International Journal of Security and Networks (23 papers in press)
Formal Verification of Secondary Authentication Protocol for 5G Secondary Authentication
by Ed Kamya Kiyemba Edris, Mahdi Aiash, Jonathan Kok-Keong Loo, Mohammad Shadi Alhakeem
Abstract: The Fifth-Generation mobile network (5G) will enable interconnectivity between the Home Network (HN) and Data Network (DN) whereby mobile users with their User Equipment (UE) will be able to access services provided by external Service Providers (SP) seamlessly. The mobile user and SP will rely on security assurances provided by authentication protocols used. For 5G, primary authentication between the UE and the HN has been defined and specified by the Third Generation Partnership Project (3GPP) while the secondary authentication has also been defined but not specified. 3GPP recommends the Extensible Authentication Protocol (EAP) framework for secondary authentication between the UE and the SP. However, the secondary authentication methods have not been formally verified, so this paper proposes a Secondary Authentication Protocol (SAP) for service authentication and provides a comprehensive formal analysis using ProVerif a security protocol verifier. Finally, it conducts a security analysis on the protocol's security properties.
Keywords: 5G; Secondary Authentication; Security Protocol; Services; Formal Methods; ProVerif; Applied Pi Calculus.
Flow-based Profile Generation and Network Traffic Detection for DNS Anomalies using Optimized Entropy-based Features Selection and Modified Holt Winter's Method
by Rohini Sharma, Ajay Guleria, R.K. Singla
Abstract: Network Anomaly Detection Systems can detect zero day anomalies but false positive rate is quite high, and the localization of anomalies require manual intervention. In this paper, Profile-based Network Anomaly Detection System (P-NADS) is proposed that works in three phases. In the first phase, a minimal set of characteristic features for DNS service is identified using proposed Optimized Entropy-based Features Selection (OEFS). Minimum number of characteristic features help in detecting anomalies with the same or higher accuracy and decreases the response time as well. In the second phase, Modified Holt Winter's Method using partial Trend (MHWT) is proposed that generates normal profile of a system to predict future normal behavior. It predicts the normal behavior more accurately than the previous techniques. Normal profile of a system is updated regularly using predicted and actual behavior of the system. In the final phase, anomalies are detected and localized. Experimental results show that the OEFS method works better than Information Gain and Forward Feature Selection Algorithm. The proposed MHWT method gives better prediction for DNS when compared to HWDS Method with the original set of features and with a minimal set of features. The proposed system automatically localizes the anomalies and finds the infected sub-network which can be isolated from the rest of the network until remedial actions are taken. Experiments are performed on Panjab University Flow-based Dataset (PUF-Dataset) which is available for researchers. The dataset was created using real flows collected from Panjab University Chandigarh campus network.
Keywords: Network Anomaly Detection; Holt Winter's Method; Domain Name System; Features Selection; Entropy; Normal Profile; Network Flows.
An automated method for detecting suspicious nodes in Bitcoin address graph
by Tala Tafazzoli, Abouzar Arabsorkhi, Amirahmad Chapnevis
Abstract: Financial innovation has entered a new era with cryptocurrencies. Bitcoin
is the first decentralized cryptocurrency and the most popular in the world. The main
features of this new technology are immutability, decentralized trust and anonymity.
Bitcoin anonymous and untraceable system facilitates cash-out and laundering of
Bitcoin currency flow provides an address graph that assigns the flow of Bitcoin between two addresses. Identifying suspicious nodes in the Bitcoin network is similar to the problem of recognizing the origins in the contact network of different applications, i.e., virus propagation, rumor source in social networks, poison spread in water networks.
In order to investigate money laundering in Bitcoin, we proposed an automated method
to identify suspicious addresses in the Bitcoin address graph. We chose two centrality measures to be calculated on the graph. The measures are betweenness centrality and closeness centrality. The nodes with the highest values for the measurements are suspicious.
