Forthcoming articles

International Journal of Security and Networks

International Journal of Security and Networks (IJSN)

These articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Register for our alerting service, which notifies you by email when new issues are published online.

Open AccessArticles marked with this Open Access icon are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.
We also offer which provide timely updates of tables of contents, newly published articles and calls for papers.

International Journal of Security and Networks (16 papers in press)

Regular Issues

  • Hidden Markov models for advanced persistent threats   Order a copy of this article
    by Guillaume Brogi, Elena Di Bernardino 
    Abstract: Advanced Persistent Threats (APT) are a serious security risk and tools suited to their detection are needed. These attack campaigns do leave traces in the system, and it is possible to reconstruct part of the attack campaign from these traces. In this article, we describe a hidden Markov model for the evolution of an APT. The aim of this model is to validate whether the evolution of the partially reconstructed attack campaigns are indeed consistent with the evolution of an APT. Since APTs are hard to detect, we also introduce a score to take into account potentially undetected attacks. In addition, the score also allows comparing the fit of APTs of different lengths. We validate and illustrate both the model and the score using data obtained from experts.
    Keywords: intrusion detection; advanced persistent threats; attack campaign; machine learning; hidden Markov models; score; missing observations; undetected attacks; expert knowledge.

  • Non-malleable encryption with proofs of plaintext knowledge and applications to voting   Order a copy of this article
    by Ben Smyth, Yoshikazu Hanatani 
    Abstract: Non-malleable asymmetric encryption schemes which prove plaintext knowledge are sufficient for secrecy in some domains. For example, ballot secrecy in voting. In these domains, some applications derive encryption schemes by coupling malleable ciphertexts with proofs of plaintext knowledge, without evidence that the sufficient condition (for secrecy) is satisfied nor an independent security proof (of secrecy). Consequently, it is unknown whether these applications satisfy desirable secrecy properties. In this article, we propose a generic construction for such a coupling and show that our construction produces non-malleable encryption schemes which prove plaintext knowledge. Furthermore, we show how our results can be used to prove ballot secrecy of voting systems. Accordingly, we facilitate the development of applications satisfying their security objectives.
    Keywords: Asymmetric encryption; ballot secrecy; homomorphic encryption; indistinguishability; non-malleability; privacy; secrecy; voting.

  • OAP-WMN: Optimized and Secure Authentication Protocol for Wireless Mesh Networks   Order a copy of this article
    by Nicopolitidis Petros 
    Abstract: WMN (Wireless Mesh Networks) proposes many attractive features to mobile networking area such: self-reconfiguration and self-organization which make it more flexibile, easy deployed and not expensive. But, these features make it constantly overwhelmed with different types of security threats. In this article, we propose an optimized and secure authentication and re-authentication schemes based on the EAP (Extensible Authentication Protocol) mechanism. The proposed solution ensures security of WMN handoff and with a better QoS. It achieves this by reducing the number of exchanging messages and computations in the proposed authentication and re-authentication processes. Besides, we choose to secure the link layer that makes the authentication process more efficient and optimized. For performance evaluation, we use the OPENSSL tool to compare our work with some related work and the result is good. Moreover, the security of our authentication scheme has been affirmed with the AVISPA tool.
    Keywords: Wireless Mesh Network; IEEE 802.11s; EAP; authentication; handoff; QoS; AVISPA.

  • Characterizing Spatial Dependence on Epidemic Thresholds in Networks   Order a copy of this article
    by Zesheng Chen 
    Abstract: Epidemic processes are an important security research topic for both the Internet and social networks. The epidemic threshold is a fundamental metric used to evaluate epidemic spread in networks. Previous work has shown that the epidemic threshold of a network is $1/lambda_{max}(A)$, i.e., the inverse of the largest eigenvalue of its adjacency matrix. In this work, however, we indicate that such a theoretical threshold ignores spatial dependence among nodes and hence underestimates the actual epidemic threshold. Moreover, inspired by the Markov Random Field, we analytically derive a more accurate epidemic threshold based on a spatial Markov dependence assumption. Our model shows that the epidemic threshold is indeed $1/lambda_{max}(A)(1-rho)$, where $rho$ is the average spatial correlation coefficient between neighboring nodes. We then apply simulations to compare the performance of these two theoretical epidemic thresholds in different networks, including regular graphs, synthesized irregular graphs, and a real topology. We find that our proposed epidemic threshold incorporates a certain spatial dependence and thus achieves greater accuracy in characterizing the actual epidemic threshold in networks.
    Keywords: Epidemic thresholds; susceptible-infected-susceptible (SIS) model; spatial dependence; Markov Random Field; Markov model; mean-field approach.

