International Journal of Security and Networks (24 papers in press)
Verification-Based Data Integrity Mechanism in Smart Grid Network
by DARI EL YAZID, BENDAHMANE AHMED, ESSAAIDI MOHAMED
Abstract: The integration of open communication infrastructures and bidirectional communication between smart meters and utilities in smart grids is very important to support vast amounts of data exchange. It also increases the openness and opportunity of resource sharing across smart grid users, which makes the network vulnerable to several cyber-attacks. These cyber-attacks target smart meters data integrity through several known threats. The most known threats are false data injection (FDI) attacks that manipulate, modify or destroy data by some malicious users. Therefore, these attacks make the smart meters behave maliciously to return false data and to sabotage the system functions. In this paper, we propose a new approach to improve the integrity of data generated by smart meters in a smart grid, namely, Verification-Based Data Integrity Mechanism (VBDIM). The performance of our approach is evaluated through simulation to investigate the effects of collusive smart meters on the correctness of their generated data. The obtained results show that our approach achieves a lower blacklisting error and error-rate, and better performance in terms of overhead and slowdown.
Keywords: Smart Grid; Smart Meters; Cyber-security; Vulnerability; data-integrity.
A Model-based Approach for Multi-level Privacy Policies Derivation for Cloud Services
by Amal Ghorbel, Mahmoud Ghorbel, Mohamed Jmaiel
A Survey on Access Control in IoT: Models, Architectures and Research Opportunities
by Seham Alnefaie, Suhair Alshehri, Asma Cherif
Abstract: The rapid growth of smart devices and sensors industry has revolutionized many fields such as smart cities, healthare, etc. These technological advances are nowaday part of the Internet of Things (IoT) where devices are interconnected to exchange data to improve the delivery of various services. Although IoT is considered a promising paradigm in almost all fields, the security of users\' data is still a significant issue that should be thoroughly addressed. This is mainly required where sensitive information is being used such as in Healthcare or military sectors. Access control is one of the main security mechanisms that should be applied to IoT-based applications in order to limit access to users data to only authorized individuals. However, due to the high mobility and huge number of devices, controlling access is challenging. In particular, using cloud data centers inevitably leads to high delays and network overhead. This research examines the growing literature on access control for IoT with respect to security requirements.
Keywords: Access Control; Fog Computing; Internet of Things.
An effective congestion control scheme based on early offload for space delay/disruption tolerant network
by Sanhua Song
Abstract: The storage resources and communication resources of spatial network nodes are generally very limited, and they have the characteristics of large time delay and can not guarantee the existence of end-to-end path all the time. Messages may reside in the intermediate nodes for a long time, which makes the congestion of spatial network inevitable and leads to the decline of network performance. In order to solve this problem, an effective congestion control scheme for space delay/disruption networks based on early unloading is proposed. In this scheme, the change rate of node cache is monitored at all times, and measures are taken in advance when congestion is about to occur, so that messages are transmitted through the non-optimal path prior to the optimal path, so as to alleviate the node storage pressure. Simulation results indicate that the presented scheme can achieve higher success rate of message delivery and more uniform network traffic distribution.
Keywords: space delay/disruption tolerant network; congestion control; early offload; contact graph routing; congestion avoidance.
An Efficient Range-free Multi-hop Localization Algorithm for Irregular Wireless Sensor Networks
by Rulin Dou
Abstract: In the range-free multi-hop localization algorithm, the physical distance between nodes is estimated based on hops, and complex ranging equipment is not required during this process.In this paper, an improved method for range-free multi-hop localization is proposed which could improve the precision without increasing the cost and reducing the performance of the algorithm. First, we obtain the optimal weighting function for location estimation according to the error between the estimated locations of non-beacon nodes and their actual locations. Then, we correct the inaccurate estimated locations of non-beacon nodes through geometric constraints. Lastly, we demonstrate via simulation that our proposed localization method outperforms the basic range-free multi-hop algorithms as well as their improved methods in irregular wireless sensor networks.
Keywords: range-free multi-hop localization algorithm; optimal weighting function; geometric constraint; irregular wireless sensor networks;.
