Visible to the public Biblio

Found 776 results

Filters: First Letter Of Title is M  [Clear All Filters]
A B C D E F G H I J K L [M] N O P Q R S T U V W X Y Z   [Show ALL]
A
A. Akinbi, E. Pereira.  2015.  "Mapping Security Requirements to Identify Critical Security Areas of Focus in PaaS Cloud Models". 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. :789-794.

Information Technology experts cite security and privacy concerns as the major challenges in the adoption of cloud computing. On Platform-as-a-Service (PaaS) clouds, customers are faced with challenges of selecting service providers and evaluating security implementations based on their security needs and requirements. This study aims to enable cloud customers the ability to quantify their security requirements in order to identify critical areas in PaaS cloud architectures were security provisions offered by CSPs could be assessed. With the use of an adaptive security mapping matrix, the study uses a quantitative approach to presents findings of numeric data that shows critical architectures within the PaaS environment where security can be evaluated and security controls assessed to meet these security requirements. The matrix can be adapted across different types of PaaS cloud models based on individual security requirements and service level objectives identified by PaaS cloud customers.

Ababii, V., Sudacevschi, V., Braniste, R., Nistiriuc, A., Munteanu, S., Borozan, O..  2020.  Multi-Robot System Based on Swarm Intelligence for Optimal Solution Search. 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). :1–5.
This work presents the results of the Multi-Robot System designing that works on the basis of Swarm Intelligence models and is used to search for optimal solutions. The process of searching for optimal solutions is performed based on a field of gradient vectors that can be generated by ionizing radiation sources, radio-electro-magnetic devices, temperature generating sources, etc. The concept of the operation System is based on the distribution in the search space of a multitude of Mobile Robots that form a Mesh network between them. Each Mobile Robot has a set of ultrasonic sensors for excluding the collisions with obstacles, two sensors for identifying the gradient vector of the analyzed field, resources for wireless storage, processing and communication. The direction of the Mobile Robot movement is determined by the rotational speed of two DC motors which is calculated based on the models of Artificial Neural Networks. Gradient vectors generated by all Mobile Robots in the system structure are used to calculate the movement direction.
Abbas, Syed Ghazanfar, Hashmat, Fabiha, Shah, Ghalib A..  2020.  A Multi-layer Industrial-IoT Attack Taxonomy: Layers, Dimensions, Techniques and Application. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1820—1825.

Industrial IoT (IIoT) is a specialized subset of IoT which involves the interconnection of industrial devices with ubiquitous control and intelligent processing services to improve industrial system's productivity and operational capability. In essence, IIoT adapts a use-case specific architecture based on RFID sense network, BLE sense network or WSN, where heterogeneous industrial IoT devices can collaborate with each other to achieve a common goal. Nonetheless, most of the IIoT deployments are brownfield in nature which involves both new and legacy technologies (SCADA (Supervisory Control and Data Acquisition System)). The merger of these technologies causes high degree of cross-linking and decentralization which ultimately increases the complexity of IIoT systems and introduce new vulnerabilities. Hence, industrial organizations becomes not only vulnerable to conventional SCADA attacks but also to a multitude of IIoT specific threats. However, there is a lack of understanding of these attacks both with respect to the literature and empirical evaluation. As a consequence, it is infeasible for industrial organizations, researchers and developers to analyze attacks and derive a robust security mechanism for IIoT. In this paper, we developed a multi-layer taxonomy of IIoT attacks by considering both brownfield and greenfield architecture of IIoT. The taxonomy consists of 11 layers 94 dimensions and approximately 100 attack techniques which helps to provide a holistic overview of the incident attack pattern, attack characteristics and impact on industrial system. Subsequently, we have exhibited the practical relevance of developed taxonomy by applying it to a real-world use-case. This research will benefit researchers and developers to best utilize developed taxonomy for analyzing attack sequence and to envisage an efficient security platform for futuristic IIoT applications.

Abdulqadder, I. H., Zou, D., Aziz, I. T., Yuan, B..  2017.  Modeling software defined security using multi-level security mechanism for SDN environment. 2017 IEEE 17th International Conference on Communication Technology (ICCT). :1342–1346.

