Research Publications
Permanent URI for this communityhttps://rda.sliit.lk/handle/123456789/4194
This main community comprises five sub-communities, each representing the academic contribution made by SLIIT-affiliated personnel.
Browse
3 results
Filters
Advanced Search
Filter by
Settings
Search Results
Publication Embargo An Overview of Social Engineering in the Context of Information Security(IEEE, 2019-01-31) Kaushalya, T; Randeniya, R. M. R. S. B; Liyanage, SSocial engineering in the context of information security is the exploitation of human psychology to gain access into secure data. Human emotion can act as both a strength and a weakness. When it comes to the world booming with technology, human emotions which are completely unrelated to the matter is made to relate through social engineering. Social engineering employs `traps' to pry on human emotion and its vulnerability, taking advantage of the flaws of human psychology. Information security breaches utilising social engineering techniques are vast, so that social engineering in this context is a topic which could not be neglected. This research paper presents an overview of social engineering attacks and suggested defence mechanisms. An introduction to social engineering attacks are given, with context to the current trends and related vulnerabilities. Main reasons for the spread of social engineering attacks in the current context are also presented. Attack frameworks are presented and defence approaches are proposed at the end.Publication Embargo NoFish; Total Anti-Phishing Protection System(2020 2nd International Conference on Advancements in Computing (ICAC), SLIIT, 2020-12-10) Atimorathanna, D.N.; Ranaweera, T.S.; Pabasara, R.A.H.D.; Perera, J.R.; Abeywardena, K.Y.Phishing attacks have been identified by researchers as one of the major cyber-attack vectors which the general public has to face today. Although many vendors constantly launch new anti-phishing products, these products cannot prevent all the phishing attacks. The proposed solution, “NoFish” is a total anti-phishing protection system created especially for end-users as well as for organizations. This paper proposes a machine learning & computer vision-based approach for intelligent phishing detection. In this paper, a realtime anti-phishing system, which has been implemented using four main phishing detection mechanisms, is proposed. The system has the following distinguishing properties from related studies in the literature: language independence, use of a considerable amount of phishing and legitimate data, real-time execution, detection of new websites, detecting zero hour phishing attacks and use of feature-rich classifiers, visual image comparison, DNS phishing detection, email client plugin and especially the overall system is designed using a level-based security architecture to reduce the time-consumption. Users can simply download the NoFish browser extension and email plugin to protect themselves, establishing a relatively secure browsing environment. Users are more secure in cyberspace with NoFish which depicts a 97% accuracy level.Publication Embargo SentinelPlus: A Cost-Effective Cyber Security Solution for Healthcare Organizations(2021 3rd International Conference on Advancements in Computing (ICAC), SLIIT, 2021-12-09) Janith, K.; Iddagoda, R.; Gunawardena, C.; Sankalpa, K.; Abeywardena, K.Y.; Yapa, K.Electronic Protected Health Information (ePHI) has proven to be quite lucrative by cybercriminals due to their long shelf life and multiple possible avenues of monetization. These highly sensitive data has become an easy target for cyber attackers due to the poor cyber resiliency strategies exercised by Healthcare Organizations. The reasoning behind the poor cyber security management in the healthcare sector sums to the collective impact of budgetary restriction, lack of cyber security competency and talent in the domain, prioritizing convenience over security, and various work culture malpractices. Further-more, a substantial number of data breaches in the healthcare sector are known to be caused by human errors, security misconfigurations, and information mismanagement. Secondly, the increasing prevalence of ransomware and botnet attacks has hampered the efficiency and availability of healthcare services. As a result, in order to provide a holistic security mechanism, this paper presents "SentinelPlus," a machine learning-based security management suite.