The accuracy of the proposed method is further investigated by comparing the
fraudulent candidate nodes with other scenarios. It is shown that the identified nodes are correct candidates for further investigations.
Keywords: Bitcoin; bteweenness centrality; closeness centrality; money laundering;.
An Authorization Certificate Based Access Control Model
by Wenxin Li, Jingsha He, Nafei Zhu, Shuting Jin, Da Teng
Abstract: There are currently many types of access control models
and schemes that have been proposed to protect valuable resources in
distributed environment. Many such models have failed to take into
the consideration of efficiency, security, practical implementation
and management at the same time. Based on the analysis of
conventional certificate-based access control characteristics, this
paper proposes an Authorization Certificate Based Access Control
Model (ACBAC) to realize access control in distributed environment.
Employing certificates in access control c a n h e l p meet the
v a r i o u s requirements in distributed networks or systems while
ensuring security to a great extent. Efficiency and security can thus be
improved by delegating the functions of making access authorization
decisions to the certificate issuer (CI). We will formally describe the
model, introduce the application scenarios and the processes of the
model, and provide the details of implementation. Finally, the
effectiveness and superiority of the model is verified through
experiment and analysis.
Keywords: Authorization certificate; Access control; Access control model; Distributed control; Formalization.
IOT Smart Homes Security Challenges and Solution
by Mansoor Farooq, Mubashir Hassan
Abstract: Security in smart homes is becoming more and more relevant because of the ever-growing availability of devices on the market and the confidential information they process. Historic incidents have indicated that intelligent homes can lead to attacks with significant consumer and community implications. While a lot has been achieved to identify security solutions for IoT and intelligent houses, consensus also needs to be found about how the best solutions are. This paper describes the significance of technologies in the field and presents a possible security policy for intelligent households. The safety solution is a network-based solution installed in a smart hub that identifies malicious behavior inside a connected home network. Two attack detection processes, namely botnet detection and Evil-Twin attack detection are introduced as proof of concept. The findings suggest that the security supervisor can identify the former but not the latter.
Keywords: IoT; Smart Homes; Botnet; and Evil-Twin.
A secure and privacy-preserving Scheme for Secure
Metering and Cooperative Communication in Advanced
Metering Infrastructure of Smart Grid Networks
by Oladayo Olakanmi, Kehinde Odeyemi
Abstract: Advanced Metering Infrastructure (AMI) in a smart grid network performs fine grained metering and communication for effective monitoring of energy consumptions of electric utility customers. However, its reliance on the existing
wireless communication facilities, which are not only characterized by high traffic but also vulnerable to different attacks, affects its performance. The high volume of sensitive data on AMI coupled with the vulnerability of its wireless
infrastructure has made it one of the major targets for different attacks in the
smart grid network. Therefore, to secure metering and communication on an
AMI of smart grid network there is a need for an efficient solution that enforces
confidentiality, integrity and privacy preservation. Although several schemes
had been proposed to secure metering and communication in AMI, most of
them are incapable of providing vital security properties at a low cost.
In this paper, an efficient privacy-aware and secure metering and communication scheme is proposed to secure metering, and preserve the customers privacy.
To achieve this, we adopted low-cost cryptographic primitives to evolve effective
metering and communication scheme with non-complex key management and
authentication procedures. Our approach allows data aggregation among m number of customers for secure multi-hop transmission of metering data. The
simulation results showed that the approach ensures confidentiality, privacy preservation, and integrity in AMI at a low computational and communication
Keywords: Smart Grid; Perturbation; Security; Aggregation; Metering; Communication.
