Automatic identification and removal of low quality online information

Webb, Steve

17 November 2008

The advent of the Internet has generated a proliferation of online information-rich environments, which provide information consumers with an unprecedented amount of freely available information. However, the openness of these environments has also made them vulnerable to a new class of attacks called Denial of Information (DoI) attacks. Attackers launch these attacks by deliberately inserting low quality information into information-rich environments to promote that information or to deny access to high quality information. These attacks directly threaten the usefulness and dependability of online information-rich environments, and as a result, an important research question is how to automatically identify and remove this low quality information from these environments. The first contribution of this thesis research is a set of techniques for automatically recognizing and countering various forms of DoI attacks in email systems. We develop a new DoI attack based on camouflaged messages, and we show that spam producers and information consumers are entrenched in a spam arms race. To break free of this arms race, we propose two solutions. One solution involves refining the statistical learning process by associating disproportionate weights to spam and legitimate features, and the other solution leverages the existence of non-textual email features (e.g., URLs) to make the classification process more resilient against attacks. The second contribution of this thesis is a framework for collecting, analyzing, and classifying examples of DoI attacks in the World Wide Web. We propose a fully automatic Web spam collection technique and use it to create the Webb Spam Corpus -- a first-of-its-kind, large-scale, and publicly available Web spam data set. Then, we perform the first large-scale characterization of Web spam using content and HTTP session analysis. Next, we present a lightweight, predictive approach to Web spam classification that relies exclusively on HTTP session information. The final contribution of this thesis research is a collection of techniques that detect and help prevent DoI attacks within social environments. First, we provide detailed descriptions for each of these attacks. Then, we propose a novel technique for capturing examples of social spam, and we use our collected data to perform the first characterization of social spammers and their behaviors.

Denial of information

Email spam

Web spam

Social spam

Applied machine learning

Information security

Spam filtering (Electronic mail)

World Wide Web

Online social networks

Computer networks Security measures

W3 Trust Model (W3TM): a trust-profiling framework to assess trust and transitivity of trust of web-based services in a heterogeneous web environment

Yang, Yinan, Information Technology & Electrical Engineering, Australian Defence Force Academy, UNSW

January 2005

The growth of eCommerce is being hampered by a lack of trust between providers and consumers of Web-based services. While Web trust issues have been addressed by researchers in many disciplines, a comprehensive approach has yet to be established. This thesis proposes a conceptual trust-profiling framework???W3TF???which addresses issues of trust and user confidence through a range of new user-centred trust measures???trust categories, trust domains, transitivity of trust, fading factor analysis, standalone assessment, hyperlinked assessment and relevance assessment. While others now use the concept of transitivity of trust, it was first introduced by this research in 1998. The thesis also illustrates how W3TF can narrow the gap/disconnection between the hierarchical PKI trust environment and the horizontal Web referral environment. The framework incorporates existing measures of trust (such as Public Key Infrastructure), takes account of consumer perceptions by identifying trust attributes, and utilises Web technology (in the form of metadata), to create a practical, flexible and comprehensive approach to trust assessment. The versatility of the W3TF is demonstrated by applying it to a variety of cases from trust literature and to the hypothetical case study that provided the initial stimulus for this research. It is shown that the framework can be expanded to accommodate new trust attributes, categories and domains, and that trust can be ???weighed??? (and therefore evaluated) by using various mathematical formulae based on different theories and policies. The W3TF addresses identified needs, narrows the gaps in existing approaches and provides a mechanism to embrace current and future efforts in trust management. The framework is a generic form of trust assessment that can help build user confidence in an eCommerce environment. For service providers, it offers an incentive to create websites with a high number of desired trust attributes. For consumers, it enables more reliable judgments to be made. Hence, Web trust can be enhanced.

Computer security

consumer confidence

eCommerce

electronic commerce

electronic data interchange

metadata

online trust

online service providers

security measures

transitivity of trust

trust

trust-profiling framework

trust relationship

web services

Incremental learning of discrete hidden Markov models

Florez-Larrahondo, German,

January 2005

Thesis (Ph.D.) -- Mississippi State University. Department of Computer Science and Engineering. / Title from title screen. Includes bibliographical references.

