Статьи журнала - International Journal of Computer Network and Information Security

Все статьи: 1130

Detection of DDOS Attacks on Cloud Computing Environment Using Altered Convolutional Deep Belief Networks

Detection of DDOS Attacks on Cloud Computing Environment Using Altered Convolutional Deep Belief Networks

S. Sureshkumar, G.K.D. Prasanna Venkatesan, R. Santhosh

Статья научная

The primary benefits of Clouds are that they can elastically scale to meet variable demands and provide corresponding environments for computing. Cloud infrastructures require highest levels of protections from DDoS (Distributed Denial-of-Services). Attacks from DDoSs need to be handled as they jeopardize availability of networks. These attacks are becoming very complex and are evolving at rapid rates making it complex to counter them. Hence, this paper proposes GKDPCAs (Gaussian kernel density peak clustering techniques) and ACDBNs (Altered Convolution Deep Belief Networks) to handle these attacks. DPCAs (density peak clustering algorithms) are used to partition training sets into numerous subgroups with comparable characteristics, which help in minimizing the size of training sets and imbalances in samples. Subset of ACDBNs get trained in each subgroup where FSs (feature selections) of this work are executed using SFOs (Sun-flower Optimizations) which evaluate the integrity of reduced feature subsets. The proposed framework has superior results in its experimental findings while working with NSL-KDD and CICIDS2017 datasets. The resulting overall accuracies, recalls, precisions, and F1-scoresare better than other known classification algorithms. The framework also outperforms other IDTs (intrusion detection techniques) in terms of accuracies, detection rates, and false positive rates.

Бесплатно

Detection of DDoS Attacks Using Machine Learning Classification Algorithms

Detection of DDoS Attacks Using Machine Learning Classification Algorithms

Kishore Babu Dasari, Nagaraju Devarakonda

Статья научная

The Internet is the most essential tool for communication in today's world. As a result, cyber-attacks are growing more often, and the severity of the consequences has risen as well. Distributed Denial of Service is one of the most effective and costly top five cyber attacks. Distributed Denial of Service (DDoS) is a type of cyber attack that prevents legitimate users from accessing network system resources. To minimize major damage, quick and accurate DDoS attack detection techniques are essential. To classify target classes, machine learning classification algorithms are faster and more accurate than traditional classification methods. This is a quantitative research applies Logistic Regression, Decision Tree, Random Forest, Ada Boost, Gradient Boost, KNN, and Naive Bayes classification algorithms to detect DDoS attacks on the CIC-DDoS2019 data set, which contains eleven different DDoS attacks each containing 87 features. In addition, evaluated classifiers’ performances in terms of evaluation metrics. Experimental results show that AdaBoost and Gradient Boost algorithms give the best classification results, Logistic Regression, KNN, and Naive Bayes give good classification results, Decision Tree and Random Forest produce poor classification results.

Бесплатно

Detection of Suspicious Timestamps in NTFS using Volume Shadow Copies

Detection of Suspicious Timestamps in NTFS using Volume Shadow Copies

Alji Mohamed, Chougdali Khalid

Статья научная

When a computer gets involved in a crime, it is the mission of the digital forensic experts to extract the left binary artifacts on that device. Among those artifacts, there may be some volume shadow copy files left on the Windows operating system. Those files are snapshots of the volume recorded by the system in case of a needed restore to a specific past date. Before this study, we did not know if the valuable forensic information hold within those snapshot files can be exploited to locate suspicious timestamps in an NTFS formatted partition. This study provides the reader with an inter-snapshot time analysis for detecting file system timestamp manipulation. In other words, we will leverage the presence of the time information within multiples volume shadow copies to detect any suspicious tampering of the file system timestamps. A detection algorithm of the suspicious timestamps is contributed. Its main role is to assist the digital investigator to spot the manipulation if it has occurred. In addition, a virtual environment has been set up to validate the use of the proposed algorithm for the detection.

