Forthcoming and Online First Articles
International Journal of Security and Networks
Forthcoming articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.
Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.
Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.
Online First articles are published online here, before they appear in a journal issue. Online First articles are fully citeable, complete with a DOI. They can be cited, read, and downloaded. Online First articles are published as Open Access (OA) articles to make the latest research available as early as possible.
Register for our alerting service, which notifies you by email when new issues are published online.We also offer which provide timely updates of tables of contents, newly published articles and calls for papers.
International Journal of Security and Networks (38 papers in press)
Abstract: In this work, we assessed the impact of post-quantum (PQ) cryptography on public key infrastructure (PKI). First, we modified a commercially available certification authority (CA) to issue "hybrid" certificates (X.509 certificates with PQ extensions). Then we assessed the impact of using these certificates on some existing protocols, including TLS, OCSP, CMP, and EST, with open-source libraries OpenSSL and CFSSL, and with a commercially available cryptographic toolkit. We found that most of the protocols and libraries we tested worked with hybrid certificates, and some of the failures could be overcome with minor modifications to the existing software. Our work differentiates from and extends previous work by focusing on the impact of PQ algorithms on certificate issuance, revocation, and management protocols, which are necessary for enterprises to manage PKI in their environments. The impact on TLS is also investigated, allowing consistency with previous results to be evaluated.
Keywords: post-quantum cryptography; security; certification authority; certificate authority; X.509 certificates; hybrid certificates; public key infrastructure; PKI; openssl; TLS; OCSP; CMP; EST.
IMMI: An Architecture Integrated for Management of Modern Internet Service Providers
by Rafael Gomes, Matheus Silveira
Abstract: Nowadays, the human society claims for modern computational services based on Internet access through an Internet Service Provider (ISP). Similarly, ISPs expanded their service delivery, giving different alternatives of access networks and interconnected by a edge network. This new reality creates the idea of Modern Internet Service Providers (MISPs), applying Network Virtualization (NV), Software Defined Network (SDN) and Network Function Virtualization (NFV) technologies. However, the MISPs need a solution to perform an integrated management of these network environments. Within this context, this article proposes an architecture, called Integrated Management of Modern Internet Service Providers (IMMI), to perform the management of both edge and access networks, allowing information exchange, the deployment of slices and resources based on the profile of the access network. Additionally, this article analyzes the current status of the ISPs (and their limitations), as well as it discusses the key technical trends and challenges for the management of MISPs. Finally, a case study is presented to show the suitability of the proposed architecture to enhance the management capacity of MISPs.
Keywords: Edge Network; Access Network; Network Management; Internet Service Provider.
Formal Verification of Secondary Authentication Protocol for 5G Secondary Authentication
by Ed Kamya Kiyemba Edris, Mahdi Aiash, Jonathan Kok-Keong Loo, Mohammad Shadi Alhakeem
Abstract: The Fifth-Generation mobile network (5G) will enable interconnectivity between the Home Network (HN) and Data Network (DN) whereby mobile users with their User Equipment (UE) will be able to access services provided by external Service Providers (SP) seamlessly. The mobile user and SP will rely on security assurances provided by authentication protocols used. For 5G, primary authentication between the UE and the HN has been defined and specified by the Third Generation Partnership Project (3GPP) while the secondary authentication has also been defined but not specified. 3GPP recommends the Extensible Authentication Protocol (EAP) framework for secondary authentication between the UE and the SP. However, the secondary authentication methods have not been formally verified, so this paper proposes a Secondary Authentication Protocol (SAP) for service authentication and provides a comprehensive formal analysis using ProVerif a security protocol verifier. Finally, it conducts a security analysis on the protocol's security properties.
Keywords: 5G; Secondary Authentication; Security Protocol; Services; Formal Methods; ProVerif; Applied Pi Calculus.
Flow-based Profile Generation and Network Traffic Detection for DNS Anomalies using Optimized Entropy-based Features Selection and Modified Holt Winter's Method
by Rohini Sharma, Ajay Guleria, R.K. Singla
Abstract: Network Anomaly Detection Systems can detect zero day anomalies but false positive rate is quite high, and the localization of anomalies require manual intervention. In this paper, Profile-based Network Anomaly Detection System (P-NADS) is proposed that works in three phases. In the first phase, a minimal set of characteristic features for DNS service is identified using proposed Optimized Entropy-based Features Selection (OEFS). Minimum number of characteristic features help in detecting anomalies with the same or higher accuracy and decreases the response time as well. In the second phase, Modified Holt Winter's Method using partial Trend (MHWT) is proposed that generates normal profile of a system to predict future normal behavior. It predicts the normal behavior more accurately than the previous techniques. Normal profile of a system is updated regularly using predicted and actual behavior of the system. In the final phase, anomalies are detected and localized. Experimental results show that the OEFS method works better than Information Gain and Forward Feature Selection Algorithm. The proposed MHWT method gives better prediction for DNS when compared to HWDS Method with the original set of features and with a minimal set of features. The proposed system automatically localizes the anomalies and finds the infected sub-network which can be isolated from the rest of the network until remedial actions are taken. Experiments are performed on Panjab University Flow-based Dataset (PUF-Dataset) which is available for researchers. The dataset was created using real flows collected from Panjab University Chandigarh campus network.
Keywords: Network Anomaly Detection; Holt Winter's Method; Domain Name System; Features Selection; Entropy; Normal Profile; Network Flows.
