An efficient intrusion detection model based on convolutional spiking neural network

Many intrusion detection techniques have been developed to ensure that the target system can function properly under the established rules. With the booming Internet of Things (IoT) applications, the resource-constrained nature of its devices makes it urgent to explore lightweight and high-performance intrusion detection models. Recent years have seen a particularly active application of deep learning (DL) techniques. The spiking neural network (SNN), a type of artificial intelligence that is associated with sparse computations and inherent temporal dynamics, has been viewed as a potential candidate for the next generation of DL. It should be noted, however, that current research into SNNs has largely focused on scenarios where limited computational resources and insufficient power sources are not considered. Consequently, even state-of-the-art SNN solutions tend to be inefficient. In this paper, a lightweight and effective detection model is proposed. With the help of rational algorithm design, the model integrates the advantages of SNNs as well as convolutional neural networks (CNNs). In addition to reducing resource usage, it maintains a high level of classification accuracy. The proposed model was evaluated against some current state-of-the-art models using a comprehensive set of metrics. Based on the experimental results, the model demonstrated improved adaptability to environments with limited computational resources and energy sources.

DDoS attack detection in smart grid network using reconstructive machine learning models

Network attacks pose a significant challenge for smart grid networks, mainly due to the existence of several multi-directional communication devices coupling consumers to the grid. One of the network attacks that can affect the smart grid is the distributed denial of service (DDoS), where numerous compromised communication devices/nodes of the grid flood the smart grid network with false data and requests, leading to disruptions in smart meters, data servers, and the state estimator, ultimately effecting the services for end-users. Machine learning-based strategies show distinctive benefits in resolving the challenge of securing the network from DDoS attacks. Regardless, a notable hindrance in deploying machine learning-based techniques is the requirement of model retraining whenever new attack classes arise. Practically, disrupting the normal operations of smart grid is really discouraged. To handle this challenge effectively and detect DDoS attacks without major disruptions, we propose the deployment of reconstructive deep learning techniques. A primary benefit of our proposed technique is the minimum disruption during the introduction of a new attack class, even after complete deployment. We trained several deep and shallow reconstructive models to get representations for each attack type separately, and we performed attack detection by class-specific reconstruction error-based classification. Our technique experienced rigid evaluation via multiple experiments using two well-acknowledged standard databases exclusively for DDoS attacks, including their subsets. Later, we performed a comparative estimation of our outcomes against six methods prevalent within the same domain. Our outcomes reveal that our technique attained higher accuracy, and notably eliminates the requirement of a complete model retraining in the event of the introduction of new attack classes. This method will not only boost the security of smart grid networks but also ensure the stability and reliability of normal operations, protecting the critical infrastructure from ever-evolving network attacks. As smart grid is advancing rapidly, our approach proposes a robust and adaptive way to overcome the continuous challenges posed by network attacks.

Vulnerability of pangolin SARS-CoV-2 lineage assignment to adversarial attack

Pangolin is the most popular tool for SARS-CoV-2 lineage assignment. During COVID-19, healthcare professionals and policymakers required accurate and timely lineage assignment of SARS-CoV-2 genomes for pandemic response. Therefore, tools such as Pangolin use a machine learning model, pangoLEARN, for fast and accurate lineage assignment. Unfortunately, machine learning models are susceptible to adversarial attacks, in which minute changes to the inputs cause substantial changes in the model prediction. We present an attack that uses the pangoLEARN architecture to find perturbations that change the lineage assignment, often with only 2-3 base pair changes. The attacks we carried out show that pangolin is vulnerable to adversarial attack, with success rates between 0.98 and 1 for sequences from non-VoC lineages when pangoLEARN is used for lineage assignment. The attacks we carried out are almost never successful against VoC lineages because pangolin uses Usher and Scorpio - the non-machine-learning alternative methods for VoC lineage assignment. A malicious agent could use the proposed attack to fake or mask outbreaks or circulating lineages. Developers of software in the field of microbial genomics should be aware of the vulnerabilities of machine learning based models and mitigate such risks.