Desktop and Mobile Operating System Fingerprinting based on IPv6 Protocol using Machine Learning Algorithms
by Saeed Salah, Mohammed AbuAlhawa, Raid Zaghal
Abstract: Operating System (OS) fingerprinting tools are essential to network security because of their relationship to penetrating testing, vulnerability scanning, network inventory and tailoring of exploits. While OS identification is traditionally performed by passive or active tools that use fingerprint datasets, a limited number of proposals has focused on using machine learning techniques. Furthermore, significantly more contributions have focused on IPv4 than IPv6. This paper proposes a new methodology based on machine learning algorithms to build classification models to identify IPv6 OS fingerprinting based on user traffic. Unlike other proposals that mainly depend on TCP and IP generic features for detecting the OS, this work adds other features to improve the detection accuracy. Moreover, the scope of this work is extended beyond the classification of OSes that are installed in desktop and laptop (such as Windows and Linux, etc.), it also considers OSes installed in mobiles and tablets (such as Android and iOS). In addition to that, since IPv6 suffers from lack of such datasets that can be used for OS fingerprinting purposes, due to privacy issue of the IPv6 information (such as IPv6 address and prefix), a newly created dataset was used in this work and will be available for other researchers who conduct relevant research. The experimental results have shown that the algorithms achieved high and acceptable results in the evaluation metrics in classifying the OS. KNN and DT achieve high accuracy of up to 99%. SVM achieves a quite high accuracy of up to 81%. GNB achieves the lowest accuracy up to 75%. Moreover, KNN, RF and DT achieve the best recall, precision and f-score which almost the same as the achieved accuracy. GNB achieves 0.75 recall larger than precision (0.81) due to the high number of False Negative (FN) records.
Keywords: operating system; fingerprinting; IPv6; network security; machine learning; mobile operating system; performance measures.
privacy in content-centric networking against side channel attacks
by Anmol Agnihotri, Padmavathi R., Santanu Chatterjee, Vinod Mahor
Abstract: Content-Centric Network (CCN) is a new networking paradigm to overcome the shortcomings of todays Internet. The central point in CCN is the named and addressable data or the content. Due to a few loopholes within the engineering of CCN, side-channel attacks are conceivable. In this paper, two such types of attacks are investigated, one is time-based and another is inference based. Delivering privacy to consumers comes at the cost of reducing utility. We proposed an algorithm to preserve consumer privacy without much affecting the overall utility of the network to overcome time-based attack on privacy. A comparative study of privacy vs. utility trade-off is presented. The algorithm is analysed both experimentally and theoretically and results are reported.rnInference side-channel attack based on frequency analysis can be achieved by an eavesdropper in the presence of adequate information, to learn the plain-text of encrypted content transmitted in CCN. We analysed the accuracy of this attack and in what extent it can jeopardize consumers privacy. A method is proposed to collect the auxiliary information needed to carry out the attack by probing the cache of the CCN routers. The attack is analysed theoretically as well as experimentally and reported. Possible countermeasures to mitigate the attack are also discussed.
Keywords: Security & Privacy in CCN; Future Networking Architectures; Side-channel attacks; Cache-Probing attack in CCN; Inferenece Attack in CCN.
Uncertain graph generating approach based on differential privacy for preserving link relationship of social networks
by Jun Yan, Yupan Tian, Hai Liu, Zhenqiang Wu
Abstract: With the widespread use of social networks in our daily life, the personal privacy in social networks has become a growing concern. To prevent the link relationship of social networks from disclosing users' sensitive information when the social networks data is released, an uncertain graph approach based on differential privacy is introduced, which can resist attacks based on background knowledge and possesses better data utility. In this approach, we propose a modification of edges based on random response (MERR) algorithm and a injection of uncertainty based on k-edges-differential privacy (IUDP) algorithm. The MERR algorithm can modify the edge of original graph according to random response mechanism, while the IUDP algorithm injects uncertainty to generate an uncertain graph. For evaluating our approach, the expectation of editing distance between two graphs is adapted to measure the level of privacy preserving. In addition, our approach is conducted on different data sets and compared with other approaches. The experimental results indicate that this approach achieves differential privacy and has better data utility.