Бесплатно

Detection of Unknown Insider Attack on Components of Big Data System: A Smart System Application for Big Data Cluster

Detection of Unknown Insider Attack on Components of Big Data System: A Smart System Application for Big Data Cluster

Swagata Paul, Sajal Saha, Radha Tamal Goswami

Статья научная

Big data applications running on a big data cluster, creates a set of process on different nodes and exchange data via regular network protocols. The nodes of the cluster may receive some new type of attack or unpredictable internal attack from those applications submitted by client. As the applications are allowed to run on the cluster, it may acquire multiple node resources so that the whole cluster becomes slow or unavailable to other clients. Detection of these new types of attacks is not possible using traditional methods. The cumulative network traffic of the nodes must be analyzed to detect such attacks. This work presents an efficient testbed for internal attack generation, data set creation, and attack detection in the cluster. This work also finds the nodes under attack. A new insider attack named BUSY YARN Attack has been identified and analyzed in this work. The framework can be used to recognize similar insider attacks of type DOS where target node(s) in the cluster is unpredictable.

Бесплатно

Detection of Wormhole, Blackhole and DDOS Attack in MANET using Trust Estimation under Fuzzy Logic Methodology

Detection of Wormhole, Blackhole and DDOS Attack in MANET using Trust Estimation under Fuzzy Logic Methodology

Ashish Kumar Khare, J. L. Rana, R. C. Jain

Статья научная

Mobile ad-hoc communication is a spontaneous network because the topology is not stationary but self-organized. This requires that during the time MANET it operational, all the processes regarding discovering the topology, delivery of data packets and internal management communications must be taken care by the node(s) themselves. This implies the criteria for selection of Cluster Head (CH) and the routing related protocols are to be integrated into mobile node(s).The very facts that MANET is challenging and innovative areas of wireless networks, makes it more vulnerable in term of routing and flooding attacks. In this paper, a node trust calculation methodology is proposed which calculate the trust value of each node and applies fuzzy logic to detect wormhole, Black-hole (Routing attack) and distributed denial of service attack (DDOS/Flooding) in dynamic environment.

Бесплатно

Development and implementation of vehicle movement notification and location using GSM, GPS and web based information system

Development and implementation of vehicle movement notification and location using GSM, GPS and web based information system

Garba Suleiman, Abdulraheem Ojo Umar, Salako Emmanuel Adekunle

Статья научная

The issue of Crimes been committed in our society these days has become an issue that every government and the society in general has to be concerned with. Stolen of vehicle has increased tremendously and sometimes such vehicle are used in committing criminal activities such as armed robbery, kidnapping and of recent insurgency as it is been witness in some part of Nigeria. In view of these challenges, adequate provision or records of stolen, identified and recovered vehicle are not readily available and as such very important. The development of vehicle movement notification and location is one of the solutions to vehicles owner in order to ensure speedy notification, identification and recovery of their vehicles and as well reduce criminal activities in the society. The system uses a developed application installed in a mobile phone device which will be embedded in a vehicle to notify the owner when the vehicle is driven by unauthorized user. A GSM mobile phone was used to communicate with the vehicle owner whereby the user sends SMS to communicate with the mobile phone sensor installed in the vehicle. A web application was also developed to determine the real-time vehicle location and as well as record of database information system of found or missing vehicles. The system was test run and the results obtained shows how effectiveness is it in determining vehicle movement, location and notification as it is been driven within or outside its jurisdiction.

Бесплатно

Digital Forensic Investigation Tools and Procedures

Digital Forensic Investigation Tools and Procedures

K. K. Sindhu, B. B. Meshram

Статья научная

Due to the significance of Data, in this new age, its’ security has become a major issue in the I.T. industry. Cyber attacks from various sources are demanding its prevention in the new era of information security. Digital forensic is a relatively new fields that is the collection, analysis and documentation of a Cyber attacks. It is becoming increasingly important as criminals aggressively expand the use of technology in their enterprise of illegal activities. Digital forensics investigators have access to a wide variety of tools, both commercial and open source, which assist in the preservation and analysis of digital evidence. A small percentage of cyber criminals being convicted confirm the difficulty in detection of digital crime and its consequent procedural proving in the court of law. An established forensic analyst mines the crucial evidence from susceptible locations to comprehend attacker’s intension. The typical goal of an investigation is to collect evidence using generally acceptable methods in order to make the evidence is accepted and admitted on the court. Efficient digital Tools and procedures are needed to effectively search for, locate, and preserve all types of electronic evidence. Main focus of this paper is the complete investigation procedure of storage media. Our paper also explains emerging cyber crimes and its digital forensic investigation procedures using digital forensic tools and techniques.

