The Experts below are selected from a list of 153 Experts worldwide ranked by ideXlab platform
Juergen Rilling - One of the best experts on this subject based on the ideXlab platform.
-
ESEM - An ontology-based approach to automate tagging of software artifacts
2017 ACM IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2017Co-Authors: Sultan S. Alqahtani, Juergen RillingAbstract:Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management (e.g., prioritization), bug triage or capturing zero-day attack. Method: Propose a fully automated classification and tagging approach that can extract security tags from these texts without the need for manual training data. Results: We introduce an ontology based Software Security Tagger Framework that can automatically identify and classify Cybersecurity-related entities, and concepts in text of software artifacts. Conclusion: Our preliminary results indicate that the framework can successfully extract and classify Cybersecurity Knowledge captured in unstructured text found in software artifacts.
-
An Ontology-Based Approach to Automate Tagging of Software Artifacts
2017 ACM IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2017Co-Authors: Sultan S. Alqahtani, Juergen RillingAbstract:Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management (e.g., prioritization), bug triage or capturing zero-day attack. Method: Propose a fully automated classification and tagging approach that can extract security tags from these texts without the need for manual training data. Results: We introduce an ontology based Software Security Tagger Framework that can automatically identify and classify Cybersecurity-related entities, and concepts in text of software artifacts. Conclusion: Our preliminary results indicate that the framework can successfully extract and classify Cybersecurity Knowledge captured in unstructured text found in software artifacts.
Youki Kadobayashi - One of the best experts on this subject based on the ideXlab platform.
-
An empirical approach to phishing countermeasures through smart glasses and validation agents
IEEE Access, 2019Co-Authors: Jema David Ndibwile, Edith Talina Luhanga, Doudou Fall, Daisuke Miyamoto, Gregory Blanc, Youki KadobayashiAbstract:Phishing attacks have been persistent for more than two decades despite mitigation efforts from academia and industry. We believe that users fall victim to attacks not only because of lack of Knowledge and awareness, but also because they are not attentive enough to security indicators and visual abnormalities on the webpages they visit. This is also probably why smart device users, who have more limited screen size and device capabilities compared to desktop users, are three times more likely to fall victim to phishing attacks. To assert our claim, we first investigated general phishing awareness among different groups of smartphone users. We then used smart eyeglasses (electro-oculographic) to experimentally measure the mental effort and vigilance exhibited by users while surfing a website and while playing an Android phishing game that we developed. The results showed that Knowledge and awareness about phishing do not seem to have a significant impact on security behaviours, as Knowledgeable participants exhibited insecure behaviours such as opening email attachments from unfamiliar senders. However, attentiveness was important as even participants with low Cybersecurity Knowledge could effectively identify attacks if they were reasonably attentive. Based on these results, we asserted that users are more likely to continue falling victim to phishing attacks due to insecure behaviours, unless tools to lessen the identification burden are provided. We thus recommended implementing a lightweight algorithm into a custom Android browser for detecting phishing sites deceptively without a user interaction. We used fake login credentials as validation agents and monitor the destination server HTTP responses to determine the authenticity of a webpage. We also presented initial evaluation results of this algorithm.
-
AfriCHI - A comparative study of smartphone-user security perception and preference towards redesigned security notifications
Proceedings of the Second African Conference for Human Computer Interaction on Thriving Communities - AfriCHI '18, 2018Co-Authors: Jema David Ndibwile, Edith Talina Luhanga, Doudou Fall, Daisuke Miyamoto, Youki KadobayashiAbstract:In this paper, we conducted a survey of 206 smartphone users of different demographics in Japan and Tanzania, two countries with different security and privacy expectations, to analyse users' Cybersecurity Knowledge and attitudes. We studied password choices, smartphone lock behaviour, phishing awareness and attitudes towards public Wi-Fi. We also assessed the acceptability of our novel notification alert for smartphone OS security updates. We found that data privacy is equally important to the majority of participants, 70%, in both countries. However, most participants did not know the characteristics of a strong password for web applications despite being highly conscious of physical access security which was characterised by smartphone locking (78% of participants). We also found that phishing awareness in Tanzania is not satisfactory, with the majority of the participants, 78%, likely to open a link from an unknown email source, whereas in Japan only 32% are likely to do so. Participants in Japan were also slightly more likely to read terms and conditions when connecting to public Wi-Fi (36% vs. 27%). Our novel notification design which integrated security updates with other free information services seemed promising for increasing security awareness and update compliance. Participants were more willing to accept update notices that provided guidance on how-to to perform a required task than plain notices.
