Journal of Information Security and Cybercrimes Research 2020-12-29T09:44:11+03:00 Open Journal Systems <p style="text-align: justify;">Journal of Information Security and Cybercrimes Research ( JISCR ) is an academic, refreed, and periodic journal. It is a journal published by Naif Arab University for Security Sciences (NAUSS). It publishes specialized researches on the Information Security and their pertinent topics in order to disseminate the comprehensive concept of security.</p> A Study on Threat Modeling in Smart Greenhouses 2020-12-02T21:04:37+03:00 So-Hyeon Cho Dong-Seok Kang Min-Song Kang Hyeon-Soo Kim Jin-Woong Bae Chung-Il Lee Han-Byeol Ji Yo-Han Won Hyeon-Kyeong Hong Kyounggon Kim <p>In the era of agriculture 4.0, cutting-edge technologies including Information and communication technology (ICT) is being introduced into traditional agriculture. As farm intelligence emerges as a key area of smart agriculture, the scope of agriculture has expanded from the seed industry to distribution and logistics, however the area that is still most directly connected to the physical agricultural environment is smart farming. Cybersecurity incidents or cybercrimes in smart farming can directly damage crops and harm human safety. Research on individual technical elements that constitute smart farming has been ongoing for a long time relatively, however it has not been long since the work of systematically identifying and classifying threats to smart agriculture as a whole. In this study, STRIDE threat modeling is used to identify cyber threats to greenhouse and make system design more robust. Through this work, we have derived 126 threats and have created 4 types of attack trees. It will be the basis to allow systematic threat classification more clearly in smart greenhouse.</p> 2020-12-20T00:00:00+03:00 Copyright (c) 2020 Journal of Information Security and Cybercrimes Research Integrating Light-Weight Cryptography with Diacritics Arabic Text Steganography Improved for Practical Security Applications 2020-10-21T13:03:44+03:00 Malak G. Alkhudaydi Adnan A. Gutub <p>Cryptography and steganography are combined to provide practical data security. This paper proposes integrating light-weight cryptography with improved Arabic text steganography for optimizing security applications. It uses light-weight cryptography to cope with current limited device capabilities, to provide acceptable required security. The work tests hiding encrypted secret information within Arabic stego-cover texts, using all common diacritics found naturally in the Arabic language. The study considers different challenging situations and scenarios in order to evaluate security practicality. It further carries out simulations on some short texts from the Holy Quran, taking them as standard authentic texts, that are fixed and trusted, therefore providing realistic study feedback that is worth monitoring. Our improved approach features preferred capacity and security, surpassing the best previous diacritics stego approach, showing interesting potential results for attractive enlightening exploration to come.</p> 2020-12-20T00:00:00+03:00 Copyright (c) 2020 Journal of Information Security and Cybercrimes Research Cybersecurity Management for Virtual Private Network (VPN) Applications: A Proposed Framework for the Governance of their Use in the Kingdom of Saudi Arabia 2020-09-20T13:06:34+03:00 Shahad A. Alashi Hanaa A. Aldahawi <p>By using the research process, this study addresses the attitudes of the members of Saudi society towards using Virtual Private Network (VPN) applications and the former’s perceptions of the latter’s concept, security, and privacy, in addition to monitoring their risks to cybersecurity. The main objective of the study is to present a proposed framework for the governance of the use of VPN applications in the Kingdom of Saudi Arabia to strengthen cybersecurity management. To achieve the objectives of the study, the researchers used two methods: the social survey method and the content analysis method. The researchers also relied on the questionnaire tool to collect information from the 455 individuals in the study sample. The study yielded a set of findings, the most important of which are as follows: The use of free VPN applications represents 91% of the sample of the study. Also, the study revealed confusion in perceptions of the actual concept of VPN applications, which may be common among users, and showed a diversity of attitudes and motives for using VPN applications, most of which are related to entertainment. Moreover, the study showed that the study sample individuals had some knowledge about the risks of VPN applications to cybersecurity, although most of them did not use cyber protection means. The study recommended the need to organize and manage the use of VPN applications, conduct an evaluation of VPN applications available on Saudi smartphone stores, and prohibit those which contain security vulnerabilities and malware. The study proposed a framework for the governance of the use of VPN applications in the Kingdom of Saudi Arabia, which comprised three dimensions: legal, organizational and awareness-based dimensions.</p> 2020-12-20T00:00:00+03:00 Copyright (c) 2020 Journal of Information Security and Cybercrimes Research Enhanced Classification Method for Phishing Emails Detection 2020-11-24T10:49:39+03:00 Y. Mansour Mansour Majed A. Alenizi <p>Emails are currently the main communication method worldwide as it proven in its efficiency. Phishing emails in the other hand is one of the major threats which results in significant losses, estimated at billions of dollars. Phishing emails is a more dynamic problem, a struggle between the phishers and defenders where the phishers have more flexibility in manipulating the emails features and evading the anti-phishing techniques. Many solutions have been proposed to mitigate the phishing emails impact on the targeted sectors, but none have achieved 100% detection and accuracy. As phishing techniques are evolving, the solutions need to be evolved and generalized in order to mitigate as much as possible. This article presents a new emergent classification model based on hybrid feature selection method that combines two common feature selection methods, Information Gain and Genetic Algorithm that keep only significant and high-quality features in the final classifier. The Proposed hybrid approach achieved 98.9% accuracy rate against phishing emails dataset comprising 8266 instances and results depict enhancement by almost 4%. Furthermore, the presented technique has contributed to reducing the search space by reducing the number of selected features.