Zarul Fitri Zaaba

A study on improving security warnings

Security warnings are intended to alert users about the possibility of events that may compromise their protection. They encounter security warnings on daily basis in many situations when dealing with their computer. However, prior studies have shown that users often have difficulty in understanding the warnings, which can pose a particular risk in cases where they are required to make a decision. Well gathered information is needed to help the researchers and other people to further understand this area. This paper describes an overview of studies on security warnings. It covers problems that end users encounter with security warnings, possible solutions and approaches of security warnings and useful classification of security warnings studies. It is expected that this paper will benefit the research community or general public to understand the problems and possible solutions in improving security warnings.

Eye 2H: A proposed automated smart home control system for detecting human emotions through facial detection

The increasing cost of living nowadays has caused many people to work harder in order to gain more pay. The associated heavier workloads together with tension and pressure often lead to stress-related health problems. People do really deserve a good rest when they come home from their office. As a result, the proposed solution - The Eye 2H is an intelligent system that will use the technique of image processing and face recognition to detect and analyze the human emotion to control the electronic equipment in their house through an intelligent control box. There are several studies highlighted that by controlling the brightness of light, we could affect the emotion or behavior of humans. Thus, we believe that The Eye 2H is capable to fulfill the main objective of the project which is to provide a better living environment for people in order to provide them a harmony and happy (2H) living life. The Eye 2H is capable of boosting the mood and emotion of the residents by controlling the electronic equipment in their house. The feature of turning on light automatically as well as fine-tune the brightness of light according to human emotion mood will give a “welcoming home” effect to the house owner. Besides that, The Eye 2H is also a green technology project as it will support the Go Green concept by reducing the energy usage.

Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm

Cross site scripting (XSS) is one of the major threats to the web application security, where the research is still underway for an effective and useful way to analyse the source code of web application and removes this threat. XSS occurs by injecting the malicious scripts into web application and it can lead to significant violations at the site or for the user. Several solutions have been recommended for their detection. However, their results do not appear to be effective enough to resolve the issue. This paper recommended a methodology for the detection of XSS from the PHP web application using genetic algorithm (GA) and static analysis. The methodology enhances the earlier approaches of determining XSS vulnerability in the web application by eliminating the infeasible paths from the control flow graph (CFG). This aids in reducing the false positive rate in the outcomes. The results of the experiments indicated that our methodology is more effectual in detecting XSS vulnerability from the PHP web application compared to the earlier studies, in terms of the false positive rates and the concrete susceptible paths determined by GA Generator.

Detection and Removing Cross Site Scripting Vulnerability in PHP Web Application

Cross Site Scripting (XSS) vulnerability acts as one of the chief widespread security issues in web applications. By reviewing the literature pertaining to XSS vulnerability, it has been found that many investigations have directed their energy only on XSS vulnerability detection, but not many studies have concentrated on removing XSS vulnerability. This paper embed the removal stage of XSS vulnerability to our previous approach of detection XSS vulnerability, in a way to make the approach fully to detect and remove XSS vulnerability from PHP source code. We conducted two experiments to detect and remove Reflected and Stored XSS vulnerability. The results show that our approach is able to detect and remove XSS vulnerability in PHP source code. More research is required in the field of removing XSS vulnerability from the application source code before deployment.

Symbolism in Computer Security Warnings: Signal Icons & Signal Words

Security warning is often encountered by the end users when they use their system. It is a form of communication to notify the users of possible consequences in the future. These threats have always been evolved with the advancement of technologies. The attacks threaten the end users with many harmful effects such as malware attacks. However, security warning keeps being ignored due to various reasons. One of the reasons is lack of attention towards warnings. The end users feels burden and treat security task as a secondary rather than primary task. To divert user’s mind to read and comprehend the security warnings, it is important to capture the user’s attention. Signal words and signal icons are important in the security warning as it is the elements that could help user to heed the warnings. A survey study has been conducted with 60 participants in regards to the perception towards attractiveness and understanding of the signal words and icons. It can be revealed that end users significantly feel that the icon with the exclamation marks is attractive and easy to understand. However, only one of three hypotheses is proven to be significant.

