International Journal of Security and Networks (19 papers in press)
Packing Resistant Solution to Group Malware Binaries
by Ahmad Azab
Abstract: Malware is still identified as a serious threat on the Internet
and considered the main tool utilized by cybercriminals to conduct their
malicious actions against corporations, government agencies and
individuals. Malware authors embed numerous techniques, such as
obfuscation and morphing, to avoid detection by anti-virus engines
and facing hardened zero-day detection. To address this problem, we propose a
solution that groups malware binaries belonging to the same variant,
regardless of whether they are packed or not. Our approach deploys similarity
measures between the malware binaries of the same variant by applying
data mining concepts in conjunction with hashing algorithms. In this
paper, we assess Trend Locality Sensitive Hashing (TLSH) and SSDEEP
hashing algorithms to group packed and unpacked binaries of the same
variants, deploying K-NN learning algorithm. Two Zeus variants are used -
Mal_ZBOT and TSPY_ZBOT - to address the effectiveness of the proposed
approach. The experimental results reflect our method's effectiveness in
grouping binaries of the same variant, its resilience to common
obfuscations used by cybercriminals and a poor performance with regard to applying
the hashing algorithm without the data mining concept. The best result
attained over both packed and unpacked binaries is 0.982 F-Measure.
Keywords: Malware; Hashing; Datamining; Zeus.
Evaluating the behavior of stream learning algorithms for detecting invasion on wireless networks
by Cláudio Alves, Flávia Bernardini, Leandro Sousa, Edwin Mitaac
Abstract: Ensuring protection in computer networks is an increasingly difficult task because of the sheer number and variability of threats currently encountered. Intrusion Detection Systems (IDS) is usually used to improve the security of information in computers networks, including any content that has value to a person or company. IDS monitor computers or networks to identify malicious activity or unauthorized access. An open issue is how much data is necessary for constructing models for predicting invasion in wireless networks, specially considering that are some scenarios that dataset is not promptly available. Our approach should consider constructing classifiers given a dataset and, as the dataset grows, new classifiers are constructed. Other strategy is explore stream learning algorithms that adapt models along the time. In addition to studying the applicability of stream learning algorithms. This work aims to investigate whether in terms of processing time, stream algorithms are more efficient than batch ones.
Keywords: Stream Learning; Intrusion Detection Systems (IDS); Wireless Networks.
Multi-Party Computation Review for Secure Data Processing in IoT-Fog Computing Environment
by Bhabendu Kumar Mohanta, Debasish Jena, Srichandan Sobhanayak
Abstract: In the last decade Internet of Things (IoT) technology becomes useful in almost every application fields. IoT-Cloud based architecture is insufficient to handle the requirement of IoT like latency, bandwidth, and volume of data. Fog computing can address those problems by providing processing and services to end-users at the edge network. In centralized system computation and processing was done in a centralized way. Some of the issues in that centralized system are malicious behavior, node capture, and failure. The solution for this would be if multiple parties do the computation then the decision can be reliable, trustworthy. In this paper, authors first used IoT-Fog-Cloud architecture to explain the need to multi-party computation in IoT applications. Secondly, authors review existing work in term of the basic working principle of multi-party computation and already used applications area. Lastly paper described the solution approach to perform the secure multi-party computation in term of Blockchain Technology.
Keywords: IoT; Fog Computing; Cloud computing; Multi-Party
Computation; Security; Blockchain; Distributed.