Software Defined Networking (SDN) support several administrators for quicker access of resources due to its manageability, cost-effectiveness and adaptability. Even though SDN is beneficial it also exists with security based challenges due to many vulnerable threats. Participation of such threats increases their impact and risk level. In this paper a multi-level security mechanism is proposed over SDN architecture design. In each level the flow packet is analyzed using different metric and finally it reaches a secure controller for processing. Benign flow packets are differentiated from non-benign flow by means of the packet features. Initially routers verify user, secondly policies are verified by using dual-fuzzy logic design and thirdly controllers are authenticated using signature based authentication before assigning flow packets. This work aims to enhance entire security of developed SDN environment. SDN architecture is implemented in OMNeT++ simulation tool that supports OpenFlow switches and controllers. Finally experimental results show better performances in following performance metrics as throughput, time consumption and jitter.

Abeysekara, P., Dong, H., Qin, A. K..  2019.  Machine Learning-Driven Trust Prediction for MEC-Based IoT Services. 2019 IEEE International Conference on Web Services (ICWS). :188—192.

We propose a distributed machine-learning architecture to predict trustworthiness of sensor services in Mobile Edge Computing (MEC) based Internet of Things (IoT) services, which aligns well with the goals of MEC and requirements of modern IoT systems. The proposed machine-learning architecture models training a distributed trust prediction model over a topology of MEC-environments as a Network Lasso problem, which allows simultaneous clustering and optimization on large-scale networked-graphs. We then attempt to solve it using Alternate Direction Method of Multipliers (ADMM) in a way that makes it suitable for MEC-based IoT systems. We present analytical and simulation results to show the validity and efficiency of the proposed solution.

Abuzainab, N., Saad, W..  2018.  A Multiclass Mean-Field Game for Thwarting Misinformation Spread in the Internet of Battlefield Things. IEEE Transactions on Communications. 66:6643—6658.

In this paper, the problem of misinformation propagation is studied for an Internet of Battlefield Things (IoBT) system, in which an attacker seeks to inject false information in the IoBT nodes in order to compromise the IoBT operations. In the considered model, each IoBT node seeks to counter the misinformation attack by finding the optimal probability of accepting given information that minimizes its cost at each time instant. The cost is expressed in terms of the quality of information received as well as the infection cost. The problem is formulated as a mean-field game with multiclass agents, which is suitable to model a massive heterogeneous IoBT system. For this game, the mean-field equilibrium is characterized, and an algorithm based on the forward backward sweep method is proposed to find the mean-field equilibrium. Then, the finite-IoBT case is considered, and the conditions of convergence of the equilibria in the finite case to the mean-field equilibrium are presented. Numerical results show that the proposed scheme can achieve a 1.2-fold increase in the quality of information compared with a baseline scheme, in which the IoBT nodes are always transmitting. The results also show that the proposed scheme can reduce the proportion of infected nodes by 99% compared with the baseline.

Abuzainab, N., Saad, W..  2018.  Misinformation Control in the Internet of Battlefield Things: A Multiclass Mean-Field Game. 2018 IEEE Global Communications Conference (GLOBECOM). :1—7.

In this paper, the problem of misinformation propagation is studied for an Internet of Battlefield Things (IoBT) system in which an attacker seeks to inject false information in the IoBT nodes in order to compromise the IoBT operations. In the considered model, each IoBT node seeks to counter the misinformation attack by finding the optimal probability of accepting a given information that minimizes its cost at each time instant. The cost is expressed in terms of the quality of information received as well as the infection cost. The problem is formulated as a mean-field game with multiclass agents which is suitable to model a massive heterogeneous IoBT system. For this game, the mean-field equilibrium is characterized, and an algorithm based on the forward backward sweep method is proposed. Then, the finite IoBT case is considered, and the conditions of convergence of the equilibria in the finite case to the mean-field equilibrium are presented. Numerical results show that the proposed scheme can achieve a two-fold increase in the quality of information (QoI) compared to the baseline when the nodes are always transmitting.

Abuzainab, N., Saad, W..  2018.  A Multiclass Mean-Field Game for Thwarting Misinformation Spread in the Internet of Battlefield Things (IoBT). IEEE Transactions on Communications. :1–1.