Automatic Annotation of Unlabeled Data from Smartphone-Based Motion and Location Sensors

Automatic data annotation eliminates most of the challenges we faced due to the manual methods of annotating sensor data. It significantly improves users’ experience during sensing activities since their active involvement in the labeling process is reduced. An unsupervised learning technique such as clustering can be used to automatically annotate sensor data. However, the lingering issue with clustering is the validation of generated clusters. In this paper, we adopted the k-means clustering algorithm for annotating unlabeled sensor data for the purpose of detecting sensitive location information of mobile crowd sensing users. Furthermore, we proposed a cluster validation index for the k-means algorithm, which is based on Multiple Pair-Frequency. Thereafter, we trained three classifiers (Support Vector Machine, K-Nearest Neighbor, and Naïve Bayes) using cluster labels generated from the k-means clustering algorithm. The accuracy, precision, and recall of these classifiers were evaluated during the classification of “non-sensitive” and “sensitive” data from motion and location sensors. Very high accuracy scores were recorded from Support Vector Machine and K-Nearest Neighbor classifiers while a fairly high accuracy score was recorded from the Naïve Bayes classifier. With the hybridized machine learning (unsupervised and supervised) technique presented in this paper, unlabeled sensor data was automatically annotated and then classified.

Infeasible paths in static analysis: Problems and challenges

Static analysis is an important part in the detection of vulnerabilities and threats in the software also in program analysis. By improving static analysis is necessary to obtain accurate results and lessen the occurrence of false positive results. Being able to detect infeasible paths is useful in the improvement and development of the results of static analysis. However, the process that is used to identify these infeasible paths is not simple, especially because numerous tools and methods still do not have the efficiency in detecting these kinds of paths within the static analysis. This paper investigates the current approaches to detect infeasible paths in the static analysis and discusses the challenges further.Static analysis is an important part in the detection of vulnerabilities and threats in the software also in program analysis. By improving static analysis is necessary to obtain accurate results and lessen the occurrence of false positive results. Being able to detect infeasible paths is useful in the improvement and development of the results of static analysis. However, the process that is used to identify these infeasible paths is not simple, especially because numerous tools and methods still do not have the efficiency in detecting these kinds of paths within the static analysis. This paper investigates the current approaches to detect infeasible paths in the static analysis and discusses the challenges further.

Habituation effects in computer security warning

ABSTRACT Security warning is a form of computer dialog communication used to inform the users on the risks of allowing random applications to run on a computer system. Accordingly, it is specifically designed to impersonate a legitimate security alerting function (e.g., notify, warn, and advice) to a user about the consequence effect of an action. However, most of the computer users tend to ignore those security warnings conveying the same message over and over again. This eventually leads to habituation. Considering the fact that there is a significant lack of focus paid to address this issue, the main objective of this article is to describe and summarize the related studies on users’ habituation to the security warnings. This article presents a systematic literature review to explore the current key issues, challenges, and the possible solutions related to habituation effects in security warnings. It is expected that this article could contribute to a more complete understanding of the habituation effects in security warnings and eventually bring benefits to the research communities or general publics.

Cross Site Scripting: Detection Approaches in Web Application

Web applications have become one of the standard platforms for service releases and representing information and data over the World Wide Web. Thus, security vulnerabilities headed to various type of attacks in web applications. Amongst those is Cross Site Scripting also known as XSS. XSS can be considered as one of the most popular type of threat in web security application. XSS occurs by injecting the malicious scripts into web application, and it can lead to significant violations at the site or for the user. This paper highlights the issues (i.e. security and vulnerability) in web application specifically in regards to XSS. In addition, the future direction of research within this domain is highlighted.

Managing Secure Personal Mobile Health Information

Medical errors may cause serious public health problems and threaten the safety of the patients. Part of the errors is due to mistakes in the medical record or incomplete medical record which may trigger tragic consequences. In this paper, we present an application that manages securely personal health information on a mobile platform and keeps all the medical records of a patient in digital format. Patients are able to access their medical record at their convenience and the confidentiality of information is guaranteed. Patients are also able to share their personal health record with their respective doctor in a secure way. The application consists of several modules: incognito, access control, privacy control, authentication, encryption, multifactor authentication and emergency control. An anonymous database is created by removing all the identifier of a patient before the health record is stored in the database. This provides an extra layer of protection to the patient’s privacy. In particular, our proposed application introduces the multifactor authentication and emergency control modules which provides a multi-layered defense authentication and emergency case handler respectively. Thus, the proposed application allows the patient to assess their records conveniently and securely, and helps them in emergency situations. As such, the application is suitable for cases involving large number of patients and emergency situations such as in Hajj healthcare management.