Keywords: uncertain graph; k-edges differential privacy; random response mechanism; Laplace mechanism; link relationship.
Chebyshev chaotic map based efficient authentication scheme for secure access of VoIP services through SIP
by Vinod Mahor, R. Padmavathi, Santanu Chatterjee
Abstract: In a network of participants who wish to communicate or access multimedia service using voice over IP (VoIP), System Initiation Protocol (SIP) is used. SIP exists in the application layer for signalling to initiate, update and terminate the sessions. Before initiating the session, the security neccessitates authentication of participating entities. A Mutual authentication mechanism is required for SIP in order to establish a secure session between the two entities. In password based authentication, user need to remember his username and password in order to have a session with other user. In this paper , we have proposed an efficient smart card based mutual authentication scheme (CP-MASIP) for SIP which is based on chebyshev chaotic map. In addition to providing security against various known attacks, our scheme provides user anonymity which is very important security parameter in present world. The scheme has been analyzed using BAN logic and informal security analysis.
Keywords: Mutual Authentication; BAN Logic; Session Initiation Protocol(SIP); Session Security.
Enhanced VoD Security in Cloud Computing Against Insider and Outsider Threats
by Mohammad Alshayeji, Sa'ed Abed
Abstract: Many Video-on-Demand (VoD) providers leverage the bene?ts of cloud computing (e.g., Net?ix shifted to Amazon Web Services). However, various security concerns have arisen from this shift. For instance, if the hosted multimedia contents are not encrypted, then the VoD providers must fully trust that the cloud provider will not illegitimately access, distribute, or modify the multimedia contents. This ultimate trust in the cloud provider emerges owing to numerous issues, especially as the latest ENISA report showed that approximately 25% of security threats have been based on internal misuse over the last six years. Moreover, quite a few of these high-pro?le breaches were because of internal threats. In this paper, we introduce a simple yet e?ective scheme to protect contents from internal and external threats. Encrypt Once - Con?dentiality, Privacy, and Integrity (EO-CPI) focuses on protecting data con?dentiality, integrity, and users privacy for untrusted cloud-based VoD systems. We compared our proposed scheme, which is similar to Net?ix latest encryption scheme that uses Transport Layer Security (TLS) with Advance Encryption Standard - Galois Counter Mode (AES-GCM). Our results demonstrated a signi?cant reduction of 79% of the server-side computational overhead when using EO-CPI with a re-encryption degree of one time per ?ve users while maintaining an intact performance for the user side. It also provides security from internal and external threats versus other approaches when there is a supply of security exclusively from external parties. The proposed approach should enhance and facilitate cloud-based VoD security and diminish its carbon footprint.
Keywords: Cloud Computing; Content Encryption; Insider Threats; Privacy; VoD.
VoIP security auditing model based on COBIT 4.1
by Oscar Danilo Gavilanez Alvarez, Glen Dario Rodriguez Rafael
Abstract: The article justifies the need for a specific model of VoIP security auditing that evaluates the incidence of security problems and addresses the challenges in terms of protecting IT resources. The current VoIP security problems are determined based on the analysis of auditing frameworks, and a model based on COBIT 4.1 is proposed to address these problems. As an innovation, the model includes the security culture plan and social engineering from the approach of the user as an IT service customer. In this work, we present the validation of the surveys using Cronbachs alpha and the results of the statistical average of the surveys applied to experts in social engineering and security auditing in VoIP. The proposed VoIP Security Auditing Model, called VoIPSAM, considers four domainsPlan and Organize, Monitor and Evaluate, Acquire and Implement, and Delivery and Supportwhich consider specific security policies for its application.
Keywords: model of security auditing; social engineering; security culture plan; VoIP; COBIT.
