Forthcoming and Online First Articles

International Journal of Information and Computer Security

International Journal of Information and Computer Security (IJICS)

Forthcoming articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Online First articles are published online here, before they appear in a journal issue. Online First articles are fully citeable, complete with a DOI. They can be cited, read, and downloaded. Online First articles are published as Open Access (OA) articles to make the latest research available as early as possible.

Open AccessArticles marked with this Open Access icon are Online First articles. They are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.

Register for our alerting service, which notifies you by email when new issues are published online.

International Journal of Information and Computer Security (22 papers in press)

Regular Issues

  • Blockchain Based Dynamic Social Spider Optimization (BC-DSSO) Network Optimization for Supply Chain in IoT   Order a copy of this article
    by Anitha Rajendran, Dinesh Rai 
    Abstract: Supply chain management (SCM) in large-scale industries is evolving into a complex value network that offers competitive advantages. BC, with its distributed public ledger, is an excellent tool for enhancing SCM quality. However, network optimisation during data transmission and routing in blockchain technology remains a significant and challenging issue. Additionally, there are technical challenges related to source verification and security within SCM. This paper introduces BC-DSSO for optimising IoT nodes. It highlights the main characteristics of BC technology, such as smart contracts, decentralisation, security, and transparency. The DSSO algorithm is inspired by the foraging strategy of social spiders, which use web vibrations to locate prey and choose the best routes. DSSO improves the efficiency and speed of communication between nodes in a network. Blockchain enhances supply chain visibility and transparency, increasing trust in the model. IoT technology is utilised to track and monitor the activity of products within supply chains. BC-DSSO involves four key steps: hash function, encoding, TM, and routing. During the TM step, node behaviour is supervised by a GRU classifier. The results are measured using metrics such as PDR, PLR, throughput, and correct blocks.
    Keywords: internet of things; IoT; supply chain management; SCM; gated recurrent unit; GRU; network optimisation; blockchain-dynamic social spider optimisation.
    DOI: 10.1504/IJICS.2024.10067452
     
  • NAIBI: A Neighbor-vehicle Approach for Anomaly Detection of Basic Safety Message Falsification in Internet of Vehicles Using Machine Learning   Order a copy of this article
    by Hussaini Aliyu Idris, Kazunori Ueda, Bassem Mokhtar, Samir A. Elsagheer Mohamed 
    Abstract: The alarming rate of fatality and injuries recorded through road accidents call for the deployment of intelligent transportation system (ITS). The internet of vehicles (IoV), being the backbone of ITS, provides vehicles with standards and protocols to disseminate Basic Safety Messages (BSM) containing kinematic information to other vehicles and infrastructures, making the IoV a complex network and therefore susceptible to cyberattacks. Despite employing public-key infrastructure (PKI) to ensure BSMs are digitally signed and authenticated, insider attackers can still falsify BSMs and cause chaos in the network. The research community has contributed by proposing data-centric approaches however, the over-reliance on one vehicle BSM data for training and inference gives the attacker an upper hand . To address these drawbacks, we proposed a machine learning-based neighbor-vehicle approach for anomaly detection of BSM falsification in IoV (NAIBI) and demonstrate its superiority over the state-of-the-art which exceeds 99% in Accuracy, Precision, Recall and F1-Score.
    Keywords: Machine learning; Intelligent Transportation System; Misbehavior detection system (MDS); internet of vehicle (IoV); BSM falsification attack.
    DOI: 10.1504/IJICS.2024.10068111
     
  • A secure and anonymous authentication and key agreement protocol based on ECC for edge computing environment   Order a copy of this article
    by Upendra Verma, Kapil Kumar Nagawanshi 
    Abstract: Edge computing provides various services closer to the smart devices. However, devices have limited computational resources; hence, security procedure should be anonymous and lightweight for edge computing environment. Therefore, the proposed work designs a secure and anonymous authentication and key agreement scheme based on elliptic curve cryptography (ECC). The informal security assessment indicates the proposed scheme resilience to various cryptographic attacks. The performance of proposed scheme is improved in terms of computation, storage and communication overhead. The correctness and robustness of the proposed scheme are confirmed by formal security analysis employing Burrows-Abadi-Needham (BAN) predicate logic. The research also demonstrates a comparative analysis of proposed scheme to the related schemes in terms of various security features. Finally, the proposed scheme undergoes formal security verification through the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool to validate correctness and security. Simulation results confirm our approach's resilience to cryptographic attacks.
    Keywords: Security and Privacy; ECC; Hash function; Edge computing; BAN predicate logic; AVISPA.
    DOI: 10.1504/IJICS.2024.10068112
     
