A Taxonomy of Violations in Digital Asset Markets

2023 | International Conference on Information Systems | Citations: 0

Authors: Clapham, Benjamin; Jakobs, Jenny; Schmidt, Julian; Gomber, Peter; Muntermann, Jan

Abstract: Numerous frauds, market manipulations and other violations have recently shaken ... Expand

Abstract: Numerous frauds, market manipulations and other violations have recently shaken investor confidence in digital asset markets and digital assets themselves. Yet, investor confidence and market integrity are key requirements for the continued success of crypto and other digital assets. In order to facilitate the integrity of digital asset markets and avoid integrity incidents in the future, a systematic overview of violations and their main characteristics is needed to develop appropriate countermeasures. Therefore, we develop a taxonomy of violations in digital asset markets and evaluate the taxonomy based on real-world cases. Our results show that many types of market manipulation in traditional financial markets can also be observed in digital asset markets. However, there are new and additional violations in digital asset markets. We also find that many violations depend on specific capabilities of the violator, certain trading conditions, and asset-specific characteristics. Collapse

Topics: IT security threat crypto wallet accounting information technology infrastructure smart contract

Methods: robustness check cluster analysis

PUBLIC MANAGEMENT CHALLENGES IN THE DIGITAL RISK SOCIETY: A Critical Analysis of the Public Debate on Implementation of the Danish NemID

2023 | European Journal of Information Systems | Citations: 0

Authors: Ngwenyama, Ojelanki; Henriksen, Helle Zinner; Hardt, Daniel

Abstract: The rise of the digital society is accompanied by incalculable social risks, but ... Expand

Abstract: The rise of the digital society is accompanied by incalculable social risks, but very little IS research has examined the implications of the new digital society. Drawing on concepts from Beck’s critical theory of the risk society and critical discourse analysis, this study examines the public discourse on risk events during the launch of NemID, a personal digital identifier for Danish citizens. This research illustrates our difficulties and challenges in managing some of the fundamental social risks from societal digitalisation. Limited institutional capabilities for digital technologies force public officials to depend on private companies motived by profit instead of the public interest. Beliefs in digital technology as the primary determinant of social and economic progress also present many public management dilemmas. When digital risk events occur and citizens’ fears are stoked by news media and public discourse, public officials seem to have no other strategy for managing the escalating fears than systematically distorted communication. The continued rise of the digital risk society demands that IS research respond to the challenge of generating knowledge for its public management. Collapse

Topics: IT risk management data breach identity theft denial of service attack internet technology

Methods: theory development case study qualitative content analysis cluster analysis design artifact

Theories: theory of information warfare theory of communicative action

Cyber-risk Management Framework for Online Gaming Firms: an Artificial Neural Network Approach

2023 | Information Systems Frontiers | Citations: 0

Authors: Sharma, Kalpit; Mukhopadhyay, Arunabha

Abstract: Hackers have used Distributed-Denial-of-Service attacks to overwhelm a firm’s cy ... Expand

Abstract: Hackers have used Distributed-Denial-of-Service attacks to overwhelm a firm’s cyber-resources resulting in disrupted access to legitimate end-users. Globally, DDoS attacks cost firms between US$ 120 K to US$ 2 M for each incident. Apart from the monetary loss, they also disrupt service quality and damage the brand reputation of firms. In 2018-2019, Massively Multiplayer Online Gaming (MMOG) firms witnessed 74% of the total DDoS attacks. MMOG firms form a lucrative segment for hackers because of their large customer base and the massive incentive to cause disruptions and losses. Our Feedforward Neural Network-based Cyber-risk Assessment and Mitigation (FNN-CRAM) model consists of three modules: assessment, quantification, and mitigation. The cyber-risk assessment module uses FNN, which takes seven inputs comprising DDoS attack intensity and duration for five DDoS attack types, vulnerability data (i.e., their counts and score), and the vulnerability trends over time. This layer is connected to a ten-neuron hidden layer and one neuron output layer that estimates the probability of these attacks. We also observe that the probability of these DDoS attacks follows a Weibull distribution. Next, our cyber-risk quantification module computes the expected loss. We note that expected losses due to these DDoS attacks follow a gamma distribution. Our cyber-risk mitigation module uses a heat matrix to help the CTO (i) prioritize the cyber-risk associated with a DDoS attack and (ii) decide whether to reduce, accept, or pass the cyber-risk using technological and cyber-insurance interventions. Collapse