A cost optimisation of preventative upkeep networks using the South African Navy as a case study

Truter, Albert Willem

04 1900

Thesis (MEng)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: The South African Navy (SAN) intends to reinstate Naval Station Durban (NSD) as a fully operational support base for a new class of Offshore Patrol Vessels (OPV’s) which the SAN intends to purchase. These acquisitions must be seen against the background of strategic and political considerations in general, and in particular threats to South Africa’s maritime security, due to the possibility of the piracy, along particularly the West African coast, reaching our territorial waters. The aim of this thesis is the development of a cost-optimization model, intended to provide optimal locations for the SAN’s support facilities, given the SAN’s operational obligations, present and future. In the first part, a literary review of facility location formulation and strategic management principles is an attempt to lay the foundations for the proposed model. The review of this literature is primarily based on extracts of the comprehensive research of other authors. Consequently, the research problem was contextualized and classified as a hierarchical location-allocation problem. The second part of the thesis aims to describe the SAN’s environment from a maritime security perspective. Within this framework, formulation was identified and modified to develop a theoretical mechanism to solve the research question. The final part will see the application of the developed model to a case study specific to the situation of the SAN. Validation of the inputs and the model itself proceeded in conjunction with the application of the model. The results and the model itself were validated through visual inspection and independent mathematical validation. This thesis comes to the conclusion that the SAN cannot cost-effectively meet its future obligations by splitting its maintenance capability between Naval Base Durban (NBD) and Naval Base Simon’s Town (NBS). Future research may build upon the results of this thesis in order to facilitate a more comprehensive optimization of preventative networks. / AFRIKAANSE OPSOMMING: Die Suid-Afrikaanse Vloot (SAV) beoog om die vlootstasie in Durban weer op te gradeer na ’n volwaardige vlootbasis vir die beoogde aanskaffing van ’n nuwe klas van patroleringsvaartuie. Die motivering vir die opgradering van Durban kom uit dieper strategiese en politieke behoeftes maar word tans toegeskryf aan plaaslike bedreigings van seerowery en die gevolglike verkryging van nuwe patrollievaartuie om hierdie bedreiging, onder meer, te bekamp. Die doel van hierdie meesters tesis, is om ’n koste optimerings model te vind, of te ontwikkel, wat optimale liggings vir ondersteunings fasilitieite sal lewer, gegewe die toekomstige of huidige verpligtinge van die SAV. Die eerste gedeelte van hierdie tesis bevat ’n literatuuroorsig van fasiliteitsligging-formulering en strategiese bestuursbeginsels. Hierdie literatuuroorsig beoog om die grondslag vir die voorgestelde model te lê. Die oorsig van sodanige literatuur is hoofsaaklik gebaseer op uittreksels uit veelomvattende opsommings deur ander outeurs. Gevolglik is die navorsingsprobleem gekontekstualiseer en geklassifiseer as ’n hiërargiese ligging-toekenningsprobleem. Die tweede deel van die tesis beoog om die omgewing van die SAV vanuit ’n maritieme sekuriteitsperspektief te beskryf. Binne hierdie raamwerk is formulering geïdentifiseer en só gemodifiseer om ’n teoretiese meganisme te ontwikkel om die navorsingsvraag op te los. Die finale deel pas die ontwikkelde model op die spesifieke situasie van die SAV toe. Validasie van die insette sowel as die model self is gedoen in samewerking met die toepassing van die model. Die resultate tesame met die model self is deeglik bekragtig deur visuele inspeksie en onafhanklike wiskundige validasie. Hierdie tesis het tot die gevolgtrekking gekom dat die SAV nie koste-effektief aan sy toekomstige operasionele verpligtinge sal kan voldoen met die verdeling van sy onderhoudsvermoë tussen ’n vlootbasis in Durban en Simonstad nie. Toekomstige navorsing kan op die resultate van hierdie tesis bou ten einde ’n meer omvattende optimalisering van voorkomende instandhoudingsnetwerke te fasiliteer.

South Africa. Navy -- Cost control

Shipping -- Security measures

Naval bases -- Cost effectiveness

Piracy -- Preventitive measures

Dissertations -- Industrial engineering

UCTD

Theses -- Industrial engineering

Hijacking of trucks with freight : a criminological analysis

Buys, Johannes Jacobus

11 1900

A considerable amount of research has been done regarding the hijacking of passenger vehicles. Little however, has been written on the hijacking of trucks with freight. The purpose of the research was to describe the nature, occurrence and extent of the hijacking of trucks with freight, the persons involved (this includes the victims and the offenders) and the impact these crimes have on the crime scene in South Africa. The research also aimed to develop a criminological model for prevention, based on the modus operandi of the offenders. Based on the theories explaining violent and economic crimes (e.g. anomie, differential association and sub-culture), an attempt was also made to explain the hijacking of trucks with freight. / Criminology and Security Science / M.A.

