SACM - United Kingdom

Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9667

Browse

Subject: search.filters.subject.Cybersecurity

Search Results

Now showing 1 - 10 of 21
  • No Thumbnail Available
    ItemRestricted
    To what extent does the presence of anonymity contribute to the fluctuations observed in cyberbullying behaviours demonstrated by students in higher education institutions in Saudi Arabia?
    (University of Nottingham, 2024-04) Alamr, Badr; Chesney, Thomas; McKenzie, Robin
    Rapid improvements in technology, particularly in the communications industry, have caused a major evolution in the way individuals make contact, socialise and interact with one another. Unquestionably, these improvements have also had negative impact. Social media has contributed to the world by allowing the transfer of social communication from the real world into the virtual world. It should be acknowledged that social media has a great deal of benefit for individuals. The ease of social media use has helped individuals to connect with wider audiences anytime and anywhere. However, advancements in and features of social media can also lead to harmful effects, such as cyberbullying, which is the focus of this research. Bullying is a social issue in the real world that has shifted into cyberspace under the name ‘cyberbullying’ . Previous research on cyberbullying has developed an understanding of such a problem, with some gaps that still need to be addressed. The overall research aim was to develop an understanding of cyberbullying causes in higher education students in Saudi Arabia. It should be taken into consideration that after this research started, universities moved their activities completely online because of Covid-19. This can motivate such research, as cyber-related work is likely to become increasingly important when working from home becomes the new normal. This research addresses three key gaps. First, the age gap is addressed, since the cyberbullying research field has focused intensively on younger age groups rather than university students. Second, the population gap is addressed, as very few cyberbullying studies have been conducted in the Saudi Arabian context. There are many social media users in the country, so this research aims to explore a new culture. Third, the research field gap is explored; previous cyberbullying studies have tended to overlook the factor of technology when exploring cyberbullying and lack a standardised theoretical approach with which to unify inconsistent results. To address these gaps, the social media cyberbullying model (SMCBM) developed by Lowry et al. (2016) was used. This model was modified based on Akers’ (2009) theory of social learning and social structure (SSSL). The original SSSL model was adopted from the criminology field, while the developed SMCBM model was contextualised to fit cyberspace, adding the information technology artefacts of anonymity and social structure. Testing such a model can contribute to the field of cyberbullying. This model was tested via a questionnaire sent to 414 Saudi university students, from University of Hail, who have been involved in cyberbullying. Moreover, to explain some results and obtain a profound understanding of particular parts of the questionnaire, it was followed by interviews with 10 students. Based on the questionnaire and interview findings, the results of this research support the SMCBM. Anonymity contributed to the social learning variables of cyberbullying through social media, thus encouraging the frequency of cyberbullying. There were notable findings related to the perception of the cost of cyberbullying, and the situational morality of cyberbullying, among the sample. As for the cost, the participants seemed to consider the consequences of cyberbullying, due to the religious background of the sample, as well as the enforcement of internet crime laws and cyberbullying campaigns by public authorities in Saudi Arabia. As a result, the sample demonstrated a stringent attitude towards cyberbullying, likely influenced by an increased awareness of its potential repercussions. As for the situational morality, in addition to conventional explanations such as revenge and attention-seeking, the research uncovered a different perspective, revealing a prevailing belief among participants that cyberbullying served a greater purpose in defending ethics, religion, and traditions, which reflects a nuanced situational morality among the respondents. The research results have some indications with regard to cyberbullying. Most importantly, some suggestions are provided for universities to minimise bullying in the online learning process.
    32 0
  • No Thumbnail Available
    ItemRestricted
    Exploring Multi-Factor Authentication Adoption in Saudi Arabia and the United Kingdom: The Role of NAFATH
    (University College London, 2024) Alzayer, Ahmed Faisal A; Becker, Ingolf
    Background. Multi-Factor Authentication (MFA) is a security measure designed to enhance the protection of online accounts. Despite its notable benefits, the usability of MFA remains a challenge among users. While several factors influence MFA adoption, there remains a gap in understanding the impact of government-mandated initiatives on its uptake. Aim. The primary aim of this study is to explore the adoption of MFA among online users in Saudi Arabia and the United Kingdom. By comparing these two contexts, the study will provide insights into the effectiveness of government-led initiatives, such as NAFATH, in promoting MFA adoption and compare those rates with the United Kingdom, where such mandates do not exist. Method. The study collected data through online surveys recruiting 300 participants over the age 18: 150 respondents residing in Saudi Arabia, and 150 in the United Kingdom. The data ordinal data was analyzed through non-parametric statistical tests. Results. Empirical findings suggest that there is no significant difference in MFA usage frequencies between Saudi Arabia and the United Kingdom, nor is there a positive correlation between NAFATH usage and MFA usage frequencies in Saudi Arabia. Conclusion. The study highlights the need for a strategy that combines government- led initiatives with user-centric factors to foster higher MFA adoption rates across diverse contexts and to enhance overall cybersecurity by designing more effective policies and measures.
