Forthcoming and Online First Articles

International Journal of Information and Computer Security

International Journal of Information and Computer Security (IJICS)

Forthcoming articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Online First articles are published online here, before they appear in a journal issue. Online First articles are fully citeable, complete with a DOI. They can be cited, read, and downloaded. Online First articles are published as Open Access (OA) articles to make the latest research available as early as possible.

Open AccessArticles marked with this Open Access icon are Online First articles. They are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.

Register for our alerting service, which notifies you by email when new issues are published online.

International Journal of Information and Computer Security (32 papers in press)

Regular Issues

  • A Robust Feature Points Based Screen-shooting Resilient Watermarking Scheme   Order a copy of this article
    by Ruixia Yan, Yuan Jia, Lin Gao 
    Abstract: Screen-shooting will lead to information leakage. Anti screen-shooting watermark, which can track the leaking sources and protect the copyrights of images, plays an important role in image information security. Due to the randomness of shooting distance and angle, more robust watermark algorithms are needed to resist the mixed attack generated by screen-shooting. A robust digital watermarking algorithm that is resistant to screen-shooting is proposed in this paper. We use improved Harris-Laplace algorithm to detect the image feature points and embed the watermark into the feature domain. In this paper, all test images are selected on the dataset USC-SIPI and six related common algorithms are used for performance comparison. The experimental results show that within a certain range of shooting distance and angle, this algorithm presented can not only extract the watermark effectively but also ensure the most basic invisibility of watermark. Therefore, the algorithm has good robustness for anti screen-shooting.
    Keywords: blind watermarking; screen-shooting; robustness; invisibility; feature points; QR code; discrete cosine transform; DCT.
    DOI: 10.1504/IJICS.2023.10056328
     
  • Post-Quantum zk-SNARKs from QAPs   Order a copy of this article
    by Ken Naganuma, Masayuki Yoshino, Noboru Kunihiro, Atsuo Inoue, Yukinori Matsuoka, Mineaki Okazaki 
    Abstract: In recent years, the zero-knowledge proof and zero-knowledge succinct non-interactive argument of knowledge (zk-SNARK) have drawn significant attention as privacy-enhancing technologies in various domains, especially the cryptocurrency industry and verifiable computations. rnA post-quantum designated verifier type zk-SNARK for Boolean circuits was proposed by Gennaro et al. in ACM CCS '18. However, this scheme does not include arithmetic circuits. Furthermore, it is difficult to use it in various applications. Their paper described the construction of a post-quantum designated verifier zk-SNARK for arithmetic circuits from quadratic arithmetic programs (QAPs) as an open problem. rnRecently, Nitulescu proposed a post-quantum designated verifier zk-SNARK for arithmetic circuits using square arithmetic programs (SAPs), which are the special cases of QAPs. rnIn this paper, we give other answers to this problem and propose rntwo post-quantum designated verifier zk-SNARK schemes for arithmetic circuits using QAPs. Our first proposal is based on the data structure used in Pinocchio, a previous study, and can be easily implemented using the existing Pinocchio-based systems. Furthermore, this scheme does not require strong security assumptions. rnIn our second proposal, which also employs QAPs, the zero-knowledge proof comprises three learning with errors (LWE) ciphertexts, and the size of the proof is smaller compared with that of the first proposal. Our second proposal is also more efficient than the first one or all other known post-quantum zk-SNARKs. rnWe implemented our proposed schemes and other known schemes using the libsnark library. Our experimental results show that the second scheme is faster than the previous post-quantum zk-SNARK schemes. rnThe second scheme can generate a zero-knowledge proof for an arithmetic circuit that comprises $2^{16}$ gates in a processing time of only 50 s, which is approximately three times faster than that of the post-quantum zk-SNARKs by Gennaro et al. or two times faster than the one by Nitulescu.
    Keywords: Zero-knowledge proof; zk-SNARKs; LWE encryption; Blockchain technology; Post-quantum cryptography.

  • Robust watermarking of Medical Images using SVM and hybrid DWT-SVD   Order a copy of this article
    by Kumari Suniti Singh, Harsh Vikram Singh 
    Abstract: In the present scenario, the security of medical images is an important aspect in the field of image processing. Support vector machines (SVMs) are a supervised machine learning technique used in image classification. The roots of SVM are from statistical learning theory. It has gained excellent significance because of its robust, accurate, and very effective algorithm, even though it was applied to a small set of training samples. SVM can classify data into binary classification or multiple classifications according to the application’s needs. Discrete wavelet transform (DWT) and singular value decomposition (SVD) transform techniques are utilised to enhance the image’s security. In this paper, the image is first classified using SVM into ROI and RONI, and thereafter, to enhance the images diagnostic capabilities, the DWT-SVD-based hybrid watermarking technique is utilised to embed the watermark in the RONI region. Overall, our work makes a significant contribution to the field of medical image security by presenting a novel and effective solution. The results are evaluated using both perceptual and imperceptibility testing using PSNR and SSIM parameters. Different attacks were introduced to the watermarked image, which shows the efficacy and robustness of the proposed algorithm.
    Keywords: support vector machine; SVM; discrete wavelet transform; DWT; singular value decomposition; SVD; watermark embedding; image watermarking.
    DOI: 10.1504/IJICS.2023.10057699
     
