Visible to the public Biblio

Filters: Keyword is reflection  [Clear All Filters]
2023-08-25
Delport, Petrus M.J, van Niekerk, Johan, Reid, Rayne.  2022.  Introduction to Information Security: From Formal Curriculum to Organisational Awareness. 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :463–469.
Many organisations responded to the recent global pandemic by moving operations online. This has led to increased exposure to information security-related risks. There is thus an increased need to ensure organisational information security awareness programs are up to date and relevant to the needs of the intended target audience. The advent of online educational providers has similarly placed increased pressure on the formal educational sector to ensure course content is updated to remain relevant. Such processes of academic reflection and review should consider formal curriculum standards and guidelines in order to ensure wide relevance. This paper presents a case study of the review of an Introduction to Information Security course. This review is informed by the Information Security and Assurance knowledge area of the ACM/IEEE Computer Science 2013 curriculum standard. The paper presents lessons learned during this review process to serve as a guide for future reviews of this nature. The authors assert that these lessons learned can also be of value during the review of organisational information security awareness programs.
ISSN: 2768-0657
2023-04-28
Nema, Tesu, Parsai, M. P..  2022.  Reconstruction of Incomplete Image by Radial Sampling. 2022 International Conference on Computer Communication and Informatics (ICCCI). :1–4.
Signals get sampled using Nyquist rate in conventional sampling method, but in compressive sensing the signals sampled below Nyquist rate by randomly taking the signal projections and reconstructing it out of very few estimations. But in case of recovering the image by utilizing compressive measurements with the help of multi-resolution grid where the image has certain region of interest (RoI) that is more important than the rest, it is not efficient. The conventional Cartesian sampling cannot give good result in motion image sensing recovery and is limited to stationary image sensing process. The proposed work gives improved results by using Radial sampling (a type of compression sensing). This paper discusses the approach of Radial sampling along with the application of Sparse Fourier Transform algorithms that helps in reducing acquisition cost and input/output overhead.
ISSN: 2329-7190
2023-01-05
Meziani, Ahlem, Bourouis, Abdelhabib, Chebout, Mohamed Sedik.  2022.  Neutrosophic Data Analytic Hierarchy Process for Multi Criteria Decision Making: Applied to Supply Chain Risk Management. 2022 International Conference on Advanced Aspects of Software Engineering (ICAASE). :1—6.
Today’s Supply Chains (SC) are engulfed in a maelstrom of risks which arise mainly from uncertain, contradictory, and incomplete information. A decision-making process is required in order to detect threats, assess risks, and implements mitigation methods to address these issues. However, Neutrosophic Data Analytic Hierarchy Process (NDAHP) allows for a more realistic reflection of real-world problems while taking into account all factors that lead to effective risk assessment for Multi Criteria Decision-Making (MCDM). The purpose of this paper consists of an implementation of the NDAHP for MCDM aiming to identifying, ranking, prioritizing and analyzing risks without considering SC’ expert opinions. To that end, we proceed, first, for selecting and analyzing the most 23 relevant risk indicators that have a significant impact on the SC considering three criteria: severity, occurrence, and detection. After that, the NDAHP method is implemented and showcased, on the selected risk indicators, throw an illustrative example. Finally, we discuss the usability and effectiveness of the suggested method for the SCRM purposes.
2022-12-20
Albayrak, Cenk, Arslan, Hüseyin, Türk, Kadir.  2022.  Physical Layer Security for Visible Light Communication in the Presence of ISI and NLoS. 2022 IEEE International Conference on Communications Workshops (ICC Workshops). :469–474.
Visible light communication (VLC) is an important alternative and/or complementary technology for next generation indoor wireless broadband communication systems. In order to ensure data security for VLC in public areas, many studies in literature consider physical layer security (PLS). These studies generally neglect the reflections in the VLC channel and assume no inter symbol interference (ISI). However, increasing the data transmission rate causes ISI. In addition, even if the power of the reflections is small compared to the line of sight (LoS) components, it can affect the secrecy rate in a typical indoor VLC system. In this study, we investigate the effects of ISI and reflected channel components on secrecy rate in multiple-input single-output (MISO) VLC scenario utilized null-steering (NS) and artificial noise (AN) PLS techniques.
ISSN: 2694-2941
2022-01-31
Kumaladewi, Nia, Larasati, Inggrit, Jahar, Asep Saepudin, Hasan, Hamka, Zamhari, Arif, Azizy, Jauhar.  2021.  Analysis of User Satisfaction on Website Quality of the Ministry of Agriculture, Directorate General of Food Crops. 2021 9th International Conference on Cyber and IT Service Management (CITSM). :1—7.
A good website quality is needed to meet user satisfaction. The value of the benefits of the web will be felt by many users if the web has very good quality. The ease of accessing the website is a reflection of the good quality of the website. The positive image of the web owner can be seen from the quality of the website. When doing research on the website of the Ministry of Agriculture, Directorate General of Food Crops, the researcher found several pages that did not meet the website category which were said to be of good quality. Based on these findings, the authors are interested in analyzing user satisfaction with the website to measure the quality of the website of the Ministry of Agriculture, Directorate General of Food Crops using the PIECES method (Performance, Information, Economy, Control/Security, Efficiency, Service). The results of the study indicate that the level of user satisfaction with the website has been indicated as SATISFIED on each indicator, however, in measuring the quality of the website using YSlow (the GTMetrix tools, Pingdom Website Speed Tools), and (Web of Trust) WOT found many deficiencies such as loading the website takes a long time, there are some pages that cannot be found (page not found) and so on. Therefore, the authors provide several recommendations for better website development.
2021-12-20
Ren, Yanzhi, Wen, Ping, Liu, Hongbo, Zheng, Zhourong, Chen, Yingying, Huang, Pengcheng, Li, Hongwei.  2021.  Proximity-Echo: Secure Two Factor Authentication Using Active Sound Sensing. IEEE INFOCOM 2021 - IEEE Conference on Computer Communications. :1–10.
The two-factor authentication (2FA) has drawn increasingly attention as the mobile devices become more prevalent. For example, the user's possession of the enrolled phone could be used by the 2FA system as the second proof to protect his/her online accounts. Existing 2FA solutions mainly require some form of user-device interaction, which may severely affect user experience and creates extra burdens to users. In this work, we propose Proximity-Echo, a secure 2FA system utilizing the proximity of a user's enrolled phone and the login device as the second proof without requiring the user's interactions or pre-constructed device fingerprints. The basic idea of Proximity-Echo is to derive location signatures based on acoustic beep signals emitted alternately by both devices and sensing the echoes with microphones, and compare the extracted signatures for proximity detection. Given the received beep signal, our system designs a period selection scheme to identify two sound segments accurately: the chirp period is the sound segment propagating directly from the speaker to the microphone whereas the echo period is the sound segment reflected back by surrounding objects. To achieve an accurate proximity detection, we develop a new energy loss compensation extraction scheme by utilizing the extracted chirp periods to estimate the intrinsic differences of energy loss between microphones of the enrolled phone and the login device. Our proximity detection component then conducts the similarity comparison between the identified two echo periods after the energy loss compensation to effectively determine whether the enrolled phone and the login device are in proximity for 2FA. Our experimental results show that our Proximity-Echo is accurate in providing 2FA and robust to both man-in-the-middle (MiM) and co-located attacks across different scenarios and device models.
2021-11-29
Albó, Laia, Beardsley, Marc, Amarasinghe, Ishari, Hernández-Leo, Davinia.  2020.  Individual versus Computer-Supported Collaborative Self-Explanations: How Do Their Writing Analytics Differ? 2020 IEEE 20th International Conference on Advanced Learning Technologies (ICALT). :132–134.
Researchers have demonstrated the effectiveness of self-explanations (SE) as an instructional practice and study strategy. However, there is a lack of work studying the characteristics of SE responses prompted by collaborative activities. In this paper, we use writing analytics to investigate differences between SE text responses resulting from individual versus collaborative learning activities. A Coh-Metrix analysis suggests that students in the collaborative SE activity demonstrated a higher level of comprehension. Future research should explore how writing analytics can be incorporated into CSCL systems to support student performance of SE activities.
2021-05-05
Cano M, Jeimy J..  2020.  Sandbox: Revindicate failure as the foundation of learning. 2020 IEEE World Conference on Engineering Education (EDUNINE). :1—6.