Бесплатно

Digital Image Scrambling Based on Two Dimensional Cellular Automata

Digital Image Scrambling Based on Two Dimensional Cellular Automata

Fasel Qadir, M. A. Peer, K. A. Khan

Статья научная

The basic idea of scrambling is to change the image pixel positions through matrix transform to achieve the visual effect of disorder. Cellular automata can be successfully applied for this purpose. This paper presents digital image scrambling based on two dimensional cellular automata. The proposed scheme is shown high quality of confusion in a few evolution steps. When the original image is compared with the descrambled image by human visual system, it is not recognizable which one is descrambled image and which one is the original image. The paper is organised as follows: first the concept of cellular automata is introduced, and then accordingly the game of life rules and the proposed model followed by the experimental results with discussions.

Бесплатно

Direction-of-Arrival Estimation for Stratospheric Platforms Mobile Stations

Direction-of-Arrival Estimation for Stratospheric Platforms Mobile Stations

Yasser Albagory

Статья научная

This paper presents a new approach for localizing mobile phone users using the promising technique of stratospheric platform (SP) flying at altitudes 17-22 km high and a suitable Direction-of-Arrival technique (DOA). The proposed technique provides information about accurate locations for mobile stations - through high resolution DOA technique - which is very important for traffic control and rescue operations at emergency situations. The DOA estimation in this technique defines the user location using MUSIC algorithm which provides good accuracy comparable to the Global Positioning System (GPS) techniques but without the need for GPS receivers. Several scenarios for users’ locations determination are tested and examined to define the robustness of the proposed technique.

Бесплатно

Disinformation, Fakes and Propaganda Identifying Methods in Online Messages Based on NLP and Machine Learning Methods

Disinformation, Fakes and Propaganda Identifying Methods in Online Messages Based on NLP and Machine Learning Methods

Victoria Vysotska, Krzysztof Przystupa, Lyubomyr Chyrun, Serhii Vladov, Yuriy Ushenko, Dmytro Uhryn, Zhengbing Hu

Статья научная

A new method of propaganda analysis is proposed to identify signs and change the dynamics of the behaviour of coordinated groups based on machine learning at the processing disinformation stages. In the course of the work, two models were implemented to recognise propaganda in textual data - at the message level and the phrase level. Within the framework of solving the problem of analysis and recognition of text data, in particular, fake news on the Internet, an important component of NLP technology (natural language processing) is the classification of words in text data. In this context, classification is the assignment or assignment of textual data to one or more predefined categories or classes. For this purpose, the task of binary text classification was solved. Both models are built based on logistic regression, and in the process of data preparation and feature extraction, such methods as vectorisation using TF-IDF vectorisation (Term Frequency – Inverse Document Frequency), the BOW model (Bag-of-Words), POS marking (Part-Of-Speech), word embedding using the Word2Vec two-layer neural network, as well as manual feature extraction methods aimed at identifying specific methods of political propaganda in texts are used. The analogues of the project under development are analysed the subject area (the propaganda used in the media and the basis of its production methods) is studied. The software implementation is carried out in Python, using the seaborn, matplotlib, genism, spacy, NLTK (Natural Language Toolkit), NumPy, pandas, scikit-learn libraries. The model's score for propaganda recognition at the phrase level was obtained: 0.74, and at the message level: 0.99. The implementation of the results will significantly reduce the time required to make the most appropriate decision on the implementation of counter-disinformation measures concerning the identified coordinated groups of disinformation generation, fake news and propaganda. Different classification algorithms for detecting fake news and non-fakes or fakes identification accuracy from Internet resources ana social mass media are used as the decision tree (for non-fakes identification accuracy 0.98 and fakes identification accuracy 0.9903), the k-nearest neighbours (0.83/0.999), the random forest (0.991/0.933), the multilayer perceptron (0.9979/0.9945), the logistic regression (0.9965/0.9988), and the Bayes classifier (0.998/0.913). The logistic regression (0.9965) the multilayer perceptron (0.9979) and the Bayesian classifier (0.998) are more optimal for non-fakes news identification. The logistic regression (0.9988), the multilayer perceptron (0.9945), and k-nearest neighbours (0.999) are more optimal for identifying fake news identification.