  • Mean Black Widow-Based Optimization (MBWO) Feature Selection and Enhanced Kernel-Based SVM Classifier for Cyberbullying Twitter Data   Order a copy of this article
    by Menaka M, Sujatha P 
    Abstract: People are using online social networks (OSNs) to interact with others worldwide and discuss their preferences, which can lead to cyberbullying. A cyberbully sends threatening or damaging messages online. Social media cyberbullying must be found and stopped. For this, AI computations including pre-processing, highlight extraction, and grouping were built. Pre-processing Twitter data with tokenisation and stemming removes noise. Highlight extraction uses common data and SAE. Several AI classifiers detect cyberbullying. Due to the complexity of cyberbullying, identifying the best selection of features is difficult, affecting detection system scalability. Thus, this study selects and optimises parameters to improve cyberbullying categorisation. Twitter data is collected and pre-processed to remove stop words and other unwanted words. TF-IDF and SAE are used to extract features from pre-processed data. MBWO then selects the component subset that best reduces information dimensionality. To determine cyber bullying events, an enhanced bit support vector machine (EK-SVM) classifier uses these
    Keywords: Online Social Networks (OSN); Mean Black Widow-based Optimization (MBWO); and Enhanced Kernel Support Vector Machine (EK-SVM); Stacked Auto-Encoder (SAE); Term Frequency-Inverse Document Frequency.
    DOI: 10.1504/IJICS.2024.10068113
     
  • Prevention of Cyber Attacks & Real-Time Social Media Spam Detection and Sentiment Analysis Using Recurrent Self-Adaptive Windowing Approach   Order a copy of this article
    by Shankar M. Patil, Sonali Mhatre, Bhawana S. Dakahare, Gurunath T. Chavan 
    Abstract: Due to the fact that social networks have more than a billion members, they are regarded as a part of most users' lives and serve as a vehicle for spammers to disseminate their damaging actions The vast majority of current research focuses on identifying spammers using statistical data However, the misuse of email as a means of communication is growing The email spam issue is increasingly upsetting for email users as it continues Effective spam email detection methods are essential due to the consequent adverse effects The effectiveness of supervised spam classification algorithms is examined in this research along with the impact of pre-processing procedures To categorise the identified spam or phishing, RNN is proposed in this study together with a soft attention model The obtained data is initially pre-processed utilising filtering, tokenization, stop word removal, stemming/lemmatization algorithms, etc To strengthen communication security, content-based spam or phishing filters are critical
    Keywords: Cyber Attacks; Spam Detection; Recurrent Neural Network; Content-Based Spam; Self-Adaptive Windowing Approach.
    DOI: 10.1504/IJICS.2025.10068292
     
  • SR-GBN-ARQ Protocol using Error Correction Code in Fading Network   Order a copy of this article
    by Prajit Paul, Bappadittya Roy, Anup Kumar Bhattacharjee 
    Abstract: An SR-GBN ARQ protocol for maximizing throughput in fading networks through product code is proposed in this document. Integrating the GBN and SR model for the SR-GBN approach minimizes the disadvantages of the GBN model by applying some SR retransmissions before losing the GBN retransmission. In efforts to improve the performance of ARQ-based systems, the combined techniques of Packet Combining Approach (PCA), Modified Packet Combining (MPC) and Aggressive Packet Combining (APC) have been used at the receiver end used to avoid or reduce the retransmissions. The proposed protocol was implemented using the MATLAB tool, and the results were compared to existing scenarios. Subsequently, the results of the proposed protocol demonstrate superior performance by essentially using the performance metrics of power consumption, packet throughput, packet error correction probability (PEC), mean square error (MSE), and minimum mean square error (MMSE).
    Keywords: Selective repeat (SR); automatic repeat request (ARQ); Go-Back-N (GBN); packet combining approach (PCA); XOR operation; error correction.
    DOI: 10.1504/IJICS.2025.10068687
     