I-SMITE: An IP Traceback mechanism for Inter-AS SDN Networks using BGP
by Pynbianglut Hadem, Dilip Kumar Saikia, Soumen Moulik
Abstract: In this paper we introduce I-SMITE an inter-AS (Inter Autonomous Systems) IP traceback mechanism based on SMITE to support efficient IP traceback across inter-AS SDN (Software-Defined Networks) networks. The objective is achieved through an integration of SDN, Multiprotocol Label Switching (MPLS) and Border Gateway Protocol (BGP) in OpenFlow. Our proposed work leverages the flexibility of SDN and the strength of MPLS to achieve low false-positive rate, ability to perform post-mortem traceback, reduction in storage pressure/hardware investment and most importantly the ability to perform traceback for a single attack packet. Also, the standard Internet protocol BGP has been used to provide inter-AS IP traceback support, thereby enhancing the acceptability of the proposed work. Moreover, the proposed work also aims to overcome the difficulties and limitations of legacy traceback mechanisms in SDN environment.
Keywords: Network Security; IP Traceback; I-SMITE; SDN; MPLS; BGP; OpenFlow; Cyber-Attacks.
Encryption Key Management as a Trusted Security as a Service for Cloud Computing
by Saad Fehis, Omar Nouali, Tahar Kechadi
Abstract: Cloud computing has become very popular and its users and services are in constant increase. Currently, many mobile IT users are accessing business data and services without going through corporate networks. Consequently, the need for putting appropriate and robust security controls between mobile users and cloud-based services is crucial. This is the main reason behind the proliferation of new Security as a Service (SecaaS) offers. The common security mechanism of most services and communications is based on the encryption / signing keys, which themselves depend highly on the cryptographic key management system (CKMS) itself. This is called trustworthy protocol and its implementation is the most challenging of the whole security and protection policies and mechanisms. To deal with this challenge, we propose an approach that provides a CKMS as a trusted SecaaS based on the trusted platform module (TPM), which is the foundation for the trust, keys generation, and SecaaS authentication. We define an efficient security protocol that creates, certifies, and encrypts any encryption / signing key inside TPM. Key leaves TPM in encapsulated format, and it delivered to its owner in a secure way without decryption.
Keywords: Cloud Computing; Security as a Service; Cryptographic Key Management System; Trusted Platform Module.
Identifying influential spreaders in complex networks using neighborhood coreness and path diversity
by Yang Xiong, Xie Guangqian, Li Xiaofang
Abstract: The k-shell decomposition method dividing a great deal of nodes with different propagation capabilities into the same k-shell layer is unable to identify the influential spreaders accurately. Previous works improving the k-shell centrality were promising but inadequate, due to local neighborhood and spreading dynamics of information. To solve this problem, the path diversity based on information entropy is proposed. We have investigated the spreading dynamics using Susceptible-Infected Model and Independent Cascade Model to reveal the behavior of influential spreaders on the basis of topological location and neighborhood information. Accordingly, a novel neighborhood coreness method using path diversity to identify the influential spreaders from the point of information dissemination is proposed in this work. The simulation is evaluated with two real network datasets. The experimental results show that the neighborhood coreness centrality with the spreading diversity is capable of identifying the influential spreaders more effectively and rank the spreading influence in a more fine-grained level. The nodes found by our method can produce a wider spreading scope in Independent Cascade Model and can take less time to achieve the saturation point in Susceptible-Infected Model.
Keywords: spreading capability;neighborhood coreness centrality;k-shell decomposition; influential spreaders.
A Review of Security Risks and Countermeasures in Containers
by Samuel Martinez, Victor Morales, Ramon Parra
Abstract: Containers are environments that allow software developers to package applications, along with their libraries, dependencies, and all the resources necessary for their operation. Due to the advantages of containers, compared to virtual machines, their use has increased in recent years. However, the nature of containers to share both, the resources, and the kernel of the host system, produces a variety of security problems. This paper describes how application containers work, to latter present a review of the security risks to this technology, as well as the countermeasures to mitigate them. A classification has been made of the risks as well as the security mechanisms used in this environment. Finally, according to different works that were analysed, a relation of the risks and the corresponding mechanisms to counteract them is presented.
Keywords: Containers; container security; container risk; application containers.
A Novel Security Management System for Hazardous Chemicals
by Guanlin Chen, Qiao Hu, Kaimin Li, Wenyong Weng, Yubo Peng
Abstract: With the increasing use of chemicals by the people, the hidden dangers of hazardous chemicals are also increasing. In recent years, many hazardous chemical explosion accidents have occurred, posing a great threat to people's lives and health. How to prevent hazardous chemical accidents has become an important issue. In this paper, we design a novel security management system for hazardous chemicals(HC-NSMS). This system is developed based on JavaEE, using the MySQL data storage and MVC architecture. This system is mainly composed of four modules: user module; hazardous chemical management and information query module; hazard source query display module, statistical analysis of hazardous chemical information module; and early warning of over-standard hazardous chemicals module. Using this system, we comprehensively collect various indexes and quantities of hazardous chemicals in every location in the city. Then we sort these data and a basic database is established to intelligently predict and warn the real-time status of hazardous chemicals.
Keywords: hazardous chemicals;security management;JavaEE;MySQL;Ajax.