Cyber hygiene concepts for nursing education

BACKGROUND

The healthcare industry has increasingly been targeted by cybercrime putting patients, organizations, and employees at risk for financial loss and breach of privacy. Malware events compromise system integrity and patient privacy which could lead to delays in treatment, loss of patient data, inability to provide care, and increase in patient harm. In addition, these attacks may also compromise private and personal information for those targeted.

OBJECTIVE

Nurses represent a large portion of frontline healthcare workers and are uniquely positioned to help prevent cyber-attacks. Nursing curriculum should include education about the risks to patient safety from cybercrime and the nurse's role in preventing cybercrime. Nursing education has focused on hygiene for patient safety. Adding cyber hygiene to the essential practices of pre-licensure and advanced practice nurses is a first step to protecting patients, organizations, and employees from the repercussions of a healthcare cyber-attack.

How to protect smart and autonomous vehicles from stealth viruses and worms

Smart and autonomous vehicles are inseparable parts of the future Intelligent Transportation Systems (ITS). However, ITS components, and especially its vehicles, are prone to cyber threats. Interconnectivity of different parts, ranging from in-vehicle communication of different modules to vehicle and vehicle to infrastructure message exchanges open a window to the cyber attacks launched through these communication media. This paper introduces the concept of stealth virus or worm in smart and autonomous vehicles which can jeopardize the safety of passengers. Stealth attacks are designed to manipulate a system in a way that while the changes are not detectable by human, the system is negatively influenced over the time. A framework for Intrusion Detection System (IDS) is proposed afterward. The proposed IDS structure is scalable and easily deployable on current and future vehicles which are equipped with Controller Area Network (CAN) buses. Through a case study on car cruise control, a new stealth attack is presented. The attack is analytically discussed first. Then, it is shown how the proposed IDS can detect this kind of threats.

Is COVID-19 Being Used to Spread Malware

With the rising number of people using social networks after the pandemic of COVID-19, cybercriminals took the advantage of (i) the increased base of possible victims and (ii) the use of a trending topic as the pandemic COVID-19 to lure victims and attract their attention and put malicious content to infect the most possible number of people. Twitter platform forces an auto-shortening to any included URL within a 140-character message called "tweet" and this makes it easier for the attackers to include malicious URLs within Tweets. Here comes the need to adopt new approaches to resolve the problem or at least identify it to better understand it to find a suitable solution. One of the proven effective approaches is the adaption of machine learning (ML) concepts and applying different algorithms to detect, identify, and even block the propagation of malware. Hence, this study's main objectives were to collect tweets from Twitter that are related to the topic of COVID-19 and extract features from these tweets and import them as independent variables for the machine learning models to be developed later, so they would identify imported tweets as to be malicious or not.

A systematic review of literature on credit card cyber fraud detection using machine and deep learning

The increasing spread of cyberattacks and crimes makes cyber security a top priority in the banking industry. Credit card cyber fraud is a major security risk worldwide. Conventional anomaly detection and rule-based techniques are two of the most common utilized approaches for detecting cyber fraud, however, they are the most time-consuming, resource-intensive, and inaccurate. Machine learning is one of the techniques gaining popularity and playing a significant role in this field. This study examines and synthesizes previous studies on the credit card cyber fraud detection. This review focuses specifically on exploring machine learning/deep learning approaches. In our review, we identified 181 research articles, published from 2019 to 2021. For the benefit of researchers, review of machine learning/deep learning techniques and their relevance in credit card cyber fraud detection is presented. Our review provides direction for choosing the most suitable techniques. This review also discusses the major problems, gaps, and limits in detecting cyber fraud in credit card and recommend research directions for the future. This comprehensive review enables researchers and banking industry to conduct innovation projects for cyber fraud detection.