  • StealthGuard: A New Framework of Privacy-Preserving Human Action Recognition.   Order a copy of this article
    by Gazi Mohammad Ismail, ZHANG XUEPING, YANG JUNXIANG, Li Bin 
    Abstract: Privacy-preserving human action recognition is a crucial area of research, particularly in the context of video surveillance, assisted living systems, and healthcare applications. While human action recognition techniques offer significant benefits for automated video analysis, they also raise concerns about individual privacy when deployed in sensitive environments. This paper introduces, StealthGuard incorporates a temporal privacy-preserving component based on Generative Adversarial Networks (GANs) to obfuscate sensor data, thereby preventing the identification of individual people or their activities. This approach utilizes Deep Neural Network, ensuring both accuracy in action recognition and real-time deployment feasibility. Through extensive experimental results, StealthGuard demonstrates its ability to achieve high levels of privacy protection while maintaining recognition accuracy making it a promising solution for applications where privacy is paramount. This paper also provides a related works in the field, highlighting approaches and techniques for privacy-preserving human action recognition.
    Keywords: human action recognition ; HAR; privacy preserving ; Generative Adversarial Network ; GAN ; image segmentation; convolutional neural network; CNN ; recurrent neural network; anomaly detection.
    DOI: 10.1504/IJICS.2025.10068688
     
  • A Novel Mutual Quantum Identity Authentication of two-party Protocol with Chaotic Systems   Order a copy of this article
    by Lu Zhang, Chaonan Wang, Yan Sun, Hongfeng Zhu 
    Abstract: In order to ensure the security of communications, it is often necessary to legally verify the identity of the user before formal communications can take place. Given the growing and dramatic interest in quantum computing, it will be necessary to design mutual quantum authentication schemes implemented using quantum resources. In this paper, we design a two-party mutual authentication quantum identity authentication protocol based on GHZ-like state quantum resources and chaotic map theory. On the one hand, we ensure the true randomness of the authentication parameters, and on the other hand, we ensure the true randomness with fast propagation, so as to achieve the nature of fast true randomness. The scheme is able to make the authentication process complete the authentication in a shorter time while ensuring the security.
    Keywords: Quantum identity authentication; GHZ-like state; Chaotic system.
    DOI: 10.1504/IJICS.2025.10068828
     
  • A Blockchain-Aided Privacy Preservation using Lattice Homomorphic Encryption for Digital Forensic Investigation   Order a copy of this article
    by Suvarna Chaure, Vanita Mane 
    Abstract: This paper proposes a novel Secrecy-Preserving Optimized Machine Learning-based Digital Forensic Model (SOMLDFM) designed to address the computational complexities of existing forensic models. The model utilizes a Pelican Optimization-based Hybrid Support Vector Machine-Extreme Learning Machine (SVM-ELM) for feature extraction and classification. This hybrid approach classifies files into Forensically Related Files (FRFs) and Forensically Unrelated Files (FNRFs) while effectively removing noise and irrelevant data. The Pelican Optimization technique reduces potential losses in the hybrid SVM-ELM, resulting in enhanced overall performance. To protect confidential information, the model employs lattice-based homomorphic encryption (LHE), which offers superior security compared to elliptic curve and Diffie-Hellman methods. The discovered files are prioritized based on a calculated relevance score, arranged from highest to lowest by the investigator. The proposed model demonstrates high performance, achieving an accuracy of 98.69%, an F1 score of 97.79%, a recall score of 97.15%, and a precision score of 98.44%.
    Keywords: Support vector machine; interplanetary file storage system; pelican optimization; Digital Forensic Investigation Data; homomorphic encryption.
    DOI: 10.1504/IJICS.2025.10069311
     
