1393 research outputs found
Sort by
The Roles and Implications of Black Swan Events in Tackling Deep Uncertainty in Relief Distribution: A Collective Case Study
Relief distribution (RD) after a natural disaster is conducted under conditions of deep uncertainty (DU). The dynamic context is characterized by limited and often conflicting, ever-changing information flows, as well as interrupted material flows, even when response operations are well-prepared. RD decision making (RDDM) is thus challenging. In this paper, we draw upon concepts of Black Swan Events (BSE) to understand how DU challenges (DUC) can be mitigated. By revealing known and unknown consequences of BSEs during operations, decision-makers can identify and evaluate critical points in relief distribution management steps. We analyzed the relief efforts during the “2007 Sidr Cyclone” case in Bangladesh to identify and understand potential DUCs and related BSEs. Then we verified the concepts through two cases, the “2015 Gorkha Earthquake” in Nepal and the “2018 Sulawesi Earthquake” in Indonesia. Based on our findings, we propose a BSE-informed DUC-tackling framework for more effective RDDM in practice
Towards Secure Healthcare: Intrusion Detection with GraphSAGE-Based Meta-Learning and Hybrid Deep Models
The Internet of Medical Things (IoMT) has transformed modern healthcare by enabling intelligent, real-time monitoring, and decision making. However, its reliance on open communication networks has introduced significant security and privacy risks. This study presents analysis of intrusion detection algorithms designed specifically for IoMT environments. The first is a graph-based intrusion detection system implemented on the GraphSAGE framework (EGraphSAGE), to improve the detection of both familiar and previously unseen attacks. The second approach is a blended deep learning framework that combines Convolutional Neural Networks (CNN) and Long- and Short-Term Memory (LSTM) models to efficiently identify spatial and temporal intrusion patterns in edge-centric environments. Both systems are evaluated using publicly available intrusion detection datasets, specifically the IoMT attacks and ACI-IoT-2023 datasets. Experimental results indicate that the EGraphSAGE model achieves competitive performance in terms of detection accuracy and misclassification rate on a smaller dataset. On the other hand, the CNN+LSTM framework offers a lightweight deployment with strong temporal feature extraction in any dataset. The findings offer valuable insight into the strengths and limitations of both approaches, paving the way for improved adaptive intrusion detection solutions in healthcare
A Quantum Quandary: Does Algorithmic Complexity Inherently Diminish Security
Although essential, cryptographic security practice often relies on assumptions and abstractions that are difficult to audit under emerging quantum resource models. This creates an unnecessary barrier between the algorithms that govern the connected and the people cryptography protects. Modern cryptography relies on the assumption that computational complexity guarantees security. As algorithms become increasingly complex, their resistance to attack is presumed to increase. Practical constraints suggest that this relationship is neither linear nor indefinite. Resource limitations, algorithmic structure, and pressures from quantum computing introduce points at which added complexity ceases to improve and may instead degrade cryptographic robustness. This dissertation asks whether added algorithmic complexity inherently diminishes cryptographic security. To answer it, we propose and prove a law-like theory of cryptographic feasibility: security resides in finite adversarial feasibility windows, governed by chintropy-based curvature laws, and these windows inevitably collapse—across schemes and parameters—under realistic quantum resource improvements, providing a feasibility engine that complements the Turing and complexity models of computation. We formalize this inherent, fine-grained, and mathematically measurable complexity–security law and introduce a framework that both drastically reduces the effort required for provably optimal parameter selection and, to our knowledge, is the first mathematical language to enable cross-scheme cryptographic security analyses. The work culminates in a holistic formula for cryptographic resilience that replaces binary security assessments with quantitatively grounded feasibility bounds. Regardless of the asymptotic complexity of the underlying problem, operational security is governed by finite feasibility windows that shift under adversarial optimization and hardware improvement. The results therefore complement traditional complexity classes by focusing on secure deployability under bounded budgets and evolving adversarial cost
The case for contextual copyleft: licensing open-source training data and generative AI
The rise of generative AI systems presents new challenges for the Free and Open-Source Software (FOSS) community, particularly around applying copyleft principles when open-source code is used to train AI models. This article introduces the Contextual Copyleft AI (CCAI) licence, a novel use of the copyleft mechanism that extends licence obligations from training data to resulting generative models. The CCAI licence enhances developer control, incentivizes open-source AI, and mitigates open-washing. A structured three-part evaluation examines: (i) legal feasibility under current copyright law, (ii) policy justification across traditional software and AI, and (iii) cross-contextual benefits and risks. Still, open-source AI carries a higher risk—especially misuse—making complementary regulation essential to achieve a fair risk-benefit balance. The article concludes that, within a robust regulatory environment focused on responsible AI, the CCAI licence offers a viable path for preserving and adapting core FOSS values to meet the demands of modern AI development
Bridging the Gap: A Systematic Review of Cyber Conflict Forecasting Models and the Case for AI-Driven Dynamic Frameworks
Cyber conflict forecasting remains constrained by static models that overlook the integration of geopolitical context with technical indicators. This systematic literature review examines 58 studies (2010–2025) using PRISMA guidelines and an InputProcess-Output framework to classify approaches and identify key gaps. Quantitative methods dominate (67%), yet only 14% incorporate geopolitical variables, despite the political nature of cyber conflict. Major limitations include adversarial adaptation blindness (85% assume static behavior), coarse temporal granularity (72% use daily+ intervals), lack of uncertainty quantification (75%), and minimal modeling of cross-domain escalation (92% cyber-only focus). Strategic forecasting is rare, with just 14% providing long-term insights and 16% offering decision support. In response, we propose eight design principles for AI-driven frameworks, emphasizing multimodal integration, adaptive threat modeling, fine-grained temporal analysis, and human-AI collaboration. This work lays the groundwork for dynamic forecasting systems that better support proactive cyber defense strategy and national security planning