  • An Image Encryption Using Hybrid Grey Wolf Optimization and Chaotic Map   Order a copy of this article
    by Ali Akram Abdul-Kareem, Waleed Ameen Mahmoud Al-Jawher 
    Abstract: Image encryption is a critical and attractive issue in digital image processing that has gained approval and interest of many researchers in the world. A proposed hybrid encryption method was implemented by using the combination of the Nahrain chaotic map with a well-known optimised algorithm namely the grey wolf optimisation (GWO). It was noted from analysing the results of the experiments conducted on the new hybrid algorithm, that it gave strong resistance against expected statistical invasion as well as brute force. Several statistical analyses were carried out and showed that the average entropy of the encrypted images is near to its ideal information entropy.
    Keywords: cryptography; optimisation algorithm; grey wolf optimisation; GWO; chaotic system; chaos; security applications; secure communication.
    DOI: 10.1504/IJICS.2023.10057701
     
  • Efficient Multi-party Quantum Key Agreement Protocol Based on New Bell State Encoding Mode   Order a copy of this article
    by Zexi Li, Kefan Cheng, Yan Sun, Hongfeng Zhu 
    Abstract: Although there are many quantum key agreement protocols currently in existence, they cannot be merged in terms of resource utilisation, efficiency, security, and other aspects, and there are also significant differences in the nature of two and more parties. Therefore, it is necessary to design a quantum key agreement protocol that can balance efficiency and security and is suitable for multiple participants. In view of this, this paper proposes a multi-party quantum key agreement protocol based on a new coding mode of bell state: temporary session keys are negotiated between adjacent participants, and then shared keys for all participants are negotiated through the exchange, conversion, and computation of quantum resources. During the implementation of the protocol, not only can the identity of the participants be authenticated, but also the quantum resources used are single, and the quantum operations performed are simple. Moreover, efficiency is fixed and does not decrease due to the increase of participants or quantum resources. In addition, the protocol also allows participants to dynamically join and leave. In terms of security, the protocol can resist most common quantum attacks. Under the existing quantum technology, this protocol is completely feasible.
    Keywords: bell state encoding; multi-party; quantum key agreement; QKA; authentication.
    DOI: 10.1504/IJICS.2023.10057985
     
  • Secure Digital Academic Certificate Verification System using Blockchain   Order a copy of this article
    by Sunil Patel, Saravanan Chandran, Purushottam Kumar 
    Abstract: At present, there is a need for an authentic and fast approach to certificate verification. Which verifies and authenticates the certificates to reduce the extent of duplicity and time. An academic certificate is significant for students, the government, universities, and employers. Academic credentials play a vital role in the career of students. A few people manipulate academic documents for their benefit. There are cases identified where people produced fake academic certificates for jobs or higher education admission. Various research works are developing a secure model to verify genuine academic credentials. This research article proposed a new security model which contains several security algorithms such as timestamps, hash function, digital signature, steganography, and blockchain. The proposed model issues secure digital academic certificates. It enhanced security measures and automated educational certificate verification using blockchain technology. The advantages of the proposed model are automated, cost-effective, secured, traceable, accurate, and time-saving.
    Keywords: digital academic certificate; DAC; hash function; blockchain technology; digital signature; steganography.
    DOI: 10.1504/IJICS.2023.10058109
     
  • WTSEMal: A Malware Classification Scheme Based on Wavelet and SE-Resnet   Order a copy of this article
    by Dongwen Zhang, Shaohua Zhang, Guanghua Zhang, Naiwen Yu 
    Abstract: Aiming at the problem that traditional malware feature extraction data is huge and features are diverse, which requires lots of reverse engineering expertise and the detection effect is poor. In this study, we propose a visual malware classification scheme based on Wavelet and SE-Resnet network named WTSEMal. Firstly, convert the binary file of the malware sample into an image format. Then, after the image is pre-processed by normalisation, mean filtering and data augmentation, the image is decomposed and reorganised by wavelet transform (WT). Finally, the reconstructed image is input into SE-Resnet network for family classification. The experimental results show that the accuracy of the proposed WTSEMal classification scheme in malimg and Big15 is 99.22% and 97.49%, respectively, which are better than the existing machine learning malware classification methods. Compared with traditional classification methods, it has a good detection effect in detecting confusion or variant samples, and has strong generalisation ability.
    Keywords: malware detection; wavelet transform; WT; malware visualisation; deep learning.
    DOI: 10.1504/IJICS.2023.10058896
     