Detecting PE-Infection Based Malware
by Chia-Mei Chen, Gu-Hsin Lai, Zheng-Xun Cai, Tzu-Ching Chang, Boyi Lee
Abstract: Organizations have employed multiple layers of defense mecha-nisms, while numerous attacks still take place every day. Malware is a major vehicle to perform attacks such as stealing confidential information, disrupting services, or sabotaging industrial sys-tems. Attackers customize malware by advanced attack tech-niques, such as PE (portable executable) infection or DLL (dy-namic link library) injection which inserts a malicious DLL to a benign program, to subvert defense systems. Advanced persis-tent threat (APT) attacks had intruded and not been discovered in high profile organizations; they are seeking for a solution to identify the malware. The behavior of DLL injection sometimes occurs during ex-ecution; static analysis might not be able to capture it. To improve the detection performance, this study proposes a hybrid ap-proach combining static and dynamic analysis to detect malware. The experimental results show that the proposed approach could detect malware efficiently and could flag unknown malware before the commercial anti-virus software.
Keywords: malware detection; DLL injection; advanced persistent threat.
An automated method for detecting suspicious nodes in Bitcoin address graph
by Tala Tafazzoli, Abouzar Arabsorkhi, Amirahmad Chapnevis
Abstract: Financial innovation has entered a new era with cryptocurrencies. Bitcoin is the first decentralized cryptocurrency and the most popular in the world. The main features of this new technology are immutability, decentralized trust and anonymity. Bitcoin anonymous and untraceable system facilitates cash-out and laundering of cybercrime proceeds. Bitcoin currency flow provides an address graph that assigns the flow of Bitcoin between two addresses. Identifying suspicious nodes in the Bitcoin network is similar to the problem of recognizing the origins in the contact network of different applications, i.e., virus propagation, rumor source in social networks, poison spread in water networks. In order to investigate money laundering in Bitcoin, we proposed an automated method to identify suspicious addresses in the Bitcoin address graph. We chose two centrality measures to be calculated on the graph. The measures are betweenness centrality and closeness centrality. The nodes with the highest values for the measurements are suspicious. The accuracy of the proposed method is further investigated by comparing the fraudulent candidate nodes with other scenarios. It is shown that the identified nodes are correct candidates for further investigations.
Keywords: Bitcoin; bteweenness centrality; closeness centrality; money laundering;.
An Authorization Certificate Based Access Control Model
by Wenxin Li, Jingsha He, Nafei Zhu, Shuting Jin, Da Teng
Abstract: There are currently many types of access control models and schemes that have been proposed to protect valuable resources in distributed environment. Many such models have failed to take into the consideration of efficiency, security, practical implementation and management at the same time. Based on the analysis of conventional certificate-based access control characteristics, this paper proposes an Authorization Certificate Based Access Control Model (ACBAC) to realize access control in distributed environment. Employing certificates in access control c a n h e l p meet the v a r i o u s requirements in distributed networks or systems while ensuring security to a great extent. Efficiency and security can thus be improved by delegating the functions of making access authorization decisions to the certificate issuer (CI). We will formally describe the model, introduce the application scenarios and the processes of the model, and provide the details of implementation. Finally, the effectiveness and superiority of the model is verified through experiment and analysis.
Keywords: Authorization certificate; Access control; Access control model; Distributed control; Formalization.
IOT Smart Homes Security Challenges and Solution
by Mansoor Farooq, Mubashir Hassan
Abstract: Security in smart homes is becoming more and more relevant because of the ever-growing availability of devices on the market and the confidential information they process. Historic incidents have indicated that intelligent homes can lead to attacks with significant consumer and community implications. While a lot has been achieved to identify security solutions for IoT and intelligent houses, consensus also needs to be found about how the best solutions are. This paper describes the significance of technologies in the field and presents a possible security policy for intelligent households. The safety solution is a network-based solution installed in a smart hub that identifies malicious behavior inside a connected home network. Two attack detection processes, namely botnet detection and Evil-Twin attack detection are introduced as proof of concept. The findings suggest that the security supervisor can identify the former but not the latter.
Keywords: IoT; Smart Homes; Botnet; and Evil-Twin.
A secure and privacy-preserving Scheme for Secure Metering and Cooperative Communication in Advanced Metering Infrastructure of Smart Grid Networks
by Oladayo Olakanmi, Kehinde Odeyemi
Abstract: Advanced Metering Infrastructure (AMI) in a smart grid network performs fine grained metering and communication for effective monitoring of energy consumptions of electric utility customers. However, its reliance on the existing wireless communication facilities, which are not only characterized by high traffic but also vulnerable to different attacks, affects its performance. The high volume of sensitive data on AMI coupled with the vulnerability of its wireless infrastructure has made it one of the major targets for different attacks in the smart grid network. Therefore, to secure metering and communication on an AMI of smart grid network there is a need for an efficient solution that enforces confidentiality, integrity and privacy preservation. Although several schemes had been proposed to secure metering and communication in AMI, most of them are incapable of providing vital security properties at a low cost. In this paper, an efficient privacy-aware and secure metering and communication scheme is proposed to secure metering, and preserve the customers privacy. To achieve this, we adopted low-cost cryptographic primitives to evolve effective metering and communication scheme with non-complex key management and authentication procedures. Our approach allows data aggregation among m number of customers for secure multi-hop transmission of metering data. The simulation results showed that the approach ensures confidentiality, privacy preservation, and integrity in AMI at a low computational and communication overhead.
