Paul S Haskell-Dowland

Paul S Haskell-Dowland
Edith Cowan University | ECU · School of Science

PhD FBCS FHEA FAISA SMIEEE MACS(Sr) ACM

About

90
Publications
47,588
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,519
Citations
Introduction
Skills and Expertise

Publications

Publications (90)
Article
Full-text available
A botnet is a collection of Internet-connected computers that have been suborned and are controlled externally for malicious purposes. Concomitant with the growth of the Internet of Things (IoT), botnets have been expanding to use IoT devices as their attack vectors. IoT devices utilise specific protocols and network topologies distinct from conven...
Article
Full-text available
Anomaly detection in the scope of network security aims to identify network instances for the unexpected and unique, with various security operations employing such techniques to facilitate effective threat detection. However, many systems have been designed based on the absolute mapping of attacks to one of three anomaly types (i.e. point, collect...
Article
Full-text available
Biometrics is a critical component of cybersecurity that identifies persons by verifying their behavioral and physical traits. In biometric-based authentication, each individual can be correctly recognized based on their intrinsic behavioral or physical features, such as face, fingerprint, iris, and ears. This work proposes a novel approach for hum...
Research
Full-text available
Anomaly detection from Big Cybersecurity Datasets is very important; however, this is a very challenging and computationally expensive task. Feature selection (FS) is an approach to remove irrelevant and redundant features and select a subset of features, which can improve the machine learning algorithms’ performance. In fact, FS is an effective pr...
Chapter
Botnets are a group of compromised devices taken over and commanded by a malicious actor known as a botmaster. In recent years botnets have targeted Internet of Things (IoT) devices, significantly increasing their ability to cause disruption due to the scale of the IoT. One such IoT-based botnet was Mirai, which compromised over 140,000 devices in...
Article
In recent times, cyberattacks on the Internet of Health Things (IoHT) have continuously been growing, and so it is important to develop robust countermeasures. However, there is a lack of publicly available datasets reflecting cyberattacks on IoHT, mainly due to privacy concerns. This paper showcases the development of a dataset, ECU-IoHT, which bu...
Chapter
The ongoing demand for new and faster technologies continues to leave consumers and business users to face the constant challenge of updating systems and software. This unrelenting pace of technological evolution has not always been matched with a commensurate focus on security and privacy matters. In particular, the obligatory move to embrace clou...
Article
Full-text available
Privacy protection in electronic healthcare applications is an important consideration, due to the sensitive nature of personal health data. Internet of Health Things (IoHT) networks that are used within a healthcare setting have unique challenges and security requirements (integrity, authentication, privacy, and availability) that must also be bal...
Article
Full-text available
An amendment to this paper has been published and can be accessed via the original article.
Article
Full-text available
A massive amount of data is generated with the evolution of modern technologies. This high-throughput data generation results in Big Data, which consist of many features (attributes). However, irrelevant features may degrade the classification performance of machine learning (ML) algorithms. Feature selection (FS) is a technique used to select a su...
Article
Full-text available
The rapid progress of modern technologies generates a massive amount of high-throughput data, called Big Data, which provides opportunities to find new insights using machine learning (ML) algorithms. Big Data consist of many features (also called attributes); however, not all these are necessary or relevant, and they may degrade the performance of...
Article
Full-text available
Intelligent Buildings or Building Automation and Control Systems (BACS) are becoming common in buildings, driven by the commercial need for functionality, sharing of information, reduced costs and sustainable buildings. The facility manager often has BACS responsibility; however, their focus is generally not on BACS security. Nevertheless, if a BAC...
Article
Full-text available
There has been an increasing prevalence of ad-hoc networks for various purposes and applications. These include Low Power Wide Area Networks (LPWAN) and Wireless Body Area Networks (WBAN) which have emerging applications in health monitoring as well as user location tracking in emergency settings. Further applications can include real-time actuatio...
Chapter
Cloud computing is an emerging technology paradigm by offering elastic computing resources for individuals and organisations with low cost. However, security is still the most sensitive issue in cloud computing services as the service remains accessible to anyone after initial simple authentication login for significant periods. This has led to inc...
Article
Full-text available
The Guidance provides both the security and facility professional with the necessary information and a framework to protect their organization against risks associated with Intelligent Building Management Systems (IBMS) vulnerabilities. The guidance aims to support such decision making in combination with relevant standards, guidelines, and other r...
Technical Report
Full-text available
Building Automation and Control Systems (BACS) have become embedded into the contemporary built environment and its facilities. BACS technology and its connectivity extends across all types, sizes and functions of facilities for the purposes of not only automation, but the free flow of information. However, limited organizational awareness and unde...