  • Feature-driven intrusion detection method based on improved CNN and LSTM   Order a copy of this article
    by Jing Zhang, Yufei Zhao, Jiawei Zhang, Lin Guo, Xiaoqin Zhang 
    Abstract: To make up the lack of detection capabilities of traditional machine learning methods. A network intrusion detection method based on improved convolutional neural network (CNN) and improved long and short-term memory network (HMLSTM) is proposed. The proposed method is mainly divided into four steps, namely data pre-processing, feature extraction, model training and detecting. First, we use the normalisation technology to pre-process the data; and then we use the lion swarm optimisation (LSO) algorithm to optimise the hyperparameters of the CNN to form the optimal CNN (OCNN) structure, and combine HMLSTM model to extract the spatial and temporal features. Finally, we use the spatial-temporal feature vectors to train and detect the upper classifier of OCNN-HMLSTM. This paper selects three commonly used datasets to do lots of experiments. The results show that the proposed method significantly improves the accuracy of network intrusion detection, and other metrics.
    Keywords: feature-driven; intrusion detection; convolutional neural network; CNN; long-short-term memory; LSTM.
    DOI: 10.1504/IJICS.2023.10059327
     
  • Machine Learning and Deep Learning Techniques for Detecting and Mitigating Cyber Threats in IoT-Enabled Smart Grids: A Comprehensive Review   Order a copy of this article
    by Aschalew Tirulo, Siddharth Chauhan, Kamlesh Dutta 
    Abstract: The confluence of the internet of things (IoT) with smart grids has ushered in a paradigm shift in energy management, promising unparalleled efficiency, economic robustness and unwavering reliability. However, this integrative evolution has concurrently amplified the grid’s susceptibility to cyber intrusions, casting shadows on its foundational security and structural integrity. Machine learning (ML) and deep learning (DL) emerge as beacons in this landscape, offering robust methodologies to navigate the intricate cybersecurity labyrinth of IoT-infused smart grids. While ML excels at sifting through voluminous data to identify and classify looming threats, DL delves deeper, crafting sophisticated models equipped to counteract avant-garde cyber offensives. Both of these techniques are united in their objective of leveraging intricate data patterns to provide real-time, actionable security intelligence. Yet, despite the revolutionary potential of ML and DL, the battle against the ceaselessly morphing cyber threat landscape is relentless. The pursuit of an impervious smart grid continues to be a collective odyssey. In this review, we embark on a scholarly exploration of ML and DL’s indispensable contributions to enhancing cybersecurity in IoT-centric smart grids. We meticulously dissect predominant cyber threats, critically assess extant security paradigms, and spotlight research frontiers yearning for deeper inquiry and innovation.
    Keywords: smart grid; cyber threats; cybersecurity; internet of things; IoT; deep learning; machine learning.
    DOI: 10.1504/IJICS.2024.10061784
     
  • An Intelligent Approach to Classify and Detection of Image forgery attack (Scaling and Cropping) using Transfer Learning   Order a copy of this article
    by Ravi Sheth, Chandresh Parekha 
    Abstract: Image forgery detection techniques refer to the process of detecting manipulated or altered images, which can be used for various purposes, including malicious intent or misinformation. Image forgery detection is a crucial task in digital image forensics, where researchers have developed various techniques to detect image forgery. These techniques can be broadly categorised into: active, passive, machine learning-based and hybrid. Active approaches involve embedding digital watermarks or signatures into the image during the creation process, which can later be used to detect any tampering. On the other hand, passive approaches rely on analysing the statistical properties of the image to detect any inconsistencies or irregularities that may indicate forgery. In this paper for the detection of scaling and cropping attack a deep learning method has been proposed using ResNet. The proposed method (Res-Net-Adam-Adam) is able to achieve highest amount of accuracy of 99.14% (0.9914) while detecting fake and real images.
    Keywords: image forgery; scaling; cropping; deep learning; transform learning; ResNet.
    DOI: 10.1504/IJICS.2024.10062129
     
  • A Novel Blockchain Consensus Protocol with Quantum Private Comparison for Internet of Vehicles   Order a copy of this article
    by Kefan Cheng, Lu Zhang, Yan Sun, Hongfeng Zhu 
    Abstract: Consensus protocols are a key feature in decentralised systems/networks which aiming to obtain and agree on a shared state among multiple unreliable nodes with diverse applications. Therefore, that integrated design with new technologies will become a difficult and hot research topic, especially in combining new fields such as quantum information and blockchain. Spontaneously, we propose a new consensus protocol in combination with quantum private comparison (QPC) in internet of vehicles (IoV) using practical Byzantine fault tolerance (PBFT) to achieve security and efficiency at higher levels. Through multi-node collaborative computing, different vehicles can quickly reach a consensus. More importantly, we have added quantum technology in the identity authentication and consensus phase, which can make our integrated network more robust and prevent malicious attacks. In other words, our protocol adopts QPC to make it impossible for any malicious node to maliciously disturb the order between nodes in the consensus phase, thus improving security. Finally, compared with the recent related literature, our consensus protocol has strong practicability and universality and can be well applied in the IoV environment.
    Keywords: quantum cryptography; quantum private comparison; internet of vehicles; IoV; blockchain.
    DOI: 10.1504/IJICS.2024.10062130
     