Keywords: Smart Grid; Perturbation; Security; Aggregation; Metering; Communication.
Desktop and Mobile Operating System Fingerprinting based on IPv6 Protocol using Machine Learning Algorithms
by Saeed Salah, Mohammed AbuAlhawa, Raid Zaghal
Abstract: Operating System (OS) fingerprinting tools are essential to network security because of their relationship to penetrating testing, vulnerability scanning, network inventory and tailoring of exploits. While OS identification is traditionally performed by passive or active tools that use fingerprint datasets, a limited number of proposals has focused on using machine learning techniques. Furthermore, significantly more contributions have focused on IPv4 than IPv6. This paper proposes a new methodology based on machine learning algorithms to build classification models to identify IPv6 OS fingerprinting based on user traffic. Unlike other proposals that mainly depend on TCP and IP generic features for detecting the OS, this work adds other features to improve the detection accuracy. Moreover, the scope of this work is extended beyond the classification of OSes that are installed in desktop and laptop (such as Windows and Linux, etc.), it also considers OSes installed in mobiles and tablets (such as Android and iOS). In addition to that, since IPv6 suffers from lack of such datasets that can be used for OS fingerprinting purposes, due to privacy issue of the IPv6 information (such as IPv6 address and prefix), a newly created dataset was used in this work and will be available for other researchers who conduct relevant research. The experimental results have shown that the algorithms achieved high and acceptable results in the evaluation metrics in classifying the OS. KNN and DT achieve high accuracy of up to 99%. SVM achieves a quite high accuracy of up to 81%. GNB achieves the lowest accuracy up to 75%. Moreover, KNN, RF and DT achieve the best recall, precision and f-score which almost the same as the achieved accuracy. GNB achieves 0.75 recall larger than precision (0.81) due to the high number of False Negative (FN) records.
Keywords: operating system; fingerprinting; IPv6; network security; machine learning; mobile operating system; performance measures.
privacy in content-centric networking against side channel attacks
by Anmol Agnihotri, Padmavathi R., Santanu Chatterjee, Vinod Mahor
Abstract: Content-Centric Network (CCN) is a new networking paradigm to overcome the shortcomings of todays Internet. The central point in CCN is the named and addressable data or the content. Due to a few loopholes within the engineering of CCN, side-channel attacks are conceivable. In this paper, two such types of attacks are investigated, one is time-based and another is inference based. Delivering privacy to consumers comes at the cost of reducing utility. We proposed an algorithm to preserve consumer privacy without much affecting the overall utility of the network to overcome time-based attack on privacy. A comparative study of privacy vs. utility trade-off is presented. The algorithm is analysed both experimentally and theoretically and results are reported.rnInference side-channel attack based on frequency analysis can be achieved by an eavesdropper in the presence of adequate information, to learn the plain-text of encrypted content transmitted in CCN. We analysed the accuracy of this attack and in what extent it can jeopardize consumers privacy. A method is proposed to collect the auxiliary information needed to carry out the attack by probing the cache of the CCN routers. The attack is analysed theoretically as well as experimentally and reported. Possible countermeasures to mitigate the attack are also discussed.
Keywords: Security & Privacy in CCN; Future Networking Architectures; Side-channel attacks; Cache-Probing attack in CCN; Inferenece Attack in CCN.
Uncertain graph generating approach based on differential privacy for preserving link relationship of social networks
by Jun Yan, Yupan Tian, Hai Liu, Zhenqiang Wu
Abstract: With the widespread use of social networks in our daily life, the personal privacy in social networks has become a growing concern. To prevent the link relationship of social networks from disclosing users' sensitive information when the social networks data is released, an uncertain graph approach based on differential privacy is introduced, which can resist attacks based on background knowledge and possesses better data utility. In this approach, we propose a modification of edges based on random response (MERR) algorithm and a injection of uncertainty based on k-edges-differential privacy (IUDP) algorithm. The MERR algorithm can modify the edge of original graph according to random response mechanism, while the IUDP algorithm injects uncertainty to generate an uncertain graph. For evaluating our approach, the expectation of editing distance between two graphs is adapted to measure the level of privacy preserving. In addition, our approach is conducted on different data sets and compared with other approaches. The experimental results indicate that this approach achieves differential privacy and has better data utility.
Keywords: uncertain graph; k-edges differential privacy; random response mechanism; Laplace mechanism; link relationship.
Chebyshev chaotic map based efficient authentication scheme for secure access of VoIP services through SIP
by Vinod Mahor, R. Padmavathi, Santanu Chatterjee
Abstract: In a network of participants who wish to communicate or access multimedia service using voice over IP (VoIP), System Initiation Protocol (SIP) is used. SIP exists in the application layer for signalling to initiate, update and terminate the sessions. Before initiating the session, the security neccessitates authentication of participating entities. A Mutual authentication mechanism is required for SIP in order to establish a secure session between the two entities. In password based authentication, user need to remember his username and password in order to have a session with other user. In this paper , we have proposed an efficient smart card based mutual authentication scheme (CP-MASIP) for SIP which is based on chebyshev chaotic map. In addition to providing security against various known attacks, our scheme provides user anonymity which is very important security parameter in present world. The scheme has been analyzed using BAN logic and informal security analysis.
