Skip to main content

Research Repository

Advanced Search

WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels (2019)
Presentation / Conference Contribution
Robles-Durazno, A., Moradpoor, N., McWhinnie, J., & Russell, G. (2019, July). WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels. Presented at 15th IEEE International Conference on Control & Automation (ICCA), Edinburgh, Scotland

Industrial Control Systems (ICS) have faced a growing number of threats over the past few years. Reliance on isolated controls networks or air-gapped computers is no longer a feasible solution when it comes to protecting ICS. It is because the new ar... Read More about WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels.

Decrypting Live SSH Traffic in Virtual Environments (2019)
Journal Article
Mclaren, P., Russell, G., Buchanan, W. J., & Tan, Z. (2019). Decrypting Live SSH Traffic in Virtual Environments. Digital Investigation, 29, 109-117. https://doi.org/10.1016/j.diin.2019.03.010

Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDe-... Read More about Decrypting Live SSH Traffic in Virtual Environments.

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection (2018)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2018, June). Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, UK

Cloud based storage is increasing in popularity, with
large volumes of data being stored remotely. Digital forensics
investigators examining such systems remotely are limited by
bandwidth constraints when accessing this kind of data using
traditi... Read More about Reducing the Impact of Network Bottlenecks on Remote Contraband Detection.

Sub-file Hashing Strategies for Fast Contraband Detection (2018)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2018, June). Sub-file Hashing Strategies for Fast Contraband Detection. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, Scotland

Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast... Read More about Sub-file Hashing Strategies for Fast Contraband Detection.

Mitigating Disaster using Secure Threshold-Cloud Architecture (2018)
Presentation / Conference Contribution
Ukwandu, E., Buchanan, W. J., & Russell, G. (2018, November). Mitigating Disaster using Secure Threshold-Cloud Architecture

There are many risks in moving data into public cloud environments, along with an increasing threat around large-scale data leakage during cloud outages. This work aims to apply secret sharing methods as used in cryptography to create shares of crypt... Read More about Mitigating Disaster using Secure Threshold-Cloud Architecture.

Fingerprinting JPEGs With Optimised Huffman Tables (2018)
Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018). Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), Article 7. https://doi.org/10.15394/jdfsl.2018.1451

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing indiv... Read More about Fingerprinting JPEGs With Optimised Huffman Tables.

Machine learning and semantic analysis of in-game chat for cyber bullying (2018)
Journal Article
Murnion, S., Buchanan, W. J., Smales, A., & Russell, G. (2018). Machine learning and semantic analysis of in-game chat for cyber bullying. Computers and Security, 76, 197-213. https://doi.org/10.1016/j.cose.2018.02.016

One major problem with cyberbullying research is the lack of data, since researchers are traditionally forced to rely on survey data where victims and perpetrators self-report their impressions. In this paper, an automatic data collection system is p... Read More about Machine learning and semantic analysis of in-game chat for cyber bullying.

Mining malware command and control traces (2018)
Presentation / Conference Contribution
McLaren, P., Russell, G., & Buchanan, B. (2017, July). Mining malware command and control traces. Presented at 2017 Computing Conference

Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection o... Read More about Mining malware command and control traces.

Fast Filtering of Known PNG Files Using Early File Features (2017)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2017, May). Fast Filtering of Known PNG Files Using Early File Features. Presented at Annual Conference on Digital Forensics, Security and Law, Daytona Beach, Florida

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual... Read More about Fast Filtering of Known PNG Files Using Early File Features.

Performance Evaluation of a Fragmented Secret Share System (2017)
Presentation / Conference Contribution
Ukwandu, E., Buchanan, W. J., & Russell, G. (2017, June). Performance Evaluation of a Fragmented Secret Share System. Presented at 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)

There are many risks in moving data into public storage environments, along with an increasing threat around large-scale data leakage. Secret sharing scheme has been proposed as a keyless and resilient mechanism to mitigate this, but scaling through... Read More about Performance Evaluation of a Fragmented Secret Share System.