  • A Robust Intrusion Detection Techniques on Improved Features Selection Generalised Variable Precision Rough Set   Order a copy of this article
    by R. RAJESHWARI, M.P. Anuradha 
    Abstract: Network-based communication is becoming more and more susceptible as it is used extensively for outsiders and attacks in many areas. Intrusion detection is an essential process for a complete communication network security strategy. Intruders learn tactics of attacks every day, so they try to observe the significance of the intrusion detection system thoroughly, and they deny the services of IDS to the respective users. The three prominent roles that perform essential tasks in the network security of IDS are data collection, selection of optimal parameters, and classification made by decision-making engines. The recent research area highly relies on selecting an IDS optimal feature. Machine learning has explored various novel methods to improve performance and achieve a high accuracy rate. The proposed work implements a generalised rough set theory for optimal parameter selection, which leads to a formal way to enhance the accuracy. Support vector machines are used to classify network packet threats using machine learning. The suggested work uses the NSL-KDD dataset because it improves network communication security. Pre-processing data and feature selection on generic variable precision rough sets should be compared to best initial search and genetic search.
    Keywords: intrusion detection system; IDS; anomaly detection; generalised variable precision rough set; GVPRS; feature selection; machine learning; support vector machine; SVM; NSL-KDD dataset.
    DOI: 10.1504/IJICS.2024.10063042
     
  • Image Forgery Detection on Multi-Resolution Splicing Attacks using DCT and DWT   Order a copy of this article
    by Bhavani Ranbida, Debabala Swain, Bijay Paikaray 
    Abstract: Digital images play a vital role in this age of digitisation. Digital images can be easily forged by image editing tools intentionally or unintentionally. After forgery, these images are difficult to detect with the naked eye directly which creates social and legal troubles in feature vectors. Hence more efficient techniques need to be evolved that can easily detect the alterations in the digital image. Various methods have been proposed to carry out forensic analysis, but not so accurate and more time-consuming. In this paper we have proposed an innovative image forgery detection technique on copy-move and splicing attacks and the image authentication using discrete cosine transform (DCT) and discrete wavelet transform (DWT). The proposed technique detects the forgery regions in the images more accurately. The DCT and DWT techniques are mainly used for reduction in the dimension of the cover image and further partitioning into fixed sized non-overlapping blocks. This method significantly improves the detection of spliced area, the execution time, and accuracy result. Moreover, this technique is robust towards images with rotation, scaling, multiple copy-move forgery attack, splicing, etc. It provides a reliable and efficient solution for detection and ensuring image authenticity.
    Keywords: digital image forensic; multi-resolution; counterfeit detection; discrete wavelet transform; DWT.
    DOI: 10.1504/IJICS.2024.10063043
     
  • Unified Singular Protocol Flow for OAuth (USPFO) Ecosystem   Order a copy of this article
    by Jaimandeep Singh, Naveen Chaudhary 
    Abstract: OAuth 2.0 authorizes third-party clients to access a user's account on another app with limited permissions. The specification classifies clients by their ability to keep credentials confidential and grants different access types. This paper proposes USPFO, a new approach that combines different client and grant types into a unified protocol flow. USPFO can be used by both confidential and public clients to simplify the OAuth flow and reduce vulnerabilities. It also provides built-in protections against known OAuth 2.0 vulnerabilities such as client impersonation and token theft through integrity, authenticity, and audience binding. USPFO is compatible with existing RFCs, OAuth 2.0 extensions, and active internet drafts. By combining different client and grant types, USPFO streamlines the process and addresses the unique security and usability considerations for each type. This approach offers an alternative solution for OAuth providers looking to enhance their security and user experience.
    Keywords: OAuth 2.0 · USPFO · Unified Protocol Flow · Authorization Framework · Client Impersonation · Security; Vulnerabilities · Authentication · OAuth Extensions · Internet Standards.
    DOI: 10.1504/IJICS.2024.10063044
     
  • Data Dissemination and Policy Enforcement in Multi-Level Secure Multi-Domain Environments   Order a copy of this article
    by Joon Son, Essia Hamouda, Garo Pannosian, Vjay Bhuse 
    Abstract: Several challenges exist in disseminating multi-level secure (MLS) data in multi-domain environments. First, the security domains participating in data dissemination generally use different MLS labels and lattice structures. Second, when MLS data objects are transferred across multiple domains, there is a need for an agreed security policy that must be properly applied, and correctly enforced for the data objects. Moreover, the data sender may not be able to predetermine the data recipients located beyond its trust boundary. To address these challenges, we propose a new framework that enables secure dissemination and access of the data as intended by the owner. Our novel framework leverages simple public key infrastructure and active bundle, and allows domains to securely disseminate data without the need to repackage it for each domain.
    Keywords: active bundle; simple public key infrastructure; SPKI; mandatory access control; MAC; trust delegation; authorisation certificate.
    DOI: 10.1504/IJICS.2024.10063045
     