  • A novel Cryptographic Solution to secure Mobile Wireless Sensors Networks   Order a copy of this article
    by Imen Bouabidi, Mahmoud ABDELLAOUI 
    Abstract: Due to the constraints of sensors networks, implementing a secure network requires the development of new approaches dedicated and adapted to these networks. In this context, we proposed in this paper a new cryptographic solution based on grouping a modifed AES in CTR mode and a new key management protocol. The originality of our solution is to obtain a high security level with regard to a minimal resources use (storage only three keys whatever the network density). Our goal is to secure communications between nodes. Simulations are executed by OMNet++ and visual c++ studio. Compared to existing protocols, our cryptographic solution present better results in WSN metrics: it achieves lower energy consumption (the energy cost does not exceed 0.512
    Keywords: AES; CTR mode; ESKMS; integrity; Mobile WSN; OMNet++; privacy;resistance to attacks; symmetric cryptography.

  • Medical Image protection using Diffusion, Substitution and Reversible Data Hiding based on Prediction   Order a copy of this article
    by Mancy Lovidhas, S.Maria Celestin Vigila 
    Abstract: Owing to the expanding benefit for tele-health amenities have developed awareness in the practice of medicinal image protection expertise. It mostly condensed with patient report that are cautious and must only offered to allowable personality. So the medicinal image safety becomes a very great complexity, when victim data are fetched through the open system. Reversible data hiding is mainly an outstanding pledge to grant security for various applications such as satellite, medical images etc. At first, a secret key of 128-bits level is developed by an image histogram. At first the light perceptive characteristic of Digital Imaging and Communications in Medicine image is decayed by the mixing procedure. The ensuing image is dispersed in key conditional blocks and additional, these blocks are conceded in the course of key conditional diffusion and substitution operations. In encryption process, overall five rounds are used. At last the generated covert key is implanted within the cipher image in the method of steganography. Once the medical image is encrypted, the spare information can be fixed into the key embedded cipher image by changing a miniature amount of encrypted information. By means of a cipher image enclosing spare information, one might first haul out the embedded information and then extract the key from the cipher image. At last with the extracted key the cipher image is decrypted and the original image can be successfully obtained.
    Keywords: Diffusion; Substitution; Histogram; Encryption; Decryption; Steganography; Reversible Data Hiding.

  • Location big data differential privacy dynamic partition release method   Order a copy of this article
    by Yan Yan, Lianxiu Zhang, Bingqian Wang, Xin Gao 
    Abstract: Aiming at the privacy protection requirements in real-time statistical publishing process of location big data, a dynamic partition method is proposed based on differential privacy mechanism. The temporal redundancy between adjacent data snapshots has been eliminated by sampling and differential processing of dynamic location big data, and the spatial redundancy of location big data has been reduced by adaptive density meshing and uniformity heuristic quadruple partitioning. Differential privacy protection has been realized by adjusting partition structures of the current data set on the spatial structure of previous moment and adding Laplace noise. Experiments carried out on the cloud computing platform and real location big data sets show that the proposed algorithm can meet the dynamic partition release requirements of real-time location big data, and the query precision of single-released location big data is better than other similar methods.
    Keywords: location big data; dynamic partition release; differential privacy; temporal redundancy; spatial redundancy.

  • Data Integrity Attack Detection in Smart Grid: A Deep Learning Approach   Order a copy of this article
    by Sunitha Basodi, Song Tan, WenZhan Song, Yi Pan 
    Abstract: Cybersecurity in smart grids plays a crucial role in determining reliable functioning and availability. Data integrity attacks at the physical layer of smart grids are mainly addressed in this paper. State Vector Estimation(SVE) methods are widely used to detect such attacks, but such methods fail to identify attacks that comply with physical properties of the grid, known as unobservable attacks. In this paper, we formulate a distance measure to be employed as the cost function in deep-learning models using feedforward neural network architectures to classify malicious and secured measurements. Efficiency and performance of these models are compared with existing state-of-the-art detection algorithms and supervised machine learning models. Our analysis shows better performance for deep learning models in detecting centralized data attacks.
    Keywords: smart grids; bad data detection; state vector estimation; deep learning; IEEE test bus systems; matpower; keras with tensorflow.