Insider threat detection using principal component analysis and self-organising map (2017)
Presentation / Conference Contribution
Moradpoor, N., Brown, M., & Russell, G. (2017, October). Insider threat detection using principal component analysis and self-organising map. Presented at Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17, India

An insider threat can take on many aspects. Some employees abuse their positions of trust by disrupting normal operations, while others export valuable or confidential data which can damage the employer's marketing position and reputation. In additio... Read More about Insider threat detection using principal component analysis and self-organising map.

Secret shares to protect health records in Cloud-based infrastructures (2016)
Presentation / Conference Contribution
Buchanan, W. J., Ukwandu, E., van Deursen, N., Fan, L., Russell, G., Lo, O., & Thuemmler, C. (2015, October). Secret shares to protect health records in Cloud-based infrastructures. Presented at BCS Health Informatics 2015

Increasingly health records are stored in cloud-based systems, and often protected by a private key. Unfortunately the loss of this key can cause large-scale data loss. This paper outlines a novel Cloud-based architecture (SECRET) which supports keyl... Read More about Secret shares to protect health records in Cloud-based infrastructures.

Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. (2016)
Journal Article
Li, S., Tryfonas, T., Russell, G., & Andriotis, P. (2016). Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. IEEE Transactions on Cybernetics, 46(8), 1749-1759. https://doi.org/10.1109/TCYB.2016.2537649

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security... Read More about Risk assessment for mobile systems through a multilayered hierarchical Bayesian network..

RESCUE: Resilient Secret Sharing Cloud-based Architecture. (2015)
Presentation / Conference Contribution
Ukwandu, E., Buchanan, W. J., Fan, L., Russell, G., & Lo, O. (2015, August). RESCUE: Resilient Secret Sharing Cloud-based Architecture. Presented at TrustCom 2015 The 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

This paper presents an architecture (RESCUE) of a system that is capable of implementing: a keyless encryption method; self-destruction of data within a time frame without user’s intervention; and break-glass data recovery, with in-built failover pro... Read More about RESCUE: Resilient Secret Sharing Cloud-based Architecture..

The future internet: a world of secret shares (2015)
Journal Article
Buchanan, W. J., Lanc, D., Ukwandu, E., Fan, L., Russell, G., & Lo, O. (2015). The future internet: a world of secret shares. Future Internet, 7(4), 445-464. https://doi.org/10.3390/fi7040445

The PKI infrastructure is crumbling, especially due to the lack of a strong understanding of how encryption actually works, and in threats around its implementation. This paper outlines an Internet storage using secret sharing methods, and which coul... Read More about The future internet: a world of secret shares.

Real-time monitoring of privacy abuses and intrusion detection in android system (2015)
Presentation / Conference Contribution
Li, S., Chen, J., Spyridopoulos, T., Andriotis, P., Ludwiniak, R., & Russell, G. (2015, August). Real-time monitoring of privacy abuses and intrusion detection in android system. Presented at International Conference on Human Aspects of Information Security, Privacy, and Trust, Los Angeles, CA, USA

In this paper, we investigated the definition of privacy, privacy abuse behaviours, and the privacy abuse in Android systems, which may be very useful for identifying the malicious apps from 'normal' apps. We also investigated the injection technolog... Read More about Real-time monitoring of privacy abuses and intrusion detection in android system.

Teaching penetration and malware analysis in a cloud-based environment. (2015)
Presentation / Conference Contribution
Buchanan, W. J., Ramsay, B., Macfarlane, R., Smales, A., & Russell, G. (2015, June). Teaching penetration and malware analysis in a cloud-based environment. Paper presented at UK Workshop on Cybersecurity Training & Education

This paper outlines evaluation of running a private Cloud-based system over two semesters at Edinburgh Napier University for two modules: Security Testing and Advanced Network Forensics (BEng (Hons) level and focused on Penetration testing and Malwar... Read More about Teaching penetration and malware analysis in a cloud-based environment..

A forensic image description language for generating test images. (2012)
Presentation / Conference Contribution
Russell, G., Macfarlane, R., & Ludwiniak, R. (2012, September). A forensic image description language for generating test images

Digital Forensics is a fast developing job market, as well as being topical and interesting, and as such is an area in which University students are keen to develop and study. At Edinburgh Napier University this topic has been taught with flexible an... Read More about A forensic image description language for generating test images..