International Journal on Cyber Situational Awareness (IJCSA)

Editor-in-Chief: Dr Cyril Onwubiko, Chair Cyber Security Intelligence, E-Security Group, Research Series, London, UK

Associate Editors: Professor Frank Wang, Head of School  / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK

Dr Thomas Owens, Senior Lecturer & Director of Quality, Department of Electronic and Computer Engineering, Brunel University, London, UK

ISSN: (Print) 2057-2182  ISSN: (Online) 2057-2182

DOI: 10.22619/IJCSA

Published Bi-Annually. Est. 2014


Description

The International Journal of Cyber Situational Awareness (IJCSA) covers innovative research on theoretical and practical aspects of Situational Awareness on Cyber Systems.  The journal focuses on the advancement of the principles, methods and applications of situational awareness to support, enable and facilitate advances in Cyber Systems, Business Information Systems (BIS), Computer Network Defence (CND), Computer Physical Systems (CPS), Enterprise Internet of Things (IoTs), Social Media, Cyber Incident Responses, Control, Containment and Countermeasures (CIRC3), Blockchain and Crypto, Cloud Computing, Chaotic and Emerging aspects of Computing.

IJCSA is a multiple-blind peer reviewed international journal that provides academics, researchers and practitioners in academia, industries and government a platform and an opportunity to present original, innovative and cutting edge research outcomes. It is an open invitation to authors to publish their original and not previously published work. IJCSA is an open access publication, so all published papers are freely available online.

Table of Contents and List of Contributors

Article 12

Towards Network Science Enhanced Cyber Situational Awareness

Geoffrey B. Dobson, Timothy J. Shimeall and Kathleen M. Carley

A dynamic network analysis is conducted on network flow data to demonstrate an improvement in cyber situational awareness. The analysis begins by collecting network-level data (density, network centralization total degree, and fragmentation) on samples of network flow data using the SiLK collection and analysis suite. The next phase categorized the data into four types: autonomic inflow, autonomic outflow, human inflow, and human outflow.  Using the CASOS tool ORA, a series of dynamic network analyses were performed on each hour of the data. …

Article 13

YAAS – On the Attribution of Honeypot Data

Daniel Fraunholz, Daniel Krohmer, Simon Duque Antón, and Hans Dieter Schotten

One of the major issues in digital forensics and attack analysis is the attribution of an attack to a type of malicious adversary. This is especially important to determine the relevance of an incident with respect to the threat it poses to a system. In this work, a holistic scheme to derive characteristics from honeypot data and to map this data to an attacker model is introduced. This scheme takes data that is provided by deception systems of any kind …

Article 14

The Valleys of Death in Refugee Crisis

Jasmina Marić

The paper analyses the risks of a potential “Valley of Death” in the development of ICT (Information and Communication Technology) for refugees’ social integration. Today’s refugee crisis is distinct from previous ones because of the remarkable refugees’ reliance on technology. While academic literature widely accepts that ICT deployment is especially relevant to refugees’ social integration, little is done in terms of understanding that ICT impact requires a convergence of conditions of which ICT is only one of them. The paper questions the extent to which discrepancy between the ICT demand and supply creates a vacuum in the field of ICT for social inclusion. …

Article 15

Epidemic Response Model for Malware Defense on Computer Networks

Timilehin B. Aderinola, Aderonke F. Thompson, and Boniface K. Alese

The Internet came with serious security vulnerabilities. Now, malicious individuals may gain unauthorized access to protected resources and disrupt network services by using malicious software, also known as malware. Most malware rapidly self-propagate within a network like an infectious disease. The classical epidemic model has been applied to study malware epidemics in computer networks. This study adapted the Susceptible-Infected-Susceptible (SIS) epidemic model to design a defense response model for computer networks and analyse the model obtained using a game theoretic approach of the attacker and defender. …

Article 16

Transparent password policies: A case study of investigating end-user situational awareness

Alberto Bullo, Eliana Stavrou and Stavros Stavrou

Transparent password policies are utilized by organizations in an effort to ease the end-user (e.g. customer) from the burden of configuring authentication settings while maintaining a high level of security. However, authentication transparency can challenge security and usability and can impact the awareness of the end-users with regards to the protection level that is realistically achieved. For authentication transparency to be effective, the triptych security – usability – situational awareness should be considered when designing relevant security solutions / products. Although various efforts have been made in the literature, the usability aspects of the password selection process are not well understood or addressed in the context of end-user situational awareness. This research work specifies three security and usability-related strategies that represent the organizations’, the end users’ and the attackers’ objectives with regards to password construction. …

Article 17
Insight: An Application of Information Visualisation Techniques to Digital Forensics Investigations