Using Blockchains to protect Critical Infrastructures: a comparison between Ethereum and Hyperledger Fabric
by Wilson Melo, Lucas S. Dos Santos, Lucila M. S. Bento, Paulo R. Nascimento, Carlos A. R. Oliveira, Ramon R. Rezende
Abstract: The monitoring and protection of critical infrastructures, especially the ones involving physical assets (e.g., dams, nuclear energy facilities, governmental buildings), constitute a challenging problem. The failure and collapse of these infrastructures can cause untold consequences. Recent works have proposed blockchains as a tool to improve monitoring systems in different critical infrastructures. However, most previous works lack on presenting a more in-depth discussion about how to implement these solutions. In this paper, we develop a practical approach. We propose a comprehensive framework that describes how to implement a blockchain-based system to monitor and protect critical infrastructures. We implement our framework in two distinct blockchain platforms: Ethereum and Hyperledger Fabric. We compare both implementations and discuss their differences in terms of performance, easiness of development, security, privacy, complexity, and costs. We believe that our results can be valuable for professionals interested in applying blockchain-based solutions to protect critical infrastructures.
Keywords: blockchain; critical infrastructures; cyber-physical systems; security.
Simulated Study of the Influence of Node Density on the Performance of Wireless Sensor Networks
by Aaron Rababaah
Abstract: This paper investigates the impact of local and global node density in cluster-based structured Wireless Sensor Networks (WSNs). The local density represents sensor node density (SND) in a cluster whereas, global node density relates to head node density (HND) in the entire WSN. The literature rarely addresses the impact of density on WSNs performance as the focus is typically on protocols, routing, scheduling, clustering and network longevity. Often, the density of nodes is assumed heuristically, but not based on empirical experiments. In this work, we address this issue by measuring the impact of node density on four performance metrics: isolated sensor nodes, isolated head nodes, network detection effectiveness and network tracking accuracy. Using an in-house simulator, a total of 5200 experiments were conducted and performance-metrics were collected and analyzed. The results revealed interesting relationships among the studied variables and identified best performing node densities locally and globally.
Keywords: wireless sensor networks; clustered networks; tracking accuracy; detection effectiveness; local node density; global node density.
Network tolerance optimization to random and target attacks based on percolation theory
by Xiaoteng Yang, Zhenqiang Wu, Jun Yan, Mubarak Umar
Abstract: A social network system has a failure characteristics for random attacks of components or target attacks. This paper constructs related models for complex network defense systems to support the integrity of the social network system. First, we discuss the impact of component failure on complex systems and determine the risk scope. Second, based on the attack tolerance of the percolation theory, we verify the robustness of the network system through the percolation threshold fc to determine its optimal distribution. Third, we build a bimodal-distributed network model based on the network optimality to resist network failure.The model simulation results show that when the degree node is Kmin and Kmax in the complex networks, these nodes themselves form a largest cluster to guarantee the integrity of the network system, and to ensure that the network is still robust to subsequent attacks after the removal of the central hub nodes.
Keywords: Network defense system;percolation theory;attack tolerance;bimodal-distributed network model.
Security Enhanced Android for an Enterprise
by Rameez Rehman, Syed, Mudassar Waheed, Ammar Masood
Abstract: Mobile devices have emerged as one of the most common means of communication in current times. Mobile devices are commonly used to either access or store private information of the users, which make them a treasure trove for malicious intent attackers. Additionally, enterprises also encourage users to use their own mobile devices which not only leads to users convenience but at the same time also serve to decrease costs and higher employee productivity for an enterprise. In this scenario, an attack on employee's mobile device will not only uncover personal information of the employee but also the enterprise's secrets and protected data. Thus highlighting the requirement for strong protection of data stored on these devices and also the need for hardening the mobile devices against malicious attacks. One such approach for an enterprise would be to reinforce the underlying Android operating system (OS) which is the one most widely used in current mobile devices due to its open source nature. With this focus we first carried out a security feature comparison of Android Open Source Project (AOSP) based OS with iOS (iPhone's Operating System) to identify potential enhancements for a secure Android OS for the enterprise. Subsequently an analysis of custom Android ROMs was performed to further refine security enhancements in an enterprise scenario. Present work follows a risk assessment approach through a comprehensive security comparison of stock Android with iOS and custom ROMs to establish security requirements for Android in an enterprise scenario.