  • Contrast Enhancement in Probabilistic Visual Cryptography Schemes: A Pixel-Count based Approach   Order a copy of this article
    by Jisha T. E, Thomas Monoth 
    Abstract: The concerns with pixel expansion are eliminated by the introduction of size-invariant visual cryptography techniques. In the field of visual cryptography, the contrast of the decrypted image continues to be a hurdle. The two existing schemes in visual cryptography are the perfect reconstruction of black pixels and the perfect reconstruction of white pixels. In the current study, we introduce a size-invariant probabilistic technique, where the contrast of the deciphered image depends on the chosen scheme. Which scheme is employed depends on the total amount of black and white pixels in the covert image. Here, we’ve described the development and effectiveness of non-expanded probabilistic visual cryptography schemes with the perfect reconstruction of both black and white pixels that were based on several research studies. These schemes include (2, 2), (2, n), (n, n) and (k, n). We analysed the data using tables and charts to demonstrate the effectiveness of the suggested model, and we discovered that the projected models enhanced the contrast.
    Keywords: probabilistic; size-invariant; black and white pixels; visual quality; visual cryptography scheme.
    DOI: 10.1504/IJICS.2024.10064753
     
  • Cryptanalysis and Improvement of a Secure Communication Protocol for Smart Healthcare System   Order a copy of this article
    by Devender Kumar, Deepak Kumar Sharma, Parth Jain, Sumit Bhati, Amit Kumar 
    Abstract: There are many applications based on wireless technology and cloud computing in various fields. One such field that uses this technology is telemedicine or mobile healthcare. But with an increase in usage, these systems should be protected efficiently. Security is the greatest concern in this field. Recently, Sureshkumar et al. have proposed a protocol for a smart healthcare system, which uses 3-factor authentication. Here we cryptanalyze their scheme and find that it cannot withstand against the user impersonation attack, denial of service attack, privileged insider attack and gateway impersonation. To overcome these weaknesses, we propose an authentication protocol for smart healthcare system. To validate our claim, we use the ProVerif tool for formal security verification and compare our protocol with some related schemes. We also show that the proposed protocol is more secure and efficient than the related schemes.
    Keywords: User authentication; healthcare systems; denial of service attack; user impersonation attack; session key agreement; insider attack; sensor node.
    DOI: 10.1504/IJICS.2024.10064755
     
  • Blockchain-Based Composite Access Control and Secret Sharing Based Data Distribution for Security-Aware Deployments   Order a copy of this article
    by Kalyani Pampattiwar, Pallavi Chavan 
    Abstract: Securing cloud deployments includes patching and processing data from all input end-points that causes abnormal functioning and intrusions To incorporate security measures into cloud installations, many security models uses single or dual control mechanisms Cloud deployments are built on static rules, limiting their scalability to certain attack scenarios To address these limitations, this article presents a novel blockchain-based composite access control and secret sharing-based data distribution architecture for security-aware deployments The proposed model splits and merges sidechains using a Modified Genetic Algorithm Quality of Service awareness with federated deep learning improves model’s performance This approach combines swarm intelligence with secret sharing and provides dynamic as well as efficient data distribution in the cloud The model helps to mitigate Distributed Denial of Service, Finney, Man in the Middle, Sybil network attacks, SQL injection and query-based attacks The model’s Quality of Service performance is monitored and compared against state-of-the-art models.
    Keywords: Blockchain; Authentication; Access Control; Secret Sharing; Swarm intelligence; Federated Learning; Cloud; Genetic Algorithm; Quality of Service; Security.
    DOI: 10.1504/IJICS.2024.10064756
     
  • Robust and Secure File Transmission Through Video Streaming Using Steganography and Blockchain   Order a copy of this article
    by Xiangning Liang, Pushpendu Kar 
    Abstract: Videoconferencing software is widely used for online meetings. As a common sub-function, file transfer is always handled by a separate service, sometimes it is a third-party service. File transmission is usually developed upon well-known protocols for a typical commercial videoconferencing application. When sending files during a video session, file data flow and video stream are independent of each other. Encryption is a mature method to ensure file security, which is proved by years of industrial practice. However, it still has the chance to leave footprints on the intermediate forwarding machines. These footprints can indicate that a file once passed through, some protocol-related logs give clues to the hackers later investigation. In cases where higher security requirements are needed, it is better to avoid leaving footprints about file transmission in the network. This work proposes a file-sending scheme through the video stream using blockchain and steganography.
    Keywords: Video streaming; Blockchain; Steganography; File Transmission; Network Flow; File Security.
    DOI: 10.1504/IJICS.2024.10064757
     