In an increasingly asymmetric context of both instability and permanent innovation, organizations demand new capacities and learning patterns. In this sense, supervisors have adopted the metaphor of the "sandbox" as a strategy that allows their regulated parties to experiment and test new proposals in order to study them and adjust to the established compliance frameworks. Therefore, the concept of the "sandbox" is of educational interest as a way to revindicate failure as a right in the learning process, allowing students to think, experiment, ask questions and propose ideas outside the known theories, and thus overcome the mechanistic formation rooted in many of the higher education institutions. Consequently, this article proposes the application of this concept for educational institutions as a way of resignifying what students have learned.

2020-12-01
Di, A., Ruisheng, S., Lan, L., Yueming, L..  2019.  On the Large-Scale Traffic DDoS Threat of Space Backbone Network. 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :192—194.

Satellite networks play an important role in realizing the combination of the space networks and ground networks as well as the global coverage of the Internet. However, due to the limitation of bandwidth resource, compared with ground network, space backbone networks are more likely to become victims of DDoS attacks. Therefore, we hypothesize an attack scenario that DDoS attackers make reflection amplification attacks, colluding with terminal devices accessing space backbone network, and exhaust bandwidth resources, resulting in degradation of data transmission and service delivery. Finally, we propose some plain countermeasures to provide solutions for future researchers.

2019-10-02
Garcia, Joshua, Hammad, Mahmoud, Malek, Sam.  2018.  Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware. Proceedings of the 40th International Conference on Software Engineering. :497–497.

