Phishing threat avoidance behaviour: An empirical investigation

Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This paper reports on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The elements of a game design framework for avoiding phishing attacks were used to address the game design issues. Our mobile game design aimed to enhance the users' avoidance behaviour through motivation to protect themselves against phishing threats. A think-aloud study was conducted, along with a pre- and post-test, to assess the game design framework though the developed mobile game prototype. The study results showed a significant improvement of participants' phishing avoidance behaviour in their post-test assessment. Furthermore, the study findings suggest that participants' threat perception, safeguard effectiveness, self-efficacy, perceived severity and perceived susceptibility elements positively impact threat avoidance behaviour, whereas safeguard cost had a negative impact on it.     

Security awareness of computer users: A phishing threat avoidance perspective

Phishing is an online identity theft, which aims to steal confidential information such as username, password and online banking details from its victims. To prevent this, anti-phishing education needs to be considered. Therefore, the research reported in this paper examines whether conceptual knowledge or procedural knowledge has a positive effect on computer users’ self-efficacy to thwart phishing threats. In order to accomplish this, a theoretical model based on Liang and Xue’s (2010) Technology Threat Avoidance Theory (TTAT) has been proposed and evaluated. Data was collected from 161 regular computer users to elicit their feedback through an online questionnaire. The study findings revealed that the interaction effect of conceptual and procedural knowledge positively impacts on computer users’ self-efficacy, which enhances their phishing threat avoidance behaviour. It can therefore be argued that well-designed end-user security education contributes to thwart phishing threats.     

A game design framework for avoiding phishing attacks

Game based education is becoming more and more popular. This is because game based education provides an opportunity for learning in a natural environment. Phishing is an online identity theft, which attempts to steal sensitive information such as username, password, and online banking details from its victims. To prevent this, phishing awareness needs to be considered. This research aims to develop a game design framework, which enhances user avoidance behaviour through motivation to protect users from phishing attacks. In order to do this, a theoretical model derived from Technology Thread Avoidance Theory (TTAT) was developed and used in the game design framework (Liang & Xue, 2010). A survey study was undertaken with 150 regular computer users to elicit feedback through a questionnaire. The study findings revealed that perceived threat, safeguard effectiveness, safeguard cost, self-efficacy, perceived severity, and perceived susceptibility elements should be addressed in the game design framework for computer users to avoid phishing attacks. Furthermore, we argue that this game design framework can be used not only for preventing phishing attacks but also for preventing other malicious IT attacks such as viruses, malware, botnets and spyware.     

Studying users' computer security behavior: A health belief perspective

The damage due to computer security incidents is motivating organizations to adopt protective mechanisms. While technological controls are necessary, computer security also depends on individual's security behavior. It is thus important to investigate what influences a user to practice computer security. This study uses the Health Belief Model, adapted from the healthcare literature, to study users' computer security behavior. The model was validated using survey data from 134 employees. Results show that perceived susceptibility, perceived benefits, and self-efficacy are determinants of email related security behavior. Perceived severity moderates the effects of perceived benefits, general security orientation, cues to action, and self-efficacy on security behavior.     

A systematic review of machine learning techniques for software fault prediction

BackgroundSoftware fault prediction is the process of developing models that can be used by the software practitioners in the early phases of software development life cycle for detecting faulty constructs such as modules or classes. There are various machine learning techniques used in the past for predicting faults.MethodIn this study we perform a systematic review of studies from January 1991 to October 2013 in the literature that use the machine learning techniques for software fault prediction. We assess the performance capability of the machine learning techniques in existing research for software fault prediction. We also compare the performance of the machine learning techniques with the statistical techniques and other machine learning techniques. Further the strengths and weaknesses of machine learning techniques are summarized.ResultsIn this paper we have identified 64 primary studies and seven categories of the machine learning techniques. The results prove the prediction capability of the machine learning techniques for classifying module/class as fault prone or not fault prone. The models using the machine learning techniques for estimating software fault proneness outperform the traditional statistical models.ConclusionBased on the results obtained from the systematic review, we conclude that the machine learning techniques have the ability for predicting software fault proneness and can be used by software practitioners and researchers. However, the application of the machine learning techniques in software fault prediction is still limited and more number of studies should be carried out in order to obtain well formed and generalizable results. We provide future guidelines to practitioners and researchers based on the results obtained in this work.     

