Skip to main content

Research Repository

Advanced Search

Outputs (40)

Majority Voting Ransomware Detection System (2023)
Journal Article
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2023). Majority Voting Ransomware Detection System. Journal of Information Security, 14(4), 264-293. https://doi.org/10.4236/jis.2023.144016

Crypto-ransomware remains a significant threat to governments and companies alike, with high-profile cyber security incidents regularly making headlines. Many different detection systems have been proposed as solutions to the ever-changing dynamic la... Read More about Majority Voting Ransomware Detection System.

Evaluation of live forensic techniques, towards Salsa20-Based cryptographic ransomware mitigation (2023)
Journal Article
Fernandez de Loaysa Babiano, L., Macfarlane, R., & Davies, S. R. (2023). Evaluation of live forensic techniques, towards Salsa20-Based cryptographic ransomware mitigation. Forensic Science International: Digital Investigation, 46, Article 301572. https://

Ransomware has been established as one of the largest current threats to organisations, small businesses, governments, and individuals alike. The appearance of cryptocurrencies and the enhancement of encryption key management schemes increased the ca... Read More about Evaluation of live forensic techniques, towards Salsa20-Based cryptographic ransomware mitigation.

Vascular mechanisms of post-COVID-19 conditions: rho-kinase is a novel target for therapy (2023)
Journal Article
Sykes, R. A., Neves, K. B., Alves-Lopes, R., Caputo, I., Fallon, K., Jamieson, N. B., …Berry, C. (2023). Vascular mechanisms of post-COVID-19 conditions: rho-kinase is a novel target for therapy. European Heart Journal - Cardiovascular Pharmacotherapy,

Background In post-COVID-19 conditions (Long COVID), systemic vascular dysfunction is implicated but the mechanisms are uncertain, and treatment is imprecise. Methods Patients convalescing after hospitalisation for COVID-19 and risk-factor match... Read More about Vascular mechanisms of post-COVID-19 conditions: rho-kinase is a novel target for therapy.

Improved ICS Honeypot Techniques (2023)
Presentation / Conference Contribution
McColm, D., & Macfarlane, R. (2023, June). Improved ICS Honeypot Techniques. Presented at International Conference on Computer Security in the Nuclear World: Security for Safety, Vienna, Austria

As work continues to advance the security posture of ICS systems across the UKNDA estate, opportunities arise to consider the deployment of deception technologies. With high-profile attacks on ICS occurring more frequently, and increasing numbers of... Read More about Improved ICS Honeypot Techniques.

Comparison Of Common Mathematical Techniques Used In The Calculation Of File Entropy (2022)
Presentation / Conference Contribution
Davies, S. R., & Macfarlane, R. (2022, November). Comparison Of Common Mathematical Techniques Used In The Calculation Of File Entropy. Presented at 2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCM

The research described in this paper focuses on the use of mathematical techniques to identify high entropy encrypted files generated during the execution of ransomware. A common approach used by many ransomware detection techniques is to monitor fil... Read More about Comparison Of Common Mathematical Techniques Used In The Calculation Of File Entropy.

Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification (2022)
Journal Article
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2022). Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification. Entropy, 24(10), Article 1503. https://doi.org/10.3390/e24101503

Ransomware is a malicious class of software that utilises encryption to implement an attack on system availability. The target’s data remains encrypted and is held captive by the attacker until a ransom demand is met. A common approach used by many c... Read More about Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification.

Civil Engineering Graduate Apprenticeships: A feasibility study into development of an MSc programme based on review of current undergraduate provision (2022)
Presentation / Conference Contribution
Leitch, K., Bernal-Sanchez, J., & Macfarlane, R. (2022). Civil Engineering Graduate Apprenticeships: A feasibility study into development of an MSc programme based on review of current undergraduate provision. In Proceedings of the 8th International Symp

This paper details the findings of a study undertaken at Edinburgh Napier University to assess the feasibility of developing an existing Graduate Apprentice programme in Civil Engineering to a MSc level. Using a mixed methods approach, data from a se... Read More about Civil Engineering Graduate Apprenticeships: A feasibility study into development of an MSc programme based on review of current undergraduate provision.