A Framework for Security Enhancement in Multitenant SDN-based Datacenters
by Mostafa Ammar, Ayman Abdel-hamid, Mohamed Rizk, Magdy Abdelazim
Abstract: Nowadays, there is a rising demand for enterprises to migrate datacenter into public cloud. This transfer has several drivers such as decreasing datacenter operational cost and increasing scalability. Moreover, it motivated cloud providers to construct more multitenant datacenters. On the other hand, cyber attacks against IT infrastructures are becoming sophisticated. Protection against datacenter adversaries requires integration between security middleboxes such as (Intrusion detection system (IDS), firewall (FW)) and network layer. In this paper, a framework is proposed to enhance security for software defined network (SDN) based multitenant datacenters. A novel mechanism is introduced to only forward suspicious traffic for deep packet inspection(DPI) without affecting any other traffic. Attack graphs are used to specify all possible attack scenarios against datacenter network. Framework proof of concept prototype is implemented using a mixed emulation and simulation environment. A typical multitenant data center network topology is used to test and evaluate framework performance. Moreover, different types of traffic (TCP, UDP) and typical middleboxes are used in experiments. Performance evaluation Results show framework feasibility and performance against attacks while not affecting delay sensitive traffic.
Keywords: SDN; datacenter; multitenancy; security; attack graph; deep packet inspection.
A Game Theoretic Approach Based on Intrusion Tolerant Systems
by Nouhad Sanoussi, Ghizlane Orhanou, Said El Hajji
Abstract: Despite the enormous efforts made to guarantee a great level of security in the network, this is still far from being completely solved. Hence, to continue providing proper services in threatening environments there is a need for intrusion tolerance. The purpose of an Intrusion Tolerant System (ITS) is to survive against every intrusion, rather than to prevent them. Unfortunately, these mechanisms of defense require a huge investment andrnan accurate study of the network to effectively secure the infrastructure. The weakness of the traditional network security solutions is that they lack a quantitative decision framework. Game theory approaches proved their efficiency in this issue. Therefore, in this paper, we propose a game theoretic approach to model the attack-defense interaction in taking into account both internal and external attacks and analyze the effect of intrusion tolerant system on the payoff of both the internal and external attacker and the defender.rnA MATLAB simulation is used to illustrate the game model and calculate the frequency of attack strategy and invest in tolerance strategy.
Keywords: Network security; ITS; Game Theory; Attacker; Bayesian Game.
Malicious Behaviour Identification for Android Based on an RBF Neural Network
by Tianwei Chen, Yongjun Qiang, Chunming Tang, Zairong Wang, Ping Luo, Lingxi Peng
Abstract: Traditional methods for the identification of malicious behaviour on Android cannot cope with the dynamic fluctuation of malicious behaviour characteristics. Therefore, a malicious behaviour identification approach for Android that is inspired by radial basis function neural networks is proposed. This method takes samples of the malicious behaviour on Android, extracts behaviour features, and integrates data, enabling the use of a radial basis function neural network for identification. Second, the characteristics of the radial basis function neural network's local approximation are used to improve the learning speed, which enhances the quality of the output result. Next, the minimum value of the distance is used to calculate the weights of the hidden layer node to the output layer node with the least squares recursive method. The experimental results fully demonstrate that our method improves the accuracy and efficiency of malicious behaviour recognition for Android.
Keywords: RBF neural network; Android malicious behavior identification; feature sets; local approximation.
Bilinear Pairing Oriented User Privacy-Preserving Scheme Towards Secure Bitcoin Transaction
by Albert Kofi Kwansah Ansah, Daniel Adu-Gyamfi
Abstract: Despite the existing advances in research and education in cybersecurity and its applications, the field is still under discovery and new technologies are evolving. In recent years, Bitcoin as a cryptocurrency cyber application that records all financial transactions present on a blockchain where users can reach a secure and robust consensus on transactions emerges as the most popular peer-to-peer electronic payment system. Cryptocurrencies mostly rely on blockchain, as a secure decentralised append-only ledger to exchange digital currencies, and thereby attracting a billion-dollar economy. Bitcoin allows the inputs and outputs of cryptocurrencies to link to Bitcoin public address systems vulnerable to possible linkability and traceability of users identity. This obviously attracts privacy issues such as users information and identity leakage. Several existing techniques are found not satisfactory to fulfil practical and compatible anonymity requirements for users to transact with cryptocurrencies securely. In this paper, we focus on unlinkability and untraceability of users in bitcoin cryptocurrency transactions and present a secure privacy-preserving scheme based on bilinear pairing and other cryptographic primitives to curb users privacy breaches. Our proposed scheme has been theoretically analysed and evaluated. Simulation result indicated the average and total times as converged with appreciable times of 9?s at Type A internal. The overall evaluation has proven the correctness of our proposed scheme using pairing-based cryptography (PBC) Type A, A1 and E pairings internals, and suggesting it as secure and robust to implement for preserving users privacy in a bitcoin transaction.
