International Journal of Computer Network and Information Security @ijcnis
Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1148
Статья научная
With all the brisk growth of web, distributed denial of service attacks are becoming the most serious issues in a data center scenarios where lot many servers are deployed. A Distributed Denial of Service attack gen-erates substantial packets by a large number of agents and can easily tire out the processing and communication resources of a victim within very less period of time. Defending DDoS problem involved several steps from detection, characterization and traceback in order todomitigation. The contribution of this research paper is a lot more. Firstly, flooding based DDoS problems is detected using obtained packets based entropy approach in a data center scenario. Secondly entropy based traceback method is applied to find the edge routers from where the whole attack traffic is entering into the ISP domain of the data center. Various simulation scenarios using NS2 are depicted in order to validate the proposed method using GT-ITM primarily based topology generators. Information theory based metrics like entropy; average entropy and differential entropy are used for this purpose.
Бесплатно
Detecting Android Malware by Mining Enhanced System Call Graphs
Статья научная
The persistent threat of malicious applications targeting Android devices has been growing in numbers and severity. Numerous techniques have been utilized to defend against this thread, including heuristic-based ones, which are able to detect unknown malware. Among the many features that this technique uses are system calls. Researchers have used several representation methods to capture system calls, such as histograms. However, some information may be lost if the system calls as a feature is only represented as a 1-dimensional vector. Graphs can represent the interaction of different system calls in an unusual or suspicious way, which can indicate malicious behavior. This study uses machine learning algorithms to recognize malicious behavior represented in a graph. The system call graph was fed into machine learning algorithms such as AdaBoost, Decision Table, Naïve Bayes, Random Forest, IBk, J48, and Logistic regression. We further employ a series feature selection method to improve detection accuracy and eliminate computational complexity. Our experiment results show that the proposed method has reduced feature dimension to 91.95% and provides 95.32% detection accuracy.
Бесплатно
Detecting Hidden Information in FAT
Статья научная
Various steganographic methods are used to hide information. Some of them allow you to reliably hide the fact of storage and transmission of information data. This paper analysis the methods of technical steganography that are based on hiding information messages into the structure of the FAT file system by reordering particular clusters of specially selected files (cover files). These methods allow you to reliably hide information in the file system structure, while redundancy is not explicitly entered anywhere. This means that the hidden information is not explicitly contained in the service fields or individual clusters of the file system, the size of the data stored on the physical storage medium does not change. Such steganographic systems are very difficult to detect, it is almost impossible to identify the fact of hiding information by traditional methods. The steganographic analysis technique based on the study of file system properties was developed. In particular, we analyzed the fragmentation of various files stored on a physical medium, and examine the statistical properties of various types, sizes and uses of files. Identification of anomalous properties may indicate a possible reordering of clusters of individual files, i.e. this will detect hidden information. The study of these principles is important for a better understanding of the design and counteraction of steganographic systems based on the methods of reordering clusters of cover files in the structure of the FAT. Thus, this article substantiates new approaches to steganoanalysis of cluster file systems for information hidingю. They are based on a statistical analysis of file systems of various data carriers, as well as an assessment of the fragmentation level of both individual files and the entire file system.
Бесплатно
Detecting Remote Access Network Attacks Using Supervised Machine Learning Methods
Статья научная
Remote access technologies encrypt data to enforce policies and ensure protection. Attackers leverage such techniques to launch carefully crafted evasion attacks introducing malware and other unwanted traffic to the internal network. Traditional security controls such as anti-virus software, firewall, and intrusion detection systems (IDS) decrypt network traffic and employ signature and heuristic-based approaches for malware inspection. In the past, machine learning (ML) approaches have been proposed for specific malware detection and traffic type characterization. However, decryption introduces computational overheads and dilutes the privacy goal of encryption. The ML approaches employ limited features and are not objectively developed for remote access security. This paper presents a novel ML-based approach to encrypted remote access attack detection using a weighted random forest (W-RF) algorithm. Key features are determined using feature importance scores. Class weighing is used to address the imbalanced data distribution problem common in remote access network traffic where attacks comprise only a small proportion of network traffic. Results obtained during the evaluation of the approach on benign virtual private network (VPN) and attack network traffic datasets that comprise verified normal hosts and common attacks in real-world network traffic are presented. With recall and precision of 100%, the approach demonstrates effective performance. The results for k-fold cross-validation and receiver operating characteristic (ROC) mean area under the curve (AUC) demonstrate that the approach effectively detects attacks in encrypted remote access network traffic, successfully averting attackers and network intrusions.