NapierOne: A modern mixed file data set alternative to Govdocs1 (2022)
Journal Article
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2022). NapierOne: A modern mixed file data set alternative to Govdocs1. Forensic Science International: Digital Investigation, 40, Article 301330. https://doi.org/10.1016/j.fsidi.2021.301330

It was found when reviewing the ransomware detection research literature that almost no proposal provided enough detail on how the test data set was created, or sufficient description of its actual content, to allow it to be recreated by other resear... Read More about NapierOne: A modern mixed file data set alternative to Govdocs1.

Exploring the Need For an Updated Mixed File Research Data Set (2022)
Presentation / Conference Contribution
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2021, October). Exploring the Need For an Updated Mixed File Research Data Set. Presented at 2021 International Conference on Engineering and Emerging Technologies (ICEET), Istanbul, Turkey

Mixed file data sets are used in a variety of research areas, including Digital Forensics, Malware analysis and Ransomware detection. Researchers recently seem to either have to create their own custom data sets or well-known data sets are used, but... Read More about Exploring the Need For an Updated Mixed File Research Data Set.

Review of Current Ransomware Detection Techniques (2022)
Presentation / Conference Contribution
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2021, October). Review of Current Ransomware Detection Techniques. Presented at 2021 International Conference on Engineering and Emerging Technologies (ICEET), Istanbul, Turkey

A review of proposed ransomware detection tools and techniques. The tools are described, compared and contrasted and possible short comings in their approaches are discussed.

Differential Area Analysis for Ransomware Attack Detection within Mixed File Datasets (2021)
Journal Article
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2021). Differential Area Analysis for Ransomware Attack Detection within Mixed File Datasets. Computers and Security, 108, Article 102377. https://doi.org/10.1016/j.cose.2021.102377

The threat from ransomware continues to grow both in the number of affected victims as well as the cost incurred by the people and organisations impacted in a successful attack. In the majority of cases, once a victim has been attacked there remain o... Read More about Differential Area Analysis for Ransomware Attack Detection within Mixed File Datasets.

Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment (2020)
Presentation / Conference Contribution
Chacon, J., Mckeown, S., & Macfarlane, R. (2020, June). Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment. Presented at IEEE International Conference on Cyber Security and Protection of Di

Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult to detect using traditional signature-and anomaly-based intrusion detection approaches. Deception techniques such as decoy objects, often called honey items, may be deploye... Read More about Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment.

Evaluation of Live Forensic Techniques in Ransomware Attack Mitigation (2020)
Journal Article
Davies, S. R., Macfarlane, R., & Buchanan, W. J. (2020). Evaluation of Live Forensic Techniques in Ransomware Attack Mitigation. Forensic Science International: Digital Investigation, 33, Article 300979. https://doi.org/10.1016/j.fsidi.2020.300979

Ransomware continues to grow in both scale, cost, complexity and impact since its initial discovery nearly 30 years ago. Security practitioners are engaged in a continual "arms race" with the ransomware developers attempting to defend their digital i... Read More about Evaluation of Live Forensic Techniques in Ransomware Attack Mitigation.

Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction (2019)
Journal Article
Lowe, I., Buchanan, W. J., Macfarlane, R., & Lo, O. (2019). Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction. Journal of Networking Technology, 10(4), 124-155. https://doi.org/10.6025/jnt/20

Bluetooth is a short-range wireless technology that provides audio and data links between personal smartphones and playback devices, such as speakers, headsets and car entertainment systems. Since its introduction in 2001, security researchers have s... Read More about Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction.

The Importance of Authenticity in Cyber Security Training and Education (2019)
Presentation / Conference Contribution
Macfarlane, R., & Mata de Acuna, J. (2019, November). The Importance of Authenticity in Cyber Security Training and Education. Presented at JISC Security Conference, Newcastle, England

The knowledge gap between academy and industry is a challenging issue that educators face every day. In the field of cyber security, it is important that students understand the need of adapting and acquiring new skills that allow them to put their t... Read More about The Importance of Authenticity in Cyber Security Training and Education.