In this paper, the problem of misinformation propagation is studied for an Internet of Battlefield Things (IoBT) system in which an attacker seeks to inject false information in the IoBT nodes in order to compromise the IoBT operations. In the considered model, each IoBT node seeks to counter the misinformation attack by finding the optimal probability of accepting a given information that minimizes its cost at each time instant. The cost is expressed in terms of the quality of information received as well as the infection cost. The problem is formulated as a mean-field game with multiclass agents which is suitable to model a massive heterogeneous IoBT system. For this game, the mean-field equilibrium is characterized, and an algorithm based on the forward backward sweep method is proposed to find the mean-field equilibrium. Then, the finite IoBT case is considered, and the conditions of convergence of the equilibria in the finite case to the mean-field equilibrium are presented. Numerical results show that the proposed scheme can achieve a 1.2-fold increase in the quality of information (QoI) compared to a baseline scheme in which the IoBT nodes are always transmitting. The results also show that the proposed scheme can reduce the proportion of infected nodes by 99% compared to the baseline.

Adat, V., Parsamehr, R., Politis, I., Tselios, C., Kotsopoulos, S..  2020.  Malicious user identification scheme for network coding enabled small cell environment. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1—6.
Reliable communication over the wireless network with high throughput is a major target for the next generation communication technologies. Network coding can significantly improve the throughput efficiency of the network in a cooperative environment. The small cell technology and device to device communication make network coding an ideal candidate for improved performance in the fifth generation of communication networks. However, the security concerns associated with network coding needs to be addressed before any practical implementations. Pollution attacks are considered one of the most threatening attacks in the network coding environment. Although there are different integrity schemes to detect polluted packets, identifying the exact adversary in a network coding environment is a less addressed challenge. This paper proposes a scheme for identifying and locating adversaries in a dense, network coding enabled environment of mobile nodes. It also discusses a non-repudiation protocol that will prevent adversaries from deceiving the network.
Ahmad, A., Hassan, M.M., Aziz, A..  2014.  A Multi-token Authorization Strategy for Secure Mobile Cloud Computing. Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2014 2nd IEEE International Conference on. :136-141.

Cloud computing is an emerging paradigm shifting the shape of computing models from being a technology to a utility. However, security, privacy and trust are amongst the issues that can subvert the benefits and hence wide deployment of cloud computing. With the introduction of omnipresent mobile-based clients, the ubiquity of the model increases, suggesting a still higher integration in life. Nonetheless, the security issues rise to a higher degree as well. The constrained input methods for credentials and the vulnerable wireless communication links are among factors giving rise to serious security issues. To strengthen the access control of cloud resources, organizations now commonly acquire Identity Management Systems (IdM). This paper presents that the most popular IdM, namely OAuth, working in scope of Mobile Cloud Computing has many weaknesses in authorization architecture. In particular, authors find two major issues in current IdM. First, if the IdM System is compromised through malicious code, it allows a hacker to get authorization of all the protected resources hosted on a cloud. Second, all the communication links among client, cloud and IdM carries complete authorization token, that can allow hacker, through traffic interception at any communication link, an illegitimate access of protected resources. We also suggest a solution to the reported problems, and justify our arguments with experimentation and mathematical modeling.

Ahmadi, Ali, Bidmeshki, Mohammad-Mahdi, Nahar, Amit, Orr, Bob, Pas, Michael, Makris, Yiorgos.  2016.  A Machine Learning Approach to Fab-of-origin Attestation. Proceedings of the 35th International Conference on Computer-Aided Design. :92:1–92:6.

We introduce a machine learning approach for distinguishing between integrated circuits fabricated in a ratified facility and circuits originating from an unknown or undesired source based on parametric measurements. Unlike earlier approaches, which seek to achieve the same objective in a general, design-independent manner, the proposed method leverages the interaction between the idiosyncrasies of the fabrication facility and a specific design, in order to create a customized fab-of-origin membership test for the circuit in question. Effectiveness of the proposed method is demonstrated using two large industrial datasets from a 65nm Texas Instruments RF transceiver manufactured in two different fabrication facilities.

