Autonomic nervous system factors underlying anxiety in virtual environments : A regression model for cybersickness
- Authors: Bruck, Susan , Watters, Paul
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at VSMM 2009 -15th International Conference on Virtual Systems and Multimedia, Vienna : 9th-12th September 2009 p. 67-72
- Full Text:
- Description: The ability to predict whether people will experience anxiety is important for recruitment and selection in highly-stressful professions. Using a Virtual Reality Environment (VRE) can provide a tool to predict whether a person will experience anxiety. This paper reports several regression models which suggest observed and self-reported measures of anxiety during and after immersion in a VRE can be used to predict an individual's anxiety response to a simulated stressful environment. We found that respiration was a poor predictor of anxiety, but that cardiac activity accounted for around 39% of variance in self-reported anxiety responses using a four point scale. In contrast, responses from the Simulator Sickness Questionnaire (SSQ) accounted for 98% of variance in anxiety responses. However, only four out of eighteen measures in the SSQ made a significant contribution to the model. The implication for predicting an individual's anxiety responses using self-report or physiological measures is discussed. © 2009 IEEE.
Challenges to automated allegory resolution in open source intelligence
- Authors: Watters, Paul
- Date: 2012
- Type: Text , Conference proceedings
- Full Text: false
- Description: The resolution of lexical ambiguity in machine translation systems often involves the automated, on-line selection of the correct sense of polysemous target words in the context of a clause, phrase or sentence. However, the performance of machine translation systems in emulating this aspect of human language processing has not been entirely successful, to the extent that resolution of entities and terms in natural language could be automated for open source intelligence analysis. Whilst some of these systems confine themselves to processing domain-specific knowledge (e.g., medical terminology), with some success, the popular general-purpose direct translation systems now freely available on the World Wide Web (WWW) are investigated for characteristic semantic processing errors in this study. A ubiquitous sentence ("The quick brown fox jumps over the lazy dog"), an equative metaphor, and a simile are translated into four romance and one Germanic language, with the translation then inverted back to English using the same translation system. It is found that in addition to expected differences in correctly mapping shades of meaning (e.g., "quick" is mapped to "fast"), some spatial meanings are incorrectly transformed, especially for verbs (e.g., "jumps over" becomes "branches over" or "jumps on"). The most serious error is the addition of extra semantic features to individual words, particularly features associated with nouns (e.g., the gender-neutral "fox" becomes the female "vixen"). The implications of these types of errors for the automatic translation of human language - with respect to semantic representation in open source intelligence - are discussed. © 2012 IEEE.
- Description: 2003011052
Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP)
- Authors: Watters, Paul , McCombie, Stephen , Layton, Robert , Pieprzyk, Josef
- Date: 2012
- Type: Text , Journal article
- Relation: Journal of Money Laundering Control Vol. 15, no. 4 (2012), p. 430-441
- Full Text: false
- Reviewed:
- Description: Purpose – Ethnographic studies of cyber attacks typically aim to explain a particular profile of attackers in qualitative terms. The purpose of this paper is to formalise some of the approaches to build a Cyber Attacker Model Profile (CAMP) that can be used to characterise and predict cyber attacks. Design/methodology/approach – The paper builds a model using social and economic independent or predictive variables from several eastern European countries and benchmarks indicators of cybercrime within the Australian financial services system. Findings – The paper found a very strong link between perceived corruption and GDP in two distinct groups of countries – corruption in Russia was closely linked to the GDP of Belarus, Moldova and Russia, while corruption in Lithuania was linked to GDP in Estonia, Latvia, Lithuania and Ukraine. At the same time corruption in Russia and Ukraine were also closely linked. These results support previous research that indicates a strong link between been legitimate economy and the black economy in many countries of Eastern Europe and the Baltic states. The results of the regression analysis suggest that a highly skilled workforce which is mobile and working in an environment of high perceived corruption in the target countries is related to increases in cybercrime even within Australia. It is important to note that the data used for the dependent and independent variables were gathered over a seven year time period, which included large economic shocks such as the global financial crisis. Originality/value – This is the first paper to use a modelling approach to directly show the relationship between various social, economic and demographic factors in the Baltic states and Eastern Europe, and the level of card skimming and card not present fraud in Australia. Acknowledgements: Paul A. Watters and Robert Layton are funded by IBM, Westpac, the State Government of Victoria and the Australian Federal Police.
