Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356368
Aspen Olmsted
When a database designer needs to model an entity that exists in a domain that does not have a global name authority, the designer must resort to using surrogate identifiers. Traditionally, these entities were referred to as Weak-Entities in Entity-Relationship models. There are many choices available to a database modeler, but each choice comes with sacrifices. This paper documents an experiment that evaluates several of these choices and hypothesizes the best solution from both a performance and a storage perspective. We then apply the suggested best algorithm to a production system and discover tremendous savings in disk space requirements and execution time on certain queries.
{"title":"Entity identity, performance, and storage","authors":"Aspen Olmsted","doi":"10.23919/ICITST.2017.8356368","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356368","url":null,"abstract":"When a database designer needs to model an entity that exists in a domain that does not have a global name authority, the designer must resort to using surrogate identifiers. Traditionally, these entities were referred to as Weak-Entities in Entity-Relationship models. There are many choices available to a database modeler, but each choice comes with sacrifices. This paper documents an experiment that evaluates several of these choices and hypothesizes the best solution from both a performance and a storage perspective. We then apply the suggested best algorithm to a production system and discover tremendous savings in disk space requirements and execution time on certain queries.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130631832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356371
Victor A. Clincy, H. Shahriar
Injection attacks on web services can expose valuable information resources. To protect deployed web services against injection attacks, it is important to have defense techniques. Intrusion Detection Systems (IDS) are popular defense techniques to mitigate network layer attacks. This paper proposes an IDS for mitigating injection attacks on web services. We apply Genetic Algorithm (GA) as part of new attack signature generation for web services. The approach has been applied to a prototype web service and was found effective in generation of new attack signatures.
{"title":"Web service injection attack detection","authors":"Victor A. Clincy, H. Shahriar","doi":"10.23919/ICITST.2017.8356371","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356371","url":null,"abstract":"Injection attacks on web services can expose valuable information resources. To protect deployed web services against injection attacks, it is important to have defense techniques. Intrusion Detection Systems (IDS) are popular defense techniques to mitigate network layer attacks. This paper proposes an IDS for mitigating injection attacks on web services. We apply Genetic Algorithm (GA) as part of new attack signature generation for web services. The approach has been applied to a prototype web service and was found effective in generation of new attack signatures.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130090046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356404
F. Giubilo, Ali Sajjad, M. Shackleton, D. Chadwick, Wenjun Fan, R. Lemos
Increasing numbers of Small and Medium Enterprises (SME) are outsourcing or hosting their services on different Cloud Service Providers (CSP). They are also using different security services from these CSPs such as firewalls, intrusion detection/prevention systems and anti-malware. Although for the SMEs the main purpose of using these security services is to protect their cyber assets, either physical or virtual, from security threats and compromises, a very useful and valuable by-product of these security services is the wealth of Cyber Threat Information (CTI) that is collected over time. However, a common problem faced by SMEs is that they lack the resources and expertise for monitoring, analysing and reacting to any security notifications, alerts or events generated by the security services they have subscribed to. An obvious solution to this problem is that the SMEs outsource this problem to a cloud based service as well, by sharing their CTI with this service and allowing it to analyse the information and generate actionable reports or patches. The more CTI obtained from different SMEs, the better the analysis result. In this paper, we try to address some of the privacy and confidentiality issues that arise as a result of different SMEs sharing their CTI with such a third party analysis service for the aggregate analysis scenario we just described. We present the design and architecture of our solution that aims to allow SMEs to perform policy-based sharing of CTI, while also offering them flexible privacy and confidentiality controls.