  • IDMS Quantum Password-Authenticated Key Exchange Protocols   Order a copy of this article
    by Lu Zhang, Yan Sun, Yingfei Xu, Hongfeng Zhu 
    Abstract: In this paper, we design an ID-based M-server quantum password-authenticated key exchange scheme, where the client computes a strong key from its password and splits the key into m portions, and then encrypts them and sends them to m servers to be used as the basis for encryption and decryption in the subsequent key exchange process. The adoption of multiple servers can effectively prevent third-party attacks on the server and ensure the security of the key information, which is just like a complex secret sharing mechanism in traditional computational cryptography, for example, secret sharing (m, n) threshold scheme, but our new quantum fusion technology to realise the secret sharing mechanism is more efficient and simpler. Finally, through analysis, our scheme can meet most of the security requirements and perform well. It is feasible to implement the protocol under the existing quantum technology.
    Keywords: quantum technology; password-authenticated key exchange; secret sharing; multiple servers.
    DOI: 10.1504/IJICS.2024.10064758
     
  • The APT Family Classification System Based on APT Call Sequences and Attention Mechanism   Order a copy of this article
    by Zeng Shou, Yue-bin Di, Xiao Ma, Rui-chao Xu, He-qiu Chai, Long Yin 
    Abstract: Among the many cyber attack activities, Advanced Persistent Threat (APT) has caused more serious impact on enterprises, and the malware used by hacker groups is also very complex, which poses a great obstacle to analyze and trace the source However, malware used by the same hacker group is internally correlated, and there are differences in malware between different hacker groups Currently, deep learning has achieved results in many fields, and its application in the security field is becoming more and more widespread In this paper, we design an APT family classification system based on API call sequences, which extracts API call sequences from malware and uses a one-dimensional convolutional neural network with attention mechanism for classification The system is tested on a test dataset of 12 different families of 12 different families of malware, and the test results show that the system has high accuracy as well as practicality.
    Keywords: APT; Dynamic Analysis; Convolutional Neural Network.
    DOI: 10.1504/IJICS.2024.10064759
     
  • A User Transaction Privacy Protection Protocol Supporting Regulations on Account Based Blockchain   Order a copy of this article
    by Nan Wang, Yuqin Luo, Hao Liu, Haibo Tian 
    Abstract: Financial institutions using blockchain smart contracts need to adhere to real-world regulations. Data on blockchain is easily accessible, so privacy protection is crucial. Our goal is to introduce an efficient protocol that satisfies both user privacy protection and hierarchical regulatory requirements, without the need for zero-knowledge proofs. To achieve this, we've developed two innovative design strategies. Firstly, we envision financial institutions serving as transaction mixers for their users. This approach offers an additional layer of privacy by obfuscating the source of each transaction. Secondly, we depend on regulatory agencies to oversee the compliance of blockchain transactions. This ensures that our protocol aligns with regulatory requirements while maintaining user privacy. The resulting protocol offers superior privacy protection for user transactions, with provable security and computational efficiency.
    Keywords: Privacy Protection; User Transaction; Hierarchical Supervision; Transaction Mixer; Financial Institution; Regulatory Agency.
    DOI: 10.1504/IJICS.2024.10065235
     
  • A blended approach of static binary mining and exploratory data analysis to obtain the security posture of embedded systems firmware   Order a copy of this article
    by Mahesh Patil, Shailaja C. Patil 
    Abstract: In the era of connected embedded systems, devices are often targeted by sophisticated cyber-attacks. The entry point for these attacks is more often through firmware and hence analysing its security is vital. This research presents an innovative method for evaluating the security posture of firmware by examining its binary constituents. The approach combines static binary mining techniques with exploratory data analysis to visually depict the security posture of firmware. This aids in providing a comprehensive perspective of its weaknesses and strengths. To validate the effectiveness of the proposed approach and methodology, an in-depth security analysis is carried out on five real world firmware samples. The selection of these firmware samples encompasses a wide range of devices and applications, thereby assuring the broad relevance of the findings. The results demonstrate the efficacy of this technique in revealing and visually representing different firmware security characteristics, such as the firmware attack surface, the effectiveness of binary protection mechanisms, and the overall security resilience. The methodology is implemented as an open source tool named fw2ai, which automates the security analysis serving the needs of both security researchers and practitioners.
    Keywords: binary analysis; embedded systems; exploratory data analyses; firmware security posture; internet of things; IoT.
    DOI: 10.1504/IJICS.2024.10065236
     
