This document describes testing an Android implementation of the Social Engineering Protection Training Tool (SEPTT) which is based on the Social Engineering Attack Detection Model version 2 (SEADMv2). The SEADMv2 was implemented in an Android application to test if it reduces the probability of users falling victim to social engineering attacks. 20 subjects tested the Android app and their responses to social engineering scenarios were analyzed. The results showed the Android implementation of SEADMv2 significantly reduced the number of subjects that fell victim to social engineering attacks in general as well as specific attack types like malicious, bidirectional, and indirect attacks. However, it did not significantly reduce victims of unidirectional attacks or harmless scenarios.
Cyber security is said to be the most concentrated topic as it helps end user to stay away or stay secure from cyber attacks. Cyber security models are crucial.
More...
http://goo.gl/IwhtP2
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
This document summarizes previous work on mitigating privilege-escalation attacks on Android. It discusses how Android's open framework allows applications to potentially gain unauthorized access to data. It reviews common privilege-escalation attacks like confused deputy attacks and inter-app collusion. The document also summarizes existing security extensions that aim to prevent these attacks, but notes limitations in addressing confused deputy and collusion attacks specifically. It proposes extending reference monitoring at the kernel level in addition to the middleware to better prevent these types of attacks.
Abstract From a long time different surveys are carried to get some kind of stats related to particular survey. But these surveys involve lot of manual methods and huge amount of human intervention which sometimes causes delays in the surveys. To make use of our App in Government sector and to reduce the work done manually for different market surveys done by the different Organizations. The main motive of choosing this topic was to make our product work in Android Mobiles. This is a Survey Mobile App basically will be used in public and private sectors of any Organizations. This App is used to reduce the workload of any employee who does his work manually. This app will allow us to make surveys of different type from just one single mobile app .This App will help him to do his work in more convenient manner. Keywords: Marketing, Survey, Android, ASP.NET, Phone Gap, JQuery.
Survey on cloud computing security techniqueseSAT Journals
This document summarizes techniques for ensuring security in cloud computing. It discusses different cloud deployment models and types of threats to cloud security. It then analyzes several intrusion detection and prevention system techniques for providing data security in cloud computing, including proof of retrievability models and cryptographic storage services. It compares the advantages and disadvantages of techniques proposed by Juels, Shacham, Bowers, and Kamara regarding their ability to verify data integrity and availability while tolerating security breaches.
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
Predicting cyberattacks using machine learning has become imperative since cyberattacks have increased exponentially due to the stealthy and sophisticated nature of adversaries. To have situational awareness and achieve defence in depth, using machine learning for threat prediction has become a prerequisite for cyber threat intelligence gathering. Some approaches to mitigating malware attacks include the use of spam filters, firewalls, and IDS/IPS configurations to detect attacks. However, threat actors are deploying adversarial machine learning techniques to exploit vulnerabilities. This paper explores the viability of using machine learning methods to predict malware attacks and build a classifier to automatically detect and label an event as “Has Detection or No Detection”. The purpose is to predict the probability of malware penetration and the extent of manipulation on the network nodes for cyber threat intelligence. To demonstrate the applicability of our work, we use a decision tree (DT) algorithms to learn dataset for evaluation. The dataset was from Microsoft Malware threat prediction website Kaggle. We identify probably cyberattacks on smart grid, use attack scenarios to determine penetrations and manipulations. The results show that ML methods can be applied in smart grid cyber supply chain environment to detect cyberattacks and predict future trends.
This document provides an overview of strategies to defend against malware threats in mobile app ecosystems. It begins with a data flow diagram that maps the flow of data and processes. It then discusses an attacker model and uses STRIDE threat analysis to evaluate spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats. Finally, it proposes five lines of defense: app review using automated and manual analysis, reputation mechanisms based on app history, app revocation, device security features, and walled gardens/jails that restrict apps.
A predictive framework for cyber security analytics using attack graphsIJCNCJournal
Security metrics serve as a powerful tool for organizations to understand the effectiveness of protecting computer networks. However majority of these measurement techniques don’t adequately help corporations to make informed risk management decisions. In this paper we present a stochastic security framework for obtaining quantitative measures of security by taking into account the dynamic attributes associated with vulnerabilities that can change over time. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.
This summarizes a research paper about standardizing source code security audits. The paper proposes assembling literature on security audit techniques to promote standard methodology. It then presents a case study analyzing vulnerabilities in the Apache Traffic Server using two proprietary tools. The study examines potential issues, connects them to a standard taxonomy (CWE), and describes consequences of exploits. The paper concludes by reviewing other security case studies.
Cyber security is said to be the most concentrated topic as it helps end user to stay away or stay secure from cyber attacks. Cyber security models are crucial.
More...
http://goo.gl/IwhtP2
Mitigating Privilege-Escalation Attacks on Android ReportVinoth Kanna
This document summarizes previous work on mitigating privilege-escalation attacks on Android. It discusses how Android's open framework allows applications to potentially gain unauthorized access to data. It reviews common privilege-escalation attacks like confused deputy attacks and inter-app collusion. The document also summarizes existing security extensions that aim to prevent these attacks, but notes limitations in addressing confused deputy and collusion attacks specifically. It proposes extending reference monitoring at the kernel level in addition to the middleware to better prevent these types of attacks.
Abstract From a long time different surveys are carried to get some kind of stats related to particular survey. But these surveys involve lot of manual methods and huge amount of human intervention which sometimes causes delays in the surveys. To make use of our App in Government sector and to reduce the work done manually for different market surveys done by the different Organizations. The main motive of choosing this topic was to make our product work in Android Mobiles. This is a Survey Mobile App basically will be used in public and private sectors of any Organizations. This App is used to reduce the workload of any employee who does his work manually. This app will allow us to make surveys of different type from just one single mobile app .This App will help him to do his work in more convenient manner. Keywords: Marketing, Survey, Android, ASP.NET, Phone Gap, JQuery.
Survey on cloud computing security techniqueseSAT Journals
This document summarizes techniques for ensuring security in cloud computing. It discusses different cloud deployment models and types of threats to cloud security. It then analyzes several intrusion detection and prevention system techniques for providing data security in cloud computing, including proof of retrievability models and cryptographic storage services. It compares the advantages and disadvantages of techniques proposed by Juels, Shacham, Bowers, and Kamara regarding their ability to verify data integrity and availability while tolerating security breaches.
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
Predicting cyberattacks using machine learning has become imperative since cyberattacks have increased exponentially due to the stealthy and sophisticated nature of adversaries. To have situational awareness and achieve defence in depth, using machine learning for threat prediction has become a prerequisite for cyber threat intelligence gathering. Some approaches to mitigating malware attacks include the use of spam filters, firewalls, and IDS/IPS configurations to detect attacks. However, threat actors are deploying adversarial machine learning techniques to exploit vulnerabilities. This paper explores the viability of using machine learning methods to predict malware attacks and build a classifier to automatically detect and label an event as “Has Detection or No Detection”. The purpose is to predict the probability of malware penetration and the extent of manipulation on the network nodes for cyber threat intelligence. To demonstrate the applicability of our work, we use a decision tree (DT) algorithms to learn dataset for evaluation. The dataset was from Microsoft Malware threat prediction website Kaggle. We identify probably cyberattacks on smart grid, use attack scenarios to determine penetrations and manipulations. The results show that ML methods can be applied in smart grid cyber supply chain environment to detect cyberattacks and predict future trends.
This document provides an overview of strategies to defend against malware threats in mobile app ecosystems. It begins with a data flow diagram that maps the flow of data and processes. It then discusses an attacker model and uses STRIDE threat analysis to evaluate spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege threats. Finally, it proposes five lines of defense: app review using automated and manual analysis, reputation mechanisms based on app history, app revocation, device security features, and walled gardens/jails that restrict apps.
A predictive framework for cyber security analytics using attack graphsIJCNCJournal
Security metrics serve as a powerful tool for organizations to understand the effectiveness of protecting computer networks. However majority of these measurement techniques don’t adequately help corporations to make informed risk management decisions. In this paper we present a stochastic security framework for obtaining quantitative measures of security by taking into account the dynamic attributes associated with vulnerabilities that can change over time. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.
This summarizes a research paper about standardizing source code security audits. The paper proposes assembling literature on security audit techniques to promote standard methodology. It then presents a case study analyzing vulnerabilities in the Apache Traffic Server using two proprietary tools. The study examines potential issues, connects them to a standard taxonomy (CWE), and describes consequences of exploits. The paper concludes by reviewing other security case studies.
IRJET- Windows Log Investigator System for Faster Root Cause Detection of a D...IRJET Journal
This document describes a Windows Log Investigator System that was created to help developers more easily detect the root cause of defects. The system uses a log analysis algorithm and backtracking to determine the type of defect and possible solutions. It has a graphical user interface built with C# and WPF to provide an interactive experience for analyzing logs. The system aims to significantly reduce the difficulties faced by developers in solving defects.
Vulnerability scanners a proactive approach to assess web application securityijcsa
With the increasing concern for security in the network, many approaches are laid out that try to protect
the network from unauthorised access. New methods have been adopted in order to find the potential
discrepancies that may damage the network. Most commonly used approach is the vulnerability
assessment. By vulnerability, we mean, the potential flaws in the system that make it prone to the attack.
Assessment of these system vulnerabilities provide a means to identify and develop new strategies so as to
protect the system from the risk of being damaged. This paper focuses on the usage of various vulnerability
scanners and their related methodology to detect the various vulnerabilities available in the web
applications or the remote host across the network and tries to identify new mechanisms that can be
deployed to secure the network.
Security and Privacy Measurements in Social Networks: Experiences and Lessons...FACE
We describe our experience gained while exploring practical security and privacy problems in a real-world, large- scale social network (i.e., Facebook), and summarize our conclu- sions in a series of “lessons learned”. We first conclude that it is better to adequately describe the potential ethical concerns from the very beginning and plan ahead the institutional review board (IRB) request. Even though sometimes optional, the IRB approval is a valuable point from the reviewer’s perspective. Another aspect that needs planning is getting in touch with the online social network security team, which takes a substantial amount of time. With their support, “bending the rules” (e.g., using scrapers) when the experimental goals require so, is easier. Clearly, in cases where critical technical vulnerabilities are found during the research, the general recommendations for responsible disclosure should be followed. Gaining the audience’s engagement and trust was essential to the success of our user study. Participants felt more comfortable when subscribing to our experiments, and also responsibly reported bugs and glitches. We did not observe the same behavior in crowd-sourcing workers, who were instead more interested in obtaining their rewards. On a related point, our experience suggests that crowd sourcing should not be used alone: Setting up tasks is more time consuming than it seems, and researchers must insert some sentinel checks to ensure that workers are not submitting random answers.
From a logistics point of view, we learned that having at least a high-level plan of the experiments pays back, especially when the IRB requires a detailed description of the work and the data to be collected. However, over planning can be dangerous because the measurement goals can change dynamically. From a technical point of view, partially connected to the logistics remarks, having a complex and large data-gathering and analysis framework may be counterproductive in terms of set-up and management overhead. From our experience we suggest to choose simple technologies that scale up if needed but, more importantly, can scale down. For example, launching a quick query should be straightforward, and the frameworks should not impose too much overhead for formulating it. We conclude with a series of practical recommendations on how to successfully collect data from online social networks (e.g., using techniques for network multi presence, mimicking user behavior, and other crawling “tricks”’) and avoid abusing the online service, while gathering the data required by the experiments.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Security has always been a great concern for all software systems due to the increased incursion of the wireless devices in recent years. Generally software engineering processes tries to compel the security measures during the various design phases which results into an inefficient measure. So this calls for a new process of software engineering in which we would try to give a proper framework for integrating the security requirements with the SDLC, and in this requirement engineers must discover all the security requirements related to a particular system, so security requirement could be analyzed and simultaneously prioritized in one go. In this paper we will present a new technique for prioritizing these requirement based on the risk measurement techniques. The true security requirements should be easily identified as early as possible so that these could be systematically analyzed and then every architecture team can choose the most appropriate mechanism to implement them.