- Description: 2003011112
Characterising network traffic for Skype forensics
- Authors: Azab, Ahmad , Watters, Paul , Layton, Robert
- Date: 2012
- Type: Text , Conference proceedings
- Full Text: false
- Description: Voice over IP (VoIP) is increasingly replacing fixed line telephone systems globally due to lower cost, call quality improvements over digital lines and ease of availability. At the same time, criminals have also transitioned to using this environment, creating challenges for law enforcement, since interception of VoIP traffic is more difficult than a traditional telephony environment. One key problem for proprietary VoIP algorithms like Skype is being able to reliably identify and characterize network traffic. In this paper, the latest Skype version and its components are analyzed, in terms of network traffic behavior for logins, calls establishment, call answering and the change status phases. Network conditions tested included blocking different port numbers, inbound connections and outbound connections. The results provide a clearer view of the difficulties in characterizing Skype traffic in forensic contexts. We also found different changes from previous investigations into older versions of Skype. © 2012 IEEE.
- Description: 2003011053
Child face detection using age specific luminance invariant geometric descriptor
- Authors: Islam, Mofakharul , Watters, Paul , Yearwood, John
- Date: 2011
- Type: Text , Conference proceedings
- Full Text: false
- Description: While considerable research have been conducted on age-wise age estimation using skin detection most often with other visual cues, relatively little research has looked closely at the subject. In this paper, we present a new framework for interpreting facial image patterns that can be employed in categorical age estimation. The aim is to propose a novel approach to investigate and implement a child face detection technique that is able to estimate age categorically adult or child based on a new hybrid feature descriptor. The novel hybrid feature descriptor LIGD (the luminance invariant geometric descriptor) is composed of some low and high level features, which are found to be effective in characterizing the local appearance. In local appearance estimation, chromaticity, texture, and positional information of few facial visual cues can be employed simultaneously. Compared to the results published in a recent work, our proposed approach yields the highest precision and recall, and overall accuracy in recognition. © 2011 IEEE.
Cybercrime : The case of obfuscated malware
- Authors: Alazab, Mamoun , Venkatraman, Sitalakshmi , Watters, Paul , Alazab, Moutaz , Alazab, Ammar
- Date: 2011
- Type: Text , Conference paper
- Relation: Joint 7th International Conference on Global Security, Safety and Sustainability, ICGS3 2011, and the 4th Conference on e-Democracy Vol. 99 LNICST, p. 204-211
- Full Text: false
- Reviewed:
- Description: Cybercrime has rapidly developed in recent years and malware is one of the major security threats in computer which have been in existence from the very early days. There is a lack of understanding of such malware threats and what mechanisms can be used in implementing security prevention as well as to detect the threat. The main contribution of this paper is a step towards addressing this by investigating the different techniques adopted by obfuscated malware as they are growingly widespread and increasingly sophisticated with zero-day exploits. In particular, by adopting certain effective detection methods our investigations show how cybercriminals make use of file system vulnerabilities to inject hidden malware into the system. The paper also describes the recent trends of Zeus botnets and the importance of anomaly detection to be employed in addressing the new Zeus generation of malware. © 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering.
- Description: 2003010650
Cybercrime attribution : An Eastern European case study
- Authors: McCombie, Stephen , Pieprzyk, Josef , Watters, Paul
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at 7th Australian Digital Forensics Conference, Perth, Western Australia 1st-3rd December 2009 p. 41-51
- Full Text: false
- Description: Phishing and related cybercrime is responsible for billions of dollars in losses annually. Gartner reported more than 5 million U.S. consumers lost money to phishing attacks in the 12 months ending in September 2008 (Gartner 2009). This paper asks whether the majority of organised phishing and related cybercrime originates in Eastern Europe rather than elsewhere such as China or the USA. The Russian “Mafiya” in particular has been popularised by the media and entertainment industries to the point where it can be hard to separate fact from fiction but we have endeavoured to look critically at the information available on this area to produce a survey. We take a particular focus on cybercrime from an Australian perspective, as Australia was one of the first places where Phishing attacks against Internet banks were seen. It is suspected these attacks came from Ukrainian spammers. The survey is built from case studies both where individuals from Eastern Europe have been charged with related crimes or unsolved cases where there is some nexus to Eastern Europe. It also uses some earlier work done looking at those early Phishing attacks, archival analysis of Phishing attacks in July 2006 and new work looking at correlation between the Corruption Perception Index, Internet penetration and tertiary education in Russia and the Ukraine. The value of this work is to inform and educate those charged with responding to cybercrime where a large part of the problem originates and try to understand why.