Personalized persuasion: Quantifying susceptibility to information exploitation in spear-phishing attacks

Many cyberattacks begin with a malicious email message, known as spear phishing, targeted at unsuspecting victims. Although security technologies have improved significantly in recent years, spear phishing continues to be successful due to the bespoke nature of such attacks. Crafting such emails requires attackers to conduct careful research about their victims and collect personal information about them and their acquaintances. Despite the widespread nature of spear-phishing attacks, little is understood about the human factors behind them. This is particularly the case when considering the role of attack personalization on end-user vulnerability. To study spear-phishing attacks in the laboratory, we developed a simulation environment called SpearSim that simulates the tasks involved in the generation and reception of spear-phishing messages. Using SpearSim, we conducted a laboratory experiment with human subjects to study the effect of information availability and information exploitation end-user vulnerability. The results of the experiment show that end-users in the high information-availability condition were 2.97 times more vulnerable to spear-phishing attacks than those in the low information-availability condition. We found that access to more personal information about targets can result in attacks involving contextually meaningful impersonation and narratives. We discuss the implications of this research for the design of anti-phishing training solutions.

Open-source intelligence: a comprehensive review of the current state, applications and future perspectives in cyber security

The volume of data generated by today's digitally connected world is enormous, and a significant portion of it is publicly available. These data sources are web archives, public databases, and social networks such as Facebook, Twitter, LinkedIn, Emails, Telegrams, etc. Open-source intelligence (OSINT) extracts information from a collection of publicly available and accessible data. OSINT can provide a solution to the challenges in extracting and gathering intelligence from various publicly available information and social networks. OSINT is currently expanding at an incredible rate, bringing new artificial intelligence-based approaches to address issues of national security, political campaign, the cyber industry, criminal profiling, and society, as well as cyber threats and crimes. In this paper, we have described the current state of OSINT tools/techniques and the state of the art for various applications of OSINT in cyber security. In addition, we have discussed the challenges and future directions to develop autonomous models. These models can provide solutions for different social network-based security, digital forensics, and cyber crime-based problems using various machine learning (ML), deep learning (DL) and artificial intelligence (AI) with OSINT.

DSmishSMS-A System to Detect Smishing SMS

With the origin of smart homes, smart cities, and smart everything, smart phones came up as an area of magnificent growth and development. These devices became a part of daily activities of human life. This impact and growth have made these devices more vulnerable to attacks than other devices such as desktops or laptops. Text messages or SMS (Short Text Messages) are a part of smartphones through which attackers target the users. Smishing (SMS Phishing) is an attack targeting smartphone users through the medium of text messages. Though smishing is a type of phishing, it is different from phishing in many aspects like the amount of information available in the SMS, the strategy of attack, etc. Thus, detection of smishing is a challenge in the context of the minimum amount of information shared by the attacker. In the case of smishing, we have short text messages which are often in short forms or in symbolic forms. A single text message contains very few smishing-related features, and it consists of abbreviations and idioms which makes smishing detection more difficult. Detection of smishing is a challenge not only because of features constraint but also due to the scarcity of real smishing datasets. To differentiate spam messages from smishing messages, we are evaluating the legitimacy of the URL (Uniform Resource Locator) in the message. We have extracted the five most efficient features from the text messages to enable the machine learning classification using a limited number of features. In this paper, we have presented a smishing detection model comprising of two phases, Domain Checking Phase and SMS Classification Phase. We have examined the authenticity of the URL in the SMS which is a crucial part of SMS phishing detection. In our system, Domain Checking Phase scrutinizes the authenticity of the URL. SMS Classification Phase examines the text contents of the messages and extracts some efficient features. Finally, the system classifies the messages using Backpropagation Algorithm and compares results with three traditional classifiers. A prototype of the system has been developed and evaluated using SMS datasets. The results of the evaluation achieved an accuracy of 97.93% which shows the proposed method is very efficient for the detection of smishing messages.

CYBER-AIDD: A novel approach to implementing improved cyber security resilience for large Australian healthcare providers using a Unified Modelling Language ontology

Purpose

This paper proposes a novel cyber security risk governance framework and ontology for large Australian healthcare providers, using the structure and simplicity of the Unified Modelling Language (UML). This framework is intended to mitigate impacts from the risk areas of: (1) cyber-attacks, (2) incidents, (3) data breaches, and (4) data disclosures.