Identifying Vulnerabilities Using Internet-wide Scanning Data (2019)
Presentation / Conference Contribution
O'Hare, J., Macfarlane, R., & Lo, O. (2019). Identifying Vulnerabilities Using Internet-wide Scanning Data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3) (1-10). https://doi.org/10.1109/ICGS3.2019.868801

Internet-wide scanning projects such as Shodan and Censys, scan the Internet and collect active reconnaissance results for online devices. Access to this information is provided through associated websites. The Internet-wide scanning data can be used... Read More about Identifying Vulnerabilities Using Internet-wide Scanning Data.

System and method for management of confidential data (2018)
Patent
Buchanan, B., Lo, O., Macfarlane, R., Penrose, P., & Ramsay, B. (2018). System and method for management of confidential data. GB2561176A

This application is for a method of data management to identify confidential digital content on a database by first receiving a management request 302 from a system 304 to carry out data management operations. These include the identification of data... Read More about System and method for management of confidential data.

Method for identification of digital content (2018)
Patent
Buchanan, B., Lo, O., Penrose, P., Ramsay, B., & Macfarlane, R. (2018). Method for identification of digital content. World Intellectual Property Organization

Many areas oi investigation require searching through data that may be oi interest. One example oi data that may be involved in an investigation is copyrighted material that may be suspected of having been obtained or reproduced illegally by a third... Read More about Method for identification of digital content.

Privacy Parameter Variation using RAPPOR on a Malware Dataset (2018)
Presentation / Conference Contribution
Aaby, P., Mata De Acuña, J. J., Macfarlane, R., & Buchanan, W. J. (2018). Privacy Parameter Variation using RAPPOR on a Malware Dataset. In Proceedings of 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications

Stricter data protection regulations and the poor application of privacy protection techniques have resulted in a requirement for data-driven companies to adopt new methods of analysing sensitive user data. The RAPPOR (Randomized Aggregatable Privacy... Read More about Privacy Parameter Variation using RAPPOR on a Malware Dataset.

Distance Measurement Methods for Improved Insider Threat Detection (2018)
Journal Article
Lo, O., Buchanan, W. J., Griffiths, P., & Macfarlane, R. (2018). Distance Measurement Methods for Improved Insider Threat Detection. Security and Communication Networks, 2018, 1-18. https://doi.org/10.1155/2018/5906368

Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account change... Read More about Distance Measurement Methods for Improved Insider Threat Detection.

A methodology for the security evaluation within third-party Android Marketplaces (2017)
Journal Article
Buchanan, W. J., Chiale, S., & Macfarlane, R. (2017). A methodology for the security evaluation within third-party Android Marketplaces. Digital Investigation, 23, 88-98. https://doi.org/10.1016/j.diin.2017.10.002

This paper aims to evaluate possible threats with unofficial Android marketplaces, and geo localize the malware distribution over three main regions: China, Europe; and Russia. It provides a comprehensive review of existing academic literature about... Read More about A methodology for the security evaluation within third-party Android Marketplaces.

Review of e-Health Frameworks. (2015)
Presentation / Conference Contribution
Prajapati, B., Buchanan, W. J., Smales, A., Macfarlane, R., & Spyra, G. (2015). Review of e-Health Frameworks. In Health Informatics Conference 2015

In order to improve the quality of health care and widen the accessibility, health care providers are consistently looking to inject information and communication technology to the traditional health care system (Mair, et al., 2012). This process can... Read More about Review of e-Health Frameworks..

Evaluation of TFTP DDoS amplification attack (2015)
Journal Article
Sieklik, B., Macfarlane, R., & Buchanan, W. J. (2016). Evaluation of TFTP DDoS amplification attack. Computers and Security, 57, 67-92. https://doi.org/10.1016/j.cose.2015.09.006

Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013). This appears to be a significant issue, since many major businesses seem to provide these s... Read More about Evaluation of TFTP DDoS amplification attack.

Evaluation of the DFET Cloud. (2015)
Presentation / Conference Contribution
Buchanan, W. J., Ramsay, B., Macfarlane, R., Smales, A., Keane, E., Callahan, C., …Popov, O. (2015, September). Evaluation of the DFET Cloud. Paper presented at Cybercrime Forensics Education and Training (CFET) conference

The DFET (Digital Forensics Evaluation and Training) Cloud creates new training methods/techniques to support judicial authorities, law enforcement agencies and associated stakeholders in the fight against cybercrime through the development of a virt... Read More about Evaluation of the DFET Cloud..