IMPLEMENTATION OF RISK ANALYZER MODEL FOR UNDERTAKING THE RISK ANALYSIS OF PR...IJDKP
The model of RISK ANALYZER was implemented as Knowledge-based System for the purpose of undertaking risk analysis for proposed construction projects in a selected domain. The Fuzzy Decision Variables (FDVs) that cause differences between initial and final contract sums of building projects were identified, the likelihood of the occurrence of the risks were determined and a Knowledge-Based System that would rank the risks was constructed using JAVA programming language and Graphic User Interface. The Knowledge-Based System is composed a Knowledge Base for storing data, an Inference Engine for controlling and directing the use of knowledge for problem-solution, and a User Interface that assists the user retrieve, use and alter data in the Knowledge Base. The developed Knowledge-Based System was compiled, implemented and validated with data of previously completed projects. The client could utilize the Knowledge-Based System to undertake proposed building projects
Faces in the Distorting Mirror: Revisiting Photo-based Social AuthenticationFACE
This document summarizes research on revisiting photo-based social authentication. The researchers:
1) Demonstrate a new attack on social authentication that matches photos from challenges to a collection of the victim's photos, which is more effective than face recognition attacks.
2) Conduct a user study showing people can identify friends in photos with unrecognizable faces over 99% of the time, whereas software fails.
3) Design a new social authentication system that selects "medium" photos software cannot recognize but people can, and transforms photos via overlays and perspective changes to block matching attacks while retaining human usability, passing 94.38% of challenges in a preliminary study.
This document summarizes a research paper on anomaly detection using machine learning approaches. It discusses how anomaly detection techniques can be used to detect cyber attacks and malware infections. It proposes using an uphill decision tree algorithm for anomaly detection. The document provides background on anomaly detection and intrusion detection systems. It also reviews previous related work using statistical and machine learning models. Finally, it presents a prototype model for an anomaly detection system that uses an uphill decision tree algorithm to process audit data and detect anomalies by raising alarms.
Application Development Risk Assessment Model Based on Bayesian NetworkTELKOMNIKA JOURNAL
This paper describes a new risk assessment model for application development and its
implementation. The model is developed using a Bayesian network and Boehm’s software risk principles.
The Bayesian network is created after mapping top twenty risks in software projects with interrelationship
digraph of risk area category. The probability of risk on the network is analyzed and validated using both
numerical simulation and subjective probability from several experts in the field and a team of application
developers. After obtaining the Bayesian network model, risk exposure is calculated using Boehm's risk
principles. Finally, the implementation of the proposed model in a government institution is shown as a real
case illustration.
How can we predict vulnerabilities to prevent them from causing data lossesAbhishek BV
This document discusses various approaches to predict software vulnerabilities in order to prevent data losses. It begins by providing background on software vulnerabilities and their impacts. It then evaluates three main approaches: reactive, reliability, and proactive. The document favors the proactive approach, which predicts flaws before they occur. It summarizes three proposed solutions that take a proactive approach: 1) building a prediction model using software characteristics, 2) using source code static analyzers during development, and 3) employing a combination of statistical methods and code metrics throughout the software lifecycle. For each solution, it discusses the methodology, findings, advantages and disadvantages. Overall, the document analyzes different proactive approaches to vulnerability prediction in order to address how vulnerabilities can be
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Cyber threats on software security have been prevailing and have increased exponentially, posing a major challenge on software reliability in the cyber physical systems (CPS) environment. Applying patches after the software has been developed is outdated and a major security flaw. However, this has posed a major software reliability challenge as threat actors are exploiting unpatched and insecure software configuration vulnerabilities that are not identified at the design phase. This paper aims to investigate the SDLC approach to software reliability and quality assurance challenges in CPS security. To demonstrate the applicability of our work, we review existing security requirements engineering concepts and methodologies such as TROPOS, I*, KAOS, Tropos and Secure Tropos to determine their relevance in software security. We consider how the methodologies and function points are used to implement constraints to improve software reliability. Finally, the function points concepts are implemented into the CPS security components. The results show that software security threats in CPS can be addressed by integrating the SRE approach and function point analysis in the development to improve software reliability.
Building a Distributed Secure System on Multi-Agent Platform Depending on the...CSCJournals
Today, applications in mobile multi-agent systems require a high degree of confidence that running code inside the system will not be malicious. Also any malicious agents must be identified and contained. Since the inception of mobile agents, the intruder has been addressed using a multitude of techniques, but many of these implementations have only addressed concerns from the position of either the platform or the agents. Very few approaches have undertaken the problem of mobile agent security from both perspectives simultaneously. Furthermore, no middleware exists to facilitate provisioning of the required security qualities of mobile agent software while extensively focusing on easing the software development burden. The aim is to build a distributed secure system using multi-agents by applying the principles of software engineering. The objectives of this paper is to introduce multi agent systems that enhance security rules through the access right to building a distributed secure system integrating with principles of software engineering system life cycle, as well as satisfy the security access right for both platform and agents to improve the three characteristics of agents adaptively, mobility and flexibility. This project based on the platform of PHP and MYSQL (Database) which can be presented in a website. The implementation and test are applied in both Linux and Windows platforms, including Linux Red Hat 8, Linux Ubuntu 6.06 LTS and Microsoft Windows XP Professional. Since PHP and MySQL are available in almost all operating systems, the result could be tested the platform as long as PHP and MySQL configuration is available. PHP5 and the MySQL (database) software are used to build a secure website. Multiple techniques of security and authentications have been used by multi-agents system. Secure database is encrypted by using md5. Also satisfy the characteristics for security requirements: confidentiality (protection from disclosure to unauthorized persons), integrity (maintaining data consistency) and authentication (assurance of identity of person or originator of data).
Secret Lock – Anti Theft: Integration of App Locker & Detection of Theft Usin...IRJET Journal
This document proposes and evaluates a mobile application called "Secret Lock" that integrates app locking and mobile theft detection using user patterns. The application allows users to add apps for secure access and generates authentication questions during registration based on the user's mobile usage history and patterns. If the mobile is stolen, the app activates sensors like the camera, GPS, and voice recorder to take photos, track the location, and record audio of the thief. This data is then sent to the user via SMS and email to identify and track the stolen device. The system architecture uses support vector machines for user identification, GPS for location tracking, and SMS and email for alerting the user if their device is stolen. The application was tested and found to generate
Network Threat Characterization in Multiple Intrusion Perspectives using Data...IJNSA Journal
For effective security incidence response on the network, a reputable approach must be in place at both protected and unprotected region of the network. This is because compromise in the demilitarized zone could be precursor to threat inside the network. The improved complexity of attacks in present times and vulnerability of system are motivations for this work. Past and present approaches to intrusion detection and prevention have neglected victim and attacker properties despite the fact that for intrusion to occur, an overt act by an attacker and a manifestation, observable by the intended victim, which results from that act are required. Therefore, this paper presents a threat characterization model for attacks from the victim and the attacker perspective of intrusion using data mining technique. The data mining technique combines Frequent Temporal Sequence Association Mining and Fuzzy Logic. Apriori Association Mining algorithm was used to mine temporal rule patterns from alert sequences while Fuzzy Control System was used to rate exploits. The results of the experiment show that accurate threat characterization in multiple intrusion perspectives could be actualized using Fuzzy Association Mining. Also, the results proved that sequence of exploits could be used to rate threat and are motivated by victim properties and attacker objectives.
ONTOLOGY-BASED MODEL FOR SECURITY ASSESSMENT: PREDICTING CYBERATTACKS THROUGH...IJNSA Journal
The prediction of attacks is essential for the prevention of potential risk. Therefore, risk forecasting contributes a lot to the optimization of the information security budget. This article focuses on the ontology and stages of a cyberattack. It introduces the main representatives of the attacking side and describes their motivation.
This document summarizes a research paper that analyzed 103,783 mobile apps to determine the correlation between third-party packages used in apps and security vulnerabilities. The analysis found that 95.26% of apps contained at least one vulnerability, with the top vulnerability affecting over 13,400 apps. A MapReduce algorithm was used to analyze preprocessed app data and determine the probability of vulnerabilities for different packages. The results identified the top 20 most vulnerable packages and percentages of affected apps.
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
This document provides a selective survey of software reliability models. It discusses both static models used in early development stages and dynamic models used later. For static models, it describes a phase-based model and predictive development life cycle model. For dynamic models, it outlines reliability growth models, including binomial, Poisson, and other classes. It also presents a case study of incorporating code changes as a covariate into reliability modeling during testing of a large telecommunications system. The document concludes by advocating for wider use of statistical software reliability models to improve development and testing processes.
The document discusses the key aspects of human resource development (HRD) programs in organizations. It notes that the primary functions of HRD are training and development, organizational development, and career development. It also outlines the typical phases of designing and implementing an HRD program, including assessment of needs, design, implementation, and evaluation. Kirkpatrick's model is discussed as a framework for evaluating HRD programs at different levels, from reaction to learning to job behavior and results.
The document provides comments and suggestions on Massachusetts' proposed solar incentive program. Key points include:
1) Clarification is needed on how net metering rates will impact the viability of standalone vs. behind-the-meter solar and how PPAs would address changes to rates over time.
2) Metering, data reporting and incentive calculation requirements need to be established to accurately track generation from behind-the-meter systems and those with storage.
3) The program could discourage community solar projects if standalone systems receive higher incentives without community benefits.
4) Simpler alternatives like allowing buyers to purchase the incentive value upfront could reduce soft costs for behind-the-meter projects.
El cable par trenzado tiene limitaciones en su capacidad y conducción superficial, lo que impide transmitir más de 1 Mbps. Se compone de hilos de cobre o aluminio trenzados y evita interferencias, pero es vulnerable a seguridad, atenuación y velocidad. Existen diferentes categorías dependiendo de la velocidad de transmisión soportada.
Fixed prosthodontics problems and solutions وائل يونس
This document discusses common problems that can occur with dental impressions and stone models, and their potential causes and solutions. It describes issues such as voids, tears or pulls in impressions that could result in poor fitting restorations. Specific problems covered include inhibited or slow setting impressions, lack of detail, voids or tears at margins, facial-lingual pulls, tray-tooth contact, delamination, poor bonding to trays, and discrepancies in stone models. For each problem, potential causes such as expiration, contamination, inadequate technique, or material incompatibility are identified along with recommended solutions.
Case study about developing a new digital brand online. Assignment undertaken by Salford Business School MSc Digital Marketing students: Katrina Winstanley, Lucie Apampa, Fianna Hornby, Namitha Muthukrishan and Ayse Guemueshan. This was was completed as part of their Search and Social Media Marketing module.
IRJET- Windows Log Investigator System for Faster Root Cause Detection of a D...IRJET Journal
This document describes a Windows Log Investigator System that was created to help developers more easily detect the root cause of defects. The system uses a log analysis algorithm and backtracking to determine the type of defect and possible solutions. It has a graphical user interface built with C# and WPF to provide an interactive experience for analyzing logs. The system aims to significantly reduce the difficulties faced by developers in solving defects.
Vulnerability scanners a proactive approach to assess web application securityijcsa
With the increasing concern for security in the network, many approaches are laid out that try to protect
the network from unauthorised access. New methods have been adopted in order to find the potential
discrepancies that may damage the network. Most commonly used approach is the vulnerability
assessment. By vulnerability, we mean, the potential flaws in the system that make it prone to the attack.
Assessment of these system vulnerabilities provide a means to identify and develop new strategies so as to
protect the system from the risk of being damaged. This paper focuses on the usage of various vulnerability
scanners and their related methodology to detect the various vulnerabilities available in the web
applications or the remote host across the network and tries to identify new mechanisms that can be
deployed to secure the network.