Topics: denial of service attack IT security risk management IT security threat extensible markup language

Methods: artificial neural network descriptive statistic logistic regression k-nearest neighbor support vector machine

Deep Reinforcement Learning in the Advanced Cybersecurity Threat Detection and Protection

2023 | Information Systems Frontiers | Citations: 1

Authors: Sewak, Mohit; Sahay, Sanjay K.; Rathore, Hemant

Abstract: The cybersecurity threat landscape has lately become overly complex. Threat acto ... Expand

Abstract: The cybersecurity threat landscape has lately become overly complex. Threat actors leverage weaknesses in the network and endpoint security in a very coordinated manner to perpetuate sophisticated attacks that could bring down the entire network and many critical hosts in the network. To defend against such attacks, cybersecurity solutions are upgrading from the traditional to advanced deep and machine learning defense mechanisms for threat detection and protection. The application of these techniques has been reviewed well in the scientific literature. Deep Reinforcement Learning has shown great promise in developing AI solutions for areas that had earlier required advanced human cognizance. Different techniques and algorithms under deep reinforcement learning have shown great promise in applications ranging from games to industrial processes, where it is claimed to augment systems with general AI capabilities. These algorithms have recently also been used in cybersecurity, especially in threat detection and protection, where these are showing state-of-the-art results. Unlike supervised machine learning and deep learning, deep reinforcement learning is used in more diverse ways and is empowering many innovative applications in the threat defense landscape. However, there does not exist any comprehensive review of deep reinforcement learning applications in advanced cybersecurity threat detection and protection. Therefore, in this paper, we intend to fill this gap and provide a comprehensive review of the different applications of deep reinforcement learning in this field. Collapse

Topics: mobile system denial of service attack internet of things IT security malware

Methods: machine learning computational algorithm deep learning reinforcement learning supervised learning

A text-mining based cyber-risk assessment and mitigation framework for critical analysis of online hacker forums

2022 | Decision Support Systems | Citations: 0

Authors: Biswas, Baidyanath; Mukhopadhyay, Arunabha; Bhattacharjee, Sudip; Kumar, Ajay; Delen, Dursun

Abstract: Online hacker communities are meeting spots for aspiring and seasoned cybercrimi ... Expand

Abstract: Online hacker communities are meeting spots for aspiring and seasoned cybercriminals where they engage in technical discussions, share exploits and relevant hacking tools to be used in launching cyber-attacks on business organizations. Sometimes, the affected organizations can detect these attacks in advance, with the help of cyberthreat intelligence derived from the explicit and implicit features of hacker communication in these forums. Herein, we proposed a novel text-mining based cyber-risk assessment and mitigation framework, which performs the following critical tasks. (i) Cyber-risk Assessment - to identify hacker expertise (i.e., newbie, beginner, inter­ mediate, and advanced) using explicit and implicit features applying various classification algorithms. Among these features, cybersecurity keywords, sharing of attachments, and sentiments emerged as significant. Further, we found that expert hackers demonstrate leadership in the online forums that eventually serve as communities of practice. Consequently, novice hackers gradually develop their cyber-attack skills through prolonged observa­ tions, interactions, and external influences in this social learning process. (ii) Cyber-risk mitigation – computes financial impact for every {hacker expertise, attack-type} combination, and then by ranking them on a {likelihood, impact} decision-matrix to prioritize mitigation strategies in affected organizations. Through these novel rec­ ommendations, our framework can guide managers to decide on appropriate cybersecurity controls using an {expected loss, probability, attack-type, hacker expertise} metric against financial losses due to cyber-attacks. Collapse

