Information theory based detection against network behavior mimicking DDoS attacks

DDoS is a spy-on-spy game between attackers and detectors. Attackers are mimicking network traffic patterns to disable the detection algorithms which are based on these features. It is an open problem of discriminating the mimicking DDoS attacks from massive legitimate network accessing. We observed that the zombies use controlled function(s) to pump attack packages to the victim, therefore, the attack flows to the victim are always share some properties, e.g. packages distribution behaviors, which are not possessed by legitimate flows in a short time period. Based on this observation, once there appear suspicious flows to a server, we start to calculate the distance of the package distribution behavior among the suspicious flows. If the distance is less than a given threshold, then it is a DDoS attack, otherwise, it is a legitimate accessing. Our analysis and the preliminary experiments indicate that the proposed method- can discriminate mimicking flooding attacks from legitimate accessing efficiently and effectively.

The inadequacy of Western media theory in third world internal conflicts : the case of military censorship in Sri Lanka

The literature of communication and conflict is long and deep. However, it has focused primarily on cross-border conflict in the northern hemisphere. Not much academic research has been done on intra-state conflicts in general or on Asian conflicts in particular. This research on the Sri Lankan separatist conflict contributes towards filling this void.Newspaper reports in three languages on Operation Jayasikurui (1997) as well as on the capture of Elephant Pass (2000) were analyzed by trained coders with high reliability. In-depth interviews were conducted with Sri Lankan journalists and military personnel who participated in these incidents. Triangulation sources include Sri Lanka Army materials and the Sri Lanka Government Gazette.

Results clearly show that despite stringent governmental regulations, censorship had no effect on these Sri Lankan newspapers, which employed unique cultural techniques to circumvent these restrictions. Despite their apparent divergent ethnic backgrounds, all newspaper samples are consensual in their depiction of the conflict all the time while managing to set different agendas for their individual readerships. Media regulations could not impose censorship as proposed by Western theoretical constructs. Results show no correspondence between media samples and imposition of government or military policy. The press enjoyed freedom to convey war information to the public and exhibited a distinct streak of social responsibility in their watchdog instincts.Dominant Western propaganda models and theoretical perspectives do not apply to the Sri Lankan context. Understanding the cultural dimensions is essential before theorizing on media behaviour. No particular theoretical framework from the literature could be used to make inferences. One further interesting finding suggested from this research: Internal conflict within the Asian region may have its own unique theoretical perspective. The study concludes by proposing an alternative model.

Information systems in and of the information age

The previous decade has been well known in Australia for the methodological wars. This culminated in a modest increase in interpretivist research. However, critical theory and postmodernist methodologies have not been taken up with any great enthusiasm both here in Australia or elsewhere. This paper attempts to outline the practical and historical reasons and the theoretical difficulties for the failure of these paradigms in contemporary IS. Secondly, it attempts to identify why IS must embrace these paradigms for the future, and the emerging postmodernist approaches in particular, in the light of the rise of ubiquitous information systems. The paper proposes a new set of research questions for the discipline.

Critical analysis of the use of absorptive capacity theory in IS research

This paper critically analyzes the use of Absorptive Capacity (ACAP) theory in information systems (IS) research. Drawing on a comprehensive review of the evolution of ACAP theory and models for the construct, we empirically investigate a number of ACAP-related papers published in reputable IS journals. The analysis involves four main areas: 1) summary analysis of ACAP in IS papers; 2) domains of ACAP usage; 3) analysis of hypotheses to show how ACAP is being used to explain various organizational phenomena in IS research; and 4) analysis of measures to gain insights into the operationalization of ACAP in IS research. This research advocates that organization-level ACAP should be applied as the dependent variable in studying the impact of IS. Furthermore, ACAP should be conceptualized as a “capability,” rather than an “asset.” This paper contributes to IS and ACAP studies by investigating and clearly specifying the utility of ACAP in IS research.

Information sharing in supply chain systems

This chapter considers the importance of information-sharing techniques and strategies employed by industry sectors. Well-developed supply chain management often brings with it improved buyer-supplier communication processes, and we consider the impact of these not only from an intersector point of view, but also from a cross-sector viewpoint. The particular perspectives of the small business within a supply chain structure and of the supply chain customer are examined in detail. We conclude that information sharing is a critical component of business success both inside and outside the supply chain structure. However, while globally and at the large business level, both development and implementation of such technologies have mushroomed, smaller enterprises have tended to be left behind to cope as best they can with multiple pressures to conform.

Teaching organisational theory in undergraduate management programmes: an exercise in facilitated theory testing for active experimentation

This paper argues that there is an opportunity to improve the way that social science theory is taught by introducing an exercise in facilitated theory testing through active experimentation. This paper describes a learning experience that enables students to discover the dynamic nature of theoretical discoveries. This idea is grounded in the notion that students will gain much from learning about and testing theory experientially using real world data. A data based exercise is outlined and illustrated to reveal a learning experience that provides an opportunity to improve the way social science is taught by linking theory to empirical data. We argue that this provides an opportunity to offer a more holistic learning experience for theory teaching. The paper will be of special interest to those teaching theory in management, commerce, business and organisational studies courses. It will also be of interest to a more general audience because it provides a framework that can be modified whenever forging a connection between theory and 'the real world' is a primary learning objective.

Three strategic dimensions of information security in ecommerce : a literature review based conceptual model

Important eCommerce requirements are a robust and secure technical infrastructure, and the ability to ensuring the security of information, and to satisfying certain related legal requirements. In this paper, based on a literature review, we present a high-level conceptual model of information security in eCommerce, consisting of three strategic dimensions: protecting organizations' information, satisfying certain legal requirements, and enabling trusted and secure electronic transactions. Our conceptual model can be used by eCommerce managers as a tool in the strategic planning and management process, to better understand and communicate the inter-dependencies between business and legal requirements. The model can also be used for devising the goals and objectives relevant to their specific organization, for designing the policies that are needed, and deciding how technology will be managed and what training is required.

