No Arabic abstract
Despite the sophisticated phishing email detection systems, and training and awareness programs, humans continue to be tricked by phishing emails. In an attempt to understand why phishing email attacks still work, we have carried out an empirical study to investigate how people make response decisions while reading their emails. We used a think aloud method and follow-up interviews to collect data from 19 participants. The analysis of the collected data has enabled us to identify eleven factors that influence peoples response decisions to both phishing and legitimate emails. Based on the identified factors, we discuss how people can be susceptible to phishing attacks due to the flaws in their decision-making processes. Furthermore, we propose design directions for developing a behavioral plugin for email clients that can be used to nudge peoples secure behaviors enabling them to have a better response to phishing emails.
This paper is an investigation into aspects of an audio classification pipeline that will be appropriate for the monitoring of bird species on edges devices. These aspects include transfer learning, data augmentation and model optimization. The hope is that the resulting models will be good candidates to deploy on edge devices to monitor bird populations. Two classification approaches will be taken into consideration, one which explores the effectiveness of a traditional Deep Neural Network(DNN) and another that makes use of Convolutional layers.This study aims to contribute empirical evidence of the merits and demerits of each approach.
Phishing is one of the most severe cyber-attacks where researchers are interested to find a solution. In phishing, attackers lure end-users and steal their personal in-formation. To minimize the damage caused by phishing must be detected as early as possible. There are various phishing attacks like spear phishing, whaling, vishing, smishing, pharming and so on. There are various phishing detection techniques based on white-list, black-list, content-based, URL-based, visual-similarity and machine-learning. In this paper, we discuss various kinds of phishing attacks, attack vectors and detection techniques for detecting the phishing sites. Performance comparison of 18 different models along with nine different sources of datasets are given. Challenges in phishing detection techniques are also given.
Software systems are increasingly depending on data, particularly with the rising use of machine learning, and developers are looking for new sources of data. Open Data Ecosystems (ODE) is an emerging concept for data sharing under public licenses in software ecosystems, similar to Open Source Software (OSS). It has certain similarities to Open Government Data (OGD), where public agencies share data for innovation and transparency. We aimed to explore open data ecosystems involving commercial actors. Thus, we organized five focus groups with 27 practitioners from 22 companies, public organizations, and research institutes. Based on the outcomes, we surveyed three cases of emerging ODE practice to further understand the concepts and to validate the initial findings. The main outcome is an initial conceptual model of ODEs value, intrinsics, governance, and evolution, and propositions for practice and further research. We found that ODE must be value driven. Regarding the intrinsics of data, we found their type, meta-data, and legal frameworks influential for their openness. We also found the characteristics of ecosystem initiation, organization, data acquisition and openness be differentiating, which we advise research and practice to take into consideration.
A variety of innovative software solutions, addressing product anti-counterfeiting and record provenance of the wider supply chain industry, have been implemented. However, these solutions have been developed with centralized system architecture which could be susceptible to malicious modifications on states of product records and various potential security attacks leading to system failure and downtime. Blockchain technology has been enabling decentralized trust with a network of distributed peer nodes to maintain consistent shared states via a decentralized consensus reached, with which an idea of developing decentralized and reliable solutions has been basing on. A Decentralized NFC-Enabled Anti-Counterfeiting System (dNAS) was therefore proposed and developed, decentralizing a legacy anti-counterfeiting system of supply chain industry utilizing enterprise blockchain protocols and enterprise consortium, to facilitate trustworthy data provenance retrieval, verification and management, as well as strengthening capability of product anti-counterfeiting and traceability in supply chain industry. The adoption of enterprise blockchain protocols and implementations has been surging in supply chain industry given its advantages in scalability, governance and compatibility with existing supply chain systems and networks, but development and adoption of decentralized solutions could also impose additional implications to supply chain integrity, in terms of security, privacy and confidentiality. In this research, an empirical analysis performed against decentralized solutions, including dNAS, summarizes the effectiveness, limitations and future opportunities of developing decentralized solutions built around existing enterprise blockchain protocols and implementations for supply chain anti-counterfeiting and traceability.
Gamification and Serious Games are progressively being used over a host of fields, particularly to support education. Such games provide a new way to engage students with content and can complement more traditional approaches to learning. This article proposes SherLOCKED, a new serious game created in the style of a 2D top-down puzzle adventure. The game is situated in the context of an undergraduate cyber security course, and is used to consolidate students knowledge of foundational security concepts (e.g. the CIA triad, security threats and attacks and risk management). SherLOCKED was built based on a review of existing serious games and a study of common gamification principles. It was subsequently implemented within an undergraduate course, and evaluated with 112 students. We found the game to be an effective, attractive and fun solution for allowing further engagement with content that students were introduced to during lectures. This research lends additional evidence to the use of serious games in supporting learning about cyber security.