- Description: 2003007921
Cybersickness and anxiety during simulated motion : Implications for VRET
- Authors: Bruck, Susan , Watters, Paul
- Date: 2009
- Type: Text , Journal article
- Relation: Cyberpsychology & Behavior Vol. 12, no. 5 (2009), p. 593
- Full Text: false
- Reviewed:
Data loss in the British government : A bounty of credentials for organised crime
- Authors: Watters, Paul
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at UIC-ATC 2009 - Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing in Conjunction with the UIC'09 and ATC'09 Conferences, Brisbane : 7th-9th July 2009 p. 531-536
- Full Text:
- Description: Personal information stored in large government databases is a prime target for criminals because of its potential use in identity theft and associated crime, such as fraud. In 2007-2008, a number of very high-profile cases of data loss within the British Government, its departments and non-departmental bodies raised three pressing issues of public significance: (1) how broad was the loss across agencies; (2) how deep was each loss incident; and (3) what counter-measures (organisational and technical) could be put in place to prevent further loss? This paper provides a chronological review of data loss incidents, and assesses the potential to mitigate risk, given organisational structures and processes, and taking into account current government calls for further medium and long-term acquisition and storage of citizen's private data. The potential use of the "lost" credentials is discussed in the context of identity theft. © 2009 IEEE.
Descriptive data mining on fraudulent online dating profiles
- Authors: Pan, Jinjian A. , Winchester, Donald , Land, Lesley , Watters, Paul
- Date: 2010
- Type: Text , Conference paper
- Relation: Proceedings of ECIS 2010, The 18th European Conference on Information Systems 2010 p. 1-11
- Full Text: false
- Reviewed:
- Description: The increasing ease of access to the World Wide Web and email harvesting tools has enabled spammers to target a wider audience. The problem is where scams are widely encountered in day to day environmental to individuals from all walks of life and result in millions of dollars in financial loss as well as emotional trauma (Newman 2005). This paper aims to analyse and examine the structure of Romance Fraud, in a bid to understand and detect Romance Fraud profiles. We focus on scams that utilise the medium of dating websites. The primary indicators of Romance Fraud identified in the literature include social factors, scam characteristics and content....
Detecting illicit drugs on social media using Automated Social Media Intelligence Analysis (ASMIA)
- Authors: Watters, Paul , Phair, Nigel
- Date: 2012
- Type: Text , Conference paper
- Relation: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) Vol. 7672 LNCS, p. 66-76
- Full Text:
- Reviewed:
- Description: While social media is a new and exciting technology, it has the potential to be misused by organized crime groups and individuals involved in the illicit drugs trade. In particular, social media provides a means to create new marketing and distribution opportunities to a global marketplace, often exploiting jurisdictional gaps between buyer and seller. The sheer volume of postings presents investigational barriers, but the platform is amenable to the partial automation of open source intelligence. This paper presents a new methodology for automating social media data, and presents two pilot studies into its use for detecting marketing and distribution of illicit drugs targeted at Australians. Key technical challenges are identified, and the policy implications of the ease of access to illicit drugs are discussed. © 2012 Springer-Verlag.
- Description: 2003010676
Detecting phishing emails using hybrid features
- Authors: Ma, Liping , Ofoghi, Bahadorreza , Watters, Paul , Brown, Simon
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at 2009 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, UIC-ATC '09, Brisbane, Queensland : 7th-9th July 2009 p. 493-497
- Full Text:
- Description: Phishing emails have been used widely in fraud of financial organizations and customers. Phishing email detection has drawn a lot attention for many researchers and malicious detection devices are installed in email servers. However, phishing has become more and more complicated and sophisticated and attack can bypass the filter set by anti-phishing techniques. In this paper, we present a method to build a robust classifier to detect phishing emails using hybrid features and to select features using information gain. We experiment on 10 cross-validations to build an initial classifier which performs well. The experiment also analyses the quality of each feature using information gain and best feature set is selected after a recursive learning process. Experimental result shows the selected features perform as well as the original features. Finally, we test five machine learning algorithms and compare the performance of each. The result shows that decision tree builds the best classifier.