Criminological analysis

Trucks

Hijacking

364.15520968

Organized crime -- South Africa

Cargo theft -- South Africa

Automobile theft -- South Africa

Trucks -- South Africa

An investigation into information security practices implemented by Research and Educational Network of Uganda (RENU) member institution

Kisakye, Alex

06 November 2012

Educational institutions are known to be at the heart of complex computing systems in any region in which they exist, especially in Africa. The existence of high end computing power, often connected to the Internet and to research network grids, makes educational institutions soft targets for attackers. Attackers of such networks are normally either looking to exploit the large computing resources available for use in secondary attacks or to steal Intellectual Property (IP) from the research networks to which the institutions belong. Universities also store a lot of information about their current students and staff population as well as alumni ranging from personal to financial information. Unauthorized access to such information violates statutory requirement of the law and could grossly tarnish the institutions name not to mention cost the institution a lot of money during post-incident activities. The purpose of this study was to investigate the information security practices that have been put in place by Research and Education Network of Uganda (RENU) member institutions to safeguard institutional data and systems from both internal and external security threats. The study was conducted on six member institutions in three phases, between the months of May and July 2011 in Uganda. Phase One involved the use of a customised quantitative questionnaire tool. The tool - originally developed by information security governance task-force of EDUCAUSE - was customised for use in Uganda. Phase Two involved the use of a qualitative interview guide in a sessions between the investigator and respondents. Results show that institutions rely heavily on Information and Communication Technology (ICT) systems and services and that all institutions had already acquired more than three information systems and had acquired and implemented some of the cutting edge equipment and systems in their data centres. Further results show that institutions have established ICT departments although staff have not been trained in information security. All institutions interviewed have ICT policies although only a few have carried out policy sensitization and awareness campaigns for their staff and students. / TeX

Computer hackers

An investigation into interoperable end-to-end mobile web service security

Moyo, Thamsanqa

January 2008

The capacity to engage in web services transactions on smartphones is growing as these devices become increasingly powerful and sophisticated. This capacity for mobile web services is being realised through mobile applications that consume web services hosted on larger computing devices. This thesis investigates the effect that end-to-end web services security has on the interoperability between mobile web services requesters and traditional web services providers. SOAP web services are the preferred web services approach for this investigation. Although WS-Security is recognised as demanding on mobile hardware and network resources, the selection of appropriate WS-Security mechanisms lessens this burden. An attempt to implement such mechanisms on smartphones is carried out via an experiment. Smartphones are selected as the mobile device type used in the experiment. The experiment is conducted on the Java Micro Edition (Java ME) and the .NET Compact Framework (.NET CF) smartphone platforms. The experiment shows that the implementation of interoperable, end-to-end, mobile web services security on both platforms is reliant on third-party libraries. This reliance on third-party libraries results in poor developer support and exposes developers to the complexity of cryptography. The experiment also shows that there are no standard message size optimisation libraries available for both platforms. The implementation carried out on the .NET CF is also shown to rely on the underlying operating system. It is concluded that standard WS-Security APIs must be provided on smartphone platforms to avoid the problems of poor developer support and the additional complexity of cryptography. It is recommended that these APIs include a message optimisation technique. It is further recommended that WS-Security APIs be completely operating system independent when they are implemented in managed code. This thesis contributes by: providing a snapshot of mobile web services security; identifying the smartphone platform state of readiness for end-to-end secure web services; and providing a set of recommendations that may improve this state of readiness. These contributions are of increasing importance as mobile web services evolve from a simple point-to-point environment to the more complex enterprise environment.

Web services

Mobile computing

Smartphones

Internetworking (Telecommunication)

Computer networks -- Security measures

XML (Document markup language)

Microsoft .NET Framework

Java (Computer program language)

Novel analytical modelling-based simulation of worm propagation in unstructured peer-to-peer networks