Security and Privacy Measurements in Social Networks: Experiences and Lessons...FACE
We describe our experience gained while exploring practical security and privacy problems in a real-world, large- scale social network (i.e., Facebook), and summarize our conclu- sions in a series of “lessons learned”. We first conclude that it is better to adequately describe the potential ethical concerns from the very beginning and plan ahead the institutional review board (IRB) request. Even though sometimes optional, the IRB approval is a valuable point from the reviewer’s perspective. Another aspect that needs planning is getting in touch with the online social network security team, which takes a substantial amount of time. With their support, “bending the rules” (e.g., using scrapers) when the experimental goals require so, is easier. Clearly, in cases where critical technical vulnerabilities are found during the research, the general recommendations for responsible disclosure should be followed. Gaining the audience’s engagement and trust was essential to the success of our user study. Participants felt more comfortable when subscribing to our experiments, and also responsibly reported bugs and glitches. We did not observe the same behavior in crowd-sourcing workers, who were instead more interested in obtaining their rewards. On a related point, our experience suggests that crowd sourcing should not be used alone: Setting up tasks is more time consuming than it seems, and researchers must insert some sentinel checks to ensure that workers are not submitting random answers.
From a logistics point of view, we learned that having at least a high-level plan of the experiments pays back, especially when the IRB requires a detailed description of the work and the data to be collected. However, over planning can be dangerous because the measurement goals can change dynamically. From a technical point of view, partially connected to the logistics remarks, having a complex and large data-gathering and analysis framework may be counterproductive in terms of set-up and management overhead. From our experience we suggest to choose simple technologies that scale up if needed but, more importantly, can scale down. For example, launching a quick query should be straightforward, and the frameworks should not impose too much overhead for formulating it. We conclude with a series of practical recommendations on how to successfully collect data from online social networks (e.g., using techniques for network multi presence, mimicking user behavior, and other crawling “tricks”’) and avoid abusing the online service, while gathering the data required by the experiments.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Security has always been a great concern for all software systems due to the increased incursion of the wireless devices in recent years. Generally software engineering processes tries to compel the security measures during the various design phases which results into an inefficient measure. So this calls for a new process of software engineering in which we would try to give a proper framework for integrating the security requirements with the SDLC, and in this requirement engineers must discover all the security requirements related to a particular system, so security requirement could be analyzed and simultaneously prioritized in one go. In this paper we will present a new technique for prioritizing these requirement based on the risk measurement techniques. The true security requirements should be easily identified as early as possible so that these could be systematically analyzed and then every architecture team can choose the most appropriate mechanism to implement them.
IMPLEMENTATION OF RISK ANALYZER MODEL FOR UNDERTAKING THE RISK ANALYSIS OF PR...IJDKP
The model of RISK ANALYZER was implemented as Knowledge-based System for the purpose of undertaking risk analysis for proposed construction projects in a selected domain. The Fuzzy Decision Variables (FDVs) that cause differences between initial and final contract sums of building projects were identified, the likelihood of the occurrence of the risks were determined and a Knowledge-Based System that would rank the risks was constructed using JAVA programming language and Graphic User Interface. The Knowledge-Based System is composed a Knowledge Base for storing data, an Inference Engine for controlling and directing the use of knowledge for problem-solution, and a User Interface that assists the user retrieve, use and alter data in the Knowledge Base. The developed Knowledge-Based System was compiled, implemented and validated with data of previously completed projects. The client could utilize the Knowledge-Based System to undertake proposed building projects
Faces in the Distorting Mirror: Revisiting Photo-based Social AuthenticationFACE
This document summarizes research on revisiting photo-based social authentication. The researchers:
1) Demonstrate a new attack on social authentication that matches photos from challenges to a collection of the victim's photos, which is more effective than face recognition attacks.
2) Conduct a user study showing people can identify friends in photos with unrecognizable faces over 99% of the time, whereas software fails.
3) Design a new social authentication system that selects "medium" photos software cannot recognize but people can, and transforms photos via overlays and perspective changes to block matching attacks while retaining human usability, passing 94.38% of challenges in a preliminary study.
This document summarizes a research paper on anomaly detection using machine learning approaches. It discusses how anomaly detection techniques can be used to detect cyber attacks and malware infections. It proposes using an uphill decision tree algorithm for anomaly detection. The document provides background on anomaly detection and intrusion detection systems. It also reviews previous related work using statistical and machine learning models. Finally, it presents a prototype model for an anomaly detection system that uses an uphill decision tree algorithm to process audit data and detect anomalies by raising alarms.
Application Development Risk Assessment Model Based on Bayesian NetworkTELKOMNIKA JOURNAL
This paper describes a new risk assessment model for application development and its
implementation. The model is developed using a Bayesian network and Boehm’s software risk principles.
The Bayesian network is created after mapping top twenty risks in software projects with interrelationship
digraph of risk area category. The probability of risk on the network is analyzed and validated using both
numerical simulation and subjective probability from several experts in the field and a team of application
developers. After obtaining the Bayesian network model, risk exposure is calculated using Boehm's risk
principles. Finally, the implementation of the proposed model in a government institution is shown as a real
case illustration.
How can we predict vulnerabilities to prevent them from causing data lossesAbhishek BV
This document discusses various approaches to predict software vulnerabilities in order to prevent data losses. It begins by providing background on software vulnerabilities and their impacts. It then evaluates three main approaches: reactive, reliability, and proactive. The document favors the proactive approach, which predicts flaws before they occur. It summarizes three proposed solutions that take a proactive approach: 1) building a prediction model using software characteristics, 2) using source code static analyzers during development, and 3) employing a combination of statistical methods and code metrics throughout the software lifecycle. For each solution, it discusses the methodology, findings, advantages and disadvantages. Overall, the document analyzes different proactive approaches to vulnerability prediction in order to address how vulnerabilities can be
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Cyber threats on software security have been prevailing and have increased exponentially, posing a major challenge on software reliability in the cyber physical systems (CPS) environment. Applying patches after the software has been developed is outdated and a major security flaw. However, this has posed a major software reliability challenge as threat actors are exploiting unpatched and insecure software configuration vulnerabilities that are not identified at the design phase. This paper aims to investigate the SDLC approach to software reliability and quality assurance challenges in CPS security. To demonstrate the applicability of our work, we review existing security requirements engineering concepts and methodologies such as TROPOS, I*, KAOS, Tropos and Secure Tropos to determine their relevance in software security. We consider how the methodologies and function points are used to implement constraints to improve software reliability. Finally, the function points concepts are implemented into the CPS security components. The results show that software security threats in CPS can be addressed by integrating the SRE approach and function point analysis in the development to improve software reliability.
Building a Distributed Secure System on Multi-Agent Platform Depending on the...CSCJournals
Today, applications in mobile multi-agent systems require a high degree of confidence that running code inside the system will not be malicious. Also any malicious agents must be identified and contained. Since the inception of mobile agents, the intruder has been addressed using a multitude of techniques, but many of these implementations have only addressed concerns from the position of either the platform or the agents. Very few approaches have undertaken the problem of mobile agent security from both perspectives simultaneously. Furthermore, no middleware exists to facilitate provisioning of the required security qualities of mobile agent software while extensively focusing on easing the software development burden. The aim is to build a distributed secure system using multi-agents by applying the principles of software engineering. The objectives of this paper is to introduce multi agent systems that enhance security rules through the access right to building a distributed secure system integrating with principles of software engineering system life cycle, as well as satisfy the security access right for both platform and agents to improve the three characteristics of agents adaptively, mobility and flexibility. This project based on the platform of PHP and MYSQL (Database) which can be presented in a website. The implementation and test are applied in both Linux and Windows platforms, including Linux Red Hat 8, Linux Ubuntu 6.06 LTS and Microsoft Windows XP Professional. Since PHP and MySQL are available in almost all operating systems, the result could be tested the platform as long as PHP and MySQL configuration is available. PHP5 and the MySQL (database) software are used to build a secure website. Multiple techniques of security and authentications have been used by multi-agents system. Secure database is encrypted by using md5. Also satisfy the characteristics for security requirements: confidentiality (protection from disclosure to unauthorized persons), integrity (maintaining data consistency) and authentication (assurance of identity of person or originator of data).
Secret Lock – Anti Theft: Integration of App Locker & Detection of Theft Usin...IRJET Journal
This document proposes and evaluates a mobile application called "Secret Lock" that integrates app locking and mobile theft detection using user patterns. The application allows users to add apps for secure access and generates authentication questions during registration based on the user's mobile usage history and patterns. If the mobile is stolen, the app activates sensors like the camera, GPS, and voice recorder to take photos, track the location, and record audio of the thief. This data is then sent to the user via SMS and email to identify and track the stolen device. The system architecture uses support vector machines for user identification, GPS for location tracking, and SMS and email for alerting the user if their device is stolen. The application was tested and found to generate
Network Threat Characterization in Multiple Intrusion Perspectives using Data...IJNSA Journal
For effective security incidence response on the network, a reputable approach must be in place at both protected and unprotected region of the network. This is because compromise in the demilitarized zone could be precursor to threat inside the network. The improved complexity of attacks in present times and vulnerability of system are motivations for this work. Past and present approaches to intrusion detection and prevention have neglected victim and attacker properties despite the fact that for intrusion to occur, an overt act by an attacker and a manifestation, observable by the intended victim, which results from that act are required. Therefore, this paper presents a threat characterization model for attacks from the victim and the attacker perspective of intrusion using data mining technique. The data mining technique combines Frequent Temporal Sequence Association Mining and Fuzzy Logic. Apriori Association Mining algorithm was used to mine temporal rule patterns from alert sequences while Fuzzy Control System was used to rate exploits. The results of the experiment show that accurate threat characterization in multiple intrusion perspectives could be actualized using Fuzzy Association Mining. Also, the results proved that sequence of exploits could be used to rate threat and are motivated by victim properties and attacker objectives.
ONTOLOGY-BASED MODEL FOR SECURITY ASSESSMENT: PREDICTING CYBERATTACKS THROUGH...IJNSA Journal
The prediction of attacks is essential for the prevention of potential risk. Therefore, risk forecasting contributes a lot to the optimization of the information security budget. This article focuses on the ontology and stages of a cyberattack. It introduces the main representatives of the attacking side and describes their motivation.
This document summarizes a research paper that analyzed 103,783 mobile apps to determine the correlation between third-party packages used in apps and security vulnerabilities. The analysis found that 95.26% of apps contained at least one vulnerability, with the top vulnerability affecting over 13,400 apps. A MapReduce algorithm was used to analyze preprocessed app data and determine the probability of vulnerabilities for different packages. The results identified the top 20 most vulnerable packages and percentages of affected apps.
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
This document provides a selective survey of software reliability models. It discusses both static models used in early development stages and dynamic models used later. For static models, it describes a phase-based model and predictive development life cycle model. For dynamic models, it outlines reliability growth models, including binomial, Poisson, and other classes. It also presents a case study of incorporating code changes as a covariate into reliability modeling during testing of a large telecommunications system. The document concludes by advocating for wider use of statistical software reliability models to improve development and testing processes.
The document discusses the key aspects of human resource development (HRD) programs in organizations. It notes that the primary functions of HRD are training and development, organizational development, and career development. It also outlines the typical phases of designing and implementing an HRD program, including assessment of needs, design, implementation, and evaluation. Kirkpatrick's model is discussed as a framework for evaluating HRD programs at different levels, from reaction to learning to job behavior and results.
The document provides comments and suggestions on Massachusetts' proposed solar incentive program. Key points include:
1) Clarification is needed on how net metering rates will impact the viability of standalone vs. behind-the-meter solar and how PPAs would address changes to rates over time.
2) Metering, data reporting and incentive calculation requirements need to be established to accurately track generation from behind-the-meter systems and those with storage.
3) The program could discourage community solar projects if standalone systems receive higher incentives without community benefits.
4) Simpler alternatives like allowing buyers to purchase the incentive value upfront could reduce soft costs for behind-the-meter projects.
