Skip to main content

Research Repository

Advanced Search

Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems (2020)
Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020). Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3), Article 1

A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives ar... Read More about Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems.

WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels (2019)
Presentation / Conference Contribution
Robles-Durazno, A., Moradpoor, N., McWhinnie, J., & Russell, G. (2019, July). WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels. Presented at 15th IEEE International Conference on Control & Automation (ICCA), Edinburgh, Scotland

Industrial Control Systems (ICS) have faced a growing number of threats over the past few years. Reliance on isolated controls networks or air-gapped computers is no longer a feasible solution when it comes to protecting ICS. It is because the new ar... Read More about WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels.

Deriving ChaCha20 Key Streams From Targeted Memory Analysis (2019)
Journal Article
McLaren, P., Buchanan, W. J., Russell, G., & Tan, Z. (2019). Deriving ChaCha20 Key Streams From Targeted Memory Analysis. Journal of Information Security and Applications, 48, Article 102372. https://doi.org/10.1016/j.jisa.2019.102372

There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memo... Read More about Deriving ChaCha20 Key Streams From Targeted Memory Analysis.

PLC Memory Attack Detection and Response in a Clean Water Supply System (2019)
Journal Article
Robles-Durazno, A., Moradpoor, N., McWhinnie, J., Russell, G., & Maneru-Marin, I. (2019). PLC Memory Attack Detection and Response in a Clean Water Supply System. International Journal of Critical Infrastructure Protection, 26, https://doi.org/10.1016/j.ijcip.2019.05.003

Industrial Control Systems (ICS) are frequently used in manufacturing and critical infrastructures like water treatment, chemical plants, and transportation schemes. Citizens tend to take modern-day conveniences such as trains, planes or tap water fo... Read More about PLC Memory Attack Detection and Response in a Clean Water Supply System.

Decrypting Live SSH Traffic in Virtual Environments (2019)
Journal Article
Mclaren, P., Russell, G., Buchanan, W. J., & Tan, Z. (2019). Decrypting Live SSH Traffic in Virtual Environments. Digital Investigation, 29, 109-117. https://doi.org/10.1016/j.diin.2019.03.010

Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDe-... Read More about Decrypting Live SSH Traffic in Virtual Environments.

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection (2018)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2018, June). Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, UK

Cloud based storage is increasing in popularity, with
large volumes of data being stored remotely. Digital forensics
investigators examining such systems remotely are limited by
bandwidth constraints when accessing this kind of data using
traditi... Read More about Reducing the Impact of Network Bottlenecks on Remote Contraband Detection.

Sub-file Hashing Strategies for Fast Contraband Detection (2018)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2018, June). Sub-file Hashing Strategies for Fast Contraband Detection. Presented at IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018), Glasgow, Scotland

Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast... Read More about Sub-file Hashing Strategies for Fast Contraband Detection.

A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system (2018)
Presentation / Conference Contribution
Robles-Durazno, A., Moradpoor, N., McWhinnie, J., & Russell, G. (2018, June). A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system. Presented at Cyber Security 2018: 2018 International Conference on Cyber Security and Protection of Digital Services, Glasgow, United Kingdom

Industrial Control Systems are part of our daily life in industries such as transportation, water, gas, oil, smart cities, and telecommunications. Technological development over time have improved their components including operating system platforms... Read More about A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system.

Fingerprinting JPEGs With Optimised Huffman Tables (2018)
Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018). Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), Article 7. https://doi.org/10.15394/jdfsl.2018.1451

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing indiv... Read More about Fingerprinting JPEGs With Optimised Huffman Tables.

Machine learning and semantic analysis of in-game chat for cyber bullying (2018)
Journal Article
Murnion, S., Buchanan, W. J., Smales, A., & Russell, G. (2018). Machine learning and semantic analysis of in-game chat for cyber bullying. Computers and Security, 76, 197-213. https://doi.org/10.1016/j.cose.2018.02.016

One major problem with cyberbullying research is the lack of data, since researchers are traditionally forced to rely on survey data where victims and perpetrators self-report their impressions. In this paper, an automatic data collection system is p... Read More about Machine learning and semantic analysis of in-game chat for cyber bullying.

Mining malware command and control traces (2018)
Presentation / Conference Contribution
McLaren, P., Russell, G., & Buchanan, B. (2017, July). Mining malware command and control traces. Presented at 2017 Computing Conference

Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection o... Read More about Mining malware command and control traces.

