Search results

This study explores challenges facing the applicability of deep learning (DL) in software-defined networks (SDN) based campus networks. The study intensively explains the automation problem that exists in traditional campus networks and how SDN and DL can provide mitigating solutions. It further highlights some challenges which need to be addressed in order to successfully implement SDN and DL in campus networks to make them better than traditional networks.

The study uses a systematic literature review. Studies on DL relevant to campus networks have been presented for different use cases. Their limitations are given out for further research.

Following the analysis of the selected studies, it showed that the availability of specific training datasets for campus networks, SDN and DL interfacing and integration in production networks are key issues that must be addressed to successfully deploy DL in SDN-enabled campus networks.

This study reports on challenges associated with implementation of SDN and DL models in campus networks. It contributes towards further thinking and architecting of proposed SDN-based DL solutions for campus networks. It highlights that single problem-based solutions are harder to implement and unlikely to be adopted in production networks.

The purpose of this paper is to examine social media security risks and existing mitigation techniques in order to gather insights and develop best practices to help organizations address social media security risks more effectively.

This paper begins by reviewing the disparate discussions in literature on social media security risks and mitigation techniques. Based on an extensive review, some key insights were identified and summarized to help organizations more effectively address social media security risks.

Many organizations do not have effective social media security policy in place and are unsure of how to develop effective social media security strategies to mitigate social media security risks. This paper provides guidance to organizations to mitigate social media security risks that may threaten the organizations.

The paper consolidates the fragmented discussion in literature and provides an in‐depth review of social media security risks and mitigation techniques. Practical insights are identified and summarized from an extensive literature review. Sharing these insights has the potential to encourage more discussion on best practices for reducing the risks of social media to organizations.

The purpose of this paper is to propose a web intrusion detection system (IDS), SensorWebIDS, which applies data mining, anomaly and misuse intrusion detection on web environment.

SensorWebIDS has three main components: the network sensor for extracting parameters from real‐time network traffic, the log digger for extracting parameters from web log files and the audit engine for analyzing all web request parameters for intrusion detection. To combat web intrusions like buffer‐over‐flow attack, SensorWebIDS utilizes an algorithm based on standard deviation (δ) theory's empirical rule of 99.7 percent of data lying within 3δ of the mean, to calculate the possible maximum value length of input parameters. Association rule mining technique is employed for mining frequent parameter list and their sequential order to identify intrusions.

Experiments show that proposed system has higher detection rate for web intrusions than SNORT and mod security for such classes of web intrusions like cross‐site scripting, SQL‐Injection, session hijacking, cookie poison, denial of service, buffer overflow, and probes attacks.

Future work may extend the system to detect intrusions implanted with hacking tools and not through straight HTTP requests or intrusions embedded in non‐basic resources like multimedia files and others, track illegal web users with their prior web‐access sequences, implement minimum and maximum values for integer data, and automate the process of pre‐processing training data so that it is clean and free of intrusion for accurate detection results.

Web service security, as a branch of network security, is becoming more important as more business and social activities are moved online to the web.

Existing network IDSs are not directly applicable to web intrusion detection, because these IDSs are mostly sitting on the lower (network/transport) level of network model while web services are running on the higher (application) level. Proposed SensorWebIDS detects XSS and SQL‐Injection attacks through signatures, while other types of attacks are detected using association rule mining and statistics to compute frequent parameter list order and their maximum value lengths.

The purpose of this paper is to introduce a new tool which detects, prevents and records common web attacks that mainly result in web applications information leaking using pattern recognition. It is a cross‐platform application, namely, it is not OS‐dependent or web server dependent. It offers a flexible attacks search engine, which scans http requests and responses during a webpage serving without affecting the web server performance.

The paper starts with a study of the most known web vulnerabilities and the way they can be exploited. Then, it focuses on those web attacks based on input validation, which are the ones the new tool detects through pattern recognition. This tool acts as a proxy server having a simple GUI for administration purposes. Patterns can be detected in both http requests and responses in an extensible and manageable way.

The new tool was compared to dotDefender, a commercial web application firewall, and ModSecurity, a widely used open source application firewall, using over 200 attack patterns. The new tool had satisfying results for every attack category examined having a high percentage of success. Results for stored XSS could not be achieved since the other tools are not able to search and detect them in http responses. The fact that the new tool is very extensible, it makes it possible for future work to be done.

This paper introduces a new web server plug‐in, which has some advanced web application firewall features with a flexible attacks search engine which scans http requests and responses. By scanning http responses, attacks such as stored XSS can be detected, a feature that cannot be found on other web application firewalls.

A cyberattack is an attempt by cybercriminals as individuals or organizations with unauthorized access using one or more computers and computer systems to steal, expose, change, disable or eliminate information, or to breach computer information systems, computer networks, and computer infrastructures. Cyberattackers gain a benefit from victims, which may be criminal such as stealing data or money, or political or personal such as revenge. In cyberattacks, various targets are possible. Some potential targets for businesses include business and customer financial data, customer lists, trade secrets, and login credentials.

Cyberattackers use a variety of methods to gain access to data, including malware such as viruses, worms, and spyware and phishing methods, man-in-the-middle attacks, denial-of-service attacks, SQL injection, zero-day exploit, and DNS tunneling.

Related to cyberattack, the term cyberwarfare is gaining popularity nowadays. Cyberwarfare is the use of cyberattacks by a state or an organization to cause harm as in warfare against another state's or organization's computer information systems, networks, and infrastructures.

Military, civil, and ideological motivations, or hacktivism can be used to launch a cyberwarfare. For these reasons, cyberwarfare may be used to conduct espionage, sabotage, propaganda, and economic disruption.

