Sarah M. North

Virtual Reality Therapy

Abstract Virtual reality therapy (VRT) is an innovative and emerging paradigm that provides effective modality of therapy by allowing clients to be exposed to similar stimuli as their real-world experiences using a computer-generated virtual reality. Extensive empirical research in VRT attests to the effective uses of this technology in treating many psychological disorders. In this chapter, researchers provide a thorough description of VRT and discuss the paradigm, emergence, trends, technologies, and research in this field. Furthermore, researchers provide concise direction and innovative ideas for the next generation of VRT applications.

Testing of Memory Leak in Android Applications

Android applications run on mobile devices that have limited memory resources. Although Android has its own memory manager with garbage collection support, many applications currently suffer from memory leak vulnerabilities. These applications may crash due to out of memory error while running. Testing of memory leak can detect the vulnerability early. In this paper, we perform memory leak testing of Android applications. We first develop some common memory leak patterns specific to Android applications. Then, based on the patterns, we generate test cases to emulate the memory leak. We evaluated the proposed testing approach (denoted as fuzz testing) for a number of Android applications. The initial results indicate that the proposed testing approach can effectively discover memory leaks in applications. Further, implemented code often lacks exception handling mechanism for altered resources and failed invocation of memory management related API calls.

Design and development of Anti-XSS proxy

Cross-Site Scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victims browser and cause security breaches. The discovery of XSS is still widespread among todays web applications. As a result, there is a need to improve existing solutions or develop novel attack detection techniques. This paper proposes a proxy-level design and development of XSS attack detection approach (Anti-XSS) based on Kullback-Leibler Divergence (KLD) measure. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks while displaying a low false positive rate depending on the choice of threshold values of KLD.

Client-Side Detection of SQL Injection Attack

Despite the development of many server-side approaches, SQL Injection (SQLI) vulnerabilities are still widely reported. A complementary approach is to detect the attack from the client-side (browser). This paper presents a client-side approach to detect SQLI attacks. The client-side accepts shadow SQL queries from the server-side and checks any deviation between shadow queries with dynamic queries generated with user supplied inputs. We propose four conditional entropy metrics to measure the deviation between the shadow query and dynamic query. We evaluate the approach with an open source PHP application. The results indicate that our approach can detect malicious inputs early at the client-side.

Virtual Reality Therapy for Treatment of Psychological Disorders

Virtual Reality Therapy (VRT) is a new innovative modality of therapy that allows clients to enter a computer-generated virtual world in order to be exposed to fear-provoking stimuli similar to their real world experiences. VRT has become an important treatment alternative for psychologists; scientists have used VRT for cognitive therapies and structural desensitization of patients suffering from a variety of psychological disorders. One pioneering use of VRT has been its application in the treatment of phobic disorders. With proper techniques and provisions, scientists can conduct experiments providing results that suggest that VRT is a useful addition to or a replacement for traditional therapy techniques.

Information Theoretic XSS Attack Detection in Web Applications

Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few years. XSS vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victims browser to cause unwanted behaviors and security breaches. Despite the presence of many mitigation approaches, the discovery of XSS is still widespread among todays web applications. As a result, there is a need to improve existing solutions and to develop novel attack detection techniques. This paper proposes a proxy-level XSS attack detection approach based on a popular information-theoretic measure known as Kullback-Leibler Divergence (KLD). Legitimate JavaScript code present in an application should remain similar or very close to the JavaScript code present in a rendered web page. A deviation between the two can be an indication of an XSS attack. This paper applies a back-off smoothing technique to effectively detect the presence of malicious JavaScript code in response pages. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks and suffer from low false positive rate through proper choice of threshold values of KLD. Further, the performance overhead has been found to be negligible.

Server-side code injection attack detection based on Kullback-Leibler distance

In this paper, we apply a well-known measure from information theory domain called Kullback-Leibler distance (or divergence) (KLD) to detect the symptoms of code injection attacks early during programme runtime. We take advantage of the observation that during code injection attack, the intended structure deviates from the expected structure. The KLD can be a suitable measure to capture the deviation. Our contribution includes the development of a server-side framework to compute KLD. In particular, we apply a smoothing algorithm to avoid the infinite KLD distance during attack detection stage. We evaluate our approach with three PHP applications having SQLI and XSS vulnerabilities. The initial results show that KLD can be an effective measurement technique to detect the occurrence of code injection attacks. The approach suffers from lower false positive and negative rates, and imposes negligible runtime overhead.

Performance analysis of brain-computer interfaces in aerial drone

The main objective of this study is to find efficient methods to utilize brain-computer interfaces (BCIs) in conjunction with aerial drones. The study investigates how effective the EPOC+ is by challenging users of diverse genders and ages to complete tasks using mental commands and facial expressions to control a Parrot AR-Drone 2.0. After a calibration phase, the designed experiments were conducted using randomly selected participants (n=20). Preliminary analysis of the collected data indicated that there was no significant difference between the rating of difficulty before and after, between the mental and facial commands. Furthermore, this study showed that from group of participants more individuals had greater difficulty controlling the mental and facial commands than they originally expected.

CS++: expanding CS curriculum via open cybersecurity courseware

In this paper, we described an ongoing project called CS++ that aims to expanding a CS curriculum in cybersecurity with minimum requirement of additional resources by plugging open cybersecurity courseware in the existing curriculum. Each courseware unit covers a special topic of cybersecurity technology and can be plugged in one or multiple related CS courses; altogether, the open cybersecurity courseware delivers a comprehensive view of cybersecurity knowledge. After being plugged with the open courseware units, a typical CS curriculum is turned to a CS++ curriculum with comprehensive coverage of cybersecurity knowledge.