    25 0
  • No Thumbnail Available
    ItemRestricted
    A Peer-to-Peer Federated Learning Framework for Intrusion Detection in Autonomous Vehicles
    (Lancaster University, 2024-09) Alotaibi, Bassam; Bradbury, Matthew
    As autonomous vehicles (AVs) increasingly rely on interconnected systems for enhanced functionality, they also face heightened cyberattack vulnerability. This study introduces a decentralized peer-to-peer federated learning framework to improve intrusion detection in AV environments while preserving data privacy. A novel soft-reordering one-dimensional Convolutional Neural Network (SR-1CNN) is proposed as the detection engine, capable of identifying known and unknown threats with high accuracy. The framework allows vehicles to communicate directly in a mesh topology, sharing model parameters asynchronously, thus eliminating dependency on centralized servers and mitigating single points of failure. The SR-1CNN model was tested on two datasets: NSL-KDD and Car Hacking, under both independent and non-independent data distribution scenarios. The results demonstrate the model’s robustness, achieving detection accuracies of 94.39% on the NSL-KDD dataset and 99.97% on the Car Hacking dataset in independent settings while maintaining strong performance in non-independent configurations. These findings underline the framework’s potential to enhance cybersecurity in AV networks by addressing data heterogeneity and preserving user privacy. This research contributes to the field of AV security by offering a scalable, privacy-conscious intrusion detection solution. Future work will focus on optimizing the SR-1CNN architecture, exploring vertical federated learning approaches, and validating the framework in real-world autonomous vehicle environments to ensure its practical applicability and scalability.
    23 0
  • No Thumbnail Available
    ItemRestricted
    Utilizing Data Analytics for Fraud Detection and Prevention in Online Banking Systems of Saudi Arabia
    (University of Portsmouth, 2024-09) Almotairy, Yazeed; Jiacheng, Tan
    This thesis addresses the critical issues of online banking and online banking fraud in Saudi Arabia. The thesis focusses on the older methodologies of the online banking systems in Saudi Arabia. The frauds are discussed in detail that are occurring in the online banking systems and are causing inconvenience to the users and account holders of the online banks and applications. In this thesis, online banking frauds are discussed thoroughly, and the traditional fraud detection methods are elaborated as well. The vulnerabilities in the current systems are explored. It discusses how the older systems are not performing well and why the new system encompasses the power of data analytics and machine learning. The methods proposed use a set of data analytics and machine learning algorithms and techniques to detect fraud or any fraudulent activity that a scammer or fraudster may perform. The results of this study explain how the proposed system can outperform the traditional methodologies being used in Saudi Arabian online banking systems. The proposed system can also enhance the user experience. The possible privacy and ethical concerns are also discussed. In the end, it is also discussed what the future prospects are for the researchers who are looking to enhance this research or want to work in the field of data analytics and machine learning to improve the security of the security of online banking applications. In conclusion, this thesis not only contributes to the body of knowledge on online banking frauds in Saudi Arabia and their detection but also features future research topics for new researchers.
