Towards a framework for securing a business against electronic identity theft

Bechan, Upasna

30 November 2008

The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems)

Phishing

Identity theft

Standards

Qualitative

Design science

ISO/IEC 17799

Interviews

Framework

Security

005.8

Phishing

Identity theft

Identity theft -- Prevention

Identity theft -- Prevention

Computer -- Access control

Using Student Characteristics to Predict the Persistence of Community College Students in Online Courses

Harrell II., Ivan L.

Unknown Date

This study examined how student characteristics could be used to predict whether or not a community college student would persist in an online course. The research question guiding the study was, “Which student characteristics can be used to best predict the persistence of community college students in online courses?” The student characteristics examined were learning style, locus of control, computer experience and access, previous online experience and demographics. A survey instrument consisting of two previously developed instruments and a Computer Experience scale that was created by the researcher specifically for this study, was administered to online students at one Florida community college for the pilot study and five additional Florida community colleges for the full study. Confirmatory and exploratory factor analysis were conducted on the computer experience scale to determine if there was an underlying hidden structure. Stepwise logistic regression was completed to determine the student characteristics that were significant predictors of online persistence, as well as an equation that could be used to predict whether or not a community college student would persist in an online course. Confirmatory and exploratory factor analysis revealed that the Computer Experience scale consisted of three underlying subscales. The researcher named the three subscales based on the similarities of the variables that were associated with each factor: Factor one (basic computer skills); Factor two (Internet/email skills); Factor three (interactive computing skills). Three of the initial 25 predictor variables were found to be significant predictors of community college online persistence: GPA, auditory learning style, basic computer skills. An increase in both auditory learning style and basic computer skills was associated with a decrease in the odds of course persistence. On the other hand, an increase in GPA was associated with an increase in the odds of course persistence. Additionally, an equation to predict whether or not an online community college student would persist in an online course was developed. Implications for community college administrators as well as recommendations for future studies are also provided in the study. / Dissertation / PhD

Applications Of Machine Learning To Anomaly Based Intrusion Detection

Phani, B

07 1900

This thesis concerns anomaly detection as a mechanism for intrusion detection in a machine learning framework, using two kinds of audit data : system call traces and Unix shell command traces. Anomaly detection systems model the problem of intrusion detection as a problem of self-nonself discrimination problem. To be able to use machine learning algorithms for anomaly detection, precise definitions of two aspects namely, the learning model and the dissimilarity measure are required. The audit data considered in this thesis is intrinsically sequential. Thus the dissimilarity measure must be able to extract the temporal information in the data which in turn will be used for classification purposes. In this thesis, we study the application of a set of dissimilarity measures broadly termed as sequence kernels that are exclusively suited for such applications. This is done in conjunction with Instance Based learning algorithms (IBL) for anomaly detection. We demonstrate the performance of the system under a wide range of parameter settings and show conditions under which best performance is obtained. Finally, some possible future extensions to the work reported in this report are considered and discussed.

Intrusion Detection

Cryptography

Computer Access Control

Machine Learning

Sequence Kernel

Anomaly Detection

Data Mining

System Call Traces

Intrusion Detection Systems (IDS)

Computer Science

Recovery From DoS Attacks In MIPv6 : Modelling And Validation

Kumar, Manish C

03 1900

Denial-of-Service (DoS) attacks form a very important category of security threats that are possible in MIPv6 (Mobile Internet Protocol version 6). This thesis proposes a scheme for participants (Mobile Node, Home Agent, and Correspondent Node) in MIPv6 to recover from DoS attacks in the event of any of them being subjected to a DoS attack. We propose a threshold based scheme for participants in MIPv6 to detect presence of DoS attacks and to recover from DoS attacks in the event of any of them being subjected to a DoS attack. This is achieved using an infrastructure for MIPv6 that makes such a solution practical even in the absence of IPsec infrastructure. We propose a protocol that uses concepts like Cryptographically Generated Addresses (CGA), short-term IP addresses using a Lamport hash like mechanism and a hierarchy based trust management infrastructure for key distribution. However, reasoning about correctness of such protocols is not trivial. In addition, new solutions to mitigate attacks may need to be deployed in the network on a frequent basis as and when attacks are detected, as it is practically impossible to anticipate all attacks and provide solutions in advance. This makes it necessary to validate solutions in a timely manner before deployment in real network. However, threshold schemes needed in group protocols make analysis complex. Model checking threshold-based group protocols that employ cryptography have been not successful so far. The testing in a real network or a test bed also will not be feasible if faster and frequent deployment of DoS mitigation solutions is needed. Hence, there is a need for an approach that lies between automated/manual verification and an actual implementation. It is evident from existing literature that not many simulations for doing security analysis of MIP/MIPv6 have been done. This research is a step in that direction. We propose a simulation based approach for validation using a tool called FRAMOGR [40] that supports executable specification of group protocols that use cryptography. FRAMOGR allows one to specify attackers and track probability distributions of values or paths. This work deals with simulation of DoS attacks and their mitigation solutions for MIP in FRAMOGR. This makes validation of solutions possible without mandating a complete deployment of the protocol to detect vulnerabilities in a solution. This does away with the need for a formal theoretical verification of a DoS mitigation solution. In the course of this work, some DoS attacks and recovery mechanisms are simulated and validated using FRAMOGR. We obtained encouraging results for the performance of the detection scheme. We believe that infrastructure such as FRAMOGR would be required in future for validating new group based threshold protocols that are needed for making MIPv6 more robust.