  • A Lattice-Based CP-ABE Scheme with Immediate Attribute Revocation   Order a copy of this article
    by Miao He, Nurmamat Helil 
    Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) is suitable for providing secure data-sharing services in the cloud storage scenario. However, attribute revocation in CP-ABE is a sticky issue. The research achievement on quantum computing makes the traditional CP-ABE no longer secure. Fortunately, lattice-based CP-ABE can resist quantum attacks. This paper proposes a lattice-based CP-ABE scheme with a tree access structure that supports the immediate revocation of attributes. This scheme is resistant to quantum and collusion attacks and has a shorter ciphertext size, reducing the computational overhead of ciphertext re-encryption in the attribute revocation process. Finally, it is shown that, under the standard model, the scheme is proven secure against chosen-plaintext attacks (CPA), and its security can be attributed to the learning with errors (LWE) difficulty problem.
    Keywords: Lattice-Cryptography; CP-ABE; Attribute Revocation; Collusion Attacks; LWE.
    DOI: 10.1504/IJICS.2024.10065237
     
  • Method for Botnet Detection with small Labeled Samples Based on Graph Neural Network   Order a copy of this article
    by Junjing Zhu, Honggang Lin 
    Abstract: Deep learning-based botnet detection techniques need to be trained using a large number of labelled samples, which is incompatible with the current environment where botnets occur in short cycles and mutate quickly. Therefore, we propose a PAR-BD method based on graph neural networks. Using an autoregressive method to generate interdependent host nodes and communication edges, we pre-train the graph neural network; using the pre-trained model to initialise the detection model and using a small number of labelled botnet samples to train the model, to improve the accuracy of botnet detection under small samples. The experimental results show that when using this method for botnet detection with few labelled samples, the results are better than graph node classification method, few nodes classification method, and few labelled graph node classification method.
    Keywords: botnet; botnet detection; small labelled sample detection; pre-training; self-supervised learning.
    DOI: 10.1504/IJICS.2024.10065734
     
  • An Ensemble Classification Model for Improved Performance of Phishing Detection System   Order a copy of this article
    by Moumita Sahoo, Sabyasachi Samanta, Soumen Ghosh 
    Abstract: Individuals and organisations are at risk of money losses and data compromise from phishing attempts. Traditional rule-based phishing detection methods fail to keep up with attacker strategies. The need for more advanced and adaptive phishing defences is growing. An ensemble classification model for phishing detection system is proposed to address this difficulty. We analysed a large dataset of known phishing assaults to identify common patterns and traits. Initially, the raw phishing data have pre-processed using quantile transformation to convert variable’s distribution to normal distribution and to mitigate the impact of outliers. The proposed ensemble prediction model has segregated phishing e-mails, webpages, and other dangerous information. The classifier’s performance is enhanced further by employing the random search approach to tweak a set of carefully chosen hyper-parameters. When compared to other state-of-the-art methodologies, our system’s results have achieved competitive performance. Thus, the suggested model is a promising ensemble-based phishing detection solution.
    Keywords: cyber security; phishing; data breaches; quantile transformation; random forest ensemble classifier; RFEC; hyper-parameter tuning; cross-fold validation.
    DOI: 10.1504/IJICS.2024.10065735
     
  • Improving greedy adversarial attacks on Text Classification   Order a copy of this article
    by Salim KHEMIS, Amara Yacine, Akrem Benatia 
    Abstract: Deep learning models have demonstrated remarkable success in various applications, yet their vulnerability to adversarial attacks remains a significant concern. These attacks can mislead models, imperceptibly to human eyes, creating a critical challenge in ensuring robustness. Despite recent advancements in adversarial attacks that contribute to enhancing model robustness, many existing techniques yield higher perturbation rates, lower textual similarity or lower success rates, with some, like population-based methods, incurring an increased query count. In response to that, this paper introduces two innovative methods: a k-means-based ranking approach and an iterative context-aware search algorithm complemented by a rollback method, to enhance the quality of generated adversarial samples. Our approaches showcase superiority over numerous state-of-the-art techniques by successfully compromising deep learning models with fewer modifications and achieving higher success rates, presenting a significant advancement in adversarial attack generation. This work contributes to the ongoing efforts to fortify deep learning models against adversarial attacks.
    Keywords: text-based adversarial attacks; natural language processing; NLP; NLP adversarial samples; greedy-based adversarial attacks.
    DOI: 10.1504/IJICS.2024.10066293
     
  • Intensity Based Randomized Image Steganography Technique with Novel AES Encryption   Order a copy of this article
    by Rashmi Shirole, Shiva Murthy G. 
    Abstract: In present digital age, data is the currency of any organization. Microsoft Word is the most popular word processor. The purpose of this work is to present another methodology that relies on combining Cryptography and Steganography for its implementation in order to conceal secrets in a cover media. This work aims to introduce a novel security mechanism to protect MS-word document which deals with the combination of advanced AES cryptography and optimized image steganography technique. To generate ciphertext, operation on S-boxes in AES algorithm is modified. The generated ciphertext is embedded in an image using low intensity randomized technique. A few cryptanalysis and steganalysis attacks were conducted to test this new methodology, which is demonstrated through Histogram, Avalanche effect, Entropy values, Attack scenario, Execution time, PSNR value, Manhattan-Zero normalization, delta E and Correlation coefficient. Results show that stego picture has strong resistance power against all assaults.
    Keywords: MS-Word; Symmetric encryption; AES; S-boxes; Low intensity transformation; Zero normalization; Avalanche effect; PSNR; Correlational coefficient.
    DOI: 10.1504/IJICS.2024.10066294
     
