Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems (2020)
Journal Article
Mckeown, S., Russell, G., & Leimich, P. (2020). Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems. Journal of Digital Forensics, Security and Law, 14(3), Article 1

A common investigative task is to identify known contraband images on a device, which typically involves calculating cryptographic hashes for all the files on a disk and checking these against a database of known contraband. However, modern drives ar... Read More about Fast Forensic Triage Using Centralised Thumbnail Caches on Windows Operating Systems.

WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels (2019)
Conference Proceeding
Robles-Durazno, A., Moradpoor, N., McWhinnie, J., & Russell, G. (2019). WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels. In Proceedings of 15th IEEE International Conference on Control & Automation (ICCA). https://doi.org/10.1109/ICCA.2019.8899564

Industrial Control Systems (ICS) have faced a growing number of threats over the past few years. Reliance on isolated controls networks or air-gapped computers is no longer a feasible solution when it comes to protecting ICS. It is because the new ar... Read More about WaterLeakage: A Stealthy Malware for Data Exfiltration on Industrial Control Systems Using Visual Channels.

Deriving ChaCha20 Key Streams From Targeted Memory Analysis (2019)
Journal Article
McLaren, P., Buchanan, W. J., Russell, G., & Tan, Z. (2019). Deriving ChaCha20 Key Streams From Targeted Memory Analysis. Journal of Information Security and Applications, 48, Article 102372. https://doi.org/10.1016/j.jisa.2019.102372

There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memo... Read More about Deriving ChaCha20 Key Streams From Targeted Memory Analysis.

PLC Memory Attack Detection and Response in a Clean Water Supply System (2019)
Journal Article
Robles-Durazno, A., Moradpoor, N., McWhinnie, J., Russell, G., & Maneru-Marin, I. (2019). PLC Memory Attack Detection and Response in a Clean Water Supply System. International Journal of Critical Infrastructure Protection, 26, https://doi.org/10.1016/j.ijcip.2019.05.003

Industrial Control Systems (ICS) are frequently used in manufacturing and critical infrastructures like water treatment, chemical plants, and transportation schemes. Citizens tend to take modern-day conveniences such as trains, planes or tap water fo... Read More about PLC Memory Attack Detection and Response in a Clean Water Supply System.

Decrypting Live SSH Traffic in Virtual Environments (2019)
Journal Article
Mclaren, P., Russell, G., Buchanan, W. J., & Tan, Z. (2019). Decrypting Live SSH Traffic in Virtual Environments. Digital Investigation, 29, 109-117. https://doi.org/10.1016/j.diin.2019.03.010

Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDe-... Read More about Decrypting Live SSH Traffic in Virtual Environments.

Reducing the Impact of Network Bottlenecks on Remote Contraband Detection (2018)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018). Reducing the Impact of Network Bottlenecks on Remote Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). https://doi.org/10.1109/CyberSecPODS.2018.8560671

Cloud based storage is increasing in popularity, with large volumes of data being stored remotely. Digital forensics investigators examining such systems remotely are limited by bandwidth constraints when accessing this kind of data using traditi... Read More about Reducing the Impact of Network Bottlenecks on Remote Contraband Detection.

Sub-file Hashing Strategies for Fast Contraband Detection (2018)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2018). Sub-file Hashing Strategies for Fast Contraband Detection. In 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). https://doi.org/10.1109/CyberSecPODS.2018.8560680

Traditional digital forensics processes do not scale well with the huge quantities of data present in a modern investigation, resulting in large investigative backlogs for many law enforcement agencies. Data reduction techniques are required for fast... Read More about Sub-file Hashing Strategies for Fast Contraband Detection.

A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system (2018)
Conference Proceeding
Robles-Durazno, A., Moradpoor, N., McWhinnie, J., & Russell, G. (2018). A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system. In Proceedings of the IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2018). https://doi.org/10.1109/CyberSecPODS.2018.8560683

Industrial Control Systems are part of our daily life in industries such as transportation, water, gas, oil, smart cities, and telecommunications. Technological development over time have improved their components including operating system platforms... Read More about A supervised energy monitoring-based machine learning approach for anomaly detection in a clean water supply system.

Fingerprinting JPEGs With Optimised Huffman Tables (2018)
Journal Article
McKeown, S., Russell, G., & Leimich, P. (2018). Fingerprinting JPEGs With Optimised Huffman Tables. Journal of Digital Forensics, Security and Law, 13(2), Article 7. https://doi.org/10.15394/jdfsl.2018.1451

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given medium, and comparing indiv... Read More about Fingerprinting JPEGs With Optimised Huffman Tables.

Machine learning and semantic analysis of in-game chat for cyber bullying (2018)
Journal Article
Murnion, S., Buchanan, W. J., Smales, A., & Russell, G. (2018). Machine learning and semantic analysis of in-game chat for cyber bullying. Computers and Security, 76, 197-213. https://doi.org/10.1016/j.cose.2018.02.016

One major problem with cyberbullying research is the lack of data, since researchers are traditionally forced to rely on survey data where victims and perpetrators self-report their impressions. In this paper, an automatic data collection system is p... Read More about Machine learning and semantic analysis of in-game chat for cyber bullying.