  • A real-time botnet detection model based on an efficient wrapper feature selection method   Order a copy of this article
    by Akram Farahmand-Nejad, Samira Noferesti 
    Abstract: Botnets are one of the most widespread and serious threats of cybersecurity that have infected millions of computers around the world over the past few years. Previous research has shown that machine learning methods can accurately detect botnet attacks. However, these methods often do not address the problem of real-time botnet detection, which is one of the main challenges in this area and is essential to prevent the damage caused by botnet attacks. This paper aims to present an efficient real-time model for botnet detection. In the proposed method, a subset of the effective features in detecting the bot traffic is initially selected using the World Competitive Contests Algorithm. Then, based on the selected features, a support vector machine model is created offline to detect real-time bot traffic from the normal one. The test results show that the proposed method can detect botnets with 95% accuracy and outperforms other methods.
    Keywords: network security; botnets; real time; machine learning; support vector machine; SVM; feature selection; world competitive contests algorithm; WCC; wrapper methods; botnet attacks.

  • AudioKey: A Usable Device Pairing System Using Audio Signals on Smartwatches   Order a copy of this article
    by Jiacheng Shang, Jie Wu 
    Abstract: Smartwatches are expected to replace smartphones in some applications with better user experience because of a greater range of features and new innovations such as audio recording, activity recognition, and data transmission. In this paper, we develop a system called AudioKey, aiming to pair two smartwatches by generating a unique secret key between them. Compared with existing works, our system does not need extra infrastructure to synchronize devices and trigger the key generation process, and only uses the existing sensors (gyroscope and microphone) that are deployed on most smartwatches. AudioKey triggers the key generation process on two devices at the same time by detecting the handshake between two normal users. A secret key is extracted from both the frequency domain and the time domain of audio signals and used to authenticate each other or encrypt the sensitive data. Evaluation results collected on 9 volunteers in three different scenarios show that our system can achieve a bit generation rate of 13.4 bits/s with the mean key agreement rate of $96.7\\%$ for a 128-bit secret key, while a strong attacker can only achieve a mean key agreement of $10.8\\%$.
    Keywords: Human activity recognition; Secret key generation.

  • Text Similarity Semantic Calculation Based On Deep Reinforcement Learning   Order a copy of this article
    by Guanlin Chen, Xiaolong Shi, Moke Chen, Liang Zhou 
    Abstract: Semantic analysis is a fundamental technology in natural language processing. Semantic similarity calculations are involved in many applications of natural language processing, such as QA system, machine translation, text similarity calculation, text classification, information extraction and even speed recognition, etc. This paper proposes a new framework for computing semantic similarity: Deep Reinforcement Learning For Siamese Attention Structure Model(DRSASM). The model learns word segmentation automatically and word distillation automatically through reinforcement learning. The overall architecture LSTM network to extract semantic features, and then introduces a new Attention mechanism model to enhance semantics. The experiment show that this new model on the SNLI data set and Chinese business data set can improve the accuracy compared to current base line structure models.
    Keywords: Big Data; Machine learning; Deep learning; Natural language processing; Semantic similarity; Semantic computing; Reinforcement learning; Attention model; LSTM model.

  • Optimal Network Defense Strategy Selection Based on Bayesian Game   Order a copy of this article
    by Zengguang Wang, Yu Lu, Xi Li 
    Abstract: Existing passive defense methods cannot effectively guarantee network security; to solve this problem, a novel method is proposed that selects the optimal defense strategy. The network attack-defense process is modeled based on the Bayesian game. The payoff is quantified from the impact value of the attack-defense actions. The optimal defense strategy is selected that takes defense effectiveness as the criterion. The rationality and feasibility of the method are verified through a representative example, and the general rules of network defense are summarized. Compared to the classic strategy selection methods based on game theory, the proposed method can select the optimal strategy in the form of pure strategy by quantifying defense effectiveness, which was proven to perform better.
    Keywords: network security; network attack-defense process; Bayesian game; incomplete information; attack-defense payoffs; Nash equilibrium; strategy selection; defense effectiveness; pure strategy; optimal defense strategy.