Do Developers Read Type Information? An Eye-Tracking Study on TypeScript
Statically-annotated types have been shown to aid developers in a number of programming tasks, and this benefit holds true even when static type checking is not used. It is hypothesized that this is because developers use type annotations as in-code documentation. In this study, we aim to provide evidence that developers use type annotations as in-code documentation. Understanding this hypothesized use will help to understand how, and in what contexts, developers use type information; additionally, it may help to design better development tools and inform educational decisions. To provide this evidence, we conduct an eye tracking study with 26 undergraduate students to determine if they read type annotations during code comprehension and bug localization in the TypeScript language. We found that developers do not look directly at lines containing type annotations or type declarations more often when they are present, in either code summarization or bug localization tasks. The results have implications for tool builders to improve the availability of type information, the development community to build good standards for use of type annotations, and education to enforce deliberate teaching of reading pattern
Harnessing Generative AI and Large Language Models for Revolutionizing Cybersecurity in the Internet of Things: Ethical and Privacy Implications
Generative artificial intelligence (AI) and large language models (LLMs) have in- troduced transformative capabilities in cybersecurity, particularly in securing Internet of Things (IoT) environments. These technologies can synthesize vast datasets, support real-time anomaly detection, and generate predictive insights through simple prompts. However, their deployment also presents ethical and privacy-related concerns, including algorithmic bias, data leakage, and misuse for malicious content creation. This paper conducts a systematic literature review to evaluate how LLMs and generative AI contribute to IoT cybersecurity. We propose an ethical AI-IoT security framework, examine key challenges, and offer recommendations for integrating responsible AI governance. We aim to inform future research, journal editorial practices, and cybersecurity policy discussions around the dual promise and peril of these technologies
A systematic review and taxonomy for privacy breach classification: Trends, gaps, and future directions
In response to the rising frequency and complexity of data breaches and evolving global privacy regulations, this study presents a comprehensive examination of academic literature on the classification of privacy breaches and violations between 2010-2024. Through a systematic literature review, a corpus of screened studies was assembled and analyzed to identify primary research themes, emerging trends, and gaps in the field. A novel taxonomy is introduced to guide efforts by categorizing research efforts into seven domains: breach classification, report classification, breach detection, threat detection, breach prediction, risk analysis, and threat classification. An analysis reveals that breach classification and detection dominate the literature, while breach prediction and risk analysis have only recently emerged in the literature, suggesting opportunities for potential research impacts. Keyword and phrase frequency analysis reveal potentially underexplored areas, including location privacy, prediction models, and healthcare data breaches
CGFuzzerArt: A Directed Graybox Fuzzer for Vulnerability Discovery
Fuzzing is an effective approach to mitigating vulnerabilities in software applications. It encompasses various types of fuzzing, including black-box, white-box, and gray-box, each with advantages and limitations. This research presents a novel method to improve the efficiency of coverage-guided directed gray-box fuzzers by improving the understanding of indirect function calls in the call graph and leveraging ThinLTO when generating an instrumented binary. A more comprehensive call graph enables fuzzers to navigate more effectively toward their targets, particularly when the target resides within a method invoked through a function pointer. This research addresses four research questions: 1) Can we improve the efficiency of the directed gray-box fuzzer by improving its ability to understand indirect function calls better? 2) Can we use a call graph to direct our gray-box fuzzer to fuzz where libraries are used in the code? 3) Can we export information from the fuzzing engine to inform us if all areas of interest have been covered? 4) How effective is our directed gray-box fuzzer compared to other fuzzers such as AFL++ and AFLGo? The methodology follows Wieringa’s design-science research approach, which consists of four phases: problem investigation, treatment design, validation, and implementation. The evaluation results demonstrated that CGFuzzerArt improved efficiency by incorporating a call graph with a better understanding of indirect function calls. It successfully identified libraries and expanded its target list, effectively exporting information on whether a target was reached. It outperformed existing fuzzers, such as AFL++ and AFLGo, by reaching targets more frequently and in less time
Principles For the Design of Visual Progress Bars to Improve Motivation in Online Learning
Progress bars are used in many user interfaces to indicate user progress or wait time. Their main role is to set user expectations, and they can be auditory or visual. The use of visual progress bars is found in many applications, including games and is accepted as a strategy for gamifying user experiences. However, little research exists regarding the design of this tool, especially in how to leverage design elements to impact motivational affordance. Since progress bars are an element to gamify user interfaces, it benefits researchers and designers to have a deeper understanding of how to design the tool to increase motivation. Specifically, this research answers the following research question: What progress bar design principles improve motivational mechanics?
The research utilized the Design Science Research Methodology to create progress bar design principles based on elements related to motivational mechanics, motivational affordance, and user experience. Existing literature, focus groups, and user feedback were used to shape and refine these principles. The resultant artifact was evaluated through a review of a prototype incorporating the design principles using semi-structured interviews. The results are 11 design principles dealing with color, shape, text, placement, and animation of progress bars. The research provides design principles for progress bar design that concentrates on improving motivational mechanics in online adult learning environments