  • A Novel Secure Key Generation and SPN-Based Transformation Algorithm for Grayscale Image Encryption   Order a copy of this article
    by Pramil Kesarwani, Ketan Puyad, Bharathi Chidirala, Bibhudendra Acharya 
    Abstract: In this paper, we introduce a novel gray-scale image encryption algorithm that leverages key generation through a secure message-based approach and employs a Substitution-Permutation Network (SPN) for enhanced security The algorithm takes an input image, a user-specified parameter N, and a secret message, from which a SHA-256 string is derived to generate cryptographic parameters for a Henon map The Henon map produces two arrays, 'x' and 'y', with lengths matching the dimensions of the input image A mask is created by performing XOR operations at specific positions in the image using 'x' and 'y' Prior to mask application, the image undergoes an P-round SPN transformation The SPN consists of substitution and permutation operations, where the substitution array is generated using the logistic map to ensure unique and random placement of values from 0 to 255 for gray-scale images Rows and columns of the image are rotated and substituted
    Keywords: Secure Key Generation; Henon Map; Logistic Map; SHA-256; Substitution-Permutation Network (SPN).
    DOI: 10.1504/IJICS.2025.10069312
     
  • Proving Multiplicative Relations for Different Lattice Commitments   Order a copy of this article
    by Mengfan Wang, Guifang Huang, Dong Fang, Lei Hu 
    Abstract: The BDLOP commitment of Baum et al. (SCN 2018) is the currently most efficient commitment scheme. Based on BDLOP commitment, Attema et al. in CRYPTO 2020 presented an efficient product proof in the ring $\mathcal{R}_q=\mathbb{Z}_q[X]/(X^d+1)$ where $X^d+1$ splits into low-degree factors (ALS scheme). Their proof has only one garbage commitment besides the necessary opening proof and works in the case that all the messages are committed simultaneously using the same randomness $\vec{\bm{r}}$. In this paper, we deal with the case where the messages involved in the multiplicative relation are committed using different randomnesses, and construct a parallel product proof and two sequential product proofs. Both of which still require need one additional garbage commitment. Furthermore, in the $\left(\frac{2}{1}\right)$ and $\left(\frac{1}{2}\right)$ sequential product proofs, previous opening proofs can be reused to reduce the proof length by about $2/3$ and $1/3$ respectively.
    Keywords: Commitment scheme; Zero-knowledge proof; MSIS and MLWE; Galois Automorphisms.
    DOI: 10.1504/IJICS.2025.10069313
     
  • DDoS Attack Detection in Blockchain Network Layer using Dual Attention based Dense Convolutional Gated Recurrent Unit   Order a copy of this article
    by Rohidas Balu Sangore, Manoj Eknath Patil 
    Abstract: This paper aims to design a novel hybrid deep learning model along with a new feature extraction technique. This paper collects the input data from publicly available datasets and is pre-processed by using min-max normalization and missing value imputation to eliminate unnecessary information. After, a new Squeeze Excited Deep ResNet-152 (SE-DRes152) model is introduced to extract the essential traffic attributes from pre-processed data. Finally, the DDoS attack from the provided inputs is identified by presenting a novel Dual Attention based Dense Convolutional Gated Recurrent Unit (DA_DCGRU) approach based on the extracted features. The ability of the proposed classifier is further enhanced by fine-tuning its parameters using by Modified Fire Hawks (MFH) approach. The simulation results and comparison analysis prove that the proposed model outperforms the other existing methods in terms of accuracy (98.83%), precision (97.54%), recall (97.81%), F-score (97.67%), specificity (98.51%), MAE (0.192%), MSE (0.01%) and RMSE (0.1082%).
    Keywords: Distributed denial of service attack (DDoS); Internet of Things (IoT); Deep learning (DL); Convolutional Neural Network (CNN).
    DOI: 10.1504/IJICS.2025.10069314
     