Teaching penetration and malware analysis in a cloud-based environment. (2015)
Presentation / Conference Contribution
Buchanan, W. J., Ramsay, B., Macfarlane, R., Smales, A., & Russell, G. (2015, June). Teaching penetration and malware analysis in a cloud-based environment. Paper presented at UK Workshop on Cybersecurity Training & Education

This paper outlines evaluation of running a private Cloud-based system over two semesters at Edinburgh Napier University for two modules: Security Testing and Advanced Network Forensics (BEng (Hons) level and focused on Penetration testing and Malwar... Read More about Teaching penetration and malware analysis in a cloud-based environment..

Fast contraband detection in large capacity disk drives (2015)
Presentation / Conference Contribution
Penrose, P., Buchanan, W. J., & Macfarlane, R. (2015). Fast contraband detection in large capacity disk drives. Digital Investigation, 12(S1), S22-S29. https://doi.org/10.1016/j.diin.2015.01.007

In recent years the capacity of digital storage devices has been increasing at a rate that has left digital forensic services struggling to cope. There is an acknowledgement that current forensic tools have failed to keep up. The workload is such tha... Read More about Fast contraband detection in large capacity disk drives.

Evaluating Digital Forensic Tools (DFTs). (2014)
Presentation / Conference Contribution
Flandrin, F., Buchanan, W. J., Macfarlane, R., Ramsay, B., & Smales, A. (2014). Evaluating Digital Forensic Tools (DFTs). In 7th International Conference : Cybercrime Forensics Education & Training

This paper outlines the key methods used in the evaluation of digital forensics tools.

Embedding programming skills to support the student journey in networking, security and digital forensics. (2014)
Presentation / Conference Contribution
Lawson, A., & Macfarlane, R. (2014, April). Embedding programming skills to support the student journey in networking, security and digital forensics. Paper presented at HEA STEM Annual Learning and Teaching Conference 2014: Enhancing the STEM Student Jou

The development of programming skills by Networking graduates, and Security and Digital Forensics graduates is highly sought after by employers, both in industry, and in academia for staffing research and knowledge exchange projects. Placements offer... Read More about Embedding programming skills to support the student journey in networking, security and digital forensics..

Experimental evaluation of disk sector hash comparison for forensic triage using a Bloom filter. (2013)
Presentation / Conference Contribution
Buchanan, W. J., Macfarlane, R., & Clayton, J. (2013). Experimental evaluation of disk sector hash comparison for forensic triage using a Bloom filter. In G. Weir, & M. Daley (Eds.), Cyberforensics Perspectives : Proceedings of the 3rd International Confe

There is a problem in the world of digital forensics. The demands on digital forensic investigators and resources will continue to increase as the use of computers and other electronic devices increases, and as the storage capacity of these devices i... Read More about Experimental evaluation of disk sector hash comparison for forensic triage using a Bloom filter..

Approaches to the classification of high entropy file fragments. (2013)
Journal Article
Penrose, P., Macfarlane, R., & Buchanan, W. J. (2013). Approaches to the classification of high entropy file fragments. Digital Investigation, 10(4), 372-384. https://doi.org/10.1016/j.diin.2013.08.004

In this paper we propose novel approaches to the problem of classifying high entropy file fragments. We achieve 97% correct classification for encrypted fragments and 78% for compressed. Although classification of file fragments is central to the sci... Read More about Approaches to the classification of high entropy file fragments..

Security issues of a publicly accessible cloud computing infrastructure. (2012)
Presentation / Conference Contribution
Russell, G., & Macfarlane, R. (2012). Security issues of a publicly accessible cloud computing infrastructure. In Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom-2012) (1210-1

Edinburgh Napier University runs a custom cloud computing infrastructure for both student and public use. Such access carries dangers, both reputational and legal, as accidental or deliberate acts by users can be dangerous to other systems. This pape... Read More about Security issues of a publicly accessible cloud computing infrastructure..

A forensic image description language for generating test images. (2012)
Presentation / Conference Contribution
Russell, G., Macfarlane, R., & Ludwiniak, R. (2012). A forensic image description language for generating test images. In Proceedings of the 6th International Conference on Cybercrime Forensics Education & Training

Digital Forensics is a fast developing job market, as well as being topical and interesting, and as such is an area in which University students are keen to develop and study. At Edinburgh Napier University this topic has been taught with flexible an... Read More about A forensic image description language for generating test images..