    14 0
  • No Thumbnail Available
    ItemRestricted
    A Critical Analysis of Cyber Threats and Vulnerabilities in Satellite Ground Systems
    (University of the West of England, 2024) Almutairi, Faisal; Mills, Alan
    The growing dependence on satellite ground systems for critical applications such as telecommunications, navigation, and weather forecasting has underscored the importance of cybersecurity in these systems. This paper critically analyses the current state of cybersecurity threats and vulnerabilities in satellite ground systems. Utilising a comprehensive literature review and critical analysis of existing scholarly works, technical papers, and industry reports, this study identifies key cyber threats, including unauthorised access, jamming, spoofing, Advanced Persistent Threats (APTs), man-in-the-middle attacks, eavesdropping, and hijacking. The analysis reveals vulnerabilities in encryption protocols and communication channels. The study evaluates existing security measures and highlights gaps in empirical validation and practical implementation. It emphasises the need for robust encryption methods, advanced cryptographic techniques, and adaptive security strategies. We also discuss the crucial step of enhancing the resilience of satellite ground systems by incorporating developing technologies like Artificial Intelligence (AI) and quantum cryptography. This paper concludes with practical recommendations, emphasising empirical validation of security measures and comprehensive risk management frameworks. The research aims to improve the security and reliability of satellite ground systems, ensuring their protection against evolving cyber threats and contributing to the overall enhancement of cybersecurity in this infrastructure
    15 0
  • No Thumbnail Available
    ItemRestricted
    Technostress among Cybersecurity Professionals; Current Knowledge and Future Directions: A Systematic Literature Review
    (University of Strathclyde, 2024-08) Alghamdi, Ohud; Farooq, Ali
    Abstract: This systematic literature review (SLR) was carried out with the objective of comprehensively examining the current knowledge on technostress experienced by cybersecurity professionals and determining the gaps in literature and future research directions. Cybersecurity professionals are at an elevated risk of experiencing technostress because of the demanding nature of their work. These individuals experience several stress-inducing obstacles as they need to respond to security threats and incidents. The study examined the key technostress experienced by these professionals and how technostress affects the health and performance of these individuals. A search strategy including primary keywords “technostress” and “cybersecurity professionals” was used across different databases. After identifying studies relevant to these terms, the inclusion and exclusion criteria were applied to shortlist the studies that were appropriate for our research objectives. Five key drivers of technostress among cybersecurity professionals were identified. These included role ambiguity, high workload, job insecurity, lack of social support, and sleep quality. These stresses create high turnover rates among cybersecurity professionals, who quit their jobs because they are unable to cope with the role ambiguity, high workload, job insecurity, and evolving requirements of the field. Many employees also decide to change their fields and shift to another career. Technostress leads to burnout and strain, which adversely affects the job performance of employees as they are unable to remain productive in their work. The impact of technostress on cybersecurity professionals highlights the need for urgent interventions. By addressing the stressors and how they impact the cybersecurity workers, the health and well-being of these employees can increase, which would eventually lead to improvements in their performance and productivity. The study further discusses the theoretical and practical implications of the research and presents the direction for future research in this field.
    31 0
  • No Thumbnail Available
    ItemRestricted
    Visualising of cyber crime data by Communication Structured Acyclic Nets
    (Newcastle University, 2024-09-02) Alahmadi, Mohammed Saud; Koutny, Maciej
    Communication Structured Acyclic Nets (CSA-nets) are a Petri net-based formalism used to represent the behaviour of Complex Evolving Systems (CES). CSA-nets, comprising sets of acyclic nets, are suitable tools for modelling and visualising the behaviour of event-based systems. Each subsystem is represented using a separate acyclic net, linked to others through a set of buffer places depicting their interactions. However, CSA-nets suffer from challenges especially in analysing and visualising CESs that have a large number of subsystems resulting from alternative and concurrent execution scenarios. Moreover, CSA-nets currently lack the capability to represent multiple or coloured tokens, thereby limiting their ability to represent several similar processes simultaneously. This thesis introduces extensions for CSA-nets to capture compactly the relationships between interacting systems’ components represented by sets of acyclic nets. Specifically, it introduces a way of folding buffer places to address the issue of a large number of buffer places. Then it introduces a new class of CSA-nets, called Parameterised Communication Structured Acyclic Nets (PCSA-nets), using multi-coloured tokens and allowing places to accept multiple tokens distinguished by parameters. The thesis also aims at improving the visualisation of csa-nets by rearranging their component acyclic nets to minimise the number of crossing arcs by taking inspiration from the main ideas behind three well-known sorting algorithms (bubble sort, insertion sort, and selection sort). Furthermore, this thesis presents a novel approach that combines TCP protocol anomaly detection with visual analysis through CSA-nets. The strategy provides a clear visualisation of cyber attack behaviours, leading a deeper understanding of Distributed Denial of Service (DDoS) patterns and their underlying causes. A new concept of Timed-Coloured Communication Structured Acyclic Nets (TCCSA-nets) is introduced, which allows elaboration of the system’s performance and emphasising the system’s operations in real-time. This approach allows for the classification of messages as abnormal if their duration exceeds a predetermined time limit.