{"title":"An architecture for privacy-preserving sharing of CTI with 3rd party analysis services","authors":"F. Giubilo, Ali Sajjad, M. Shackleton, D. Chadwick, Wenjun Fan, R. Lemos","doi":"10.23919/ICITST.2017.8356404","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356404","url":null,"abstract":"Increasing numbers of Small and Medium Enterprises (SME) are outsourcing or hosting their services on different Cloud Service Providers (CSP). They are also using different security services from these CSPs such as firewalls, intrusion detection/prevention systems and anti-malware. Although for the SMEs the main purpose of using these security services is to protect their cyber assets, either physical or virtual, from security threats and compromises, a very useful and valuable by-product of these security services is the wealth of Cyber Threat Information (CTI) that is collected over time. However, a common problem faced by SMEs is that they lack the resources and expertise for monitoring, analysing and reacting to any security notifications, alerts or events generated by the security services they have subscribed to. An obvious solution to this problem is that the SMEs outsource this problem to a cloud based service as well, by sharing their CTI with this service and allowing it to analyse the information and generate actionable reports or patches. The more CTI obtained from different SMEs, the better the analysis result. In this paper, we try to address some of the privacy and confidentiality issues that arise as a result of different SMEs sharing their CTI with such a third party analysis service for the aggregate analysis scenario we just described. We present the design and architecture of our solution that aims to allow SMEs to perform policy-based sharing of CTI, while also offering them flexible privacy and confidentiality controls.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130251316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356458
A. Selçuk, Fatih Orhan, Berker Batur
Malware analysis is a challenging task in the theory as well as the practice of computer science. Many important problems in malware analysis have been shown to be undecidable. These problems include virus detection, detecting unpacking execution, matching malware samples against a set of given templates, and detecting trigger-based behavior. In this paper, we will give a review of the undecidability results in malware analysis and discuss what can be done in practice.
{"title":"Undecidable problems in malware analysis","authors":"A. Selçuk, Fatih Orhan, Berker Batur","doi":"10.23919/ICITST.2017.8356458","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356458","url":null,"abstract":"Malware analysis is a challenging task in the theory as well as the practice of computer science. Many important problems in malware analysis have been shown to be undecidable. These problems include virus detection, detecting unpacking execution, matching malware samples against a set of given templates, and detecting trigger-based behavior. In this paper, we will give a review of the undecidability results in malware analysis and discuss what can be done in practice.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129980884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356426
Preston T. Owens, Aspen Olmsted
With data storage moving further away from locally based storage and into an age of cloud storage, users are going to need their data on the go, and they're going to need it to be fast, and they're going to need it to be accurate. Eventual consistency is the theoretical guarantee that, provided no new updates to an entity are made, all reads of the entity return the last updated value. In this paper, a comparison is made on cloud-based studies to formulate an idea as to how to improve the synchronization of cloud storage systems by first benchmarking the eventual consistency and then utilizing a framework that dynamically learns the characteristics of a storage node so that eventually consistency is achieved quickly.
{"title":"Optimizing synchronization of cloud storage services: Combining benchmark monitoring and learning-based framework","authors":"Preston T. Owens, Aspen Olmsted","doi":"10.23919/ICITST.2017.8356426","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356426","url":null,"abstract":"With data storage moving further away from locally based storage and into an age of cloud storage, users are going to need their data on the go, and they're going to need it to be fast, and they're going to need it to be accurate. Eventual consistency is the theoretical guarantee that, provided no new updates to an entity are made, all reads of the entity return the last updated value. In this paper, a comparison is made on cloud-based studies to formulate an idea as to how to improve the synchronization of cloud storage systems by first benchmarking the eventual consistency and then utilizing a framework that dynamically learns the characteristics of a storage node so that eventually consistency is achieved quickly.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134415473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356455
Michelle G. Cacais, G. Sales
Corporate strategies should contribute to the achievement of the objectives of companies, and, consequently, guarantee their sustainability. In order to keep the employees engaged and committed to their own income, we propose Process Planning and Institutional Evaluation (PIPA), a gamified system that uses the Learning Vector Model for corporate performance evaluation and follow-up of tasks. The system can be applied in entities and companies with the purpose of socializing, motivating or promoting the interaction of users. It was verified through field research, that PIPA improved the performance of the evaluated team and motivated the professionals. The evaluation using the Learning Vector Model helped in the monitoring and the progress of the evaluated ones, since besides accompanying their own income through constant verification and feedback of the supervisors. They also could interact more with the work team.