Бесплатно

Distributed Algorithms for Improving Search Efficiency in P2P Overlays

Distributed Algorithms for Improving Search Efficiency in P2P Overlays

Chittaranjan Hota, Vikram Nunia, Antti Ylä-Jääski

Статья научная

Peer-to-peer (P2P) overlay is a distributed application architecture in which peers share their resources. Peers are equally privileged, equipotent participants in the application. Several algorithms for enhancing P2P file searching have been proposed in the literature. In this paper, we have proposed a unique approach of reducing the P2P search complexity and improving search efficiency by using distributed algorithms. In our approach a peer mounts other popular peer's files and also replicates other popular files or critical files identified using a threshold value. Once a file is mounted, file access requests can be serviced by transparently retrieving the file and sending it to the requesting peer. Replication used in this work improves the file retrieval time by allowing parallel transfer. We have shown the performance analysis of our proposed approach which shows improvement in the search efficiency.

Бесплатно

Distributed Defense: An Edge over Centralized Defense against DDos Attacks

Distributed Defense: An Edge over Centralized Defense against DDos Attacks

Karanbir Singh, Kanwalvir Singh Dhindsa, Bharat Bhushan

Статья научная

Distributed Denial of Service (DDoS) attack is a large-scale, coordinated attack on the availability of services of a target/victim system or network resource/service. It can be launched indirectly through many compromised machines on the Internet. The Purpose behind these attacks is exhausting the existing bandwidth and makes servers deny from providing services to legitimate users. Most detection systems depend on some type of centralized processing to analyze the data necessary to detect an attack. In centralized defense, all modules are placed on single point. A centralized approach can be vulnerable to attack. But in distributed defense, all of the defense modules are placed at different points and do not succumb to the high volume of DDoS attack and can discover the attacks timely as well as fight the attacks with more resources. These factors clearly indicate that the DDoS problem requires a distributed solution than the centralized solution. In this paper, we compare both types of defense mechanisms and identify their relative advantages and disadvantages. Later they are compared against some performance metrics to know which kind of solution is best.

Бесплатно

Distributed Denial of Service Attack Detection Using Hyper Calls Analysis in Cloud

Distributed Denial of Service Attack Detection Using Hyper Calls Analysis in Cloud

K. Umamaheswari, Nalini Subramanian, Manikandan Subramaniyan

Статья научная

In the scenario of Distributed Denial of Service (DDoS) attacks are increasing in a significant manner, the attacks should be mitigated in the beginning itself to avoid its devastating consequences for any kind of business. DDoS attack can slow down or completely block online services of business like websites, email or anything that faces internet. The attacks are frequently originating from cloud virtual machines for anonymity and wide network bandwidth. Hyper-Calls Analysis(HCA) enables the tracing of command flow to detect any clues for the occurrence of malicious activity in the system. A DDoS attack detection approach proposed in this paper works in the hypervisor side to perform hyper calls based introspection with machine learning algorithms. The system evaluates system calls in hypervisor for the classification of malicious activities through Support Vector Machine and Stochastic Gradient Descent (SVM & SGD) Algorithms. The attack environment created using XOIC attacker tool and CPU death ping libraries. The system’s performance also evaluated on CICDDOS 2019 dataset. The experimental results reveal that more than 99.6% of accuracy in DDoS detection without degrading performance.

