No Arabic abstract
This paper reports on a study aiming to explore factors associated with behavioral intention to follow a social engineering awareness campaign. The objectives of this study were to determine how perceived severity, perceived vulnerability, perceived threat, fear, subjective norm, attitude towards behavior, perceived behavioral control, self-efficacy, response efficacy, trust in authorities, perceived regulation, authorities performance, information sensitivity and privacy concern are associated with individuals behavioral intention to follow a social engineering awareness campaign. The study employed a cross-sectional research design. A survey was conducted among individuals in Slovenia between January and June 2020. A total of 553 respondents completed the survey providing for N=542 useful responses after excluding poorly completed responses (27.9 percent response rate). The survey questionnaire was developed in English. A Slovenian translation of the survey questionnaire is available.
Social media data has been increasingly used to facilitate situational awareness during events and emergencies such as natural disasters. While researchers have investigated several methods to summarize, visualize or mine the data for analysis, first responders have not been able to fully leverage research advancements largely due to the gap between academic research and deployed, functional systems. In this paper, we explore the opportunities and barriers for the effective use of social media data from first responders perspective. We present the summary of several detailed interviews with first responders on their use of social media for situational awareness. We further assess the impact of SMART-a social media visual analytics system-on first responder operations.
This full research paper focuses on skill acquisition in Hardware Reverse Engineering (HRE) - an important field of cyber security. HRE is a prevalent technique routinely employed by security engineers (i) to detect malicious hardware manipulations, (ii) to conduct VLSI failure analysis, (iii) to identify IP infringements, and (iv) to perform competitive analyses. Even though the scientific community and industry have a high demand for HRE experts, there is a lack of educational courses. We developed a university-level HRE course based on general cognitive psychological research on skill acquisition, as research on the acquisition of HRE skills is lacking thus far. To investigate how novices acquire HRE skills in our course, we conducted two studies with students on different levels of prior knowledge. Our results show that cognitive factors (e.g., working memory), and prior experiences (e.g., in symmetric cryptography) influence the acquisition of HRE skills. We conclude by discussing implications for future HRE courses and by outlining ideas for future research that would lead to a more comprehensive understanding of skill acquisition in this important field of cyber security.
Mixed reality (MR) technology development is now gaining momentum due to advances in computer vision, sensor fusion, and realistic display technologies. With most of the research and development focused on delivering the promise of MR, there is only barely a few working on the privacy and security implications of this technology. This survey paper aims to put in to light these risks, and to look into the latest security and privacy work on MR. Specifically, we list and review the different protection approaches that have been proposed to ensure user and data security and privacy in MR. We extend the scope to include work on related technologies such as augmented reality (AR), virtual reality (VR), and human-computer interaction (HCI) as crucial components, if not the origins, of MR, as well as numerous related work from the larger area of mobile devices, wearables, and Internet-of-Things (IoT). We highlight the lack of investigation, implementation, and evaluation of data protection approaches in MR. Further challenges and directions on MR security and privacy are also discussed.
Social media have been growing rapidly and become essential elements of many peoples lives. Meanwhile, social media have also come to be a popular source for identity deception. Many social media identity deception cases have arisen over the past few years. Recent studies have been conducted to prevent and detect identity deception. This survey analyses various identity deception attacks, which can be categorized into fake profile, identity theft and identity cloning. This survey provides a detailed review of social media identity deception detection techniques. It also identifies primary research challenges and issues in the existing detection techniques. This article is expected to benefit both researchers and social media providers.
Insider threats are one of todays most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue that the field can benefit from the proposed structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while leveraging existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of attackers, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an updated overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.