Keywords: user privacy-preservation; bitcoin transaction; bilinear pairing; cryptocurrency; blockchain.
A Hybrid Approach for Intrusion Detection Based on Machine Learning
by Rohit Singh, Mala Kalra, Shano Solanki
Abstract: With the evolution of Internet, network security has emerged as one of the key areas of research. Network security is to safeguard the privacy, availability and integrity of the system. Identification of intrusion is core component to attain overall network security success. Therefore, Intrusion Detection (ID) is broadly explored by researchers and idea of identification of intrusion has developed into a system, known as Intrusion Detection System (IDS). IDS focuses on investigation of attacks and offers desirable support for defense management along with information about the intrusion. Several intrusion detection approaches are already proposed to mitigate the impact of intrusion. In this paper, these techniques are discussed to highlight the state-of-the-art and a multilevel hybrid approach based on SVM-Na
Keywords: Intrusion Detection; Intrusion Detection System; Network Security; Malicious traffic; Hybrid Classification; Multilevel Classifiers; Imbalanced Dataset.
Verification-Based Data Integrity Mechanism in Smart Grid Network
by DARI EL YAZID, BENDAHMANE AHMED, ESSAAIDI MOHAMED
Abstract: The integration of open communication infrastructures and bidirectional communication between smart meters and utilities in smart grids is very important to support vast amounts of data exchange. It also increases the openness and opportunity of resource sharing across smart grid users, which makes the network vulnerable to several cyber-attacks. These cyber-attacks target smart meters data integrity through several known threats. The most known threats are false data injection (FDI) attacks that manipulate, modify or destroy data by some malicious users. Therefore, these attacks make the smart meters behave maliciously to return false data and to sabotage the system functions. In this paper, we propose a new approach to improve the integrity of data generated by smart meters in a smart grid, namely, Verification-Based Data Integrity Mechanism (VBDIM). The performance of our approach is evaluated through simulation to investigate the effects of collusive smart meters on the correctness of their generated data. The obtained results show that our approach achieves a lower blacklisting error and error-rate, and better performance in terms of overhead and slowdown.
Keywords: Smart Grid; Smart Meters; Cyber-security; Vulnerability; data-integrity.
A Model-based Approach for Multi-level Privacy Policies Derivation for Cloud Services
by Amal Ghorbel, Mahmoud Ghorbel, Mohamed Jmaiel
A Survey on Access Control in IoT: Models, Architectures and Research Opportunities
by Seham Alnefaie, Suhair Alshehri, Asma Cherif
Abstract: The rapid growth of smart devices and sensors industry has revolutionized many fields such as smart cities, healthare, etc. These technological advances are nowaday part of the Internet of Things (IoT) where devices are interconnected to exchange data to improve the delivery of various services. Although IoT is considered a promising paradigm in almost all fields, the security of users\' data is still a significant issue that should be thoroughly addressed. This is mainly required where sensitive information is being used such as in Healthcare or military sectors. Access control is one of the main security mechanisms that should be applied to IoT-based applications in order to limit access to users data to only authorized individuals. However, due to the high mobility and huge number of devices, controlling access is challenging. In particular, using cloud data centers inevitably leads to high delays and network overhead. This research examines the growing literature on access control for IoT with respect to security requirements.
Keywords: Access Control; Fog Computing; Internet of Things.
