Skip to main content

About this book

This book constitutes the refereed proceedings of the 10th International Conference on Global Security, Safety and Sustainability, ICGS3 2015, held in London, UK, in September 2015. The 31 revised full papers presented were carefully reviewed and selected from 57 submissions. The papers focus on the challenges of complexity, rapid pace of change and risk/opportunity issues associated with the 21st century living style, systems and infrastructures.

Table of Contents


Intelligence Management


Processing Social Media Data for Crisis Management in Athena

During a crisis citizens turn to their smartphones. They report what they see, they comment on other’s reports, they offer their help, support and sympathy and, in doing so, they create vast amounts of data. Meanwhile, law enforcement agencies (LEAs) and first responders including humanitarian relief agencies are desperately trying to improve their own situational awareness, but can struggle to do so, especially in places that cannot be easily, quickly or safely reached. Since this user-generated content is often posted to social media, LEAs can tap into these resources by analysing this data. However, making sense of this data is not straightforward. In this paper we present a system that is able to process and analyse this data through categorisation and crisis taxonomies, classification techniques and sentiment analysis. This processed data can then be presented back to LEAs in informative ways to allow them to enhance their situation awareness of the current crisis.

Babak Akhgar, Helen Gibson

Online Surveillance Awareness as Impact on Data Validity for Open-Source Intelligence?

Online surveillance, especially of open sources such as social media (OSINT/SOCMINT), has become a vital source of information for decisions made by public institutions such as law enforcement agencies. This keynote discusses the concept of online surveillance awareness (OSA) as a possible long-term threat to the quality of OSINT-relevant online sources. An interdisciplinary research agenda to systematically investigate the links of OSA to the reliability and validity of OSINT sources and thus the quality of OSINT more generally is outlined.

Petra Saskia Bayerl, Babak Akhgar

Improving Cyber Situational Awareness Through Data Mining and Predictive Analytic Techniques

Due to the widespread usage of computer resources in everyday life, cyber security has been highlighted as one of the main concerns of governments and authorities. Data mining technology can be used for prevention of cyber breaches in different ways and Cyber Situational Awareness (CSA) can be improved based on analyzing past experiences in terms of cyber-attacks. This paper aims to investigate and review current state of CSA improvement through data mining techniques and predictive analytic and offers possible methodology based on data mining techniques which can be used by cyber firms in order to secure themselves against future cyber threats.

Sina Pournouri, Babak Akhgar

Detecting Deceit – Guessing or Assessing? Study on the Applicability of Veracity Assessment Methods in Human Intelligence

Intelligence from a human source, that is falsely thought to be true, is potentially more harmful than a total lack of it. In addition to the collection the veracity assessment of the gathered information is one of the most important phases of the process. Lie detection and veracity assessment methods have been studied widely but a comprehensive analysis of these methods’ applicability is lacking. Multi Criteria Analysis was conducted to compare scientifically valid lie detection and veracity assessment methods in terms of accuracy, ease of use, time requirements, need for special equipment and unobtrusiveness. Results of the analysis showed that Studied Features of Discourse and Nonverbal Communication gained the highest ranking. They were assessed to be the easiest and fastest to apply, and to have required temporal and contextual sensitivity. Plausibility and Inner Logic, MACE and CBCA were also found to be useful, but with some limitations.

Marko Uotinen

Human Factors of Social Engineering Attacks (SEAs) in Hybrid Cloud Environment: Threats and Risks

Conventional patterns of the ways information systems run are rapidly evolving. Cloud computing undisputedly has influenced profoundly in this direction by providing many benefits such as accessibility and availability of resources to organisations. But the economical advantage and the cost impacts are far more attractive to organisations than anything else when it comes to cloud computing. This convenient and attractiveness comes with new phases of security and risk challenges for both cloud providers and clients which requires investment for managing and mitigating them. The challenges get more complicated as the service itself passes geographical and national boundaries which create a completely new paradigm for security, risk, privacy, and more importantly cost implications. Social Engineering Attacks (SEAs) are example of those risks that are very attractive way for attackers for accessing classified data. There are certain constraints for employees when they use LAN. These limitations reduced greatly by the introduction of Cloud and off-site services. This allows attackers to use any compromised passwords from any web-connected device. This paper discusses main issues in migrating to a cloud environment by organisations regarding the human factors of SEAs threats and risks related concepts. The approach provides a set of recommendations for appropriate control actions to mitigate related risks.

