Papers - Kentucky Cybersecurity And Forensics Conference (KCFC): Northern Kentucky University, Greater Cincinnati Region

KCFC 2024 Paper Submissions

The Kentucky Cybersecurity & Forensics Conference (KCFC) is an annual cybersecurity event held every year by one of the National Centers of the Academic Excellence i.e. the CAE institutions within Kentucky. It is a cybersecurity conference that is hosted annually by one of Kentucky’s higher education institutions that has earned the CAE designation through NSA accreditation. This year, the KCFC 2024 will be hosted in person by Northern Kentucky University (NKU) in Griffin Hall, the home of the College of Informatics. This cybersecurity focused conference offers a great platform and opportunity for discussions, presentations, exchange of ideas, dissemination of research work via papers & posters, scholarly publications, workshops and networking with peers from academics, government and industry for advancing cybersecurity education, collaborations and innovations.

The NKU College of Informatics is proud and honored to host this 2024 KCFC i.e. the annual Kentucky CAE Conference on Saturday, October 19. This conference will feature papers, posters, workshops, and presentations on a variety of cybersecurity topics.

Papers, short and full, which have been accepted to KCFC 2024 can be found in this page. Here, you can view paper presenters, paper titles, and paper abstracts. These papers will be published to Springer Nature and presented at KCFC 2024.

KCFC 2024 Accepted Papers

Full Papers (select to expand)

Title: Studying "Reflectacles" As An Anti-Surveillance Wearable Device: Adversarial Testing Plus Performance Analysis Using Three Facial Recognition Tools
Authors: Ryan Jackson (Undergrad Student, University of Wisconsin at Green Bay), Ankur Chatterjee (Faculty, Northern Kentucky University) and Bikash Acharya (Undergrad Student, Northern Kentucky University)

Abstract: While technological advances in public video surveillance technologies have helped in law enforcement, smart video surveillance technologies have led to human privacy invasion of law-abiding citizens. Sophisticated visual recognition techniques and tools are being used worldwide to monitor public places and analyze data from captured camera footage. Current state-of-the-art human facial recognition-based biometric tools are extensively used in public video surveillance as well as in consumer electronic products for user-authentication purposes. In an effort to counter the critical issue of human privacy invasion by surveillance applications, several “soft privacy” enhancing remedial solutions have been proposed by researchers, including the use of enhanced design of camera footage capturing techniques in surveillance cameras, such as post-processing of the camera images and videos. However, very few of these prior works have attempted to explore a “hard privacy” option, where surveilled subjects can utilize “anti-surveillance” technology in the form of specialized glasses or wearables to protect themselves from intrusive surveillance cameras. In this research paper, we study the capabilities of a wearable glasses product - “Reflectacles” as a potential “anti-surveillance” wearable device for individuals to explore a “hard privacy” offering option by resisting human facial recognition technologies amidst to-day’s widespread privacy-invading public surveillance systems. As part of our research, we discuss and explore the potential “anti-surveilling” effect of Reflectacles by pitting this device against three (3) current state of the art visual recognition tools - IBM Watson Visual Analytics, Microsoft Azure Facial Recognition, and AWS Amazon Rekognition. Our experimental study shows that Reflectacles can successfully resist and reduce the human facial recognition performance in these tools. We also demonstrate how an anti-surveillance wearable device, like Reflectacles, can be prospectively utilized as a potential means for adversarial testing plus performance analysis of facial recognition tools to critically evaluate these tools and compare their performances against surveillance-resisting wearable devices. Our proposed approach of adversarial assessment and performance testing of facial recognition technologies using Reflectacles as a "hard privacy" offering anti-surveillance wearable device, is a fresh, non-traditional initiative. To the best of our knowledge, our work is the first ever research study involving the Reflectacles device as wearable glasses.

Title: User Awareness of Cybersecurity Risks with ChatGPT's New “Memory" Feature: A Knowledge-Attitude-Behavior Analysis
Authors: Nicholas Caporusso (Faculty, Northern Kentucky University), Nazmus Sadat (Faculty, Northern Kentucky University) and My Doan (Undergrad Student, Northern Kentucky University)

Abstract: Recently, OpenAI introduced a new feature called "memory''. This functionality enables ChatGPT to automatically extract and store relevant user information from conversations, to generate more personalized and relevant responses. However, several dynamics of this new functionality raise numerous concerns about potential cybersecurity risks for the user. This paper reports the results of a study that investigated users' familiarity with how ChatGPT’s new "memory'' feature functions, their attitudes toward its privacy implications, and their subsequent behavior in response to perceived risks. To this end, the Knowledge-Attitude-Behavior (KAB) model was utilized to design a questionnaire that was primarily distributed to Computer Science students. Findings from 119 responses reveal that while some users are aware of the feature, many are either unaware or uncertain of its operation, particularly regarding its data extraction, storage, and management policies. This research highlights the need for increased transparency and user control over memory features in ChatGPT and Large Language Models, emphasizing privacy and security concerns.

Title: A Survey Study Of Cloud Security and Privacy With A Focus On GDPR-Compliant SPICE Solutions
Authors: Nika Asatiani (Graduate Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: Since cloud computing allows information to be stored remotely, it has significantly transformed the way people store and access data. Due to cloud computing internet users can store, quickly download, and interact with their applications or documents over the internet. Cloud infrastructure also allows people to access their data without worrying about having access to storage devices. However, when data is archived in the cloud, it introduces various security and privacy challenges. This survey study investigates security solutions to tackle this issue. It mainly focuses on the following solution - the Simple Privacy-preserving Identity-management for the cloud environment (SPICE). This paper reviews existing literature and identifies four critical cybersecurity domains (P-IM-DI-AC), or four focus areas related to security and privacy issues in cloud computing, that include privacy (P), identity management (IM), data integrity (DI), and access control (AC). Threats, such as data loss and identity theft, highlight the importance of privacy. As part of this survey study, we explore solutions to these issues such as BlindIDM, Cisco Secure Data Center Framework, and SPICE, and we find that SPICE is superior in privacy, identity management, and access control compared to other solutions. As cloud security advances, it is important to implement privacy measures for fostering trust and service adoption. For these reasons, it is essential to integrate powerful and reliable solutions, which are compliant with General Data Protection Regulation (GDPR) in the growing cloud computing environment in order to ensure responsible and lawful data protection practices in cloud computing. GDPR compliant solutions in this context ensure accountability, transparency, and protection of individual rights through responsible and privacy-preserving data handling. In this paper, we also review existing literature on GDPR compliant SPICE based cloud security solutions, and identify three distinct theme elements namely - security & privacy issues (like P-IM-DI-AC), corresponding solutions, and GDPR compliance. We organize and map the surveyed literature using these three identified theme elements. To our knowledge, this survey study is unique because of its focus on GDPR compliant SPICE based cloud security solutions. According to the best of our knowledge, this survey study is a first of its kind effort to analyze the SPICE system's alignment with GDPR requirements. Additionally, this paper presents a list of future directions, including a set of open research questions related to the advancement of cloud security research, as part of the concluding summary.

Title: Protecting Data-At-Rest In The Cloud: A Data Privacy Centered Evaluation Study
Authors: Olivia Long (Graduate Student, Northern Kentucky University), Brianna DeAmicis (Undergrad Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: As more businesses move to the cloud, it is imperative that proper controls are in place to protect user data. Cloud vendors offer an assortment of capabilities to protect data-at-rest. Given the number of cloud data breaches in re-cent years typically due to misconfigurations, the effectiveness of these con-trols is an important research focus area. Existing literature indicates that there have been survey studies on cloud based data security issues plus their solutions. However, to our knowledge, there have been limited data privacy focused evaluations of the available tech solutions in this context, and very few research studies on the efficacy of Amazon Web Services (AWS) and Microsoft Azure tools in this context. In this paper, we perform a unique study that examines the native AWS and Azure capabilities, and that analyzes their effectiveness. We evaluate the performances of Azure Purview and AWS Macie, as well compare our findings to determine which solution is more effective with respect to data privacy.

Title: A Survey Study Of Data Privacy & Security In IoT Systems Driven By Voice Controlled Devices
Authors: Param Adhikari (Graduate Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: Out of many platforms on the Internet of Things (IoT), Amazon stands out being one of the oldest and continuously evolving companies which not only makes the devices with its software but also allows other IoT devices to be linked in its platform to create an interconnected device experience. The re-search is on a study on how voice assistant devices like Amazon, Google, and Apple are keeping up with data privacy concerning U.S. laws in the so-phistication of current technology and the inter-relatedness of IoT devices that are even capable of generating analytics with audio-visual surveillance. As part of this survey study, we have reviewed existing research literature on privacy issues in each layer of Alexa’s ecosystem with IoT, as well as exist-ing works on the tradeoffs between security, privacy, and utility. We discuss IoT risks in a scenario where trusted and untrusted devices are in the same network. We also propose a privacy and security-focused network connection setup to minimize privacy risks. We identify several Privacy Enhancing Techniques (PETs) used in voice-controlled devices and list them along with discussions on the latest developments and emerging innovations in the field. Accountability issues in data breaches due to privacy compromises have been discussed in context of current USA laws and we include learnings from the General Data Protection Regulation (GDPR) of European Un-ion (EU) to address valid privacy concerns for USA citizens. Based upon our findings from this study, we organize our reviewed literature in multiple content maps, which are driven by the privacy, security plus utility themes, and the different IoT layers. To the best of our knowledge, this detailed sur-vey study brings to light some fresh perspectives on this topic, and contributes multiple uniquely novel taxonomy layers, that present the reviewed literature in new lens, which makes this work distinct from other existing re-search on this focus area.

Title: ETBR - A Unique Unplugged CTF: A Case Study
Authors: Benjamin Acuff (Undergrad Student, Northern Kentucky University), Meghyn Winslow (Undergrad Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: ETBR (Escape The Breakout Room) is a unique, beginner's level Capture The Flag (CTF) game with riddle-based challenges on various cybersecurity topics. The game is driven by an adventure story-based escape room format. Existing literature indicates that traditional CTFs pose challenges for begin-ners with no cybersecurity background. The novelty of ETBR lies in its non-traditional design as an unplugged CTF with an adventure scenario-driven script, encouraging participants to solve cybersecurity-related riddles. ETBR targets beginner-level learners at the K-12 level, fostering teamwork, explora-tive research, cybersecurity problem-solving, and riddle-cracking skills. ETBR is unique because it combines escape room style, riddle-based chal-lenges and story-driven elements for beginners. As part of this paper, we have presented a review of existing literature on previous research studies involving escape room games in cyber education. This review of prior cyber-security educational research work indicates that there is limited work on es-cape room-style unplugged CTF games, and even fewer riddle-based, adven-ture story-driven CTF scripts for beginners, like K-12 students. Since 2020, we have used ETBR for engaging many high school participants as part of our virtual outreach workshops, remote cybersecurity introductory sessions, virtual summer camps, and distance learning events, aiming to introduce CTFs and basic cyber concepts in an exciting and user friendly, but competi-tive way. Our research includes a participant assessment study analyzing quantitative and qualitative data collected through survey responses from high school community members, who have played the ETR game. Results indicate our unique ETBR driven experiential learning approach successfully engaged both high school students and teachers, fostering a positive learning experience, cybersecurity awareness, and overall interest in cybersecurity topics.

Title: Analyzing Cybersecurity Vulnerabilities in K-12 School Districts: A Study of Targeted Attacks and Contributing Factors
Author: John Gates (Graduate Student, Northern Kentucky University)

Abstract: Cyberattacks on K-12 schools have surged, compromising sensitive data and disrupting operations. This study examines factors contributing to the vulnerability of K-12 schools to cyberattacks, focusing on location, enrollment, and wealth. Using data from 10,349 U.S. unified school districts and 198 reported cyber incidents (2020–2023), logistic regression and correlation analyses identified urbanization as the strongest predictor of cyberattacks. Urban districts face significantly higher risks, with the likelihood of attack doubling at each level of increased urbanization. These findings emphasize the need for targeted cybersecurity measures in urban districts and call for improved reporting mechanisms to accurately assess cyber threats in education.

Short Papers (select to expand)

Title: Understanding Psybersecurity Attacks and The Threat Of Human Mind Hacks: A Novel Gap Analysis Study
Authors: William Vestring (Undergrad Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: Psybersecurity is an emerging area within the realm of cybersecurity, that investigates safeguarding the human mind from attacks, plus threats and deals with the human aspects of technology, including the relationship of psychology with technology, as well as the use, benefits, consequences, plus overall impacts on the human mind. Unlike traditional cybersecurity, psybersecurity looks at the human mind as the potential attack surface and involves developing ways to protect the human mind from the possible hacks, or searching for avenues to limit the impact of a cyberattack on the human mind. It includes understanding different aspects or elements tied to the human mind, such as a person’s mood, behaviors, emotions, perceptions, opinions, decision making, views, and overall cognition. Existing literature shows a few survey studies on this relatively new topic, that include reviews of previous works related to this area of work. However, none of the prior research has analyzed the prospective types of psybersecurity attacks, and how cognitive hacking is connected to this subject matter. To our knowledge, this paper is the first to address these gaps by studying the different kinds of psybersecurity attacks, and by reviewing cognitive hacking under the umbrella of psybersecurity attacks. According to the best of our knowledge, previous works on this topic have also not studied the potential threat elements associated with psybersecurity attacks, and whether the existing threat modeling approaches can be used to investigate the psybersecurity threats. To our knowledge, this paper is also the first of its kind to study psybersecurity threats and if they can fit into the popular cybersecurity threat models. Overall, this paper is a novel gap analysis study into the field of psybersecurity, that explores the different kinds of psybersecurity attacks, including the types of threats they encompass, and looks into the possibility of employing existing cybersecurity threat modeling approaches for psybersecurity studies. We also share new insights along with recommendations in this context for addressing psybersecurity threats, and share future scope of work on this topic plus new research questions that are open for answering.

Title: AI As A Catalyst for Data Security in INGOs: A Novel Preliminary Case Study
Authors: Ana Latsabidze (Graduate Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: As International Non-Governmental Organizations (INGOs) increasingly lev-erage digital technologies to enhance their global operations, they face esca-lating data security challenges. This paper investigates how artificial intelli-gence (AI) can act as a transformative force in enhancing data security with-in INGOs. AI-driven solutions offer advanced threat detection, data protec-tion, and real-time responses to cyber threats, significantly mitigating risks in complex operational environments. Despite these benefits, the integration of AI poses substantial challenges, including a lack of expertise, difficulties in deployment, and regulatory constraints, particularly under evolving frame-works like the EU’s AI Act and GDPR. By addressing these barriers, INGOs can fully harness AI to protect sensitive data, improve operational efficien-cy, and maintain compliance with international regulations. We perform a novel preliminary case study on this issue by exploring the current state of AI adoption in INGOs, highlighting key obstacles. As part of this research study, we conducted interviews with twelve employees in various roles, in-cluding program and project officers, senior managers, communications managers, monitoring and results managers, as well as knowledge and learn-ing managers, across multiple INGOs. We present the initial data we obtained from these interviews and analyze these data as part of the results reported in this paper. Through our research findings, we propose strategic pathways for effective and ethical AI integration, ensuring INGOs can meet both their op-erational and humanitarian goals securely. To our knowledge, this preliminary work is the first of its kind research study addressing this topic area.

Title: A Data-Driven Analysis of Cybersecurity Job Market Trends
Authors: Gaurab Baral (Undergrad Student, Northern Kentucky University) and Junxiu Zhou (Faculty, Northern Kentucky University)

Abstract: In today's rapidly evolving digital landscape, the growing cybersecurity threat has led to an increased demand for skilled cybersecurity profession-als. However, there is a significant gap between the supply of qualified per-sonnel and the growing needs of organizations to protect their digital assets. To better understand this cybersecurity skills gap and its implications for the job market, we conducted an in-depth analysis of current trends using data from a popular job listing platform. We analyzed 759 unique job list-ings, focusing on salary distributions, geographic locations, required skills, and qualifications. Our findings reveal an average salary of $124,433, with significant job opportunities concentrated on the East Coast, particularly in Virginia. By applying Latent Dirichlet Allocation (LDA) for topic model-ing, we identified key terms in job descriptions such as information securi-ty, incident response, and risk management. These keywords were then used to categorize job descriptions across different roles. This research offers valuable insights for job seekers, employers, and educators in the fast-evolving cybersecurity landscape.

