1393 research outputs found
Sort by
Integrating Blockchain Technology into Telemedicine: A Framework for Enhancing Data Privacy and Security
This paper presents a blockchain-based framework designed to enhance data privacy, integrity, and security in telemedicine systems. The proposed architecture employs distributed ledger technology to ensure transparency, traceability, and immutability of patient data exchanges among healthcare providers. Smart contracts automate access permissions and auditing processes, reducing the risks of unauthorized data sharing. The study evaluates the framework’s performance in secure data handling, highlighting blockchain’s role in fostering patient trust and resilience against cyberattacks in remote healthcare environments
TEDVIL: Leveraging Transformer-Based Embeddings for Vulnerability Detection in Lifted Code
Ransomware and other malware inflict devastating financial and operational damage on organizations worldwide by exploiting deeply embedded, hard-to-detect vulnerabilities in their systems. Detecting these vulnerabilities in compiled code before malicious actors exploit them remains a critical challenge in cybersecurity. This research introduces TEDVIL (Transformer-based Embeddings for Discovering Vulnerabilities in Lifted Code), a novel framework which uses transformer-based embeddings to train neural networks to detect vulnerabilities in lifted code. The framework was implemented using bidirectional (BERT and RoBERTa) and unidirectional (GPT-1 and GPT-2) transformer-based models to generate embeddings for training Long Short-Term Memory (LSTM) neural networks to detect stack-based buffer overflows in Low-Level Virtual Machine (LLVM) intermediate representation code. For comparison, simpler word2vec models (Skip-Gram and Continuous Bag of Words) were also trained, and their embeddings were used to train LSTMs. The results show that the LSTMs using GPT-2 embeddings outperformed those using GPT-1, BERT, RoBERTa, and word2vec embeddings, achieving a top accuracy of 92.5% and an F1-score of 89.7%. Notably, these results are achieved when the embedding model is trained with a dataset of just 48,000 functions, demonstrating effectiveness in resource-constrained settings. The findings underscore the effectiveness of TEDVIL in identifying hard-to-detect vulnerabilities in compiled code, and lay the groundwork for future research in leveraging transformer-based models for vulnerability detection
LibLMFuzz: LLM-Augmented Fuzz Target Generation for Black-Box Libraries
A fundamental problem in cybersecurity and computer science is determining whether a program is free of bugs and vulnerabilities. Fuzzing, a popular approach to discovering vulnerabilities in programs, has several advantages over alternative strategies, although it has investment costs in the form of initial setup and continuous maintenance. The choice of fuzzing is further complicated when only a binary library is available, such as the case of closed-source and proprietary software. In response, we introduce LibLMFuzz, a framework that reduces costs associated with fuzzing closed-source libraries by pairing an agentic Large Language Model (LLM) with a lightweight toolchain (disassembler/compiler/fuzzer) to autonomously analyze stripped binaries, plan fuzzing strategies, generate drivers, and iteratively self-repair build and runtime errors. Tested on four widely used Linux libraries, LibLMFuzz produced syntactically correct drivers for all 558 fuzzable API functions, achieving 100% API coverage with no human intervention. Across the 1601 synthesized drivers, 75.52% were nominally correct on first execution. The results show that LLM-augmented middleware holds promise in reducing the costs of fuzzing black-box components and provides a foundation for future research efforts. Future opportunities exist for research in branch coverage
Evaluating SMS Spam Classification: Human Judgement vs Machine Learning Models
In the age of artificial intelligence, spam messages have become increasingly widespread and sophisticated. Their rapid evolution is driven by ongoing efforts to filter and block them, prompting spammers to constantly adapt their tactics. Since machine learning algorithms require time and data to retrain and adjust, it becomes essential for humans to step in and help classify messages manually when needed. This layered approach,referred to as defensive-indepth, adds multiple barriers through which spam and smishing messages must pass, reducing the likelihood of them reaching the end user. This case study explores the detection rates of various machine learning algorithms compared to different groups of human participants. Messages that are not correctly identified can result in missed information or, worse, users falling victim to hacking attempts. By examining human and machine learning performance in spam detection, this study underlines the importance of having a collaborative approach that leverages each group’s strengths
Integrating Generative AI into Knowledge Management Systems for Context-Aware Decision Support