    35 0
  • Thumbnail Image
    ItemRestricted
    An information security model for an Internet of Things-enabled smart grid in the Saudi Energy Sector
    (University of Southampton, 2024-07-22) Akkad, Abeer; Rezazadeh, Reza; Wills, Gary; Hoang, Son
    The evolution of an Internet of Things-enabled Smart grid affords better automation, communication, monitoring, and control of electricity consumption. It is now essential to supply and transmit the data required, to achieve better sensing, more accurate control, wider information communication and sharing, and more rational decision-making. However, the rapid growth in connected entities, accompanied by an increased demand for electricity, has resulted in several challenges to be addressed. One of these is protecting energy information exchange proactively before an incident occurs. It is argued that Smart Grid systems were designed without any regard for security, which is considered a serious omission, especially for data security, energy information exchange, and the privacy of both consumers and utility companies. This research is motivated by the gap identified in the requirements and controls for maintaining cybersecurity in the bi-directional data flow within the IoT-enabled Smart Grid. Through literature and industry standards, the initial stages of the research explore and identify the challenges and security requirements. Threat modelling analysis identified nine internet-based threats, proposing an initial information security model. This initial model is validated using expert reviews, resulting in a reference model that includes seven security requirements and 45 relevant security controls. To demonstrate the usefulness of this reference model as a foundation for further research, a segment of the reference model is elaborated using Event-B formal modelling. This approach assists in incorporating additional details during refinements and confirming the consistency of those details. The formal modelling process begins by formulating the functional requirements in a consistent model and then augmenting it with security controls. The effectiveness of these security controls is validated and verified using formal modelling tools. The contribution of this research, therefore, is the unique approach to developing a framework for an IoT-enabled Smart Grid (SG) by utilising threat analysis and expert reviews in combination with formal methods. As the field of security continues to evolve, this generic framework and formal template can be reused as a foundation for further analysis of other components or access points, and to implement new security controls. The resulting model enables field experts, security practitioners, and engineers to verify any changes made, ensuring they do not compromise the security of information flow within the IoT-enabled Smart Grid during the initial design stages of the system life cycle.
    34 0
  • Thumbnail Image
    ItemRestricted
    Comparative Analysis of User Responses to Phishing: Emails vs Mobile Instant Messaging Apps
    (University of the West of England, 2024-06-20) Alqahtani, Mohammed; Gorine, Adam
    As phishing gets more sophisticated and multiple tactics are employed across various communication mediums, analysing users’ responses becomes increasingly essential. The extensive literature review indicates that most studies focus on a single medium across different communication platforms, necessitating additional effort. This research paper compares users’ responses to phishing attacks via two major communication platforms: Email and Mobile Instant Messaging (MIM) Apps. Understanding how users recognise and respond to phishing incidents is crucial for improving cybersecurity measures. A structured survey was conducted to investigate multiple dimensions of user interaction with phishing, such as self-reported confidence in phishing identification, frequency of phishing experiences, reliance on specific features for identification, and actions taken in response to suspected phishing attempts. The results reveal several key insights: 1) the study identifies the demographics of users most vulnerable to phishing attacks; 2) it highlights the similarities and differences in what prevents phishing messages from targeting the inbox and app interception; The study also offers recommendations to enhance users’ willingness and capability to withstand phishing attacks, including targeted educational campaigns, more convenient reporting options, and changes in the design of digital communication platforms.
    20 0
  • Thumbnail Image
    ItemRestricted
    Security Awareness and Training
    (University of Portsmouth, 2024-05) Almutlaq, Majed; Adamos, Vasileios
    Cybersecurity dangers threaten individuals, organisations, and society, making cybersecurity education and awareness campaigns essential. This study examines cybersecurity awareness by analysing common issues, knowledge gaps, teaching methods, and personalised learning materials. A detailed literature review and survey responses from a broad variety of participants in various sectors are used in the mixed- methods research. The literature review identified knowledge gaps in password security, virus detection, safe online behaviour, phishing, and data breaches. Workshops, seminars, and simulated hacks were the major internet safety teaching methods. Practicality, comprehension, and enthusiasm for learning were stressed while creating tailored teaching materials. Survey findings revealed participants' cybersecurity knowledge, confidence, and favourite learning resources. Even though many respondents stated they attended cybersecurity presentations and publications, they had varying confidence levels and knowledge gaps in password security and malware detection. Participants valued clear, appropriate instructional materials and engaging learning experiences with real-world examples. The study found cybersecurity education difficulties include time, issue complexity, and informational blind spots. Cybersecurity education courses might benefit from interactive elements, real-world case studies, and regular content updates. Academic, government, and corporate partnerships were needed to raise cybersecurity awareness. Finally, this study shows how important it is to bridge knowledge gaps, offer personalised instructional tools, and involve stakeholders in cybersecurity awareness. Future cybersecurity education research should avoid sampling bias and use self-reported data to advance. Through inclusive and thorough research, scholars may make the digital society safer and more robust.
    38 0

Copyright owned by the Saudi Digital Library (SDL) © 2024