Бесплатно

Distributed Encrypting File System for Linux in User-space

Distributed Encrypting File System for Linux in User-space

U. S. Rawat, Shishir Kumar

Статья научная

Linux systems use Encrypting File System (EFS) for providing confidentiality and integrity services to files stored on disk in a secure, efficient and transparent manner. Distributed encrypting file system should also provide support for secure remote access, multiuser file sharing, possible use by non-privileged users, portability, incremental backups etc. Existing kernel-space EFS designed at file system level provides all necessary features, but they are not portable and cannot be mounted by non-privileged users. Existing user-space EFS have performance limitations and does not provide support for file sharing. Through this paper, modifications in the design and implementation of two existing user-space EFS, for performance gain and file sharing support, has been presented. Performance gain has been achieved in both the proposed approaches using fast and modern ciphers. File sharing support in proposed approaches has been provided with Public Key Infrastructure (PKI) integration using GnuPG PKI module and Linux Pluggable Authentication Module (PAM) framework. Cryptographic metadata is being stored as extended attributes in file's Access Control List (ACL) to make file sharing task easier and seamless to the end user.

Бесплатно

Distributed Intelligence Model for IoT Applications Based on Neural Networks

Distributed Intelligence Model for IoT Applications Based on Neural Networks

Baha Rababah, Rasit Eskicioglu

Статья научная

Increasing the implication of IoT data puts a focus on extracting the knowledge from sensors’ raw data. The management of sensors’ data is inefficient with current solutions, as studies have generally focused on either providing cloud-based IoT solutions or inefficient predefined rules. Cloud-based IoT solutions have problems with latency, availability, security and privacy, and power consumption. Therefore, Providing IoT gateways with relevant intelligence is essential for gaining knowledge from raw data to make the decision of whether to actuate or offload tasks to the cloud. This work proposes a model that provides an IoT gateway with the intelligence needed to extract the knowledge from sensors’ data in order to make the decision locally without needing to send all raw data to the cloud over the Internet. This speeds up decisions and actions for real-time data and overcomes the limitations of cloud-based IoT solutions. When the gateway is unable to process a task locally, the data and task are offloaded to the cloud.

Бесплатно

Distributed Malware Detection Algorithm (DMDA)

Distributed Malware Detection Algorithm (DMDA)

Aiman A. Abu Samra, Hasan N. Qunoo, Alaa M. Al Salehi

Статья научная

The increasing number of malwares has led to an increase in research work on malware analysis studying the malware behavior. The malware tries to leak sensitive information from infected devices. In this paper, we study a specific attack method, which distributes the data source and the point of data loss on different versions of the malware application. That is done using local storage by storing part or all of the vital data to be leaked in the future. We introduce a Distributed Malware Detection Algorithm (DMDA), which is an algorithm to detect distributed malware on app versions. DMDA proposes a new way to analyze application against redistributed malware. DMDA is created to analyze the data and identify transitional loss points. We test this algorithm on a sample of Android applications published on the Google Play market containing 100 applications, where each application has two versions. The algorithm detected 150 transient data sources, 200 transient loss of data point and two leakages of data. In comparison, this dataset was checked using 56 anti-malware applications but none of them could find any malicious code.

Бесплатно

Distributed Monitoring for Wireless Sensor Networks: a Multi-Agent Approach

Distributed Monitoring for Wireless Sensor Networks: a Multi-Agent Approach

Bechar Rachid, Haffaf Hafid

Статья научная

In this paper, we will present a state of the art in using multi-agent technology for wireless sensor networks where the main goal is the conception of software architecture and the network organization dedicated to optimization, performance analysis, and monitoring. Then we explore in particular, the issues of topology control and works in this field and the use of multi-agent systems. Finally we will propose an agent based algorithm for fault tolerance and topology control in a wireless sensor network. Our proposal consists to embed an agent at each node that is responsible for selecting its parent node or the next hop to the sink when transferring packets. The process of parent change is based on the computation of a fault tolerance degree which is calculated periodically by the agent in cooperation with neighboring nodes, in addition to other parameters such as the number of hops, the energy and the quality of link. Simulation results show that this method of changing parent allows a fault tolerant network with enhanced life time compared with the collect tree protocol CTP used for data gathering in a wireless sensor network.

