International Journal of Multimedia Intelligence and Security (5 papers in press)
TIDE: Tampered Image Detection using Mutual Information
by Dhwani Patel, Manik Lal Das
Abstract: In this paper, we study the problem of detecting tampering in images without having any prior knowledge of image and its content. The features are designed to classify the given image as raw image (cover image) or image containing hidden data (stego
image) embedded into original image. Two set of features are designed - one based on histogram of image and other based on information theoretic measure such as mutual information. Histogram of image is analyzed using Short-Time Fourier Transform (STFT) and features based on Centre of Mass (COM) in frequency domain is designed. Statistical dependency between adjacent pixels in natural images is quantified using Mutual Information. The observations made in our analysis provide some interesting observations on image tampering detection using features based on STFT and Mutual Information and Short-Time Fourier Transform. We have performed the experimental result using the coral database containing 10000 images, and observed 85.71\% classification
accuracy which is a significant improvement over the previously reported techniques.
Keywords: Steganography; Image tampering; Image forgery; Mutual information; Histogram.
Cyber Defence Triage for Multimedia Data Intelligence: Hellsing, Desert Falcons and Lotus Blossom APT Campaigns as Case Studies
by Raúl Vera, Shehu Amina, Tooska Dargahi, Ali Dehghantanha
Abstract: Advanced Persistent Threats (APTs) refer to sophisticated attacks to businesses and individuals in which adversaries use multiple attack vectors to achieve their objectives. The main challenge regarding APT analysis and defence is that all research body about APTs is fragmented, and there are just a few scientific papers in the literature that discuss different features of APTs. However, in order to defend against APTs, it is important to have a complete overview of their tactics, techniques, and procedures (TTPs). In this paper we analyse TTPs of three APT groups, namely Hellsing, Desert Falcons and Lotus Blossom, that are actively targeting multimedia data storage and multimedia systems. Adopting three well-known attack attribution models (i.e., Lockheed Martin Cyber Kill-Chain, Diamond Model and Course of Action Matrix) we provide a comprehensive cyber defence triage process (CDTP) about the considered three APTs. The provided CDTP in this paper highlights the steps undertaken by these APT groups, uncovers factors that have influenced achieving their objectives and suggests possible mitigations against these APTs. The provided courses of actions are APT specific, and different APTs based on their attack features might need different mitigation methods (while some general methods could be used in all cases). For example, in case of Dessert Falcon whitelisting could help in denying the delivery of malware, while in the case of Helsing, other methods such as DKIM and SPF could help in denying and detecting attack during the delivery phase.
Keywords: Multimedia Intelligence; Security; APT; Advanced Persistent Threats; Cyber Kill Chain; Diamond Model; Intrusion Analysis; Cyber Defence Triage; IoC; Indicators of Compromise.
On Constructing Contention Aware Connected Dominating Sets (CDS) for inter connectivity among Internet of Things (IoT) devices.
by Md. Sadiqur Rahman Sohel, Chowdhury Nawrin Ferdous, Ashikur Rahman, Akib Jawad Nafis, Salsabil Arabi, Raqeebir Rab
Abstract: The heterogeneous IoT devices (such as smartphones, or sensors) are often equipped with wireless interfaces which can be used to create self-organising multi-hop networks. Any device/node in such networks often requires to broadcast packets for data dissemination and route discovery. The straightforward way to accomplish broadcasting is through flooding, where each node transmits the broadcast message only once. Drawback of such a naive mechanism is its serious bottleneck on network throughput caused by redundant traffic, serious contention, and collision. In the literature, several methods for creating a connected dominant set (CDS) were proposed to overcome performance bottleneck. CDS can be used as a virtual backbone for broadcasting where only the member nodes of the CDS would forward the message. CDS construction could be either centralised or distributed. The algorithms proposed in the literature aim at minimizing the number of forwarding. Neither centralised nor distributed approaches minimise contention that we address in this paper. The contention occurs when certain nodes located in close vicinity of each other want to access a shared channel. Notably, at the time of contention one exclusive node obtains opportunity to transmit on the medium and others need to postpone their sending on the shared medium. In this paper, we also provide a novel mathematical analysis of contention and show that contention is heavily dependent on node density in the network and transmission radius of each node. Then a new centralised algorithm called Contention Aware Connected Dominating Set (CACDS) is devised which intellectually selects member nodes while creating a CDS. This helps to reduce contention. Since collecting global network topology is very difficult to achieve entirely, a distributed algorithm and a hybrid distributed algorithm has also been devised. Finally, the proposed algorithms have been implemented in the state-of- the-art simulator NS-2. The proposed heuristics performance has been captured using simulation experiments under practical settings which shows a significant reduction in contention. Moreover, their performance outperforms some other state-of-the-art algorithms performance with regards to contention and delay
minimisation, although the number of forwarding has been increased marginally.
