Forthcoming and Online First Articles

International Journal of Security and Networks

International Journal of Security and Networks (IJSN)

Forthcoming articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Online First articles are published online here, before they appear in a journal issue. Online First articles are fully citeable, complete with a DOI. They can be cited, read, and downloaded. Online First articles are published as Open Access (OA) articles to make the latest research available as early as possible.

Open AccessArticles marked with this Open Access icon are Online First articles. They are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.

Register for our alerting service, which notifies you by email when new issues are published online.

We also offer which provide timely updates of tables of contents, newly published articles and calls for papers.

International Journal of Security and Networks (11 papers in press)

Regular Issues

  • A Hybrid Malware Analysis Approach for Identifying Process-Injection Malware Based on Machine Learning   Order a copy of this article
    by Chia-Mei Chen, Ze-Yu Lin, Ya-Hui Ou 
    Abstract: Advanced Persistent Threat (APT) attacks take place every day, utilizing stealthy and customized malware to disrupt the service or sabotage the network. Such advanced malware may subvert the defense mechanism by abusing process injection techniques provided by operating system and injecting malicious code into a benign process. Some process injection techniques may be identified by static analysis, but some can only be discovered at run time execution. This study adopts deep learning models and two malware analysis approaches to detect process injection malware. By applying transfer learning, this study proposes a CNN-based detection model with the features selected from static and dynamic analysis to identify process-injection malware. The experimental results demonstrate that the proposed method could detect process-injection malware efficiently as well as unknown malware.
    Keywords: malware detection; process injection; machine learning.

  • An Overview of Location Privacy Protection in Spatial Crowdsourcing Platforms During the Task Assignment Process   Order a copy of this article
    by Amal Albilali, Maysoon Abulkhair, Manal Bayousef 
    Abstract: The field of spatial crowdsourcing (SC) has become a hot topic in recent years. The greatest concern of participants of SC platforms is privacy leakage during the task assignment (TA) process. In this study, we present an overview of techniques used to protect workers' location privacy and associate these with the directed attacks that occur during TA on SC platforms to guide researchers and enhance the development of new approaches. The overview involves analysis of major studies published in highly ranked journals during 20172022 and includes discussion of each techniques strengths and limitations, highlighting the attack types that threaten worker privacy and have not yet been sufficiently investigated. Finally, we present the challenges facing privacy in SC and future directions for developing advanced approaches that protect the worker privacy against critical attacks.
    Keywords: spatial crowdsourcing; SC; location privacy; location protection; privacy; crowdsourcing; location attacks.
    DOI: 10.1504/IJSN.2023.10058091
     
  • Enabling Secure Modern Web Browsers against Cache-Based Timing Attacks   Order a copy of this article
    by Sangeetha Ganesan  
    Abstract: Web applications have grown to be the foundation of any kind of system, ranging from cloud services to the internet of things (IoT) systems. As a huge amount of sensitive data is processed in web applications, user privacy shows as the most important concern in web security. In the virtualisation system, cache side channel (CSC) attack techniques have become popular to retrieve the secret information of other users. This paper presents a run-time detection and prevention mechanism, called browser watcher (BW), for time-driven CSC attacks. The computation overhead of the proposed BW java script engine is monitored and tabulated for the different domains. The average cache miss rate is measured from 23% to 89%. Once the BW system identifies the attacker, then it prevents stealing the secret information of the victim. This makes it very hard for the attacker to find the memory access pattern of the victim.
    Keywords: cache side channel; CSC attack; timing attack; BW system; cache attack prevention; internet of things; IoT.
    DOI: 10.1504/IJSN.2023.10058114
     
  • CPPABK: Conditional Privacy-Preserving Authentication Scheme for VANETs Based on the Key Derivation Algorithm   Order a copy of this article
    by Yixuan Wang, Xian Guo 
    Abstract: Vehicle Ad Hoc Networks (VANETs) hold great potential for enhancing traffic management and driver safety. Consequently, ensuring the precision and reliability of information exchanged within VANETs is paramount. This paper introduces a distributed privacy-preserving authentication scheme explicitly designed for VANETs. Our scheme integrates blockchain technology, batch authentication, and the key derivation algorithm to achieve exceptional efficiency and scalability. Initially, the authentication process utilizes fuzzy biometric extraction technology as the fundamental module to authenticate the vehicle owner's identity. Subsequently, the scheme enables vehicles to authenticate the received message by retrieving data (anonymous public key) from the blockchain, thereby mitigating the adverse effects of the blockchain's low throughput and high latency and eliminating the key escrow problem. A comprehensive security analysis confirms that the proposed scheme satisfies the security requirements of VANETs. Furthermore, performance analysis reveals significant improvements across various aspects.
    Keywords: VANETs; blockchain; conditional privacy-preserving authentication; key derivation algorithm.
    DOI: 10.1504/IJSN.2023.10058452
     