</p> 2020-12-20T00:00:00+03:00 Copyright (c) 2020 Journal of Information Security and Cybercrimes Research DDOS Botnets Attacks Detection in Anomaly Traffic: A Comparative Study. 2020-10-21T12:56:05+03:00 Ahmed A. Elsherif أروى الداعج <p>One of the major challenges that faces the acceptance and growth rate of business and governmental sites is a Botnet-based DDoS attack. A flooding DDoS strikes a victim machine by means of sending a vast amount of malicious traffic, causing a significant drop in the service quality (QoS) in IoT devices. Nonetheless, it is not that easy to detect and tackle flooding DDoS attacks, owing to the significant number of attacking machines, the usage of source-address spoofing, and the common areas shared between legitimate and malicious traffic. New kinds of attacks are identified daily, and some remain undiscovered, accordingly, this paper aims to improve the traffic classification algorithm of network traffic, that hackers use to try to be ambiguous or misleading. A recorded simulated traffic was used for both samples; normal and DDoS attack traffic, approximately 104.000 cases of each, where both datasets -which were created for this study- represent the input data in order to create a classification model, to be used as a tool to mitigate the risk of being attacked.</p></br> <p>The next step is putting datasets in a format suitable for classification. This process is done through preprocessing techniques, to convert categorical data into numerical data. A classification process is applied to capture datasets, to create a classification model, by using five classification algorithms which are; Decision Tree, Support Vector Machine, Naive Bayes, K-Neighbours and Random Forest. The core code used for classification is the python code, which is controlled by a user interface. The highest prediction, precision and accuracy are obtained using the Decision Tree and Random Forest classification algorithms, which also have the lowest processing time.</p> 2020-11-20T00:00:00+03:00 Copyright (c) 2020 Journal of Information Security and Cybercrimes Research A New Secured E-Government Efficiency Model for Sustainable Services Provision 2020-09-16T14:13:10+03:00 Youseef Alotaibi <p>E-government projects in some developing countries face many challenges to provide sustainable services for e-efficiency. Literature shows that most governments suffer from lack of technology and restrictions associated with budgets and human resources. These factors constitute the main obstacles impeding the effective implementation of sustainable and secured e-government services. In addition to these obstacles, the e-government efficiency models adopted by some developing countries do not deliver an appropriate strategic plan for disseminating all sustainable and secured e-government services. Therefore, this paper proposes a new secured model for e-government efficiency to provide sustainable and e-efficiency services. This goal can be achieved using five determinants: detailed process, streamlined services, quick accessibility, use of latest techniques, and trust and awareness, which are discussed in this study. The proposed model has been validated by using a pilot study conducted through case study and method of application and implementation. The findings indicate that both service providers such as governments and users of e-government services took advantage of the proposed model. Accordingly, sustainable e-government services may increase.</p> 2020-12-10T00:00:00+03:00 Copyright (c) 2020 Journal of Information Security and Cybercrimes Research The Role of Governance in Achieving Sustainable Cybersecurity for Business Corporations 2020-09-15T13:37:37+03:00 Shahad A. Alashi Dhuha H. Badi <p>The study discusses the role of governance in the sustainability of cybersecurity for business corporations. Its objectives focus on tracking technology developments and their impact on industrial espionage attacks and theft of industrial intellectual property. It also identifies the indicators and effects of such espionage and theft on business corporations. The study is based on the content analysis methodology for analyzing intellectual production pertinent to cybersecurity governance and industrial cyber espionage. The study concludes that relying on information and communication technology without adopting a cybersecurity integrated approach including technical, organizational, and social measures leads to the disclosure of a corporation’s trade secrets by unauthorized persons. Moreover, loss of competitive advantage and damage to the corporate’s financial affairs and reputation may occur. The most important indicators of the study predicting dangers affecting business corporations are the absence of a strategic plan for cybersecurity, inefficient programs for training and cybersecurity awareness, and a lack of secure infrastructure. The vulnerability of business corporations to breaches has many implications. The study shows that cybersecurity governance in turn prepares the corporation to encounter risks targeting its trade secrets. The study finds that there are three integrated elements processes, technology, and persons, for establishing an effective cybersecurity governance program. Accordingly, the main aspects of cybersecurity governance can be employed. The study highlights a range of challenges that business corporations may face when implementing the cybersecurity governance program. These challenges are related to cybersecurity strategy, unified processes, implementation and accountability, senior leadership control, and resources.</p> 2020-12-15T00:00:00+03:00 Copyright (c) 2020 Journal of Information Security and Cybercrimes Research