Topics: IT security IT security threat darknet source code logistics management

Methods: classification method sentiment analysis decision tree classification term frequency–inverse document frequency literature study

Theories: social exchange theory social practice theory

A Tutorial on Prototyping Internet of Things Devices and Systems: A Gentle Introduction to Technology that Shapes Our Lives

2022 | Communications of the Association for Information Systems | Citations: 0

Authors: Chua, Cecil; Storey, Veda

Abstract: The Internet of Things, which has been quietly building and evolving over the p ... Expand

Abstract: The Internet of Things, which has been quietly building and evolving over the past decade, now impacts many aspects of society, including homes, battlefields, and medical communities. Research in information systems, traditionally, has been concentrated on exploring the impacts of such technology, rather than how to actually create systems using it. Although research in design science could especially contribute to the Internet of Things, this type of research from the Information Systems community has been sparse. The most likely cause is the knowledge barriers to learning and understanding this kind of technology development. Recognizing the importance of the continued evolution of the Internet of Things, this paper provides a basic tutorial on how to construct Internet of Things prototypes. The paper is intended to educate Information Systems scholars on how to build their own Internet of Things so they can conduct technical research in this area and instruct their students on how to do the same. Collapse

Topics: internet of things mobile system internet technology systems design Ethernet

Methods: design artifact wearables based research

Cross-Lingual Cybersecurity Analytics in the International Dark Web with Adversarial Deep Representation Learning

2022 | Management Information Systems Quarterly | Citations: 0

Authors: Ebrahimi, Mohammadreza; Chai, Yidong; Samtani, Sagar; Chen, Hsinchun

Abstract: International dark web platforms operating within multiple geopolitical regions ... Expand

Abstract: International dark web platforms operating within multiple geopolitical regions and languages host a myriad of hacker assets such as malware, hacking tools, hacking tutorials, and malicious source code. Cybersecurity analytics organizations employ machine learning models trained on human-labeled data to automatically detect these assets and bolster their situational awareness. However, the lack of human-labeled training data is prohibitive when analyzing foreign-language dark web content. In this research note, we adopt the computational design science paradigm to develop a novel IT artifact for cross-lingual hacker asset detection (CLHAD). CLHAD automatically leverages the knowledge learned from English content to detect hacker assets in non-English dark web platforms. CLHAD encompasses a novel Adversarial deep representation learning (ADREL) method, which generates multilingual text representations using generative adversarial networks (GANs). Drawing upon the state of the art in cross-lingual knowledge transfer, ADREL is a novel approach to automatically extract transferable text representations and facilitate the analysis of multilingual content. We evaluate CLHAD on Russian, French, and Italian dark web platforms and demonstrate its practical utility in hacker asset profiling, and conduct a proof-of-concept case study. Our analysis suggests that cybersecurity managers may benefit more from focusing on Russian to identify sophisticated hacking assets. In contrast, financial hacker assets are scattered among several dominant dark web languages. Managerial insights for security managers are discussed at operational and strategic levels. Collapse

Topics: darknet IT security knowledge sharing shapley additive explanation spoofing

Methods: machine learning design science design artifact case study deep learning

Is the Repeal of Net Neutrality a Necessary Evil? An Empirical Analysis of Net Neutrality and Cybercrime

2022 | International Conference on Information Systems | Citations: 0

Authors: Kim, Doehun; Park, Jiyong

Abstract: While net neutrality guarantees equal access to the Internet and online content ... Expand

Abstract: While net neutrality guarantees equal access to the Internet and online content, it serves as a limiting factor in identifying and tracking criminal activities in cyberspace by ensuring that data packet is transmitted with equal priority, irrespective of its source and content. Exploiting a natural experiment in which net neutrality policies were officially repealed in 2018 in the United States, this study examines the impact of net neutrality on the occurrence of cybercrime. Our findings suggest that the repeal of net neutrality is negatively associated with the occurrence of malicious code and content in an attempt to compromise computer systems (e.g., malware and ransomware). In contrast, we do not find any significant relationship with cybercrime victimization, and cybercrime that may subsequently occur in compromised systems (e.g., data breaches and denial-of-service attacks). This study provides novel insights into the role of net neutrality and open Internet toward the preventive cybersecurity paradigm. Collapse