In complex organizations, traditional Knowledge Management Systems (KMS) and decision support systems (DSS) often struggle with three persistent challenges: capturing and converting tacit knowledge, like employee expertise and contextual insights, into explicit shareable formats; dynamically adapting recommendations and knowledge delivery to rapidly changing organizational contexts, user roles, and project needs; and enabling fast, relevant knowledge retrieval for timely decision-making. These challenges result in knowledge silos, loss of critical expertise, and decision delays. Integrating Generative AI (GenAI) with KMS, and context-aware DSS (CADSS) directly addresses these challenges by automating the collection, extraction, and structuring of tacit knowledge; personalizing insights based on real-time context; and streamlining access to actionable information. This approach enhances organizational agility, supports more informed decisions, and ensures that valuable knowledge is retained from retiring staff and leveraged across distributed teams. GenAI presents transformative opportunities to overcome the challenges of traditional KMS and enhance CADSS. GenAI encompasses a broad class of AI models capable of generating novel content, including text, images, audio, and code, with Large Language Models (LLMs) specializing in language understanding and generation from vast textual datasets. This research leverages LLMs for language-based tasks and incorporates other GenAI models, such as Variational Autoencoders (VAEs) for anomaly detection and Generative Adversarial Networks (GANs) for scenario simulation. Central to the proposed framework is GenAI\u27s ability to process unstructured data, generate summaries, answer complex queries, and synthesize insights, thereby bridging the gap between individual tacit knowledge and organizational explicit knowledge. Key innovations include NLP-driven semantic search, dynamic content tagging, and predictive analytics to proactively identify knowledge gaps. The proposed framework architecture integrates cloud-based and on-premise components emphasizing scalability, API-based interoperability, and ethical AI governance to ensure transparency and mitigate bias. Central to the design is CADSS, which tailors responses using user profiles, historical data, and project-specific contexts. The development of this framework is explicitly grounded in Alavi’s Knowledge Management process model (2001), supporting knowledge creation (externalizing tacit knowledge), storage and retrieval (context-aware indexing), transfer (role-specific, adaptive content delivery), and application (embedding predictive analytics and real-time recommendations). The proposed mixed-methods evaluation strategy employs quantitative metrics (decision quality, time savings) and qualitative assessments (user interviews) to measure efficacy. Future work will focus on prototyping and addressing scalability in diverse organizational contexts
Design Principles for Visual Progress Bars to Improve Motivation in Online Learning
Visual progress bars are a strategy for gamifying online education. They set user expectations by tracking and displaying user progress or waiting time. However, little research exists on the design of this tool, especially in relation to gamifying online learning. This research answers the following research question: What are progress bar design principles to improve motivation? The research utilized the Design Science Research Model to create progress bar design principles based on motivational mechanics, motivational affordance, and user experience. Existing literature, feedback from focus groups, and user feedback were used to shape and refine these principles. The design principles were evaluated by using a prototype incorporating the design principles, which was provided to college students for review. The research provides 10 design principles for progress bar design, dealing with color, shape, text, placement, and animation to improve motivation in online learning environments. Keywords Gamification, progress bar, design principles, motivation, online education
Advancing DevSecOps in SMEs: Challenges and Best Practices for Secure CI/CD Pipelines
This study evaluates the adoption of DevSecOps among small and medium-sized enterprises (SMEs), identifying key challenges, best practices, and future trends. Through a mixed methods approach backed by the Technology Acceptance Model (TAM) and Diffusion of Innovations (DOI) theory, we analyzed survey data from 405 SME professionals, revealing that while 68% have implemented DevSecOps, adoption is hindered by technical complexity (41%), resource constraints (35%), and cultural resistance (38%). Despite strong leadership prioritization of security (73%), automation gaps persist, with only 12% of organizations conducting security scans per commit. Our findings highlight a growing integration of security tools, particularly API security (63%) and software composition analysis (62%), although container security adoption remains low (34%). Looking ahead, SMEs anticipate artificial intelligence and machine learning to significantly influence DevSecOps, underscoring the need for proactive adoption of AI -driven security enhancements. Based on our findings, this research proposes strategic best practices to enhance CI/CD) pipeline security including automation, leadership-driven security culture, and cross-team collaboration