Keywords: Android Security; Android custom ROMs; Enterprise Security Requirement; Security Enhancements in Android; Mobile OS security; iOS security.
A new Wrapper Feature Selection model for Anomaly based Intrusion Detection Systems
by Meriem Kherbache, Kamal Amroun, David Espes
Abstract: Feature selection is a fundamental phase of Anomaly-based intrusion detection. It is a method that selects the near-optimal subset of features to improve the effectiveness of an anomaly-based Intrusion Detection System (IDS). A near-optimal subset of features is one of the main factors to reduce the number of false positives and the classifier execution time. To select this subset of features, this paper introduces a new method that combines the Agglomerative Hierarchical Clustering (AHC) algorithm with the Support Vector Machine (SVM) classifier. An intelligent process classifies the features according to their variances for each attack category. The features are selected based on their variance and grouped by their variance similarities. An iterative algorithm is used to combine the obtained attack clusters with normal traffic to form subsets of candidate combinations. The SVM classifier is applied to find the best combination of features. The NSL-KDD and CICIDS2017 datasets are used to estimate the effectiveness of the proposed method. The evaluation results show that our algorithm increases significantly the detection accuracy and improves the detection time. The results show that the proposed approach significantly reduced the number of features for each attack (about 80% for the NSL-KDD dataset and 90% for the CICIDS2017 dataset). Moreover, it performs very well on any type of attack (whether stealthy or not) and outperforms other existing approaches. Perfect accuracy of 100% is achieved for some stealthy and complex attacks such as Heartbleed, SQL Injection and Botnet attacks.
Keywords: Intrusion Detection System; Feature Selection; Agglomerative Hierarchical Clustering; Support Vector Machine.
Police Alarm Address Recognition and Classification Based on Convolutional Neural Networks
by Mingyue Qiu, Zhijie Bi
Abstract: The assignment of addresses of police alarms is the most significant aspect when receiving such alarms. However, currently, most areas still adopt modes such as the layer-by-layer forwarding of police alarm addresses, dispatching alarms level by level, manual judgement of addresses, and manual allocation of the alarms. Under such modes, the identification of alarm addresses is likely to be inefficient and inaccurate, and there will also be issues such as long dispatch times. As the reception of police alarms continues to rise, this paper builds an intelligent police alarm address recognition and classification model based on natural language processing and convolutional neural networks. This will achieve the rapid identification and classification of alarm addresses, thereby meeting the goal of improving the efficiency of the reception of police alarms. At present, the system has been deployed and used, which has greatly improved the efficiency of police work.
Keywords: Natural language processing; Convolutional neural networks; Address recognition; Police alarm address classification.
Implementation of Quasi-Newton Algorithm on FPGA for IoT Endpoint Devices
by Shizhen Huang, Anhua Guo, Kaikai Su, Siyu Chen, Ruiqi Chen
Abstract: With the recent developments in the Internet of Things (IoT), there has been a significant rapid generation of data. Theoretically, machine learning can help edge devices by providing a better analysis and processing of data near the data source. However, solving the nonlinear optimization problem is time-consuming for IoT edge devices. A standard method for solving the nonlinear optimization problems in machine learning models is the Broyden-Fletcher-Goldfarb-Shanno (BFGS-QN) method. Since the field-programmable gate arrays (FPGAs) are customizable, reconfigurable, highly parallel, and cost-effective, the present study envisaged the implementation of the BFGS-QN algorithm on an FPGA platform. Using half-precision floating-point numbers and single-precision floating-point numbers to save the FPGA resources were adopted to implement the BFGS-QN algorithm on an FPGA platform. The results indicate that compared to the single-precision floating-point numbers, the implementation of the mixed-precision BFGS-QN algorithm reduced 27.1% look-up tables, 18.2% flip-flops, and 17.9% distributed random memory.