Бесплатно

Distributed Traffic Balancing Routing for LEO Satellite Networks

Distributed Traffic Balancing Routing for LEO Satellite Networks

Yong Lu, Fuchun Sun, Youjian Zhao, Hongbo Li, Heyu Liu

Статья научная

Satellite networks have been widely investigated both in the business and academia for many years, with many important routing algorithms reported in the literatures. However, fewer existing routing algorithms focus on the trade-off between the routing survivability and the routing computation and storage overheads. Due to topological dynamics, it is difficult to effectively apply the conventional routing protocols such as RIP or OSPF to Low Earth Orbit (LEO) satellite networks. According to the virtual topology model based on virtual node, this paper propose a new fully distributed routing protocol for LEO satellite networks, called Distributed Traffic Balancing Routing (DTBR). The proposed protocol not only guarantees the routing survivability and provides the ability of traffic balancing, but also result in few additional computation and storage overheads only deriving from the information flooding of failed satellites. Simulation results demonstrate positive conclusions of our methods.

Бесплатно

Distributed and Dynamic Channel Assignment Schemes for Wireless Mesh Network

Distributed and Dynamic Channel Assignment Schemes for Wireless Mesh Network

Satish S. Bhojannawar, Shrinivas R. Managalwede

Статья научная

Wireless mesh network (WMN) with wireless backhaul technology provides last-mile Internet connectivity to the end-users. In multi-radio multi-channel WMN (MRMC-WMN), routers provide multiple concurrent transmissions among end-users. The existence of interference among concurrent transmissions severely degrades the network performance. A well-organized channel assignment (CA) scheme significantly alleviates the interference effect. But in trying to minimize interference, the CA scheme may affect the network connectivity. So, the CA scheme has to consider both these two conflicting issues. In this paper, as part of the initial configuration of WMNs, we propose a game theory-based load-unaware CA scheme to minimize the co-channel interference and to maximize the network connectivity. To adapt to the varying network traffic, we propose a dynamic channel assignment scheme. This scheme measures the traffic-load condition of the working channels of each node. Whenever a node finds an overloaded channel, it initiates a channel switch. Channel switching based on the fixed threshold may result in a channel over/underutilization. For optimal channel utilization, we propose a fuzzy logic-based approach to compute the channel switch threshold. The contending nodes and their densities and loads dominantly affect the network capacity and hence the performance. In the context of network capacity enhancement, we have addressed these factors and focused on increasing the network capacity. The simulation results indicate that our proposed load-unaware and load-aware CA schemes outperform the other related load-unaware and load-aware CA approaches.

Бесплатно

Distributed denial of service detection using multi layered feed forward artificial neural network

Distributed denial of service detection using multi layered feed forward artificial neural network

Ismaila Idris, Obi Blessing Fabian, Shafi’i M. Abdulhamid, Morufu Olalere, Baba Meshach

Статья научная

One of the dangers faced by various organizations and institutions operating in the cyberspace is Distributed Denial of Service (DDoS) attacks; it is carried out through the internet. It resultant consequences are that it slow down internet services, makes it unavailable, and sometime destroy the systems. Most of the services it affects are online applications and procedures, system and network performance, emails and other system resources. The aim of this work is to detect and classify DDoS attack traffics and normal traffics using multi layered feed forward (FFANN) technique as a tool to develop model. The input parameters used for training the model are: service count, duration, protocol bit, destination byte, and source byte, while the output parameters are DDoS attack traffic or normal traffic. KDD99 dataset was used for the experiment. After the experiment the following results were gotten, 100% precision, 100% specificity rate, 100% classified rate, 99.97% sensitivity. The detection rate is 99.98%, error rate is 0.0179%, and inconclusive rate is 0%. The results above showed that the accuracy rate of the model in detecting DDoS attack is high when compared with that of the related works which recorded detection accuracy as 98%, sensitivity 96%, specificity 100% and precision 100%.

Бесплатно

Журнал