Keywords: Wireless Ad-hoc Network; Broadcasting in IoT-devices; Connected Dominating Set (CDS); Network Contention; Mathematical analysis of Contention; Contention Aware Connected Dominating Set (CACDS);.
Hardware Security Threats and Countermeasures: A Study of Obfuscation, Camouflaging, and PUFs
by Hamza Al Maharmeh, Mohammad Alhawari, Chung-Chih Hung, Mohammed Ismail
Abstract: Hardware security threats have gained a tremendous attention where extensive research efforts have been expended toward developing effective countermeasures. These threats can be categorized into five main attacks which are: reverse engineering, side-channel analysis, Intellectual Property (IP) cores piracy/IC overbuilding, counterfeiting, and hardware Trojans. This paper investigates the most efficient state-of-the-art techniques that are used to thwart reverse engineering, IC piracy, and counterfeiting attacks. Reported work in the literature proposed various countermeasures, where obfuscation, camouflaging, and Physically Unclonable Functions (PUFs) are considered the most powerful and effective methods. In obfuscation technique, the chip will be locked and it will not function properly unless the correct secret key is supplied. This paper addresses also camouflaging countermeasure which is a layout-based technique that is used to protect IP cores. Additionally, this paper provides a detailed study on silicon PUFs, where they can be classified into weak and strong PUFs. The main difference between strong and weak PUFs is that a strong PUF has a very large number of Challenge-Response Pairs (CRPs), and this is the main reason why strong PUFs are used for authentication, while weak PUFs are employed in secret key generation. SRAM PUFs and Ring-Oscillators (ROs) PUFs are two examples of weak PUFs, while optical PUFs and arbiter PUFs are considered as strong PUFs. In this paper, various PUF architectures will be discussed along with the design constraints.
Keywords: Hardware Security; Physically Unclonable Functions; PUFs; Weak PUFs; Strong PUFs; Silicon PUFs; Obfuscation; Camouflaging; Logic Locking.
A new method of combining color, texture and shape features using the genetic algorithm for image retrieval
by Mohamed Hamroun, Sonia Lajmi, Henri Nicolas, Ikram Amous
Abstract: Semi-automatic or automatic image indexation emerged because manual image indexation is slow and tedious. Generally, this first indexation is used as part of a content-based image retrieval system (CBIR). To have a powerful CBIR system, it is necessary to be concerned with three main facets: (i) the choice of the descriptors (based on shape, color and texture and /or a combination between them), (ii) the process of indexation and finally (iii) the retrieval process. In this work, we focus mainly on an indexing based on genetic algorithm and Particle Swarm Optimization (PSO) algorithm. We chose an optimal combination of color, shape and texture (PCM: Powerful Combination Method) descriptors. The fruit of our research work is implemented in a system called ISE (Image Search Engine) which showed a very promising performance.
In fact, the performance evaluation of the PCM method of our descriptors combination showed upgrades of the average precision metric from 66.6% to 89.30% for the 'Food' category color histogram, from 77.7% to 100% concerning CCV for the 'Flower' category, and from 44.4% to 87.65% concerning the co-occurrence matrix for the 'Building' category using the Corel dataset. Likewise, our ISE system showed much more interesting performance compared to what was shown in previous works.
Keywords: CBIR; Genetic Algorithm (GA); PSO; Image Retrieval.