The tri-dimensional role of information security in E-business : a managerial perspective

The effective management of information and its associated infrastructure is critical in electronic business. Failure to exercise due diligence in information assurance and security may lead to lost revenue or business opportunities, brand and reputation erosion, adverse media publicity, scrutiny from consumer advocates and even lawsuits. Traditionally, information security was approached in terms of goals. Yet, the goalsoriented approach may be a flawed one. In this paper, we adopt a conceptual analytical approach and propose a tri-dimensional understanding of information security in electronic business. Our approach can help managers better understand and communicate the information security’s role in e-business and the inter-dependencies between business and legal requirements, for devising the goals, objectives and policies relevant to their organization.

Shaming, shame and recidivism : a test of reintegrative shaming theory in the white-collar crime context

Despite the popularity of reintegrative shaming theory in the field of criminology, only a small number of studies purporting to test it have been published to date. The aim of the present study, therefore, is to provide an empirical test of Braithwaite's (1989; Braithwaite and Braithwaite 2001) theory of reintegrative shaming in the white-collar crime context. The data on which the study is based came from survey data collected from a group of 652 tax offenders. Consistent with predictions, it was found that feelings of reintegration/stigmatization experienced during an enforcement event were related to reoffending behaviour. Those taxpayers who felt that their enforcement experience had been reintegrative in nature were less likely to report having evaded their taxes two years later. Consistent with Braithwaite and Braithwaite's (2001) hypotheses, shame-related emotions were also found to partially mediate the effect of reintegration on subsequent offending behaviour. Implications for the effective regulation of white-collar offenders are discussed.

Electronic negotiation and security of information exchanged in e-commerce

In settings such as electronic markets where trading partners have conflicting interests and a desire to cooperate, mobile agent mediated negotiation have become very popular. However, agent-based negotiation in electronic commerce involves the exchange of critical and sensitive data that must be highly safeguarded. Therefore, in order to give benefits of quick and safe trading to the trading partners, an approach that secures the information exchanged between the mobile agents during e-Commerce negotiations is needed. To this end, we discuss an approach that we refer to as Multi-Agent Security NEgotiation Protocol (MASNEP). To show that MASNEP protocol is free of attacks and thus the information exchanged throughout electronic negotiation is truly secured, we provide a formal proof on the correctness of the MASNEP.

Families as carers-information needs in a cultural context

While the important role of family as a carer has been increasingly recognised in healthcare service provision, particularly for patients with acute or chronic illnesses, the carer’s information needs have not been well understood and adequately supported by current health information systems. In order to effectively provide continuous and home-based care for the patient, a family relative as the primary carer needs sufficient access to medical knowledge and patient’s health information. There are two challenges. First, being a family relative, the primary carer is often a non-medical practitioner. Second, in Australia, many primary carers are family relatives of patients from a non-English speaking background. They are often seen as interpreters in clinical consultation sessions. Their roles and responsibilities as an interpreter and a carer are often mixed and blurry.
Therefore, their information needs are often seen as secondary to the patient or neglected. The primary carer’s information needs are currently not yet well understood.

This paper reports finding from a case study which examines an on-line diary of a husband-carer who provided support and care for his wife, who at the time of care was a lung cancer patient. The case study examines an ongoing learning process that the husband went through, identifies information needs by the carer and cultural factors which played an important role in the husband’s interpretation of information, decision making and provision of care. The finding extends a current model of the user’s information needs in the literature and suggests implications for further research into developing health information systems to meet information needs by the family carer.

Information integration in molecular bioscience

Integrating information in the molecular biosciences involves more than the cross-referencing of sequences or structures. Experimental protocols, results of computational analyses, annotations and links to relevant literature form integral parts of this information, and impart meaning to sequence or structure. In this review, we examine some existing approaches to integrating information in the molecular biosciences. We consider not only technical issues concerning the integration of heterogeneous data sources and the corresponding semantic implications, but also the integration of analytical results. Within the broad range of strategies for integration of data and information, we distinguish between platforms and developments. We discuss two current platforms and six current developments, and identify what we believe to be their strengths and limitations. We identify key unsolved problems in integrating information in the molecular biosciences, and discuss possible strategies for addressing them including semantic integration using ontologies, XML as a data model, and graphical user interfaces as integrative environments.

The importance of national ICT visions for information society in South East Asia

This paper addresses the question ‘How necessary is a national information and communications technology (ICT) strategy/vision for the development of an information society?’ For the purpose of this paper, ‘information society’ is reduced to two key dimensions: penetration of ICT, and access to government information on-line. In considering the question, the paper calls on data contained in the International Telecommunication Union’s (ITU) case studies of e-readiness in eight South East Asian (SEA) nations (Cambodia, Indonesia, Laos, Malaysia, Philippines, Singapore, Thailand and Vietnam). The background to the paper includes an overview of the SEA nations in terms of demographics and a discussion of the dilemma of government involvement in developing an information society in the light of the ‘small government mantra’ that has dominated in recent years. National ICT strategies visions of each nation are presented, followed by on overview of their information society policies and practices and their ICT penetration. The importance of the vision is then contrasted with other factors including level of development and national income. The conclusions draw attention to the importance of a vision irrespective of level of development and resource availability. In fact, for the least developed nations, poor infrastructure may be an opportunity to leap frog to the most advanced networks supporting an information society, if the vision is relevant, powerful and broadly held.