Keywords: IoT; edge computing; machine learning; nonlinear optimization; BFGS-QN; FPGA.
Heterogeneous Big Data Fusion in Distributed Networking Systems for Anomaly Detection and Localization
by Yuan Zuo, Xiaozhou Zhu, Jiangyi Qin, Wen Yao
Abstract: An efficient anomaly detection and localization mechanism is crucial for achieving high-quality network services. In particular, learning-based methods have recently been developed to achieve this goal by discovering helpful information from a massive amount of heterogeneous network data. However, heterogeneous data from various network components lead to significant challenges and an unexpected burden for analysis. The distributed scale of networking systems challenges data integrity and knowledge retrieval due to the separation of coupled functions over the distributed system. In this article, an insightful survey is performed by thoroughly reviewing recent academic and industrial contributions regarding anomaly detection and localization. To tackle the issues, we propose a new framework to effectively learn informative representations of heterogeneous data and fuse this information for efficient anomaly detection and localization. Furthermore, a case study is presented for anomaly detection and localization through learning data representations and performing heterogeneous data fusion.
Keywords: Data heterogeneity; Distributed networking systems; Anomaly detection; Anomaly localization; Machine learning.
A Hybrid Malware Analysis Approach for Identifying Process-Injection Malware Based on Machine Learning
by Chia-Mei Chen, Ze-Yu Lin, Ya-Hui Ou
Abstract: Advanced Persistent Threat (APT) attacks take place every day, utilizing stealthy and customized malware to disrupt the service or sabotage the network. Such advanced malware may subvert the defense mechanism by abusing process injection techniques provided by operating system and injecting malicious code into a benign process. Some process injection techniques may be identified by static analysis, but some can only be discovered at run time execution. This study adopts deep learning models and two malware analysis approaches to detect process injection malware. By applying transfer learning, this study proposes a CNN-based detection model with the features selected from static and dynamic analysis to identify process-injection malware. The experimental results demonstrate that the proposed method could detect process-injection malware efficiently as well as unknown malware.
Keywords: malware detection; process injection; machine learning.
Entropy and likelihood based detection of DGA generated domain names and their families
by Ashutosh Bhatia, Deepak Vishvakarma, Rekha Kaushik, Ankit Agrawal
Abstract: Botnet is a network of hosts (bots) infected by a common malware and controlled by command and control (C&C) servers. Once the malware is found in an infected host, it is easy to get the domain of its C&C server and block it. To counter such detection, many malware families use probabilistic algorithms, known as domain generation algorithms (DGAs), to generate domain names for the C&C servers. In this paper, we propose a probabilistic approach to identify the domain names that are likely to be generated by malware using DGAs. The proposed solution is based on the hypothesis that the entropy of human-generated domain names should be lesser than the entropy of DGA generated domain names. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 39 DGA families considered by us in our experimentation.
Keywords: Domain Name System;· Domain Generations Algorithms; Botnets; Command and Control Servers.
A survey on SQL injection attacks, detection and prevention techniques - A tertiary study
by María Hallo, Gabriela Suntaxi
Abstract: This paper presents a tertiary systematic literature review of SQL Injection Attacks based on previous secondary systematic literature reviews and systematic mappings. We identify the main observations (what we know) and challenges (what we do not know) on SQL injection attacks. We perform this tertiary review using six scientific databases. Based on a rigorous search process, we consider in our study eleven secondary studies published in the last decade. We define six research questions that help us determine the current state of the art in SQL injection attacks. We organize the main observations and challenges into definitions, most common research topics related to SQL injection attacks, detection and prevention techniques, and limitations of the studies. Finally, we identify open issues that could guide future research work.
Keywords: SQL injection attacks; SQLIA; SQL injection detection techniques; SQL injection prevention techniques.