ABSTRACT
During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device's behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe-Orient-Decide-Act (OODA) to provide a comprehensive solution to monitor the device's behavior for APT mitigation.
Subject(s)
Computer Security , Internet of Things , Confidentiality , Dimaprit/analogs & derivatives , SmartphoneABSTRACT
An Android smartphone contains built-in and externally downloaded applications that are used for entertainment, finance, navigation, communication, health and fitness, and so on. The behaviour of granting permissions requested by apps might expose the Android smartphone user to privacy risks. The existing works lack a formalized mathematical model that can quantify user and system applications risks. No multifaceted data collector tool can also be used to monitor the collection of user data and the risk posed by each application. A benchmark of the risk level that alerts the user and distinguishes between acceptable and unacceptable risk levels in Android smartphone user does not exist. Hence, to address privacy risk, a formalized privacy model called PRiMo that uses a tree structure and calculus knowledge is proposed. An App-sensor Mobile Data Collector (AMoDaC) is developed and implemented in real life to analyse user data accessed by mobile applications through the permissions granted and the risks involved. A benchmark is proposed by comparing the proposed PRiMo outcome with the existing available testing metrics. The results show that Tools & Utility/Productivity applications posed the highest risk as compared to other categories of applications. Furthermore, 29 users faced low and acceptable risk, while two users faced medium risk. According to the benchmark proposed, users who faced risks below 25% are considered as safe. The effectiveness and accuracy of the proposed work is 96.8%.
ABSTRACT
BACKGROUND: Breast cancer is the leading cause of mortality among women worldwide. However, female patients often feel reluctant and embarrassed about meeting physicians in person to discuss their intimate body parts, and prefer to use social media for such interactions. Indeed, the number of patients and physicians interacting and seeking information related to breast cancer on social media has been growing. However, a physician may behave inappropriately on social media by sharing a patient's personal medical data excessively with colleagues or the public. Such an act would reduce the physician's trustworthiness from the patient's perspective. The multifaceted trust model is currently most commonly used for investigating social media interactions, which facilitates its enhanced adoption in the context of breast self-examination. The characteristics of the multifaceted trust model go beyond being personalized, context-dependent, and transitive. This model is more user-centric, which allows any user to evaluate the interaction process. Thus, in this study, we explored and evaluated use of the multifaceted trust model for breast self-examination as a more suitable trust model for patient-physician social media interactions in breast cancer screening. OBJECTIVE: The objectives of this study were: (1) to identify the trustworthiness indicators that are suitable for a breast self-examination system, (2) design and propose a breast self-examination system, and (3) evaluate the multifaceted trustworthiness interaction between patients and physicians. METHODS: We used a qualitative study design based on open-ended interviews with 32 participants (16 outpatients and 16 physicians). The interview started with an introduction to the research objective and an explanation of the steps on how to use the proposed breast self-examination system. The breast self-examination system was then evaluated by asking the patient to rate their trustworthiness with the physician after the consultation. The evaluation was also based on monitoring the activity in the chat room (interactions between physicians and patients) during daily meetings, weekly meetings, and the articles posted by the physician in the forum. RESULTS: Based on the interview sessions with 16 physicians and 16 patients on using the breast self-examination system, honesty had a strong positive correlation (r=0.91) with trustworthiness, followed by credibility (r=0.85), confidence (r=0.79), and faith (r=0.79). In addition, belief (r=0.75), competency (r=0.73), and reliability (r=0.73) were strongly correlated with trustworthiness, with the lowest correlation found for reputation (r=0.72). The correlation among trustworthiness indicators was significant (P<.001). Moreover, the trust level of a patient for a particular physician was found to increase after several interactions. CONCLUSIONS: Multifaceted trustworthiness has a significant impact on a breast self-examination system. Evaluation of trustworthiness indicators helps to ensure a trustworthy system and ethical interaction between a patient and physician. A new patient can obtain a consultation by referring to the best physician according to preference of other patients. Patients can also trust a physician based on another patient's recommendation regarding the physician's trust level. The correlation analysis further showed that the most preferred trustworthiness indicator is honesty.
ABSTRACT
The proliferation of mobile devices such as smartphones and tablets with embedded sensors and communication features has led to the introduction of a novel sensing paradigm called mobile crowd sensing. Despite its opportunities and advantages over traditional wireless sensor networks, mobile crowd sensing still faces security and privacy issues, among other challenges. Specifically, the security and privacy of sensitive location information of users remain lingering issues, considering the "on" and "off" state of global positioning system sensor in smartphones. To address this problem, this paper proposes "SenseCrypt", a framework that automatically annotates and signcrypts sensitive location information of mobile crowd sensing users. The framework relies on K-means algorithm and a certificateless aggregate signcryption scheme (CLASC). It incorporates spatial coding as the data compression technique and message query telemetry transport as the messaging protocol. Results presented in this paper show that the proposed framework incurs low computational cost and communication overhead. Also, the framework is robust against privileged insider attack, replay and forgery attacks. Confidentiality, integrity and non-repudiation are security services offered by the proposed framework.
ABSTRACT
Automatic data annotation eliminates most of the challenges we faced due to the manual methods of annotating sensor data. It significantly improves users’ experience during sensing activities since their active involvement in the labeling process is reduced. An unsupervised learning technique such as clustering can be used to automatically annotate sensor data. However, the lingering issue with clustering is the validation of generated clusters. In this paper, we adopted the k-means clustering algorithm for annotating unlabeled sensor data for the purpose of detecting sensitive location information of mobile crowd sensing users. Furthermore, we proposed a cluster validation index for the k-means algorithm, which is based on Multiple Pair-Frequency. Thereafter, we trained three classifiers (Support Vector Machine, K-Nearest Neighbor, and Naïve Bayes) using cluster labels generated from the k-means clustering algorithm. The accuracy, precision, and recall of these classifiers were evaluated during the classification of “non-sensitive” and “sensitive” data from motion and location sensors. Very high accuracy scores were recorded from Support Vector Machine and K-Nearest Neighbor classifiers while a fairly high accuracy score was recorded from the Naïve Bayes classifier. With the hybridized machine learning (unsupervised and supervised) technique presented in this paper, unlabeled sensor data was automatically annotated and then classified.