  • A Detailed Analysis of Public Industrial Control System Datasets   Order a copy of this article
    by Asaad Babiker, Mohamed Habaebi, Sinil Sinil Mubarak, M.D. Rafiqul Islam 
    Abstract: A wide range of critical infrastructures such as power systems, water distribution systems, gas pipelines, and others are controlled and monitored using industrial control systems (ICSs). Recently, security attacks against ICSs are increasing at an alarming rate. These systems cannot afford to lose the availability of service, a cyber-attack can cause catastrophic damage. Intrusion detection systems (IDSs) are the first defence line against such attacks. To develop an effective IDS, a well-designed dataset is a must. In this paper, we present a detailed analysis of public intrusion datasets for ICSs. Focusing on the way security researchers used them to develop an IDS, their results, and the effect of the dataset's drawbacks. We performed exploratory data analysis (EDA), principal component analysis (PCA), and binary classification using random forest (RF) model. We believe this analysis will help the developers of the next generation of ICS-related IDSs.
    Keywords: intrusion detection system; IDS; industrial control system; ICS; datasets; cyber security; information security.
    DOI: 10.1504/IJSN.2023.10058681
     
  • MalGA-LSTM: a malicious code detection model based on genetic algorithm optimising LSTM trainable parameters   Order a copy of this article
    by Yudi Zhang, Yongxin Feng, Yuntao Zhao 
    Abstract: With the development of internet technology, the number of malicious software is also growing rapidly, causing great potential for cybersecurity issues. When using neural network to identify and detect malicious code, the traditional gradient descent method is easy to fall into local optimum and sensitive to the initial weight of the network. In order to solve these problems, a method using genetic algorithm (GA) to optimise LSTM trainable parameters for malicious code detection is proposed in this study. First, the API sequence called by malicious code was transformed into word2vec word vector, then genetic algorithm was used to optimise the trainable parameters in the network. The experimental results showed that the accuracy of the LSTM model optimised by genetic algorithm in the training set was more than 15% higher than that of the traditional gradient descent method, reaching 94.53%, and the accuracy in the testing set was more than 10% higher than that of the traditional gradient descent method, reaching more than 86%.
    Keywords: genetic algorithm; word2vec; malicious code detection; deep neural network; long and short-term memory; LSTM.
    DOI: 10.1504/IJSN.2023.10058068
     
  • Multi-group key agreement protocol using secret sharing scheme   Order a copy of this article
    by Rolla Subrahmanyam, N. Rukma Rekha, Y.V. Subba Rao 
    Abstract: The group key agreement protocol allows a group of participants to agree on a one time session key and use it to protect future group oriented communication across an insecure network. In literature, secret sharing schemes, bilinear pairings, and polynomials were commonly used to distribute group key related information to the group participants. However, all these schemes work only for a single group but not for multiple groups. Hence, we propose a multi-group key agreement protocol based on a secret sharing scheme in this paper. This scheme is relevant in scenarios where groups are the most elementary entities for communication as opposed to individuals. Any threshold t or more participants could reconstruct the secret in every group. If there are t - 1 or fewer participants in any group, the secret cannot be obtained in those particular groups. The correctness of the scheme and security analysis are discussed.
    Keywords: secret sharing scheme; SSS; verifiable secret sharing; key agreement protocol; KAP; group key agreement protocol; GKAP; Diffie-Hellman; DH; group Diffie-Hellman; GDH; key exchange; KE.
    DOI: 10.1504/IJSN.2023.10056277
     
  • Moving object location prediction based on a graph neural network with temporal attention   Order a copy of this article
    by Jun Qian, Yubao Wu 
    Abstract: Predicting the location of moving objects is a crucial component of location-based services that provide decision-making support for applications such as smart transportation, etc. Long-term dependencies on daily and weekly cycles are a part of individual mobility patterns, where user behaviour is heterogeneous within a cycle but highly homogeneous across different cycles. Based on this observation, a moving object location prediction model is proposed based on a graph neural network with temporal attention (GNN-TA). First, this model proposes a location-distributed representation method based on a graph neural network (GNN-LDRM). This method is used to obtain low-dimensional location embedding vectors that contain potential correlations by reducing high-dimensional vectors. Then, bidirectional long short-term memory networks and multi-head self-attention mechanisms capture time and space information. Finally, a personalised temporal attention mechanism is constructed to capture users' long/short-term mobility patterns to predict moving object location. Experiments on real datasets show that the GNN-TA model has a significantly improved prediction accuracy compared with traditional methods.
    Keywords: location prediction; graph neural network; GNN; temporal attention; moving object.
    DOI: 10.1504/IJSN.2023.10058288
     