Ahmadi, S. Sareh, Rashad, Sherif, Elgazzar, Heba.  2019.  Machine Learning Models for Activity Recognition and Authentication of Smartphone Users. 2019 IEEE 10th Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :0561–0567.
Technological advancements have made smartphones to provide wide range of applications that enable users to perform many of their tasks easily and conveniently, anytime and anywhere. For this reason, many users are tend to store their private data in their smart phones. Since conventional methods for security of smartphones, such as passwords, personal identification numbers, and pattern locks are prone to many attacks, this research paper proposes a novel method for authenticating smartphone users based on performing seven different daily physical activity as behavioral biometrics, using smartphone embedded sensor data. This authentication scheme builds a machine learning model which recognizes users by performing those daily activities. Experimental results demonstrate the effectiveness of the proposed framework.
Ahmadian, Amir Shayan, Peldszus, Sven, Ramadan, Qusai, Jürjens, Jan.  2017.  Model-Based Privacy and Security Analysis with CARiSMA. Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. :989–993.

We present CARiSMA, a tool that is originally designed to support model-based security analysis of IT systems. In our recent work, we added several new functionalities to CARiSMA to support the privacy of personal data. Moreover, we introduced a mechanism to assist the system designers to perform a CARiSMA analysis by automatically initializing an appropriate CARiSMA analysis concerning security and privacy requirements. The motivation for our work is Article 25 of Regulation (EU) 2016/679, which requires appropriate technical and organizational controls must be implemented for ensuring that, by default, the processing of personal data complies with the principles on processing of personal data. This implies that initially IT systems must be analyzed to verify if such principles are respected. System models allow the system developers to handle the complexity of systems and to focus on key aspects such as privacy and security. CARiSMA is available at http://carisma.umlsec.de and our screen cast at https://youtu.be/b5zeHig3ARw.

Ahmed, M. E., Kim, H., Park, M..  2017.  Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking. MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM). :11–16.

Securing Internet of Things is a challenge because of its multiple points of vulnerability. In particular, Distributed Denial of Service (DDoS) attacks on IoT devices pose a major security challenge to be addressed. In this paper, we propose a DNS query-based DDoS attack mitigation system using Software-Defined Networking (SDN) to block the network traffic for DDoS attacks. With some features provided by SDN, we can analyze traffic patterns and filter suspicious network flows out. To show the feasibility of the proposed system, we particularly implemented a prototype with Dirichlet process mixture model to distinguish benign traffic from malicious traffic and conducted experiments with the dataset collected from real network traces. We demonstrate the effectiveness of the proposed method by both simulations and experiment data obtained from the real network traffic traces.

Ahmed, Noor O., Bhargava, Bharat.  2016.  Mayflies: A Moving Target Defense Framework for Distributed Systems. Proceedings of the 2016 ACM Workshop on Moving Target Defense. :59–64.

prevent attackers from gaining control of the system using well established techniques such as; perimeter-based fire walls, redundancy and replications, and encryption. However, given sufficient time and resources, all these methods can be defeated. Moving Target Defense (MTD), is a defensive strategy that aims to reduce the need to continuously fight against attacks by disrupting attackers gain-loss balance. We present Mayflies, a bio-inspired generic MTD framework for distributed systems on virtualized cloud platforms. The framework enables systems designed to defend against attacks for their entire runtime to systems that avoid attacks in time intervals. We discuss the design, algorithms and the implementation of the framework prototype. We illustrate the prototype with a quorum-based Byzantime Fault Tolerant system and report the preliminary results.

Akhtar, N., Matta, I., Wang, Y..  2016.  Managing NFV using SDN and control theory. NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium. :1005–1006.

Control theory and SDN (Software Defined Networking) are key components for NFV (Network Function Virtualization) deployment. However little has been done to use a control-theoretic approach for SDN and NFV management. In this demo, we describe a use case for NFV management using control theory and SDN. We use the management architecture of RINA (a clean-slate Recursive InterNetwork Architecture) to manage Virtual Network Function (VNF) instances over the GENI testbed. We deploy Snort, an Intrusion Detection System (IDS) as the VNF. Our network topology has source and destination hosts, multiple IDSes, an Open vSwitch (OVS) and an OpenFlow controller. A distributed management application running on RINA measures the state of the VNF instances and communicates this information to a Proportional Integral (PI) controller, which then provides load balancing information to the OpenFlow controller. The latter controller in turn updates traffic flow forwarding rules on the OVS switch, thus balancing load across the VNF instances. This demo demonstrates the benefits of using such a control-theoretic load balancing approach and the RINA management architecture in virtualized environments for NFV management. It also illustrates that the GENI testbed can easily support a wide range of SDN and NFV related experiments.

Akhtar, Nabeel, Matta, Ibrahim, Wang, Yuefeng.  2016.  Managing NFV using SDN and control theory. :1113–1118.