Alharbi, Hani Sayyaf

January 2017

Millions of users world-wide are sharing content using Peer-to-Peer (P2P) networks, such as Skype and Bit Torrent. While such new innovations undoubtedly bring benefits, there are nevertheless some associated threats. One of the main hazards is that P2P worms can penetrate the network, even from a single node and then spread rapidly. Understanding the propagation process of such worms has always been a challenge for researchers. Different techniques, such as simulations and analytical models, have been adopted in the literature. While simulations provide results for specific input parameter values, analytical models are rather more general and potentially cover the whole spectrum of given parameter values. Many attempts have been made to model the worm propagation process in P2P networks. However, the reported analytical models to-date have failed to cover the whole spectrum of all relevant parameters and have therefore resulted in high false-positives. This consequently affects the immunization and mitigation strategies that are adopted to cope with an outbreak of worms. The first key contribution of this thesis is the development of a susceptible, exposed, infectious, and Recovered (SEIR) analytical model for the worm propagation process in a P2P network, taking into account different factors such as the configuration diversity of nodes, user behaviour and the infection time-lag. These factors have not been considered in an integrated form previously and have been either ignored or partially addressed in state-of-the-art analytical models. Our proposed SEIR analytical model holistically integrates, for the first time, these key factors in order to capture a more realistic representation of the whole worm propagation process. The second key contribution is the extension of the proposed SEIR model to the mobile M-SEIR model by investigating and incorporating the role of node mobility, the size of the worm and the bandwidth of wireless links in the worm propagation process in mobile P2P networks. The model was designed to be flexible and applicable to both wired and wireless nodes. The third contribution is the exploitation of a promising modelling paradigm, Agent-based Modelling (ABM), in the P2P worm modelling context. Specifically, to exploit the synergies between ABM and P2P, an integrated ABM-Based worm propagation model has been built and trialled in this research for the first time. The introduced model combines the implementation of common, complex P2P protocols, such as Gnutella and GIA, along with the aforementioned analytical models. Moreover, a comparative evaluation between ABM and conventional modelling tools has been carried out, to demonstrate the key benefits of ease of real-time analysis and visualisation. As a fourth contribution, the research was further extended by utilizing the proposed SEIR model to examine and evaluate a real-world data set on one of the most recent worms, namely, the Conficker worm. Verification of the model was achieved using ABM and conventional tools and by then comparing the results on the same data set with those derived from developed benchmark models. Finally, the research concludes that the worm propagation process is to a great extent affected by different factors such as configuration diversity, user-behaviour, the infection time lag and the mobility of nodes. It was found that the infection propagation values derived from state-of-the-art mathematical models are hypothetical and do not actually reflect real-world values. In summary, our comparative research study has shown that infection propagation can be reduced due to the natural immunity against worms that can be provided by a holistic exploitation of the range of factors proposed in this work.

004.6

A framework for the secure consumerisation of mobile, handheld devices in the healthcare institutional context

Kativu, Tatenda Kevin

January 2017

The advances in communication technologies have resulted in a significant shift in the workplace culture. Mobile computing devices are increasingly becoming an integral part of workplace culture. Mobility has several advantages to the organisation, one such example is the “always online” workforce resulting in increased productivity hours. As a result, organisations are increasingly providing mobile computing devices to the workforce to enable remote productivity at the organisations cost. A challenge associated with mobility is that these devices are likely to connect to a variety of networks, some which may insecure, and because of their smaller form factor and perceived value, are vulnerable to loss and theft amongst other information security challenges. Increased mobility has far reaching benefits for remote and rural communities, particularly in the healthcare domain where health workers are able to provide services to previously inaccessible populations. The adverse economic and infrastructure environment means institution provided devices make up the bulk of the mobile computing devices, and taking away the ownership, the usage patterns and the susceptibility of information to adversity are similar. It is for this reason that this study focuses on information security on institution provided devices in a rural healthcare setting. This study falls into the design science paradigm and is guided by the principles of design science proposed by Hevner et al. The research process incorporates literature reviews focusing on health information systems security and identifying theoretical constructs that support the low-resource based secure deployment of health information technologies. Thereafter, the artifact is developed and evaluated through an implementation case study and expert reviews. The outcomes from the feedback are integrated into the framework.

An examination of the required operational skills and training standards for a Close Protection Operative in South Africa