An Improved Genetic Algorithm in Shared Bicycle Parking Point Allocation
by Guanlin Chen, Jiawei Shi, Huang Xu, Tian Li, Wujian Yang
Abstract: Aiming to solve the problem of inadequate parking places for shared bicycles especially during peak hours, an improved genetic algorithm for parking point allocation is proposed in this paper. We integrate linear regression algorithm with the genetic algorithm to increase the directs of individual mutation, which leads to avoiding falling into local optimum. Meanwhile, we use linear regression to haste the convergence speed of genetic algorithm which ensures the new method can improve efficiency while allocating parking point. For the sake of carrying out the experiment accurately and conveniently, we use Geohash to encode the locations of parking points and bicycles into short letters and numbers. According to the analysis of experimental results, it proves the improved algorithm is superior to the conventional method for parking point allocation.
Keywords: Genetic algorithm; Linear regression; Shared bicycle; Parking point allocation; Geohash.
Space-time Adaptive Processing Anti-Jamming Algorithm for Navigation Receiver
by Yufeng Li
Abstract: For the problem that the satellite navigation signal is easily interfered, the anti-jamming technology of the traditional navigation receiver usually needs the direction of arrival (DOA) of the navigation signal. This paper proposes an anti-jamming method combining spatial projection and beamforming techniques. The method first constructs the orthogonal complement space of the interference subspace, and then projects the space-time signal vector receives by the antenna array onto it, and then uses the algorithm with strictly constrained minimum power sampling matrix gradient (CSMG) to project the output signal after beamforming in a fixed direction, and finally capture, locate, and solve the interference-free data obtained after beamforming. In this paper, the method is deduced theoretically and the relevant simulation experiments are completed. It shows that the anti-jamming algorithm not only can effectively suppress the interference signal, but also can better retain the desired signal.
Keywords: Navigation signal;anti-jamming;subspace projection;beamforming.
Public-key cryptosystem based on quantum BCH codes and its quantum digital signature
by Han Haiqing, Siru Zhu, Qin Li, Xiao Wang, Yutian Lei, Yuwei Zhang
Abstract: There is a security threat to the traditional cryptography because of the emergence of quantum computation. Quantum computers can break through many cryptosystems based on mathematical puzzles. The post-cryptography has been established for the sake of the security. It has been proved that McEliece public-key cryptosystem based on error-correcting codes can resist quantum attacks. In this paper, several new generating algorithms of the quantum BCH (Bose-Chaudhuri-Hocquenghem ) codes have been proposed, and the quantum BCH codes can correct the errors including bit-flip and phase-flip. At the same time, the quantum McEliece public-key cryptosystem and quantum Niederreiter public key cryptosystem have been designed by us on the basis of quantum BCH codes in this paper, and their encryption and decryption procedures are created in detail. Our cryptosystem not only retains the advantages of post-quantum computation, but also can encrypt or decrypt in quantum state. From the perspective of computational complexity theory, both cryptosystems can resist the attacks of Shor algorithm and Grover algorithm very well. The Niederreiter classical digital signature is designed by us according to the structure characteristics of quantum BCH codes.
Keywords: CSS construction; quantum BCH codes; public key cryptosystem on error correcting codes; post-quantum attacks; quantum digital signatures.
A Cluster Collaborative Synchronization Dynamic Model of the Dissipative Coupling Supply Chain Network
by Bing Yang, Gang Zhao, Ming-hua Hu, Chang-ping Liu, Ying-bao Yang
Abstract: The supply chain network is regarded as a dynamic system consisting of member companies with dynamic behaviors. In this paper an attempt is made to describe the dynamic behaviors of each member company with an autonomous dynamic system to establish the cluster collaborative synchronization dynamic model for dissipative coupling supply chain networks. Considering the materials flow, transaction amount and substitutability among the member companies of the supply chain network, a collaborative closeness matrix of the supply chain network was set. Based on the proposed model, the cluster collaborative synchronization interval of the supply chain network was calculated and the simulation results were obtained. This model is not proved to be suitable for the general scale supply networks, but also suitable for the large scale complex supply chain networks. Based on the proposed model and the cluster collaborative synchronization interval, we can optimize strategy for the collaborative synchronization operation among the member companies of the supply chain network.