Methods

Using a mixed-methods approach comprised of empirical evidence discovery and phenomenological review, existing literature is sourced to confirm baseline ontological definitions. These are supplemented with Australian government reports, professional standards publications and legislation covering cyber security, data breach reporting and healthcare governance. Historical examples of healthcare cyber security incidents are reviewed, and a cyber risk governance UML presented to manage the defined problem areas via a single, simplified ontological diagram.

Results

A clear definition of 'cyber security' is generated, along with the 'CYBER-AIDD' risk model. Specific examples of cyber security incidents impacting Australian healthcare are confirmed as N = 929 over 5 years, with human factors the largest contributor. The CYBER-AIDD UML model presents a workflow across four defined classes, providing a clear approach to implementing the controls required to mitigate risks against verified threats.

Conclusions

The governance of cyber security in healthcare is complex, in part due to a lack of clarity around key terms and risks, and this is contributing to consistently poor operational outcomes. A focus on the most essential avenues of risk, using a simple UML model, is beneficial in describing these risks and designing governance controls around them.

CADEN: cellular automata and DNA based secure framework for privacy preserving in IoT based healthcare

In the present E-healthcare industry, data breaches result in substantial economic losses due to cyber-attacks and hence create a trust deficit between the industry and users. The healthcare industry has rapidly adopted IoT frameworks but the trust deficit and privacy concerns limit its utilization among the masses. Along with privacy protection, content authentication is an important requirement in a number of critical applications and fragile watermarking provides an effective solution. However, existing fragile watermarking techniques lack the accuracy of tamper detection and hence are not reliable enough in terms of security and privacy of the data. This paper presents a novel low-complexity block-based fragile watermarking technique with high security against cyber-security attacks. This is achieved by embedding a fragile watermark in the host image using pixel domain blocking approach. The security of embedded watermark has been taken care of by using Cellular Automata and DNA based ENcryption (CADEN) framework to scramble the watermark bits using various secret keys. Experimental investigations show that besides being highly secure, the proposed technique is fragile to various signal processing and geometric attacks. The comparative analysis shows that the proposed scheme, despite having lower complexity, offers better efficiency in terms of imperceptibility, tamper detection and localization compared to other state-of-the-art techniques. Besides, the fragile watermark embedding makes the system capable to preserve the secret information in case of an attack with an average BER of 40%.

Cybersecurity Challenges in Healthcare

Cyber security attacks evidence has shown that many sectors and industries are still at an insufficient level of readiness to counter these threats, including healthcare organizations and the entire healthcare industry. The COVID-19 pandemic has additionally launched the issue of cyber protection of healthcare systems and connected medical and other devices as well as modern IT components, which are often the entry point for attackers against healthcare organizations. With the aim of a systematic approach to cyber security in healthcare organizations, this article comprehensively presents cyber risks and possible consequences of attacks in the context of healthcare organization services, as well as identifies the five most important cyber security challenges and provides recommendations for establishing protection mechanisms in line with best practices.

Analysis of cyber security knowledge gaps based on cyber security body of knowledge

Due to the increasing number of cyber incidents and overwhelming skills shortage, it is required to evaluate the knowledge gap between cyber security education and industrial needs. As such, the objective of this study is to identify the knowledge gaps in cyber security graduates who join the cyber security workforce. We designed and performed an opinion survey by using the Cyber Security Knowledge Areas (KAs) specified in the Cyber Security Body of Knowledge (CyBOK) that comprises 19 KAs. Our data was gathered from practitioners who work in cyber security organizations. The knowledge gap was measured and evaluated by acknowledging the assumption for employing sequent data as nominal data and improved it by deploying chi-squared test. Analyses demonstrate that there is a gap that can be utilized to enhance the quality of education. According to acquired final results, three key KAs with the highest knowledge gap are Web and Mobile Security, Security Operations and Incident Management. Also, Cyber-Physical Systems (CPS), Software Lifecycles, and Vulnerabilities are the knowledge areas with largest difference in perception of importance between less and more experienced personnel. We discuss several suggestions to improve the cyber security curriculum in order to minimize the knowledge gaps. There is an expanding demand for executive cyber security personnel in industry. High-quality university education is required to improve the qualification of upcoming workforce. The capability and capacity of the national cyber security workforce is crucial for nations and security organizations. A wide range of skills, namely technical skills, implementation skills, management skills, and soft skills are required in new cyber security graduates. The use of each CyBOK KA in the industry was measured in response to the extent of learning in university environments. This is the first study conducted in this field, it is considered that this research can inspire the way for further researches.