  • A Context-based Password Change Enforcement Model   Order a copy of this article
    by Adesina S. Sodiya, Akinkunmi A. Owolabi, Saidat A. Onashoga, ENOCH OLUWUMI 
    Abstract: Password-based authentication systems remain vulnerable to various cyber threats, highlighting the need for innovative approaches to enhance security. In this paper, we propose a Context-based Password Change Enforcement (PCE) model aimed at fortifying password-based authentication systems by dynamically evaluating password reliability through contextual parameters. Leveraging password frequency, uniqueness, attempt, environment, and age, these parameters were used to assess password security and enforce timely changes, thereby enhancing overall system resilience. The implementation of the PCE model led to a significant reduction in password compromise, with only 2 out of 450 user passwords compromised, representing a notable decrease of 96% compared to the initial 50 compromised passwords. Comparative analysis revealed a 99.99% performance rate of the proposed PCE model, outperforming other authentication methods. The PCE model therefore offers a systematic and effective approach to strengthen text-based password authentication systems, mitigating common password attacks and enhancing overall security posture.
    Keywords: Password Security; Contextual Authentication; Password Change Enforcement; Cybersecurity; Authentication Resilience.
    DOI: 10.1504/IJICS.2025.10069886
     
  • A Novel Hybrid Approach for Intrusion Detection System using Deep Learning Technique   Order a copy of this article
    by Sudhir Pandey, Ditipriya Sinha 
    Abstract: Intelligent cyber-attacks importantly threaten data security, prompting extensive research and investment in network security by researchers and businesses. Standard security measures like secrecy, firewalls, authentication, and antivirus programs may be insufficient, necessitating additional protection layers. One advanced technology is the intrusion detection system, capable of dynamically identifying intruders. In this paper we focus on network intrusion detection using a neural network and introduces a filter-based hybrid technique with three modules. The first module involves segmenting and selecting features from accessible data. The second module trains the deep neural network using the filtered features. The final module tests the trained neural network. Feature selection uses the Shuffled Frog Leaping Algorithm, and the Error Back Propagation Neural Network is trained to identify the most effective feature subset for classification. This hybrid technique aims to optimize feature selection for training and evaluation by deep learning methods.
    Keywords: Intrusion Detection System; Deep neural Network; Segmentation; Feature Selection; Shuffled Frog Leaping Algorithm; NSL-KDD and Accuracy.
    DOI: 10.1504/IJICS.2025.10069887
     
  • Integrating Geolocation Intelligence with Ensemble Machine Learning Models for Enhanced Darknet Traffic Classification   Order a copy of this article
    by Ngaira Mandela, Nilay Mistry 
    Abstract: This study presents an innovative approach to darknet traffic classification, combining advanced machine learning techniques with Hybrid LASSO-Random Forest) (HLRF) feature selection and IP geolocation mapping. We propose a new ensemble model that significantly outperforms traditional classifiers, achieving an accuracy of 96.86% and an F1-score of 96.12%. Our research utilizes an enhanced version of the CIC-Darknet2020 dataset, augmented with additional darknet traffic collected over a six-month period. The HLRF selector is employed to identify the most relevant features, improving the model's efficiency and interpretability. Furthermore, we incorporate IP geolocation mapping to provide insights into the global distribution of darknet activities. Our findings demonstrate the effectiveness of our ensemble method with HLRF feature selection in capturing complex darknet traffic patterns and highlight the challenges in geographical attribution due to sophisticated anonymization techniques. This work contributes to the field of cybersecurity by offering an improved method for darknet traffic classification.
    Keywords: Darknet Traffic Classification; Darknet; Machine Learning; XGBoost; Neural Networks; darkweb.
    DOI: 10.1504/IJICS.2025.10070416
     