Topics: net neutrality computer crime internet technology IT security criminality

Methods: experimental group natural experiment robustness check longitudinal research qualitative interview

Theories: economic theory

Discovering Emerging Threats in the Hacker Community: A Nonparametric Emerging Topic Detection Framework

2022 | Management Information Systems Quarterly | Citations: 0

Authors: Li, Weifeng; Chen, Hsinchun

Abstract: The prevalence and rapid growth of cybercrime are largely attributed to hacker c ... Expand

Abstract: The prevalence and rapid growth of cybercrime are largely attributed to hacker communities on the dark web, where cybercriminals extensively exchange hacking resources, share hacking knowledge, and organize cyberattacks. Such streams of hacker-generated content constitute an invaluable data source for developing threat intelligence that can inform organizations of cybersecurity risks and facilitate proactive cyber defense. Drawing upon the design science paradigm, we propose a novel nonparametric emerging topic detection (NPETD) framework for detecting emerging topics in streams of hacker-generated content. Our framework extends the state-of-the-art nonparametric topic model to inductively model topics without having to specify the number of topics a priori. Moreover, our framework features an efficient algorithm to jointly infer topics and detect topic emergence. We conducted experiments to rigorously evaluate the effectiveness and efficiency of our framework in comparison with the state-of-the-art baseline methods. Our framework outperformed the baseline methods in detecting the listings of emerging threats in darknet marketplaces on recall, F-measure, topic coherence, and processor time. The practical utility of our framework is further demonstrated in a major hacker forum, where we identified several notable emerging topics with important implications for victim companies and law enforcement. The proposed framework contributes to cybersecurity, topic detection and tracking, and design science. Collapse

Topics: darknet IT security denial of service attack malware Wikipedia

Methods: topic model computational algorithm machine learning experiment design science

A Test of Protection Motivation Theory in the Information Security Literature: A Meta-Analytic Structural Equation Modeling Approach

2022 | Journal of the Association for Information Systems | Citations: 0

Authors: Mou, Jian; Cohen, Jason; Bhattacherjee, Anol; Kim, Jongki

Abstract: Information security is one of the important domains of information systems res ... Expand

Abstract: Information security is one of the important domains of information systems research today, with protection motivation theory (PMT) one of its most influential theoretical lenses. However, empirical findings based on PMT are often inconsistent and inconclusive. To reconcile these inconsistent findings, we conducted a meta-analysis to investigate the relationships among PMT constructs while also considering additional contextual constructs that are not specified in PMT. Ninety-two published studies were meta-analyzed and estimated using structural equation modeling. Our results provide support for three of the five predictors of security motivation intention, as postulated by PMT, mixed support for perceived vulnerability, and no support for response cost. We found that coping appraisal variables of response efficacy and self-efficacy have the largest average effects on security behavior. In addition, cultural attributes of collectivism and individualism moderated some of the pairwise correlations, PMT-theoretic relationships were generally stronger in personal contexts than in workplace contexts, and the intention-behavior relationship was strongest in workplace and compliance settings. Our results contribute to the information security literature by providing guidance for future PMT-related research and by demonstrating how meta-analysis and structural equation modeling can be combined to test theories in information systems research. . His research interests include electronic commerce, human-computer interaction, trust, and risk issues in electronic services, and the dynamic nature of systems use. His research has appeared in journals such as focuses on dysfunctional consequences of social media, healthcare informatics, and algorithm bias. He served on the editorial board of MIS Quarterly for four years and served as a senior editor at Journal of the Association for Information Systems. He holds PhD and MBA degrees from the Collapse

Topics: data security self efficacy cybersecurity behavior malware social norm

Methods: meta analysis structural equation modeling descriptive statistic literature sample SEM tool

Theories: expectancy–value theory