Adaptive Histogram Fusion-based Color Restoration and Enhancement for Underwater Images
by Jingchun Zhou, Dehuan Zhang, Weishi Zhang
Abstract: Underwater image restoration is crucial for marine exploration, underwater archaeology, seafloor geological investigation. However, due to the complex underwater environment, the image obtained underwater often has problems with color deviation and lack of details. To improve the quality and the visual effect of underwater images, we propose an adaptive histogram fusion-based color restoration and enhancement method for Underwater Images. First, the proposed method restores the color by pixel value adjusting in a channel and b channel according to color distortion. Then the histogram is used in the H channel of the underwater source image to improve the color hue. To make the enhanced result more in line with visual observation, the edge reserving-based method is used to enhance the details of color restoration results. Experimental results demonstrate that our results are effective in subjective and objective evaluations, and superior to several existing methods.
Keywords: Underwater images enhancement; Color restoration; Image fusion; Adaptive histogram equalization.
Taxonomy of Reputation Based Defending Mechanisms Against Types of Attacks in Delay Tolerant Networks
by Preeti Nagrath, Sandhya Aneja, G.N. Purohit
Abstract: Delay Tolerant Networks (DTNs) have been standardized as a solution for wireless networking scenarios with intermittent connectivity. DTNs use a dynamic topology and opportunistic contacts to transfer messages across the network. Limited buffer space and limited battery power in DTNs can give rise to malicious nodes. These malicious nodes misuse network resources and exhibit selfish or malicious behavior which can cripple the network. This paper discusses various forms of malicious behavior: flooding attack, black hole attack, gray hole attack and selfish attack. Several reputation based defending mechanisms against these attacks have been proposed by the DTN research community. In this paper, a taxonomy of these reputation based defending mechanisms is defined, in terms of how reputations are calculated and disseminated. The mechanisms are categorized as source-based, peer-based, trusted-authority-based or destination-based, depending on which node takes decision to assign reputation. Under each category, the mechanisms are further classified as either user-centric (the node itself), or neighbour-centric (neighbour node), based on which node keeps evidences of the job performed. This paper presents a review of all these mechanisms. After the review, it is observed that destination-based reputation mechanism seems to be a better approach than the other mechanisms, because the overhead of evidences is smaller and relies on first hand information.
Keywords: Delay tolerant networks ; Attacks ; Vulnerabilities; Reputation based defending techniques ; Destination based approach ; Taxonomy.
An Algorithm of NLOS Error Identification and Mitigation in Mobile Location Estimation
by Changhong Zhu, Ning Xiao
Abstract: For the purpose of improving positioning accuracy of mobile station in the complex environment, a real-time non-line-of-sight (NLOS) identification and elimination method is proposed based on the characteristics of NLOS error. In this algorithm, Kalman filter (KF) is used to identify whether NLOS errors are included in range measurements in real time. According to the positive deviation characteristics of NLOS errors, there is a positive deviation between the smoothing curve of distance measurements and the real distance curve. The reconstructed line-of-sight measurements can be obtained by moving down the curve. The simulation results prove that the algorithm is better than traditional extended Kalman filter (EKF) and Wylie algorithm.
Keywords: non-line-of-sight; Kalman filter; positioning accuracy; identification; mitigation.
An Overall Analysis Method of Urban Road Parking Lots Based on Data Mining
by Guanlin Chen, Jiapeng Shen, Jiang He, Xu Dai, Wenyong Weng
Abstract: In this paper, we first propose a multiple linear regression-autoregressive moving average model(MLR-ARMA) which combines the multiple linear regression model and the autoregressive moving average model to fit and predict a single parking lots parking demand. The experimental results show that this model performs better on predicting future parking amounts than the simple multiple linear regression model and the autoregressive integrated moving average(ARIMA) model. Then, this paper proposes an overall analysis method of urban road parking lots based on cluster analysis and uses the MLR-ARMA model to verify the clustering results. The experimental results show that when reasonable weights are assigned to different dimensions of the feature vector of parking lots, the method proposed in this paper can classify parking lots with similar usage patterns and adjacent locations into one category well, which is conducive to further analysis.
Keywords: parking management; MLR-ARMA model; data mining; cluster analysis; feature vector; linear regression.
