Bio: Jasmine Norman is an academic researcher from VIT University. The author has contributed to research in topics: Digital forensics & Authentication. The author has an hindex of 5, co-authored 23 publications receiving 71 citations.
••01 Jan 2019
TL;DR: This paper provides the users and researchers some information regarding forensics and its different domains, anti-forensic techniques, and also an analysis of current status of forensics.
Abstract: Digital forensics also called as computer forensics is a major field that incorporates people regardless of their professions. Digital forensics includes various forensic domains like network forensics, database forensics, mobile forensics, cloud forensics, memory forensics, and data/disk forensics. Recent statistics and analytics show the exponential growth of cyber threats and attacks and thus necessitate the need for forensic experts and forensic researchers for automation process in the cyber world. As digital forensics is directly related to data recovery and data carving, this field struggles with the rapid increase in volume of data. In addition to that, day-to-day increase of malware makes forensic field slacking. This paper provides the users and researchers some information regarding forensics and its different domains, anti-forensic techniques, and also an analysis of current status of forensics.
••01 Nov 2017
TL;DR: The proposed system presents a methodology which facilitates the detection of fraudulent exchanges while they are being processed by means of Behaviour and Locational Analysis(Neural Logic) which considers a cardholder's way of managing money and spending pattern.
Abstract: The most acknowledged payment mode is credit card for both disconnected and online mediums in today's day and age. It facilitates cashless shopping everywhere in the world. It is the most widespread and reasonable approach with regards to web based shopping, paying bills, what's more, performing other related errands. Thus danger of fraud exchanges utilizing credit card has likewise been expanding. In the Current Fraud Detection framework, false exchange is recognized after the transaction is completed. As opposed to the current system, the proposed system presents a methodology which facilitates the detection of fraudulent exchanges while they are being processed, this is achieved by means of Behaviour and Locational Analysis(Neural Logic) which considers a cardholder's way of managing money and spending pattern. A deviation from such a pattern will then lead to the system classifying it as suspicious transaction and will then be handled accordingly.
••01 Jan 2019
TL;DR: This paper analyzes major attacks in cloud and comparison of corresponding prevention methods, which are effective in different platforms along with DDoS attack implementation results.
Abstract: A single name for dynamic scalability and elasticity of resources is nothing but a cloud. Cloud computing is the latest business buzz in the corporate world. The benefits like capital cost reduction, globalization of the workforce, and remote accessibility attract people to introduce their business through the cloud. The nefarious users can scan, exploit, and identify different vulnerabilities and loopholes in the system because of the ease of accessing and acquiring cloud services. Data breaches and cloud service abuse are the top threats identified by Cloud Security Alliance. The major attacks are insider attacks, malware and worm attack, DOS attack, and DDOS attack. This paper analyzes major attacks in cloud and comparison of corresponding prevention methods, which are effective in different platforms along with DDoS attack implementation results.
TL;DR: An overview of different continuous authentication methods is presented along with a discussion on the merits and demerits of the available approaches to ensure the authenticity of the user during their whole login session.
Abstract: There has been significant research in the provision of trustworthy initial login user authentication, however, there is still need for continuous authentication during a user session. Most mobile devices and computer systems authenticate a user only at the initial login session and do not take steps to recognise whether the present user is still the initial authorised user or an imposter pretending to be a valid user. Therefore, a system to check the identity of the user continuously throughout the whole session is necessary. To ensure the authenticity of the user during their whole login session, a continuous user authentication mechanism is required. In this paper, an overview of different continuous authentication methods is presented along with a discussion on the merits and demerits of the available approaches. This paper also discusses the understanding of the emerging necessities and open problems in continuous user authentication system.
••05 Jul 2011
TL;DR: A secure neighbour authentication protocol based on a variant of HB, an authentication protocol for RFID devices is proposed, and simulation results show that the routing protocol SHLAODV is secure and energy efficient.
Abstract: Applications of wireless sensor networks often include sensitive information such as enemy movement on the battlefield or the location of personnel in a building. Lacking security services in the routing protocols, WSNs are vulnerable to many kinds of attacks. A secure routing in WSN must address several challenges: vulnerable wireless communication, highly resource-constrained senor nodes in terms of processing power, storage, and battery life, and the risk of physically captured. However, a few of existing routing protocols for WSNs have been designed with security as a goal. As sensors communicate in a multi-hop fashion, identification of secure neighbours in a mobile topology is critical for routing. Since these devices are resource constrained, we propose a secure neighbour authentication protocol based on a variant of HB, an authentication protocol for RFID devices. Simulation results show that the routing protocol SHLAODV is secure and energy efficient.
TL;DR: The purpose of this paper is to identify and discuss the main issues involved in the complex process of IoT-based investigations, particularly all legal, privacy and cloud security challenges, as well as some promising cross-cutting data reduction and forensics intelligence techniques.
