Nader Sohrabi Safa

Fog Vehicular Computing: Augmentation of Fog Computing Using Vehicular Cloud Computing

Fog computing has emerged as a promising solution for accommodating the surge of mobile traffic and reducing latency, both known to be inherent problems of cloud computing. Fog services, including computation, storage, and networking, are hosted in the vicinity of end users (edge of the network), and, as a result, reliable access is provisioned to delay-sensitive mobile applications. However, in some cases, the fog computing capacity is overwhelmed by the growing number of demands from patrons, particularly during peak hours, and this can subsequently result in acute performance degradation. In this article, we address this problem by proposing a new concept called fog vehicular computing (FVC) to augment the computation and storage power of fog computing. We also design a comprehensive architecture for FVC and present a number of salient applications. The result of implementation clearly shows the effectiveness of the proposed architecture. Finally, some open issues and envisioned directions are discussed for future research in the context of FVC.

Human aspects of information security in organisations

Information is core to the well-being of any modern-day organisation. In order to satisfactorily protect this important asset, human, organisational and technological aspects play a core integrative role in information security. Both technological and organisational control aspects are critically important, but both of these are closely related to people. Information security technology cannot guarantee the safety of information assets in organisations. A range of human aspects also need to be taken into consideration. Nader Sohrabi Safa, Rossouw von Solms and Lynn Futcher of the Nelson Mandela Metropolitan University, South Africa show that, while people are often the weakest link, through cooperation and coordination they can also be a source of great strength in developing effective and efficient defences.

A Review on Artificial Intelligence Methodologies for the Forecasting of Crude Oil Price

AbstractWhen crude oil prices began to escalate in the 1970s, conventional methods were the predominant methods used in forecasting oil pricing. These methods can no longer be used to tackle the nonlinear, chaotic, non-stationary, volatile, and complex nature of crude oil prices, because of the methods’ linearity. To address the methodological limitations, computational intelligence techniques and more recently, hybrid intelligent systems have been deployed. In this paper, we present an extensive review of the existing research that has been conducted on applications of computational intelligence algorithms to crude oil price forecasting. Analysis and synthesis of published research in this domain, limitations and strengths of existing studies are provided. This paper finds that conventional methods are still relevant in the domain of crude oil price forecasting and the integration of wavelet analysis and computational intelligence techniques is attracting unprecedented interest from scholars in the domai...

Human errors in the information security realm – and how to fix them

Information security breaches and privacy violations are major concerns for many organisations. Human behaviour, either intentionally or through negligence, is a great source of risk to information assets. It is acknowledged that technology alone cannot guarantee a secure environment for information assets; human considerations should be taken into account as well as technological and procedural aspects.

A LogitBoost-Based Algorithm for Detecting Known and Unknown Web Attacks

The rapid growth in the volume and importance of web communication throughout the Internet has heightened the need for better security protection. Security experts, when protecting systems, maintain a database featuring signatures of a large number of attacks to assist with attack detection. However used in isolation, this can limit the capability of the system as it is only able to recognize known attacks. To overcome the problem, we propose an anomaly-based intrusion detection system using an ensemble classification approach to detect unknown attacks on web servers. The process involves removing irrelevant and redundant features utilising a filter and wrapper selection procedure. Logitboost is then employed together with random forests as a weak classifier. The proposed ensemble technique was evaluated with some artificial data sets namely NSL-KDD, an improved version of the old KDD Cup from 1999, and the recently published UNSW-NB15 data set. The experimental results show that our approach demonstrates superiority, in terms of accuracy and detection rate over the traditional approaches, whilst preserving low false rejection rates.