The Work-Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures

The assumption that a cyberattacker will potentially exploit all present vulnerabilities drives most modern cyber risk management practices and the corresponding security investments. We propose a new attacker model, based on dynamic optimization, where we demonstrate that large, initial, fixed costs of exploit development induce attackers to delay implementation and deployment of exploits of vulnerabilities. The theoretical model predicts that mass attackers will preferably (i) exploit only one vulnerability per software version, (ii) largely include only vulnerabilities requiring low attack complexity, and (iii) be slow at trying to weaponize new vulnerabilities . These predictions are empirically validated on a large data set of observed massed attacks launched against a large collection of information systems. Findings in this article allow cyber risk managers to better concentrate their efforts for vulnerability management, and set a new theoretical and empirical basis for further research defining attacker (offensive) processes.

Implementation of 'Smishing Detector': An Efficient Model for Smishing Detection Using Neural Network

Neural network creates a neuron-based network similar to the human nervous system to solve classification problems efficiently. The smishing problem is a binary classification problem in which attackers target smartphone users through text messages. As smishing is a remarkable cybersecurity issue that is troubling researchers and smartphone users these days. Addressing this security issue using the most efficient algorithm is the need of the hour. This manuscript presented an algorithm for the model proposed by authors in 'Smishing Detector' model and implemented it using Neural Network. The result obtained proves that the neural network is much efficient in detecting smishing problem. Neural Network outperformed other machine learning algorithms with a difference of 1.11%. Neural Network performed with the final accuracy of 97.40%. In this paper, system extracted the most efficient features of smishing SMS (Short Message Service) using the Neural Network. This manuscript also reported the accuracy shown by the system for each feature selected and implemented. It is evident from the implementation that each feature selected is most effective in smishing detection and URL (Uniform Resource Locator) feature is the most effective feature with an accuracy of 94%.

Hornet 40: Network dataset of geographically placed honeypots

Deception technologies, and honeypots in particular, have been used for decades to understand how cyber attacks and attackers work. A myriad of factors impact the effectiveness of a honeypot. However, very few is known about the impact of the geographical location of honeypots on the amount and type of attacks. Hornet 40 is the first dataset designed to help understand how the geolocation of honeypots may impact the inflow of network attacks. The data consists of network flows in binary and text format, with up to 118 features, including 480 bytes of the content of each flow. They were created using the Argus flow collector. The passive honeypots are IP addresses connected to the Internet and do not have any honeypot software running, so attacks are not interactive. The data was collected from identically configured honeypot servers in eight locations: Amsterdam, Bangalore, Frankfurt, London, New York, San Francisco, Singapore, and Toronto. The dataset contains over 4.7 million network flows collected during forty days throughout April, May, and June 2021.

An intelligent cyber security phishing detection system using deep learning techniques

Recently, phishing attacks have become one of the most prominent social engineering attacks faced by public internet users, governments, and businesses. In response to this threat, this paper proposes to give a complete vision to what Machine learning is, what phishers are using to trick gullible users with different types of phishing attacks techniques and based on our survey that phishing emails is the most effective on the targeted sectors and users which we are going to compare as well. Therefore, more effective phishing detection technology is needed to curb the threat of phishing emails that are growing at an alarming rate in recent years, thus will discuss the techniques of mitigation of phishing by Machine learning algorithms and technical solutions that have been proposed to mitigate the problem of phishing and valuable awareness knowledge users should be aware to detect and prevent from being duped by phishing scams. In this work, we proposed a detection model using machine learning techniques by splitting the dataset to train the detection model and validating the results using the test data , to capture inherent characteristics of the email text, and other features to be classified as phishing or non-phishing using three different data sets, After making a comparison between them, we obtained that the most number of features used the most accurate and efficient results achieved. the best ML algorithm accuracy were 0.88, 1.00, and 0.97 consecutively for boosted decision tree on the applied data sets.