Schneider, Gavriel

31 March 2005

The aim of this study was to determine the current operational skills requirements for Close Protection Operatives (CPOs) in South Africa. Operational skills refer to those skills that are vital in order for a CPO to effectively protect a designated person (this person is referred to as the `Principal'). In order to determine any shortcomings in the Close Protection industry, twenty in-depth interviews were conducted with current operational CPOs. A detailed literature review was also done in order to create a solid platform for the research and to assist in the verification of the information. During the research, it was found that the task of providing Close Protection could be divided into various sub-categories. This was necessary in order to gain a rounded perspective of a CPO's roles and duties. CPO's tasks in their entirety had to be unpacked into their smaller sub-components. In fact there were many ways to subdivide the skills requirements and functions of CPOs. It was, however, found that the actual subdivisions were less important than the gaining of a comprehensive understanding of how all the aspects are interrelated and should function synergistically. The need for regulation of the South African Close Protection industry was identified as a major concern among all interview respondents. In order to determine the relevant factors involved in regulation, the way countries such as the United Kingdom (UK), Australia and Israel regulate their industries, was assessed. It was noted that the industry in South Africa is `partially regulated'. This means that there is some sort of registration process for CPOs but no comprehensive monitoring and enforcement of accepted minimum competency standards. Currently in South Africa private sector CPOs are rated on the same scale as security guards and must be registered as a Grade level C with the Private Security Industry Regulatory Authority (PSIRA). This is not an effective manner to regulate CPOs. CPOs should be viewed as professionals and specialists since their skills far exceed those of a security guard (Grade C). According to South Africa's Skills Development Plan all industries will fall under Sector Education and Training Authorities (SETAs). Close Protection is grouped under the Police, Private Security, Legal, Correctional Services and Justice Sector Education and Training Authority (POSLEC SETA). There is currently a South African Qualifications Authority (SAQA) Unit Standard for Close Protection (Protection of Designated Persons, Units Standard number: 11510). However, the research revealed that while the unit standard correctly outlines the operational skills requirements of CPOs there are no assessment guidelines or clearly defined minimum skills requirements. Before the unit standard can be effectively implemented, agreed industry minimum standards for the relevant skills divisions in Close Protection need to be identified and implemented. But currently there is some confusion regarding which body is responsible for, firstly developing acceptable unit standards; secondly, getting the industry as a whole to agree and accept such standards; thirdly, to see to it that training on those standards is provided; and finally the monitoring of these standards in practice. In this study various training related factors were identified and examined in order to assess whether the way CPOs are trained in South Africa is effective or not. Aspects such as the intensity, focus, duration and content were examined. In general it was found that it is important for the following to be implemented: 1. Effective screening and pre-training evaluation of potential trainees. 2. Training should be job orientated and focus on training CPOs for the functions that they will actually have to perform. 3. Training methodologies should focus on an outcomes based approach and utilise the fundamentals of adult based education. 4. Training should simulate reality including the related stress factors that are placed on operational CPOs such as lack of sleep and high levels of activity interspersed with boring waiting periods. 5. Ongoing training and re-training are vital components to a CPO maintaining operational competency. 6. Close Protection instructors need to have both an operational background and training in instructional methodologies before being considered competent. It is important that in the long term international recognition of South African Close Protection qualifications is achieved. This is essential since many South African CPOs operate internationally. Globalisation and improvements in technology have made it easier for international networking to take place. This has meant that clients are using CPOs in different countries and international comparisons are inevitable. If South African CPOs are to be considered `world class' then internationally recognised minimum standards need to be implemented for the South African Close Protection industry. The research indicated and highlighted various trends that may affect the Close Protection industry. The trends identified that seemed most relevant to the South African Close Protection industry were as follows: * Increased public awareness of international terrorism has resulted form acts such as the 9/11 attacks. This has made people more aware of the need for and benefits of security. Use of well trained CPOs is one of the ways that potential clients are able to minimise their exposure to any potential terrorist attack. * A CPO's ability to communicate and liaise with all relevant parties involved in the Close Protection environment is vital to the success of any operation. Therefore it is vital that these aspects receive the relevant focus during training. * The CPO needs to be well trained in use of unarmed combat and alternative weaponry. He/she can no longer rely on the use of a firearm as the primary force option. * A CPO needs to be able to adapt to many different situations. It is important that a CPO is trained to blend in and use the correct protocol in any given situation. The focus of operations should be on operating in a low profile manner to avoid unnecessary attention. * A CPO needs to be well trained in all aspects of planning and avoidance. The skills needed to proactively identify and avoid threats are vital to modern day operations. The CPO also needs to be quick thinking and adaptable in order to function effectively. * A CPO needs to have a working knowledge of all security related aspects that could enhance the safety of his/her Principal (i.e. multi-skilled). In addition to the above mentioned factors, other recommendations emanating from this study focused on minimum competency standards for the identified subdivisions of close protection. Examples of possible assessment guidelines and criteria were identified covering the following broad classifications: * Prior educational qualifications * Physical abilities * CPO skills * Prior experience in guarding * Firearm skills * Unarmed combat * Protective skills * First aid skills * Security knowledge * Advanced driver training * Protocol and etiquette * Management and business skills * Related skills / Criminology and Security Science / (M.Tech (Security Management))

Crime prevention -- South Africa

Bodyguards -- Training of

Security guards -- Training of

Industries -- Security measures