Бесплатно
Detecting Sinkhole Attacks in Wireless Sensor Network using Hop Count
Статья научная
Nowadays, Wireless Sensor Networks (WSNs) are widely used in many areas, especially in environment applications, military applications, queue tracking, etc. WSNs are vulnerable to different types of security attacks due to various constraints such as broadcasted nature of transmission medium, deployment in open or hostile environment where they are not physically protected, less memory, and limited battery power. So, security system is the crucial requirements of these networks. One of the most notably routing attacks is the sinkhole attack where an adversary captures or insert nodes in the sensor field that advertise high quality routes to the base station. In this paper, a mechanism is proposed against sinkhole attacks which detect malicious nodes using hop counting. The main advantage of the proposed technique is that, a node can detects malicious nodes only collaborating with the neighbor nodes without requiring any negotiation with the base station. Simulation result shows that, the proposed technique successfully detects the sinkhole nodes for large sensor field.
Бесплатно
Detection Block Model for SQL Injection Attacks
Статья научная
With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers' lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable asset in any organization. SQL injection is an attack technique in which specially crafted input string is entered in user input field. It is submitted to server and result is returned to the user. In SQL injection vulnerability, the database server is forced to execute malicious operations which may cause the data loss or corruption, denial of access, and unauthentic access to sensitive data by crafting specific inputs. An attacker can directly compromise the database, and that is why this is a most threatening web attack. SQL injection attack occupies first position in top ten vulnerabilities as specified by Open Web Application Security Project. It is probably the most common Website vulnerability today. Current scenarios which provide solutions to SQL injection attack either have limited scope i.e. can’t be implemented across all platforms, or do not cover all types of SQL injection attacks. In this work we implement Message Authentication Code (MAC) based solution against SQL injection attacks. The model works both on client and server side. Client side implements a filter function and server side is based on information theory. MAC of static and dynamic queries is compared to detect SQL injection attack.
Бесплатно
Detection and Mitigation of Sybil Attack in Peer-to-peer Network
Статья научная
Peer-to-peer networks are widely used today. Due to this wide use, they are the target of many attackers. The most mentionable of them is the Sybil attack. This is an attack in which it creates many fake identities. In this paper, the detection scheme and efficient mitigation mechanism to counteract Sybil attack in the peer-to-peer network is proposed. The proposed Sybil detection scheme is used to detect Sybil attack. The detection of Sybil attack is depending upon the behavior of the packets. The identity and the location of the packet are checked. If the location and identity of the packet are changed than that of the mentioned, the packet is detected as a Sybil attack. Sybil mitigation scheme is the combination of cost incurred method and certified authentication method. The Sybil packet will be removed by closing read/write operations. The proposed scheme is evaluated on the basis of detection rate and false positive rate. The experimental results show that Sybil attack is accurately detected by the proposed system in terms of low false positive rate and high detection rate. Moreover, the proposed system works efficiently in terms of Sybil detection rate and false positive rate.
Бесплатно
Статья научная
The primary benefits of Clouds are that they can elastically scale to meet variable demands and provide corresponding environments for computing. Cloud infrastructures require highest levels of protections from DDoS (Distributed Denial-of-Services). Attacks from DDoSs need to be handled as they jeopardize availability of networks. These attacks are becoming very complex and are evolving at rapid rates making it complex to counter them. Hence, this paper proposes GKDPCAs (Gaussian kernel density peak clustering techniques) and ACDBNs (Altered Convolution Deep Belief Networks) to handle these attacks. DPCAs (density peak clustering algorithms) are used to partition training sets into numerous subgroups with comparable characteristics, which help in minimizing the size of training sets and imbalances in samples. Subset of ACDBNs get trained in each subgroup where FSs (feature selections) of this work are executed using SFOs (Sun-flower Optimizations) which evaluate the integrity of reduced feature subsets. The proposed framework has superior results in its experimental findings while working with NSL-KDD and CICIDS2017 datasets. The resulting overall accuracies, recalls, precisions, and F1-scoresare better than other known classification algorithms. The framework also outperforms other IDTs (intrusion detection techniques) in terms of accuracies, detection rates, and false positive rates.