A dataset for accounting, finance and economics research on US data breaches

This data article describes a dataset of data breaches in US listed firms over a ten-year period. Data breaches represent major events that pose serious challenges to organisations. The number of incidents has been on the increase over the last decade and this has attracted the interest of the media, consumers and regulators. While there is a well-established literature on cybersecurity in Computer Science and Information Systems journals, studies exploring the economic and business impacts of data breaches represent a relatively recent phenomenon. There is a nascent but fast-growing literature in accounting, finance and economics that focuses on the financial impacts of data breaches and this dataset provides a useful resource for future studies in this space. By providing data on the company identifier, the type of breach, the dates of breach disclosure, and relates these dates to the company's fiscal year, the dataset can be merged quickly with existing accounting and finance datasets. The dataset includes data on 506 incidents over a ten-year period thereby enabling cross-sectional and longitudinal analyses.

Recurrent autonomous autoencoder for intelligent DDoS attack mitigation within the ISP domain

The continuous advancement of DDoS attack technology and an increasing number of IoT devices connected on 5G networks escalate the level of difficulty for DDoS mitigation. A growing number of researchers have started to utilise Deep Learning algorithms to improve the performance of DDoS mitigation systems. Real DDoS attack data has no labels, and hence, we present an intelligent attack mitigation (IAM) system, which takes an ensemble approach by employing Recurrent Autonomous Autoencoders (RAA) as basic learners with a majority voting scheme. The RAA is a target-driven, distributionenabled, and imbalanced clustering algorithm, which is designed to work with the ISP's blackholing mechanism for DDoS flood attack mitigation. It can dynamically select features, decide a reference target (RT), and determine an optimal threshold to classify network traffic. A novel Comparison-Max Random Walk algorithm is used to determine the RT, which is used as an instrument to direct the model to classify the data so that the predicted positives are close or equal to the RT. We also propose Estimated Evaluation Metrics (EEM) to evaluate the performance of unsupervised models. The IAM system is tested with UDP flood, TCP flood, ICMP flood, multi-vector and a real UDP flood attack data. Additionally, to check the scalability of the IAM system, we tested it on every subdivided data set for distributed computing. The average Recall on all data sets was above 98%.

DReLAB - Deep REinforcement Learning Adversarial Botnet: A benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems

We present the first dataset that aims to serve as a benchmark to validate the resilience of botnet detectors against adversarial attacks. This dataset includes realistic adversarial samples that are generated by leveraging two widely used Deep Reinforcement Learning (DRL) techniques. These adversarial samples are proved to evade state of the art detectors based on Machine- and Deep-Learning algorithms. The initial corpus of malicious samples consists of network flows belonging to different botnet families presented in three public datasets containing real enterprise network traffic. We use these datasets to devise detectors capable of achieving state-of-the-art performance. We then train two DRL agents, based on Double Deep Q-Network and Deep Sarsa, to generate realistic adversarial samples: the goal is achieving misclassifications by performing small modifications to the initial malicious samples. These alterations involve the features that can be more realistically altered by an expert attacker, and do not compromise the underlying malicious logic of the original samples. Our dataset represents an important contribution to the cybersecurity research community as it is the first including thousands of automatically generated adversarial samples that are able to thwart state of the art classifiers with a high evasion rate. The adversarial samples are grouped by malware variant and provided in a CSV file format. Researchers can validate their defensive proposals by testing their detectors against the adversarial samples of the proposed dataset. Moreover, the analysis of these samples can pave the way to a deeper comprehension of adversarial attacks and to some sort of explainability of machine learning defensive algorithms. They can also support the definition of novel effective defensive techniques.

