The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
As mobile computing is becoming more and more popular, the security threats to mobile applications are simultaneously increasing explosively. Most malicious activities hack the user's private information, such as contact and location information, hijack the user's transactions and communications, and exploit the confidential enterprise data stored in mobile databases or in cache on mobile devices...
Attacks on authentication services are major security concerns. Password-based authentication systems can be compromised using known techniques, such as brute force and dictionary-based attacks. Biometric-based authentication systems are becoming the preferred choice to replace password-based authentication systems. Among several variations of biometrics (e.g., face, eye, fingerprint), iris-based...
A decision tree is an important classification technique in data mining classification. Decision trees have proved to be valuable tools for the classification, description, and generalization of data. J48 is a decision tree algorithm which is used to create classification model. J48 is an open source Java implementation of the C4.5 algorithm in the Weka data mining tool. In this paper, we present...
Android applications are widely used by millions of users to perform many different activities. However, many applications have been reported to be malware performing activities not matching with their expected behaviors (e.g., sending SMS message to premium numbers). The existing relevant approaches that identify these applications (malware detection technique) suffer from performance issues where...
Lightweight Directory Access Protocol (LDAP) is used in web applications to provide lookup information and enforcing authentication. Web applications may suffer from LDAP injection vulnerabilities that may lead to security breaches such as login bypass and privilege escalation. This paper proposes OCL fault injection-based detection of LDAP injection vulnerabilities. We extracted design-level information...
Android applications are widely used by millions of users to perform many different activities. However, many applications have been reported to do anomalous activities not matching with their expected behaviors such as reading of contact information, sending SMS message to premium numbers, and other consequences. The existing relevant approaches that identify these applications (malware detection...
It is well known that cybersecurity will remain an important and demanding skill for the Cybersecurity workforce in the USA. However, there is currently a shortage of workers with this unique skill set. Cybersecurity skills require not only being proficient in Science, Technology, Engineering and Math (STEM), but also being able to apply skills to real world problems. Furthermore, the inclusion of...
Intrusion Detection System (IDS) is a popular approach to detect attacks in web applications. Signature-based IDS may not know all possible attack signatures in advance, thus a complementary anomaly-based IDS is deployed to and detect new attacks. In this paper, we propose an anomaly detection approach that utilizes three measures: cross entropy for parameter, value, and data type. The measures are...
When asked about permissions to download apps most, if not all, of us have been guilty of clicking the "agree" button without considering permission risks. To be honest the only way to download the app is by agreeing to "all" permissions since there is no option for partial permissions. Many popular Android apps including Facebook Messenger, WhatsApp, Skype, Twitter, and Instagram...
MOOCs have expanded educational access beyond the traditional scope and masses. Cloud computing, open source platforms and software frameworks have provided the MOOC elements to support the creation of cost effective infrastructures, minimizing costs with widespread accessibility. However, these foundational elements present security concerns, which include non-enforceable policies, system and software...
The rapidly expanding, highly evolving online course market (Massive Open Online Course or MOOC) is influential in academia. Many well-known MOOC platforms have emerged over the last decade. There is a need to compare the support level offered by these platforms so that educators can deliver materials and students are able to learn better. Additionally, there is a need to explore what kinds of data...
The Lightweight Directory Access Protocol (LDAP) is used in a large number of web applications, and therefore, different types of LDAP injection attacks are becoming common. These injection attacks take advantage of an application not validating inputs before being used as part of LDAP queries. An attacker can provide inputs that may result in the alteration of intended LDAP query structure. The attacks...
The end users rely on wireless networks in obtaining legitimate updated applications to install on their wireless devices. If the application that is being updated and distributed is not encrypted, or encrypted with weak algorithms, the attacker can possibly intercept the application and inject malicious code into the application. This paper presents a novel detection approach to identify application...
Android applications are widely used by millions of users to perform many activities. Unfortunately, legitimate and popular applications are targeted by malware authors and they repackage the existing applications by injecting additional code intended to perform malicious activities without the knowledge of end users. Thus, it is important to validate applications for possible repackaging before their...
Unsafely coded browser extensions can compromise the security of a browser, making them attractive targets for attackers as a primary vehicle for conducting cyber-attacks. Among others, the three factors making vulnerable extensions a high-risk security threat for browsers include: i) the wide popularity of browser extensions, ii) the similarity of browser extensions with web applications, and iii)...
This paper is addressing the challenges of incorporating networking and security concepts into effective teaching and learning platform (PLab) that highlights real-world technical issues. PLab is an innovative portable learning platform that allows network applications to be safely tested. The isolated network without the need for a server promotes learning at anytime and anywhere. The strong connection...
As mobile applications are being developed at a faster pace, the security aspect of is being neglected. A solid understanding of the characteristics of malware is the first step to preventing many unwanted consequences. This paper provides an overview of popular security threats posed by Android malware. In particular, we focus on the characteristics commonly found in malware applications and understand...
Android applications run on mobile devices that have limited memory resources. Although Android has its own memory manager with garbage collection support, many applications currently suffer from memory leak vulnerabilities. These applications may crash due to out of memory error while running. Testing of memory leak can detect the vulnerability early. In this paper, we perform memory leak testing...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.