Бесплатно
Detection of DDoS Attacks Using Machine Learning Classification Algorithms
Статья научная
The Internet is the most essential tool for communication in today's world. As a result, cyber-attacks are growing more often, and the severity of the consequences has risen as well. Distributed Denial of Service is one of the most effective and costly top five cyber attacks. Distributed Denial of Service (DDoS) is a type of cyber attack that prevents legitimate users from accessing network system resources. To minimize major damage, quick and accurate DDoS attack detection techniques are essential. To classify target classes, machine learning classification algorithms are faster and more accurate than traditional classification methods. This is a quantitative research applies Logistic Regression, Decision Tree, Random Forest, Ada Boost, Gradient Boost, KNN, and Naive Bayes classification algorithms to detect DDoS attacks on the CIC-DDoS2019 data set, which contains eleven different DDoS attacks each containing 87 features. In addition, evaluated classifiers’ performances in terms of evaluation metrics. Experimental results show that AdaBoost and Gradient Boost algorithms give the best classification results, Logistic Regression, KNN, and Naive Bayes give good classification results, Decision Tree and Random Forest produce poor classification results.
Бесплатно
Detection of Suspicious Timestamps in NTFS using Volume Shadow Copies
Статья научная
When a computer gets involved in a crime, it is the mission of the digital forensic experts to extract the left binary artifacts on that device. Among those artifacts, there may be some volume shadow copy files left on the Windows operating system. Those files are snapshots of the volume recorded by the system in case of a needed restore to a specific past date. Before this study, we did not know if the valuable forensic information hold within those snapshot files can be exploited to locate suspicious timestamps in an NTFS formatted partition. This study provides the reader with an inter-snapshot time analysis for detecting file system timestamp manipulation. In other words, we will leverage the presence of the time information within multiples volume shadow copies to detect any suspicious tampering of the file system timestamps. A detection algorithm of the suspicious timestamps is contributed. Its main role is to assist the digital investigator to spot the manipulation if it has occurred. In addition, a virtual environment has been set up to validate the use of the proposed algorithm for the detection.
Бесплатно
Статья научная
Big data applications running on a big data cluster, creates a set of process on different nodes and exchange data via regular network protocols. The nodes of the cluster may receive some new type of attack or unpredictable internal attack from those applications submitted by client. As the applications are allowed to run on the cluster, it may acquire multiple node resources so that the whole cluster becomes slow or unavailable to other clients. Detection of these new types of attacks is not possible using traditional methods. The cumulative network traffic of the nodes must be analyzed to detect such attacks. This work presents an efficient testbed for internal attack generation, data set creation, and attack detection in the cluster. This work also finds the nodes under attack. A new insider attack named BUSY YARN Attack has been identified and analyzed in this work. The framework can be used to recognize similar insider attacks of type DOS where target node(s) in the cluster is unpredictable.
Бесплатно
Статья научная
Mobile ad-hoc communication is a spontaneous network because the topology is not stationary but self-organized. This requires that during the time MANET it operational, all the processes regarding discovering the topology, delivery of data packets and internal management communications must be taken care by the node(s) themselves. This implies the criteria for selection of Cluster Head (CH) and the routing related protocols are to be integrated into mobile node(s).The very facts that MANET is challenging and innovative areas of wireless networks, makes it more vulnerable in term of routing and flooding attacks. In this paper, a node trust calculation methodology is proposed which calculate the trust value of each node and applies fuzzy logic to detect wormhole, Black-hole (Routing attack) and distributed denial of service attack (DDOS/Flooding) in dynamic environment.