Article
Full-text available
A Certificate Authority (CA) provides the critical authentication and security services for Public Key Infrastructure (PKI) which are used for the Internet and wired networks. In MANETs (wireless and ad hoc) there is an inability to offer a centralized CA to provide these security services. Recent research has looked to facilitate the use of CAs wi...
Preprint
Full-text available
A Certificate Authority (CA) provides the critical authentication and security services for Public Key Infrastructure (PKI) which are used for the Internet and wired networks. In MANETs (wireless and ad hoc) there is an inability to offer a centralized CA to provide these security services. Recent research has looked to facilitate the use of CAs wi...
Conference Paper
Full-text available
Key aspects that weaken users’ ability to use security are often related to the difficulty of comprehending the features/notifications within the interfaces of applications, inconsistency in the interfaces, and not receiving appropriate guidance or adequate security information. This often leads to confusion, limiting a users’ ability to comprehend...
Conference Paper
Full-text available
There has been exponential growth in the use of wearable technologies in the last decade with smart watches having a large share of the market. Smart watches were primarily used for health and fitness purposes but recent years have seen a rise in their deployment in other areas. Recent smart watches are fitted with sensors with enhanced functionali...
Conference Paper
Full-text available
The advancement of smart devices has led to a steep rise in wearable devices of which smart watches are increasingly gaining popularity in the wearable technology market. Most smart watches have evolved from their first generation to their present generation with increased functionality and capacity. This has led to smart watches gaining popularity...
Conference Paper
Full-text available
Gait recognition is a technique that identifies or verifies people based upon their walking patterns. Smartwatches, which contain an accelerometer and gyroscope have recently been used to implement gait-based biometrics. However, this prior work relied upon data from single sessions for both training and testing, which is not realistic and can lead...
Conference Paper
Users are frequently cited as being the weakest link in the information security chain. However, in many cases they are ill-positioned to follow good practice and make the necessary decisions. Part of the reason here is that, even if security awareness, training and/or education have been provided, some of the key points may have been forgotten by...
Conference Paper
Full-text available
Users are frequently cited as being the weakest link in the information security chain. However, in many cases, they are ill-positioned to follow good practice and make the necessary decisions. Part of the reason here is that, even if security awareness, training and/or education have been provided, some of the key points may have been forgotten by...
Article
Full-text available
Activity recognition that recognises who a user is by what they are doing at a specific point of time is attracting an enormous amount of attention. Whilst previous research in activity recognition has focused on wearable dedicated sensors (body worn sensors) or using a smartphone’s sensors (e.g. accelerometer and gyroscope), little attention is gi...
Article
One of the main challenges associated with e-government adoption is lack of security. Thus, the aim of this research is to investigate the role of security in e-government adoption by integrating security, trust and privacy with the Unified Theory of Acceptance and Use of Technology 2 (UTAUT2). In addition, this research will also investigate the f...
Conference Paper
Full-text available
A secure, user-convenient approach to authenticate users on their mobile devices is required as current approaches (e.g., PIN or Password) suffer from security and usability issues. Transparent Authentication Systems (TAS) have been introduced to improve the level of security as well as offer continuous and unobtrusive authentication (i.e., user fr...
Conference Paper
Web-based Learning Management Systems (LMS) have their way into the methods that students, lecturers and generally the education community communicates, stores, shares and collaborates. Although technically they seem to provide an ideal environment for deploying constructive eLearning activities, yet, research indicates that they seem to fail produ...
Article
Full-text available
In the history of learning development, e-learning has been a key factor in the education evolution. The significant growth in users of e-learning technologies (students and teachers) and their use in courses has given rise to a major concern over protecting them from misuse; a significant concern is that of the potential for cheating or illicit as...
Article
Security warnings are intended to alert users about the possibility of events that may compromise their protection. They encounter security warnings on daily basis in many situations when dealing with their computer. However, prior studies have shown that users often have difficulty in understanding the warnings, which can pose a particular risk in...
Article
Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords is difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. In addition, they are vulnerable to various types of attacks, such as shoulder surfi...
Article
Full-text available
The traditional text-based password has been the default security medium for years; however, the difficulty of memorizing secure strong passwords often leads to insecure practices. A possible alternative solution is graphical authentication, which is motivated by the fact that the capability of humans’ memory for images is superior to text, which h...
Conference Paper
The traditional password has long been the most widely used authentication mechanism in spite of its well-known flaws. In order to address these flaws, researchers have utilised images or drawings as a potential alternative. In this paper, we consider the attributes of several graphic-based techniques. As a result, the study suggests a new data-ent...
Conference Paper
Full-text available
Over the last ten years, e-learning has played a vital role in education. A leading Virtual Learning Environment (VLE) reports a user base of 70 million students and 1.2 million teachers across 7.5 million courses. Whilst e-learning has introduced flexibility and remote/distance-based learning, there are still aspects of course delivery that rely u...