Reza Alavi, Shareeful Islam, Haris Mouratidis

Digital Forensics


A Consideration of eDiscovery Technologies for Internal Investigations

Internal incidents that implicate security or data privacy considerations require present-day forensic scientists and investigators to craft a narrative that explains both “what” happened within the system during the incident, and “why” it matters to the organization. To explain the “why,” investigators are increasingly utilizing tools outside of the traditional forensic and investigatory practices. One such tool set is comprised of techniques used and refined in the practice of eDiscovery. This paper examines those techniques and presents instruction and advice on their application within forensic and investigatory practices.

Amie Taal, Jenny Le, James A. Sherer

Cloud Forensics Challenges Faced by Forensic Investigators

Cloud computing has generated significant interest in both academia and industry, but it is still an evolving paradigm. Cloud computing services are also, a popular target for malicious activities; resulting to the exponential increase of cyber attacks. Digital evidence is the evidence that is collected from the suspect’s workstations or electronic medium that could be used in order to assist computer forensics investigations. Cloud forensics involves digital evidence collection in the cloud environment. The current established forensic procedures and process models require major changes in order to be acceptable in cloud environment. This paper, aims to assess challenges forensic examiners face in tracking down and using digital information stored in the cloud and discuss the importance of education and training to handle, manage and investigate computer evidence.

Wakas Mahmood, Hamid Jahankhani, Aykut Ozkaya

Integrated Computer Forensics Investigation Process Model (ICFIPM) for Computer Crime Investigations

Contrary to traditional crimes for which there exists deep-rooted standards, procedures and models upon which courts of law can rely, there are no formal standards, procedures nor models for digital forensics to which courts can refer. Although there are already a number of various digital investigation process models, these tend to be ad-hoc procedures. In order for the case to prevail in the court of law, the processes followed to acquire digital evidence and terminology utilised must be thorough and generally accepted in the digital forensic community. The proposed novel process model is aimed at addressing both the practical requirements of digital forensic practitioners and the needs of courts for a formal computer investigation process model which can be used to process the digital evidence in a forensically sound manner. Moreover, unlike the existing models which focus on one aspect of process, the proposed model describes the entire lifecycle of a digital forensic investigation.

Reza Montasari, Pekka Peltola, David Evans

Computer Forensic Analysis of Private Browsing Modes

This paper investigates the effectiveness of the private browsing modes built into four major Internet browsers. In examining the phenomenon of the private browsing modes built into four widely used Internet browsers, this paper aims to determine whether one can identify when a private browsing mode has been utilized by a suspect to perform a criminal or illegal act and to what extent the forensic examination of a computer can expose evidence of private browsing use.

Reza Montasari, Pekka Peltola

IT and Cyber Crime


Searching the Web for Illegal Content: The Anatomy of a Semantic Search Engine

In this paper we describe the challenges in the realization of a semantic search engine, suited to help law enforcements in the fight against the online drug marketplaces, where New Psychoactive Substances (NPS) are sold. This search engine has been developed under the

Semantic Illegal Content Hunter

(SICH) Project, with the financial support of the Prevention of and Fight Against Crime Programme ISEC 2012 European Commission. The SICH Project specific objective is to develop new strategic tools and assessment techniques, based on semantic analysis on texts, to support the dynamic mapping and the automatic identification of illegal content over the Net.

Luigi Laura, Gianluigi Me

The Enemy Within: The Challenge for Business from Cyber-attack

This paper presents an overview of certain risks posed by cyber abuse in the business context. It does not in any way represent a definitive study of


very complex area which is in a state of constant flux to the extent that the laws of nations cannot keep pace with the challenges of today let alone tomorrow. This paper therefore gives warning of this phenomenon and focusses on the role of business to its management and staff and others affected by its IT structure. The paper gives some analysis of the threats from cyber-crime and abuse from a variety of government agencies and other bodies. The underlying theme is one of caution and warning of the enemy within organisations and outside who use cyber-attack as a means to an end.