El cable par trenzado tiene limitaciones en su capacidad y conducción superficial, lo que impide transmitir más de 1 Mbps. Se compone de hilos de cobre o aluminio trenzados y evita interferencias, pero es vulnerable a seguridad, atenuación y velocidad. Existen diferentes categorías dependiendo de la velocidad de transmisión soportada.
Fixed prosthodontics problems and solutions وائل يونس
This document discusses common problems that can occur with dental impressions and stone models, and their potential causes and solutions. It describes issues such as voids, tears or pulls in impressions that could result in poor fitting restorations. Specific problems covered include inhibited or slow setting impressions, lack of detail, voids or tears at margins, facial-lingual pulls, tray-tooth contact, delamination, poor bonding to trays, and discrepancies in stone models. For each problem, potential causes such as expiration, contamination, inadequate technique, or material incompatibility are identified along with recommended solutions.
Case study about developing a new digital brand online. Assignment undertaken by Salford Business School MSc Digital Marketing students: Katrina Winstanley, Lucie Apampa, Fianna Hornby, Namitha Muthukrishan and Ayse Guemueshan. This was was completed as part of their Search and Social Media Marketing module.
El documento analiza la Ley de Impuestos sobre Cigarrillos y Manufacturas de Tabaco, reformada en 2014 mediante decreto. La reforma grava los cigarrillos, tabacos y derivados del tabaco importados o de producción nacional destinados al consumo en el país. Además, la alícuota del impuesto se fijó en 70% del precio de venta al público con el fin de desincentivar el consumo y recaudar fondos. No obstante, a pesar de los esfuerzos legislativos, la decisión final de consumir o no depende
Esta tabla muestra datos estadísticos acumulados de diferentes edades, incluidas las tasas de acumulación decimal y el total acumulado. Los números parecen ser datos financieros o de inversión a lo largo del tiempo.
The document summarizes key aspects of the integumentary system, including the skin and its layers, hair, nails, and other accessory structures. It describes the three main layers of the skin - the epidermis, dermis, and hypodermis - and provides details on the layers within the epidermis including the stratum basale, stratum spinosum, stratum granulosum, stratum lucidum, and stratum corneum. It also discusses hair structure, growth cycles, color, nails, glands, and other topics.
The document discusses the cardiovascular system and the heart. It describes the heart as a muscular pump located in the chest cavity that circulates blood through two circuits - the pulmonary and systemic circuits. The heart has four chambers, valves to ensure one-way blood flow, and a conduction system to coordinate contractions. It discusses the cardiac cycle, heart sounds, cardiac output, and factors that influence pumping like preload and afterload. An electrocardiogram is described as a tool to monitor the heart's electrical activity.
The respiratory system functions to provide oxygen to tissues and remove carbon dioxide through gas exchange that occurs in the alveoli of the lungs. It includes both conducting zones that transport air, and respiratory zones involved in gas exchange. Key structures are the nasal cavity, pharynx, larynx, trachea, bronchi, lungs, and pleurae. Breathing occurs through changes in pressure between the atmosphere and lungs, driven by the diaphragm and intercostal muscles, with inspiration occurring when the thoracic cavity volume increases and expiration when it decreases.
This document is a project report that evaluates the effectiveness of training and development programs conducted by the FICCI Ladies' Organisation (FLO). The report contains an introduction that outlines the importance of training and development in improving employee performance. It then lists the objectives of the study, which are to evaluate the effectiveness of FLO's training programs and determine if they help improve participants' job skills and approaches. The methodology, results and conclusions of the study are then presented across various chapters with citations and annexures.
This document provides an overview of Coal India Limited (CIL), the largest coal mining company in the world. It details that CIL operates mines across India and produces over 80% of the country's coal. CIL's performance is evaluated annually through a Memorandum of Understanding signed with the government of India. The company aims to sustainably meet India's growing energy needs while pursuing corporate social responsibility initiatives in local communities and minimizing environmental impacts. CIL employs over 300,000 people and manages various subsidiaries and training institutes. It aims to continue improving production through investments in mining technology and pursuing coal asset acquisitions abroad to address India's future coal demand-supply gap.
Permission based malware detection by using k means algorithm in Android OSBRNSSPublicationHubI
The document discusses a permission-based method for detecting malware in Android apps using k-means clustering. It extracts permission data from app manifest files, compares it to a database of malicious permissions, and uses k-means to classify apps as benign or malicious based on their permission ratios. The method was able to accurately detect malware in popular apps like WhatsApp and Facebook by identifying suspicious high levels of permissions for activities like SMS/call access.
Review on mobile threats and detection techniquesijdpsjournal
Since last-decade, smart-phones have gained widespread usage. Mobile devices store personal details
such as contacts and text messages. Due to this extensive growth, smart-phones are attracted towards
cyber-criminals. In this research work, we have done a systematic review of the terms related to malware
detection algorithms and have also summarized behavioral description of some known mobile malwares
in tabular form. After careful solicitation of all the possible methods and algorithms for detection of
mobile-based malwares, we give some recommendations for designing future malware detection algorithm
by considering computational complexity and detection ration of mobile malwares.
Exploratory Data Analysis and Feature Selection for Social Media Hackers Pred...CSEIJJournal
In machine learning, the intelligence of a developed model is greatly influenced by the dataset used for the
target domain on which the developed model will be deployed. Social media platform has experienced
more of hackers’ attacks on the platform in recent time. To identify a hacker on the platform, there are two
possible ways. The first is to use the activities of the user while the second is to use the supplied details the
user registered the account with. To adequately identify a social media user as hacker proactively, there
are relevant user details called features that can be used to determine whether a social media user is a
hacker or not. In this paper, an exploratory data analysis was carried out to determine the best features
that can be used by a predictive model to proactively identify hackers on the social media platform. A web
crawler was developed to mine the user dataset on which exploratory data analysis was carried out to
select the best features for the dataset which could be used to correctly identify a hacker on a social media
platform.
EXPLORATORY DATA ANALYSIS AND FEATURE SELECTION FOR SOCIAL MEDIA HACKERS PRED...CSEIJJournal
In machine learning, the intelligence of a developed model is greatly influenced by the dataset used for the
target domain on which the developed model will be deployed. Social media platform has experienced
more of hackers’ attacks on the platform in recent time. To identify a hacker on the platform, there are two
possible ways. The first is to use the activities of the user while the second is to use the supplied details the
user registered the account with. To adequately identify a social media user as hacker proactively, there
are relevant user details called features that can be used to determine whether a social media user is a
hacker or not. In this paper, an exploratory data analysis was carried out to determine the best features
that can be used by a predictive model to proactively identify hackers on the social media platform. A web
crawler was developed to mine the user dataset on which exploratory data analysis was carried out to
select the best features for the dataset which could be used to correctly identify a hacker on a social media
platform.
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...IJNSA Journal
This document provides a summary of a literature review on social engineering defense mechanisms and information security policies. It discusses previous research on social engineering attacks and defenses. It also describes a taxonomy of social engineering targets and defenses developed by the authors. Surveys were conducted to measure employee awareness of defenses and the incorporation of information security policies in organizations. The results found over half of employees were unaware of social engineering and organizations only incorporated about 50% of recommended security policies on average. This highlights the need for better education and policies to protect against social engineering attacks.
Intrusion Detection System using Self Organizing Map: A SurveyIJERA Editor
Due to usage of computer every field, Network Security is the major concerned in today’s scenario. Every year the number of users and speed of network is increasing, along with it online fraud or security threats are also increasing. Every day a new attack is generated to harm the system or network. It is necessary to protect the system or networks from various threats by using Intrusion Detection System which can detect “known” as well as “unknown” attack and generate alerts if any unusual behavior in the traffic. There are various approaches for IDS, but in this paper, survey is focused on IDS using Self Organizing Map. SOM is unsupervised, fast conversion and automatic clustering algorithm which is able to handle novelty detection. The main objective of the survey is to find and address the current challenges of SOM. Our survey shows that the existing IDS based on SOM have poor detection rate for U2R and R2L attacks. To improve it, proper normalization technique should be used. During the survey we also found that HSOM and GHSOM are advance model of SOM which have their own unique feature for better performance of IDS. GHSOM is efficient due to its low computation time. This survey is beneficial to design and develop efficient SOM based IDS having less computation time and better detection rate.
A Systematic Review of Android Malware Detection TechniquesCSCJournals
Malware detection is a significant key to Android application security. Malwares threat to Android users is increasing day by day. End users need security because they use mobile device to communicate information. Therefore, developing malware detection and control technology should be a priority. This research has extensively explored various state of the art techniques and mechanisms to detect malwares in Android applications by systematic literature review. It categorized the current researches into static, dynamic and hybrid approaches. This research work identifies the limitation and strength current research work. According to the restrictions of current malware detection technologies, it can conclude that detection technologies that use statistical analysis consume more time, energy and resources as compare to machine learning techniques. The results obtained from this research work reinforce the assertion that detection approaches designed for Android malware do not produce 100% efficient detection accuracy.
Machine learning approach to anomaly detection in cyber securityIAEME Publication
The document discusses using machine learning approaches for anomaly detection in cyber security, specifically for detecting spamming attacks. It proposes using an uphill decision tree algorithm to classify emails as legitimate or spam based on analyzing various semantics or components of the emails. A case study is presented that analyzes spam infection rates on top websites and countries from 2012 data. The uphill decision tree approach aims to more accurately detect anomalies and threats compared to traditional signature-based detection methods.
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
Computers are crucial instruments providing a competitive edge to organizations that have adopted them. Their pervasive presence has presented a novel challenge to information security, specifically threats emanating from privileged employees. Various solutions have been tried to address the vice, but no exhaustive solution has been found. Due to their elusive nature, proactive strategies have been proposed of which detection using Machine Learning models has been favoured. The choice of algorithm, datasets and metrics are cornerstones of model performance and hence, need to be addressed. Although multiple studies on ML for insider threat detection have been done, none has provided a comprehensive analysis of algorithms, datasets and metrics for development of Insider Threat Detection models. This study conducts a comprehensive systematic literature review using reputable databases to answer the research questions posed. Search strings, inclusion and exclusion criteria were set for eligibility of articles published in the last decade.
Taxonomy mobile malware threats and detection techniquescsandit
Since last-decade, smart-phones have gained widespr
ead usage. Mobile devices store personal
details such as contacts and text messages. Due to
this extensive growth, smart-phones are
attracted towards cyber-criminals. In this research
work, we have done a systematic review of
the terms related to malware detection algorithms
and have also summarized behavioral
description of some known mobile malwares in tabula
r form. After careful solicitation of all the
possible methods and algorithms for detection of m
obile-based malwares, we give some
recommendations for designing future malware detect
ion algorithm by considering
computational complexity and detection ration of m
obile malwares.
This document presents a case study on face spoof detection. It discusses various types of spoofing attacks against facial recognition systems, including photo, video, and mask attacks. It also reviews literature on existing face spoof detection methods, which include approaches based on face motion analysis, texture analysis, 3D depth analysis, image quality analysis, and frequency domain analysis. The document also describes several popular datasets used to evaluate face spoof detection techniques, such as the NUAA Photo Imposter Database, Replay-Attack Database, and CASIA Face Anti-spoofing Database. The goal of the case study is to provide an overview of spoofing attacks and evaluate existing countermeasures for visual light face recognition systems.
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...IRJET Journal
This document discusses adversarial machine learning challenges and countermeasures in cybersecurity. It begins by introducing the topic of adversarial machine learning and its threats to cybersecurity systems that incorporate machine learning models. It then reviews related literature on adversarial attacks against machine learning systems. The document explores different types of adversarial attacks, such as evasion attacks and poisoning attacks, and provides real-world examples. It also discusses the motivations and goals of adversaries launching these attacks. Finally, it delves into common attack algorithms and methods used to generate adversarial examples.