- Description: 2003007857
Determining provenance in phishing websites using automated conceptual analysis
- Authors: Layton, Robert , Watters, Paul
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at 2009 eCrime Researchers Summit, eCRIME '09, Tacoma, Washington : 20th-21st October 2009 p. 1-7
- Full Text:
- Description: Phishing is a form of online fraud with drastic consequences for the victims and institutions being defrauded. A phishing attack tries to create a believable environment for the intended victim to enter their confidential data such that the attacker can use or sell this information later. In order to apprehend phishers, law enforcement agencies need automated systems capable of tracking the size and scope of phishing attacks, in order to more wisely use their resources shutting down the major players, rather then wasting resources stopping smaller operations. In order to develop these systems, phishing attacks need to be clustered by provenance in a way that adequately profiles these evolving attackers. The research presented in this paper looks at the viability of using automated conceptual analysis through cluster analysis techniques on phishing websites, with the aim of determining provenance of these phishing attacks. Conceptual analysis is performed on the source code of the websites, rather than the final text that is displayed to the user, eliminating problems with rendering obfuscation and increasing the distinctiveness brought about by differences in coding styles of the phishers. By using cluster analysis algorithms, distinguishing factors between groups of phishing websites can be obtained. The results indicate that it is difficult to separate websites by provenance without also separating by intent, by looking at the phishing websites alone. Instead, the methods discussed in this paper should form part of a larger system that uses more information about the phishing attacks.
Determining the influence of visual training on EEG activity patterns using association rule mining
- Authors: Yan, Fangang , Watters, Paul , Wang, Wei
- Date: 2011
- Type: Text , Conference proceedings
- Full Text: false
- Description: To confirm that visual training can change EEG patterns by association rule mining method, firstly, we collected the EEG of people who are under a long-term visual professional training (visual training group) and novice people (control group) during a specific mental tasks. Secondly, we determined the difference of brain electrical activity between the two groups using machine learning methods. Thirdly, we discovered distinct patterns using association rule algorithm, finding that the two groups were separable based on their completion of visual professional cognitive tasks. In the beta band, visual training group showed a specific and significant association pattern which included FP1 and C4. The results indicate that the EEG patterns were modified because of visual professional training. We further discuss the impact of long-term visual professional training on the EEG. © 2011 IEEE.
Digital forensic techniques for static analysis of NTFS images
- Authors: Alazab, Mamoun , Venkatraman, Sitalakshmi , Watters, Paul
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at 4th International Conference of Information Technology, ICIT 2009, AL-Zaytoonah University, Amman, Jordan : 3rd-5th June 2009
- Full Text:
- Description: Static analysis of the Windows NTS File System (NTFS) which is the standard and most commonly used file system could provide useful information for digital forensics. However, since the NFTS disk image records every event in the system, forensic tools need to process an enormous amount of information related to user / kernel environment, buffer overflows, trace conditions, network stack and other related subsystems. This leads to imperfect forensic tools that are practical for implementation but not comprehensive and effective. This research discusses the analysis technique to detect data hidden based on the internal structure of the NTFS file system in the boot sector. Further, it attempts to unearth the vulnerabilities of NTFS disk image and weaknesses of the current forensic techniques. The paper argues that a comprehensive tool with improved techniques is warranted for a successful forensic analysis.
- Description: 2003007524
Effective digital forensic analysis of the NTFS disk image
- Authors: Alazab, Mamoun , Venkatraman, Sitalakshmi , Watters, Paul
- Date: 2009
- Type: Text , Journal article
- Relation: Ubiquitous Computing and Communication Journal Vol. 4, no. 3 (Special issue on ICIT 2009 Conference - Applied Computing) (2009), p. 551-558
- Full Text: false
- Reviewed:
- Description: Forensic analysis of the Windows NT File System (NTFS) could provide useful information leading towards malware detection and presentation of digital evidence for the court of law. Since NTFS records every event of the system, forensic tools are required to process an enormous amount of information related to user / kernel environment, buffer overflows, trace conditions, network stack, etc. This has led to imperfect forensic tools that are practical for implementation and hence become popular, but are not comprehensive and effective. Many existing techniques have failed to identify malicious code in hidden data of the NTFS disk image. This research discusses the analysis technique we have adopted to successfully detect maliciousness in hidden data, by investigating the NTFS boot sector. We have conducted experimental studies with some of the existing popular forensics tools and have identified their limitations. Further, through our proposed three-stage forensic analysis process, our experimental investigation attempts to unearth the vulnerabilities of NTFS disk image and the weaknesses of the current forensic techniques.