基于XGBoost算法的Webshell检测方法研究

为解决加密型Webshell与非加密型Webshell的代码特征不统一、难以提取的问题,提出一种基于XGBoost算法的Webshell检测方法。首先,对Webshell进行功能分析,发现绝大部分Webshell都具有代码执行、文件操作、数据库操作和压缩与混淆编码等特点,这些特征全面地描述了Webshell的行为。因此,对于非加密型的Webshell,将其主要特征划分为相关函数出现的次数。对于加密型的Webshell,根据代码的静态特性,将文件重合指数、信息熵、最长字符串长度、压缩比4个参数作为其特征。最后,将两种特征统一起来作为Webshell特征,改善了Webshell特征覆盖不全的问题。实验结果表明,所提方法能有效地对两种Webshell进行检测;与传统的单一类型Webshell检测方法相比,该方法提高了Webshell检测的效率与准确率。     

Trust calibration of automated security IT artifacts: A multi-domain study of phishing-website detection tools

Phishing websites become a critical cybersecurity threat affecting individuals and organizations. Phishing-website detection tools are designed to protect users against such sites. Nevertheless, detection tools face serious user trust and suboptimal performance issues which require trust calibration to align trust with the tool’s capabilities. We employ the theoretical framework of automation trust and reliance as a kernel theory to develop the trust calibration model for phishing-website detection tools. We test the model using a controlled lab experiment. The results of our analysis show that users’ trust in detection tools can be calibrated by trust calibrators. Moreover, users’ calibrated trust has significant consequences, including users’ tool reliance, use, and performance against phishing websites.     

A review of recent hidden surface removal techniques

Techniques for the removal of hidden surfaces and/or hidden lines from computer generated pictures have continued to be developed and to be applied in other areas. This review covers much recent work in removal methods and some of the newer applications. A broad classification of the many references is given.     

Acoustic environment as an indicator of social and physical context

Acoustic environments provide many valuable cues for context-aware computing applications. From the acoustic environment we can infer the types of activity, communication modes and other actors involved in the activity. Environmental or background noise can be classified with a high degree of accuracy using recordings from microphones commonly found in PDAs and other consumer devices. We describe an acoustic environment recognition system incorporating an adaptive learning mechanism and its use in a noise tracker. We show how this information is exploited in a mobile context framework. To illustrate our approach we describe a context-aware multimodal weather forecasting service, which accepts spoken or written queries and presents forecast information in several forms, including email, voice and sign languages.

Ergonomic assessment of office worker postures using 3D automated joint angle assessment

Sedentary activity and static postures are associated with work-related musculoskeletal disorders (WMSDs) and worker discomfort. Ergonomic evaluation for office workers is commonly performed by experts using tools such as the Rapid Upper Limb Assessment (RULA), but there is limited evidence suggesting sustained compliance with expert’s recommendations. Assessing postural shifts across a day and identifying poor postures would benefit from automation by means of real-time, continuous feedback. Automated postural assessment methods exist; however, they are usually based on ideal conditions that may restrict users’ postures, clothing, and hair styles, or may require unobstructed views of the participants. Using a Microsoft Kinect camera and open-source computer vision algorithms, we propose an automated ergonomic assessment algorithm to monitor office worker postures, the 3D Automated Joint Angle Assessment, 3D-AJA. The validity of the 3D-AJA was tested by comparing algorithm-calculated joint angles to the angles obtained from manual goniometry and the Kinect Software Development Kit (SDK) for 20 participants in an office space. The results of the assessment show that the 3D-AJA has mean absolute errors ranging from 5.6° ± 5.1° to 8.5° ± 8.1° for shoulder flexion, shoulder abduction, and elbow flexion relative to joint angle measurements from goniometry. Additionally, the 3D-AJA showed relatively good performance on the classification of RULA score A using a Random Forest model (micro averages F1-score = 0.759, G-mean = 0.811), even at high levels of occlusion on the subjects’ lower limbs. The results of the study provide a basis for the development of a full-body ergonomic assessment for office workers, which can support personalized behavior change and help office workers to adjust their postures, thus reducing their risks of WMSDs.     

一种面向响应的网络安全事件分类方法

网络安全事件分类的研究对于应急响应体系建设有着重要的意义。该文首先给出了相关的概念描述,接着说明了分类研究的意义与要求,然后在介绍安全事件相关分类研究的基础上,提出了一种面向应急响应的网络安全事件分类方法,最后指出了进一步工作的方向。     

A comparison of machine learning techniques for customer churn prediction

We present a comparative study on the most popular machine learning methods applied to the challenging problem of customer churning prediction in the telecommunications industry. In the first phase of our experiments, all models were applied and evaluated using cross-validation on a popular, public domain dataset. In the second phase, the performance improvement offered by boosting was studied. In order to determine the most efficient parameter combinations we performed a series of Monte Carlo simulations for each method and for a wide range of parameters. Our results demonstrate clear superiority of the boosted versions of the models against the plain (non-boosted) versions. The best overall classifier was the SVM-POLY using AdaBoost with accuracy of almost 97% and F-measure over 84%.     

