ABSTRACT
The COVID-19 pandemic has increased demand for face mask detection systems that utilize deep learning and machine learning algorithms. However, these systems are susceptible to adversarial attacks, where an attacker can manipulate the system to make incorrect predictions. This study aimed to test the vulnerability of a deep learning-based face mask detection model to a specific type of attack called a black box adversarial attack in which the attacker possesses only partial information about the target model. The study's findings showed that the attack successfully reduced the model's accuracy from 96.48% to 49.25%. This emphasizes the need for more robust defense mechanisms in face mask detection systems to ensure their reliability. © 2023 Bharati Vidyapeeth, New Delhi.
ABSTRACT
One of the most crucial considerations, when considering security vulnerabilities, is network traffic. There is still potential for more research on the inter-arrival time side, even though some studies concentrate on network traffic from the perspective of the packet fields such as packet length and packet number. Inter-arrival timings are crucial to investigate because there are numerous attacks, such as Covert Timing Channels attacks, that heavily rely on them. In this article, we conduct a statistical analysis of the TCP inter-arrival times of two major key streaming programs (Zoom and Skype), which are frequently used, particularly during and following the COVID-19 pandemic. Using two internet-connected devices and the statistical measures of TCP, a dataset of 18,371 instances is created for this use. Five machine learning algorithms are evaluated on balanced and imbalanced forms of the dataset. The results revealed that the traffic of Zoom and Skype calls can be identified by machine learning algorithms with an accuracy of up to 99% by random forest. © 2022 IEEE.
ABSTRACT
Incident reports show the high risk of losing trust in global supply chain management. Under the covid-19 pandemic, cloud-based global supply chains have been vulnerable to malicious attacks. The goal of this paper is to show the high risk caused by third-party access in the current global supply chains and how to mitigate it. Based on the incident reports, global supply chain leaders are unaware of the risks of third-party access. The current global supply chains must be transformed into robust and resilient systems against malicious attacks. This paper shows methods on how to mitigate the high-security risk. HIGHLIGHTS Incident reports show the high risk of losing trust in global supply chain management against malicious attacks. The high risk caused by third-party access in the current global supply chains will be illustrated. Global supply chain leaders are unaware of the risks of third-party access. The global supply chains must be transformed into robust systems. This paper shows methods on how to mitigate the high-security risk in third-party logistics. The lower the risk, the lower the chance of losing trust. The more a leader is aware of the high risks, the less likely he or she is to lose trust. Incident reports show the high risk of losing trust in global supply chain management against malicious attacks.The high risk caused by third-party access in the current global supply chains will be illustrated.Global supply chain leaders are unaware of the risks of third-party access. The global supply chains must be transformed into robust systems.This paper shows methods on how to mitigate the high-security risk in third-party logistics.The lower the risk, the lower the chance of losing trust. The more a leader is aware of the high risks, the less likely he or she is to lose trust. [ FROM AUTHOR] Copyright of Journal of Applied Security Research is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full . (Copyright applies to all s.)
ABSTRACT
Since the advent of COVID-19, most schools and universities have adopted online courses to reduce the spread of the virus. However, they failed to address security issues adequately in a rush to embrace digital learning platforms. Unfortunately, the platforms used for online courses collect and generate data that attracts hackers. Also, cyberattacks have been increasing since the advent of COVID-19. Therefore, it is essential to outline digital learning spaces' security issues to find solutions to ensure learners' and teachers' safety. This paper discusses vulnerabilities and cyberattacks and their impacts on digital learning spaces. We used the classification of the most common web application vulnerabilities presented by the Open Web Application Security Project (OWASP) and Common Weakness Enumeration (CWE). In addition to the technical risks, this paper also highlights management and user operational risks caused by human errors and ignorance. Furthermore, we performed a comparative study on the vulnerabilities of the most used Learning management Systems (LMS) and video conferencing tools. The study revealed that Moodle is the most vulnerable to attacks, Blackboard is the most secure among LMSs, and Zoom is the most secure among video conferencing tool. © 2021 IEEE.
ABSTRACT
Digital Contact-tracing through mobile applications require gathering of location and other personal information of an individual by the government or private organizations and became an essential solution for moderating the pandemic and slackening lockdown measures. However, the moral and legal boundaries for such privacy-sensitive information reconnaissance procedure and the ambiguity in the security measures of such technologies has gained controversial reputation.In this work, we performed static profiling of 10 different Android Contact-tracing applications, developed by the health departments of 10 different states within the United States and studied possible security threats posed by them. To the best of our knowledge, our work is the first to heuristically analyze the users' attitude towards these applications to understand the user-perceived contribution of these apps towards their well-being. We collected user feedback for each of the apps and trained a logistic regression classifier on cleaned, pre-processed and vectorized texts to identify positive or negative outlook towards these apps. Using the confusion matrix, our predictive model showed up to 85% accuracy, 94% precision, 93% recall and 83% f1 score. in predicting the sentiments. The sentiment prediction shows, users in some states did find the apps to be helpful where some other states found them wasteful. Whereas, our static analysis shows none of the apps are malicious themselves but all of them request permission that can be abused to gain escalated privileges. © 2021 IEEE.
ABSTRACT
Background: Cyber security has turned out to be one of the main challenges of recent years. As the variety of system and application vulnerabilities has increased dramatically in recent years, cyber attackers have managed to penetrate the networks and infrastructures of larger numbers of companies, thus increasing the latter’s exposure to cyber threats. To mitigate this exposure, it is crucial for CISOs to have sufficient training and skills to help them identify how well security controls are managed and whether these controls offer the company sufficient protection against cyber threats, as expected. However, recent literature shows a lack of clarity regarding the manner in which the CISOs’ role and the companies’ investment in their skills should change in view of these developments. Therefore, the aim of this study is to investigate the relationship between the CISOs’ level of cyber security-related preparation to mitigate cyber threats (and specifically, the companies’ attitudes toward investing in such preparation) and the recent evolution of cyber threats. Methods: The study data are based on the following public resources: (1) recent scientific literature;(2) cyber threat-related opinion news articles;and (3) OWASP’s reported list of vulnerabilities. Data analysis was performed using various text mining methods and tools. Results: The study’s findings show that although the implementation of cyber defense tools has gained more serious attention in recent years, CISOs still lack sufficient support from management and sufficient knowledge and skills to mitigate current and new cyber threats. Conclusions: The research outcomes may allow practitioners to examine whether the companies’ level of cyber security controls matches the CISOs’ skills, and whether a comprehensive security education program is required. The present article discusses these findings and their implications.