Mobile Internet Protocol

Computer Access Control

Computer Security

FRAMOGR

Denial-of-Service (DoS) Attacks

Communication Engineering

Die effek van vroeë rekenaarblootstelling en rekenaarervaring op die leesvaardigheid van graad 1-leerders / Myrtle Erasmus

Erasmus, Myrtle

January 2007

The modern computerised era in which we live means that all areas of society are subjected to information technology. Children are increasingly exposed to and have access to computers, which necessarily have an influence on their education and development. Seeing that children are the most receptive group when it comes to exposure to new technology, this may have enriching effects on computer literacy, which is often considered part of general literacy. With regards to literacy, reading is one of the skills which pose a high challenge. It is also a key skill that opens the world of information, as most information is received through reading. Any reading stimulation via electronic or printed media that encourages learners to read is considered to improve reading ability, reading speed, reading comprehension and phonetic awareness. The aim of this study was to determine whether there was a correlation between early computer exposure and experience (both computer access and use) and reading ability of grade 1 learners. In this study a one shot cross-sectional survey design was used. Schools with grade 1 learners in the Umvoti district of Kwa Zulu Natal were selected to participate in the study - stratified sampling was used. The grade 1 classes were selected on the basis of random sampling. The selected classes (N=4; 85 learners) participated 'intact' in the study. The data was analysed using descriptive as well as inferential statistics (e.g. MANCOVA). / Thesis (M.Ed.)--North-West University, Potchefstroom Campus, 2007.

Computer exposure

Computer experience

Computer literacy

Computer access

Frequency of using the computer

Reading ability

Phonetic awareness

Reading comprehension

Reading fluency

Reading speed

Grade 1-learners

Die effek van vroeë rekenaarblootstelling en rekenaarervaring op die leesvaardigheid van graad 1-leerders / Myrtle Erasmus

Erasmus, Myrtle

January 2007

The modern computerised era in which we live means that all areas of society are subjected to information technology. Children are increasingly exposed to and have access to computers, which necessarily have an influence on their education and development. Seeing that children are the most receptive group when it comes to exposure to new technology, this may have enriching effects on computer literacy, which is often considered part of general literacy. With regards to literacy, reading is one of the skills which pose a high challenge. It is also a key skill that opens the world of information, as most information is received through reading. Any reading stimulation via electronic or printed media that encourages learners to read is considered to improve reading ability, reading speed, reading comprehension and phonetic awareness. The aim of this study was to determine whether there was a correlation between early computer exposure and experience (both computer access and use) and reading ability of grade 1 learners. In this study a one shot cross-sectional survey design was used. Schools with grade 1 learners in the Umvoti district of Kwa Zulu Natal were selected to participate in the study - stratified sampling was used. The grade 1 classes were selected on the basis of random sampling. The selected classes (N=4; 85 learners) participated 'intact' in the study. The data was analysed using descriptive as well as inferential statistics (e.g. MANCOVA). / Thesis (M.Ed.)--North-West University, Potchefstroom Campus, 2007.

Computer exposure

Computer experience

Computer literacy

Computer access

Frequency of using the computer

Reading ability

Phonetic awareness

Reading comprehension

Reading fluency

Reading speed

Grade 1-learners

Towards a framework for securing a business against electronic identity theft

Bechan, Upasna

30 November 2008

The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems)

Phishing

Identity theft

Standards

Qualitative

Design science

ISO/IEC 17799

Interviews

Framework

Security

005.8

Phishing

Identity theft

Identity theft -- Prevention

Identity theft -- Prevention

Computer -- Access control

Web-based training in Public Administration in South Africa : principles and considerations