Android-manifest extraction and labeling method for malware compilation and d...IJECEIAES
Malware is a nuisance for smartphone users. The impact is detrimental to smartphone users if the smartphone is infected by malware. Malware identification is not an easy process for ordinary users due to its deeply concealed dangers in application package kit (APK) files available in the Android Play Store. In this paper, the challenges of creating malware datasets are discussed. Long before a malware classification process and model can be built, the need for datasets with representative features for most types of malwares has to be addressed systematically. Only after a quality data set is available can a quality classification model be obtained using machine learning (ML) or deep learning (DL) algorithms. The entire malware classification process is a full pipeline process and sub processes. The authors purposefully focus on the process of building quality malware datasets, not on ML itself, because implementing ML requires another effort after the reliable dataset is fully built. The overall step in creating the malware dataset starts with the extraction of the Android Manifest from the APK file set and ends with the labeling method for all the extracted APK files. The key contribution of this paper is on how to generate datasets systematically from any APK file.
The document describes DroidEcho, a framework for analyzing Android applications for malicious behaviors. It includes:
1. Abstract models for capturing the semantics of various Android attacks such as privacy leakage, service abuse, and content tampering.
2. A technique called the inter-component communication graph (ICCG) to comprehensively represent Android apps and facilitate attack detection. The ICCG models methods, functions, and communication between components.
3. The system design of DroidEcho which uses static and dynamic analysis. It constructs an ICCG, detects attacks by matching behaviors to abstract models, and confirms attacks dynamically to reduce false positives.
IRJET- A Review on Several Vulnerabilities Detection Techniques in Androi...IRJET Journal
This document reviews techniques for detecting vulnerabilities in Android mobile devices. It discusses how Android has become the most popular and widely used mobile platform, but also the most targeted by attackers due to security issues. The document categorizes and analyzes different features and analysis methods that can be used for detecting mobile vulnerabilities, including static features from app files, dynamic features from system/network behavior, and static, dynamic, and hybrid analysis techniques. It provides examples of previous works that have used these features and methods to detect malware and vulnerabilities in Android.
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
This document summarizes a research paper that conducted a critical review of contemporary social engineering solutions, measures, policies, tools, and applications. Through a systematic review of recent studies, the analysis identified that providing training for employees to understand social engineering risks and how to avoid attacks is important for protection. Key measures identified include awareness programs, training non-technical staff, implementing new security networks and protocols, and using software to address social engineering threats. The review examined 30 studies on measures, policies and tools adopted by organizations and found that education, training, and awareness programs are effective at enhancing employee behavior and defenses against social engineering.
A Lightweight Method for Detecting Cyber Attacks in High-traffic Large Networ...IJCNCJournal
Protecting information systems is a difficult and long-term task. The size and traffic intensity of computer networks are diverse and no one protection solution is universal for all cases. A certain solution protects well in the campus network, but it is unlikely to protect well in the service provider's network. A key component of a cyber defence system is a network attack detector. This component needs to be designed to have a good way to scale detection capabilities with network size and traffic intensity beyond the size and intensity of a campus network. From this point of view, this paper aims to build a network attack detection method suitable for the scale of large and high-traffic networks based on machine learning models using clustering techniques and our proposed detection technique. The detection technique is different from outlier detection commonly used in clustering-based anomaly detection applications. The method was evaluated in cases using different feature extraction methods and different clustering algorithms. Experimental results on the NSL-KDD data set are positive with a detection accuracy of over 97%.
A LIGHTWEIGHT METHOD FOR DETECTING CYBER ATTACKS IN HIGH-TRAFFIC LARGE NETWOR...IJCNCJournal
The document proposes a lightweight method for detecting cyberattacks in high-traffic large networks based on clustering techniques. The method clusters network traffic data using algorithms like K-means and DBSCAN. It extracts features from the data using methods like Risk-based Acquisition and Attribute Ratio before clustering. The clusters are then analyzed to detect anomalous clusters that may indicate attacks. This detection technique can scale to large, high-traffic networks by processing data in batches and distributing the workload of analyzing clusters across multiple parallel processes. The method was evaluated on the NSL-KDD dataset and achieved over 97% detection accuracy.
Similar to Testing an Android Implementation of the Social Engineering Protection Training Tool (20)
A LIGHTWEIGHT METHOD FOR DETECTING CYBER ATTACKS IN HIGH-TRAFFIC LARGE NETWOR...
Testing an Android Implementation of the Social Engineering Protection Training Tool
1. Testing an Android Implementation of the Social
Engineering Protection Training Tool
Marcel Teixeira
Department of Computer Science
University of Cape Town
marceltex@gmail.com
ABSTRACT
As the nature of information stored digitally becomes more
important and confidential, the security of the systems put
in place to protect this information needs to be increased.
The human element, however, remains a vulnerability of the
system and it is this vulnerability that social engineers at-
tempt to exploit. The Social Engineering Attack Detection
Model version 2 (SEADMv2) has been proposed to help peo-
ple identify malicious social engineering attacks. Prior to
this study, the SEADMv2 had not been implemented as a
user friendly application or tested with real subjects. This
paper describes how the SEADMv2 was implemented as an
Android application. This Android application was tested
on 20 subjects, to determine whether it reduces the probabil-
ity of a subject falling victim to a social engineering attack
or not. The results indicated that the Android implemen-
tation of the SEADMv2 significantly reduced the number of
subjects that fell victim to social engineering attacks. The
Android application also significantly reduced the number
of subjects that fell victim to malicious social engineering
attacks, bidirectional communication social engineering at-
tacks and indirect communication social engineering attacks.
The Android application did not have a statistically signifi-
cant effect on harmless scenarios and unidirectional commu-
nication social engineering attacks.
Keywords
Android, Social engineering, Social Engineering Attack De-
tection Model, Social Engineering Attack Framework
1. INTRODUCTION
Social engineering refers to various techniques that are
utilised to obtain information through the exploitation of
human vulnerability in order to bypass security systems [10].
Social engineers exploit the helping and trusting nature that
most humans inherently have. Social engineers also prey on
the fact that most people never expect to be a victim of
social engineering and are rather careless at times [11].
This thesis was completed as part of a Bachelor of Science Honours degree in
Computer Science at the University of Cape Town in 2016. The Android appli-
cation developed for this research was published to the Google Play Store and
can be accessed at https://play.google.com/store/apps/details?id=za.co.
social engineer.www.socialengineer. All source code for this project was made
available on a public git repository and can be accessed at https://github.com/
marceltex/Social-Engineer. Raw data obtained from the experiment performed
can be accessed at http://www.social-engineer.co.za/data.
ACM ISBN 978-1-4503-2138-9.
DOI: 10.1145/1235
Successful social engineering attacks have proven to be
extremely expensive. In the UK, for example, it is esti-
mated that identity theft1
related crimes cost the UK econ-
omy around 1.2 billion pounds in 2009 [16]. Losses from
phishing2
were around 23.2 million pounds in 2005. This
is almost double the amount lost due to phishing in 2004,
which was 12.2 million pounds [16]. In 2004, the US Depart-
ment of Justice concluded that one in three people are likely
to become a victim of social engineering in their lifetime
[18]. Therefore, it is essential that an effective social engi-
neering protection tool be implemented, tested and made
available to the public to save individuals and corporations
from losing millions.
There are limited techniques available to detect social en-
gineering attacks. Some of the detection mechanisms, that
have been proposed, assist the user to identify whether they
are the victim of a social engineering attack or not, while
other mechanisms use an automated system to detect social
engineering attacks. The Social Engineering Attack Detec-
tion Model version 2 (SEADMv2), proposed by Mouton et
al., [12] is the most prominent social engineering attack de-
tection mechanism and therefore it was used for this study.
The SEADMv2 achieves detection of social engineering at-
tacks by using a series of states that require a user to pro-
vide yes/no answers for each question in the state. Based
on the user’s answers to the questions, the SEADMv2 gives
the user an indication as to whether the provided scenario
is a social engineering attack or not. The SEADMv2 was
chosen since it can be used to detect both textual and ver-
bal social engineering attacks. In addition, it can be used
to detect unidirectional, bidirectional or indirect social engi-
neering attacks, making it a very well-rounded and versatile
social engineering attack detection model.
There are currently limited resources available to aid in
the detection and prevention of social engineering attacks.
In addition, there is a general lack of knowledge about social
engineering and the techniques used by attackers to manip-
ulate their target. As a result, the probability of successful
social engineering attacks is relatively high. The research
question, of this study, is formally stated as follows: Can an
Android application that implements the SEADMv2 reduce
the probability of a subject falling victim to a social engineer-
ing attack? I hypothesise that an Android application that
implements the SEADMv2 will reduce the probability of a
1
The fraudulent acquisition and use of a person’s private
identifying information, usually for financial gain.
2
The activity of defrauding an online account holder of fi-
nancial information by posing as a legitimate company.
2. person falling victim to a social engineering attack, since it
is less likely that a person will fall victim to an attack with
the aid of a model that serves its intended purpose correctly.
This paper will describe how the SEADMv2 [12] was im-
plemented as an Android application called Social Engineer-
ing Protection Training Tool (SEPTT). It also describes the
experiment that was carried out to test whether the An-
droid implementation of the SEADMv2 serves its intended
purpose and improves people’s ability to detect malicious
social engineering attacks correctly. The results obtained
from performing the experiment were analysed, using ap-
propriate statistical measures, to ensure that the results are
statistically significant. The Android implementation of the
SEADMv2 was found to significantly reduce the number of
subjects that fell victim to social engineering attacks, the
only exceptions are that the model did not significantly re-
duce the number of people who fell victim to unidirectional
communication social engineering attacks and harmless sce-
narios.
The remainder of this paper is structured as follows: Sec-
tion 2 provides a brief background of social engineering, the
SEADMv2 [12], the Social Engineering Attack Framework
(SEAF) [15] and the classification of social engineering at-
tacks. Section 3 describes how the Android application,
which was developed for this experiment, was designed and
implemented. Section 4 describes how the experiment was
conducted and the scenarios used for the experiment. Sec-
tion 5 analyses and discusses the results obtained. Section 6
draws conclusions from the results and discusses these con-
clusions. Section 7 suggests improvements that could be
made to the SEADMv2 and the SEPTT Android applica-
tion and Section 8 acknowledges everyone who helped to
make this research project a success.
2. BACKGROUND
Social engineering is defined as the techniques used to ex-
ploit human vulnerability to bypass security systems in or-
der to gather information [10]. In social engineering attacks,
the vulnerability of the system is considered to be the hu-
man element. The attacker exploits the trusting nature that
most humans inherently have, in order to get the informa-
tion they desire. It is common for attackers to pose as an
authoritative figure, such as a manager or IT support, in or-
der to make the receiver of the call more inclined to provide
them with the information they desire [5].
In order to implement the SEPTT Android application,
it was essential to review all social engineering detection
models that have been proposed in literature. Five such de-
tection models were found and compared. It was also vital
to analyse the various social engineering attack frameworks
that have been proposed. It is important that the social
engineering attack scenarios, generated for the experiment,
adhere to a social engineering attack framework. In addi-
tion, social engineering attacks can be classified into three
distinct categories, namely unidirectional communication,
bidirectional communication and indirect communication.
The differences between these categories have to be properly
comprehended in order to classify the social engineering sce-
narios, generated for the experiment, into one of the three
categories.
Figure 1: Social Engineering Attack Detection
Model version 2 (SEADMv2)
2.1 Social Engineering Detection Models
Multiple social engineering detection models have been
proposed in literature. These detection models include, the
Social Engineering Attack Detection Model (SEADM) [1],
the Social Engineering Attack Detection Model version 2
(SEADMv2) [12], detecting social engineering attacks using
neural networks [16], the Social Engineering Defense Archi-
tecture (SEDA) [5] and detection of social engineering using
natural language processing [17]. Table 1, provides a sum-
mary of the advantages and the disadvantages of each of
these social engineering detection models.
