Showing papers in "Computers & Security in 2016"

TL;DR: This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems and suggests an intuitive scheme for the categorisation of cyber securityrisk assessment methods for SCADA systems.

TL;DR: A novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory.

TL;DR: A comprehensive classification as well as analysis of existing fraud detection literature based on key aspects such as detection algorithm used, fraud type investigated, and performance of the detection methods for specific financial fraud types are presented.

TL;DR: Using PMT, a cross-sectional survey of Amazon Mechanical Turk users was conducted to examine how classical and new PMT factors predicted security intentions, finding that Coping appraisal variables were the strongest predictors of online safety intentions.

TL;DR: A structured overview about the dimensions of cyber security information sharing is provided, motivated in more detail and work out the requirements for an information sharing system, and a critical review of the state of the art is reviewed.

TL;DR: Four scales to measure how risky individuals' behavior is when using IS are proposed and it is shown that there are significant differences within samples and according to the habits of Internet usage.

TL;DR: A taxonomy of security risk assessment drawn from 125 papers published from 1995 to May 2014 is presented and it is believed that this new risk assessment taxonomy helps organizations to not only understand the risk assessment better by comparing different new concepts but also select a suitable way to conduct the risk Assessment properly.

TL;DR: The aim of this paper is to provide some insights and comparative analysis of the current state of the art in the topic area, including data acquisition protocols, feature data representations, decision making techniques, as well as experimental settings and evaluations.

TL;DR: The purpose of this systematic review is to search, collect and classify event studies related to information security impact on stock prices, finding 37 related papers conducting 45 studies found by the systematic search of bibliographic sources.

TL;DR: Detailed social engineering attack templates that are derived from real-world social engineering examples are proposed that can be used for comparative studies of different social engineering models, processes and frameworks and evaluate models for completeness.

TL;DR: The results showed that attitude toward resisting social engineering has the strongest direct association with intention to resist social engineering, while both self-efficacy and normative beliefs showed weak relationships with intention-to-resist social engineering.

TL;DR: The proposed MAACS (Multi-Authority Access Control System), a novel multi-authority attribute-based data access control system for cloud storage, is proposed and an efficient attribute-level user revocation approach with less computation cost is designed.

TL;DR: The main steps of the M SPC approach based on PCA are introduced; related networking literature is reviewed, highlighting some differences with MSPC and drawbacks in their approaches; and specificities and challenges in the application of MSPCs to networking are analyzed.

TL;DR: Two techniques for detecting Android malware are evaluated: the first one is based on Hidden Markov Model, while the second one exploits structural entropy, which have been successfully applied to detect PCs viruses and are also successful for detecting and classifying mobile malware.

TL;DR: A review of the most important face recognition algorithms described in the literature that are invariant to non-idealities and that can be used in ABC e-gates is presented and improvements that could be implemented in the near future in ABC face recognition systems are described.

TL;DR: Examination of how employees become stressed, the factors behind information security stress (ISS), and the differences between managerial and technical security-oriented organizations show that work overload and invasion of privacy areInformation security stressors.

TL;DR: The proposed Lightweight Phish Detector (LPD) is a fast and intelligent antiphishing solution that can run on client browsers for phishing detection and shows that the proposed scheme is very accurate.

TL;DR: The detailed implementation of the proposed multi-factor authentication strategy, along with performance evaluation and user study, has been accomplished to establish its superiority over the existing frameworks.

TL;DR: A new class of cyber-physical attacks named false sequential logic attack is presented, and an approach for modeling the attack is proposed, and simulations are performed in the MATLAB/SIMULINK and the physical effects of attacks are analyzed in details, which are useful for understanding how the false sequential Logic attack can affect the physical system.

TL;DR: This paper proposes an autonomous privacy-preserving authentication scheme, where vehicles only need to contact the TA once; afterward, they can renew their pseudonyms by themselves without communicating with the TA.

TL;DR: It is shown that victims – real accounts whose users have accepted friend requests sent by fakes – form a distinct classification category that is useful for designing robust detection mechanisms and is presented as Integro – a robust and scalable defense system that leverages victim classification to rank most real accounts higher than fakes, so that OSN operators can take actions against low-ranking fake accounts.

TL;DR: The comparative results indicate that the password characteristics and password practice on this massive password data set are somewhat inconsistent with those from anecdotal knowledge and user surveys, and exhibit a substantial change over time in some ways.

TL;DR: It is argued that an information security policy has an entire life cycle through which it must pass during its useful lifetime and the proposed framework outlines the various constructs required in the development and implementation of an effective Information security policy.

TL;DR: Hall's (1959) theory of cultural message streams is used to evaluate disruptions in security culture following a merger of a telecom firm to theorize about security culture formulation during a merger.

TL;DR: A novel approach to detect injection attacks by modeling SQL queries as graph of tokens and using the centrality measure of nodes to train a Support Vector Machine (SVM) is presented.

TL;DR: The findings of the first broad needs analysis survey in cyber forensics in nearly a decade are presented, aimed at obtaining an updated consensus of professional attitudes in order to optimize resource allocation and to prioritize problems and possible solutions more efficiently.

TL;DR: A user-intention based security policy for pinpointing stealthy malware activities based on a triggering relation graph is introduced and results indicate that the dependence analysis successfully detects various malware activities including spyware, data exfiltrating malware, and DNS bots on hosts.

TL;DR: IS security-related mimetic influences have greater impact on senior leaders of SMEs than coercive or normative influences, which may be explained by the absorptive capacity ofSMEs.

TL;DR: Receiver operating characteristic (ROC) curve comparisons with state-of-the-art algorithms illustrate that the proposed hashing has better performances than the compared algorithms in classification between robustness and discrimination.

TL;DR: This paper proposes a feature-rich hybrid anti-malware system, called Andro-Dumpsys, which leverages volatile memory acquisition for accurate malware detection and classification and is capable of responding zero-day threats.