Van Jaarsveldt, Liza Ceciel

09 March 2004

The use of information technology for the delivery for educational programs is growing rapidly worldwide. In the United States of America and Australia the number of higher education institutions which are making use of online education to teach Public Administration is constantly increasing. Surveys done by the National Association of Schools for Public Administration and Affairs (NASPAA) in the United States of America found heightened interest in distance education. In 1995 it was found by NASPAA that Public Administration was offered by 12% of higher educational institutions to students online. One year later the number had increased to 24%. The last NASPAA survey in 2000 showed an increase of 39%. It is possible for students in the United States of America and Australia to complete a Public Administration degree online. However, in South Africa the use of web-based training for the delivery of Public Administration as a science discipline is still under utilised. It was found that only six, or 20% of the higher educational institutions offering Public Administration to students in South Africa, made use of web-based training in 2002. This compares poorly with the United States of America and Australia. Due to distance, time and financial constraints it therefore becomes difficult for officials or students interested in government related studies, to travel to a university or even to take the necessary three years to study for a Public Administration degree. Web-based training programmes should provide the opportunity to address these problems. By redesigning the content of Public Administration courses to be completed on the World Wide Web, higher educational institutions in South Africa should be able to reach more students, than would normally be the case. Although South Africa is the best developed of all the African countries with regard to the use of information and communication technology (ICT), South Africa still experience some limitations. These limitations include access to computers, infrastructural development, telephone line connectivity, and in may cases access to electricity. / Dissertation (MA (Public Administration))--University of Pretoria, 2005. / School of Public Management and Administration (SPMA) / Unrestricted

Internet

Infrastructure

Development

Online education

Computer

Computer literacy

Telematic teaching

Computer access

Public administration

World wide web

Information and communication technology

Web-based training

UCTD

Distributed Joint Source-Channel Coding For Multiple Access Channels

Rajesh, R

05 1900

We consider the transmission of correlated sources over a multiple access channel(MAC). Multiple access channels are important building blocks in many practical communication systems, e.g., local area networks(LAN), cellular systems, wireless multi-hop networks. Thus this topic has been studied for last several decades. One recent motivation is estimating a random field via wireless sensor networks. Often the sensor nodes are densely deployed resulting in correlated observations. These sensor nodes need to transmit their correlated observations to a fusion center which uses this data to estimate the sensed random field. Sensor nodes have limited computational and storage capabilities and very limited energy. Since transmission is very energy intensive, it is important to minimize it. This motivates our problem of energy efficient transmission of correlated sources over a sensor network. Sensor networks are often arranged in a hierarchical fashion. Neighboring nodes can first transmit their data to a cluster head which can further compress information before transmission to the fusion center. The transmission of data from sensor nodes to their cluster-head is usually through a MAC. At the fusion center the underlying physical process is estimated. The main trade-off possible is between the rates at which the sensors send their observations and the distortion incurred in estimation at the fusion center. The availability of side information at the encoders and/or the decoder can reduce the rate of transmission. In this thesis, the above scenario is modeled as an information theoretic problem. Efficient joint source-channel codes are discussed under various assumptions on side information and distortion criteria. Sufficient conditions for transmission of discrete/continuous alphabet sources with a given distortion over a discrete/continuous alphabet MAC are given. We recover various previous results as special cases from our results. Furthermore, we study the practically important case of the Gaussian MAC(GMAC) in detail and propose new joint source-channel coding schemes for discrete and continuous sources. Optimal schemes are identified in different scenarios. The protocols like TDMA, FDMA and CDMA are widely used across systems and standards. When these protocols are used the MAC becomes a system of orthogonal channels. Our general conditions can be specialized to obtain sufficient conditions for lossy transmission over this system. Using this conditions, we identify an optimal scheme for transmission of Gaussian sources over orthogonal Gaussian channels and show that the Amplify and Forward(AF) scheme performs close to the optimal scheme even at high SNR. Next we investigate transmission of correlated sources over a fast fading MAC with perfect or partial channel state information available at both the encoders and the decoder. We provide sufficient conditions for transmission with given distortions. We also provide power allocation policies for efficient transmission. Next, we use MAC with side information as a building block of a hierarchical sensor network. For Gaussian sources over Gaussian MACs, we show that AF performs well in such sensor network scenarios where the battery power is at a premium. We then extend this result to the hierarchical network scenario and show that it can perform favourably to the Slepian-Wolf based source coding and independent channel coding scheme. In a hierarchical sensor network the cluster heads often need to send only a function of the sensor observations to the fusion center. In such a setup the sensor nodes can compress the data sent to the cluster head exploiting the correlation in the data and also the structure of the function to be computed at the cluster head. Depending upon the function, exploiting the structure of the function can substantially reduce the data rate for transmission. We provide efficient joint source-channel codes for transmitting a general class of functions of the sources over the MAC.

Cryptography

Computer Access Control

Coding Theory

Multiple Access Channel (MAC)

Gaussian Multiple Access Channels

Multihop Network

Orthogonal Channels

Wireless Sensor Networks

Channels (Data Transmission)

Multichannel Communication

Joint Source-Channel Coding

Orthogonal Gaussian Channels

Communication Engineering

Examination of Factors that Influence Computer Technology Use for Classroom Instruction by Teachers in Ohio Public High Schools

Latio, Gambu Wani

06 August 2009

No description available.

Education

Teacher Education

Teaching

Technology

Computer use for learning

computer technology integration

Computer access

calssroom computers

computer availability

classroom computer ratio

teacher computer attitde

Computer proficiency

perceived computer value

classroom computer use