Showing papers in "Computers & Security in 2015"

TL;DR: The results of structural equation modelling (SEM) showed that Information Security Awareness, Information Security Organization Policy, information Security Experience and Involvement, Attitude towards information security, Subjective Norms, Threat Appraisal, and Information Security Self-efficacy have a positive effect on users' behaviour, however, Perceived Behavioural Control does not affect their behaviour significantly.

TL;DR: Attitudinal constructs perceived ease of use and perceived usefulness were linked with behavioral intent, while the relationship between intent and actual use was found to be moderated by conscientiousness and agreeableness.

TL;DR: A novel anomaly detection approach which is a promising basis for modern intrusion detection systems and keeps track of system events, their dependencies and occurrences, and thus learns the normal system behaviour over time and reports all actions that differ from the created system model.

TL;DR: An evaluation of both AutoMal and MaLabel based on medium-scale and large-scale datasets shows AMAL's effectiveness in accurately characterizing, classifying, and grouping malware samples, and several benchmarks, cost estimates and measurements highlight the merits of AMAL.

TL;DR: A conceptual cloud incident handling model is proposed that brings together incident handling, digital forensic and the Capability Maturity Model for Services to more effectively handle incidents for organisations using the cloud.

TL;DR: A deeper static (or dynamic) analysis of the application is needed to improve the robustness of anti-malware systems, and it is claimed that more complex changes to the application executable have proved to be still effective against detection.

TL;DR: The security threats to SDN are discussed according to their effects, i.e., Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, and Elevation of Privilege.

TL;DR: New avenues for information security awareness research with regard to security decision making are opened and practical recommendations for planning and delivering security awareness programs are proposed so as to exploit and alleviate the effect of cognitive and cultural biases on shaping risk perceptions and security behavior.

TL;DR: A new data hiding method which can increase the Steganographic security of a data hiding scheme because it is less detectable by RS detection attack and the steganalytic histogram attack of pixel-value difference is proposed.

TL;DR: The thesis in this mobile app classification work is to advocate the approach of benign property enforcement, i.e., extracting unique behavioral properties from benign programs and designing corresponding classification policies.

TL;DR: This paper uses a logo image to determine the identity consistency between the real and the portrayed identity of a website, and a comparison between the domain name returned by Google with the one from the query website will enable to differentiate a phishing from a legitimate website.

TL;DR: The empirical findings reveal that intention to perform malware avoidance behaviours differed across the contexts, and perceptions of self-efficacy and vulnerability to have different impacts on such intention and other variables in the model.

TL;DR: This paper proposes a Model-based Security Toolkit, which is integrated in a management framework for IoT devices, and supports specification and efficient evaluation of security policies to enable the protection of user data.

TL;DR: A case study of an international financial institution at which ISCA was conducted at four intervals over a period of eight years, across twelve countries, illustrates that the theoretical ISCA tool previously developed can be implemented successfully in organisations to positively influence the information security culture.

TL;DR: There is no widely adopted definition of what cyber warfare is, and the terms cyber war and cyber warfare are not well enough differentiated, so a definition model is presented to help define both cyber warfare and cyber war.

TL;DR: A novel text-based multimodal biometric approach utilizing linguistic analysis, keystroke dynamics and behavioural profiling, designed to provide continuous transparent mobile authentication, is proposed to increase mobile handset security.

TL;DR: A universal taxonomy ofPETs is described where the taxonomy aspects are selected such that they allow the categorization of PETs in different dimensions and properties to cover a wide area of privacy (e.g., user privacy, data privacy).

TL;DR: Existing academic methods for the detection of malicious PDF files are surveyed and an Active Learning framework is outlined and the correlation between structural incompatibility of PDF files and their likelihood of maliciousness is highlighted.

TL;DR: Risks of allowing BYOD balanced by its benefits will be examined and the association between the level of the BYOD Security Framework elements being de facto implemented in organizations and the frequency of security breaches associated with BYOD in those organizations are analyzed to confirm key elements of the framework.

TL;DR: A new framework called MARD is presented, to protect the end points that are often the last defense, against metamorphic malware, and provides automation, platform independence, optimizations for real-time performance and modularity.

TL;DR: The measurement of the user satisfaction with information security practices is a starting point to diagnose the behavior of users in relation to information security, providing metrics to management evaluate the investment in information security training and awareness program.

TL;DR: Evaluation on real data, based on fraud scenarios built in collaboration with domain experts that replicate typical, real-world attacks, shows that the BankSealer approach correctly ranks complex frauds.

TL;DR: An efficient framework for alert correlation in EWSs is proposed, which includes a correlation scheme based on a combination of statistical and stream mining techniques that is efficient enough in detecting known attack scenarios and new attack strategies.

TL;DR: Results indicate that participants' performance differs greatly in terms of category (e.g., type of sender) of emails, and demonstrates that caution should be used when interpreting the results of phishing studies that rely on only a small number of emails and/or emails of limited diversity.

TL;DR: A case study reveals the FAGI approach offers an objective and efficient way to choose a qualified and trusted cloud service and in turn saves CSCs' time, effort, and grief.

TL;DR: In this paper, the authors propose an adversary model for Android covert data exfiltration, and demonstrate how it can be used to construct a mobile data ex-filtration technique (MDET) to covertly exfiltrate data from Android devices.

TL;DR: This article proposes a realistic lightweight authentication protocol for RFID system, which can ensure various imperative security properties such as anonymity of the RFID tag, untraceability, forward security etc.

TL;DR: This analysis reveals that the existing privacy control mechanisms do not protect the flow of personal information effectively and provides remedies for OSN users to mitigate the risk of involuntary information leakage in OSNs.

TL;DR: This paper validate and refine a digital forensic readiness framework through a series of expert focus groups and discusses the critical issues facing practitioners in achievingdigital forensic readiness.

TL;DR: Graph-based approaches to user classification and intrusion detection with practical results and a method for assessing network authentication trust risk and cyber attack mitigation within an enterprise network using bipartite authentication graphs are shown.