Fast Filtering of Known PNG Files Using Early File Features (2017)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2017, May). Fast Filtering of Known PNG Files Using Early File Features. Presented at Annual Conference on Digital Forensics, Security and Law, Daytona Beach, Florida

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual... Read More about Fast Filtering of Known PNG Files Using Early File Features.

Quantum Encrypted Signals on Multiuser Optical Fiber Networks: Simulation Analysis of Next Generation Services and Technologies (2017)
Presentation / Conference Contribution
Asif, R. (2017, November). Quantum Encrypted Signals on Multiuser Optical Fiber Networks: Simulation Analysis of Next Generation Services and Technologies. Presented at IEEE Network of the Future (NoF) conference, London, UK

Data encryption is gaining much attention these days from the research community and industry for transmitting secure information over access networks, i.e. 'fiber-to-the-home (FTTH)' networks and data centers. It is important that the newly designed... Read More about Quantum Encrypted Signals on Multiuser Optical Fiber Networks: Simulation Analysis of Next Generation Services and Technologies.

Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse (2017)
Presentation / Conference Contribution
Kintis, P., Miramirkhani, N., Lever, C., Chen, Y., Romero-Gómez, R., Pitropakis, N., Nikiforakis, N., & Antonakakis, M. (2017, October). Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse. Presented at 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, Texas, USA

Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called "combosquatting," in which attackers register... Read More about Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse.

Performance Evaluation of a Fragmented Secret Share System (2017)
Presentation / Conference Contribution
Ukwandu, E., Buchanan, W. J., & Russell, G. (2017, June). Performance Evaluation of a Fragmented Secret Share System. Presented at 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)

There are many risks in moving data into public storage environments, along with an increasing threat around large-scale data leakage. Secret sharing scheme has been proposed as a keyless and resilient mechanism to mitigate this, but scaling through... Read More about Performance Evaluation of a Fragmented Secret Share System.

A framework for data security in cloud using collaborative intrusion detection scheme (2017)
Presentation / Conference Contribution
Nagar, U., Nanda, P., He, X., & Tan, Z. (. (2017, October). A framework for data security in cloud using collaborative intrusion detection scheme. Presented at Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17, Jaipur, India

Cloud computing offers an on demand, elastic, global network access to a shared pool of resources that can be configured on user demand. It offers a unique pay-as-you go feature which is based on measured usage and can be compared to other utility se... Read More about A framework for data security in cloud using collaborative intrusion detection scheme.

A methodology for the security evaluation within third-party Android Marketplaces (2017)
Journal Article
Buchanan, W. J., Chiale, S., & Macfarlane, R. (2017). A methodology for the security evaluation within third-party Android Marketplaces. Digital Investigation, 23, 88-98. https://doi.org/10.1016/j.diin.2017.10.002

This paper aims to evaluate possible threats with unofficial Android marketplaces, and geo localize the malware distribution over three main regions: China, Europe; and Russia. It provides a comprehensive review of existing academic literature about... Read More about A methodology for the security evaluation within third-party Android Marketplaces.

Insider threat detection using principal component analysis and self-organising map (2017)
Presentation / Conference Contribution
Moradpoor, N., Brown, M., & Russell, G. (2017, October). Insider threat detection using principal component analysis and self-organising map. Presented at Proceedings of the 10th International Conference on Security of Information and Networks - SIN '17, India

An insider threat can take on many aspects. Some employees abuse their positions of trust by disrupting normal operations, while others export valuable or confidential data which can damage the employer's marketing position and reputation. In additio... Read More about Insider threat detection using principal component analysis and self-organising map.

Analysis of the adoption of security headers in HTTP (2017)
Journal Article
Buchanan, W. J., Helme, S., & Woodward, A. (2018). Analysis of the adoption of security headers in HTTP. IET Information Security, 12(2), 118-126. https://doi.org/10.1049/iet-ifs.2016.0621

With the increase in the number of threats within Web-based systems, a more integrated approach is required to ensure the enforcement of security policies from the server to the client. These policies aim to stop man-in-the-middle attacks, code injec... Read More about Analysis of the adoption of security headers in HTTP.

An Intrusion Detection System Based on Polynomial Feature Correlation Analysis (2017)
Presentation / Conference Contribution
Li, Q., Tan, Z., Jamdagni, A., Nanda, P., He, X., & Han, W. (2017, August). An Intrusion Detection System Based on Polynomial Feature Correlation Analysis. Presented at 2017 IEEE Trustcom/BigDataSE/ICESS

This paper proposes an anomaly-based Intrusion Detection System (IDS), which flags anomalous network traffic with a distance-based classifier. A polynomial approach was designed and applied in this work to extract hidden correlations from traffic rel... Read More about An Intrusion Detection System Based on Polynomial Feature Correlation Analysis.

Cryptography (2017)
Book
Buchanan, B. (2017). Cryptography. River Publishers

Cryptography has proven to be one of the most contentious areas in modern society. For some it protects the rights of individuals to privacy and security, while for others it puts up barriers against the protection of our society. This book aims to d... Read More about Cryptography.