Cloud Forensics. (2012)
Presentation / Conference Contribution
Buchanan, W. J., Macfarlane, R., Graves, J., Fan, L., Ekonomou, E., & Bose, N. (2012, March). Cloud Forensics. Paper presented at International Seminar on Policing Digital Crime

This presentation outlines the usage of digital forensics in the Cloud.

A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS). (2011)
Presentation / Conference Contribution
Buchanan, W. J., Flandrin, F., Macfarlane, R., & Graves, J. (2011). A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS). In Cyberforensics 2011

This paper defines a methodology for the evaluation of a Rate-based Intrusion Prevention System (IPS) for a Distributed Denial of Service (DDoS) threat. This evaluation system uses realistic background traffic along with attacking traffic, with four... Read More about A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS)..

Performance and student perception evaluation of cloud-based virtualised security and digital forensics labs. (2011)
Journal Article
Buchanan, W. J., Graves, J., Bose, N., Macfarlane, R., Davison, B., & Ludwiniak, R. (2011). Performance and student perception evaluation of cloud-based virtualised security and digital forensics labs. HEA ICS Conference,

This paper focuses on the integration of virtualised environments within the teaching of computer security and digital forensics, and includes three case studies. The first case study involves assessing student perception on the usage of VMware Works... Read More about Performance and student perception evaluation of cloud-based virtualised security and digital forensics labs..

Formal security policy implementations in network firewalls. (2011)
Journal Article
Macfarlane, R., Buchanan, W. J., Ekonomou, E., Uthmani, O., Fan, L., & Lo, O. (2012). Formal security policy implementations in network firewalls. Computers and Security, 31(2), 253-270. https://doi.org/10.1016/j.cose.2011.10.003

Network security should be based around security policies. From high-level natural language, non-technical, policies created by management, down to device and vendor specific policies, or configurations, written by network system administrators. Ther... Read More about Formal security policy implementations in network firewalls..

Cloud-based digital forensics evaluation test (D-FET) platform. (2011)
Presentation / Conference Contribution
Buchanan, W. J., Macfarlane, R., Flandrin, F., Graves, J., Fan, L., Ekonomou, E., …Ludwiniak, R. (2011, June). Cloud-based digital forensics evaluation test (D-FET) platform. Paper presented at Cyberforensics 2011

This paper outlines the specification of the Cloud-based DFET platform which is used to evaluate the performance of digital forensics tools, which aim to detect the presence of trails of evidence, such as for the presence of illicit images and determ... Read More about Cloud-based digital forensics evaluation test (D-FET) platform..

D-FET – A community cloud for enhancing skills using virtualised environments and cloud-based infrastructures. (2011)
Presentation / Conference Contribution
Buchanan, W. J., & Macfarlane, R. (2011, June). D-FET – A community cloud for enhancing skills using virtualised environments and cloud-based infrastructures. Paper presented at Scottish Higher Education Employability Conference: Strengthening Partnersh

The use of virtualised and cloud-based environments provide an excellent opportunity to enhance learning and to provide students with skills which match exactly to the requirements of industry, along with integrating with professional certification.... Read More about D-FET – A community cloud for enhancing skills using virtualised environments and cloud-based infrastructures..

Student perception of on-line lectures with a blended learning environment. (2010)
Presentation / Conference Contribution
Buchanan, W. J., Macfarlane, R., & Ludwiniak, R. (2010). Student perception of on-line lectures with a blended learning environment.

Educational institutions are increasingly moving towards enhancing learning through the use of integrated information technology. Blended, or augmented, learning, aims to support the traditional learning environment – where the instructor blends onli... Read More about Student perception of on-line lectures with a blended learning environment..

An integrated firewall policy validation tool (2009)
Thesis
Macfarlane, R. (2009). An integrated firewall policy validation tool. (Thesis). Edinburgh Napier University. Retrieved from http://researchrepository.napier.ac.uk/id/eprint/3971

Security policies are increasingly being implemented by organisations. Policies are mapped to device configurations to enforce the policies. This is typically performed manually by network administrators. The development and management of these enfor... Read More about An integrated firewall policy validation tool.