Natalie Clewley

Effects-based feature identification for network intrusion detection

Intrusion detection systems (IDS) are an important element in a networks defences to help protect against increasingly sophisticated cyber attacks. IDS that rely solely on a database of stored known attacks are no longer sufficient for effectively detecting modern day threats. This paper presents a novel anomaly detection technique that can be used to detect previously unknown attacks on a network by identifying attack features. This effects-based feature identification method uniquely combines k-means clustering, Naive Bayes feature selection and C4.5 decision tree classification for pinpointing cyber attacks with a high degree of accuracy in order to increase the situational awareness of cyber network operators.

Evaluation of the credibility of internet shopping in the UK

Purpose – The purpose of this paper is to examine the credibility of internet shopping. Credibility, which refers to the believability of information, is an important consideration of internet shopping.Design/methodology/approach – The evaluation is conducted by incorporating Foggs 10 Stanford Guidelines for Web Credibility into Nielsens heuristic evaluation. Furthermore, security and individualisation are considered as additional heuristics. Evaluation criteria are developed based on these 12 heuristics. Three UK car insurance web sites are selected for evaluation, including the AA, Norwich Union and Tesco.Findings – The results show that the Norwich Union site seems to be the most credible while the Tesco site appears to be the least credible. The most significant credibility problems are found to lie in the areas of “trustworthiness”, “expertise” and “real‐world feel”. In other words, these three areas are key issues for future improvement of these sites.Originality/value – This paper contributes to ...

Dynamic cyber-incident response

Traditional cyber-incident response models have not changed significantly since the early days of the Computer Incident Response with even the most recent incident response life cycle model advocated by the US National Institute of Standards and Technology (Cichonski, Millar, Grance, & Scarfone, 2012) bearing a striking resemblance to the models proposed by early leaders in the field e.g. Carnegie-Mellon University (West-Brown, et al., 2003) and the SANS Institute (Northcutt, 2003). Whilst serving the purpose of producing coherent and effective response plans, these models appear to be created from the perspectives of Computer Security professionals with no referenced academic grounding. They attempt to defend against, halt and recover from a cyber-attack as quickly as possible. However, other actors inside an organisation may have priorities which conflict with these traditional approaches and may ultimately better serve the longer-term goals and objectives of an organisation.