Gavin Hales, Ian Ferguson,  and Jacqueline Archibald

As digital devices are becoming ever more ubiquitous in our day to day lives, more of our personal information and behavioural patterns are recorded on these devices. The volume of data held on these devices is substantial, and people investigating these datasets are facing growing backlog as a result. This is worsened by the fact that many software tools used in this area are text based and do not lend themselves to rapid processing by humans.  This body of work looks at several case studies in which these datasets were visualised in attempt to expedite processing by humans. A number of different 2D and 3D visualisation methods were trialled, and the results from these case studies fed into the design of a final tool which was tested with the assistance of a group of individuals studying Digital Forensics. …

Article 1

Understanding Cyber Situation Awareness

Cyril Onwubiko

Historically, situation awareness has been applied to mainstream disciplines such as psychology, air traffic control, and aviation. This trend has since changed. Situation awareness has expanded now into the Cyber domain such as social media, vehicular networks (VANET), cybersecurity, CERTs and computer network defense (CND) etc.  …

Article 2

A Public-Private-Partnership Model for National Cyber Situational Awareness

Timea Pahi and Florian Skopik

The information age has led to the merger of various infrastructures, from both business and governmental sectors and their functions, such as information technology, communication and transport systems, banking and finance, energy supply and process control systems. …

Article 3

Visual Analytics for Non-Expert Users in Cyber Situation Awareness

Philip Legg

The information age has led to the merger of various infrastructures, from both business and governmental sectors and their functions, such as information technology, communication and transport systems, banking and finance, energy supply and process control systems. …

Article 4

A Study on Situational Awareness Security and Privacy of Wearable Health Monitoring Devices

Xavier Bellekens, Kamila Nieradzinska, Alexandra Bellekens, Preetila Seeam, Andrew Hamilton and Amar Seeam

Situational Awareness provides a user centric approach to security and privacy. The human factor is often recognised as the weakest link in security, therefore situational perception and risk awareness play a leading role in the adoption and implementation of security mechanisms. In this study we assess the understanding of security and privacy of users in possession of wearable devices. …

Article 5

Instant Message Classification in Finnish Cyber Security Themed Free-Form Discussion

Samir Puuska, Matti J. Kortelainen, Viljami Venekoski and Jouko Vankka

Instant messaging enables rapid collaboration between professionals during cyber security incidents. However, monitoring discussion manually becomes challenging as the number of communication channels increases. Failure to identify relevant information from the free-form instant messages may lead to reduced situational awareness. In this paper, the problem was approached by developing a framework for classification of instant message topics of cyber security–themed discussion in Finnish. …

Article 6

Predicting the performance of users as human sensors of security threats in social media

Ryan Heartfield and George Loukas

While the human as a sensor concept has been utilised extensively for the detection of threats to safety and security in physical space, especially in emergency response and crime reporting, the concept is largely unexplored in the area of cyber security. Here, we evaluate the potential of utilising users as human sensors for the detection of cyber threats, specifically on social media. For this, we have conducted an online test and accompanying questionnaire-based survey, which was taken by 4,457 users. …

Article 7

Leveraging Biometrics for Insider Misuse Identification

Abdulrahman Alruban, Nathan Clarke, Fudong Li and Steven Furnell

Insider misuse has become a real threat to many enterprises in the last decade. A major source of such threats originates from those individuals who have inside knowledge about the organization’s resources. Therefore, preventing or responding to such incidents has become a challenging task. Digital forensics has grown into a de-facto standard in the examination of electronic evidence, which provides a basis for investigating incidents. …

Article 8

Attack Simulation based Software Protection Assessment Method with Petri Net

Gaofeng Zhang, Paolo Falcarin, Elena Gómez-Martínez, Shareeful Islam, Christophe Tartary, Bjorn De Sutter and Jérôme d’Annoville  

Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving valuable software assets. However, software developers still lack an effective methodology for the assessment of deployed protections, especially in the area of mobile applications. To solve these issues, we present a novel attack simulation based software protection assessment method to evaluate and compare different protection solutions. Our solution relies on Petri Nets to specify and visualize attack models of mobile applications. …

Article 9

Detecting bots using multi-level traffic analysis

Matija Stevanovic and Jens Myrup Pedersen

Botnets, as networks of compromised “zombie” computers, represent one of the most serious security threats on the Internet today. This paper explores how machines compromised with bot malware can be identified at local and enterprise networks in accurate and time-efficient manner. The paper introduces a novel multi-level botnet detection approach that performs network traffic analysis of three protocols widely considered as the main carriers of botnet Command and Control (C&C) and attack traffic, i.e. TCP, UDP and DNS. The proposed method relies on supervised machine learning for identifying patterns of botnet network traffic. …