Keywords: dynamic model; supply chain network; synchronization interval; cluster collaboration; dissipative coupling.
Gas leakage acoustic source localization with compressed sensing method in sensor networks
by Zhang Yong
Abstract: Aiming at solving the problem of the concentration signal hardly being compressive sensed directly in nonlinear gas diffusion environment, a compressed sensing Direction of Arrival (DOA) estimation method according to the acoustic characteristics of the gas leakage was proposed for source localization. Firstly, the corresponding compressed sensing matrix and the DOA estimation model was established. Then, the sparse Bayesian recovery algorithm was designed for the DOA estimation of gas leakage acoustic source. Finally, the simulation results show that the proposed method could achieve an accurate DOA estimation of one or more gas leakage acoustic sources, and the sparse Bayesian recovery algorithm could effectively improve the estimation accuracy and robust performance with fewer amounts of samples compared to the orthogonal matching pursuit (OMP) algorithm.
Keywords: compressed sensing; DOA estimation; gas leakage acoustic source localization.
A face recognition algorithm based on multiple convolution kernels and double layer sparse automatic encoder
by Hao Wang, Xiuyou Wang, Huaming Liu, Dongqing Xu, Zhengyan Liu
Abstract: The prevailing face recognition algorithms adopt the manual design feature or the automatic extraction feature of deep learning in the process of characteristic extraction. In order to extract the distinguishing characteristics of the target more accurately, a face recognition algorithm based on the multiple convolution kernels and double-layer sparse automatic encoder was proposed. Initially, the proposed algorithm pretreated the image with zero-phase component analysis (ZCA) whitening to decrease the correlation of the characteristic and reduced the complexity of the network training. Subsequently, a deep network characteristic extractor was designed, based on the convolution, pooling and multi-layer sparse automatic encoder. The convolution kernel was obtained by an independent unsupervised learning, and an automatic deep characteristic extractor was obtained by pre-training and fine-tuning. Finally, the extracted characteristics were classified using the Softmax regression model. The experiment results manifest that the presented algorithm was superior to the existing algorithms and conventional deep learning algorithms.
Keywords: face recognition; deep networks; multiple convolution kernels; double layer sparse automatic encoder.
An effective congestion control scheme based on early offload for space delay/disruption tolerant network
by Sanhua Song
Abstract: The storage resources and communication resources of spatial network nodes are generally very limited, and they have the characteristics of large time delay and can not guarantee the existence of end-to-end path all the time. Messages may reside in the intermediate nodes for a long time, which makes the congestion of spatial network inevitable and leads to the decline of network performance. In order to solve this problem, an effective congestion control scheme for space delay/disruption networks based on early unloading is proposed. In this scheme, the change rate of node cache is monitored at all times, and measures are taken in advance when congestion is about to occur, so that messages are transmitted through the non-optimal path prior to the optimal path, so as to alleviate the node storage pressure. Simulation results indicate that the presented scheme can achieve higher success rate of message delivery and more uniform network traffic distribution.
Keywords: space delay/disruption tolerant network; congestion control; early offload; contact graph routing; congestion avoidance.
An Efficient Range-free Multi-hop Localization Algorithm for Irregular Wireless Sensor Networks
by Rulin Dou
Abstract: In the range-free multi-hop localization algorithm, the physical distance between nodes is estimated based on hops, and complex ranging equipment is not required during this process.In this paper, an improved method for range-free multi-hop localization is proposed which could improve the precision without increasing the cost and reducing the performance of the algorithm. First, we obtain the optimal weighting function for location estimation according to the error between the estimated locations of non-beacon nodes and their actual locations. Then, we correct the inaccurate estimated locations of non-beacon nodes through geometric constraints. Lastly, we demonstrate via simulation that our proposed localization method outperforms the basic range-free multi-hop algorithms as well as their improved methods in irregular wireless sensor networks.
Keywords: range-free multi-hop localization algorithm; optimal weighting function; geometric constraint; irregular wireless sensor networks;.