Fast Filtering of Known PNG Files Using Early File Features (2017)
Presentation / Conference Contribution
McKeown, S., Russell, G., & Leimich, P. (2017, May). Fast Filtering of Known PNG Files Using Early File Features. Presented at Annual Conference on Digital Forensics, Security and Law, Daytona Beach, Florida

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual... Read More about Fast Filtering of Known PNG Files Using Early File Features.

Performance Evaluation of a Fragmented Secret Share System (2017)
Presentation / Conference Contribution
Ukwandu, E., Buchanan, W. J., & Russell, G. (2017, June). Performance Evaluation of a Fragmented Secret Share System. Presented at 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)

There are many risks in moving data into public storage environments, along with an increasing threat around large-scale data leakage. Secret sharing scheme has been proposed as a keyless and resilient mechanism to mitigate this, but scaling through... Read More about Performance Evaluation of a Fragmented Secret Share System.

Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. (2016)
Journal Article
Li, S., Tryfonas, T., Russell, G., & Andriotis, P. (2016). Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. IEEE Transactions on Cybernetics, 46(8), 1749-1759. https://doi.org/10.1109/TCYB.2016.2537649

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security... Read More about Risk assessment for mobile systems through a multilayered hierarchical Bayesian network..

Real-time monitoring of privacy abuses and intrusion detection in android system (2015)
Presentation / Conference Contribution
Li, S., Chen, J., Spyridopoulos, T., Andriotis, P., Ludwiniak, R., & Russell, G. (2015, August). Real-time monitoring of privacy abuses and intrusion detection in android system. Presented at International Conference on Human Aspects of Information Security, Privacy, and Trust, Los Angeles, CA, USA

In this paper, we investigated the definition of privacy, privacy abuse behaviours, and the privacy abuse in Android systems, which may be very useful for identifying the malicious apps from 'normal' apps. We also investigated the injection technolog... Read More about Real-time monitoring of privacy abuses and intrusion detection in android system.

Teaching penetration and malware analysis in a cloud-based environment. (2015)
Presentation / Conference Contribution
Buchanan, W. J., Ramsay, B., Macfarlane, R., Smales, A., & Russell, G. (2015, June). Teaching penetration and malware analysis in a cloud-based environment. Paper presented at UK Workshop on Cybersecurity Training & Education

This paper outlines evaluation of running a private Cloud-based system over two semesters at Edinburgh Napier University for two modules: Security Testing and Advanced Network Forensics (BEng (Hons) level and focused on Penetration testing and Malwar... Read More about Teaching penetration and malware analysis in a cloud-based environment..

Multiple traffic signal control using a genetic algorithm (1999)
Presentation / Conference Contribution
Kalganova, T., Russell, G., & Cumming, A. (1999, December). Multiple traffic signal control using a genetic algorithm. Presented at 4th International Conference on Artificial Neural Networks and Genetic Algorithms, ICANNGA '99

Optimising traffic signal timings for a multiple-junction road network is a difficult but important problem. The essential difficulty of this problem is that the traffic signals need to coordinate their behaviours to achieve the common goal of optimi... Read More about Multiple traffic signal control using a genetic algorithm.

Accurate rapid simulation of urban traffic using discrete modelling. (1996)
Report
Russell, G., Shaw, P., & Ferguson, N. (1996). Accurate rapid simulation of urban traffic using discrete modelling

Increasing model complexity has traditionally been viewed as a key way of improving microscopic model accuracy. However, with complexity comes an increase in execution time. In some applications, such as UTC systems, low execution times and a high de... Read More about Accurate rapid simulation of urban traffic using discrete modelling..

DAIS: An Object-Addressed Processor Cache (1994)
Presentation / Conference Contribution
Russell, G., Shaw, P., & Cockshott, W. P. (1994, September). DAIS: An Object-Addressed Processor Cache. Presented at Sixth International Workshop on Persistent Object Systems, Tarascon, Provence, France

DAIS is a proposed processor incorporating hardware-based object addressing. By providing only the very minimum of support for objects, it allows efficient access via a novel caching system. Object addressing is supported at the instruction level, wi... Read More about DAIS: An Object-Addressed Processor Cache.