Abstract: Today is the era of the Internet of Things (IoT). The recent advances in hardware and information technology have accelerated the deployment of billions of interconnected, smart and adaptive devices in critical infrastructures like health, transportation, environmental control, and home automation. Transferring data over a network without requiring any kind of human-to-computer or human-to-human interaction, brings reliability and convenience to consumers, but also opens a new world of opportunity for intruders, and introduces a whole set of unique and complicated questions to the field of Digital Forensics. Although IoT data could be a rich source of evidence, forensics professionals cope with diverse problems, starting from the huge variety of IoT devices and non-standard formats, to the multi-tenant cloud infrastructure and the resulting multi-jurisdictional litigations. A further challenge is the end-to-end encryption which represents a trade-off between users’ right to privacy and the success of the forensics investigation. Due to its volatile nature, digital evidence has to be acquired and analyzed using validated tools and techniques that ensure the maintenance of the Chain of Custody. Therefore, the purpose of this paper is to identify and discuss the main issues involved in the complex process of IoT-based investigations, particularly all legal, privacy and cloud security challenges. Furthermore, this work provides an overview of the past and current theoretical models in the digital forensics science. Special attention is paid to frameworks that aim to extract data in a privacy-preserving manner or secure the evidence integrity using decentralized blockchain-based solutions. In addition, the present paper addresses the ongoing Forensics-as-a-Service (FaaS) paradigm, as well as some promising cross-cutting data reduction and forensics intelligence techniques. Finally, several other research trends and open issues are presented, with emphasis on the need for proactive Forensics Readiness strategies and generally agreed-upon standards.
TL;DR: This study proposes a new network forensics framework, called a Particle Deep Framework (PDF), which describes the digital investigation phases for identifying and tracing attack behaviors in IoT networks, and results reveal a high performance of the proposed framework for discovering and tracing cyber-attack events compared with the other techniques.
TL;DR: This article systematically examined various secondary uses of EHR with the aim to highlight how these secondary uses affect patients’ privacy and critically analyzed GDPR & HIPAA regulations.
Abstract: In the present technological era, healthcare providers generate huge amounts of clinical data on a daily basis. Generated clinical data is stored digitally in the form of Electronic Health Record (EHR) as a central data repository of hospitals. Data contained in EHR is not only used for the patients’ primary care but also for various secondary purposes such as clinical research, automated disease surveillance and clinical audits for quality enhancement. Using EHR data for secondary purposes without consent or in some cases even with consent creates privacy issues. Secondly, EHR data is also made accessible to various stakeholders including different government agencies at various geographical sites through wired or wireless networks. Sharing of EHR across multiple agencies makes it vulnerable to cyber attacks and also makes it difficult to implement strict privacy laws as in some cases data is shared with organization that is governed by specific regional law. Privacy of individuals could be severely affected when their sensitive private information contained in EHR is leaked or exposed to the public. Data leaks can cause financial losses or an individual may encounter social boycott if his / her medical condition is exposed in public. To protect patients personal data from such threats, there exists different privacy regulations such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and My Health Record (MHR). However, continually evolving state-of-the-art techniques in Machine Learning (ML), Data Analytics (DA) and hacking are making it even more difficult to completely protect an individual’s/patient’s privacy. In this article, we have systematically examined various secondary uses of EHR with the aim to highlight how these secondary uses affect patients’ privacy. Secondly, we have critically analyzed GDPR & HIPAA regulations and highlighted their possible areas of improvement, considering escalating use of technology and different secondary uses of EHR.
01 Jan 2018
TL;DR: A dense review of up-to-date techniques for fraud detection and credit scoring, a general analysis on the results achieved and upcoming challenges for further researches is provided.
Abstract: Credit risk has been a widespread and deep penetrating problem for centuries, but not until various credit derivatives and products were developed and novel technologies began radically changing the human society, have fraud detection, credit scoring and other risk management systems become so important not only to some specific firms, but to industries and governments worldwide. Frauds and unpredictable defaults cost billions of dollars each year, thus, forcing financial institutions to continuously improve their systems for loss reduction. In the past twenty years, amounts of studies have proposed the use of data mining techniques to detect frauds, score credits and manage risks, but issues such as data selection, algorithm design, and hyperparameter optimization affect the perceived ability of the proposed solutions and it is difficult for auditors and researchers to explore and figure out the highest level of general development in this area. In this survey we focus on a state of the art survey of recently developed data mining techniques for fraud detection and credit scoring. Several outstanding experiments are recorded and highlighted, and the corresponding techniques, which are mostly based on supervised learning algorithms, unsupervised learning algorithms, semisupervised algorithms, ensemble learning, transfer learning, or some hybrid ideas are explained and analysed. The goal of this paper is to provide a dense review of up-to-date techniques for fraud detection and credit scoring, a general analysis on the results achieved and upcoming challenges for further researches.
TL;DR: In this paper, the authors provide a systematic survey of existing literature on multimodal biometric authentication (CMBA) systems, followed by analysis to identify and discuss current research and future trends.
Abstract: Building safeguards against illegitimate access and authentication is a cornerstone for securing systems. Existing user authentication schemes suffer from challenges in detecting impersonation attacks which leave systems vulnerable and susceptible to misuse. A range of research proposals have suggested continuous multimodal biometric authentication (CMBA) systems as a reliable solution. Though contemporary authentication systems have the potential to change their current authentication scheme, there is a lack of critical analysis of current progress in the field to foster and influence practical solutions. This paper provides a systematic survey of existing literature on CMBA systems, followed by analysis to identify and discuss current research and future trends. The study has found that many diverse biometric characteristics are used for multimodal biometric authentication systems. The majority of the studies in the literature reviewed apply supervised learning approaches as a classification technique, and score level fusion is predominantly used as a fusion model. The review has determined however that there is a lack of comparative analysis on CMBA design in terms of combinations of biometric types (behavioural only, physiological only, or both), machine learning algorithms (unsupervised learning and semi-supervised learning), and fusion models. Most of the studies evaluated a CMBA system’s accuracy functionality, such as False Acceptance Rate (FAR), False Rejection Rate (FRR) and Equal Error Rate (EER). However, security, scalability and usability (user acceptance and satisfaction) are generally not addressed thoroughly even though these are key factors for system success in a real deployment. Furthermore, a CMBA system should be implemented and evaluated extensively on real data without restriction to prove that such systems are feasible.