Control theory and SDN (Software Defined Networking) are key components for NFV (Network Function Virtualization) deployment. However little has been done to use a control-theoretic approach for SDN and NFV management. In this paper, we describe a use case for NFV management using control theory and SDN. We use the management architecture of RINA (a clean-slate Recursive InterNetwork Architecture) to manage Virtual Network Function (VNF) instances over the GENI testbed. We deploy Snort, an Intrusion Detection System (IDS) as the VNF. Our network topology has source and destination hosts, multiple IDSes, an Open vSwitch (OVS) and an OpenFlow controller. A distributed management application running on RINA measures the state of the VNF instances and communicates this information to a Proportional Integral (PI) controller, which then provides load balancing information to the OpenFlow controller. The latter controller in turn updates traffic flow forwarding rules on the OVS switch, thus balancing load across the VNF instances. This paper demonstrates the benefits of using such a control-theoretic load balancing approach and the RINA management architecture in virtualized environments for NFV management. It also illustrates that GENI can easily support a wide range of SDN and NFV related experiments.

Akhtar, T., Gupta, B. B., Yamaguchi, S..  2018.  Malware propagation effects on SCADA system and smart power grid. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1–6.

Critical infrastructures have suffered from different kind of cyber attacks over the years. Many of these attacks are performed using malwares by exploiting the vulnerabilities of these resources. Smart power grid is one of the major victim which suffered from these attacks and its SCADA system are frequently targeted. In this paper we describe our proposed framework to analyze smart power grid, while its SCADA system is under attack by malware. Malware propagation and its effects on SCADA system is the focal point of our analysis. OMNeT++ simulator and openDSS is used for developing and analyzing the simulated smart power grid environment.

Akkasaligar, P. T., Biradar, S..  2020.  Medical Image Compression and Encryption using Chaos based DNA Cryptography. 2020 IEEE Bangalore Humanitarian Technology Conference (B-HTC). :1–5.
In digital communication, the transmission of medical images over communication network is very explosive. We need a communication system to transmit the medical information rapidly and securely. In this manuscript, we propose a cryptosystem with novel encoding strategy and lossless compression technique. The chaos based DNA cryptography is used to enrich security of medical images. The lossless Discrete Haar Wavelet Transform is used to reduce space and time efficiency during transmission. The cryptanalysis proves that proposed cryptosystem is secure against different types of attacks. The compression ratio and pixel comparison is performed to verify the similarity of retained medical image.
Akram, B., Ogi, D..  2020.  The Making of Indicator of Compromise using Malware Reverse Engineering Techniques. 2020 International Conference on ICT for Smart Society (ICISS). CFP2013V-ART:1—6.

Malware threats often go undetected immediately, because attackers can camouflage well within the system. The users realize this after the devices stop working and cause harm for them. One way to deceive malicious content detection, malware authors use packers. Malware analysis is an activity to gain knowledge about malware. Reverse engineering is a technique used to identify and deal with new viruses or to understand malware behavior. Therefore, this technique can be the right choice for conducting malware analysis, especially for malware with packers. The results of the analysis are used as a source for making creating indicator of compromise in the YARA rule format. YARA rule is used as a component for detecting malware using the indicators obtained in the analysis process.

Aktepe, S., Varol, C., Shashidhar, N..  2020.  MiNo: The Chrome Web Browser Add-on Application to Block the Hidden Cryptocurrency Mining Activities. 2020 8th International Symposium on Digital Forensics and Security (ISDFS). :1—5.

Cryptocurrencies are the digital currencies designed to replace the regular cash money while taking place in our daily lives especially for the last couple of years. Mining cryptocurrencies are one of the popular ways to have them and make a profit due to unstable values in the market. This attracts attackers to utilize malware on internet users' computer resources, also known as cryptojacking, to mine cryptocurrencies. Cryptojacking started to be a major issue in the internet world. In this case, we developed MiNo, a web browser add-on application to detect these malicious mining activities running without the user's permission or knowledge. This add-on provides security and efficiency for the computer resources of the internet users. MiNo designed and developed with double-layer protection which makes it ahead of its competitors in the market.

Al-Far, A., Qusef, A., Almajali, S..  2018.  Measuring Impact Score on Confidentiality, Integrity, and Availability Using Code Metrics. 2018 International Arab Conference on Information Technology (ACIT). :1—9.