Dataset of intrusion detection alerts from a sharing platform

The dataset contains intrusion detection alerts obtained via an alert sharing platform (SABU) for one week. A plethora of heterogeneous intrusion detection systems deployed across several organizations contributed to the sharing platform. The alerts are stored in the intrusion Detection Extensible Alert (IDEA) format and categorized using the eCSIRT.net Incident Taxonomy. Dataset can be used in several areas of cybersecurity research for the analysis of intrusion detection alerts including temporal and spatial correlations, reputation scoring, attack scenario reconstruction, and attack projection. The network identifiers (e.g., IP addresses, hostnames) are anonymized. However, the list of interesting features (e.g., presence on blacklists, geolocation) of such entities at the time of data collection is provided.

[Complete information technology blackout in hospitals : Development of a concept for maintaining patient care]

The complete blackout of information technology (IT) in a hospital represents a major incident with acute loss of functionality. The immediate consequence is a rapidly progressive loss of treatment capacity. The major priority for the acute management of such an event is to keep patients safe and prevent life-threatening situations. A possibility to channel the uncontrolled loss of treatment capacity in order to achieve the aforementioned protective target is the immediate organization of an analog system for baseline emergency medical care. The switch over from a fully operational routinely functioning system to a reduced emergency state occurs daily in hospitals (night shift, weekends, public holidays) and reflects the controlled reduction of the treatment capacity. This process and the procedures associated with it are universally known, the functions are clearly defined and planned in advance by duty rotas and the interplay of clinics in the organizational schedule is regulated in detail. In order to accomplish this strategy analog instruments are necessary. These must all be conceived, established, practiced and evaluated in advance with the clinics and departments. Ultimately, all isolated IT blackout concepts must be amalgamated into a compatible and functioning total framework. This structure must be maintained for as long as a partially or totally functioning IT has been reinstated.

Transforming Healthcare Cybersecurity from Reactive to Proactive: Current Status and Future Recommendations

The recent rise in cybersecurity breaches in healthcare organizations has put patients' privacy at a higher risk of being exposed. Despite this threat and the additional danger posed by such incidents to patients' safety, as well as operational and financial threats to healthcare organizations, very few studies have systematically examined the cybersecurity threats in healthcare. To lay a firm foundation for healthcare organizations and policymakers in better understanding the complexity of the issue of cybersecurity, this study explores the major type of cybersecurity threats for healthcare organizations and explains the roles of the four major players (cyber attackers, cyber defenders, developers, and end-users) in cybersecurity. Finally, the paper discusses a set of recommendations for the policymakers and healthcare organizations to strengthen cybersecurity in their organization.

Cyber security education is as essential as "the three R's"

Smartphones have diffused rapidly across South African society and constitute the most dominant information and communication technologies in everyday use. That being so, it is important to ensure that all South Africans know how to secure their smart devices. Doing so requires a high level of security awareness and knowledge. As yet, there is no formal curriculum addressing cyber security in South African schools. Indeed, it seems to be left to universities to teach cyber security principles, and they currently only do this when students take computing-related courses. The outcome of this approach is that only a very small percentage of South Africans, i.e. those who take computing courses at university, are made aware of cyber security risks and know how to take precautions. In this paper we found that, because this group is overwhelmingly male, this educational strategy disproportionately leaves young South African women vulnerable to cyber-attacks. We thus contend that cyber security ought to be taught as children learn the essential “3 Rs”—delivering requisite skills at University level does not adequately prepare young South Africans for a world where cyber security is an essential skill. Starting to provide awareness and knowledge at primary school, and embedding it across the curriculum would, in addition to ensuring that people have the skills when they need them, also remove the current gender imbalance in cyber security awareness.