- Description: 2003007525
Enabling access to British birth cohort studies: A secure web interface for the NSHD (SWIFT)
- Authors: Watters, Paul , Kuh, Diana , Latham, Susan , Garwood, Kevin , Shah, Imran
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at Healthcom 2009: 11th IEEE International Conference on e-Health Networking, Applications & Services
- Full Text:
- Reviewed:
Establishing phishing provenance using orthographic features
- Authors: Liping, Ma , Yearwood, John , Watters, Paul
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at 2009 eCrime Researchers Summit, eCRIME '09, Tacoma, Washington : 20th-21st October 2009
- Full Text:
- Description: After phishing message detection, determining the provenance of phishing messages and Websites is the second step to tracing cybercriminals. In this paper, we present a novel method to cluster phishing emails automatically using orthographic features. In particular, we develop an algorithm to cluster documents and remove redundant features at the same time. After collecting all the possible features based on observation, we adapt the modified global k-mean method repeatedly, and generate the objective function values over a range of tolerance values across different subsets of features. Finally, we identify the appropriate clusters based on studying the distribution of the objective function values. Experimental evaluation of a large number of computations demonstrates that our clustering and feature selection techniques are highly effective and achieve reliable results.
- Description: 2003007842
Establishing reasoning communities of security experts for Internet Commerce Security
- Authors: Kelarev, Andrei , Brown, Simon , Watters, Paul , Wu, Xinwen , Dazeley, Richard
- Date: 2011
- Type: Text , Book chapter
- Relation: Technologies for supporting reasoning communities and collaborative decision making : Cooperative approaches p. 380-396
- Full Text: false
- Reviewed:
- Description: The highly sophisticated and rapidly evolving area of internet commerce security presents many novel challenges for the organization of discourse in reasoning communities. This chapter suggests appropriate reasoning methods and demonstrates how establishing reasoning communities of security experts and enabling productive group discourse among them can play a crucial role in successful resolution of problems concerning the implementation, integration, deployment and maintenance of flexible local security systems for defense against malware threats in internet security. Local security systems of this sort may combine several ready open source or commercial software packages behind a common front-end and may enhance and supplement their facilities with additional plug-ins. To illustrate the diverse character of challenges the reasoning communities in internet security are likely to be faced with, this chapter concentrates on defense against phishing attacks. This example was selected as it is one of the newest and most rapidly changing application domains for the principles of organizing reasoning communities. The major group discourse methods suggested for the reasoning communities of security experts in this chapter include the Delphi Method, the Wideband Delphi Process, the Generic/Actual Argument Model of Structured Reasoning, Brainstorming, Reverse Brainstorming, Consensus Decision Making, Voting, Open Delphi and Open Brainstorming Methods. The Delphi Method and Wideband Delphi Process are suggested as tools for organizing a cohesive reasoning architecture, for coordinating other methods, and for preparing and allocating other methods to particular issues.
Estimating cybersickness of simulated motion using the Simulator Sickness Questionnaire (SSQ) : A controlled study
- Authors: Bruck, Susan , Watters, Paul
- Date: 2009
- Type: Text , Conference paper
- Relation: Paper presented at 2009 6th International Conference on Computer Graphics, Imaging and Visualization: New Advances and Trends, CGIV2009, Tianjin : 11th - 14th August 2009 p. 486-488
- Full Text:
- Description: The aim of this experiment was to determine which cybersickness symptoms are associated with simulated motion, by comparing responses to the Simulated Sickness Questionnaire (SSQ) between a control and experimental condition. Using non-parametric statistical tests, we found that general discomfort, fatigue, headache, eyestrain, difficulty in focusing eyes, increased sweating, nausea, difficulty in concentrating, stomach awareness and blurred vision were significantly higher in a high simulated motion task compared with a low simulated task. The implications for preventing cybersickness in virtual environments are discussed. © 2009 IEEE.