Mining malware command and control traces (2018)
Conference Proceeding
McLaren, P., Russell, G., & Buchanan, B. (2018). Mining malware command and control traces. In Proceedings of the SAI Computing Conference 2017. https://doi.org/10.1109/SAI.2017.8252185

Detecting botnets and advanced persistent threats is a major challenge for network administrators. An important component of such malware is the command and control channel, which enables the malware to respond to controller commands. The detection o... Read More about Mining malware command and control traces.

Fast Filtering of Known PNG Files Using Early File Features (2017)
Conference Proceeding
McKeown, S., Russell, G., & Leimich, P. (2017). Fast Filtering of Known PNG Files Using Early File Features. In Proceedings of the Conference on Digital Forensics, Security and Law

A common task in digital forensics investigations is to identify known contraband images. This is typically achieved by calculating a cryptographic digest, using hashing algorithms such as SHA256, for each image on a given media, comparing individual... Read More about Fast Filtering of Known PNG Files Using Early File Features.

Performance Evaluation of a Fragmented Secret Share System (2017)
Conference Proceeding
Ukwandu, E., Buchanan, W. J., & Russell, G. (2017). Performance Evaluation of a Fragmented Secret Share System. In Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA 2017). https://doi.org/10.1109/cybersa.2017.8073396

There are many risks in moving data into public storage environments, along with an increasing threat around large-scale data leakage. Secret sharing scheme has been proposed as a keyless and resilient mechanism to mitigate this, but scaling through... Read More about Performance Evaluation of a Fragmented Secret Share System.

Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. (2016)
Journal Article
Li, S., Tryfonas, T., Russell, G., & Andriotis, P. (2016). Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. IEEE Transactions on Cybernetics, 46(8), 1749-1759. https://doi.org/10.1109/TCYB.2016.2537649

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security... Read More about Risk assessment for mobile systems through a multilayered hierarchical Bayesian network..

Real-time monitoring of privacy abuses and intrusion detection in android system (2015)
Conference Proceeding
Li, S., Chen, J., Spyridopoulos, T., Andriotis, P., Ludwiniak, R., & Russell, G. (2015). Real-time monitoring of privacy abuses and intrusion detection in android system. In Human Aspects of Information Security, Privacy, and Trust (379-390). https://doi.org/10.1007/978-3-319-20376-8_34

In this paper, we investigated the definition of privacy, privacy abuse behaviours, and the privacy abuse in Android systems, which may be very useful for identifying the malicious apps from 'normal' apps. We also investigated the injection technolog... Read More about Real-time monitoring of privacy abuses and intrusion detection in android system.

Teaching penetration and malware analysis in a cloud-based environment. (2015)
Presentation / Conference
Buchanan, W. J., Ramsay, B., Macfarlane, R., Smales, A., & Russell, G. (2015, June). Teaching penetration and malware analysis in a cloud-based environment. Paper presented at UK Workshop on Cybersecurity Training & Education

This paper outlines evaluation of running a private Cloud-based system over two semesters at Edinburgh Napier University for two modules: Security Testing and Advanced Network Forensics (BEng (Hons) level and focused on Penetration testing and Malwar... Read More about Teaching penetration and malware analysis in a cloud-based environment..

Multiple traffic signal control using a genetic algorithm (1999)
Conference Proceeding
Kalganova, T., Russell, G., & Cumming, A. (1999). Multiple traffic signal control using a genetic algorithm. In A. Dobnikar, N. C. Steele, D. W. Pearson, & R. F. Albrecht (Eds.), Artificial Neural Nets and Genetic Algorithms (220-228). https://doi.org/10.1007/978-3-7091-6384-9_38

Optimising traffic signal timings for a multiple-junction road network is a difficult but important problem. The essential difficulty of this problem is that the traffic signals need to coordinate their behaviours to achieve the common goal of optimi... Read More about Multiple traffic signal control using a genetic algorithm.

Accurate rapid simulation of urban traffic using discrete modelling. (1996)
Report
Russell, G., Shaw, P., & Ferguson, N. (1996). Accurate rapid simulation of urban traffic using discrete modelling

Increasing model complexity has traditionally been viewed as a key way of improving microscopic model accuracy. However, with complexity comes an increase in execution time. In some applications, such as UTC systems, low execution times and a high de... Read More about Accurate rapid simulation of urban traffic using discrete modelling..

Process algebras and the rapid simulation of highly concurrent systems. (1995)
Conference Proceeding
Bate, M., Cowie, A., Milne, G., & Russell, G. (1995). Process algebras and the rapid simulation of highly concurrent systems. In Proceedings of the 18th Australasian Computer Science Conference (21-31)

No abstract available.

The rapid simulation of urban traffic using field programmable gate arrays. (1994)
Conference Proceeding
Russell, G., Shaw, P., McInnes, J., & Ferguson, N. (1994). The rapid simulation of urban traffic using field programmable gate arrays. In International Conference on Application of New Technology to Transport Systems (107-122)

Conventional traffic simulation techniques, employing continuous movement of vehicles, do not have a sufficiently fast responce time for the real-time operational control of an urban network. A new simulation technique is proposed using field-program... Read More about The rapid simulation of urban traffic using field programmable gate arrays..