  • Adaptive fault diagnosis model for high-speed railway turnout using deep convolutional neural networks   Order a copy of this article
    by Xiaoyu Jiang 
    Abstract: Safety is crucial for high-speed railway transportation. Sensor gadgets monitor train elements to ensure safety and reliability. Accurate fault diagnosis is essential for reliable operation. Manual feature extraction is time-consuming and prone to errors. Intelligent fault diagnostics face challenges in extracting features from railway track images and identifying failures in turnout systems. This paper proposes a deep convolutional neural networks-based adaptive fault diagnosis model (DCNN-AFDM) using the Kaggle Railway Track Fault Detection dataset. DCNN-AFDM incorporates automatic feature extraction, fault type recognition, and comprehensive fault classification. It achieves rapid fault localisation by analysing 2D greyscale images of turnout current signals. The model enhances accuracy and reduces training time. Results show the DCNN-AFDM model has a 96.67% accuracy, 96.11% precision, 98.43% F1-Score, and 95.33% fault detection ratio compared to other approaches.
    Keywords: adaptive fault diagnosis model; high-speed railway turnouts; machine learning; convolutional neural networks.
    DOI: 10.1504/IJSN.2023.10058289
     
  • Multi-modal rumour detection using bilinear pooling and domain adversarial neural networks   Order a copy of this article
    by Chao Wang, Hongwei Zhang, Jinrui Zhang, Lichuan Gu 
    Abstract: Rapid development in the internet era has made posting and obtaining information easier, leading to a sharp increase in rumour numbers. The images are more deceptive than traditional text rumours, making sources and authenticity hard to verify. Therefore, online rumours combining texts and images are more harmful. Detection of multi-modal rumours has become a new challenge. However, most existing methods are difficult to solve this problem and only adopt the standard concatenation for achieving feature fusion among different modes. Accordingly, the fused rumour features can barely effectively capture complementarity and difference among multi-modal data. This study aimed to propose an end-to-end model, named multi-modal rumour detection using bilinear pooling (BL) and domain adversarial neural networks (BPDANN), which adopts BL for multi-modal feature fusion to complement with the other. Further, the event classification module was designed to remove event-specific features and maintain shared features between events based on domain adversarial neural networks. Two text feature extraction methods and two BL methods were combined in pairs for multi-modal feature fusion to verify the effectiveness of BPDANN. Finally, the evaluation was conducted on two public multi-modal rumour datasets, Weibo and Twitter. The results exhibited that BPDANN outperformed current state-of-the-art methods.
    Keywords: bilinear pooling; BL; deep learning; multi-modal fusion; rumour detection; social media.
    DOI: 10.1504/IJSN.2023.10055515
     
  • A security control scheme based on quantum keys for IoT terminals   Order a copy of this article
    by Dexin Zhu, Xiaogang Du, Jigui Mao, Lijun Song 
    Abstract: With the development of computer technology and the continuous improvement of computing power, the security control of internet of things terminals has received great attention. This paper proposes a security control scheme based on quantum keys for the internet of things terminals. In the wide area network, the control commands between Alice and Bob are transmitted by quantum key encryption. In the local area network, Bob sends the decrypted plaintext to the LED microcontroller board to execute the control instruction. This paper also designs a two-way identity authentication scheme based on a hash function, a sliding window key synchronisation scheme, and an eavesdropping experiment. Through experiments, the quantum key encoding rate of the quantum key distribution system is 7.4 kbps, the average time for Alice to send instructions is 141.6 ms, the average time for Bob to decrypt instructions is 12.4 ms, and the average time for key synchronisation in the time sliding pane is 116 ms. Even after stealing Alice's ciphertext data, Eve still cannot recover the plaintext data. The scheme realises the security control of the internet of things terminal.
    Keywords: internet of things; IoT; security control; quantum key; key synchronisation; quantum key distribution; QKD.
    DOI: 10.1504/IJSN.2023.10056655