Michael Reynolds

Understanding Privacy Concerns in Online Courses: A Case Study of Proctortrack

This study aims to investigate underlying causes of privacy concerns of online learners which emerged as a consequence from the launch of an automated proctoring technology by an educational institution. The privacy has become a vital issue in the modern age of information due to the complex, dynamic and fluid nature of privacy it is far from easy to define and understand what privacy means in certain situations. Consequently, designers of interactive systems often misunderstand privacy and even often ignore it, thus causing concerns for users. Using content analysis approach [


], qualitative data was collected and analysed from 130 online bloggers during the deployment phase of Proctortrack tool. The results and findings provide useful new insights into the nature and form of privacy concerns of online learners. Findings have theoretical as well as practical implications for the successful adoption of Massive Open Online Courses (MOOCs) and similar systems.

Anwar ul Haq, Arshad Jamal, Usman Butt, Asim Majeed, Aykut Ozkaya

Towards a Common Security and Privacy Requirements Elicitation Methodology

There are many methodologies that have been proposed in the literature for identifying the security and privacy requirements that must be satisfied by an information system in order to protect its users. At the same time, there are several “privacy principles” that have been considered as equally important for the avoidance of privacy violation incidents. However, to the best of our knowledge, there is no methodology that can cover both the identification of the security and privacy requirements and at the same time to take into account the main privacy principles. The consequence is that the designers of an information system usually follow an ad hoc approach for the identification of security/privacy requirements, thus failing to protect users in an effective way. This paper introduces the main idea behind a methodology that integrates the basic steps of well-established risk analysis methodologies with those of methodologies used for the identification of privacy requirements, considering, at the same time, the most well-known privacy principles. The proposed methodology aims to assist information system designers to come up with a complete and accurate list of all security and privacy requirements that must be satisfied by the system.

Eleni-Laskarina Makri, Costas Lambrinoudakis

Automated Security Testing Framework for Detecting SQL Injection Vulnerability in Web Application

Today almost all organizations have changed their traditional systems and have improved their performance using web-based applications. This process will make more profit and at the same time will increase the efficiency of their activities through customer support services and data transactions. Usually, web application take inputs from users through web form and send this input to get the response from database. Modern web-based application use web database to store all critical information such as user credentials, financial and payment information, company statistics etc. However error in validation of user input can cause database vulnerable to Structured Query Language Injection (SQLI) attack. By using SQLI attack, the attackers might insert malicious code in the user input and trying to gain access to the confidential and sensitive data from database. Security tester need to identify the appropriate test cases before starting exploiting SQL vulnerability in web-based application during testing phase. Identifying the test cases of a web application and analyzing the test results of an attack are important parts and consider as critical issues that affects the effectiveness of security testing. Thus, this research focused on the developing a framework for testing and detecting SQL injection vulnerability in web application. In this research, test cases will be generated automatically based on SQLI attack pattern and then the results will be executed automatically based on generated test cases. The primary focus in this paper is to develop a framework to automate security testing based on input injection attack pattern. To test our framework, we install a vulnerable web application and test result shows that the proposed framework can detect SQLI vulnerability successfully.

Nor Fatimah Awang, Azizah Abd Manaf

A Survey on Financial Botnets Threat

Botnets, although technically based on long lasting well established attacking models, currently represent an increasing threat, moving huge amounts of capitals from legal system to criminals. This is mainly due to its adaptability, based on Crime-as-a-Service model, where different, transnational, actors are located in the different rings of the crime supply chain. Moreover, botnet success has been enabled by two main factors: the weak countermeasures adoption, reinforced by the well-known dominance of software attacker versus defender and the revenue model, which considers the target of the attack out of the victim (ICT users) control. Finally, the losses are typically in charge of silent financial/insurance organizations. These botnet pillars are available for renting at low-cost by criminal organizations, exploiting the dark side of the success factor of the Internet business players, the network externality, where targets, e.g. Internet two sided markets, can be easily predicted but not yet adequately protected. In this paper, the authors will describe, by Zeus and other botnet examples, the revenue model and its related costs as cybercrime, focusing on the concerning evolution of this threat and proposing some strategies to cope with it.