Effectiveness of and user preferences for security awareness training methodologies

Phishing is a primary vector used in cyber-attacks, and current technical measures are not sufficient to reduce their success to an acceptable level. Empowering users to identify phishing emails is crucial; thus, anti-phishing training is essential. We investigate participant phishing susceptibility in a 2 × 2 mixed factorial design to determine if instructor-led classroom training, in addition to a multiple approach video-, game-, and text-based training package, offers a significant difference in susceptibility reduction compared with the absence of classroom training. The results suggest an insignificant improvement in reducing phishing susceptibility by incorporating classroom training. Furthermore, we observe a significant preference from the participants for one training method (i.e., classroom training) only if a decision for one particular method was required.

Personal Authentication Mechanism Based on Finger Knuckle Print

For authentication purposes, the identification and verification of a user is done by biometric traits like finger print, face, iris and gait, etc. Among the various traits finger print is mostly used in commercial applications for recognizing user's identity. The other hand based modalities such as vein, and finger knuckle are gaining importance. This paper proposes a methodology for secure biometrics authentication using Finger Knuckle Print (FKP). The texture patterns from finger knuckle are extracted using Gabor with Exception-Maximization (EM) algorithm and the feature vectors from these texture patterns are acquired using Scale Invariant Feature Transform (SIFT) algorithm. The main focus is to reduce the false rejection rate without increasing the false acceptance rate and to improve the performance over the conventional hand based modalities. The performance is compared with Genuine Acceptance Rate (GAR) and False Rejection Rate (FRR). One of the advantages of FKP authentication is its user friendliness in data collection.

Improving Student Engagement in the Study of Professional Ethics: Concepts and an Example in Cyber Security

In spite of the acknowledged importance of professional ethics, technical students often show little enthusiasm for studying the subject. This paper considers how such engagement might be improved. Four guiding principles for promoting engagement are identified: (1) aligning teaching content with student interests; (2) taking a pragmatic rather than a philosophical approach to issue resolution; (3) addressing the full complexity of real-world case studies; and (4) covering content in a way that students find entertaining. The use of these principles is then discussed with respect to the specific experience of developing and presenting a master's module in Ethical and Legal Issues in Cyber Security at Queens University Belfast. One significant aspect of the resulting design is that it encourages students to see ethical issues in systemic terms rather than from an individual perspective, with issues emerging from a conflict between different groups with different vested interests. Case studies are used to examine how personal and business priorities create conflicts that can lead to negative press, fines and punitive legal action. The module explores the reasons why organisations may be unaware of the risks associated with their actions and how an inappropriate response to an ethical issue can significantly aggravate a situation. The module has been delivered in three successive years since 2014 and been well received on each occasion. The paper describes the design of the module and the experience of delivering it, concluding with a discussion of the effectiveness of the approach.

Dependability enhancing mechanisms for integrated clinical environments

In this article, we present a set of lightweight mechanisms to enhance the dependability of a safety-critical real-time distributed system referred to as an integrated clinical environment (ICE). In an ICE, medical devices are interconnected and work together with the help of a supervisory computer system to enhance patient safety during clinical operations. Inevitably, there are strong dependability requirements on the ICE. We introduce a set of mechanisms that essentially make the supervisor component a trusted computing base, which can withstand common hardware failures and malicious attacks. The mechanisms rely on the replication of the supervisor component and employ only one input-exchange phase into the critical path of the operation of the ICE. Our analysis shows that the runtime latency overhead is much lower than that of traditional approaches.

Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace

Conceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safety-related, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, adversarial agents (attackers) may be at least as important when it comes to undesirable effects of deployed technologies. In such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies.

On Textual Analysis and Machine Learning for Cyberstalking Detection

Cyber security has become a major concern for users and businesses alike. Cyberstalking and harassment have been identified as a growing anti-social problem. Besides detecting cyberstalking and harassment, there is the need to gather digital evidence, often by the victim. To this end, we provide an overview of and discuss relevant technological means, in particular coming from text analytics as well as machine learning, that are capable to address the above challenges. We present a framework for the detection of text-based cyberstalking and the role and challenges of some core techniques such as author identification, text classification and personalisation. We then discuss PAN, a network and evaluation initiative that focusses on digital text forensics, in particular author identification.

Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment

Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation’s electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments.