International Journal of Computer Network and Information Security @ijcnis
Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1130

Low Complexity Multimedia Encryption
Статья научная
Selective encryption algorithms have been proposed to encrypt syntax elements such as intra prediction modes, the sign bit of nonzero DCT coefficients, along with the sign bit of motion vectors. These syntax elements are sensitive enough to produce effective scrambling effect with a relative low computational cost. In this paper, a novel scheme is proposed to further optimize the computational overhead incurred by the encryption for energy critical multimedia applications. The proposed scheme adjusts the selection of syntax elements to be encrypted according to the scene transitions within adjacent video frames. The ratio of intra-coded macroblocks in inter (P and B) frames is calculated and compared with an adaptive threshold value to detect the scene transitions. Furthermore, based on statistical analysis for a few video sequences, a dynamic threshold model to detect the scene transition is proposed. When there is a scene transition between the previous video frame and the current video frame, intra prediction modes and the sign bit of DCT coefficients in the current frame are chosen as syntax elements to be encrypted, whereas in the absence of a scene transition, the sign bit of motion vectors is chosen as the only sensitive syntax elements to be encrypted. Experimental results show that compared with previous work in this field, the proposed scheme can efficiently lower the computational cost incurred by the encryption while maintaining a similar perceptual scrambling effect.
Бесплатно

Low Level Performance Evaluation of InfiniBand with Benchmarking Tools
Статья научная
InfiniBand is widely accepted as a high performance networking technology for datacenters and HPC clusters. It uses the Remote Direct Memory Access (RDMA) where communication tasks that are typically assigned to CPUs are offloaded to the Channel Adapters (CAs), resulting in a significant increase of the throughput and reduction of the latency and CPU load. In this paper, we make an introduction to InfiniBand and IP over InfiniBand (IPoIB), where the latter is a protocol proposed by the IETF to run traditional socket-oriented applications on top of InfiniBand networks. We also evaluate the performance of InfiniBand using different transport protocols with several benchmarking tools in a testbed. For RDMA communications, we consider three transport services: (1) Reliable Connection, (2) Unreliable Connection, and (3) Unreliable Datagram. For UDP and TCP, we use IPoIB. Our results show significant differences between RDMA and IPoIB communications, encouraging the coding of new applications with InfiniBand verbs. Also, it is noticeable that IPoIB in datagram mode and in connected mode have similar performance for small UDP and TCP payload. However, the differences get important as the payload size increases.
Бесплатно

M2KMIX: Identifying the Type of High Rate Flooding Attacks using a Mixture of Expert Systems
Статья научная
High rate flooding attacks such as SYN flood, UDP flood, and HTTP flood have been posing a perilous threat to Web servers, DNS servers, Mail servers, VoIP servers, etc. These high rate flooding attacks deplete the limited capacity of the server resources. Hence, there is a need for the protection of these critical resources from high rate flooding attacks. Existing detection techniques used in Firewalls, IPS, IDS, etc., fail to identify the illegitimate traffic due to its self-similarity nature of legitimate traffic and suffer from low detection accuracy and high false alarms. Also, very few in the literature have focused on identifying the type of attack. This paper focuses on the identification of type of high rate flooding attack with High detection accuracy and fewer false alarms. The attack type identification is achieved by training the classifiers with different feature subsets. Therefore, each trained classifier is an expert in different feature space. High detection accuracy is achieved by creating a mixture of expert classifiers and the ensemble output decisions are identified by our proposed Preferential Agreement (PA) rule. Our proposed classification algorithm, M2KMix (mixture of two Multi Layer Perceptron and one K-Nearest Neighbor models) differs from the existing solutions in feature selection, error cost reduction, and attack type identification. M2KMix was trained and tested with our own SSE Lab 2011 dataset and CAIDA dataset. Detection accuracy and False Alarms are the two metrics used to analyze the performance of the proposed M2KMix algorithm with the existing output combination methods such as mean, maximum, minimum, and product. From the simulation results, it is evident that M2KMix algorithm achieves high detection accuracy (97.8%) with fewer false alarms than the existing output combination methods. M2KMix identifies three types of flooding attacks, viz., the SYN Flood, UDP flood, and HTTP Flood, effectively with detection accuracy of 100%, 93.75%, and 97.5%, respectively.
Бесплатно

MANETs: QoS and investigations on optimized link state routing protocol
Статья научная
Mobile Ad-Hoc Networks (MANETs) are self-forming, self-healing new generation infrastructure less wireless networks. Principal behind these networks is multi hop radio relaying. MANETs are very useful at locations where networking infrastructure is not available. Major applications of these networks can be accessed at military and emergency rescue operations. MANETs may contain small or large set of network nodes; each and every node requires acting as host and the router. Due to random movements of the nodes, MANETs obtain dynamic network topologies. Routing protocols in MANETs are accountable for establishing efficient and error free communication paths between network nodes. Dynamic network topologies make routing challenging. In order to meet requirement of present day applications and to overcome from routing challenges, routing protocols in mobile ad hoc networks need to perform better in terms of certain QoS (Quality of Service) parameters such as; good throughput, sustained communication links and least delay in establishing a link. In this paper, we have discussed QoS in MANETs and analyzed the OLSR (Optimized Link State Routing), a well-known routing protocol in MANETs for possible improvements in its performance. Here, we have revised attributes of core parameters of the standard OLSR routing model in order to obtain a new OLSR design. Performances of the standard and revised OLSR models have been tested and compared under different network scenarios using network simulator-3 (NS-3). Different QoS and performance evaluating metrics such as; the throughput, packet delivery ratio, end to end delay, packet loss and normalized routing load have been considered for measuring performances of either OLSR routing models. Based on the analysis, it is concluded that the revised OLSR model has shown better performances as compared to standard OLSR routing model.
Бесплатно

MUSIC 2D-DOA Estimation using Split Vertical Linear and Circular Arrays
Статья научная
In this paper, the MUSIC 2D-DOA estimation is estimated by splitting the angle into elevation and azimuth components. This technique is based on an array that is composed by a vertical uniform linear array located perpendicularly at the center of another uniform circular array. This array configuration is proposed to reduce the computational burden faced in MUSIC 2D-DOA estimation where the vertical array is used to determine the elevation DOAs (θs) which are used subsequently to determine the azimuth DOAs (∅s) by the circular array instead of searching in all space of the two angles in the case of using circular array only. The new Split beamformer is investigated and the performance of the MUSIC 2D-DOA under several signal conditions in the presence of noise is studied.
Бесплатно

Статья научная
Software-Defined Networking is a new network architecture that separates control and data planes. It has central network control and programmability facilities, so it improves manageability, scaling, and performance. However, it may suffer from creating a single point of failure against the controller, which represents the network control plane. So, defending the controller against attacks such as a distributed denial of service attack is a valuable and urgent issue. The advances of this paper are to implement an accurate and significant method to detect this attack with high accuracy using machine learning-based algorithms exploiting new advanced features obtained from traffic flow information and statistics. The developed model is trained with kernel radial basis function. The technique uses advanced features such as unknown destination addresses, packets inter-arrival time, transport layer protocol header, and type of service header. To the best knowledge of the authors, the proposed approach of the paper had not been used before. The proposed work begins with generating both normal and attack traffic flow packets through the network. When packets reach the controller, it extracts their headers and performs necessary flow calculations to get the needed features. The features are used to create a dataset that is used as an input to linear support vector machine classifier. The classifier is used to train the model with kernel radial basis function. Methods such as Naive Bayes, K-Nearest Neighbor, Decision Tree, and Random Forest are also utilized and compared with the SVM model to improve the detection operation. Hence, suspicious senders are blocked and their information is stored. The experimental results prove that the proposed technique detects the attack with high accuracy and low false alarm, compared to other related techniques.
Бесплатно

Machine Learning-based Intrusion Detection Technique for IoT: Simulation with Cooja
Статья научная
The Internet of Things (IoT) is one of the promising technologies of the future. It offers many attractive features that we depend on nowadays with less effort and faster in real-time. However, it is still vulnerable to various threats and attacks due to the obstacles of its heterogeneous ecosystem, adaptive protocols, and self-configurations. In this paper, three different 6LoWPAN attacks are implemented in the IoT via Contiki OS to generate the proposed dataset that reflects the 6LoWPAN features in IoT. For analyzed attacks, six scenarios have been implemented. Three of these are free of malicious nodes, and the others scenarios include malicious nodes. The typical scenarios are a benchmark for the malicious scenarios for comparison, extraction, and exploration of the features that are affected by attackers. These features are used as criteria input to train and test our proposed hybrid Intrusion Detection and Prevention System (IDPS) to detect and prevent 6LoWPAN attacks in the IoT ecosystem. The proposed hybrid IDPS has been trained and tested with improved accuracy on both KoU-6LoWPAN-IoT and Edge IIoT datasets. In the proposed hybrid IDPS for the detention phase, the Artificial Neural Network (ANN) classifier achieved the highest accuracy among the models in both the 2-class and N-class. Before the accuracy improved in our proposed dataset with the 4-class and 2-class mode, the ANN classifier achieved 95.65% and 99.95%, respectively, while after the accuracy optimization reached 99.84% and 99.97%, respectively. For the Edge IIoT dataset, before the accuracy improved with the 15-class and 2-class modes, the ANN classifier achieved 95.14% and 99.86%, respectively, while after the accuracy optimized up to 97.64% and 99.94%, respectively. Also, the decision tree-based models achieved lightweight models due to their lower computational complexity, so these have an appropriate edge computing deployment. Whereas other ML models reach heavyweight models and are required more computational complexity, these models have an appropriate deployment in cloud or fog computing in IoT networks.
Бесплатно

Malware Classification with Improved Convolutional Neural Network Model
Статья научная
Malware is a threat to people in the cyber world. It steals personal information and harms computer systems. Various developers and information security specialists around the globe continuously work on strategies for detecting malware. From the last few years, machine learning has been investigated by many researchers for malware classification. The existing solutions require more computing resources and are not efficient for datasets with large numbers of samples. Using existing feature extractors for extracting features of images consumes more resources. This paper presents a Convolutional Neural Network model with pre-processing and augmentation techniques for the classification of malware gray-scale images. An investigation is conducted on the Malimg dataset, which contains 9339 gray-scale images. The dataset created from binaries of malware belongs to 25 different families. To create a precise approach and considering the success of deep learning techniques for the classification of raising the volume of newly created malware, we proposed CNN and Hybrid CNN+SVM model. The CNN is used as an automatic feature extractor that uses less resource and time as compared to the existing methods. Proposed CNN model shows (98.03%) accuracy which is better than other existing CNN models namely VGG16 (96.96%), ResNet50 (97.11%) InceptionV3 (97.22%), Xception (97.56%). The execution time of the proposed CNN model is significantly reduced than other existing CNN models. The proposed CNN model is hybridized with a support vector machine. Instead of using Softmax as activation function, SVM performs the task of classifying the malware based on features extracted by the CNN model. The proposed fine-tuned model of CNN produces a well-selected features vector of 256 Neurons with the FC layer, which is input to SVM. Linear SVC kernel transforms the binary SVM classifier into multi-class SVM, which classifies the malware samples using the one-against-one method and delivers the accuracy of 99.59%.
Бесплатно

Malware-Free Intrusions: Exploitation of Built-in Pre-Authentication Services for APT Attack Vectors
Статья научная
Advanced Persistent Threat (APT) actors seek to maintain an undetected presence over a considerable duration and therefore use a myriad of techniques to achieve this requirement. This stealthy presence might be sought on the targeted victim or one of the victims used as pawns for further attacks. However, most of the techniques involve some malicious software leveraging the vulnerability induced by an exploit or leveraging the ignorance of the benign user. But then, malware generates a substantial amount of noise in form of suspicious network traffic or unusual system calls which usually do not go undetected by intrusion detection systems. Therefore, an attack vector that generates as little noise as possible or none at all is especially attractive to ATP threat actors as this perfectly suits the objective thereof. Malware-free intrusions present such attack vectors and indeed are difficult to detect because they mimic the behavior of normal applications and add no extra code for signature detection or anomaly behavior. This paper explores malware-free intrusions via backdoors created by leveraging the available at pre-authentication system tools availed to the common user. We explore two attack vectors used to implant the backdoor and demonstrate how such is accessible over the network via remote access while providing the highest level of system access. We further look at prevention, detection and mitigation measures which can be implemented in the case of compromise.
Бесплатно

MapReduce Algorithm for Single Source Shortest Path Problem
Статья научная
Computing single source shortest path is a popular problem in graph theory, extensively applied in many areas like computer networks, operation research and complex network analysis. SSSP is difficult to parallelize efficiently as more parallelization leads to more work done by any algorithm. MapReduce is a popular programming framework for large data processing in distributed and cloud environments. In this paper, we have proposed MR-DSMR, a Map reduce version of Dijkstra Strip-mined Relaxation (DSMR) algorithm and MR3-BFS algorithms. We have compared the performance of both the algorithms with BFS. It is observed that MR-DSMR takes lesser communication and computation time compared to existing algorithms.
Бесплатно

Mean Response Time Approximation for HTTP Transactions over Transport Protocols
Статья научная
This paper addresses mean response time that end-users experience when using the Internet. HTTP (Hyper Text Transfer Protocol) is a widely used transfer protocol to retrieve web objects in the Internet. Generally, HTTP uses TCP (Transmission Control Protocol) in a transport layer. But it is known that HTTP interacts with TCP inefficiently. As an example of such inefficiencies, HTTP does not require TCP to deliver the rigid order, which may cause head-of-line blocking. As another transport layer protocol, SCTP (Stream Control Transmission Protocol) has attractive features such as multi-streaming and multi-homing unlike TCP. Within an SCTP association, multi-streaming allows for independent delivery among streams, thus can avoid the head-of-line blocking. In addition, SCTP provides very large number of streams; therefore, it can transfer multiple objects more efficiently than the typical HTTP/1.1 over TCP which limits the number of pipelines. Mean response time is one of the main measures that end users using Internet concern. This paper presents the simple analytical model and algorithm to find the mean response time for HTTP over SCTP including the previous HTTP over TCP. Some computational experiences show that the proposed model and algorithm are well approximated to the real environment. Also, it is shown that mean response time for HTTP over SCTP can be less than that for HTTP over TCP.
Бесплатно

Measuring Corporate Social Responsibility Based on a Fuzzy Analytical Hierarchy Process
Статья научная
With increasing social awareness on the issue of corporate social responsibility (CSR), the measurement of CSR has received considerable attention in both academic literature and managerial practice. Following a review of CSR theory development and the literature on measures of CSR, this paper proposes a systematic approach to measure CSR using fuzzy analytical hierarchy process (FAHP). In addition, a preliminary investigation is presented to explain how the approach can help in evaluating CSR in practice.
Бесплатно

Статья научная
Steganography is the discipline of invisible communication by hiding the exchanged secret information (message) in another digital information media (image, video or audio). The existence of the message is kept indiscernible in sense that no one, other than the intended recipient, suspects the existence of the message. The majority of steganography techniques are implemented either in spatial domain or in frequency domain of the digital images while the embedded information can be in the form of plain or cipher message. Medical image steganography is classified as a distinctive case of image steganography in such a way that both the image and the embedded information have special requirements such as achieving utmost clarity reading of the medical images and the embedded messages. There is a contention between the amount of hidden information and the caused detectable distortion of image. The current paper studies the degradation of the medical image when undergoes the steganography process in the frequency domain.
Бесплатно

Статья научная
Internets of Things (IoT) are distinguished by different devices, which support the ability to provide innovative services in various applications. The main aspects of security which involves maintaining confidentiality and authentication of data, integrity within the IoT network, privacy and trust among IoT devices are important issues to be addressed. Conventional security policies cannot be used directly to IoT devices due to the limitation of memory and high power consumption factors. One of the security breaches in the intranet is lack of encryption due to the IoT devices infrastructure. The basic IoT devices are 8-bit, low-cost, limited memory and power consumption devices which limit the complex algorithm execution. The key distribution is another major challenge in IoT network. This paper proposes a solution to transmitting messages by adopting Random Number generation and distribution of session key for every message without any difficulty. It gives better result to resist from the brute force attack in a network.
Бесплатно

Method and System for Protection of Automated Control Systems for "Smart Buildings"
Статья научная
The paper is related to system and method for protection of an automated control system (ACS) against un-authorized devices connected to the ACS via wired or wireless channels that substantially obviates the disadvantages of the related art. The protection system monitors the signals spreading in the network analyzing the performance of the network for malicious code or hidden connections of attacker. The system is developed specifically for this purpose and it can protect the industrial control systems more effectively than standard anti-virus programs. Specific anti-virus software installed on a central server of the automated control system protects it from software-based attacks both from internal and external offenders. The system comprises a plurality of bus protection devices of different types, including any of a twisted-pair protection device, a power lines protection device, On-Board Diagnostics signal protocol protection device, and a wireless protection device.
Бесплатно

Статья научная
Countering the spread of calls for political extremism through graphic content on online social networks is becoming an increasingly pressing problem that requires the development of new technological solutions, since traditional approaches to countering are based on the results of recognizing destructive content only in text messages. Since in modern conditions neural network tools for analyzing graphic information are considered the most effective, it is assumed that it is advisable to use such tools for analyzing images and video materials in online social networks, taking into account the need to adapt them to the expected conditions of use, which are determined by the wide variability in the size of graphic content, the presence of typical interference, limited computing resources of recognition tools. Using this thesis, a method has been proposed that makes it possible to implement the construction of neural network recognition tools adapted to the specified conditions. For recognition, the author's neural network model was used, which, due to the reasonable determination of the architectural parameters of the low-resource convolutional neural network of the MobileNetV2 type and the recurrent neural network of the LSTM type, which makes up its structure, ensures high accuracy of recognition of scenes of political extremism both in static images and in video materials under limited computing conditions resources. A mechanism was used to adapt the input field of the neural network model to the variability of the size of graphic resources, which provides for scaling within acceptable limits of the input graphic resource and, if necessary, filling the input field with zeros. Levelling out typical noise is ensured by using advanced solutions in the method for correcting brightness, contrast and eliminating blur of local areas in images of online social networks. Neural network tools developed on the basis of the proposed method for recognizing scenes of political extremism in graphic materials of online social networks demonstrate recognition accuracy at the level of the most well-known neural network models, while ensuring a reduction in resource intensity by more than 10 times. This allows the use of less powerful equipment, increases the speed of content analysis, and also opens up prospects for the development of easily scalable recognition tools, which ultimately ensures an increase in security and a reduction in the spread of extremist content on online social networks. It is advisable to correlate the paths for further research with the introduction of the Attention mechanism into the neural network model used in the method, which will make it possible to increase the efficiency of neural network analysis of video materials.
Бесплатно

Method for Cyberincidents Network-Centric Monitoring in Critical Information Infrastructure
Статья научная
In this paper the method of network-centric monitoring of cyberincidents was developed, which is based on network-centric concept and implements in 8 stages. This method allows to determine the most important objects for protection, and predict the category of cyberincidents, which will arise as a result of cyberattack, and their level of criticality.
Бесплатно