Keywords: Mutual Authentication; BAN Logic; Session Initiation Protocol(SIP); Session Security.
Enhanced VoD Security in Cloud Computing Against Insider and Outsider Threats
by Mohammad Alshayeji, Sa'ed Abed
Abstract: Many Video-on-Demand (VoD) providers leverage the bene?ts of cloud computing (e.g., Net?ix shifted to Amazon Web Services). However, various security concerns have arisen from this shift. For instance, if the hosted multimedia contents are not encrypted, then the VoD providers must fully trust that the cloud provider will not illegitimately access, distribute, or modify the multimedia contents. This ultimate trust in the cloud provider emerges owing to numerous issues, especially as the latest ENISA report showed that approximately 25% of security threats have been based on internal misuse over the last six years. Moreover, quite a few of these high-pro?le breaches were because of internal threats. In this paper, we introduce a simple yet e?ective scheme to protect contents from internal and external threats. Encrypt Once - Con?dentiality, Privacy, and Integrity (EO-CPI) focuses on protecting data con?dentiality, integrity, and users privacy for untrusted cloud-based VoD systems. We compared our proposed scheme, which is similar to Net?ix latest encryption scheme that uses Transport Layer Security (TLS) with Advance Encryption Standard - Galois Counter Mode (AES-GCM). Our results demonstrated a signi?cant reduction of 79% of the server-side computational overhead when using EO-CPI with a re-encryption degree of one time per ?ve users while maintaining an intact performance for the user side. It also provides security from internal and external threats versus other approaches when there is a supply of security exclusively from external parties. The proposed approach should enhance and facilitate cloud-based VoD security and diminish its carbon footprint.
Keywords: Cloud Computing; Content Encryption; Insider Threats; Privacy; VoD.
VoIP security auditing model based on COBIT 4.1
by Oscar Danilo Gavilanez Alvarez, Glen Dario Rodriguez Rafael
Abstract: The article justifies the need for a specific model of VoIP security auditing that evaluates the incidence of security problems and addresses the challenges in terms of protecting IT resources. The current VoIP security problems are determined based on the analysis of auditing frameworks, and a model based on COBIT 4.1 is proposed to address these problems. As an innovation, the model includes the security culture plan and social engineering from the approach of the user as an IT service customer. In this work, we present the validation of the surveys using Cronbachs alpha and the results of the statistical average of the surveys applied to experts in social engineering and security auditing in VoIP. The proposed VoIP Security Auditing Model, called VoIPSAM, considers four domainsPlan and Organize, Monitor and Evaluate, Acquire and Implement, and Delivery and Supportwhich consider specific security policies for its application.
Keywords: model of security auditing; social engineering; security culture plan; VoIP; COBIT.
Using Blockchains to protect Critical Infrastructures: a comparison between Ethereum and Hyperledger Fabric
by Wilson Melo, Lucas S. Dos Santos, Lucila M. S. Bento, Paulo R. Nascimento, Carlos A. R. Oliveira, Ramon R. Rezende
Abstract: The monitoring and protection of critical infrastructures, especially the ones involving physical assets (e.g., dams, nuclear energy facilities, governmental buildings), constitute a challenging problem. The failure and collapse of these infrastructures can cause untold consequences. Recent works have proposed blockchains as a tool to improve monitoring systems in different critical infrastructures. However, most previous works lack on presenting a more in-depth discussion about how to implement these solutions. In this paper, we develop a practical approach. We propose a comprehensive framework that describes how to implement a blockchain-based system to monitor and protect critical infrastructures. We implement our framework in two distinct blockchain platforms: Ethereum and Hyperledger Fabric. We compare both implementations and discuss their differences in terms of performance, easiness of development, security, privacy, complexity, and costs. We believe that our results can be valuable for professionals interested in applying blockchain-based solutions to protect critical infrastructures.
Keywords: blockchain; critical infrastructures; cyber-physical systems; security.
Simulated Study of the Influence of Node Density on the Performance of Wireless Sensor Networks
by Aaron Rababaah
Abstract: This paper investigates the impact of local and global node density in cluster-based structured Wireless Sensor Networks (WSNs). The local density represents sensor node density (SND) in a cluster whereas, global node density relates to head node density (HND) in the entire WSN. The literature rarely addresses the impact of density on WSNs performance as the focus is typically on protocols, routing, scheduling, clustering and network longevity. Often, the density of nodes is assumed heuristically, but not based on empirical experiments. In this work, we address this issue by measuring the impact of node density on four performance metrics: isolated sensor nodes, isolated head nodes, network detection effectiveness and network tracking accuracy. Using an in-house simulator, a total of 5200 experiments were conducted and performance-metrics were collected and analyzed. The results revealed interesting relationships among the studied variables and identified best performing node densities locally and globally.
Keywords: wireless sensor networks; clustered networks; tracking accuracy; detection effectiveness; local node density; global node density.
Network tolerance optimization to random and target attacks based on percolation theory
by Xiaoteng Yang, Zhenqiang Wu, Jun Yan, Mubarak Umar
Abstract: A social network system has a failure characteristics for random attacks of components or target attacks. This paper constructs related models for complex network defense systems to support the integrity of the social network system. First, we discuss the impact of component failure on complex systems and determine the risk scope. Second, based on the attack tolerance of the percolation theory, we verify the robustness of the network system through the percolation threshold fc to determine its optimal distribution. Third, we build a bimodal-distributed network model based on the network optimality to resist network failure.The model simulation results show that when the degree node is Kmin and Kmax in the complex networks, these nodes themselves form a largest cluster to guarantee the integrity of the network system, and to ensure that the network is still robust to subsequent attacks after the removal of the central hub nodes.
