and achieves a completely privacy protection for the engaging parties. It avoids transaction repudiation among the engaging parties and will decrease replay attack s risk. The goal of the protocol is to help n users to have payments to each others'. Besides, it will utilize a new key agreement protocol named Golden Circle that is working by employing symmetric key operations. GMPCP uses GC for generating a shared session key between n users.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126826457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165965
Tao Ding, Ahmed Aleroud, George Karabatis
Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.
{"title":"Multi-granular aggregation of network flows for security analysis","authors":"Tao Ding, Ahmed Aleroud, George Karabatis","doi":"10.1109/ISI.2015.7165965","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165965","url":null,"abstract":"Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124991365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165978
Jaejin Jang, I. Jung
An enhanced access control is proposed to address shoulder-surfing attack. This approach prevents the attack using double authentication with password and IoT Devices' identification. It is simple because it does not require users to do something. Nevertheless, it tightens security.
{"title":"An access control resistant to shoulder-surfing","authors":"Jaejin Jang, I. Jung","doi":"10.1109/ISI.2015.7165978","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165978","url":null,"abstract":"An enhanced access control is proposed to address shoulder-surfing attack. This approach prevents the attack using double authentication with password and IoT Devices' identification. It is simple because it does not require users to do something. Nevertheless, it tightens security.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125686912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-05-27DOI: 10.1109/ISI.2015.7165936
Ricardo Guedes, Vasco Furtado, T. Pequeno
In this article we investigate Multi-agent simulation and Multi-objective Evolutionary Algorithms for optimizing resource allocation in Public Safety. We describe a tool that helps Law Enforcement authorities to evaluate, in a controlled environment, different strategies for allocating and dispatching resources, aiming at reducing conflicting goals such as response time, the number of unattended calls and cost of displacement of police cars. This tool is a multi-agent model to represent police cars that lives in a grid in which emergency occurrences appear. A comparison of the strategies for resource dispatch in this environment shows that serving first those calls with low estimated attendance times delivers the best overall performance in terms of waiting time. However this is practically impossible since prioritization of certain crime types is necessary leading to the increase of the waiting time in the queue. Instead of manually trying to identify the best allocation strategy to apply, we have coupled a multi-objective evolutionary algorithm to the simulation model in order to uncover automatically a function to rank the calls in the best order for attendance satisfying multiple and sometimes conflicting goals.
{"title":"Multi-objective evolutionary algorithms and multiagent models for optimizing police dispatch","authors":"Ricardo Guedes, Vasco Furtado, T. Pequeno","doi":"10.1109/ISI.2015.7165936","DOIUrl":"https://doi.org/10.1109/ISI.2015.7165936","url":null,"abstract":"In this article we investigate Multi-agent simulation and Multi-objective Evolutionary Algorithms for optimizing resource allocation in Public Safety. We describe a tool that helps Law Enforcement authorities to evaluate, in a controlled environment, different strategies for allocating and dispatching resources, aiming at reducing conflicting goals such as response time, the number of unattended calls and cost of displacement of police cars. This tool is a multi-agent model to represent police cars that lives in a grid in which emergency occurrences appear. A comparison of the strategies for resource dispatch in this environment shows that serving first those calls with low estimated attendance times delivers the best overall performance in terms of waiting time. However this is practically impossible since prioritization of certain crime types is necessary leading to the increase of the waiting time in the queue. Instead of manually trying to identify the best allocation strategy to apply, we have coupled a multi-objective evolutionary algorithm to the simulation model in order to uncover automatically a function to rank the calls in the best order for attendance satisfying multiple and sometimes conflicting goals.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116603829","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: