Subscribe to RSS Feed

Friday, October 23rd
1:00 PM

Cybersecurity Strategy against Cyber Attacks towards Smart Grids with PVs

Fangyu Li, Kennesaw State University
Maria Valero, Kennesaw State University
Liang Zhao, Kennesaw State University
Yousef Mahmoud, Kennesaw State University

Zoom Session 1 (Main Papers Track)

1:00 PM - 1:30 PM

Cyber attacks threaten the security of distribution power grids, such as smart grids. The emerging renewable energy sources such as photovoltaics (PVs) with power electronics controllers introduce new potential vulnerabilities. Based on the electric waveform data measured by waveform sensors in the smart grids, we propose a novel cyber attack detection and identification approach. Firstly, we analyze the cyber attack impacts (including cyber attacks on the solar inverter causing unusual harmonics) on electric waveforms in distribution power grids. Then, we propose a novel deep learning based mechanism including attack detection and attack diagnosis. By leveraging the electric waveform sensor data structure, our approach does not need the training stage for both detection and the root cause diagnosis, which is needed for machine learning/deep learning-based methods. For comparison, we have evaluated classic data-driven methods, including -nearest neighbor (KNN), decision tree (DT), support vector machine (SVM), artificial neural network (ANN), and convolutional neural network (CNN). Comparison results verify the performance of the proposed method for detection and diagnosis of various cyber attacks on PV systems.

1:13 PM

Towards an Assessment of Judgment Errors in Social Engineering Attacks Due to Environment and Device Type

Tommy Pollock, Nova Southeastern University
Yair Levy, Nova Southeastern University
Wei Li, Nova Southeastern University
Ajoy Kumar, Nova Southeastern University

Zoom Session 1 (Main Papers Track)

1:13 PM - 2:00 PM

Phishing continues to be a significant invasive threat to computer and mobile device users. Cybercriminals continuously develop new phishing schemes using email, and malicious search engine links to gather personal information of unsuspecting users. This information is used for financial gains through identity theft schemes or draining financial accounts of victims. Users are often distracted and fail to fully process the phishing attacks then unknowingly fall victim to the scam until much later. Users operating mobile phones and computers are likely to make judgment errors when making decisions in distracting environments due to cognitive overload. Distracted users can fail to correctly distinguish the differences between legitimate and malicious emails or search engine results. Mobile phone users can have even a harder time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the main goal of this work-in-progress research study is to design, develop, and validate a set of field experiments to assess users judgment when exposed to two types of simulated social engineering attacks (phishing & possibly malicious search engine results (PMSER)), based on the interaction of the kind of environment (distracting vs. non-distracting) and type of device used (mobile vs. computer). In this paper, we outlines the Delphi methodology phase that this study will take using an expert panel to validate the proposed experimental procedures and recommend further steps for the empirical testing. The conclusions, study limitations and recommendations for future research are discussed.

Keywords: Cybersecurity, social engineering, judgment error in cybersecurity, phishing email mitigation, distracting environments

2:00 PM

Towards an Assessment of Pause Periods on User Habituation in Mitigation of Phishing Attacks

Amy Antonucci, Nova Southeastern University
Yair Levy, Nova Southeastern University
Martha Snyder, Nova Southeastern University
Laurie Dringus, Nova Southeastern University

Zoom Session 1 (Main Papers Track)