A Novel Approach For COVID-19 Outbreak Spread Monitoring and Control Using Smart Grid Technology
by E.L. Yazid Dari, Ahmed Bendahmane, Mohamed Essaaidi
Abstract: The novel Coronavirus SARS-CoV-2 was discovered in November 2019 in Wuhan, Hubei Province, in China. On January 30th, 2020, the World Health Organization (WHO) declared the COVID-19 outbreak a Public Health Emergency of International Concern (PHEIC). On March 11th, 2020, the WHO announced that COVID-19 could be characterized as a pandemic (WHO, 2020a). Then, it was rapidly spread from China to others countries in the worldwide. Coronavirus disease, COVID-19, is a viral infection that generates a severe acute respiratory syndrome with serious clinical symptoms given by such as fever, dry cough, dyspnea, and pneumonia and may result in progressive respiratory failure and death (Kucharski et al. 2020). In addition, this virus is so widespread among people and it is difficult to control.\r\nDespite the unprecedented and huge technological development by many countries, regions and sectors, outbreak of the current COVID-19 reminds the world about vulnerability to combat natural and man-made chemical attacks. To fight the rapid spread of new diseases like COVID-19, the support of technologies such as Machine Learning, Artificial Intelligence (AI), Big Data and Internet of Things (IoT) and robotics has proved to be very useful and provides much better pandemic spread control and monitoring tools than traditional methods. In this paper, we propose to leverage smart grid technology to detect COVID-19 cases clusters, to accelerate pandemic remote monitoring, and to predict probable virus future spread by collecting and analyzing retrieved data.
Keywords: Smart grid; smart meters; COVID-19; SARS-Cov-2; Coronavirus; Temperature; Communication; Symptoms.
Partial Rule Security Information and Event Management Concept in Detecting Cyber Incidents
by Aleksandar Jokic, Sabina Barakovic, Jasmina Barakovic Husic, Jasna Pleho
Abstract: Information communication technologies are evolving rapidly and have huge impact on everyday life. This does not come without dangers, i.e., it is actively followed by wide range of malicious activities that impact the companies forcing them to protect their information at all costs. Cyber-attacks today are usually consisting of multiple carefully planned hardly detectable steps causing severe damage to companies. This paper examines the capability of Security Information and Event Management (SIEM) system with applied partial rules in detecting the multi-step attacks. Fine tuning was focused on detecting partial attack patterns that were important and specific to environment and positive results were gained. The results show that when using the partial rule approach in SIEM for incident detection, the number of detected advanced multistage cyber-attacks has increased, thereby contributing to the overall security in cyber space.
Keywords: cyber-attack; detection; exfiltration; partial rule; security; SIEM; visibility.
Plant Disease Detection for Banana using Long Range Wide Area Network
by Blessy Annie Flora. J, Radha S, Hemalatha R, Aasha Nandhini. S
Abstract: Agriculture is the backbone of India and nearly 70% of the people in the country depend on agriculture. These agricultural practices need to be transformed to overcome the negative impact of yield losses in real-time. A major threat to crop production is plant diseases. With the use of LoRaWAN, it is possible to connect the sensor nodes deployed in the agriculture field over a long distance. In this paper, a low-cost plant disease detection of the banana field using LoRaWAN is proposed to deploy IoT based network for environmental monitoring. LoRaWAN is used for monitoring the environmental parameters of the field to predict the diseases affected in the banana plant. The affected disease information is transmitted using LoRaWAN for covering long distances in the field. Using TTN cloud service and the Ubidots dashboard the data are analyzed and notification given to the farmers.
Keywords: LoRaWAN; Black Sigatoka; Bunchy top of Banana; Smart Agriculture; TTN.
IMMI: An Architecture Integrated for Management of Modern Internet Service Providers
by Rafael Gomes, Matheus Silveira
Abstract: Nowadays, the human society claims for modern computational services based on Internet access through an Internet Service Provider (ISP). Similarly, ISPs expanded their service delivery, giving different alternatives of access networks and interconnected by a edge network. This new reality creates the idea of Modern Internet Service Providers (MISPs), applying Network Virtualization (NV), Software Defined Network (SDN) and Network Function Virtualization (NFV) technologies. However, the MISPs need a solution to perform an integrated management of these network environments. Within this context, this article proposes an architecture, called Integrated Management of Modern Internet Service Providers (IMMI), to perform the management of both edge and access networks, allowing information exchange, the deployment of slices and resources based on the profile of the access network. Additionally, this article analyzes the current status of the ISPs (and their limitations), as well as it discusses the key technical trends and challenges for the management of MISPs. Finally, a case study is presented to show the suitability of the proposed architecture to enhance the management capacity of MISPs.