  • Unveiling the Digital Fingerprints: Analysis of Internet attacks based on website fingerprints   Order a copy of this article
    by Blerim Rexha, Arbena Musa, Kamer Vishi, Edlira Martiri 
    Abstract: Anonymity networks are widely used to safeguard user privacy by concealing identifying metadata. However, these networks remain vulnerable to traffic analysis techniques such as website fingerprinting attacks, which can compromise user anonymity. In this study, we explore the effectiveness of several machine learning algorithms in performing such attacks. Using a controlled experimental framework, we analyze a publicly available dataset capturing user network traffic across 11 days. The dataset, recorded in .pcapng format, includes detailed traffic flows from specific web pages. Through comprehensive evaluations, we establish that the Gradient Boosting Machine algorithm achieves the highest accuracy (83.63%) for binary classification, while Random Forest demonstrates superior performance (62.97% accuracy) for multi-class classification. Our analysis highlights the impact of feature engineering and algorithmic selection on classification outcomes. This work advances the understanding of privacy vulnerabilities within anonymity networks and provides insights into development of more resilient defenses.
    Keywords: Digital Fingerprints; Website Fingerprints; Machine Learning; User Profiling; Traffic Analysis; Web Browsing.
    DOI: 10.1504/IJICS.2025.10070417
     
  • Improved Deep Learning-based Multiple Biometric Authentication System for ATM Transaction solving Cost and Ambiguity Problems of Multiple Card Usage   Order a copy of this article
    by M. Ravi Prasad, N. Thillaiarasu 
    Abstract: When considering the ATM machine, the multimodal authentication is performed. Here, the authentication using biometric information is achieved by applying the Multichannel Adaptive EfficientnetV2 with Attention Mechanism (MAEv2-AM) each channel carries information of each image from Retina, Fingerprint, Face and spectrogram), where the hyper-parameters is tuned by using the improved Fitness Condition-based Archimedes Optimization Algorithm (FCAOA). After the initial authentication, a single PIN entry would be required to select the desired bank account, streamlining the process of withdrawing money. This approach enhances convenience while maintaining security. Therefore, wastage of cards can be reduced, cost of card manufacturing can be reduced, and the ambiguity of using multiple passwords in multiple cards can also be reduced. Finally, the performance of the method is analyzed using diverse metrics and compared with other baseline models. Hence, the proposed work outperforms with the higher results to do the biometric-based authentication for ATM transaction.
    Keywords: Multiple Biometric Authentication System for ATM Transaction; Solving Cost and Ambiguity Problems Of Multiple Card Usage; Fitness Condition-based Archimedes Optimization Algorithm; Short Time Fourier.
    DOI: 10.1504/IJICS.2025.10070418
     
  • An effective approach for fingerprint template protection based on CiKX transform and Tanimoto similarity measure   Order a copy of this article
    by K. Kanagalakshmi, Joycy K. Antony 
    Abstract: Various fingerprint template protection methods are developed in the existing literature, but these methods are highly susceptible to various threats and there is a possibility to retrieve the original fingerprint image. Hence, the protection of fingerprint pattern database from an illegal access is necessary. Providing an effective strategy for protecting the fingerprint template with the developed CiKX transform is the primary goal of this work. The enrolment phase and the authentication phase are the two stages involved in the proposed scheme. The extracted minutiae points are applied over the developed CiKX transform for transforming the minutiae points and stored it in the form of a template in the enrolment stage. Moreover, the same steps of pre-processing, minutiae extraction, and transformation using CiKX transform are performed. Based on the match score, the matching process is done and the decision is made whether the query image is accepted or rejected. The formed CiKX transform obtains a superior value of 0.95 as a highest accuracy, 0.087 as a least FAR, 0.080 as a least FRR and 0.956 as a highest GAR for database-3.The accurate and the improved efficiency are attained by the fingerprint generation and protection utilising the devised CiKX transform.
    Keywords: fingerprint template protection; FTP; Kekre's transform; principal component analysis; PCA; authentication; minutiae points.
    DOI: 10.1504/IJICS.2025.10070997
     