Бесплатно
Статья научная
Voice User Interfaces (VUIs) focus on their application in IT and linguistics. Our research examines the capabilities and limitations of small and multilingual BERT models in the context of speech recognition and command conversion. We evaluate the performance of these models through a series of experiments, including the application of confusion matrices to assess their effectiveness. The findings reveal that larger models like multilingual BERT theoretically offer advanced capabilities but often demand more substantial resources and well-balanced datasets. Conversely, smaller models, though less resource-intensive, may sometimes provide more practical solutions. Our study underscores the importance of dataset quality, model fine-tuning, and efficient resource management in optimising VUIS. Insights gained from this research highlight the potential of neural networks to enhance and improve user interaction. Despite challenges in achieving a fully functional interface, the study provides valuable contributions to the VUIs development and sets the stage for future advancements in integrating AI with linguistic technologies. The article describes the development of a voice user interface (VUI) capable of recognising, analysing, and interpreting the Ukrainian language. For this purpose, several neural network architectures were used, including the Squeezeformer-CTC model, as well as a modified w2v-bert-2.0-uk model, which was used to decode speech commands into text. The multilingual BERT model (mBERT) for the classification of intentions was also tested. The developed system showed the prospects of using BERT models in combination with lightweight ASR architectures to create an effective voice interface in Ukrainian. Accuracy indicators (F1 = 91.5%, WER = 12.7%) indicate high-quality recognition, which is provided even in models with low memory capacity. The system is adaptable to conditions with limited resources, particularly for educational and living environments with a Ukrainian-speaking audience.
Бесплатно
Статья научная
The issue of Crimes been committed in our society these days has become an issue that every government and the society in general has to be concerned with. Stolen of vehicle has increased tremendously and sometimes such vehicle are used in committing criminal activities such as armed robbery, kidnapping and of recent insurgency as it is been witness in some part of Nigeria. In view of these challenges, adequate provision or records of stolen, identified and recovered vehicle are not readily available and as such very important. The development of vehicle movement notification and location is one of the solutions to vehicles owner in order to ensure speedy notification, identification and recovery of their vehicles and as well reduce criminal activities in the society. The system uses a developed application installed in a mobile phone device which will be embedded in a vehicle to notify the owner when the vehicle is driven by unauthorized user. A GSM mobile phone was used to communicate with the vehicle owner whereby the user sends SMS to communicate with the mobile phone sensor installed in the vehicle. A web application was also developed to determine the real-time vehicle location and as well as record of database information system of found or missing vehicles. The system was test run and the results obtained shows how effectiveness is it in determining vehicle movement, location and notification as it is been driven within or outside its jurisdiction.
Бесплатно
Digital Forensic Investigation Tools and Procedures
Статья научная
Due to the significance of Data, in this new age, its’ security has become a major issue in the I.T. industry. Cyber attacks from various sources are demanding its prevention in the new era of information security. Digital forensic is a relatively new fields that is the collection, analysis and documentation of a Cyber attacks. It is becoming increasingly important as criminals aggressively expand the use of technology in their enterprise of illegal activities. Digital forensics investigators have access to a wide variety of tools, both commercial and open source, which assist in the preservation and analysis of digital evidence. A small percentage of cyber criminals being convicted confirm the difficulty in detection of digital crime and its consequent procedural proving in the court of law. An established forensic analyst mines the crucial evidence from susceptible locations to comprehend attacker’s intension. The typical goal of an investigation is to collect evidence using generally acceptable methods in order to make the evidence is accepted and admitted on the court. Efficient digital Tools and procedures are needed to effectively search for, locate, and preserve all types of electronic evidence. Main focus of this paper is the complete investigation procedure of storage media. Our paper also explains emerging cyber crimes and its digital forensic investigation procedures using digital forensic tools and techniques.
Бесплатно
Digital Image Scrambling Based on Two Dimensional Cellular Automata
Статья научная
The basic idea of scrambling is to change the image pixel positions through matrix transform to achieve the visual effect of disorder. Cellular automata can be successfully applied for this purpose. This paper presents digital image scrambling based on two dimensional cellular automata. The proposed scheme is shown high quality of confusion in a few evolution steps. When the original image is compared with the descrambled image by human visual system, it is not recognizable which one is descrambled image and which one is the original image. The paper is organised as follows: first the concept of cellular automata is introduced, and then accordingly the game of life rules and the proposed model followed by the experimental results with discussions.
Бесплатно
Direction-of-Arrival Estimation for Stratospheric Platforms Mobile Stations
Статья научная
This paper presents a new approach for localizing mobile phone users using the promising technique of stratospheric platform (SP) flying at altitudes 17-22 km high and a suitable Direction-of-Arrival technique (DOA). The proposed technique provides information about accurate locations for mobile stations - through high resolution DOA technique - which is very important for traffic control and rescue operations at emergency situations. The DOA estimation in this technique defines the user location using MUSIC algorithm which provides good accuracy comparable to the Global Positioning System (GPS) techniques but without the need for GPS receivers. Several scenarios for users’ locations determination are tested and examined to define the robustness of the proposed technique.