Keywords: Edge Network; Access Network; Network Management; Internet Service Provider.
Formal Verification of Secondary Authentication Protocol for 5G Secondary Authentication
by Ed Kamya Kiyemba Edris, Mahdi Aiash, Jonathan Kok-Keong Loo, Mohammad Shadi Alhakeem
Abstract: The Fifth-Generation mobile network (5G) will enable interconnectivity between the Home Network (HN) and Data Network (DN) whereby mobile users with their User Equipment (UE) will be able to access services provided by external Service Providers (SP) seamlessly. The mobile user and SP will rely on security assurances provided by authentication protocols used. For 5G, primary authentication between the UE and the HN has been defined and specified by the Third Generation Partnership Project (3GPP) while the secondary authentication has also been defined but not specified. 3GPP recommends the Extensible Authentication Protocol (EAP) framework for secondary authentication between the UE and the SP. However, the secondary authentication methods have not been formally verified, so this paper proposes a Secondary Authentication Protocol (SAP) for service authentication and provides a comprehensive formal analysis using ProVerif a security protocol verifier. Finally, it conducts a security analysis on the protocol's security properties.
Keywords: 5G; Secondary Authentication; Security Protocol; Services; Formal Methods; ProVerif; Applied Pi Calculus.
A Smart Urban Management Information Public Opinion Analysis System
by Guanlin Chen, Rutao Yao, Gang Chen, Jie Chen, Tian Li
Abstract: With the continuous development of the times, urban population keeps increasing, the difficulty of urban management has become higher and higher.Today is a information age, and the Internet is flooded with information. If the information can be used, the public opinions of urban residents can be grasped through this information, then problems can be perceived in advance and resolved early. In this paper, we proposed a smart urban management information public opinion analysis system. This system uses Oracle to provide database support, combined with natural language processing technology, aims to create a complete system includes achieve information collection, text analysis of information and final data display, which could contribute to the creation of a smart city.
Keywords: text analysis;public opinion;Oracle;natural;language processing.
Flow-based Profile Generation and Network Traffic Detection for DNS Anomalies using Optimized Entropy-based Features Selection and Modified Holt Winter's Method
by Rohini Sharma, Ajay Guleria, R.K. Singla
Abstract: Network Anomaly Detection Systems can detect zero day anomalies but false positive rate is quite high, and the localization of anomalies require manual intervention. In this paper, Profile-based Network Anomaly Detection System (P-NADS) is proposed that works in three phases. In the first phase, a minimal set of characteristic features for DNS service is identified using proposed Optimized Entropy-based Features Selection (OEFS). Minimum number of characteristic features help in detecting anomalies with the same or higher accuracy and decreases the response time as well. In the second phase, Modified Holt Winter's Method using partial Trend (MHWT) is proposed that generates normal profile of a system to predict future normal behavior. It predicts the normal behavior more accurately than the previous techniques. Normal profile of a system is updated regularly using predicted and actual behavior of the system. In the final phase, anomalies are detected and localized. Experimental results show that the OEFS method works better than Information Gain and Forward Feature Selection Algorithm. The proposed MHWT method gives better prediction for DNS when compared to HWDS Method with the original set of features and with a minimal set of features. The proposed system automatically localizes the anomalies and finds the infected sub-network which can be isolated from the rest of the network until remedial actions are taken. Experiments are performed on Panjab University Flow-based Dataset (PUF-Dataset) which is available for researchers. The dataset was created using real flows collected from Panjab University Chandigarh campus network.
Keywords: Network Anomaly Detection; Holt Winter's Method; Domain Name System; Features Selection; Entropy; Normal Profile; Network Flows.