  • Optimising the detection of metamorphic malwares using ensemble learning technique   Order a copy of this article
    by Vinay Kumar, Abhishek Vaish 
    Abstract: Metamorphic malware is a significant challenge for traditional malware detection techniques, as it continuously changes its code to evade its detection. The behaviour-based approach involves analysing the behaviour of malware rather than its code. By monitoring the system's behaviour, it is possible to detect malicious activity that may be associated with malware. We have proposed API call-based technique to detect metamorphic malware. Our approach involves finding the top 30 malicious API calls having the highest probability score based on extra trees classifier and identifying patterns of malicious API calls that indicate malicious behaviour. This paper presents an API call-based detection technique and proposes a novel approach based on ensemble learning techniques. The proposed algorithm has an accuracy of 0.99 and the F1-score is 0.85. Our system can detect changes in the code structure and behaviour of the malware, even if the malware's binary code has been obfuscated into a new variant. We demonstrate the effectiveness using a benchmark dataset of metamorphic malware.
    Keywords: metamorphic malware; gradient boosting; random forest; API calls.
    DOI: 10.1504/IJICS.2024.10067450
     
  • A survey: on detection and prevention techniques of SQL injection attacks   Order a copy of this article
    by Anwesha Kashyap, Angshuman Jana 
    Abstract: We are constantly exposed to the extensive usage of online applications in our daily lives. The web application's backend uses database technology that stores and processes sensitive data. One of the primary concerns of a web application in terms of data security is to safeguard sensitive data in the database. SQL injection attacks are one of the most serious security concerns of web applications (SQLIA). Akamai report suggests that SQLIAs accounted for more than 72% of all web application security attacks in the last five years. Therefore, SQLIA is one of the most severe attacks used against database-driven web applications, which compromises data privacy. It is a code injection type attack where an attacker injects malicious SQL queries to get unauthorised access to the database. Several research proposals have been published to address these security threats. In this paper, we first provide the current state-of-the-art on SQLIA and a comprehensive analysis of SQLIA vulnerabilities, detection and prevention strategies in the literature, as well as a complete comparison evaluation of the various existing methodologies.
    Keywords: data security; database program; SQL injection attacks.
    DOI: 10.1504/IJICS.2024.10067451
     
  • HP-CP-ABE scheme against collusion attacks under an attribute-key security model   Order a copy of this article
    by Keshuo Sun, Haiying Gao, Chao Ma, Bin Hu, Xiufeng Zhao 
    Abstract: Attribute-based encryption (ABE) is crucial for ciphertext access control in cloud settings. In this paper, we evaluate the resilience of classical ABE schemes to specific attacks, ensuring only robust schemes are employed and informing the design of secure ABE schemes. We demonstrate an attribute-key attack on two ciphertext-policy ABE (CP-ABE) schemes using illegitimate private keys. To quantify the security of private keys against collusion, we propose a novel attribute-key security model. At last, we present a hidden-policy CP-ABE (HP-CP-ABE) scheme, proving its selective security and resistance to collusion attacks.
    Keywords: attribute-based encryption; ABE; collusion attack; attribute-key attack; selective security.
    DOI: 10.1504/IJICS.2024.10067453
     
  • Entropy dragonfly optimisation-based cluster head selection and deep learning clone node detection for wireless sensor network   Order a copy of this article
    by K. Jane Nithya, K. Shyamala 
    Abstract: In a network with no fixed infrastructure, a wireless sensor network comprises mobile nodes that communicate with one another using wireless networks. Node clone attacks can exploit WSN. Attackers take control of one sensor node, create numerous copies with the same identity (ID), and spread these copies throughout the network. Clones appear authentic since they have all the credentials of a real member. The clustering of WSN nodes, a fundamental process, aims to achieve load balancing and prolonged network lifetime. This study created the energy efficient sleep awake aware protocol, which improves energy efficiency and chooses the appropriate CH based on node energy. The volume of data and distance between nodes and the base station determine WSN energy efficiency. The dragonfly optimisation technique boosts network performance. Deep learning clone node detection has been introduced to identify WSN clones. Clone identification is essential for preventing cloning assaults. A cheap identity verification approach can find clones locally and globally. Final validation of the suggested approach is done extensively with network simulator 2. (NS2). After the performance analysis, the scheme's effectiveness is assessed by comparing planned and present methods.
    Keywords: clone attack; energy efficient sleep awake aware; EESAA; entropy dragonfly optimisation; EDFO; deep learning clone node detection; DLCND; wireless sensor network; WSN; quality of service.
    DOI: 10.1504/IJICS.2024.10067449
     

 

Return to top