{"title":"A collaborative system for corporate performance evaluation using gamification and the learning vectors model","authors":"Michelle G. Cacais, G. Sales","doi":"10.23919/ICITST.2017.8356455","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356455","url":null,"abstract":"Corporate strategies should contribute to the achievement of the objectives of companies, and, consequently, guarantee their sustainability. In order to keep the employees engaged and committed to their own income, we propose Process Planning and Institutional Evaluation (PIPA), a gamified system that uses the Learning Vector Model for corporate performance evaluation and follow-up of tasks. The system can be applied in entities and companies with the purpose of socializing, motivating or promoting the interaction of users. It was verified through field research, that PIPA improved the performance of the evaluated team and motivated the professionals. The evaluation using the Learning Vector Model helped in the monitoring and the progress of the evaluated ones, since besides accompanying their own income through constant verification and feedback of the supervisors. They also could interact more with the work team.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133034388","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356460
Anna V. Sandifer, Casey Wilson, Aspen Olmsted
Individuals use online reviews to make decisions about available products and services. In recent years, businesses and the research community have shown a great amount of interest in the identification of fake online reviews. Applying accurate algorithms to detect fake online reviews can protect individuals from spam and misinformation. We gathered filtered and unfiltered online reviews for several hotels in the Charleston area from yelp.com. We extracted part-of-speech features from the data set, applied three classification models, and compared accuracy results to related works.
{"title":"Detection of fake online hotel reviews","authors":"Anna V. Sandifer, Casey Wilson, Aspen Olmsted","doi":"10.23919/ICITST.2017.8356460","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356460","url":null,"abstract":"Individuals use online reviews to make decisions about available products and services. In recent years, businesses and the research community have shown a great amount of interest in the identification of fake online reviews. Applying accurate algorithms to detect fake online reviews can protect individuals from spam and misinformation. We gathered filtered and unfiltered online reviews for several hotels in the Charleston area from yelp.com. We extracted part-of-speech features from the data set, applied three classification models, and compared accuracy results to related works.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"12 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120899508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356340
Marwa Saidi, Houcemeddine Hermassi, Rhouma Rhouma, S. Belghith
This work introduces a novel secret-key spatial steganographic approach based on Hamming codes and LSB embedding. The embedding artifacts are restricted to rich textured zones of the cover image. We exploited the standard deviation measurement to select potential candidate block of pixels to hold the secret message. In the aim of ensuring the security aspect of our proposed method, we use the Skew Tent Map as a random generator to select exploited bits in the embedding procedure. Such a chaotic function shows an efficient performance in terms of randomness and perfect sensibility to slight alteration of the initial condition or the control parameter (sensibility: 10−14). the proposed approach showed an effective resistance to the state-of-art steganalysis attacks.
{"title":"LSB-hamming based chaotic steganography (LH-Steg)","authors":"Marwa Saidi, Houcemeddine Hermassi, Rhouma Rhouma, S. Belghith","doi":"10.23919/ICITST.2017.8356340","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356340","url":null,"abstract":"This work introduces a novel secret-key spatial steganographic approach based on Hamming codes and LSB embedding. The embedding artifacts are restricted to rich textured zones of the cover image. We exploited the standard deviation measurement to select potential candidate block of pixels to hold the secret message. In the aim of ensuring the security aspect of our proposed method, we use the Skew Tent Map as a random generator to select exploited bits in the embedding procedure. Such a chaotic function shows an efficient performance in terms of randomness and perfect sensibility to slight alteration of the initial condition or the control parameter (sensibility: 10−14). the proposed approach showed an effective resistance to the state-of-art steganalysis attacks.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124543649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356382
Casey Wilson, Aspen Olmsted
Successful communication of information via web services can be a complex and error-prone task, in large part due to network complexity between multiple fine-grained web services. This complexity can decrease ease of maintainability and increase inconsistency between the source and target destinations. A single all-encompassing web service that meets all of an organization's needs can be implemented that performs both generic or highly specific tasks. We have created a REST web service in Salesforce that handles multiple objects and performs specific tasks to test the viability of a single web service to meet all of an organization's needs. We found that one web service can be implemented to handle multiple or specific tasks with a single call. We show that as the number of database actions per single request increases so does the efficiency with which each individual action is processed. A reduction in the number of web services coupled with an increase of the functionality of a single web service provides many benefits when compared to multiple smaller web services.