I-SMITE: An IP Traceback mechanism for Inter-AS SDN Networks using BGP
by Pynbianglut Hadem, Dilip Kumar Saikia, Soumen Moulik
Abstract: In this paper we introduce I-SMITE an inter-AS (Inter Autonomous Systems) IP traceback mechanism based on SMITE to support efficient IP traceback across inter-AS SDN (Software-Defined Networks) networks. The objective is achieved through an integration of SDN, Multiprotocol Label Switching (MPLS) and Border Gateway Protocol (BGP) in OpenFlow. Our proposed work leverages the flexibility of SDN and the strength of MPLS to achieve low false-positive rate, ability to perform post-mortem traceback, reduction in storage pressure/hardware investment and most importantly the ability to perform traceback for a single attack packet. Also, the standard Internet protocol BGP has been used to provide inter-AS IP traceback support, thereby enhancing the acceptability of the proposed work. Moreover, the proposed work also aims to overcome the difficulties and limitations of legacy traceback mechanisms in SDN environment.
Keywords: Network Security; IP Traceback; I-SMITE; SDN; MPLS; BGP; OpenFlow; Cyber-Attacks.
Encryption Key Management as a Trusted Security as a Service for Cloud Computing
by Saad Fehis, Omar Nouali, Tahar Kechadi
Abstract: Cloud computing has become very popular and its users and services are in constant increase. Currently, many mobile IT users are accessing business data and services without going through corporate networks. Consequently, the need for putting appropriate and robust security controls between mobile users and cloud-based services is crucial. This is the main reason behind the proliferation of new Security as a Service (SecaaS) offers. The common security mechanism of most services and communications is based on the encryption / signing keys, which themselves depend highly on the cryptographic key management system (CKMS) itself. This is called trustworthy protocol and its implementation is the most challenging of the whole security and protection policies and mechanisms.
To deal with this challenge, we propose an approach that provides a CKMS as a trusted SecaaS based on the trusted platform module (TPM), which is the foundation for the trust, keys generation, and SecaaS authentication. We define an efficient security protocol that creates, certifies, and encrypts any encryption / signing key inside TPM. Key leaves TPM in encapsulated format, and it delivered to its owner in a secure way
Keywords: Cloud Computing; Security as a Service; Cryptographic Key Management System; Trusted Platform Module.
Identifying influential spreaders in complex networks using neighborhood coreness and path diversity
by Yang Xiong, Xie Guangqian, Li Xiaofang
Abstract: The k-shell decomposition method dividing a great deal of nodes with different propagation capabilities into the same k-shell layer is unable to identify the influential spreaders accurately. Previous works improving the k-shell centrality were promising but inadequate, due to local neighborhood and spreading dynamics of information. To solve this problem, the path diversity based on information entropy is proposed. We have investigated the spreading dynamics using Susceptible-Infected Model and Independent Cascade Model to reveal the behavior of influential spreaders on the basis of topological location and neighborhood information. Accordingly, a novel neighborhood coreness method using path diversity to identify the influential spreaders from the point of information dissemination is proposed in this work. The simulation is evaluated with two real network datasets. The experimental results show that the neighborhood coreness centrality with the spreading diversity is capable of identifying the influential spreaders more effectively and rank the spreading influence in a more fine-grained level. The nodes found by our method can produce a wider spreading scope in Independent Cascade Model and can take less time to achieve the saturation point in Susceptible-Infected Model.
Keywords: spreading capability;neighborhood coreness centrality;k-shell decomposition; influential spreaders.
A Review of Security Risks and Countermeasures in Containers
by Samuel Martinez, Victor Morales, Ramon Parra
Abstract: Containers are environments that allow software developers to package applications, along with their libraries, dependencies, and all the resources necessary for their operation. Due to the advantages of containers, compared to virtual machines, their use has increased in recent years. However, the nature of containers to share both, the resources, and the kernel of the host system, produces a variety of security problems. This paper describes how application containers work, to latter present a review of the security risks to this technology, as well as the countermeasures to mitigate them. A classification has been made of the risks as well as the security mechanisms used in this environment. Finally, according to different works that were analysed, a relation of the risks and the corresponding mechanisms to counteract them is presented.
Keywords: Containers; container security; container risk; application containers.