2:00 PM - 2:30 PM

Social engineering is the technique in which the attacker sends messages to build a relationship with the victim and convinces the victim to take some actions that lead to significant damages and losses. Industry and law enforcement reports indicate that social engineering incidents costs organizations billions of dollars. Phishing is the most pervasive social engineering attack. While email filtering and warning messages have been implemented for over three decades, organizations are constantly falling for phishing attacks. Prior research indicated that attackers use phishing emails to create an urgency and fear response in their victims causing them to use quick heuristics, which leads to human errors. Humans use two types of decision-making processes: a heuristic decision, which is a quick, instinctual decision-making process known as ‘System One’, and a second, known as ‘System Two,’ that is a slow, logical process requiring attention. ‘System Two’ is often triggered by a pause in the decision-making process. Additionally, timers were found in other research fields (medicine, transportation, etc.) to affect users’ judgement and reduce human errors. Therefore, the main goal of this work-in-progress research study is to determine through experimental field study whether requiring email users to pause by displaying a phishing email warning with a timer, has any effect on users falling to simulated phishing attacks. This paper will outline the rationale and the process proposed for the validation of the field experiments with Subject Matter Experts (SMEs). Limitations of the proposed study and recommendation for further research are provided.

2:30 PM

Factors that influence HIPAA Secure compliance in small and medium-size health care facilities

Wlad Pierre-Francois, Trident
Indira Guzman, Trident

Zoom Session 1 (Main Papers Track)

2:30 PM - 3:00 PM

This study extends the body of literature concerning security compliance by investigating the antecedents of HIPPA security compliance. A conceptual model, specifying a set of hypothesized relationships between management support, security awareness, security culture; security behavior, and risk of sanctions to address their effect on HIPAA security compliance is presented. This model was developed based on the review of the literature, Protection Motivation Theory, and General Deterrence Theory. Specifically, the aim of the study is to examine the mediating role of risk of sanctions on HIPAA security compliance.

3:00 PM

A Survey of Serious Games for Cybersecurity Education and Training

Winston Anthony Hill Jr., North Carolina Agricultural and Technical State University
Mesafint Fanuel, North Carolina Agricultural and Technical State University
Xiaohong Yuan, North Carolina Agricultural and Technical State University
Jinghua Zhang, Winston-Salem State University
Sajad Sajad, North Carolina Agricultural and Technical State University

Zoom Session 1 (Main Papers Track)

3:00 PM - 3:30 PM

Serious games can challenge users in competitive and entertaining ways. Educators have used serious games to increase student engagement in cybersecurity education. Serious games have been developed to teach students various cybersecurity topics such as safe online behavior, threats and attacks, malware, and more. They have been used in cybersecurity training and education at different levels. Serious games have targeted different audiences such as K-12 students, undergraduate and graduate students in academic institutions, and professionals in the cybersecurity workforce. In this paper, we provide a survey of serious games used in cybersecurity education and training. We categorize these games into four types based on the topics they cover and the purposes of the games: security awareness, network and web security, cryptography, and secure software development. We provide a catalog of games available online. This survey informs educators of available resources for cybersecurity education and training using interactive games.

Keywords: Serious games; Game-based Learning; Cybersecurity;

3:30 PM

Developing an AI-Powered Chatbot to Support the Administration of Middle and High School Cybersecurity Camps

Jonathan He, Princess Anne High School
Chunsheng Xin, Old Dominion University

Zoom Session 1 (Main Papers Track)

3:30 PM - 4:00 PM

Throughout the Internet, many chatbots have been deployed by various organizations to answer questions asked by customers. In recent years, we have been running cybersecurity summer camps for youth. Due to COVID-19, our in-person camp has been changed to virtual camps. As a result, we decided to develop a chatbot to reduce the number of emails, phone calls, as well as the human burden for answering the same or similar questions again and again based on questions we received from previous camps. This paper introduces our practical experience to implement an AI-powered chatbot for middle and high school cybersecurity camps using the Google Dialogflow platform.

4:00 PM

Contingency Planning Amidst a Pandemic

Natalie C. Belford, University of West Florida

Zoom Session 1 (Main Papers Track)

4:00 PM - 4:30 PM

Proper prior planning prevents pitifully poor performance: The purpose of this research is to address mitigation approaches - disaster recovery, contingency planning, and continuity planning - and their benefits as they relate to university operations during a worldwide pandemic predicated by the Novel Coronavirus (COVID-19). The most relevant approach pertaining to the University’s needs and its response to the Coronavirus pandemic will be determined and evaluated in detail.