Giovanni Bottazzi, Gianluigi Me

Wavelet Based Image Enlargement Technique

This paper presents an image enlargement technique using a wavelet transform. The proposed technique considers the low resolution input image as the wavelet baseband and estimates the information in high-frequency sub-bands from the wavelet high-frequency sub-bands of the input image using wavelet filters. The super-resolution image is finally generated by applying an inverse wavelet transform on the high resolution sub-bands. To evaluate the performance of the proposed image enlargement technique, five standard test images with a variety of frequency components were chosen and enlarged using the proposed technique and six state of the art algorithms. Experimental results show the proposed technique significantly outperforms the classical and non-classical super-resolution methods, both subjectively and objectively.

Akbar Sheikh Akbari, Pooneh Bagheri Zadeh

Understanding Android Security

This paper details a survey of Android users in an attempt to shed light on how users perceive the risks associated with app permissions and in-built adware. A series of questions was presented in a Web survey, with results suggesting interesting differences between males and females in installation behaviour and attitudes toward security.

Gregor Robinson, George R. S. Weir

Gender Impact on Information Security in the Arab World

Access to technology and the benefits derived from its use are not available on equal terms to men and women. In this paper, we review research that sheds light on the relationship between the Digital Divide and Gender in the context of Arab countries and suggest that the extent of gender digital divide is influenced by cultural attitudes and consider how this divide may affect information security.

Fathiya Al Izki, George R. S. Weir

Systems Security, Safety and Sustainability


Some Security Perils of Smart Living

(A Day in the Life of John Q Smith, a Citizen of Utopia, and His Twin Brother, Who Isn’t)

We live in a world that continuously wants to live in a smarter manner, from the invention of fire and the wheel through the Industrial Revolution to today. Modern home automation started in the Victorian era with labour saving devices and the motor car facilitated transport, as did trains. The onset of electricity allowed more labour saving devices to be developed, again in the home and at work. These were typically ‘standalone’ devices that needed localised control. In the 1940s industrial control systems were making their presence felt in industry. In 1978 the X10 protocol was patented and allowed remote control of electrical appliances. In the last twenty years there has been a thrust towards ‘smart everything’, including cities, transport, health, home and work. Without understanding the risks of the ‘smart approach’ to life and addressing them at the outset, the world risks disaster.

David Lilburn Watson

An Analysis of Honeypot Programs and the Attack Data Collected

Honeypots are computers specifically deployed to be a resource that is expected to be attacked or compromised. While the attacker is distracted with the decoy computer system we learn about the attacker and their methods of attack. From the information gained about the attacks we can then review and harden out security systems. Compared to an Intrusion Detection System (IDS) which may trigger false positives, we take the standpoint that nobody ought to be interacting with the decoy computer; therefore we regard all interactions to be of value and worth investigation. A sample of honeypots are evaluated and one selected to collect attacks. The captured attacks reveal the source IP address of the attacker and the service port under attack. Attacks where the exploit attempts to deploy a binary can capture the code, and automatically submit it for analysis to sandboxes such as VirusTotal.

Chris Moore, Ameer Al-Nemrat

An Immunity Based Configuration for Multilayer Single Featured Biometric Authentication Algorithms

Immune systems have been used in the last years to inspire approaches for several computational problems. This paper focus on behavioural biometric authentication algorithms’ accuracy enhancement by using them more than once and with different thresholds in order to first simulate the protection provided by the skin and then look for known outside entities, like lymphocytes do. The paper describes the principles that support the application of this approach to Keystroke Dynamics, an authentication biometric technology that decides on the legitimacy of a user based on his typing pattern captured on he enters the username and/or the password and, as a proof of concept, the accuracy levels of one keystroke dynamics algorithm when applied to five legitimate users of a system both in the traditional and in the immune inspired approaches are calculated and the obtained results are compared.