Motivation and opportunity based model to reduce information security insider threats in organisations

Abstract Information technology has brought with it many advantages for organisations, but information security is still a major concern for organisations which rely on such technology. Users, whether with intent or through negligence, are a great source of potential of risk to information assets. A lack of awareness, negligence, resistance, disobedience, apathy and mischievousness are root causes of information security incidents in organisations. As such, insider threats have attracted the attention of a number of experts in this domain. Two particularly important considerations when exploring insider threats are motivation and opportunity. Two fundamental theories relating to these phenomena, and on which the research presented in this paper relies, are Social Bond Theory (SBT), which can be used to help undermine motivation to engage in misbehaviour, and Situational Crime Prevention Theory (SCPT), which can be used to reduce opportunities for misbehaviour. The results of our data analysis show that situational prevention factors such as increasing the effort and risk involved in a crime, reducing the rewards and removing excuses can significantly promotes the adoption of negative attitudes towards misbehaviour, though reducing provocations does not have any effect on attitudes. Further, social bond factors such as a commitment to organisational policies and procedures, involvement in information security activities and personal norms also significantly promotes the adoption of negative attitudes towards misbehaviour. However, attachment does not significantly promote an attitude of misbehaviour avoidance on the part of employees. Finally, our findings also show that a negative attitude towards misbehaviour influences the employees’ intentions towards engaging in misbehaviour positively, and this in turn reduces insider threat behaviour. The outputs of this study shed some light on factors which play a role in reducing misbehaviour in the domain of information security for academics and practitioners.

An opportunistic resource management model to overcome resource-constraint in the Internet of Things

Experts believe that the Internet of Things (IoT) is a new revolution in technology and has brought many advantages for our society. However, there are serious challenges in terms of information security and privacy protection. Smart objects usually do not have malware detection due to resource limitations and their intrusion detection work on a particular network. Low computation power, low bandwidth, low battery, storage, and memory contribute to a resource‐constrained effect on information security and privacy protection in the domain of IoT. The capacity of fog and cloud computing such as efficient computing, data access, network and storage, supporting mobility, location awareness, heterogeneity, scalability, and low latency in secure communication positively influence information security and privacy protection in IoT. This study illustrates the positive effect of fog and cloud computing on the security of IoT systems and presents a decision‐making model based on the objects characteristics such as computational power, storage, memory, energy consumption, bandwidth, packet delivery, hop‐count, etc. This helps an IoT system choose the best nodes for creating the fog that we need in the IoT system. Our experiment shows that the proposed approach has less computational, communicational cost, and more productivity in compare with the situation that we choose the smart objects randomly to create a fog.

A threat based approach to computational offloading for collaborative cruise control

The interaction between discrete components of Internet of Things (IoT) and Intelligent Transportation Systems (ITS) is vital for a collaborative system. The secure and reliable use of Cruise Control (CC) with Cloud and Edge Cloud to achieve complete autonomy for a vehicle is a key component and a major challenge for ITS. This research unravels the complications that arise when Adaptive Cruise Control (ACC) is incorporated into a collaborative environment. It mainly answers the question of where to securely compute Collaborative Cruise Controls (CCC) data in a connected environment. To address this, the paper initially reviews previous research in the domain of Vehicular Cloud, ITS architecture, related threat modelling approaches, and secure implementations of ACC. An overview application model for CCC is developed for performing a threat analysis with the purpose of investigating the reasons why a vehicle suffers collision. Through the use of interviews, the research analyses and suggests the location of computational data by creating a taxonomy between the Edge Cloud, Cloud and the On-board Unit (OBU) while validating the model.

A New Unified Intrusion Anomaly Detection in Identifying Unseen Web Attacks

The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS) in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD) approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification). Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR) coupled with Euclidean Distance Analysis (EDA) and the Chebyshev Inequality Theorem (CIT) to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB) is employed alongside Random Forest (RF) as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.

The information security landscape in the supply chain

Information security breaches have serious consequences for companies. And information security breaches in the defence industry negatively impact national security. Selling information concerning industrial design, organisational strategic plans, customers, experts and other valuable information for monetary benefit, revenge, bribery and embezzlement are just some examples of the human dimension of information security.