Бесплатно
Статья научная
A new method of propaganda analysis is proposed to identify signs and change the dynamics of the behaviour of coordinated groups based on machine learning at the processing disinformation stages. In the course of the work, two models were implemented to recognise propaganda in textual data - at the message level and the phrase level. Within the framework of solving the problem of analysis and recognition of text data, in particular, fake news on the Internet, an important component of NLP technology (natural language processing) is the classification of words in text data. In this context, classification is the assignment or assignment of textual data to one or more predefined categories or classes. For this purpose, the task of binary text classification was solved. Both models are built based on logistic regression, and in the process of data preparation and feature extraction, such methods as vectorisation using TF-IDF vectorisation (Term Frequency – Inverse Document Frequency), the BOW model (Bag-of-Words), POS marking (Part-Of-Speech), word embedding using the Word2Vec two-layer neural network, as well as manual feature extraction methods aimed at identifying specific methods of political propaganda in texts are used. The analogues of the project under development are analysed the subject area (the propaganda used in the media and the basis of its production methods) is studied. The software implementation is carried out in Python, using the seaborn, matplotlib, genism, spacy, NLTK (Natural Language Toolkit), NumPy, pandas, scikit-learn libraries. The model's score for propaganda recognition at the phrase level was obtained: 0.74, and at the message level: 0.99. The implementation of the results will significantly reduce the time required to make the most appropriate decision on the implementation of counter-disinformation measures concerning the identified coordinated groups of disinformation generation, fake news and propaganda. Different classification algorithms for detecting fake news and non-fakes or fakes identification accuracy from Internet resources ana social mass media are used as the decision tree (for non-fakes identification accuracy 0.98 and fakes identification accuracy 0.9903), the k-nearest neighbours (0.83/0.999), the random forest (0.991/0.933), the multilayer perceptron (0.9979/0.9945), the logistic regression (0.9965/0.9988), and the Bayes classifier (0.998/0.913). The logistic regression (0.9965) the multilayer perceptron (0.9979) and the Bayesian classifier (0.998) are more optimal for non-fakes news identification. The logistic regression (0.9988), the multilayer perceptron (0.9945), and k-nearest neighbours (0.999) are more optimal for identifying fake news identification.
Бесплатно
Distributed Algorithms for Improving Search Efficiency in P2P Overlays
Статья научная
Peer-to-peer (P2P) overlay is a distributed application architecture in which peers share their resources. Peers are equally privileged, equipotent participants in the application. Several algorithms for enhancing P2P file searching have been proposed in the literature. In this paper, we have proposed a unique approach of reducing the P2P search complexity and improving search efficiency by using distributed algorithms. In our approach a peer mounts other popular peer's files and also replicates other popular files or critical files identified using a threshold value. Once a file is mounted, file access requests can be serviced by transparently retrieving the file and sending it to the requesting peer. Replication used in this work improves the file retrieval time by allowing parallel transfer. We have shown the performance analysis of our proposed approach which shows improvement in the search efficiency.
Бесплатно
Distributed Defense: An Edge over Centralized Defense against DDos Attacks
Статья научная
Distributed Denial of Service (DDoS) attack is a large-scale, coordinated attack on the availability of services of a target/victim system or network resource/service. It can be launched indirectly through many compromised machines on the Internet. The Purpose behind these attacks is exhausting the existing bandwidth and makes servers deny from providing services to legitimate users. Most detection systems depend on some type of centralized processing to analyze the data necessary to detect an attack. In centralized defense, all modules are placed on single point. A centralized approach can be vulnerable to attack. But in distributed defense, all of the defense modules are placed at different points and do not succumb to the high volume of DDoS attack and can discover the attacks timely as well as fight the attacks with more resources. These factors clearly indicate that the DDoS problem requires a distributed solution than the centralized solution. In this paper, we compare both types of defense mechanisms and identify their relative advantages and disadvantages. Later they are compared against some performance metrics to know which kind of solution is best.
Бесплатно