Henrique Santos, Sérgio Tenreiro de Magalhães, Maria José Magalhães

Security and Feasibility of Power Line Communication System

Power Line Communication (PLC) has the potential to become the preferred connectivity technique for providing broadband to homes and offices with advantage of eliminating the need for new wiring infrastructure and reducing the cost. The PLC channel, its characterization, standardization and applications has been well studied. However, the security of PLC has not been investigated sufficiently, and such assessments are required for prospective implementation of successful PLC communication systems. Since PLC uses power line as the medium, it has similar characteristics with wireless communications from the security perspective. This paper provides discussion of security issues and feasibility for PLC networks. The authentication and cryptographic scheme used in PLC standard is also discussed.

Ali Hosseinpour, Amin Hosseinian-Far, Hamid Jahankhani, Alireza Ghadrdanizadi

A Comparison Study for Different Wireless Sensor Network Protocols

In Wireless Sensor Network (WSN) nodes are usually communicate with each other through wireless channels with no need for any network infrastructure. Multiple hops are used by the nodes to exchange data, therefore a routing protocol is needed to communicate in such a network for efficient, short time delivery of the data and prolong the network life. There are different types of protocols can be used in these networks based on what is used for. In this study, AODV, DSDV, DSR were explained and compared as they are some of the main protocols used in WSN. We also highlight the Throughput and Average End to End delay which been used to compare these protocols with variations of the number of nodes.

Faris Al-Baadani, Sufian Yousef

Security Audit, Risk and Governance


Responsive Cyber-Physical Risk Management (RECYPHR)

A Systems Framework

Organizations are highly exposed to the vulnerabilities inherent in Internet connectivity, and the exposure increases every day as cyber-attacks become more lethal. Competitiveness demands an ever-increasing presence, and therefore reliance, on all things electronic. Over the past generation, businesses, consumers and governments around the globe have moved in to cyberspace and cloud environment in order to conduct their businesses. However, criminals have identified rewards from cyberspace frauds therefore, the risks and threats have increased too which indicate that the current risk management methodologies are inefficient and fast becoming obsolete in order to assess, manage, reduce, mitigate and accept risk in real time to effectively reduce cyber incidents. For our societies to function, securing the cyber space is essential and will be an enabler with result in better use of the digital environment. In this paper a new Responsive Cyber-Physical Risk Management Framework (RECYPHR) is proposed in order to tackle the traditional shortfalls and provide a Near Real-Time (NERT) response to managing risks.

A. G. Hessami, H. Jahankhani, M. Nkhoma

Risk and Privacy Issues of Digital Oil Fields in the Cloud

Considering the complexities of digital oil fields in the cloud, oil and gas industry is still geared to migrate to the cloud because of the various advantages in exploration and production information delivery, collaboration and decision-support. However, for an effective migration to cloud environment, it is paramount that a set of clear metrics based on business analytics objectives are defined. Once a comprehensive and systematic identification, evaluation and assessment of risks to the enterprise cloud operations is conducted, a responsive risk management framework is called for. The research into a responsive risk management framework commensurate with the requirements of the modern internet and Information Technologies and global cyber space is a multi-disciplinary and multi-stakeholder task. This paper aims to review risk and privacy issues of digital oil fields in the cloud and introduce advanced responsive risk management architecture for the modern cyber space applications such as digital oil fields.

Hamid Jahankhani, Najib Altawell, Ali G. Hessami

Simulation of Cloud Data Security Processes and Performance

In the world of cloud computing, millions of people are using cloud computing for the purpose of business, education and socialization. Examples of cloud applications are: Google Drive for storage, Facebook for social networks, etc. Cloud users use the cloud computing infrastructure thinking that these services are easy and safe to use. However, there are security and performance issues to be addressed. This paper discusses how cloud users and cloud providers address performance and security issues. In this research, we have used business process modelling and simulation to explore the performance characteristics and security concerns in the service development life cycle. The results show that Business Process Modelling Notations (BPMN) simulation is effective for the study of cloud security process in detail before actual implementation. The total simulation duration time was 51 days and 9 h 40 min but the results are displayed in 7 s only.