  • Designing a Secure Positioning System Using Blockchain Technology   Order a copy of this article
    by Rajrupa Singh, Selvakumar R 
    Abstract: Achieving a secure positioning system is one of the most prominent issues in the field of wireless security. The central task of this paper is introducing a system that is provably secure for sharing the most sensitive data among the users in a peer-to-peer network. In such systems, the geographical position of the users or the nodes in the network plays a vital role in maintaining the security of the entire network especially for defense purpose. Apart from the existing Bounded Storage Models, the system gives a positive result for "Secure Positioning Problem". The designing of the proposed system is based on the network, where the public ledger is maintained by all the nodes independently without any central authority. This zero knowledge protocol proposed in this paper makes the search space size to grow exponentially, which is a major challenge for the intruder to prove their position.
    Keywords: Blockchain; Position-Based Access; Peer-to-Peer Networks; Zero-knowledge Proof; Low Storage Nodes; Authentication and Authorization.

  • Secure Outsourcing of Modular Inverses and Scalar Multiplications on Elliptic Curves   Order a copy of this article
    by Yuan Ping, Xuyang Guo, Baocang Wang, Jingxian Zhou 
    Abstract: In the big data era, we can collect more data than ever before yet to analyze them remains a challenge of pricey analysis to normal users. As the core of the widely-used elliptic curve cryptosystems, modular inverse and point multiplication are worthy of being outsourced as services for their fundamental and pricey computation. However, this raises security concerns, especially on the untrusted cloud. Towards these issues, in this paper, we propose two outsourcing protocols to do these two operations, respectively. For efficiency aspects, in the first protocol, only three modular multiplications required by the client to outsource a modular inverse operation to the cloud. In the second protocol, a point multiplication operation can be carried out just by doing two addition operations on elliptic curves. For security aspects, in both protocols, the input is randomly split into two parts to meet the input privacy and output privacy. The security of both protocols is theoretically proved under a single server and the non-colluding two servers models, respectively. Furthermore, the cheating behaviors of the servers can be detected by probabilities of 100% and 75%, respectively. Besides the proposed two secure outsourcing protocols achieve the highest security goal, namely, perfect privacy (or unconditional security), simulation experiments confirm the significant improvement on efficiency in comparison of the corresponding traditional ones.
    Keywords: Cloud Computing; Secure Outsourcing; Modular Inverse; Point Multiplication; Elliptic Curve; Public Key Cryptography.

  • Fog Computing: Survey on Decoy Information Technology   Order a copy of this article
    by Muhyidean Altarawneh, Wesam Almobaideen 
    Abstract: Fog computing extends the cloud paradigm to the edge of the network, thus covering deficiencies that are in cloud computing infrastructure. Security concerns are reduced, but this does not provide a secured platform, since data could be simply compromised in constrained environments. This survey emphasizes on possible security mechanisms that uses technologies like user behavior profiling and decoy technology to mitigate security threats. It mainly focuses on reviewing papers that have used decoy technology on fields of fog computing and other environments that fall under the same umbrella. After comparing papers, based on the results, classifications were provided in different perspectives such as detecting unauthorized access and decoy technology deployment. These classifications could support in selecting the best practice based on the required function and environment of deployment.
    Keywords: decoy technology; honeypots; security; fog computing; constrained networks.

  • Packing Resistant Solution to Group Malware Binaries   Order a copy of this article
    by Ahmad Azab 
    Abstract: Malware is still identified as a serious threat on the Internet and considered the main tool utilized by cybercriminals to conduct their malicious actions against corporations, government agencies and individuals. Malware authors embed numerous techniques, such as obfuscation and morphing, to avoid detection by anti-virus engines and facing hardened zero-day detection. To address this problem, we propose a solution that groups malware binaries belonging to the same variant, regardless of whether they are packed or not. Our approach deploys similarity measures between the malware binaries of the same variant by applying data mining concepts in conjunction with hashing algorithms. In this paper, we assess Trend Locality Sensitive Hashing (TLSH) and SSDEEP hashing algorithms to group packed and unpacked binaries of the same variants, deploying K-NN learning algorithm. Two Zeus variants are used - Mal_ZBOT and TSPY_ZBOT - to address the effectiveness of the proposed approach. The experimental results reflect our method's effectiveness in grouping binaries of the same variant, its resilience to common obfuscations used by cybercriminals and a poor performance with regard to applying the hashing algorithm without the data mining concept. The best result attained over both packed and unpacked binaries is 0.982 F-Measure.
    Keywords: Malware; Hashing; Datamining; Zeus.