{"title":"Handling an organization's communication needs with a single web service","authors":"Casey Wilson, Aspen Olmsted","doi":"10.23919/ICITST.2017.8356382","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356382","url":null,"abstract":"Successful communication of information via web services can be a complex and error-prone task, in large part due to network complexity between multiple fine-grained web services. This complexity can decrease ease of maintainability and increase inconsistency between the source and target destinations. A single all-encompassing web service that meets all of an organization's needs can be implemented that performs both generic or highly specific tasks. We have created a REST web service in Salesforce that handles multiple objects and performs specific tasks to test the viability of a single web service to meet all of an organization's needs. We found that one web service can be implemented to handle multiple or specific tasks with a single call. We show that as the number of database actions per single request increases so does the efficiency with which each individual action is processed. A reduction in the number of web services coupled with an increase of the functionality of a single web service provides many benefits when compared to multiple smaller web services.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127609948","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-12-01DOI: 10.23919/ICITST.2017.8356453
Khurram Mahmood, Zainab Nayyar, Hafiz Mushtaq
It has been observed from last 16 years that to switch from the manual government processes to Electronic government can put a huge impact in regulating the government processes. The purpose of electronic government is to use Information and communication technologies in government sector, combined with organizational change and new skills to improve government sector service delivery, democratic processes and capacity building to give strength and support the government policies. Previously government servants always work through traditional channels like front desks or telephones to fulfill their requirements. The use of traditional channels was time consuming and was only fulfill the requirements of one user at a time. These consequences lead towards a digital divide dilemma in which people moved far away from the electronic process. This study is based upon filling the gaps between E-Government and digital divide by utilizing the multi-channel services governed by transformational leaders. The study will reveal new ways of switching to electronic government through digital channels. Transformational leadership will influence the adapting phase of this concept. Data gathered through questionnaires has shown that transformational leaders along with digital channels have put a positive effect in switching from manual to electronic government processes. These aspects have increased the transparency, efficiency, accountability and security in government processes.
{"title":"Role of transformational leadership on e-govemment switching: Multi-channel and digital divide","authors":"Khurram Mahmood, Zainab Nayyar, Hafiz Mushtaq","doi":"10.23919/ICITST.2017.8356453","DOIUrl":"https://doi.org/10.23919/ICITST.2017.8356453","url":null,"abstract":"It has been observed from last 16 years that to switch from the manual government processes to Electronic government can put a huge impact in regulating the government processes. The purpose of electronic government is to use Information and communication technologies in government sector, combined with organizational change and new skills to improve government sector service delivery, democratic processes and capacity building to give strength and support the government policies. Previously government servants always work through traditional channels like front desks or telephones to fulfill their requirements. The use of traditional channels was time consuming and was only fulfill the requirements of one user at a time. These consequences lead towards a digital divide dilemma in which people moved far away from the electronic process. This study is based upon filling the gaps between E-Government and digital divide by utilizing the multi-channel services governed by transformational leaders. The study will reveal new ways of switching to electronic government through digital channels. Transformational leadership will influence the adapting phase of this concept. Data gathered through questionnaires has shown that transformational leaders along with digital channels have put a positive effect in switching from manual to electronic government processes. These aspects have increased the transparency, efficiency, accountability and security in government processes.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130813548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: