Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1066
A Hybrid Real-time Zero-day Attack Detection and Analysis System
Статья научная
A zero-day attack poses a serious threat to the Internet security as it exploits zero-day vulnerabilities in the computer systems. Attackers take advantage of the unknown nature of zero-day exploits and use them in conjunction with highly sophisticated and targeted attacks to achieve stealthiness with respect to standard intrusion detection techniques. Thus, it's difficult to defend against such attacks. Present research exhibits various issues and is not able to provide complete solution for the detection and analysis of zero-day attacks. This paper presents a novel hybrid system that integrates anomaly, behavior and signature based techniques for detecting and analyzing zero-day attacks in real-time. It has layered and modular design which helps to achieve high performance, flexibility and scalability. The system is implemented and evaluated against various standard metrics like True Positive Rate (TPR), False Positive Rate (FPR), F-Measure, Total Accuracy (ACC) and Receiver Operating Characteristic (ROC) curve. The result shows high detection rate with nearly zero false positives. Additionally, the proposed system is compared with Honeynet system.
Бесплатно
A Learnable Anomaly Detection System using Attributional Rules
Статья научная
The continuous changing networks introduce new attacks, which represent an explicit problem that affects the security of enterprise resources. Thus, there is a real need to build up intelligent intrusion detection systems that can learn from the network behavior. In this paper, a learnable anomaly intrusion detection system based on attributional rules is presented. The proposed model is chosen with the advantages of being expressive, flexible and can operate in noisy and inconsistent environments. The system is a real-time intrusion detector that utilizes incremental supervised machine learning technique. Such technique makes use of the Algorithm Quasi-optimal (AQ) which is based on attributional calculus. Here, an Algorithm Quasi-optimal for Intrusion Detection System (AQ4IDS) is exploited and implemented using attributional rules to discriminate between normal and anomalous network traffic. The behavior of AQ4IDS is tested, and to illustrate its superiority. The experimental results showed that, the model automatically accommodates new rules from continuous network stream. Many experiments have verified the fact that AQ4IDS can efficiently discriminate between normal and anomalous network traffic, in addition to offering the advantage of detecting novel and zero day attacks.
Бесплатно
A Light-weight Symmetric Encryption Algorithm Based on Feistel Cryptosystem Structure
Статья научная
WSNs is usually deployed in opening wireless environment, its data is easy to be intercepted by attackers. It is necessary to adopt some encryption measurements to protect data of WSNs. But the battery capacity, CPU performance and RAM capacity of WSNs sensors are all limited, the complex encryption algorithm is not fitted for them. The paper proposed a light-level symmetrical encryption algorithm: LWSEA, which adopt minor encryption rounds, shorter data packet and simplified scrambling function. So the calculation cost of LWSEA is very low. We also adopt longer-bit Key and circular interpolation method to produce Child-Key, which raised the security of LWSEA. The experiments demonstrate that the LWSEA possess better "avalanche effect" and data confusion degree, furthermore, its calculation speed is far faster than DES, but its resource cost is very low. Those excellent performances make LWSEA is much suited for resource-restrained WSNs.
Бесплатно
A Link Quality Based Dispersity Routing Algorithm for Mobile Ad Hoc Networks
Статья научная
Multipath routing mechanisms have been preferred over single path routing to provide parallel fail safe paths and to maximize throughput. Applying traditional shortest path metric for multipath route selection leads to traffic concentration at some nodes resulting in congestion, thereby causing performance degradation . Interference caused due to neighbouring node traffic is another factor that further limit its performance gains. Towards this, to ease out congestion and improve network resource utilization we devise a load balancing strategy that splits the load among multiple paths according to link quality. Link quality metric is formulated considering the current load condition , traffic interference and energy of the intermediate nodes. To study the effectiveness of the proposed load distribution method we compare it with another load balancing strategy that forwards traffic along one path ,found using our link quality metric and which switches over to alternate best path on route failure. Simulation results conducted show that proposed load splitting strategy is able to achieve improvement in performance in terms of reduced latency and improved throughput. Network Life time is also improved.
Бесплатно
Статья научная
Developing mathematical models for reliable approximation of epidemic spread on a network is a challenging task, which becomes even more difficult when a wireless network is considered, because there are a number of inherent physical properties and processes which are apparently invisible. The aim of this paper is to explore the impact of several abstract features including trust, selfishness and collaborative behavior on the course of a network epidemic, especially when considered in the context of a wireless network. A five-component differential epidemic model has been proposed in this work. The model also includes a latency period, with a possibility of switching epidemic behavior. Bilinear incidence has been considered for the epidemic contacts. An analysis of the long term behavior of the system reveals the possibility of an endemic equilibrium point, in addition to an infection-free equilibrium. The paper characterizes the endemic equilibrium in terms of its existence conditions. The system is also seen to have an epidemic threshold which marks a well-defined boundary between the two long-term epidemic states. An expression for this threshold is derived and stability conditions for the equilibrium points are also established in terms of this threshold. Numerical simulations have further been used to show the behavior of the system using four different experimental set-ups. The paper concludes with some interesting results which can help in establishing an interface between epidemic spread and collaborative behavior in wireless networks.
Бесплатно
A Method for Verifiable Secret Image Sharing
Статья научная
Secret Image Sharing using Verifiable method has become an important field in cryptography in today's world. Security is of main concern and verifiability has become a demand of this era in order to avoid cheating prevention and a new scheme of secret image sharing scheme for identification of the presence of cheater is has been analyzed and described. A method for ensuring integrity of secret image prior to its recovery is proposed. An secret image and verification image are used to create shares by ARGB to CMYK conversions which are sent via cover image for transmission. The shares created are meaningful therefore this method is able of identifying whether cheater exists or not in order to preserve the integrity of the image.
Бесплатно
A Method of Hash Join in the DAS Model
Статья научная
In the Database As Service(DAS) model, authenticated join processing is more difficult than authenticated range query because the previous approach of authenticated range query, signature on a single relation, can not be used to verify join results directly. In this paper, an authenticated hash join processing algorithm is described in detail, which can take full advantage of database service since most of work is pushed to database service provider. We analyze the performance with respect to cost factors, such as communication cost, server-side cost and client-side cost. Finally, results of experiments validating our approach are also presented.
Бесплатно
A Model for Detecting Tor Encrypted Traffic using Supervised Machine Learning
Статья научная
Tor is the low-latency anonymity tool and one of the prevalent used open source anonymity tools for anonymizing TCP traffic on the Internet used by around 500,000 people every day. Tor protects user's privacy against surveillance and censorship by making it extremely difficult for an observer to correlate visited websites in the Internet with the real physical-world identity. Tor accomplished that by ensuring adequate protection of Tor traffic against traffic analysis and feature extraction techniques. Further, Tor ensures anti-website fingerprinting by implementing different defences like TLS encryption, padding, and packet relaying. However, in this paper, an analysis has been performed against Tor from a local observer in order to bypass Tor protections; the method consists of a feature extraction from a local network dataset. Analysis shows that it's still possible for a local observer to fingerprint top monitored sites on Alexa and Tor traffic can be classified amongst other HTTPS traffic in the network despite the use of Tor's protections. In the experiment, several supervised machine-learning algorithms have been employed. The attack assumes a local observer sitting on a local network fingerprinting top 100 sites on Alexa; results gave an improvement amongst previous results by achieving an accuracy of 99.64% and 0.01% false positive.
Бесплатно
A Model of Workflow-oriented Attributed Based Access Control
Статья научная
The emergence of “Internet of Things” breaks previous traditional thinking, which integrates physical infrastructure and network infrastructure into unified infrastructure. There will be a lot of resources or information in IoT, so computing and processing of information is the core supporting of IoT. In this paper, we introduce “Service-Oriented Computing” to solve the problem where each device can offer its functionality as standard services. Here we mainly discuss the access control issue of service-oriented computing in Internet of Things. This paper puts forward a model of Workflow-oriented Attributed Based Access Control (WABAC), and design an access control framework based on WABAC model. The model grants permissions to subjects according to subject atttribute, resource attribute, environment attribute and current task, meeting access control request of SOC. Using the approach presented can effectively enhance the access control security for SOC applications, and prevent the abuse of subject permissions.
Бесплатно
A Modern Mechanism for Formal Analysis of Biometric Authentication Security Protocol
Статья научная
A Biometric Authentication Security (BAS) protocol is a method by which a person's unique physiological or behavioral characteristics are used to verify their identity. These characteristics can include fingerprints, facial features, voice patterns, and more. Biometric authentication has become increasingly popular in recent years due to its convenience and perceived security benefits. However, ensuring that the BAS protocols are secure and cannot be easily compromised. . Developing a highly secure biometric authentication protocol is challenging, and proving its correctness is another challenge. In this work, we present a modern mechanism for formally analyzing biometric authentication security protocol by taking a Aadhaar Level-0 Iris-based Authentication Protocol as a use case. The mechanism uses formal methods to formally verify the security of the Aadhaar Level-0 Iris-based Authentication protocol, and is based on the widely-used BAN logic (Buruccu, Abadi, and Needham). Using Scyther model checker we analyze the existing biometric authentication protocol and have shown its effectiveness in identifying potential security vulnerabilities. The proposed mechanism is based on a set of security requirements that must be met for the protocol to be considered secure. These requirements include the need for the protocol to be resistant to replay attacks, man-in-the-middle attacks, and impersonation attacks. The mechanism also considers the possibility of an attacker obtaining the biometric data of a legitimate user.
Бесплатно
A Modified Hill Cipher using Randomized Approach
Статья научная
In Hill Cipher, the plain text is divided into equal sized blocks. The blocks are encrypted one at a time. Cipher text only Crypto analysis of Hill Cipher is difficult. But it is susceptible to known plain text attack. In this work, Hill Cipher is improvised to make it more secure. The output of hill cipher is randomized to generate multiple cipher texts for one plain text. Any one cipher text is used for transmission of data. This approach thwarts any known plain text attacks and also chosen cipher text attacks.
Бесплатно
Статья научная
The analysis and grading of software vulnerabilities is an important process that is done manually by experts today. For this reason, there are time delays, human errors, and excessive costs involved with the process. The final result of these software vulnerability reports created by experts is the calculation of a severity score and a severity rating. The severity rating is the first and foremost value of the software’s vulnerability. The vulnerabilities that can be exploited are only 20% of the total vulnerabilities. The vast majority of exploitations take place within the first two weeks. It is therefore imperative to determine the severity rating without time delays. Our proposed model uses statistical methods and deep learning-based word embedding methods from natural language processing techniques, and machine learning algorithms that perform multi-class classification. Bag of Words, Term Frequency Inverse Document Frequency and Ngram methods, which are statistical methods, were used for feature extraction. Word2Vec, Doc2Vec and Fasttext algorithms are included in the study for deep learning based Word embedding. In the classification stage, Naive Bayes, Decision Tree, K-Nearest Neighbors, Multi-Layer Perceptron, and Random Forest algorithms that can make multi-class classification were preferred. With this aspect, our model proposes a hybrid method. The database used is open to the public and is the most reliable data set in the field. The results obtained in our study are quite promising. By helping experts in this field, procedures will speed up. In addition, our study is one of the first studies containing the latest version of the data size and scoring systems it covers.
Бесплатно
Статья научная
For monitoring burst events in a kind of reactive wireless sensor networks (WSNs), a multipath routing protocol (MRP) based on dynamic clustering and ant colony optimization (ACO) is proposed.. Such an approach can maximize the network lifetime and reduce the energy consumption. An important attribute of WSNs is its limited power supply, and therefore in MRP, some metrics (such as energy consumption of communication among nodes, residual energy, path length) are considered as very important criteria while designing routing. Firstly, a cluster head (CH) is selected among nodes located in the event area according to some parameters, such as residual energy. Secondly, an improved ACO algorithm is applied in search for multiple paths between the CH and sink node. Finally, the CH dynamically chooses a route to transmit data with a probability that depends on many path metrics, such as energy consumption. The simulation results show that MRP can prolong the network lifetime, as well as balance energy consumption among nodes and reduce the average energy consumption effectively.
Бесплатно
A New 512 Bit Cipher for Secure Communication
Статья научная
The internet today is being used by millions of users for a large variety of commercial and non commercial purposes. It is controlled by different entities. It is mainly used as an efficient means for communication, entertainment and education. With the rapid growth of internet, there is a need for protecting confidential data. The Internet was however originally designed for research and educational purpose, not for commercial applications.So internet was not designed with security in mind. As the internet grows the existing security framework was not adequate for modern day applications. Cryptography play a vital role in providing security.Lot of research is going on block cipher algorithms. In this paper we present a new 512 bit block cipher named SF Block cipher. The proposed cipher is developed based on design principle known as Substitution permutation network (SP Network). The algorithm is implemented in .NET Framework and MATLAB. Cryptanalysis is carried out in the encrypted file. It was found that the encrypted file with this algorithm is difficult to break.Simulation results shows that the proposed Block cipher has better performance over other algorithms such as AES and Blowfish
Бесплатно
A New Approach for Multicast Routing in Wireless Mesh Networks
Статья научная
This paper focuses on the multicast routing in wireless mesh networks under the 802.11s standard. This standard defines the HWMP (hybrid mesh network protocol) as the protocol of the routing but only unicast and broadcast. Such the standard defines the multicast routing as a goal among several and that the HWMP don't handle multicast messages, this reason motivates us to think about a solution to make the HWMP able to handle multicast routing. We try to resolve the problem by using the bases of MAODV (Multicast Ad-hoc on-demand Distance Vector) protocol for the reason that the HWMP is inspired from AODV (Ad-hoc On-demand Distance Vector) and the MAODV is just an extension of the AODV. The result shows that the scalability of the routing using different number of nodes in the network is excellent. For the mobility it can be agreed since the routers in mesh topology is almost static. Whereas, the rate of message control generated is still very high. In all, the HWMP become able to handle up the multicast messages.
Бесплатно
Статья научная
Internet and Communication Technologies operates widely in a multi-server environment. Authentication is one of a primary concern in multi-server environment. There are so many remote user authentication schemes using smart cards that operate in multi-server environment. But there are some authentication bottlenecks that these schemes suffer from. We have analyzed some schemes on the grounds of some specific security requirements and goals. In this paper, we propose a scheme that integrates key exchange and session key agreement in one phase and also supports traceability feature and resists denial of service attack.
Бесплатно
A New Classification Scheme for Intrusion Detection Systems
Статья научная
In today’s world, overall global mostly depend on technologies for their information storage and transactions. But this frequent use of online technologies make the data stored exposed to the risk of attacks towards the data in the form of intrusion. In order to save our data from these attacks, the researchers had implemented a concept called intrusion detection system, with the help of detection technology the users can prevent their critical data from different kind of attacks. As we know that there are lots of intrusion detection system in market which are either open source and some of them are commercial. Although the number is very high but there is no such classification available in research literature which will help user or security professionals. In this paper we will present a good and elaborated classification based on various parameters which will help the researchers and security professional to understand the category. The paper will also provide a brief detail of those categories which will give idea of representing the intrusion detection techniques.
Бесплатно
A New Distributed and Power-Efficient Topology Control Algorithm for Wireless Ad-Hoc Networks
Статья научная
To guarantee the performance of ad hoc networks, utilizing a hierarchical architecture model is necessary. An instance of this structure is clustering. In this paper a cluster-based topology control algorithm is proposed which builds an energy-efficient and a low interference topology. It uses low-quality information, exchanges a few messages, and does not need for extra hardware equipment as well. It is also suitable for practical use, because in the implementation of this algorithm is not needed to know the location or the direction information of the network nodes. So it is possible to classify this algorithm as a neighbor-based topology control algorithm. In addition, for the transmitting and the maintained power levels of each node, a modification is applied according to the real hardware platforms. It improves the energy consumption in the ideal conditions.
Бесплатно
A New Hybrid Encryption Approach for Secure Communication: GenComPass
Статья научная
When looking at the daily life flow and working sectors, it is seen that almost all work and transactions are carried out electronically. It performs many data streams in the electronic transactions performed. The importance of information security is exactly at this point. To ensure the security of the data, the journey of the data between the sender and the receiver is encrypted. In this study, a hybrid application that creates encrypted text using genetic algorithm and particle swarm algorithm has been developed. In the first step of the study, two separate keys were generated to encode the message using the genetic algorithm and particle swarm algorithm. Shannon Entropy method was used as a fitness function in both algorithms. The message was encrypted with the genetic algorithm method by choosing the key that obtained the best result from the compliance function. The encrypted message was decoded by applying a reverse genetic algorithm to the recipient. The encryptions made using the generated key were measured and the results of the AES algorithm were compared. In the proposed model, successful performances were obtained as the maximum switching space and encryption time for encryption. As a result, the proposed application offers an alternative method of data encryption and decryption that can be used for message transmission.
Бесплатно
A New Model for Intrusion Detection based on Reduced Error Pruning Technique
Статья научная
The increasing counterfeit of the internet usage has raised concerns of the security agencies to work very hard in order to diminish the presence of the abnormal users from the web. The motive of these illicit users (called intruders) is to harm the system or the network either by gaining access to the system or prohibiting genuine users to access the resources. Hence in order to tackle the abnormalities Intrusion Detection System (IDS) with Data Mining has evolved as the most demanding approach. On the one end IDS aims to detect the intrusions by monitoring a given environment while on the other end Data Mining allows mining of these intrusions hidden among genuine users. In this regard, IDS with Data Mining has been through several revisions in consideration to meet the current requirements with efficient detection of intrusions. Also several models have been proposed for enhancing the system performance. In context to improved performance, the paper presents a new model for intrusion detection. This improved model, named as REP (Reduced Error Pruning) based Intrusion Detection Model results in higher accuracy along with the increased number of correctly classified instances.
Бесплатно