The SEADMv2 was chosen to be implemented, in an An-
droid application, and tested. Figure 1 provides an illus-
tration of the SEADMv2. It illustrates the states that the
user is required to progress through in order to reach a fi-
nal state. There are two possible final states a user can end
up in. One final state indicates that the user can trust the
requester, i.e. Perform the Request. The other final state
indicates that the user is the potential victim of a social
engineering attack, i.e. Defer or Refer Request.
The colours used for the states in Figure 1 are to differ-
entiate the different types of states supported by the model.
Yellow states are request states and they deal with the re-
quest itself. Blue states are receiver states and they deal
with whether an individual understands what is requested
or not. The green states deal with the requester and any in-
formation that can be determined about the requester and
the red states are third party states and refer to whether the
requester can be verified using a third party [12].
In addition to having coloured states, the SEADMv2 can
3. Detection Model
Used:
Advantages: Disadvantages:
SEADM Modular design. Requires user to determine own emotional
state.
Only caters for bidirectional communica-
tion.
SEADMv2 Colour codes to differentiate types of states.
More state transitions than the SEADM.
More modular design than the SEADM.
Caters for bidirectional, unidirectional and
indirect communication.
No states to examine the emotional state of
the user.
Social Engineering
Detection using
Neural Networks
Accurate at detecting attacks. Never been tested in a real world scenario.
Tedious for the user to enter values into the
input nodes.
SEDA No user interaction required.
Prevents same social engineer targeting dif-
ferent employees.
Social engineer could trick the system by us-
ing voice recordings of the person they are
imitating.
Only works for verbal social engineering at-
tacks.
Social Engineering
Detection using
Natural Language
Processing
No user interaction required.
Processes text rapidly.
Accurate at detecting attacks.
Only works for textual social engineering at-
tacks.
Table 1: Comparison of Social Engineering Detection Models
be used to detect both verbal and textual social engineering
attacks. It can also be used for bidirectional communication,
unidirectional communication and indirect communication
social engineering attacks.
2.2 Social Engineering Attack Frameworks
A social engineering attack framework provides all the
components required to generate a social engineering attack.
In addition, a social engineering attack framework adds tem-
poral data such as flow and time [15], making the scenario
easier for the reader to relate to. It is for these reasons, that
it was essential to use a social engineering attack framework
when generating social engineering attack scenarios for the
experiment. Various authors have proposed social engineer-
ing attack frameworks, each with different phases that make
up an attack. Some of the proposed social engineering at-
tack frameworks include, the Social Engineering Attack Cy-
cle (SEAC) proposed by Mitnick [10], the Social Engineering
Attack Phases proposed by Laribee [6], Harley’s Social En-
gineering Attack Mechanism [4] and the Social Engineering
Attack Framework (SEAF) proposed by Mouton [15].
It was decided to use the SEAF [15] to generate social
engineering attack scenarios for the experiment. The SEAF
improves on the SEAC [10] by including more phases to
make generation of social engineering attacks more struc-
tured. The phases included in the SEAF are as follows,
attack formulation, information gathering, preparation, de-
velop a relationship, exploit the relationship and debrief.
In the attack formulation phase, the attacker identifies
their target. This is usually based on the knowledge the
target possesses or the information which the target has ac-
cess to. During the information gathering phase, the at-
tacker gathers as much information about their target as
possible [14]. Social networks have made this phase par-
ticularly easy for social engineers, as people tend to share
quite a substantial amount of personal information on social
networks. During the preparation phase, the attacker anal-
yses the information they have gathered about their target
and formulates a scenario that would most likely result in
the target giving the attacker the desired information. The
next phase involves developing a relationship with the tar-
get, this is either achieved through technological means or
by meeting the target in person and building a relationship.
Once the attacker has established a relationship with their
target, the next phase involves exploiting this relationship.
In this phase, the attacker starts to probe the target for
the information they require. The debrief phase is aimed at
returning the target to a “stable” emotional state. The pur-
pose of this phase is to reassure the target that they were
not under attack and that everything is fine.
The SEAF was used when generating the social engineer-
ing scenarios for the experiment. It was essential to ensure
that each scenario went through all the phases of the SEAF.
This made the scenarios more believable and easier for the
test subjects to relate to.
2.3 Classification of Social Engineering Attacks
The type of communication used in a social engineering
attack is classified into one of three categories, namely unidi-
rectional communication, bidirectional communication and
indirect communication. It was important to understand
each of these communication types, to ensure that at least
one example of each communication type was included in
the scenarios used for the experiment.
Unidirectional communication is a type of direct commu-
nication that occurs when the conversation is one-way only,
i.e. from the attacker to the target [13]. Typical unidirec-
tional communication social engineering scenarios include,
when an attacker sends a paper letter to their victim with
no return address. Phishing attacks are also considered to
be unidirectional communication social engineering attacks.
Bidirectional communication is a type of direct commu-
4. Figure 2: High Level Overview of SEPTT System
nication in which both parties participate in the conversa-
tion, i.e. the attacker and the target communicate with one
another [13]. Examples of bidirectional communication in-
clude, when an email is sent form the attacker to the target
and the target replies to the email or when the attacker
phones the target and has a telephonic conversation with
the target.
Indirect communication occurs when there is no actual
communication between the attacker and the target. Indi-
rect communication occurs through a third party medium
[13]. An example of communication occurring through a
third party medium, is when an attacker infects a USB flash
drive and leaves it in a public place to be found by a random
target.
3. SYSTEM DESIGN AND IMPLEMENTA-
TION
Figure 2 illustrates a high level overview of the system
that was built. The system was designed using a three-
layered architecture. In a three-layered architecture, the
system is divided into three distinct layers that each serve
a well-defined purpose. This results in the system achieving
faster responses and processing of users’ requests [7]. The in-
terface layer consists of both the Android application, imple-
mented and tested by myself, as well as the web application,
implemented and tested by Michael Pepper (my partner for
this project), and it is the layer which the users will interact
with. The services layer contains the logic of the system and
it is where the SEADMv2 model will be implemented. This
layer was tested thoroughly during development, since it is
vital to the validity of the experiment. If this layer does not
implement the SEADMv2 correctly, the entire experiment
will be invalid. The back-end layer stores user analytical
data obtained from users using the models through either
the web or Android applications. It also provides an inter-
face for an administrator to update the SEADMv2 model,
should any changes need to be made to the model in the
future.
Figure 3 is a screenshot of the Android application that
was developed and used for the experiment. The applica-
tion was developed using the Rapid Application Develop-
ment (RAD) methodology. This methodology uses mini-
Figure 3: Screenshot of the SEPTT Android Appli-
cation
mal planning in favour of rapid prototyping [9]. Using this
methodology ensured that a working prototype of the ap-
plication was always available. The visual design and user
interface of the application went through numerous itera-
tions in order to optimise the user experience. In the early
iterations of the application, the entire interface was com-
pletely textual with no colours or any indication of progres-
sion through the SEADMv2. Figure 3 is a screenshot of the
final version of the application and it is clear that improve-
ments were made to the user interface. The Yes and No
buttons were made green and red respectively. This change
made it easier for users to differentiate the buttons, with-
out necessarily reading the text on the buttons. A state
progression bar was added to the top of the interface. This
progression bar gives the users a sense of how far they are
from reaching a final state. In addition, it gives the user a
sense of progression, since new chevrons are highlighted as
the user answers questions. A, readily available, help button
was added to the bottom of the interface. This button uses a
question mark icon to indicate that it is intended to help the
user. Upon touching the button, the user is provided with
a more thorough description of the question currently dis-
played. Haptic feedback (vibration) was also implemented
in the application. Upon reaching a final state, the user’s
device vibrates for 100ms drawing the user’s attention to the
fact that they have reached a final state. The application
was completed on 3 October 2016. It was released, as a free
application, on the Google Play Store, listed as Social Engi-
neering Training3
, with the intention that it will be used as
a cybersecurity educational tool.
3
https://play.google.com/store/apps/details?id=za.co.
social engineer.www.socialengineer
5. 4. METHODOLOGY
4.1 Experiment Design
Before describing how the experiment was conducted, a
few details to note about the experiment, are as follows.
This experiment consisted of a single factor (a controlled
independent variable) and it had a single measure (depen-
dent variable which is measured). The factor was the use
of the model, which has two levels (without model and with
model). This factor was a within-subjects factor, meaning
that each subject is tested at each level of the factor. The
measure of this experiment was the number of errors made
by the subjects when answering the scenarios with and with-
out the aid of the model.
This experiment was performed on 20 subjects. Since the
only factor was a within-subjects factor, all 20 of the sub-
jects were required to use both levels of the factor. This
experiment contained both a fixed effect and a random ef-
fect. The fixed effect was the use of the model and the
random effect was the subjects. The levels of the subject
(age, gender, faculty of study, etc) do not really influence
the outcome of this experiment and therefore it is classified
as a random effect.
Initially, the subjects were planned to be recruited by
means of sending out a bulk email to the entire University of
Cape Town (UCT) community. This email would have re-
quested that any interested students sign up and take part
in this experiment. I was hoping to recruit approximately 50
subjects using the convenience random sampling technique.
Convenience random sampling is the basic random sampling
technique where a group of subjects are selected, for a study,
from a larger group[8]. However, due to the shutdown that
occurred on the UCT campus from 16 September 2016 until
17 October 2016, alternative plans had to be made to recruit
subjects. I instead opted to use a snowball sampling tech-
nique, which is a non-probability sampling technique where
study subjects recruit future subjects from among their ac-
quaintances[2]. I initially approached a small group of my
peers and asked them to, voluntarily, be subjects in my ex-
periment. I also asked that they suggest one of their friends
that I could approach and I continued doing this until I man-
aged to get 20 subjects to complete the experiment. Due to
the slow nature of snowball sampling, as opposed to con-
venience random sampling, the amount of subjects was re-
duced, from the initial goal of 50 subjects, to 20 subjects.
Using 20 subjects was enough to obtain sufficient results,
which could be analysed to test the hypothesis.
This experiment was conducted by giving each subject a
total of 10 different scenarios. Eight of the scenarios were
malicious social engineering attacks and the remaining two
scenarios were harmless scenarios. The scenarios were pre-
sented to each subject in a completely random order to elim-
inate any ordering effects. Ordering effects refer to the dif-
ferences in research participants’ responses that result from
the order in which experimental materials are presented to
them[3]. Each scenario had four possible answers associated
with it and the order in which these answers were provided
to the subjects was also randomised. An electronic ques-
tionnaire, which was created using Google Forms, was used.
Google Forms made it easy to randomise the order in which
the scenarios were provided to the subjects, as well as ran-
domise the order in which the answers to each scenario were
provided. Google Forms also made it easy to capture the
results from the experiment.
Every subject was given each of the 10 scenarios twice.
The first time they were required to select an answer us-
ing their own intuition, without the aid of the model. The
second time they were presented with the same 10 scenar-
ios, but this time they were also provided with the Android
implementation of the SEADMv2 to assist them in selecting
the most correct answer. The order in which the subjects an-
swered the scenarios was fixed, i.e. the subjects always first
answered the scenarios without the aid of the model first and
then with the aid of the model. The purpose of this, was to
eliminate any lasting effects the use of the model could have
on the subjects which would influence their answers without
the use of the model.
Even though the entire questionnaire was available avail-
able online4
and the Android application was published to
the Google Play Store, I was still present during each exper-
iment. This was to ensure the subject understood exactly
what was expected of them, as well as to answer any ques-
tions the subject might have while doing the experiment.
The measure of this experiment was the total number of
errors made by each subject. This was measured by com-
paring a subjects answers to the correct answers. If the
subject got an answer incorrect, that would be counted as
an error. It stands to reason that the less errors a subject
made, the better they did at correctly identifying the social
engineering attacks.