Title: CoVCues: A Trustworthy Resource Amidst The COVID Infodemic
Authors: Shreetika Poudel (Undergrad Student, Northern Kentucky University), Sarah Ogden (Undergrad Student, Northern Kentucky University), Nahom Beyene (Undergrad Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: The COVID-19 pandemic led to an increase in online health misinformation, which, to a significant extent, has impacted the public's confidence and trust in online healthcare information. The World Health Organization (WHO) has termed this issue as the COVID infodemic. In an effort to address this COVID 'infodemic', various datasets have been developed to facilitate the detection of misinformation. However, most of these datasets are limited to primarily unimodal data, which consists mainly of textual cues, and lack visual cues, such as images, infographics, and other graphic data components. Existing literature indicates that there are a few multimodal datasets to aid with COVID misinformation identification, but none of these have an organized, processed and analyzed repository of image artifacts in the form of visual cues. To address this gap, we introduce the novel CoVCues dataset, which contains various image artifacts and emphasizes the importance of visual cues for the detection of online health misinformation. CoVCues is a uniquely new framework that leverages categorization, sub-categorization of images from publicly available data, and AI models to explore the capability of visual content in enhancing misinformation detection. In order to demonstrate that CoVCues aids in establishing information assurance by fostering trust, we apply computer vision based machine learning (ML) techniques to find pattern recognition elements, such as identified faces, and image coherence plus authenticity, which can be connected directly to well-known trust antecedents. Through this applied trust analysis process, we make a strong case of information reliability for the trustworthiness of the CoVCues image dataset. Overall, our CoVCues dataset introduces a novel image-centric approach to empower misinformation detection accuracy and represents a valuable resource for both researchers and professionals in fighting against the COVID infodemic. CoVCues is a uniquely exclusive image artifacts collection to help extend the value of the multimodal datasets in this context and could open new avenues of future research and development on this topic area. It highlights how visual cues can increasingly play a pivotal role in online health misinformation recognition, facilitating the development of more effective and robust detection methods for COVID related infodemic crises. Additionally, to our knowledge, our approach of organization, classification and mapping of the collected CoVCues image artifacts to critical trust factors using computer vision driven ML methods, as described in this paper, is novel and has no precedence.

Title: TAI In Cyber Education: A Preliminary Survey Study Of Hands-On Learning Approaches and A Gap Analysis
Authors: Rohan Karki (Undergrad Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: As the requirement for building trustworthy artificial intelligence (TAI) technologies rises with AI increasingly becoming part of the regular organizational work within various fields, including the cybersecurity workforce, the need for educating students, especially the ones, who are training to be come the next generation cybersecurity workers, on Trustworthy AI (TAI) topics is more critical than ever. However, currently TAI education within cyber educational curricula and other educational disciplines largely lacks hands-on learning approaches that effectively teach and demonstrate the key TAI principles and concepts, such as safety & security, data privacy, accountability, transparency, and robustness, along with user risk assessment for AI systems. This paper conducts a preliminary survey study in this context and performs an analysis of these gaps by reviewing existing literature on hands-on learning studies involving TAI education. It then proposes a few nifty hands-on learning based experiential training methodologies to help address these gaps for improving TAI education to benefits students in cybersecurity and other disciplines. As part of our study, our review of current research literature and educational practices indicates that there is substantial scope of innovation and improvement when it comes to integrating practical hands-on learning driven applied training approaches into TAI teaching. This study highlights the importance of bridging the gap between theory and practice in TAI education, and suggests further research plus curriculum development to create more effective and engaging learning resources for TAI. Some of the unique contributions of this initial survey study and gap analysis report are identifications of three distinct themes, based upon the reviewed literature, and a content map of the most relevant literature citations to these themes. To our knowledge, this study is a first of its kind effort on this particular topic.