Confidentiality, Integrity, and Availability are principal keys to build any secure software. Considering the security principles during the different software development phases would reduce software vulnerabilities. This paper measures the impact of the different software quality metrics on Confidentiality, Integrity, or Availability for any given object-oriented PHP application, which has a list of reported vulnerabilities. The National Vulnerability Database was used to provide the impact score on confidentiality, integrity, and availability for the reported vulnerabilities on the selected applications. This paper includes a study for these scores and its correlation with 25 code metrics for the given vulnerable source code. The achieved results were able to correlate 23.7% of the variability in `Integrity' to four metrics: Vocabulary Used in Code, Card and Agresti, Intelligent Content, and Efferent Coupling metrics. The Length (Halstead metric) could alone predict about 24.2 % of the observed variability in ` Availability'. The results indicate no significant correlation of `Confidentiality' with the tested code metrics.

Alaoui, Sadek Belamfedel, El Houssaine, Tissir, Noreddine, Chaibi.  2019.  Modelling, analysis and design of active queue management to mitigate the effect of denial of service attack in wired/wireless network. 2019 International Conference on Wireless Networks and Mobile Communications (WINCOM). :1–7.
Mitigating the effect of Distributed Denial of Service (DDoS) attacks in wired/wireless networks is a problem of extreme importance. The present paper investigates this problem and proposes a secure AQM to encounter the effects of DDoS attacks on queue's router. The employed method relies on modelling the TCP/AQM system subjected to different DoS attack rate where the resulting closed-loop system is expressed as new Markovian Jump Linear System (MJLS). Sufficient delay-dependent conditions which guarantee the syntheses of a stabilizing control for the closed-loop system with a guaranteed cost J* are derived. Finally, a numerical example is displayed.
Algin, Ramazan, Tan, Huseyin O., Akkaya, Kemal.  2017.  Mitigating Selective Jamming Attacks in Smart Meter Data Collection Using Moving Target Defense. Proceedings of the 13th ACM Symposium on QoS and Security for Wireless and Mobile Networks. :1–8.

In Advanced Metering Infrastructure (AMI) networks, power data collections from smart meters are static. Due to such static nature, attackers may predict the transmission behavior of the smart meters which can be used to launch selective jamming attacks that can block the transmissions. To avoid such attack scenarios and increase the resilience of the AMI networks, in this paper, we propose dynamic data reporting schedules for smart meters based on the idea of moving target defense (MTD) paradigm. The idea behind MTD-based schedules is to randomize the transmission times so that the attackers will not be able to guess these schedules. Specifically, we assign a time slot for each smart meter and in each round we shuffle the slots with Fisher-Yates shuffle algorithm that has been shown to provide secure randomness. We also take into account the periodicity of the data transmissions that may be needed by the utility company. With the proposed approach, a smart meter is guaranteed to send its data at a different time slot in each round. We implemented the proposed approach in ns-3 using IEEE 802.11s wireless mesh standard as the communication infrastructure. Simulation results showed that our protocol can secure the network from the selective jamming attacks without sacrificing performance by providing similar or even better performance for collection time, packet delivery ratio and end-to-end delay compared to previously proposed protocols.

Ali, R., McAlaney, J., Faily, S., Phalp, K., Katos, V..  2015.  Mitigating Circumstances in Cybercrime: A Position Paper. 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing. :1972–1976.

This paper argues the need for considering mitigating circumstances in cybercrime. Mitigating circumstances are conditions which moderate the culpability of an offender of a committed offence. Our argument is based on several observations. The cyberspace introduces a new family of communication and interaction styles and designs which could facilitate, make available, deceive, and in some cases persuade, a user to commit an offence. User's lack of awareness could be a valid mitigation when using software features introduced without a proper management of change and enough precautionary mechanisms, e.g. warning messages. The cyber behaviour of users may not be necessarily a reflection of their real character and intention. Their irrational and unconscious actions may result from their immersed and prolonged presence in a particular cyber context. Hence, the consideration of the cyberspace design, the "cyber psychological" status of an offender and their inter-relation could form a new family of mitigating circumstances inherent and unique to cybercrime. This paper elaborates on this initial argument from different perspectives including software engineering, cyber psychology, digital forensics, social responsibility and law.