Towards self-defending control systems in cybersecurity analysis and measures in industrial automation systems (2017)
Presentation / Conference Contribution
Soufian, M. (2017, June). Towards self-defending control systems in cybersecurity analysis and measures in industrial automation systems. Presented at 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE), Edinburgh, Scotland

Towards self-defending control systems in cybersecurity analysis and measures in industrial automation systems.

Applied Machine Learning predictive analytics to SQL Injection Attack detection and prevention (2017)
Presentation / Conference Contribution
Uwagbole, S. O., Buchanan, W. J., & Fan, L. (2017, May). Applied Machine Learning predictive analytics to SQL Injection Attack detection and prevention. Presented at 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal

The back-end database is pivotal to the storage of the massive size of big data Internet exchanges stemming from cloud-hosted web applications to Internet of Things (IoT) smart devices. Structured Query Language (SQL) Injection Attack (SQLIA) remains... Read More about Applied Machine Learning predictive analytics to SQL Injection Attack detection and prevention.

Quantum-to-the-Home: Achieving Gbits/s Secure Key Rates via Commercial Off-the-Shelf Telecommunication Equipment (2017)
Journal Article
Asif, R., & Buchanan, W. J. (2017). Quantum-to-the-Home: Achieving Gbits/s Secure Key Rates via Commercial Off-the-Shelf Telecommunication Equipment. Security and Communication Networks, 2017, 1-10. https://doi.org/10.1155/2017/7616847

There is current significant interest in Fiber-to-the-Home (FTTH) networks, i.e. end-to-end optical connectivity. Currently, it may be limited due to the presence of last-mile copper wire connections. However, in near future it is envisaged that FTTH... Read More about Quantum-to-the-Home: Achieving Gbits/s Secure Key Rates via Commercial Off-the-Shelf Telecommunication Equipment.

Undermining our data: implications for trust in the population census (2017)
Presentation / Conference Contribution
Killick, L., Duff, A. S., Deakin, M., & Hall, H. (2017, June). Undermining our data: implications for trust in the population census. Paper presented at Information: interactions and impact (i3)

This paper draws on empirical work conducted as part of a multi-method research study funded by the Arts and Humanities Research Council (AHRC). It is concerned with public perceptions of an online population census and adds to prior work exploring... Read More about Undermining our data: implications for trust in the population census.

Cryptography across industry sectors (2017)
Journal Article
Buchanan, W. J., Woodward, A., & Helme, S. (2017). Cryptography across industry sectors. Journal of Cyber Security Technology, 1(3-4), 145-162. https://doi.org/10.1080/23742917.2017.1327221

Security adoption varies across industry sectors, where some companies such as Google, Apple and Microsoft are strong advocates of the adoption of HTTPS, while other companies, especially for news sites, have weak adoption. This paper provides a samp... Read More about Cryptography across industry sectors.

Secure and Scalable Identity Management for the Aviation Industry (2017)
Presentation / Conference Contribution
Kintis, P., Kountouras, A., Pitropakis, N., Dagon, D., Antonakakis, M., Markou, C., & Buchner, P. (2017, May). Secure and Scalable Identity Management for the Aviation Industry

No abstract available.

How WannaCry caused global panic but failed to turn much of a profit (2017)
Newspaper / Magazine
Buchanan, B. (2017). How WannaCry caused global panic but failed to turn much of a profit. https://theconversation.com/how-wannacry-caused-global-panic-but-failed-to-turn-much-of-a-profit-77740

The WannaCry cyber-attack led to panic across the globe, showing just how important it is for organisations to have secure operating systems. This was not even the most sophisticated malware around. Numerous networks could easily cope with it and it... Read More about How WannaCry caused global panic but failed to turn much of a profit.

Numerical Encoding to Tame SQL Injection Attacks (2017)
Presentation / Conference Contribution
Uwagbole, S. O., Buchanan, W. J., & Fan, L. (2017, May). Numerical Encoding to Tame SQL Injection Attacks. Presented at 3RD IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Lisbon, Portugal

Recent years have seen an astronomical rise in SQL Injection Attacks (SQLIAs) used to compromise the confidentiality, authentication and integrity of organisations' databases. Intruders becoming smarter in obfuscating web requests to evade detection... Read More about Numerical Encoding to Tame SQL Injection Attacks.

A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks (2017)
Journal Article
Sheykhkanloo, N. M. (2017). A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks. International Journal of Cyber Warfare and Terrorism, 7(2), 16-41. https://doi.org/10.4018/ijcwt.2017040102

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the sec... Read More about A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks.

The next cyberattack could come from sound waves (2017)
Newspaper / Magazine
Buchanan, B. (2017). The next cyberattack could come from sound waves. https://theconversation.com/the-next-cyberattack-could-come-from-sound-waves-74716

You might think your smartphone or laptop is relatively safe from cyber attacks thanks to anti-virus and encryption software. But your devices are increasingly at risk from “side-channel” attacks, where an intruder can bypass traditional network entr... Read More about The next cyberattack could come from sound waves.