  • An efficient Cyberbullying detection framework on Social Media Platforms using a hybrid Deep Learning model   Order a copy of this article
    by Geetha R, Belshia Jebamalar, Darshan Vignesh B. G, Kamalanaban E, Srinath Doss 
    Abstract: People in social media are more vulnerable to the negative effects and the most serious consequences of utilising social media is cyberbullying. Cyberbullying is an offensive and deliberate act perpetrated online by a particular individual or an organisational structure. It is brought about by sending, publishing, and disseminating offensive, dangerous, and misleading information online. As cyberbullying becomes increasingly prevalent in social media, automatically detecting it and taking proactive steps to address it becomes critical. Humiliation of an individual in social media causes psychological disturbance in one’s life, in order to have a safe and secure platform. A hybrid deep learning model has been used that combines convolutional neural network (CNN) and long short-term memory (LSTM) to detect cyberbullying more precisely and effectively in this paper. Using convolutional layers and max-pooling layers, the CNN model recovers higher level features efficiently. Long-term dependencies between word sequences can be captured using the LSTM model. The findings reveal that in terms of accuracy, the presented hybrid CNN-LSTM Model performs better than standard approaches for machine learning and deep learning.
    Keywords: cyberbullying; security; convolutional neural network; CNN; long short-term memory; LSTM; max-pooling.
    DOI: 10.1504/IJICS.2024.10066295
     
  • A Collision Proof Energy Efficient Lightweight Hybrid Cryptosystem for Fog   Order a copy of this article
    by Sandeep Kumar, Ritu Garg 
    Abstract: Fog computing extends cloud capabilities to the network edge, aiding IoT and users. It mitigates cloud issues like latency and reliability. However, fog’s limited resources pose security vulnerabilities like data theft and unauthorised access. To tackle this, we proposed a lightweight, energy-efficient hybrid cryptosystem with dynamic key changes. This optimises fog node energy usage and the proposed security system is collision proof and uses proportional offloading to ensure the delivery of subscribed data to fog/cloud. We have utilised chosen-ciphertext attribute-based encryption scheme to produce the keys and principles of ECC-Elgamal are considered for encryption/decryption of data. Finally, the performance evaluation and security attacks analysis depicts that our security system performs better in terms of optimal energy utilisation, overall computation overhead as well as mitigating the attacks in contrast with other state of art methodologies.
    Keywords: fog computing; elliptic curve cryptography; ECC; CP-ABE; dynamic key change; attacks; access control.
    DOI: 10.1504/IJICS.2024.10066296
     
  • Common key multi-hop packet authentication protocol for Wireless Mesh Networks   Order a copy of this article
    by Vanlalhruaia Chhakchhuak, Ajoy Kumar Khan, Amit Kumar Roy 
    Abstract: To achieve security with efficiency in wireless mesh networks (WMNs) is an important issue due to its distributed nature and absence of centralised authority. Due to the absence of central authority, the authentication becomes a challenging task in WMNs. Several attacks could be easily launched in WMNs such as replay attack and impersonation attack. These types of attacks could be launched by an intruders by injecting malicious packets throughout the network among mesh entities. Therefore to overcome from such attacks, we had proposed an efficient multi-hop packet authentication protocol known as
    Keywords: WMNs Architecture; Attack types; Packet authentication; Data Integration; Diffie-Hellman.
    DOI: 10.1504/IJICS.2024.10066297
     
  • An Efficient Block Cipher Based on Multiple Optimal Quasigroups   Order a copy of this article
    by Umesh Kumar, V. Ch. Venkaiah 
    Abstract: An efficient block cipher that uses 16 optimal quasigroups is proposed in this paper. All the 16 optimal quasigroups are created using the 16 optimal S-boxes of 4x4 bits with the lowest differential and linearity characteristics. These S-boxes are secure against differential and linear attacks. The new block cipher is implemented in C++, compared its performance with the existing quasigroup based block ciphers, and found that the proposed cipher is more efficient than existing quasigroup based proposals. The proposed cipher is analyzed against various attacks including differential and linear attacks and we found it to be resistant to these attacks. Also, we evaluated our cipher using various statistical tests of the NIST-STS test suite, and we found it to pass each of these tests. We also established in this study that the randomness of our cipher is almost the same as that of the AES-128.
    Keywords: AES-128; Cryptography; Block cipher; Latin square; NIST-STS; Optimal quasigroup.
    DOI: 10.1504/IJICS.2024.10066298