A Novel Security Management System for Hazardous Chemicals
by Guanlin Chen, Qiao Hu, Kaimin Li, Wenyong Weng, Yubo Peng
Abstract: With the increasing use of chemicals by the people, the hidden dangers of hazardous chemicals are also increasing. In recent years, many hazardous chemical explosion accidents have occurred, posing a great threat to people's lives and health. How to prevent hazardous chemical accidents has become an important issue. In this paper, we design a novel security management system for hazardous chemicals(HC-NSMS). This system is developed based on JavaEE, using the MySQL data storage and MVC architecture. This system is mainly composed of four modules: user module; hazardous chemical management and information query module; hazard source query display module, statistical analysis of hazardous chemical information module; and early warning of over-standard hazardous chemicals module. Using this system, we comprehensively collect various indexes and quantities of hazardous chemicals in every location in the city. Then we sort these data and a basic database is established to intelligently predict and warn the real-time status of hazardous chemicals.
Keywords: hazardous chemicals;security management;JavaEE;MySQL;Ajax.
Detecting PE-Infection Based Malware
by Chia-Mei Chen, Gu-Hsin Lai, Zheng-Xun Cai, Tzu-Ching Chang, Boyi Lee
Abstract: Organizations have employed multiple layers of defense mecha-nisms, while numerous attacks still take place every day. Malware is a major vehicle to perform attacks such as stealing confidential information, disrupting services, or sabotaging industrial sys-tems. Attackers customize malware by advanced attack tech-niques, such as PE (portable executable) infection or DLL (dy-namic link library) injection which inserts a malicious DLL to a benign program, to subvert defense systems. Advanced persis-tent threat (APT) attacks had intruded and not been discovered in high profile organizations; they are seeking for a solution to identify the malware. The behavior of DLL injection sometimes occurs during ex-ecution; static analysis might not be able to capture it. To improve the detection performance, this study proposes a hybrid ap-proach combining static and dynamic analysis to detect malware. The experimental results show that the proposed approach could detect malware efficiently and could flag unknown malware before the commercial anti-virus software.
Keywords: malware detection; DLL injection; advanced persistent threat.
An automated method for detecting suspicious nodes in Bitcoin address graph
by Tala Tafazzoli, Abouzar Arabsorkhi, Amirahmad Chapnevis
Abstract: Financial innovation has entered a new era with cryptocurrencies. Bitcoin
is the first decentralized cryptocurrency and the most popular in the world. The main
features of this new technology are immutability, decentralized trust and anonymity.
Bitcoin anonymous and untraceable system facilitates cash-out and laundering of
Bitcoin currency flow provides an address graph that assigns the flow of Bitcoin between two addresses. Identifying suspicious nodes in the Bitcoin network is similar to the problem of recognizing the origins in the contact network of different applications, i.e., virus propagation, rumor source in social networks, poison spread in water networks.
In order to investigate money laundering in Bitcoin, we proposed an automated method
to identify suspicious addresses in the Bitcoin address graph. We chose two centrality measures to be calculated on the graph. The measures are betweenness centrality and closeness centrality. The nodes with the highest values for the measurements are suspicious.
The accuracy of the proposed method is further investigated by comparing the
fraudulent candidate nodes with other scenarios. It is shown that the identified nodes are correct candidates for further investigations.
Keywords: Bitcoin; bteweenness centrality; closeness centrality; money laundering;.
An Authorization Certificate Based Access Control Model
by Wenxin Li, Jingsha He, Nafei Zhu, Shuting Jin, Da Teng
Abstract: There are currently many types of access control models
and schemes that have been proposed to protect valuable resources in
distributed environment. Many such models have failed to take into
the consideration of efficiency, security, practical implementation
and management at the same time. Based on the analysis of
conventional certificate-based access control characteristics, this
paper proposes an Authorization Certificate Based Access Control
Model (ACBAC) to realize access control in distributed environment.
Employing certificates in access control c a n h e l p meet the
v a r i o u s requirements in distributed networks or systems while
ensuring security to a great extent. Efficiency and security can thus be
improved by delegating the functions of making access authorization
decisions to the certificate issuer (CI). We will formally describe the
model, introduce the application scenarios and the processes of the
model, and provide the details of implementation. Finally, the
effectiveness and superiority of the model is verified through
experiment and analysis.
Keywords: Authorization certificate; Access control; Access control model; Distributed control; Formalization.