Article
In recent years, many countries have used e-government to provide high quality services to their citizens. Thus, a number of studies have investigated user acceptance of e-government through the use of adoption models, such as the Unified Theory of Acceptance and Use of Technology (UTAUT) model. However, these models do not focus sufficiently on se...
Article
Security warnings are intended to alert users about the possibility of events that may compromise their protection. They encounter security warnings on daily basis in many situations when dealing with their computer. However, prior studies have shown that users often have difficulty in understanding the warnings, which can pose a particular risk in...
Conference Paper
There are a large number of highly structured documents, for example: newspaper articles, scientific, mathematical or technical literature. As a result of inductive research with 200 blind and visually impaired participants, a multi-modal user interface for non-visual presentation, navigation and manipulation of structured documents on mobile and w...
Conference Paper
Full-text available
Many financial institutes tend to implement a secure authentication mechanism through the utilization of the One-Time-Password (OTP) technique. The use of a hardware security token to generate the required OTP has been widespread. Despite the fact that this method provides a fairly high level of security, many systems have not taken into considerat...
Article
Authentication using images (i.e., graphical passwords) is claimed to be one of the alternatives for overcoming weaknesses in the traditional username and password authentication. This paper reports on the study to explore the feasibility of combining two graphical password methods for better security. A graphical password prototype scheme, the Enh...
Conference Paper
This paper introduces a novel concept for an assistive technology in support of blind and visually impaired persons for nonvisual presentation and navigation within the structure of digital text-documents on mobile devices (smart phones, internet tablets, etc.) which enables them to get a fast overview over the structure of an entire document. The...
Article
With nearly 6 billion subscribers around the world, mobile devices have become an indispensable component in modern society. The majority of these devices rely upon passwords and personal identification numbers as a form of user authentication, and the weakness of these point-of-entry techniques is widely documented. Active authentication is design...
Conference Paper
The creation of Virtual Learning Environments (VLEs) have revolutionized the online delivery of learning materials, from traditional lectures slides through to podcasts, blogs and wikis. However, such advances in how we assess such learning have not evolved - with physical attendance at proctored exams still a necessity for formal assessments. This...
Conference Paper
The Internet and especially the Web have effectively become the default mechanism for information dissemination, collaboration, communication and storage. Higher education institutions have started to make use of these technologies by implementing web based Learning Management Systems (LMS). Their goal is to take advantage of the benefit that web b...
Conference Paper
This paper reports on the usability study carried out to assess the feasibility of combining two graphical password methods for better security. The methods involved clicking on the image (i.e. click-based) and selecting a series of images (i.e. choice-based). A graphical password prototype was developed (Enhanced Graphical Authentication System) a...
Conference Paper
Massively Multiplayer Online Role Playing Games (MMORPG’s) are highly immersive environments which promote and sustain hyper personal interaction amongst players. This body of work aimed to identify, compare and draw conclusions from existing and ongoing research on player behaviour, motivations, addiction, data disclosure and the potential for har...
Conference Paper
There are thousands of digital documents available on the internet, but many of them are not accessible for blind and visually impaired people. To find out what is of importance as to the reading of text and the navigation within documents from the user’s point of view, a survey has been conducted among people concerned. They were asked how they ha...
Conference Paper
Full-text available
Since the first handheld cellular phone was introduced in 1970s, the mobile phone has changed significantly both in terms of popularity and functionality. With more than 4.6 billion subscribers around the world, it has become a ubiquitous device in our daily life. Apart from the traditional telephony and text messaging services, people are enjoying...
Conference Paper
Full-text available
Authentication using images or graphical passwords is one of the possible alternatives for traditional authentication based upon passwords. This study aims to investigate the practicality of giving guidelines or advice to users before they start choosing their image passwords, the effectiveness of using a smaller tolerance (clickable areas) and the...
Article
Mobile devices have become essential to modern society; however, as their popularity has grown, so has the requirement to ensure devices remain secure. This paper proposes a behaviour-based profiling technique using a mobile user?s application usage to detect abnormal activities. Through operating transparently to the user, the approach offers sign...
Article
Some may argue that the proliferation of personal computers together with the widespread use of the Internet has brought many benefits to society. The popularity of the internet and its associated online services continues to grow at an exponential rate and consequently, so does the number of avenues for potential exploitation. Prior research has a...
Conference Paper
Full-text available
In this paper we investigated the levels of addiction and personal data disclosure within Massively Multiplayer Online Role Playing Game environments (MMORPG's). The study made use of an online survey which embraced a combination of a six point behavioural addiction framework, Self Determination Theory and Impression Management theory to assess add...
