Computing and Information Systems - Research Publications

Permanent URI for this collection

Search Results

Now showing 1 - 10 of 18
  • Item
    Thumbnail Image
    Dusting for fingerprints: Revealing patterns of online students’ behaviour
    Armas Cervantes, A ; Abedin, E ; Taymouri, F ( 2023-09-01)
    Hybrid learning strategies combine face-to-face instruction with online components. These hybrid environments rely heavily on online Learning Management Systems (LMSs) that serve as central hubs for learning materials. Depending on the adopted instructional strategy, students may be expected to complete certain tasks in the LMS. For instance, when adopting a flipped classroom strategy, students must watch videos, read material or complete quizzes prior the classroom time. Then, during classroom time, students focus on performing hands-on exercises. Students consistently engaging in the adopted strategy is key, as failing to do so can decrease the effectiveness of the adopted strategy. This paper presents an approach to monitor the changes of students’ behaviour over time. Using variants analysis, the method analyses data captured in an LMS and finds significant differences between time windows (e.g., two academic weeks). This can inform educators about changes in students’ engagement in the instructional strategy (e.g., students not completing some tasks). To showcase our method, we analyse a semester’s worth of data for a master’s subject implementing flipped classroom strategy.
  • Item
    Thumbnail Image
    Strengthening Australia’s cybersecurity regulations and incentives: Response to the Department of Home Affairs Discussion Paper
    Achrekar, A ; Ahmad, A ; Chang, S ; Cohney, S ; Dreyfus, S ; Leckie, C ; Murray, T ; Paterson, J ; Pham, VT ; Sonenberg, E ( 2021)
    The development of the regulatory and incentives framework is a key opportunity to align Australian enterprises’ cybersecurity practice with latest research, particularly on consumer protections, and emerging cyber threats and security challenges. The Australian Government has an essential role in establishing incentives to encourage best practice and consequences to combat poor practice. It will be increasingly important for government at all levels to act as a role model, by following best practice in the conduct of its public business.
  • Item
    Thumbnail Image
    Discovering executable routine specifications from user interaction logs
    Leno, V ; Augusto, A ; La Rosa, M ; Polyvyanyy, A ; Dumas, M ; Maggi, F ( 2021)
  • Item
    Thumbnail Image
    Encoder-Decoder Generative Adversarial Nets for Suffix Generation and Remaining Time Predicationof Business Process Models
    Taymouri, F ; La Rosa, M ( 2020)
    Predictive process monitoring aims to predict future characteristics of an ongoing process case, such as case outcome or remaining time till completion. Several deep learning models have been proposed to address suffix generation and remaining time prediction for ongoing process cases. Though they generally increase the prediction accuracy compared to traditional machine learning models, they still suffer from critical issues. For example, suffixes are generated by training a model on iteratively predicting the next activity. As such, prediction errors are propagated from one prediction step to the next, resulting in poor reliability, i.e., the ground truth and the generated suffixes may easily become dissimilar. Also, conventional training of neural networks via maximum likelihood estimation is prone to overfitting and prevents the model from generating sequences of variable length and with different activity labels. This is an unrealistic simplification as business process cases are often of variable length in reality. To address these shortcomings, this paper proposes an encoder-decoder architecture grounded on Generative Adversarial Networks (GANs), that generates a sequence of activities and their timestamps in an end-to-end way. GANs work well with differentiable data such as images. However, a suffix is a sequence of categorical items. To this end, we use the Gumbel-Softmax distribution to get a differentiable continuous approximation. The training works by putting one neural network against the other in a two-player game (hence the “adversarial” nature), which leads to generating suffixes close to the ground truth. From the experimental evaluation it emerges that the approach is superior to the baselines in terms of the accuracy of the predicted suffixes and corresponding remaining times, despite using a naive feature encoding and only engineering features based on control flow and events completion time.
  • Item
    Thumbnail Image
    Assessing and controlling risks associated with Denial of Service (DoS) attacks on organizational networks
    Gajja, Abhinav ; Shah, Deepam Vipinchandra ; Asnani, Dheeraj ; Riveros, Edgar ; L'Hotellier, Johannes ; Chandrakumar, Narendrakumar ; Kale, Tejas ( 2014-08)
    and control of information security risks have emerged as a primary mean by which organizations secure information infrastructure. Key assets are identified and protected as a part of risk management strategy. In this process, commonly Denial of Service (or DoS) attacks are overlooked. DoS service is traditionally not considered as information security risk, hence the treatment of that remains low priority. But in the recent past, several such attacks had made high profile business’s web servers unavailable or un-accessible for considerable period of time, which consequently caused monitory and reputational losses. Hence now there is a substantial need to consider DoS attacks as a potential risk for information security and its assessment and treatment should be included in organization’s risk management process. This paper examines the major forms of DoS attacks that are lodged on critical network infrastructure of an organization, targeting the availability and access of its critical business and IT Services and further how the risk of such attacks can be reduced or mitigated through risk management process.
  • Item
    Thumbnail Image
    Implications of social media networks on information security risks