Evidential grammars: A compositional approach for scene understanding. Application to multimodal street data

Automatic scene understanding from multimodal data is a key task in the design of fully autonomous vehicles. The theory of belief functions has proved effective for fusing information from several sensors at the superpixel level. Here, we propose a novel framework, called evidential grammars, which extends stochastic grammars by replacing probabilities by belief functions. This framework allows us to fuse local information with prior and contextual information, also modeled as belief functions. The use of belief functions in a compositional model is shown to allow for better representation of the uncertainty on the priors and for greater flexibility of the model. The relevance of our approach is demonstrated on multi-modal traffic scene data from the KITTI benchmark suite.     

A robust analysis of adversarial attacks on federated learning environments

Federated Learning is a growing branch of Artificial Intelligence with the wide usage of mobile computing and IoT technologies. Since this technology uses distributed computing paradigm to do the learning part, most of the participating components are mobile devices and come outside the range of protection offered by a centralized system. As a result, several security issues such as data leakage, communication issues, poisoning, system manipulation via the backdoor, and so on arise with the usage of such a methodology. These sorts of attacks are categorized into various categories concerning their modus operandi. In this study, we review such attacks, namely poisoning attacks, inferencing attacks, their types, and working in a Federated Learning environment in detail. This study will give a precise idea of security issues faced in Federated Machine Learning and possible solutions.     

A Composite Web Service Supporting User Context to Provide an Adapted Remote Control of High Technology Instruments

In this paper, we are aiming at providing a complete, plate-form independent, framework, for the remote control of high technology instruments. This is lead by the idea of sharing resources (instruments in this use-case) between entities, each exploiting of course their own information system. Mainly, to be generic enough to satisfy the corresponding genericity of resources addressed, the sharing must be done under certain constraints, which are security, scalability, authentication, "real time" access, Multi-Platform and Multi-Users access. The purpose of the article is to discuss the possible use of Web services for the skeleton of such a generic framework, with the issue of providing an adapted service to the user depending on the context of utilization (i.e. depending on the role the user is playing in the session). http://www.istase.com/satin/eINST.html.     

A program for machine learning of counting criteria: empirical induction of logic-based classification rules

A program has been developed which derives classification rules from empirical observations and expresses these rules in a knowledge representation format called 'counting criteria'. Decision rules derived in this format are often more comprehensible than rules derived by existing machine learning programs such as AQ11. Use of the program is illustrated by the inference of discrimination criteria for certain types of bacteria based upon their biochemical characteristics. The program may be useful for the conceptual analysis of data and for the automatic generation of prototype knowledge bases for expert systems.     

A methodology for the classification of quality of requirements using machine learning techniques

ContextOne of the most important factors in the development of a software project is the quality of their requirements. Erroneous requirements, if not detected early, may cause many serious problems, such as substantial additional costs, failure to meet the expected objectives and delays in delivery dates. For these reasons, great effort must be devoted in requirements engineering to ensure that the project’s requirements results are of high quality. One of the aims of this discipline is the automatic processing of requirements for assessing their quality; this aim, however, results in a complex task because the quality of requirements depends mostly on the interpretation of experts and the necessities and demands of the project at hand.ObjectiveThe objective of this paper is to assess the quality of requirements automatically, emulating the assessment that a quality expert of a project would assess.MethodThe proposed methodology is based on the idea of learning based on standard metrics that represent the characteristics that an expert takes into consideration when deciding on the good or bad quality of requirements. Using machine learning techniques, a classifier is trained with requirements earlier classified by the expert, which then is used for classifying newly provided requirements.ResultsWe present two approaches to represent the methodology with two situations of the problem in function of the requirement corpus learning balancing, obtaining different results in the accuracy and the efficiency in order to evaluate both representations. The paper demonstrates the reliability of the methodology by presenting a case study with requirements provided by the Requirements Working Group of the INCOSE organization.ConclusionsA methodology that evaluates the quality of requirements written in natural language is presented in order to emulate the quality that the expert would provide for new requirements, with 86.1 of average in the accuracy.     

A statistical recommendation model of mobile services based on contextual evidences

Mobile devices are undergoing great advances in recent years allowing users to access an increasing number of services or personalized applications that can help them select the best restaurant, locate certain shops, choose the best way home or rent the best film. However this great quantity of services does not require the user to find and select those services needed for each specific situation. The classical approaches link some preferences to certain services, include the recommendations given by other users or even include certain fixed rules in order to choose the most appropriate services. However, since these methods assume that user needs can be modelled by fixed rules or preferences, they fail when modelling different users or makes them difficult to train. In this paper we propose a new algorithm that learns from the user’s actions in different contextual situations, which allows to properly infer the most appropriate recommendations for a user in a specific contextual situation. This model, by using of a double knowledge diffusion approach, has been specifically designed to face the inherent lack of learning evidences, computational cost and continuous training requirements and, therefore, overcomes the performance and convergence rates offered by other learning methodologies.