Title: Semi-Supervised Outlier Detection for Anomaly Detection in Industrial Control Systems
Author: Monju Tanakajima (Undergrad Student, Northern Kentucky University)

Abstract: This project addresses the vulnerabilities of Industrial Control Systems (ICS) to cyber threats, particularly in the context of the Internet-of-Things (IoT) technologies that have made networked sensors and actuators pervasive in these systems. Programmable Logic Controllers (PLCs), which are integral to automating ICS processes, are especially targeted by malicious activities. Attacks on PLCs can lead to severe consequences, including irreparable damage and, in extreme cases, loss of life. By applying semi-supervised anomaly detection techniques, this project aims to identify effective models for detecting anomalies using the Secure Water Treatment (SWaT) dataset. The goal is to evaluate and determine which anomaly detection models are most proficient at identifying potential threats in ICS environments.

Title: Impact Of Online Advertising On User Privacy: A Preliminary Survey Study
Authors: Jason Beetz (Graduate Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: Modern advertising employs many technical elements to track the data and activities of online users. This survey study reviews existing research literature to understand the impact of current advertising approaches on user privacy. As part of our findings, we identify five (5) of the most common approaches/mechanisms by which online advertisements track users and impact their privacy. We also present a map of how our reviewed literature is connected to these identified ad mechanisms. We also investigate how the impact of these online advertising ties into overall privacy expectations of online consumers, and whether this impact is detrimental to creating robust privacy expectations. Additionally, we discuss the technical mitigations that could be employed to preserve user privacy in this context, and we list some future research directions plus some open research questions. To the best of our knowledge, this preliminary survey study brings to light some unique perspectives on this topic, and this makes this work distinct from other existing research on this focus area.

Title: AI Topics In GRC Based Cybersecurity Education: A Preliminary Gap Analysis Study
Authors: Logan Witwer (Undergrad Student, Northern Kentucky University) and Ankur Chatterjee (Faculty, Northern Kentucky University)

Abstract: With the current emphasis and significance imposed by the United States (US) Congress on preparing the next generation cybersecurity workforce with cybersecurity and artificial intelligence intersection (Cyber AI) topics based knowledge, the NSA is in the process of launching an AI in Cybersecurity pilot program of accreditation for US based higher educational institutions. It is in this context that we perform a preliminary study to review the preparedness of the US higher education industry in terms of offering or teaching Cyber AI topics related to the Governance Risk Compliance (GRC) knowledge area, which is an integral and critical part of today’s higher ed cybersecurity educational curricula. As part of our gap analysis driven re-search study, we reviewed several popular risk assessment/risk management textbooks, which cover GRC topics, and which are used as textbooks for the GRC focused cybersecurity courses across different cybersecurity educational programs in many US based higher education institutions. We analyzed these GRC topics based textbooks to see and check if they cover the relevant Cyber AI topics, which specifically fall under the GRC focus area. In this paper, we present the findings from our initial review and these findings are crucial in highlighting the gap in coverage of Cyber AI topics when it comes to class textbooks adopted within the current US higher ed education system. In the overall scheme of things, we envision that this gap analysis study will help serve as a reference point in advocating for inclusion of Cyber AI topics within the standard cybersecurity educational program curricula, including textbooks, across the US higher ed institutions, thereby contributing to a more comprehensive, holistic and enhanced cybersecurity education, that is in alignment with the recent Cyber AI topics related educational focus, emphasis and recommendations made by the US Congress and NSA. To our knowledge, this gap analysis study is the first of its kind novel research effort on this topic.

For any and all other information regarding the Kentucky Cybersecurity & Forensics Conference (KCFC) hosted by Northern Kentucky University, please refer to https://www.nku.edu/academics/informatics/centers/cis/kcfc.html.

For any questions regarding the Kentucky Cybersecurity & Forensics Conference (KCFC) hosted by Northern Kentucky University, please contact Dr. Ankur Chatterjee at chattopada1@nku.edu.

Papers - Kentucky Cybersecurity And Forensics Conference (KCFC)

KCFC 2024 Paper Submissions

KCFC 2024 Accepted Papers

NKU uses cookies on this website