Article 10

A Review of Significance of Energy-Consumption Anomaly in Malware Detection in Mobile Devices

Jameel Qadri, Thomas M. Chen and Jorge Blasco

Mobile devices, such as smartphones, have become an important part of modern lives. However, as these devices have tremendously become popular they are attracting a range of attacks. Malware is one of the serious threats posed to smartphones by the attackers. Due to the limited resources of mobile devices malware detection on these devices remains a challenge. Malware detection techniques based on energy-consumption anomaly present several advantages to circumvent the resource constraints of mobile devices. …

Article 11

N-gram Opcode Analysis for Android Malware Detection

BooJoong Kang, Suleiman Y. Yerima, Sakir Sezer and Kieran McLaughlin

Android malware has been on the rise in recent years due to the increasing popularity of Android and the proliferation of third party application markets. Emerging Android malware families are increasingly adopting sophisticated detection avoidance techniques and this calls for more effective approaches for Android malware detection. …

Topics Covered

Situational Awareness for Computer Networks Defense

  • Computer Network Defense
  • Cyber Situation Awareness
  • Correlation & Automation

Collaborative Situation Awareness for Decision Making

  • Collaborative Defense Approach
  • Situation Assessment & Decision Making

Defense Strategy for the Enhancement of Situational Awareness

  • Risk Management, Governance and Compliance
  • Trust, Privacy and Anonymity Issues
  • Digital Forensic Information Analysis
  • Enterprise Information Security Policies, Standards and Procedures
  • Risks posed by Wireless Networks, including through the use of Mobile Computing, BYOD, Wearable in CND environment

Cyber Situational Awareness Tools & Techniques

  • Fuzzy Logic
  • Rough Set
  • Artificial Neural Networks
  • Artificial Intelligence
  • Genetic Algorithm
  • Evidence Theory (DST)
  • Bayesian Networks & Set Theory
  • Big Data Analytics
  • Game Theory
  • Graph Theory

Network Situational Awareness

  • Cyber Attack Scenarios
  • Situation-Aware and Context-Aware Network Applications
  • CERTs and CSIRTs
  • Security Event and Information Management
  • Application Security, Audits and Penetration Testing

Human Factor Cognitive

  • Workload
  • Perception
  • Stress
  • Knowledge
  • Training and Expertise
  • Risk Assessment and Decision Making
  • Forecasting and Prediction
  • Operator SA& Team SA

National and Critical Infrastructure Security Issues

  • Information Security
  • Cyber Security
  • Database Security
  • Application Security
  • Law Enforcement and Surveillance
  • Border Protection and Controls
  • Cyber Warfare and Counter Terrorism

Situation Awareness in Military Operations

  • Military Doctrinal in Situation Awareness
  • C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance)
  • Computer Network Operations
  • Computer Network Defense
  • Mission Awareness, Command and Control

Analysis of Large-Scale Internet Traffic

  • Attack Graphs
  • Advanced Security Incident Analysis
  • Sensor Correlation and Cross-Correlation
  • Implementing Situational Awareness Systems
  • Information Security Metrics and Measurements

Web Traffic Characterisation

  • Intrusion Detection Systems
  • Traffic Characterisation Techniques
  • Web Analytics
  • Security Incident Response

Cyber Situational Awareness Frameworks

  • Proactive Defense Strategies
  • Instance-Based Learning
  • Adaptive Neural Logic
  • Human-Assisted Decision Control
  • Human in the Loop
  • Automated Self-Responder

Fusion Centres

  • Tools for Metric Optimisation
  • Visualisation and Digital Analytics
  • Data Mining
  • Filtration, Selection, and Risk-Based Prioritisation
  • Metrics for Evaluation and Assessment

Situational Awareness Applications

  • Situational Awareness in C4ISR
  • Situational Awareness in Cyber Command and Control Centres
  • Situational Awareness in Intrusion Defense
  • Situational Awareness in Cyber Physical Systems (CPS)
  • Situational Awareness for Internet of Things (IoTs), Enterprise Internet of Things (EIoTs)
  • Open Source Applications

Designing Cyber Situational Awareness Solutions and Services

  • Functional Requirements for Situation-aware services
  • Non-Functional Requirements for Situation-aware Services and solutions
  • Interface Design
  • Interoperability
  • Dynamism
  • Complexity
  • Performance
  • Automation
  • Realtime Processing

Usefulness of Multisensor Data Fusion

  • Information Data Fusion
  • Sensor Fusion for Security Incident Analysis
  • Security Incident Analysis
  • Data Association & Correlation
  • Security Information Visualisation
  • Data Analytics
  • Security Monitoring

Situational Awareness Training

  • Research and development in Situational Awareness
  • Simulation and Testbeds in Cyber Situation Awareness
  • Experimentation & Instrumentation
  • Modelling
  • Knowledge-base
  • Theoretical Underpinnings in Situation Awareness

Mission and Scope

The International Journal on Cyber Situational Awareness (IJCSA) is a comprehensive reference journal, dedicated to disseminating the most innovative, systematic, topical and emerging theory, methods and applications of Situational Awareness (SA) across Cyber Systems, Cyber Security, Cyber Physical Systems, Computer Network Defence, Enterprise Internet of Things (EIoT), Security Analytics, Intelligence and Crypto systems to students, scholars, and academics, as well as industry practitioners, engineers and professionals.