Systematic Analysis of Factors Influencing Modulith Architecture Adoption over Microservices
As organizations increasingly shift away from traditional monolithic architectures, the requirements for scalable, flexible, and maintainable software systems have led to microservice architecture adoption. However, microservices’ complexity and operational overhead have presented significant challenges, particularly in managing distributed systems, inter-service communication, and deployment processes. In response, modulith architecture has emerged as a middle-ground approach, offering the benefits of modularity and scalability while mitigating some of the drawbacks of monolithic and microservices architectures.This paper comprehensively reviews the factors influencing the adoption of modulith architecture over microservices. The study identifies key drivers such as dependency management, scalability, deployment efficiency, and system availability through a detailed analysis of existing literature, case studies, and expert opinions. The review reveals that modulith architecture offers a simpler, more maintainable solution that preserves modularity without the complexity of fully distributed systems. The findings offer critical insights for software architects and organizations considering architectural transitions, positioning modulith as a viable alternative in scenarios where microservices may introduce unnecessary complexity. This research contributes to the ongoing discourse on software architecture by providing a nuanced understanding of the trade-offs involved in adopting modulith architecture. It proposes a set of considerations for organizations navigating the evolving architectural landscape
A Risk Evaluation Framework and Comprehensive Security Compliance Assessment Solution for Space Information Networks (SIN)
The integration of Internet of Things (IoT) devices into space information networks introduces unprecedented security challenges, necessitating advanced methods for information systems risk assessments. Some proposed approaches in terrestrial networks, predominantly based on Euclidean distance metrics, often fall short of capturing the nuanced and multidimensional nature of risks and vulnerabilities in the unique context of space environments. This paper proposes a novel risk management methodology that leverages both Euclidean distance metrics and probabilistic Monte Carlo-based models for evaluating the likelihood/frequency and impact/severity of vulnerabilities within space IoT systems. Leveraging vulnerability data from established sources such as the NIST and VARIoT databases, the approach simulates the use of the methodology in a device scenario, allowing for a deterministic and probabilistic assessment of vulnerability criticality. The key contributions of this work lie in its departure from strictly deterministic and distance-based methods, offering a stochastic framework that better reflects the uncertainty and complexity of space-based IoT networks. By incorporating probabilistic simulations, the model provides more accurate and adaptable criticality ratings, enhancing decision-making processes to secure space information systems. The importance of this research is underscored by its potential to simplify and redefine risk management in space IoT systems, providing a more resilient and context-aware framework better suited to the evolving threat landscape for novice risk analysts. This work represents a significant advancement in the field, setting the stage for future developments in secure space IoT deployments
The Effect of Compilation on the Identification of Obfuscated Malware
Automated identification of malicious JavaScript is a core problem within modern malware analysis. Code obfuscation is a common tactic used in order to evade detection. Obfuscation hinders both manual and automated detection methods, including neural network techniques. In order for these methods to effectively classify malware, it is beneficial to reduce the effects of obfuscation as well as to optimize the configuration and structure of the neural network to be well suited for the task. To overcome these challenges, a new framework is presented: “PyRHOH”, a metalearning framework that implements Bayesian optimization. This framework adds structure and rigor to the selection of neural network hyperparameters, providing assurance that an optimal design has been implemented. This framework was used to determine optimal recurrent neural network architectures for the differentiation of malicious and benign JavaScript samples. These neural networks were then used to determine the degree to which using Google’s V8 JavaScript compiler to process raw JavaScript samples into compiled bytecode affected classification accuracy. Classifying in-the-wild samples, compilation was measured to increase the detection rate from 76.88% to 95.84%. When obfuscation was performed against the full data set, the detection rate increased from an average of 76.76% to an average of 91.24% once compilation was performed. This shows that pre-processing JavaScript into compiled bytecode has a clear positive impact on neural network categorization