    Boorman, James ; Liu, Yanhua ; Zhang, Yixin ; Bai, Yu ; Yao, Siyi ; Wang, Mengxue ; Tai, Li ( 2014-08)
    The user base of Social Media Networks (SMN) has grown dramatically over the last 10 years, with the Facebook platform alone commanding 18% of the world’s population as active users. Thus SMN provide a mechanism to disseminate information both rapidly and globally. Despite this fact, little research has been conducted into the implications of SMN on information security risk. Here we conduct a literature review in order to provide information security professionals with insight into the threats, threat agents, vulnerabilities and potential risks faced by individuals and organisations from SMN. Findings suggest that confidentiality and integrity of information can be threatened by multiple actors and mechanisms, putting information and reputation at risk. Information security professionals face a mammoth task to manage such risks and a standard approach to risk management seems unlikely to be effective.
  • Item
    Thumbnail Image
    Information security culture as an enabler: addressing the gap between organisational knowledge sharing and information security
    Pathan, Enamul Haq ; Huang, Gang ; Xu, Jiamin ; Hassan, M D ; Zoma, Rusol ; Rajagopalan, Sujatha ; Dong, Wenlong ( 2014-08-01)
    Knowledge sharing is a vital business strategy that creates value for an organisation. It also leads to accidental or deliberate loss of information and knowledge. With an ideal culture, the knowledge sharing barrier can be broken without leaking information. We gathered data from the literature on the benefits of knowledge sharing in organisations and the related risks, addressing the role of a positive organisational culture. We interviewed information security specialists in small and large organisations in Melbourne and overseas. The study confirms the findings from literature that organisations value knowledge sharing to gain a competitive advantage. They also revealed that the preventive measures of knowledge leakage usually involved fostering a sharing culture with strategy, policies and controls in place with regular training and awareness. Based on these observations, we propose the need for future research on organisations that have fostered a culture of sharing knowledge without compromising its security.
  • Item
    Thumbnail Image
    Security challenges of BYOD: a security education, training and awareness perspective
    Chen, Hanlin ; Li, Jiao ; Hoang, Thomas ; Lou, Xiaowei (The University of Melbourne, 2013)
    This paper explores the security challenges of Bring Your Own Device (BYOD) for users and organisations by identifying the security threats to mobile devices. Based on these challenges, this paper will aim to identify the security education, training and awareness approaches and concepts based on existing literature to form an understanding of how users can be motivated to commit to BYOD policies and practices. The extent in which users are accountable for the security threats related to BYOD is found to be significant in this paper. It is therefore critical that organisations considering implementing BYOD should focus on developing the education, training and awareness programs for its employees based on concepts of motivation, commitment, knowledge retention and the tradeoff between user/device monitoring and user privacy.
  • Item
    Thumbnail Image
    Effectiveness of security controls in BYOD environments
    Marjanovic, Zoran (The University of Melbourne, 2013)
    Mobile computing introduced completely new security risks and increased the potential of the old ones. Remote access as an enabler of mobile computing opened the organisations’ systems to various attacks from the Internet, both technical and social ones. Regular access to the Internet outside corporate systems exposed mobile devices to malicious code and hackers which improved the attack success rate. As a response, security experts have been developing technical and non-technical mechanisms for protection of information. They have been trying to identify the most effective approach and combination of security controls that can deliver maximum security without impairing the business processes. These efforts increased with the introduction of Bring Your Own Device (BYOD) concept. BYOD reduces IT costs and provides more flexible work experience. So far, many organisations decided to allow userowned devices on the system and the trend is still growing. From information security perspective, BYOD comes with risks common for mobile computing, but it also introduces new technical and legal ones. Technical solution providers have been trying to develop security systems that can help organisation in adopting the BYOD concept, and security experts have been trying to design a complete security strategy that can meet the challenges of BYOD. The focus of these efforts is information security.
  • Item
    Thumbnail Image
    Does BYOD increase risks or drive benefits?
    Pillay, Ashwin ; Diaki, Harrik ; Nham, Eric ; Senanayake, Samanthi ; TAN, GLORIA ; Deshpande, Saurabh (The University of Melbourne, 2013)
    This paper looks at the benefits and risks associated with bring your own device (BYOD), a practice that is becoming common to many organisations. Literature reviews of established academic journals were conducted to illustrate key points, arguments, and supporting evidence to draw conclusions. The paper has found that BYOD is an inevitable part of modern organizations’ business practice. Its adoption will continue to rise due to its effectiveness in supporting business operations. The paper also found that there are substantial risks in BYOD that can be harmful to organizations, and thus its ability to control BYOD is crucial in the prevention and mitigation of these risks. The paper contributes to current literature by emphasizing that in order to fully realize the potential ongoing benefits of BYOD, control strategies must be applied, and that the human factor must be taken into account as it plays a pivotal role in the effectiveness of these security measures.