Ethical clearance was applied for and obtained from the
UCT Science Faculty Research Ethics Committee. Each
participant was also required to sign a consent form before
partaking in the experiment, agreeing that they are volun-
tarily partaking in the experiment and that their results will
be kept completely anonymous and only used for the pur-
pose of this experiment.
4.2 Summary of Scenarios Used
The scenarios, provided to the subjects in the experiment,
were generated using the SEAF. An effort was made to en-
sure that there were scenarios from each of the three social
engineering attack communication categories, namely bidi-
rectional communication, unidirectional communication and
indirect communication. In Section 2, it was specified that
the only two possible final states provided by the SEADMv2
are Perform the Request or Defer or Refer Request. Per-
forming the Request, could either mean perform the request
without asking questions or perform the request with cau-
tion. Similarly, Deferring or Referring the Request could
either mean to not perform the request at all or refer the re-
quest to someone else. Therefore, it was decided that there
would be two possible correct answers for each scenario. A
short description of the scenarios, used for the experiment,
are provided below.
4.2.1 Bidirectional Communication Scenarios
Four of the ten scenarios provided to the subjects, during
the experiment, were bidirectional communication scenarios.
All four of the bidirectional communication scenarios were
malicious social engineering attacks. Therefore, the correct
answers for these scenarios was either to refer the attacker’s
request to someone who has the authority to handle such
a request or to refuse to help the attacker entirely. Two of
4
Questionnaire available at https://goo.gl/forms/
H0Z8PPnJR72rqJim1
6. the bidirectional scenarios were phone calls from an attacker
who impersonated someone who has the authority to obtain
the requested information from the victim. The phone call
in one of the scenarios took place over the Christmas holi-
day. The attacker was targeting the victim’s emotional state
over this period, since over the holidays people do not want
to be bothered with work related problems and will give
away sensitive information, less reluctantly, just to end the
phone call. Another of the bidirectional communication sce-
narios was a conversation over a popular instant messaging
platform, Facebook Messenger. The attacker and the vic-
tim have never met in person, so there is no way the victim
can be sure the attacker is who they say they are. The
attacker first builds a virtual relationship with the victim
and then exploits this relationship requesting sensitive in-
formation, namely the victim’s Facebook login credentials.
The last bidirectional communication scenario, used in the
experiment, was an attacker posing as a student and asking
another student, the victim, to swipe him into the computer
lab, since he had lost his student card.
4.2.2 Unidirectional Communication Scenarios
Five of the ten scenarios, used for the experiment, were
unidirectional communication scenarios. Two of these sce-
narios were harmless scenarios, while the remaining three
were malicious social engineering attack scenarios. The two
harmless scenarios both entailed an email sent from one
party to another. In the one scenario, a recruiter from
LinkedIn sent an email and in the other scenario a new em-
ployee at an accounting firm sent an email. In both these
scenarios, the two people had not met in person. However,
both emails came from domains owned by the two compa-
nies that the recruiter and the employee at the accounting
firm worked for respectively. This is already a strong in-
dication that the people sending the emails are who they
say they are. Another indication was the signatures of the
emails contained both the senders’ positions at their compa-
nies as well as their contact details. Therefore, it would be
relatively easy to verify that both the people who sent the
emails are who they say they are.
The three unidirectional malicious social engineering at-
tack scenarios entailed emails sent from unverifiable domains
as wells as a guest lecturer requesting sensitive information.
In the one scenario an email was sent from a lecturer to a
student, however, the lecturer’s email was not sent from the
typical Vula (the online teaching system used at UCT) an-
nouncement system and the domain of the lecturer’s email
address was not the university’s domain. As a result, there
is no way for the student to verify that this email was in
fact sent from their lecturer. Another of the unidirectional
malicious scenarios, involved a student emailing their incom-
plete assignment to another student, requesting some assis-
tance. Both students had never met in person and there was,
once again, no way to verify the person sending the email.
The last unidirectional malicious social engineering attack,
involved a guest lecturer requesting students to complete
forms. However, these forms required the students to pro-
vide sensitive information, such as their identity numbers.
Since there is no way of verifying the guest lecturer’s identity,
the correct answer was to refuse to complete that section of
the form (deferring the request) or telling the guest lecturer
to obtain that information from the university’s records (re-
ferring the request).
4.2.3 Indirect Communication Scenarios
There was only one example of an indirect communication
scenario, in the ten scenarios used for the experiment. Indi-
rect communication scenarios are more difficult to generate,
due to the fact that the attacker and the victim do not have
a direct channel of communication, but rather communicate
through a third-party medium. The indirect communica-
tion scenario, used in the experiment, involved the victim
picking up a USB flash drive, lying unattended on a univer-
sity campus. The USB flash drive is not labelled with any
name or contact details, so there is no way for the victim to
identify the owner of the USB flash drive, without inserting
the USB flash drive into a computer and inspecting the files.
The SEADMv2 has a question that asks the user whether
or not they have the authority to perform the action. Since
you do not have the authority to plug someone else’s USB
flash drive into your computer, without their permission, the
correct action to take would be to leave the flash drive where
you found it (deferring the request) or taking the flash drive
to lost and found (referring the request).
5. RESULTS AND DISCUSSION
The results obtained from the 20 subjects was exported
as a CSV file5
from Google Forms. This CSV file was rather
verbose and as a result, a Python script was written to ex-
tract the required information from it. Four different sets of
results were extracted from the raw data, namely how the
subjects’ answers changed when they answered the scenarios
with the aid of the model opposed to when they answered
the scenarios without the aid of the model. How the num-
ber of errors made without the aid of the model compare to
the number of errors made with the aid of the model. How
the number of errors made with and without the aid of the
model for malicious social engineering attacks compare to
the number of errors made with and without the aid of the
model for harmless social engineering attacks. Lastly, how
the number of errors made with and without the aid of the
model for unidirectional communication scenarios, bidirec-
tional communication scenarios and indirect communication
scenarios compare.
5.1 Comparison of Changes to Answers
The possible changes to answers were grouped into four
categories, namely a subject’s answer changes from incorrect
without the model to correct with the aid of the model, a
subject’s answer changes from correct without the model
to incorrect with the aid of the model, a subject’s answer
remains incorrect with and without the aid of the model, and
a subject’s answer remains correct with and without the aid
of the model. It should be obvious, that if the subject’s
answer changes from incorrect without the model to correct
with the aid of the model or if their answer remains correct
with and without the model, this is seen as positive and
the model is serving its intended purpose. Similarly, if a
subject’s answer changes from correct without the model to
incorrect with the aid of the model or if their answer remains
incorrect with and without the model, this is seen as negative
and the model is not serving its intended purpose. To obtain
these results, the raw data CSV file was manipulated by a
5
Raw data CSV file available at http://www.social-engineer.
co.za/data/SEPTTOutputOriginalAnswers.csv
7. Description of Change: Number of Changes: Percentage:
Incorrect to correct 57 28.5%
Correct to incorrect 25 12.5%
Remained correct 80 40%
Remained incorrect 38 19%
Table 2: Changes to Answers
Python script to produce a new CSV file6
. This CSV file
contained columns that tally the number of times a subject’s
answer changed from incorrect to correct or vice versa or
remained either correct or incorrect.
Table 2 tabulates the results obtained, describing the num-
ber of changes in each category as well as the percentage
associated with each category. It is clear that the use of
the model had a significant affect in changing the answers
positively. The use of the model improved the subject’s an-
swer from incorrect to correct 28.5% of the time. The model
also kept the subject’s answer correct 40% of the time. This
means the model served its intended purpose more than two
thirds of the time (68.5%). The remaining 31.5% of the time
the model did not serve its intended purpose. However, this
is a much smaller fraction of the time, compared to when the
model did serve its intended purpose. The times when the
model failed to serve its purpose can also be attributed to the
subjects not understanding the wording used in the model
and subjects getting tired during the experiment (both these
factors were observed while watching subjects complete the
experiment).
5.2 Comparison of Total Errors Made
The comparison of the total errors made with and without
the aid of the model, is the measure that gives the best indi-
cation of whether the model is serving its intended purpose
or not. Another Python script was used to tally the total er-
rors made by each subject across all the scenarios and create
a CSV file7
of the results. An error, in this context, refers
to when a subject chose an incorrect answer for a particular
scenario. These results were analysed to test for statistical
significance. For this experiment, the significance threshold
was set at 0.05. This means that any p-value obtained that
is less than 0.05 is statistically significant, any other p-value
is not statistically significant.
First the distribution of data needed to be determined,
since this would give an indication of which statistical tests
could be used to analyse the data. It was suspected that the
data would follow a Poisson distribution, since errors and er-
ror rates usually tend to follow this sort of distribution. To
determine the distribution of the data, a Chi-Squared good-
ness of fit test was run on both the number of errors with and
without the aid of the model. The Chi-Squared goodness of
fit indicated that the errors made with the aid of the model
did follow a Poisson distribution, since p > 0.05 and there-
fore it does not significantly deviate from a Poisson distribu-
tion. However, running the same test on the data without
the aid of the model, produced p < 0.05, which means the
data does significantly deviate from a Poisson distribution
and therefore it does not follow a Poisson distribution.
6
CSV file available at http://www.social-engineer.co.za/
data/SEPTTSummaryAnalysis.csv
7
CSV file available at http://www.social-engineer.co.za/
data/SEPTTErrorRate.csv
Figure 4: Box plots of errors with and without the
model
The two data sets did not both follow the same distribu-
tion and therefore a non-parametric statistical test had to be
used to test for significance. This experiment contained one
within-subjects factor with exactly two levels (with model
and without model) and, as a result, a Wilcoxon signed-rank
test was run to determine if there is a significant difference
between the results. It was found, that there is a signifi-
cant difference between the number of errors made with the
aid of the model and the number of errors made without the
model (p < 0.05). The box plots of the errors made with and
without the aid of the model, illustrated in Figure 4, shows
this significant difference clearly. From Figure 4, it is clear
that the first quartile of the number of errors made without
the model is equal to the third quartile of the number errors
made with the model. This strengthens the result obtained
with the Wilcoxon signed-rank test. It is clear that the use
of an Android application that implements the SEADMv2
model does significantly decrease the number of errors made
when identifying social engineering attacks.
5.3 Comparison of Errors Made Based on
Type of Scenario
As an additional comparison, it was decided to separate
the scenarios into two categories, namely attack and harm-
less scenarios. Attack scenarios are scenarios in which an
attacker is trying to manipulate the victim with malicious
intent, while harmless scenarios are those scenarios in which
there is no malicious intent. This comparison was performed
to provide insight into whether the SEADMv2 is actually re-
ducing the number of errors in malicious social engineering
attacks or if the reduction of errors is only occurring in harm-
less scenarios. A Python script was again used to separate
the scenarios into attack scenarios and harmless scenarios
8. and two new CSV data files8
were created for analysis.
Similar to the total errors, the distribution of the data had
to first be determined to provide an indication of which sta-
tistical tests can be used for analysis. After running the Chi-
squared goodness of fit test on the results with the model
and without the model for malicious attack scenarios. It was
found that the the errors with the aid of the model followed
a Poisson distribution (p > 0.05), while the errors without
the aid of the model did not follow a Poisson distribution
(p < 0.05). Since the data does not follow the same distribu-
tion and there is one within-subjects factor with exactly two
levels (with model and without model), a Wilcoxon signed-
rank test was the most appropriate statistical test to use.
Since this is a post hoc test, an adjustment needed to be
made to the original significance threshold to account for
the additional hypotheses that were introduced. This ad-
justment is known as the Bonferroni correction and it is in-
troduced to avoid the null hypothesis (a default hypothesis
that claims there is no relationship between the two mea-
surements) being rejected incorrectly. The Bonferroni cor-
rection adjusts the original significance threshold as follows,
α/κ, where α is the original significance threshold and κ is
the number of hypotheses introduced in the post hoc test.