-
Reference Ontology for Cybersecurity Operational Information
The Computer Journal, 2014Co-Authors: Takeshi Takahashi, Youki KadobayashiAbstract:As our cyber society develops and expands, the importance of Cybersecurity operations is growing in response to Cybersecurity threats coming from beyond national borders. Efficient Cybersecurity operations require information exchanges that go beyond organizational borders. Various industry specifications defining information schemata for such exchanges are thus emerging. These specifications, however, define their own schemata since their objectives and the types of information they deal with differ, and desirable schemata differ depending on the purposes. They need to be organized and orchestrated so that individual organizations can fully exchange information and collaborate with one another. To establish the foundations of such orchestration and facilitate information exchanges, this paper proposes a reference ontology for Cybersecurity operational information. The ontology structures Cybersecurity information and orchestrates industry specifications. We built it from the standpoint of Cybersecurity operations in close collaboration with Cybersecurity organizations including security operation centers handling actual Cybersecurity operations in the USA, Japan and South Korea. This paper demonstrates its usability by discussing the coverage of industry specifications. It then defines an extensible information structure that collaborates with such specifications by using the ontology and describes a prototype Cybersecurity Knowledge base we constructed that facilitates Cybersecurity information exchanges among various parties. Finally, it discusses the usage scenarios of the ontology and Knowledge base in Cybersecurity operations. Through this work, we wish to contribute to the advancement of Cybersecurity information exchanges.
-
Reference Ontology for Cybersecurity Operational Information
Computer Journal, 2014Co-Authors: Takeshi Takahashi, Youki KadobayashiAbstract:As our cyber society develops and expands, the importance of Cybersecurity operations is growing in response to Cybersecurity threats coming from beyond national borders. Efficient Cybersecurity operations require information exchanges that go beyond organizational borders. Various industry specifications defining information schemata for such exchanges are thus emerging. These specifications, however, define their own schemata since their objectives and the types of information they deal with differ, and desirable schemata differ depending on the purposes. They need to be organized and orchestrated so that individual organizations can fully exchange information and collaborate with one another. To establish the foundations of such orchestration and facilitate information exchanges, this paper proposes a reference ontology for Cybersecurity operational information. The ontology structures Cybersecurity information and orchestrates industry specifications. We built it from the standpoint of Cybersecurity operations in close collaboration with Cybersecurity organizations including security operation centers handling actual Cybersecurity operations in the USA, Japan and South Korea. This paper demonstrates its usability by discussing the coverage of industry specifications. It then defines an extensible information structure that collaborates with such specifications by using the ontology and describes a prototype Cybersecurity Knowledge base we constructed that facilitates Cybersecurity information exchanges among various parties. Finally, it discusses the usage scenarios of the ontology and Knowledge base in Cybersecurity operations. Through this work, we wish to contribute to the advancement of Cybersecurity information exchanges. © 2014 The British Computer Society 2014.
Sultan S. Alqahtani - One of the best experts on this subject based on the ideXlab platform.
-
ESEM - An ontology-based approach to automate tagging of software artifacts
2017 ACM IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2017Co-Authors: Sultan S. Alqahtani, Juergen RillingAbstract:Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management (e.g., prioritization), bug triage or capturing zero-day attack. Method: Propose a fully automated classification and tagging approach that can extract security tags from these texts without the need for manual training data. Results: We introduce an ontology based Software Security Tagger Framework that can automatically identify and classify Cybersecurity-related entities, and concepts in text of software artifacts. Conclusion: Our preliminary results indicate that the framework can successfully extract and classify Cybersecurity Knowledge captured in unstructured text found in software artifacts.
-
An Ontology-Based Approach to Automate Tagging of Software Artifacts
2017 ACM IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), 2017Co-Authors: Sultan S. Alqahtani, Juergen RillingAbstract:Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management (e.g., prioritization), bug triage or capturing zero-day attack. Method: Propose a fully automated classification and tagging approach that can extract security tags from these texts without the need for manual training data. Results: We introduce an ontology based Software Security Tagger Framework that can automatically identify and classify Cybersecurity-related entities, and concepts in text of software artifacts. Conclusion: Our preliminary results indicate that the framework can successfully extract and classify Cybersecurity Knowledge captured in unstructured text found in software artifacts.