Conference Paper
Full-text available
Over the last decade, the mobile device has become a ubiquitous tool within everyday life. Unfortunately, whilst the popularity of mobile devices has increased, a corresponding increase can also be identified in the threats being targeted towards these devices. Security countermeasures such as AV and firewalls are being deployed, however, the incre...
Article
Purpose – The purpose of this paper is to assess the usability of two image-based authentication methods when used in the web-based environment. The evaluated approaches involve clicking secret points within a single image (click-based) and remembering a set of images in the correct sequence (choice-based). Design/methodology/approach – A “one-to-o...
Conference Paper
Full-text available
The presentation and usability of security features can represent a significant impediment to effective protection for end-user systems. In order to investigate the nature and level of problems that can be encountered during attempts to use security within standard end-user applications, this paper presents results from a series of hands-on user tr...
Conference Paper
Full-text available
Security features can now be found in a variety of end-user applications. However, the extent to which such features can actually be understood and used by the target audience is often undermined by poor attention to human-computer interaction factors. This paper considers the problem, and highlights a number of common issues that can compromise th...
Article
Purpose – This paper aims to look at unpatched software which represents a significant problem for internet‐based systems, with a myriad malware incidents and hacker exploits taking advantage of vulnerable targets. Unfortunately, vulnerability management is a non‐trivial task, and is complicated by an increasing number of vulnerabilities and the wo...
Article
Faced with an increasing range of attacks, the appropriate use of available security features in computer systems and applications is becoming ever more necessary. However, although many applications provide ways in which users can protect themselves against threats, the design and implementation of these features can often be criticized from a Hum...
Article
A number of previous studies have investigated the use of keystroke analysis as a means of authenticating users identities at the point of initial login. By contrast, relatively little research has focused upon the potential of applying the technique for identity verification during the logged-in session. Previous work by the authors has determined...
Article
Full-text available
Modern IT systems have a continued requirement for reliable user authentication at login. However, the majority of systems are still using username/password combinations, in spite of a variety of recognised weaknesses. Identifies the need for improved login authentication, and investigates the suitability of two alternative methods, using cognitive...
Conference Paper
Security awareness is a critical issue for all organisations that depend upon information technology. However, significant survey evidence suggests that the issue is often given inadequate attention in modern organisations, leading to problems through security incidents. This paper considers various means that can be used to instil greater awarenes...
Article
Full-text available
Appropriate understanding and acceptance of IT security should now be regarded as an essential requirement within any modern business. Although a number of previous studies have been published that assess organizational attitudes, the respondents have typically been IT administrators or top-level managers, without any representation from the end-us...
Article
Full-text available
Information systems security is a critical issue for all organisations with a significant dependence upon information technology. However, it is a requirement that is often difficult to address, particularly within small organisations, as a result of a lack of resources and expertise. This paper identifies the need for security awareness and descri...
Article
Full-text available
The paper presents a comparative study of software-based user authentication techniques, contrasting the use of traditional password and personal identifier numbers (PIN) against alternative methods involving question and answer responses and graphical representation. All methods share the common basis of some secret knowledge and rely upon the use...
Conference Paper
There has been significant interest in the area of keystroke analysis to support the authentication of users, and previous research has identified three discrete methods of application; static, periodic dynamic and continuous dynamic analysis. This paper summarises the approaches and metrics arising from previous work, and then proceeds to introduc...
Conference Paper
Full-text available
The continuous growth of computer networks, coupled with the increasing number of people relying upon information technology, has inevitably attracted both mischievous and malicious abusers. Such abuse may originate from both outside an organisation and from within, and will not necessarily be prevented by traditional authentication and access cont...
Article
Security analyser tools provide a useful means of automatically identifying, and potentially exploiting, vulnerabilities within computer systems and networks but they are also of assistance to hackers looking for ways to break in. The paper highlights the range of tools that are available and of potential use to both audiences and considers the ext...
Article
User authentication is a vital element in ensuring the secure operation of IT systems. In the vast majority of cases, this role is fulfilled by the password, but evidence suggests that this approach is easily compromised. Whilst many alternatives exist, particularly in the form of biometric methods, questions remain over the likely user acceptance....
Article
The detection and prevention of authorised activities, by both external parties and internal personnel, is an important issue within IT systems. Traditional methods of user authentication and access control do not provide comprehensive protection and offer opportunities for compromise by various classes of abuser. A potential solution is provided i...
Article
In recent years, a number of surveys have indicated a significant escalation in reported incidents of computer crime and abuse. This rise is coupled with increasing attention to the issue in the mass media, which has the effect of heightening public perceptions of problems with IT and may represent a barrier to the adoption of technologies such as...