Thiago Viana scite author profile

2022

ASI

Using technology to prevent cyber-attacks has allowed organisations to somewhat automate cyber security. Despite solutions to aid organisations, many are susceptible to phishing and spam emails which can make an unwanted impact if not mitigated. Traits that make organisations susceptible to phishing and spam emails include a lack of awareness around the identification of malicious emails, explicit trust, and the lack of basic security controls. For any organisation, phishing and spam emails can be received and the consequences of an attack could result in disruption. This research investigated the threat of phishing and spam and developed a detection solution to address this challenge. Deep learning and natural language processing are two techniques that have been employed in related research, which has illustrated improvements in the detection of phishing. Therefore, this research contributes by developing Phish Responder, a solution that uses a hybrid machine learning approach combining natural language processing to detect phishing and spam emails. To ensure its efficiency, Phish Responder was subjected to an experiment in which it has achieved an average accuracy of 99% with the LSTM model for text-based datasets. Furthermore, Phish Responder has presented an average accuracy of 94% with the MLP model for numerical-based datasets. Phish Responder was evaluated by comparing it with other solutions and through an independent t-test which demonstrated that the numerical-based technique is statistically significantly better than existing approaches.

Identifying Conflicting Requirements in Systems of Systems

Zisman

Bandara

2017

A System of Systems (SoS) is an arrangement of useful and independent subsystems , which are integrated into a larger system. Examples are found in transport systems, nutritional systems, smart homes and smart cities. The composition of component subsystems into an SoS enables support for complex functionalities that cannot be provided by individual subsystems on their own. However, to realize the benefits of these functionalities it is necessary to address several software engineering challenges including, but not limited to, the specification, design, construction, deployment, and management of an SoS. The various component subsystems in an SoS environment are often concerned with distinct domains; are developed by different stakeholders under different circumstances and time; provide distinct functionalities; and are used by different stakeholders, which allow for the existence of conflicting requirements. In this paper, we present a framework to support management of emerging conflicting requirements in an SoS. In particular, we describe an approach to support identification of conflicts between resourcebased requirements (i.e. requirements concerned with the consumption of different resources). In order to illustrate and evaluate the work, we use an example of a pilot study of an IoT SoS ecosystem designed to support food security at different levels of granularity, namely individuals, groups, cities, and nations.

Trust No One? A Framework for Assisting Healthcare Organisations in Transitioning to a Zero-Trust Network Architecture

Tyler

2021

Applied Sciences

Traditional networks are designed to be hard on the outside and soft on the inside. It is this soft inside which has made the traditional perimeter model laughable to attackers, who can easily breach a network and run away with the data without even having to deal with the hardened perimeter. The zero-trust security model, created by John Kindervag in 2010, addresses the security flaws of the traditional perimeter model and asserts that all network traffic on the inside should not be trusted by default. Other core principles of zero trust include verification and continuous monitoring of all communication, as well as encryption of all data in transit and data at rest, since the goal of zero trust is to focus on protecting data. Although the zero-trust model was created in 2010, with some of the associated security practices existing even before that, many healthcare organisations are still choosing to focus primarily on securing the perimeter instead of focusing on the vulnerabilities within them. The current COVID-19 pandemic which healthcare providers are struggling with further highlights the need for improvements to security within the network perimeter, as many healthcare providers and vaccine developers are still using vulnerable, outdated legacy systems which could become compromised and indirectly have a detrimental effect on patient care. Legacy systems which are technologically limited, as well as medical devices which cannot be controlled or managed by network administrators, create boundaries to transitioning to a zero-trust architecture. It is challenges like this that have been explored during the research phase of this project in order to gain a better understanding of how a health organisation can adopt zero-trust practices despite the limitations of their current architecture. From the information gathered during this research, a framework was developed to allow a health organisation to transition to a more secure architecture based on the concept of zero-trust. Aspects of the proposed framework were tested in Cisco Modelling Labs (CML), and the results were evaluated to ensure the validity of some of the recommendations laid out in the framework. The main objective of this research was to prove that if a host within the local area network (LAN) were to be compromised, the damage would be limited to that host and would not spread throughout the rest of the network. This was successful after the qualitative research performed in CML. One of the other takeaways from testing the framework in CML was that medical devices could be secured by placing firewalls directly in front of them. This placement of firewalls may seem like an unorthodox approach and was shown to increase latency, but the blocking of all unnecessary traffic on the rest of the network will result in a performance boost and should balance it out in a real-world application.

Towards a framework for managing inconsistencies in systems of systems

Zisman

Bandara

2016

A System of Systems (SoS) is an arrangement of useful and independent complex systems integrated into a bigger system in order to deliver unique capabilities [1]. In this context, each independent system should be able to fulfill useful objectives in their own environments, but when they are composed in a SoS they should be able to achieve new objectives that could not be achieved by the individual systems. Examples of SoSs are found in several applications including, but not limited to, transport network systems, household energy management systems, personal nutritional systems, smart homes, smart cities, and intelligent healthcare systems.

Analytical Framework for National Cyber-security and Corresponding Critical Infrastructure: A Pragmatistic Approach

Wright

Chizari

2020