Security Informatics

http://link.springer.com/journal/13388

List of Papers (Total 63)

Semi-supervised learning for detecting human trafficking

Human trafficking is one of the most atrocious crimes and among the challenging problems facing law enforcement which demands attention of global magnitude. In this study, we leverage textual data from the website “Backpage”—used for classified advertisement—to discern potential patterns of human trafficking activities which manifest online and identify advertisements of high...

Analytics for characterising and measuring the naturalness of online personae

IntroductionCurrently 40 % of the world’s population, around 3 billion users, are online using cyberspace for everything from work to pleasure. While there are numerous benefits accompanying this medium, the Internet is not without its perils. In this case study article, we focus specifically on the challenge of fake (or unnatural) online identities, such as those used to defraud...

Detecting obfuscated malware using reduced opcode set and optimised runtime trace

The research presented, investigates the optimal set of operational codes (opcodes) that create a robust indicator of malicious software (malware) and also determines a program’s execution duration for accurate classification of benign and malicious software. The features extracted from the dataset are opcode density histograms, extracted during the program execution. The...

Keeping pace with the creation of new malicious PDF files using an active-learning based detection framework

Attackers increasingly take advantage of naive users who tend to treat non-executable files casually, as if they are benign. Such users often open non-executable files although they can conceal and perform malicious operations. Existing defensive solutions currently used by organizations prevent executable files from entering organizational networks via web browsers or email...

Using augmented reality for supporting information exchange in teams from the security domain

The performance of operational teams in the security domain relies on quick and adequate exchange of context-related information. Currently, this information exchange is mainly based on oral communication. This paper reports on different scenarios from the security domain in which augmented reality (AR) techniques are used to support such information exchange. The scenarios have...

Improved lexicon-based sentiment analysis for social media analytics

Social media channels, such as Facebook or Twitter, allow for people to express their views and opinions about any public topics. Public sentiment related to future events, such as demonstrations or parades, indicate public attitude and therefore may be applied while trying to estimate the level of disruption and disorder during such events. Consequently, sentiment analysis of...

A measurement study of DNSSEC misconfigurations

DNSSEC offers protection against spoofing of DNS data by providing origin authentication, ensuring data integrity and authentication of non-existence by using public-key cryptography. Although the relevance of securing a technology as crucial to the Internet as DNS is obvious, the DNSSEC implementation increases the complexity of the deployed DNS infrastructure, which may result...

Timeprints for identifying social media users with multiple aliases

Many people who discuss sensitive or private issues on social media services are using pseudonyms or aliases in order to not reveal their true identity, while using their usual, non-private accounts when posting messages on less sensitive issues. Previous research has shown that if those individuals post large amounts of user-generated content, stylometric techniques can be used...

A framework of identity resolution: evaluating identity attributes and matching algorithms

Duplicate and false identity records are quite common in identity management systems due to unintentional errors or intentional deceptions. Identity resolution is to uncover identity records that are co-referent to the same real-world individual. In this paper we introduce a framework of identity resolution that covers different identity attributes and matching algorithms. Guided...

Evasion-resistant network scan detection

Popular network scan detection algorithms operate through evaluating external sources for unusual connection patterns and traffic rates. Research has revealed evasive tactics that enable full circumvention of existing approaches (specifically the widely cited Threshold Random Walk algorithm). To prevent use of these circumvention techniques, we propose a novel approach to network...

Emerging issues for education in E-discovery for electronic health records

In order to provide a foundation for education on e-discovery and security in Electronic Health Record (EHR) systems, this paper identifies emerging issues in the area. Based on a detailed literature review it details key categories: Development in EHR, E-discovery policy and strategy, and Security and privacy in EHR and also discusses e-discovery issues in cloud computing and...

Federated databases and actionable intelligence: using social network analysis to disrupt transnational wildlife trafficking criminal networks

Wildlife trafficking, a focus of organized transnational crime syndicates, is a threat to biodiversity. Such crime networks span beyond protected areas holding strongholds of species of interest such as African rhinos. Such networks extend over several countries and hence beyond the jurisdiction of any one law enforcement authority. We show how a federated database can overcome...

Factors influencing network risk judgments: a conceptual inquiry and exploratory analysis

Effectively assessing and configuring security controls to minimize network risks requires human judgment. Little is known about what factors network professionals perceive to make judgments of network risk. The purpose of this research was to examine first, what factors are important to network risk judgments (Study 1) and second, how risky/safe each factor is judged (Study 2...

Modelling the spatial and social dynamics of insurgency

Insurgency emerges from many interactions between numerous social, economical, and geographical factors. Adequately accounting for the large number of potentially relevant interactions, and the complex ways in which they operate, is key to creating valuable models of insurgency. However, this has long been a challenging endeavour, as insurgency imposes specific limitations on the...

Belief manipulation and message meaning for protocol analysis

Agents often try to convince others to hold certain beliefs. In fact, many network security attacks can actually be framed in terms of a dishonest that is trying to get an honest agent to believe some particular, untrue claims. While the study of belief change is an established area of research in Artificial Intelligence, there has been comparatively little exploration of the way...

Language use in the Jihadist magazines inspire and Azan

The language of influence or propaganda has been studied for a century but its predictions (simplification, deceptiveness, manipulation) can now be examined empirically using corpus analytics. Semantic models for intensity of belief and use of gamification as a strategy allow novel aspects of influence to be taken into account as well. We develop a semi-automated approach to...

Bridging the perceptual gap: variations in crime perception of businesses at the neighborhood level

Current research on fear of crime reveals a recurrent theme of disorder in explanations of fear of crime and perceptions of security. This disorder is scalable, ranging from proximal cues associated with specific encounters between people or defined micro locations through to distal feelings of fear about areas, activity nodes, or major pathways. The research presented here...

Security informatics research challenges for mitigating cyber friendly fire

This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly fire (FF). We define cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission effectiveness of friendly or neutral forces. We...

Evaluating text visualization for authorship analysis

Methods and tools to conduct authorship analysis of web contents is of growing interest to researchers and practitioners in various security-focused disciplines, including cybersecurity, counter-terrorism, and other fields in which authorship of text may at times be uncertain or obfuscated. Here we demonstrate an automated approach for authorship analysis of web contents...

Pathways to identity: using visualization to aid law enforcement in identification tasks

The nature of identity has changed dramatically in recent years and has grown in complexity. Identities are defined in multiple domains: biological and psychological elements strongly contribute, but biographical and cyber elements also are necessary to complete the picture. Law enforcement is beginning to adjust to these changes, recognizing identity’s importance in criminal...

"Our Little Secret": pinpointing potential predators

The word “Paedophilia” has come a long way from its Greek origin of child-companionship to a Mental Disorder, Social Taboo and Criminal Offence. Various laws are in place to help control such behaviour, protect the vulnerable and restrain related criminal offences. However, enforcement of such laws has become a significant challenge with the advent of social media creating a new...

Fluency of visualizations: linking spatiotemporal visualizations to improve cybersecurity visual analytics

This paper adopts the metaphor of representational fluency and proposes an auto linking approach to help analysts investigate details of suspicious sections across different cybersecurity visualizations. Analysis of spatiotemporal network security data takes place both conditionally and in sequence. Many visual analytics systems use time series curves to visualize the data from...

Automated deception detection of 911 call transcripts

This study is a successful proof of concept of using automated text analysis to accurately classify transcribed 911 homicide calls according to their veracity. Fifty matched, caller-side transcripts were labeled as truthful or deceptive based on the subsequent adjudication of the cases. We mined the transcripts and analyzed a set of linguistic features supported by deception...