Krishan Chand, Muthu Ramachandran, Ah-Lian Kor

A Framework for Cloud Security Audit

More and more individual users and businesses are earnestly considering cloud adoption for achieving mission objectives. However, concerns being raised include the ability of users to ascertain the security posture of cloud service providers to adequately safeguard data and applications. We present a cloud security audit framework that entails a set of concepts such as goals, constraint, plan and evidence to enable prospective cloud users to identify their migration goals and introduce constraints that must be satisfied by a potential cloud provider before migration. The concepts are considered as a language for describing the properties necessary for cloud security audit through a metamodel. An example is given to demonstrate the applicability of the approach.

Umar Mukhtar Ismail, Shareeful Islam, Haralambus Mouratidis

Secure Software Engineering


Software Security Requirements Engineering: State of the Art

Software Engineering has established techniques, methods and technology over two decades. However, due to the lack of understanding of software security vulnerabilities, we have not been so successful in applying software engineering principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security can not be just added after a system has been built and delivered to customers as seen in today’s software applications. This keynote paper provides concise methods, techniques, and best practice requirements guidelines on software security and also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators.

Muthu Ramachandran

Conflicts Between Security and Privacy Measures in Software Requirements Engineering

The digital world is expanding rapidly into all parts of the physical world and our environment is shaped by the technologies we use. Majority of these technologies are user-generated content through browsing, emails, blogging, social media, e-shopping, video sharing and many other activities. our research considers how technology and software architecture in particular could be designed to pave the way for greater security and privacy in digital proceedings and services. The research treat security and privacy as an intrinsic component of a system design. The proposed framework in this research cover a broad approach by examining security and privacy from the requirements phase under a unified framework which enables to richly bridge the gap between requirement and implementation stages.

Daniel Ganji, Haralambos Mouratidis, Saeed Malekshahi Gheytassi, Miltos Petridis

Securing the Blind User Visualization and Interaction in Touch Screen

Blind users cannot use visual CAPTCHA and review of literature suggest that the existing audio CAPTCHAs have task success rate below 50 % for blind users. In this paper, we describe how blind student’s views external system (images) for academic purposes using an image map as a case study has been described. We proposed two interaction techniques which allow blind students to discover different parts of the system by interacting with a touch screen interface. An evaluation of our techniques reveals that (1) building an internal visualization, interaction technique and metadata of the external structure plays a vital role (2) blind students prefer the system to be designed based upon their behavioral model to easily access and build the visualization by their own and (3) to be an exact replica of visualization, the metadata of the internal visualization is to be provided either through audio cue or domain expert (educator). Participants who used touch screen are novice users, but they have enough experience on desktop computers using screen readers. The implications of this study to answer the research questions are discussed.

Mohammed Fakrudeen, Sufian Yousef

Behavioural Biometrics: Utilizing Eye-Tracking to Generate a Behavioural Pin Using the Eyewriter

Biometric technology allows a computer system to identify and authenticate a person directly based on physical or behavioural traits. A human body is absolutely unique. Each human body on earth, if measured by composition on molecular level, is so unique, that the particular composition has never existed before. When that human cease to exist, that unique composition will never exist again. However the ability to measure a human to a molecular level of accuracy is not currently possible with existing technology. Biometrics refers to the science and technology that measure and statistically analyse human body characteristics and biological data. DNA, fingerprints, eye retinas and irises, facial patterns and hand geometry are used for biometric for authentication purposes. Apart from having unique physical traits, all human also exhibit unique behavioural traits. The way that a person talks, or the way that a person walks (a person’s gait) can all assist in the identification of the person. Various research projects focused on the way that a person types a password. This behavioural trait can then be used to strengthen the security of a supplied password. This paper reports on research that investigates the uniqueness of eye movement. The way a person creates a pin, using his or her eyes are used as a behavioural biometric to strengthen the pin that is supplied. Eye tracking technology usually involves costly equipment such as the Tobii eye tracking system. For this research the Eyewriter system is used due to the affordability and the open source nature of the Eyewriter hardware and software. Earlier research concluded that the movement of a human eye is unique. Behavioural eye biometrics can be used to authenticate a human in a one to one match environment.

Bobby L. Tait


Additional information

Premium Partner

    Image Credits