Keywords: Network defense system;percolation theory;attack tolerance;bimodal-distributed network model.
Security Enhanced Android for an Enterprise
by Rameez Rehman, Syed, Mudassar Waheed, Ammar Masood
Abstract: Mobile devices have emerged as one of the most common means of communication in current times. Mobile devices are commonly used to either access or store private information of the users, which make them a treasure trove for malicious intent attackers. Additionally, enterprises also encourage users to use their own mobile devices which not only leads to users convenience but at the same time also serve to decrease costs and higher employee productivity for an enterprise. In this scenario, an attack on employee's mobile device will not only uncover personal information of the employee but also the enterprise's secrets and protected data. Thus highlighting the requirement for strong protection of data stored on these devices and also the need for hardening the mobile devices against malicious attacks. One such approach for an enterprise would be to reinforce the underlying Android operating system (OS) which is the one most widely used in current mobile devices due to its open source nature. With this focus we first carried out a security feature comparison of Android Open Source Project (AOSP) based OS with iOS (iPhone's Operating System) to identify potential enhancements for a secure Android OS for the enterprise. Subsequently an analysis of custom Android ROMs was performed to further refine security enhancements in an enterprise scenario. Present work follows a risk assessment approach through a comprehensive security comparison of stock Android with iOS and custom ROMs to establish security requirements for Android in an enterprise scenario.
Keywords: Android Security; Android custom ROMs; Enterprise Security Requirement; Security Enhancements in Android; Mobile OS security; iOS security.
A new Wrapper Feature Selection model for Anomaly based Intrusion Detection Systems
by Meriem Kherbache, Kamal Amroun, David Espes
Abstract: Feature selection is a fundamental phase of Anomaly-based intrusion detection. It is a method that selects the near-optimal subset of features to improve the effectiveness of an anomaly-based Intrusion Detection System (IDS). A near-optimal subset of features is one of the main factors to reduce the number of false positives and the classifier execution time. To select this subset of features, this paper introduces a new method that combines the Agglomerative Hierarchical Clustering (AHC) algorithm with the Support Vector Machine (SVM) classifier. An intelligent process classifies the features according to their variances for each attack category. The features are selected based on their variance and grouped by their variance similarities. An iterative algorithm is used to combine the obtained attack clusters with normal traffic to form subsets of candidate combinations. The SVM classifier is applied to find the best combination of features. The NSL-KDD and CICIDS2017 datasets are used to estimate the effectiveness of the proposed method. The evaluation results show that our algorithm increases significantly the detection accuracy and improves the detection time. The results show that the proposed approach significantly reduced the number of features for each attack (about 80% for the NSL-KDD dataset and 90% for the CICIDS2017 dataset). Moreover, it performs very well on any type of attack (whether stealthy or not) and outperforms other existing approaches. Perfect accuracy of 100% is achieved for some stealthy and complex attacks such as Heartbleed, SQL Injection and Botnet attacks.
Keywords: Intrusion Detection System; Feature Selection; Agglomerative Hierarchical Clustering; Support Vector Machine.
Police Alarm Address Recognition and Classification Based on Convolutional Neural Networks
by Mingyue Qiu, Zhijie Bi
Abstract: The assignment of addresses of police alarms is the most significant aspect when receiving such alarms. However, currently, most areas still adopt modes such as the layer-by-layer forwarding of police alarm addresses, dispatching alarms level by level, manual judgement of addresses, and manual allocation of the alarms. Under such modes, the identification of alarm addresses is likely to be inefficient and inaccurate, and there will also be issues such as long dispatch times. As the reception of police alarms continues to rise, this paper builds an intelligent police alarm address recognition and classification model based on natural language processing and convolutional neural networks. This will achieve the rapid identification and classification of alarm addresses, thereby meeting the goal of improving the efficiency of the reception of police alarms. At present, the system has been deployed and used, which has greatly improved the efficiency of police work.
Keywords: Natural language processing; Convolutional neural networks; Address recognition; Police alarm address classification.
Implementation of Quasi-Newton Algorithm on FPGA for IoT Endpoint Devices
by Shizhen Huang, Anhua Guo, Kaikai Su, Siyu Chen, Ruiqi Chen
Abstract: With the recent developments in the Internet of Things (IoT), there has been a significant rapid generation of data. Theoretically, machine learning can help edge devices by providing a better analysis and processing of data near the data source. However, solving the nonlinear optimization problem is time-consuming for IoT edge devices. A standard method for solving the nonlinear optimization problems in machine learning models is the Broyden-Fletcher-Goldfarb-Shanno (BFGS-QN) method. Since the field-programmable gate arrays (FPGAs) are customizable, reconfigurable, highly parallel, and cost-effective, the present study envisaged the implementation of the BFGS-QN algorithm on an FPGA platform. Using half-precision floating-point numbers and single-precision floating-point numbers to save the FPGA resources were adopted to implement the BFGS-QN algorithm on an FPGA platform. The results indicate that compared to the single-precision floating-point numbers, the implementation of the mixed-precision BFGS-QN algorithm reduced 27.1% look-up tables, 18.2% flip-flops, and 17.9% distributed random memory.
Keywords: IoT; edge computing; machine learning; nonlinear optimization; BFGS-QN; FPGA.
Heterogeneous Big Data Fusion in Distributed Networking Systems for Anomaly Detection and Localization
by Yuan Zuo, Xiaozhou Zhu, Jiangyi Qin, Wen Yao
Abstract: An efficient anomaly detection and localization mechanism is crucial for achieving high-quality network services. In particular, learning-based methods have recently been developed to achieve this goal by discovering helpful information from a massive amount of heterogeneous network data. However, heterogeneous data from various network components lead to significant challenges and an unexpected burden for analysis. The distributed scale of networking systems challenges data integrity and knowledge retrieval due to the separation of coupled functions over the distributed system. In this article, an insightful survey is performed by thoroughly reviewing recent academic and industrial contributions regarding anomaly detection and localization. To tackle the issues, we propose a new framework to effectively learn informative representations of heterogeneous data and fuse this information for efficient anomaly detection and localization. Furthermore, a case study is presented for anomaly detection and localization through learning data representations and performing heterogeneous data fusion.
Keywords: Data heterogeneity; Distributed networking systems; Anomaly detection; Anomaly localization; Machine learning.
A Hybrid Malware Analysis Approach for Identifying Process-Injection Malware Based on Machine Learning
by Chia-Mei Chen, Ze-Yu Lin, Ya-Hui Ou
Abstract: Advanced Persistent Threat (APT) attacks take place every day, utilizing stealthy and customized malware to disrupt the service or sabotage the network. Such advanced malware may subvert the defense mechanism by abusing process injection techniques provided by operating system and injecting malicious code into a benign process. Some process injection techniques may be identified by static analysis, but some can only be discovered at run time execution. This study adopts deep learning models and two malware analysis approaches to detect process injection malware. By applying transfer learning, this study proposes a CNN-based detection model with the features selected from static and dynamic analysis to identify process-injection malware. The experimental results demonstrate that the proposed method could detect process-injection malware efficiently as well as unknown malware.
Keywords: malware detection; process injection; machine learning.
Entropy and likelihood based detection of DGA generated domain names and their families
by Ashutosh Bhatia, Deepak Vishvakarma, Rekha Kaushik, Ankit Agrawal
Abstract: Botnet is a network of hosts (bots) infected by a common malware and controlled by command and control (C&C) servers. Once the malware is found in an infected host, it is easy to get the domain of its C&C server and block it. To counter such detection, many malware families use probabilistic algorithms, known as domain generation algorithms (DGAs), to generate domain names for the C&C servers. In this paper, we propose a probabilistic approach to identify the domain names that are likely to be generated by malware using DGAs. The proposed solution is based on the hypothesis that the entropy of human-generated domain names should be lesser than the entropy of DGA generated domain names. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 39 DGA families considered by us in our experimentation.
Keywords: Domain Name System;· Domain Generations Algorithms; Botnets; Command and Control Servers.
A survey on SQL injection attacks, detection and prevention techniques - A tertiary study
by María Hallo, Gabriela Suntaxi
Abstract: This paper presents a tertiary systematic literature review of SQL Injection Attacks based on previous secondary systematic literature reviews and systematic mappings. We identify the main observations (what we know) and challenges (what we do not know) on SQL injection attacks. We perform this tertiary review using six scientific databases. Based on a rigorous search process, we consider in our study eleven secondary studies published in the last decade. We define six research questions that help us determine the current state of the art in SQL injection attacks. We organize the main observations and challenges into definitions, most common research topics related to SQL injection attacks, detection and prevention techniques, and limitations of the studies. Finally, we identify open issues that could guide future research work.
Keywords: SQL injection attacks; SQLIA; SQL injection detection techniques; SQL injection prevention techniques.
Taxonomy of reputation-based defending mechanisms against types of attacks in delay tolerant networks
by Preeti Nagrath, Sandhya Aneja, G.N. Purohit
Abstract: Delay tolerant networks (DTNs) have been standardised as a solution for wireless networking scenarios with intermittent connectivity. Limited buffer space and limited battery power in DTNs can give rise to malicious nodes. These malicious nodes misuse network resources and exhibit malicious behaviour which can cripple the network. This paper discusses various forms of malicious behaviour: flooding attack, black hole attack, and selfish attack. Several reputation based defending mechanisms against these attacks have been proposed by the DTN research community. In this paper, a taxonomy of these reputation-based defending mechanisms is defined, in terms of how reputations are calculated and disseminated. The mechanisms are categorised as source-based, peer-based, trusted-authority based or destination-based, depending on which node takes the decision to assign reputation. Under each category, the mechanisms are further classified as either node-centric (the node itself), or node-in-contact-centric (contacting node), based on which node keeps evidence of the job performed. This paper presents a review of all these reputation mechanisms and compare them in terms of computation and other parameters. Destination-based reputation mechanism seems to be a better approach.
Keywords: delay tolerant networks; DTNs; attacks; vulnerabilities; reputation-based defending techniques; destination-based approach; taxonomy.
A smart urban management information public opinion analysis system
by Guanlin Chen, Rutao Yao, Gang Chen, Jie Chen, Tian Li
Abstract: With the continuous development of the times, urban population keeps increasing, the difficulty of urban management has become higher and higher. Today is an information age, and the internet is flooded with information. If the information can be used, the public opinions of urban residents can be grasped through this information, then problems can be perceived in advance and resolved early. In this paper, we proposed a smart urban management information public opinion analysis system. This system uses Oracle to provide database support, combined with natural language processing technology, aims to create a complete system includes achieve information collection, text analysis of information and final data display, which could contribute to the creation of a smart city
Keywords: text analysis; public opinion; Oracle; natural language processing.
An algorithm of NLOS error identification and mitigation in mobile location estimation
by Changhong Zhu, Ning Xiao
Abstract: For the purpose of improving positioning accuracy of mobile station in the complex environment, a real-time non-line-of-sight (NLOS) identification and elimination method is proposed based on the characteristics of NLOS error. In this algorithm, Kalman filter (KF) is used to identify whether NLOS errors are included in range measurements in real time. According to the positive deviation characteristics of NLOS errors, there is a positive deviation between the smoothing curve of distance measurements and the real distance curve. The reconstructed line-of-sight measurements can be obtained by moving down the curve. The simulation results prove that the algorithm is better than traditional extended Kalman filter (EKF) and Wylie algorithm.
Keywords: non-line-of-sight; Kalman filter; positioning accuracy; identification; mitigation.
An overall analysis method of urban road parking lots based on data mining
by Guanlin Chen, Jiapeng Shen, Jiang He, Xu Dai, Wenyong Weng
Abstract: In this paper, we first propose a multiple linear regression-autoregressive moving average model (MLR-ARMA) which combines the multiple linear regression model and the autoregressive moving average model to fit and predict a single parking lot's parking demand. The experimental results show that this model performs better on predicting future parking amounts than the simple multiple linear regression model and the autoregressive integrated moving average (ARIMA) model. Then, this paper proposes an overall analysis method of urban road parking lots based on cluster analysis and uses the MLR-ARMA model to verify the clustering results. The experimental results show that when reasonable weights are assigned to different dimensions of the feature vector of parking lots, the method proposed in this paper can classify parking lots with similar usage patterns and adjacent locations into one category well, which is conducive to further analysis.
Keywords: parking management; MLR-ARMA model; data mining; cluster analysis; feature vector; linear regression.
A novel approach for COVID-19 outbreak spread monitoring and control using smart grid technology
by El Yazid Dari, Ahmed Bendahmane, Mohamed Essaaidi
Abstract: The novel coronavirus SARS-COV-2 was discovered in November 2019, in China. On March, 2020, the WHO announced that COVID-19 could be characterised as a pandemic (WHO, 2020a). Then, it was rapidly spread from China to others countries. Coronavirus disease, COVID-19, is a viral infection that generates a severe acute respiratory syndrome with serious clinical symptoms given by such as fever, dry cough, and pneumonia (Kucharski et al., 2020). In addition, this virus is so widespread among people and it is difficult to control. To fight the rapid spread of new diseases like COVID-19, the support of technologies such as AI, big data, and IoT has proved to be very useful and provides better pandemic spread control tools. In this paper, we propose to leverage smart grid technology to detect COVID-19 cases clusters, to accelerate pandemic remote monitoring, and to predict probable virus future spread by collecting and analysing retrieved data.
Keywords: smart grid; smart metres; COVID-19; SARS-COV-2; coronavirus; temperature; communication; symptoms.
Partial rule security information and event management concept in detecting cyber incidents
by Aleksandar Jokić, Sabina Baraković, Jasmina Baraković Husić, Jasna Pleho
Abstract: Information communication technologies are evolving rapidly and have huge impact on everyday life. This does not come without dangers, i.e., it is actively followed by wide range of malicious activities that impact the companies forcing them to protect their information at all costs. Cyber attacks today are usually consisting of multiple carefully planned hardly detectable steps causing severe damage to companies. This paper examines the capability of security information and event management (SIEM) system with applied partial rules in detecting the multi-step attacks. Fine tuning was focused on detecting partial attack patterns that were important and specific to environment and positive results were gained. The results show that when using the partial rule approach in SIEM for incident detection, the number of detected advanced multistage cyber attacks has increased, thereby contributing to the overall security in cyber space.
Keywords: cyber attack; detection; exfiltration; partial rule; security; SIEM; visibility.
Plant disease detection for banana using long range wide area network
by J. Blessy Annie Flora, S. Radha, R. Hemalatha, S. Aasha Nandhini
Abstract: Agriculture is the backbone of India and nearly 70% of the people in the country depend on agriculture. These agricultural practices need to be transformed to overcome the negative impact of yield losses in real-time. A major threat to crop production is plant diseases. With the use of long-range wide area network (LoRaWAN), it is possible to connect the sensor nodes deployed in the agriculture field over a long distance. In this paper, a low-cost plant disease detection of the banana field using LoRaWAN is proposed to deploy IoT-based network for environmental monitoring. LoRaWAN is used for monitoring the environmental parameters of the field to predict the diseases affected in the banana plant. The affected disease information is transmitted using LoRaWAN for covering long distances in the field. Using the things network (TTN) cloud service and the Ubidots dashboard the data are analysed and notification given to the farmers.
Keywords: LoRaWAN; Black Sigatoka; bunchy top of banana; smart agriculture; the things network; TTN.