Considering highly digitalized business processes such as e-mails, digital banking, online conference, and digital manufacturing methods, damage of cyberwarfare to businesses and countries are unavoidable. As a result, developing strategies for defending against cyberattacks and cyberwarfare is critical for businesses. The concepts of cyberattack and cyberwarfare, as well as business strategies to be protected against them will be discussed in this chapter.

A key feature of performance in many professions is that of vigilance, carefully monitoring one’s environment for potential threats. However, some of the characteristics that may make someone successful in such work may also be more likely to make them fail in the long-term as a result of burnout, fatigue, and other symptoms commonly associated with chronic stress. Among these characteristics, neuroticism is particularly relevant. To exert the effort that vigilance work requires, sensitivity to threats, a core aspect of neuroticism, may be necessary. This is evidenced by higher rates of neuroticism in vigilance-related professions such as information technology (IT). However, other aspects of neuroticism could attenuate performance by making individuals more distractible and prone to burnout, withdrawal, and emotional outbursts. Four perspectives provide insight to this neuroticism–vigilance paradox: facet-level analysis, trait activation, necessary conditions, and job characteristics. Across these perspectives, it is expected that too little neuroticism will render employees unable to perform vigilance tasks effectively due to lack of care while too much neuroticism will cause employees to become overwhelmed by work pressures. Contextual and personological moderators of the neuroticism–vigilance relationship are discussed, as well as two behavioral styles expected to manifest from neuroticism that could explain how neuroticism may be associated with either good or bad performance-relevant outcomes.

The purpose of this paper is to identify and investigate the security issues an organisation operating in the “new” online environment is exposed to through Web 2.0 applications, with specific focus on unauthorised access (encompassing hackers). The study aims to recommend possible safeguards to mitigate these incremental risks to an acceptable level.

An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and Related Technology (CobiT) and Trust Service Principles and Criteria and associated control objectives relating to security risks, specifically to hacker risks. These objectives were used to identify relevant risks and formulate appropriate internal control measures.

The findings show that every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program, including a multi‐layer technological, as well as an administrative component, should be implemented. User training on acceptable practices should also be conducted.

Obtaining an understanding of Web 2.0 and Web 2.0 security is important, as Web 2.0 is a new, poorly understood technology and with the growing mobility of users, the potential surface area of attack increases and should be managed. The paper will help organisations, information repository managers, information technology (IT) professionals, librarians and internal and external auditors to understand the “new” risks relating to unauthorised access, which previously did not exist in an on‐line environment, and will assist the development of a framework to limit the most significant risks.

The purpose of this paper is to explore the use of a simulator for teaching programming to foster student engagement and meaningful learning.

An exploratory mixed-method research approach was adopted in a classroom-based environment at a UK university. A rich account of student engagement dimensions (behavioural, affective/emotional, and cognitive) was captured through descriptive and inferential statistical analysis. This was triangulated through reflective and in-depth validation of open-ended questions.

Results show higher behavioural and emotional engagement in simulator-based sessions, but relatively low cognitive engagement when compared with traditional programming sessions. A strong interweaving relationship between these three dimensions is evident in both the traditional and simulator approaches. Therefore, a balanced distribution of the dimensions is recommended for effective planning and delivery of programming sessions.

Student engagement is multidimensional as it includes various internal and external/ecological factors. This study did not consider external factors, such as family and societal influence; it focused on the classroom-based environment.

This study critically examined the use of simulation as a means to foster student engagement in programming sessions. Findings suggest that a balanced activities within the three engagement dimensions can facilitate meaningful learning.

The paper aims to explore the influence of cybersecurity on the semantic orientation of the sports consumers. Focusing on both sport and esports, this study finds the social media factors contributing in the sentiment formation and commenting behavior on Twitter and proposes a scheme for attitude modulation through identification of highly engaged nano-influencers.

Experimental design was used as the research methodology. Data mining from Twitter using RStudio software was conducted using the keyword “cybersecurity” during the time of pandemic. Final corpus of 31,891 tweets were considered for the study. Initial sentiment analysis has been conducted to explore the consumer's emotional inclination towards cybersecurity. Further through generalized equation modeling the impact of social media attributes over the consumer's posting behavior has been analyzed.

The research findings reveal that users are inherently positive towards cybersecurity adoption in sports and the factors such as number of tweets, number of positive words contained in these tweets and the authenticity of the information source boost the pre-established tweeting behavior. However, the influx of information from non-organizational sources such as trending topics and discussions have negative impact over the users.

This study is first to explore the role of nano-influencers as communication moderators over digital social platforms. This study offers a new understanding of key contributing attributes of sentiments formation over social media and offers a scheme of selection of nano-influencers to modulate the pre-established sentiments of the users. Finally, the current study offers valuable insights into social media engagements and selection of nano-influencers for practicing marketing managers.

The purpose of this paper is to propose a generic approach that prevents a specific class of code injection attacks (CIAs) in a novel way.

To defend against CIAs this approach involves detecting attacks by using location‐specific signatures to validate code statements. The signatures are unique identifiers that represent specific characteristics of a statement's execution. The key property that differentiates the scheme presented in this paper is that these characteristics do not depend entirely on the code statement, but also take into account elements from its execution context.

The approach was applied successfully to defend against attacks targeting structured query language (SQL), XML Path Language and JavaScript with positive results.

Despite many countermeasures that have been proposed the number of CIAs has been increasing. Malicious users seem to find new ways to introduce compromised embedded executable code to applications by using a variety of languages and techniques. Hence, a generic approach that defends against such attacks would be a useful countermeasure. This approach can defend attacks that involve both domain‐specific languages (e.g. SQL) and general purpose languages (e.g. JavaScript) and can be used both against client‐side and server‐side attacks.