The International Journal of Cyber Situational Awareness (IJCSA) covers innovative research on theoretical and practical aspects of Situational Awareness on Cyber Systems.  The journal focuses on the advancement of the principles, methods and applications of situational awareness to support, enable and facilitate advances in Cyber Systems, Business Information Systems (BIS), Computer Network Defence (CND), Computer Physical Systems (CPS), Enterprise Internet of Things (IoTs), Social Media, Cyber Incident Responses, Control, Containment and Countermeasures (CIRC3).

Possible Readership/Audience

The primary audience for this journal are industry professionals, scholars, researchers and academies working in this fast evolving and emerging discipline. Practitioners and managers working in information technology and cyber security across all industries would vastly improve their knowledge and understanding of critical human and social aspects of situational awareness and computer network defence, human computer interface (HCI) and information security in general. Air space controllers and defence agencies will also find this journal a very helpful and practical resource.

Competing Journals (list of current competition publication)

There are no competing journals in this unique and specialist area, especially those focusing on the application of situation awareness to Cyber Security (CS), Cyber Physical Systems (CPS), and Cyber Incident Responses, Control, Containment and Countermeasures (CIRC3).

Frequency of Publication

Twice a year Journal

EDITOR INFORMATION – Academics & Practitioners

Editor-in-Chief

Dr. Cyril Onwubiko

Secretary – IEEE UK & Ireland

Chair, Cyber Security & Intelligence

E-Security Group, Research Series, London, UK

Associate Editors

Dr. Thomas Owens

Reader & Director of Quality

Department of Electronic and Computer Engineering

Brunel University, London, UK

Professor Frank Wang

Head of School / Professor of Future Computing

Chair – IEEE Computer Society, UK & Ireland

School of Computing, University of Kent, Canterbury, UK

Editorial Board Members

Dr. Janne Merete Hagen

Norwegian Defence Research Establishment (FFI)

NORWAY

Dr. Nick Savage

Communication Networks and Security Department

University of Portsmouth, UK

Dr. Andrew Lenaghan

OxCERT

Oxford University, Oxford, UK

Dr. Xavier Bellekens

Computer Security & Privacy

University of Abertay, Scotland, UK

Dr. Matija Stevanovic

Wireless Communication Networks (WCN) Section

Department of Electronic Systems

Aalborg University, Denmark

Professor Cleotilde Gonzalez

Department of Social and Decision Sciences

Carnegie Mellon University, USA

Dr. Mahmoud Hashem Eiza

School of Physical Sciences and Computing

University of Central Lancashire, Preston, UK

Dr. Ciza Thomas

Electronics and Communication Department,

College of Engineering, Trivandrum, INDIA

Dr. Subrata Acharya

CIS Department

Towson University, USA

Professor Stefanos Gritzalis

Professor at the Department of Information and Communication Systems Engineering

University of the Aegean, GREECE

Dr. Xinyu Yang

Department of Computer Science and Technology

Xi’an Jiaotong University, CHINA

Important Notes before submitting your manuscripts

  1. Only original and previously unpublished manuscripts must be submitted to the IJCSA journal.
  2. All accepted manuscripts will be checked against plagiarism using a number of sources including the IEEE PAL (Prohibited Authors List).
  3. We only accept manuscripts dedicated and/or relating to Situational Awareness. We do NOT accept general purpose Cyber Security contributions. The IJCSA is solely dedicated to Cyber Situational Awareness; hence some excellent contributions relating to general purpose computing alone will be rejected.
  4. All manuscripts must be prepared following the IJCSA paper template.
  5. All manuscripts are subjected to multiple blind-peer reviews, and revisions may take longer than anticipated.

Submission

SUBMISSION DEADLINE

We are always receiving article submissions for future volumes and numbers, please check the submission guidelines.

  1.  We are now accepting papers for the IJCSA journal.
  2.  Papers can be submitted online using the EasyChair portal.
  3.  Paper submission guidelines can be found on the link.
  4.  Paper preparation guidelines can be found on this link.