Ai-chin Lu - One of the best experts on this subject based on the ideXlab platform.
-
Designing a Cybersecurity Board Game Based on Design Thinking Approach
Innovative Mobile and Internet Services in Ubiquitous Computing, 2019Co-Authors: Shian-shyong Tseng, Tsung-yu Yang, Yuh-jye Wang, Ai-chin LuAbstract:In this paper, we propose an innovative board game design process to help students to design a Cybersecurity board game with a pre-designed board game tool kit, and help them to further learn Cybersecurity Knowledge by using the design thinking and learning-by-doing strategies. In the process, the board game design course will firstly be given, the CBR-based learning by doing scheme will then be provided for helping the students to develop a similar game by themselves, and finally a preliminary assessment including the questionnaire and the concept map testing will be conducted. The experimental results showed that the given appropriate learning scaffolding can guide students to stimulate the creativity and complete their own Cybersecurity board game in a short period of time. Besides, the questionnaire survey result also showed that about 80% of students are very interested in the board game design course, and that they can be able to understand the most frequent attacking techniques.
-
IMIS - Designing a Cybersecurity Board Game Based on Design Thinking Approach
Innovative Mobile and Internet Services in Ubiquitous Computing, 2018Co-Authors: Shian-shyong Tseng, Tsung-yu Yang, Yuh-jye Wang, Ai-chin LuAbstract:In this paper, we propose an innovative board game design process to help students to design a Cybersecurity board game with a pre-designed board game tool kit, and help them to further learn Cybersecurity Knowledge by using the design thinking and learning-by-doing strategies. In the process, the board game design course will firstly be given, the CBR-based learning by doing scheme will then be provided for helping the students to develop a similar game by themselves, and finally a preliminary assessment including the questionnaire and the concept map testing will be conducted. The experimental results showed that the given appropriate learning scaffolding can guide students to stimulate the creativity and complete their own Cybersecurity board game in a short period of time. Besides, the questionnaire survey result also showed that about 80% of students are very interested in the board game design course, and that they can be able to understand the most frequent attacking techniques.
Jatinder N. D. Gupta - One of the best experts on this subject based on the ideXlab platform.
-
Towards a Model of Social Media Impacts on Cybersecurity Knowledge Transfer
Cyber Security and Threats, 2020Co-Authors: Nainika Patnayakuni, Ravi Patnayakuni, Jatinder N. D. GuptaAbstract:Technical solutions to security have been suggested but found lacking and it has been recognized that security is a people issue as well, and behavioral research on information security is critical. Individual learning about Cybersecurity is not formal and linear, but complex and network based. In this paper we develop a model of how social media characteristics impact Cybersecurity Knowledge transfer using technology threat avoidance theory. In developing the conceptual model we seek to answer the following questions. How do users discover Cybersecurity Knowledge on social media platforms? What are the platform and interaction characteristics that enable them to find Cybersecurity Knowledge and share this Knowledge with others? In doing so we consider the impact of the threat and protection context on Cybersecurity Knowledge transfer which is different from Knowledge transfer in the other contexts.
-
Towards a Model of Social Media Impacts on Cybersecurity Knowledge Transfer: An Exploration
Harnessing Social Media as a Knowledge Management Tool, 2020Co-Authors: Nainika Patnayakuni, Ravi Patnayakuni, Jatinder N. D. GuptaAbstract:Technical solutions to security have been suggested but found lacking and it has been recognized that security is a people issue as well, and behavioral research on information security is critical. Individual learning about Cybersecurity is not formal and linear, but complex and network based. In this paper we develop a model of how social media characteristics impact Cybersecurity Knowledge transfer using technology threat avoidance theory. In developing the conceptual model we seek to answer the following questions. How do users discover Cybersecurity Knowledge on social media platforms? What are the platform and interaction characteristics that enable them to find Cybersecurity Knowledge and share this Knowledge with others? In doing so we consider the impact of the threat and protection context on Cybersecurity Knowledge transfer which is different from Knowledge transfer in the other contexts.