The number of malicious Android apps has been and continues to increase rapidly. These malware can damage or alter other files or settings, install additional applications, obfuscate their behaviors, propagate quickly, and so on. To identify and handle such malware, a security analyst can significantly benefit from identifying the family to which a malicious app belongs rather than only detecting if an app is malicious. To address these challenges, we present a novel machine learning-based Android malware detection and family-identification approach, RevealDroid, that operates without the need to perform complex program analyses or extract large sets of features. RevealDroid's selected features leverage categorized Android API usage, reflection-based features, and features from native binaries of apps. We assess RevealDroid for accuracy, efficiency, and obfuscation resilience using a large dataset consisting of more than 54,000 malicious and benign apps. Our experiments show that RevealDroid achieves an accuracy of 98% in detection of malware and an accuracy of 95% in determination of their families. We further demonstrate RevealDroid's superiority against state-of-the-art approaches. [URL of original paper: https://dl.acm.org/citation.cfm?id=3162625]

2019-06-17
Pupo, Angel Luis Scull, Nicolay, Jens, Boix, Elisa Gonzalez.  2018.  GUARDIA: Specification and Enforcement of Javascript Security Policies Without VM Modifications. Proceedings of the 15th International Conference on Managed Languages & Runtimes. :17:1–17:15.
The complex architecture of browser technologies and dynamic characteristics of JavaScript make it difficult to ensure security in client-side web applications. Browser-level security policies alone are not sufficient because it is difficult to apply them correctly and they can be bypassed. As a result, they need to be completed by application-level security policies. In this paper, we survey existing solutions for specifying and enforcing application-level security policies for client-side web applications, and distill a number of desirable features. Based on these features we developed Guardia, a framework for declaratively specifying and dynamically enforcing application-level security policies for JavaScript web applications without requiring VM modifications. We describe Guardia enforcement mechanism by means of JavaScript reflection with respect to three important security properties (transparency, tamper-proofness, and completeness). We also use Guardia to specify and deploy 12 access control policies discussed in related work in three experimental applications that are representative of real-world applications. Our experiments indicate that Guardia is correct, transparent, and tamper-proof, while only incurring a reasonable runtime overhead.
2019-01-21
Cho, S., Chen, G., Chun, H., Coon, J. P., O'Brien, D..  2018.  Impact of multipath reflections on secrecy in VLC systems with randomly located eavesdroppers. 2018 IEEE Wireless Communications and Networking Conference (WCNC). :1–6.
Considering reflected light in physical layer security (PLS) is very important because a small portion of reflected light enables an eavesdropper (ED) to acquire legitimate information. Moreover, it would be a practical strategy for an ED to be located at an outer area of the room, where the reflection light is strong, in order to escape the vigilance of a legitimate user. Therefore, in this paper, we investigate the impact of multipath reflections on PLS in visible light communication in the presence of randomly located eavesdroppers. We apply spatial point processes to characterize randomly distributed EDs. The generalized error in signal-to-noise ratio that occurs when reflections are ignored is defined as a function of the distance between the receiver and the wall. We use this error for quantifying the domain of interest that needs to be considered from the secrecy viewpoint. Furthermore, we investigate how the reflection affects the secrecy outage probability (SOP). It is shown that the effect of the reflection on the SOP can be removed by adjusting the light emitting diode configuration. Monte Carlo simulations and numerical results are given to verify our analysis.
2018-04-02
Khanmohammadi, K., Hamou-Lhadj, A..  2017.  HyDroid: A Hybrid Approach for Generating API Call Traces from Obfuscated Android Applications for Mobile Security. 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS). :168–175.

The growing popularity of Android applications makes them vulnerable to security threats. There exist several studies that focus on the analysis of the behaviour of Android applications to detect the repackaged and malicious ones. These techniques use a variety of features to model the application's behaviour, among which the calls to Android API, made by the application components, are shown to be the most reliable. To generate the APIs that an application calls is not an easy task. This is because most malicious applications are obfuscated and do not come with the source code. This makes the problem of identifying the API methods invoked by an application an interesting research issue. In this paper, we present HyDroid, a hybrid approach that combines static and dynamic analysis to generate API call traces from the execution of an application's services. We focus on services because they contain key characteristics that allure attackers to misuse them. We show that HyDroid can be used to extract API call trace signatures of several malware families.

2017-03-08
Riffi, M. E., Bouzidi, M..  2015.  Discrete cuttlefish optimization algorithm to solve the travelling salesman problem. 2015 Third World Conference on Complex Systems (WCCS). :1–6.

The cuttlefish optimization algorithm is a new combinatorial optimization algorithm in the family of metaheuristics, applied in the continuous domain, and which provides mechanisms for local and global research. This paper presents a new adaptation of this algorithm in the discrete case, solving the famous travelling salesman problem, which is one of the discrete combinatorial optimization problems. This new adaptation proposes a reformulation of the equations to generate solutions depending a different algorithm cases. The experimental results of the proposed algorithm on instances of TSPLib library are compared with the other methods, show the efficiency and quality of this adaptation.