Circular Image

40 records found

Authored

Investigating sentence severity with judicial open data

A case study on sentencing high-tech crime in the Dutch criminal justice system

Open data promotes transparency and accountability as everyone can analyse it. Law enforcement and the judiciary are increasingly making data available, to increase trust and confidence in the criminal justice system. Due to privacy legislation, judicial open data — like court ...

HeadPrint

Detecting anomalous communications through header-based application fingerprinting

Passive application fingerprinting is a technique to detect anomalous outgoing connections. By monitoring the network traffic, a security monitor passively learns the network characteristics of the applications installed on each machine, and uses them to detect the presence of ...

Putting the privacy paradox to the test

Online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources

Research shows that people's use of computers and mobile phones is often characterized by a privacy paradox: Their self-reported concerns about their online privacy appear to be in contradiction with their often careless online behaviors. Earlier research into the privacy para ...

Since it takes time and effort to put a new product or service on the market, one would like to predict whether it will be a success. In general this is not possible, but it is possible to follow best practices in order to maximize the chance of success. A smart contract is inten ...

On the anatomy of social engineering attacks

A literature-based dissection of successful attacks

The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into atta ...

Physical Location of Smart Key Activators

A Building Security Penetration Test

Purpose – When security managers choose to deploy a smart lock activation system, the number of units needed and their location needs to be established. This study presents the results of a penetration test involving smart locks in the context of building security. We investigate ...
Every new technology brings new opportunity for crime, and information and communication technology (ICT) is no exception. This short article offers students of crime insights in the two main connections between ICT and criminology. On the one hand we show how ICT can be used as ...

DECANTeR

DEteCtion of Anomalous outbouNd HTTP Traffic by Passive Application Fingerprinting

We present DECANTeR, a system to detect anomalous outbound HTTP communication, which passively extracts fingerprints for each application running on a monitored host. The goal of our system is to detect unknown malware and backdoor communication indicated by unknown fingerprin ...

Towards the normalization of cybercrime victimization

A routine activities analysis of cybercrime in Europe

This study investigates the relationships between users' routine activities and socio-economic characteristics and three forms of cybercrime victimization of 1) online shopping fraud, 2) online banking fraud and 3) cyber-attacks (i.e. DDoS attacks). Data from the Eurobarometer, c ...

Through the eye of the PLC

Semantic security monitoring for industrial processes

Off-the-shelf intrusion detection systems prove an ill fit for protecting industrial control systems, as they do not take their process semantics into account. Specifically, current systems fail to detect recent process control attacks that manifest as unauthorized changes to the ...

Training students to steal

A practical assignment in computer security education

Practical courses in information security provide students with first-hand knowledge of technical security mechanisms and their weaknesses. However, teaching students only the technical side of information security leads to a generation of students that emphasize digital solut ...

Portunes

Representing attack scenarios spanning through the physical, digital and social domain

The security goals of an organization are realized through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals by combining physical, digital an ...

Laptop theft

A case study on the effectiveness of security mechanisms in open organizations

Organizations rely on physical, technical and procedural mechanisms to protect their IT systems. Of all IT systems, laptops are the probably the most troublesome to protect, since they are easy to remove and conceal. When the thief has physical possession of the laptop, it is dif ...

Contributed

Detecting BestMixer

An exploratory study on centralized mixing services

Mixing services try to distort cash flow tracking of cryptocurrencies and obfuscate the origin of customers’ earnings by substituting customers’ cryptocurrency funds with the funds of other customers or the mixers’ private assets. This quality makes mixing services interesting fo ...

Creating a Configuration Security Layer for Embedded Devices

A research-based on the case study of a widely used Embedded Device

As software security expert Bruce Schneier argues, the pervasive vulnerability of embedded systems today is structurally similar to the security crisis of PCs in the mid-1990s—only much worse. Embedded devices are ideal malware targets for several reasons. Firstly, Internet-conne ...

From Zero To Hero

Identifying Vendor Characteristics that Impact Vendor Performance on Darknet Markets

The thesis reconstructed and analysed transaction-level data of a particular darknet market. Moreover, the thesis reveals what kind of vendors are active on this darknet market, based on their characteristics. Finally, this research identified what the relative importance is of d ...
Side-channel attacks (SCA) aim to extract a secret cryptographic key from a device, based on unintended leakage. Profiled attacks are the most powerful SCAs, as they assume the attacker has a perfect copy of the target device under his control. In recent years, machine learning ( ...
Background: A lot of scientists have tried to shed light on dark web markets. They did this by scraping these marketplaces over a period of time and describe what they were seeing. However, the methods used to measure these markets were never validated before. Research goal: This ...
Web applications have been gaining increased popularity around the globe, in such a way that a growing number of users are attracted to make use of the functionality and information provided by these applications. While providing solutions to complicated problems in a fast and re ...
Developing malware variants is extremely cheap for attackers because of the availability of various obfuscation tools. These variants can be grouped in malware families, based on information retrieved from their static and dynamic analysis. Dynamic, network-level analysis of malw ...