In this case there were two hypotheses introduced, namely
harmless scenarios and attack scenarios. Using the Bon-
ferroni correction on the original significance threshold, we
get an adjusted significance threshold of 0.05/2 = 0.025. Af-
ter running the Wilcoxon signed-rank test, it was found that
there is a significant difference between the number of errors
made with the aid of the model and the number of errors
made without the model for attack scenarios (p < 0.025).
The same procedure was followed for the errors with and
without the model for harmless scenarios. First the distri-
bution was determined using a Chi-squared goodness of fit
test. The errors with the aid of the model followed a Poisson
distribution (p > 0.05), while the errors without the aid of
the model did not follow a Poisson distribution (p < 0.05).
Once again, a Wilcoxon signed-rank test was used to de-
termine statistical significance. However, it was found that
there is no significant difference between the number of er-
rors made with the aid of the model and the number of errors
made without the model for harmless scenarios (p > 0.025).
The box plots of the errors made with and without the aid
of the model for harmless scenarios, in Figure 5, supports
this result. In Figure 5, the medians are identical, this is a
strong indicator of no significant difference.
Since there was a significant difference between the num-
ber of errors with and without the model overall and there
was also a significant difference between the number of errors
with and without the model for attack scenarios. It stands
to reason, that the SEADMv2 is helping subjects detect ma-
licious social engineering attacks well, but not having much
of an effect on the way subjects react to harmless scenarios.
This is acceptable, since the purpose of the SEADMv2 is
to prevent users from falling victim to malicious social engi-
neering attacks, which it has proven to do correctly. Figure
6 is a stacked graph, which clearly illustrates how the num-
ber of errors made in harmless scenarios with and without
the model is practically the same. Figure 6 also illustrates
that there is a big difference, overall, between the number
8
CSV files available at http://www.social-engineer.co.
za/data/SEPTTErrorRateAttack.csv & http://www.
social-engineer.co.za/data/SEPTTErrorRateHarmless.csv
Figure 5: Box plots of errors with and without the
model for harmless scenarios
of errors made with and without the model and this differ-
ence is clearly caused by the attack scenarios and not the
harmless scenarios.
5.4 Comparison of Errors Made Based on
Communication Category of Scenario
The last comparison performed was to test whether the
SEADMv2 works better for a given communication category
of scenarios. Similar to before, a Python script was used to
separate the scenarios into bidirectional, unidirectional and
indirect communication and three new CSV data files9
were
created for analysis. Since this is another post hoc test,
the Bonferroni correction had to be applied to the original
significance threshold. This time there were three hypothe-
ses introduced and the Bonferroni correction adjusted the
significance threshold to be 0.05/3 = 0.017. This adjusted
significance threshold was used to determine statistical sig-
nificance for the three communication categories described
below.
5.4.1 Bidirectional Communication Scenarios
The errors with and without the model for the bidirec-
tional communication scenarios were first analysed to see if
a common distribution could be found using the Chi-squared
goodness of fit test. The number of errors with the model did
fit a Poisson distribution (p > 0.05), however, the number of
errors without the aid of the model did not fit a Poisson dis-
tribution (p < 0.05). Therefore, the Wilcoxon signed-rank
test would have to be used to test for statistical significance
9
CSV files available at http://www.social-engineer.co.za/
data/SEPTTErrorRateBi.csv; http://www.social-engineer.
co.za/data/SEPTTErrorRateUni.csv & http://www.
social-engineer.co.za/data/SEPTTErrorRateIndirect.csv
9. Figure 6: Stacked bar graph showing the number of
errors with and without the model for harmless and
attack scenarios
between the number of errors with and without the model.
There was found to be a significant difference between the
number of errors with and without the model for bidirec-
tional communication scenarios (p < 0.017). This indicates
that the model serves its intended purpose and significantly
reduces the number of errors for bidirectional communica-
tion scenarios.
5.4.2 Unidirectional Communication Scenarios
Similar to bidirectional communication, the number of er-
rors with and without the model for the unidirectional com-
munication scenarios were first analysed, to see if a common
distribution could be found using the Chi-squared goodness
of fit test. However, in the case of the unidirectional com-
munication scenarios a rather interesting observation was
made. The number of errors with and without the model
were identically distributed. This is illustrated in Figure 7,
which shows the box plots for number of errors with and
without the use of the model for unidirectional communi-
cation scenarios. Since the distributions of the number of
errors with and without the model are identical, it would
be unnecessary to run any statistical tests. It is quite clear
that there is no difference between the number of errors with
and without the model for unidirectional scenarios. There-
fore, the SEADMv2 does not serve its intended purpose for
unidirectional scenarios.
5.4.3 Indirect Communication Scenarios
Lastly, the number of errors with and without the model,
for indirect communication scenarios, were analysed to see if
a common distribution could be found using the Chi-squared
goodness of fit test. The number of errors with the model did
fit a Poisson distribution (p > 0.05), however, the number
of errors without the aid of the model did not fit a Poisson
distribution (p < 0.05). Therefore the Wilcoxon signed-rank
test would have to be used to test for statistical significance
between the number of errors with and without the model
Figure 7: Box plots of errors with and without the
model for unidirectional communication scenarios
for indirect communication scenarios. There was found to
be a significant difference between the number of errors with
and without the model for indirect communication scenar-
ios (p < 0.017). This indicates that the model serves its
intended purpose and significantly reduces the number of
errors for indirect communication scenarios.
6. CONCLUSIONS
The results analysed in Section 5 can be used to draw vi-
tal conclusions. The most important result obtained, is that
an Android implementation of the SEADMv2 does signifi-
cantly reduce the number of errors made by subjects when
identifying social engineering scenarios, opposed to when no
model is used. This answers the research question of this
paper and agrees with the hypothesis.
The model was also shown to be statistically significant at
reducing the number of errors made for malicious attack sce-
narios. However, the model did not have any significant af-
fect on reducing the number of errors made for harmless sce-
narios. The model was also statistically significant at reduc-
ing the number of errors made for both bidirectional com-
munication and indirect communication scenarios. However,
the model did not have any significant effect on the number
of errors made for unidirectional communication scenarios.
Therefore, it can be concluded that an Android implementa-
tion of the SEADMv2 is effective at reducing the probabil-
ity of a subject falling victim to malicious attack scenarios,
bidirectional communication scenarios and indirect commu-
nication scenarios. However, an Android implementation of
the SEADMv2 is not effective at reducing the probability
of a subject falling victim to unidirectional communication
scenarios and harmless scenarios.
The Android implementation of the SEADMv2 was also
10. good at positively influencing the subjects’ answers. It changed
the subjects’ answers from incorrect to correct 28.5% of the
time and kept the subjects’ answers correct 40% of the time.
This means 68.5% of the time, the model influenced the sub-
jects positively. This is more than the 12.5% of the time that
the model changed the subjects’ answers from correct to in-
correct or the 19% of the time when the model kept the
subjects’ answers incorrect. This leads us to the conclusion
that an Android implementation of the SEADMv2 influences
a subjects’ answers positively more often than when it in-
fluences a subjects’ answers negatively.
On the whole, the Android implementation of the SEADMv2
did have a statistically significant positive influence on the
detection of social engineering attacks. Therefore,it can be
concluded that the Android implementation of the SEADMv2
does reduce the probability of a subject falling victim to a
social engineering attack.
7. FUTURE WORK
This paper described the first experiment with the SEADMv2
on actual subjects. As a result, a few aspects of the model,
which may have worked well in theory, were not as effective
in reality. The most notable aspect is the wording of some of
the questions in the model. Numerous subjects either asked
for clarification on what a question meant or made use of the
help provided in the SEPTT Android application, to clarify
some of the questions in the model. The wording of some
of the questions should be revised in future iterations of the
SEADM. In addition, the model was found to not decrease
the number of errors for unidirectional communication sce-
narios and harmless scenarios. This should definitely be in-
vestigated and future iterations of the SEADM should also
significantly decrease the number of errors for unidirectional
communication scenarios and harmless scenarios.
The Android application that was developed for this ex-
periment is fully functional and was tested thoroughly. How-
ever, an aspect that bothered some subjects during the ex-
periment, is that the progress bar, visible at the top of the
interface, does not accurately indicate a user’s distance from
reaching a final state. For example, if a user had to answer
No to the first two questions, the progress bar would jump
from state 2 to the final state. This is due to the way the
underlying model is designed. Future work on the Android
application could involve writing an algorithm to enable the
state progress bar to more accurately indicate the user’s dis-
tance from reaching a final state.
8. ACKNOWLEDGEMENTS
I would like to thank my supervisors Prof. Tommie Meyer
and Francois Mouton for all their help and guidance through-
out this project. I doubt this project would have been as
successful as it was, without their input. I would also like to
express my gratitude towards Dr Brian DeRenzi, who helped
me tremendously, by suggesting appropriate statistical tests
that I could use to analyse my results.
I would also like to thank my project partner, Michael
Pepper. Although we worked on separate parts of this project
and no collaboration was required, his encouragement and
help contributed to the successful completion of this project.
9. REFERENCES
[1] Bezuidenhout, M., Mouton, F., and Venter,
H. S. Social engineering attack detection model:
Seadm. In Information Security for South Africa
(ISSA), 2010 (2010), IEEE, pp. 1–8.
[2] Biernacki, P., and Waldorf, D. Snowball
sampling: Problems and techniques of chain referral
sampling. Sociological methods & research 10, 2
(1981), 141–163.
[3] Gass, S. M., and Torres, M. J. A. Attention
when?: An investigation of the ordering effect of input
and interaction. Studies in Second Language
Acquisition 27, 01 (2005), 1–31.
[4] Harley, D. Re-floating the titanic: Dealing with
social engineering attacks. London: EICAR (1998), 13.
[5] Hoeschele, M., and Rogers, M. Detecting social
engineering. In Advances in Digital Forensics.
Springer, 2005, pp. 67–77.
[6] Laribee, L. Development of methodical social
engineering taxonomy project. PhD thesis, Monterey,
California. Naval Postgraduate School, 2006.
[7] Liu, D. T., and Xu, X. W. A review of web-based
product data management systems. Computers in
industry 44, 3 (2001), 251–262.
[8] Marshall, M. N. Sampling for qualitative research.
Family practice 13, 6 (1996), 522–526.
[9] Martin, J. Rapid application development, vol. 8.
Macmillan New York, 1991.
[10] Mitnick, K. D., and Simon, W. L. The art of
deception: Controlling the human element of security.
John Wiley & Sons, 2011.
[11] Mouton, F., Leenen, L., Malan, M. M., and
Venter, H. Towards an ontological model defining
the social engineering domain. In ICT and Society.
Springer, 2014, pp. 266–279.
[12] Mouton, F., Leenen, L., and Venter, H. Social
engineering attack detection model: Seadmv2. In 2015
International Conference on Cyberworlds (CW)
(2015), IEEE, pp. 216–223.
[13] Mouton, F., Leenen, L., and Venter, H. Social
engineering attack examples, templates and scenarios.
Computers & Security 59 (2016), 186–209.
[14] Mouton, F., Malan, M. M., Kimppa, K. K., and
Venter, H. S. Necessity for ethics in social
engineering research. Computers & Security 55 (2015),
114–127.
[15] Mouton, F., Malan, M. M., Leenen, L., and
Venter, H. S. Social engineering attack framework.
In Information Security for South Africa (ISSA), 2014
(2014), IEEE, pp. 1–9.
[16] Sandouka, H., Cullen, A., and Mann, I. Social
engineering detection using neural networks. In
CyberWorlds, 2009. CW’09. International Conference
on (2009), IEEE, pp. 273–278.
[17] Sawa, Y., Bhakta, R., Harris, I. G., and
Hadnagy, C. Detection of social engineering attacks
through natural language processing of conversations.
In 2016 IEEE Tenth International Conference on
Semantic Computing (ICSC) (2016), IEEE,
pp. 262–265.
[18] Workman, M. Gaining access with social
engineering: An empirical study of the threat.