Method for Effective Use of Cloudlet Network Resources
Статья научная
The article addresses the issue of balanced placement of mobile software applications of mobile users in cloudlets deployed near base stations of Wireless Metropolitan Area Networks (WMAN), taking into account their technical capabilities. It is noted that the proposed model is more efficient in meeting the demand for computing and memory resources of mobile devices, eliminating network delays and using a reliable communication channel. At the same time, a minimum of cloudlet-based communication channels with a mobile user was suggested, reducing the network load and reliability of the communication channel when using multimedia software on mobile devices. The article reviews the balanced distribution of the tasks in the cloudlet network. If a user offloads the task to the nearest cloud and resolves it there, then the delays and energy consumption will be less. When the cloudlet is far from the mobile device, as the number of communication channels increases the delays are observed. Moreover, the article discusses the issue of selecting the cloudlets that meet some of the user requirements. Using the possible values that determine the importance of cloudlets (vacant resources in cloudlets, closeness of cloudlets to the user, high reliability, etc.), the conditions, according to which the user's application is offloaded to the certain cloudlet, are studied and a method is proposed.
Бесплатно

Method of Calculating Information Protection from Mutual Influence of Users in Social Networks
Статья научная
Dynamic models of the information security system (DMoISS) in social networks (SN) are studied and the mutual influence between users (MIBU) was taken into account. Also, the stability of the security system (SoSS) was analyzed. There is a practical interest in studying the behavior of the of SN information security systems (ISS) using parameters of the MIBU. DMoISS in SN in the mathematical sense of this term is considered. A dynamic system is understood as an object or process for which the concept of state is unambiguously defined as a set of certain quantities at a given moment of time and a given law describes the change (evolution) of the initial state over time. SN is a set of users and connections between them. Individuals, social groups, organizations, cities, countries can be considered as users. Connections are understood not only as MIBU, but also as the exchange of various resources and activities. Theoretical study of the dynamic behavior of a real object requires the creation of its mathematical model. The procedure of developing the model is to compile mathematical equations based on physical laws. These laws were formulated in the language of differential equations. As a result of the research it is established the influence of parameters of MIBU on parameters of SN ISS. Phase portraits (PP) of the data protection system in the MatLab/Multisim program are determined, what indicates of the SoSS in the operating range of the parameters even at the maximum value of influences. This study is useful and important from the point of view of information security in the network, since the parameters of MIBU significantly affect the protection rate (with different values - up to 100%). The scientific value of the article lies in the fact that for the first time, on the basis of the study of the developed systems of nonlinear differential equations (NDE), it is shown the quantitative relationship between the parameters of the MIBU and the parameters of the SN ISS, as well as the SoSS is shown based on the study of the nonlinear equation of the second degree.
Бесплатно

Статья научная
The article reflects the views of the authors on the method for the operational calculation of the indicator of the functioning of special-purpose information and telecommunication networks of the tactical level of control according to the criterion of "network availability". Improvement of weapons and military equipment, forms and methods of combat, as well as a change in views on command and control, put forward ever more stringent requirements for the information and telecommunication system in general and for its elements in particular. The problems of development, planning of combat use and operation of information and telecommunication networks of the tactical control level are their heterogeneity, since they use heterogeneous transmission systems (radio and wire) together. The characteristic features of the planning, deployment and operation of information and telecommunication networks of the tactical control level are a high degree of uncertainty in the characteristics of their functioning and the lack of initial data in planning, which necessitates the improvement of the methodological basis for conducting operational calculations. Based on the analysis of ITU-T recommendations, scientific publications and the practice of combat use of the defense forces, it becomes clear that the operational calculation of individual criteria and indicators of the functioning of information and telecommunication systems of the tactical control level needs to be improved, since these systems have their own characteristic features. The material presented in the article makes it possible to develop new approaches to solving the problem of a reasonable calculation of the required bandwidth of the access node of the information and telecommunications network of the tactical control link. The significance and value of this study lies in the fact that in the conditions of continuous improvement of the forms and methods of warfare, high dynamism of changes in the states of information and telecommunication systems of the tactical control level, the correct choice of the apparatus for assessing the decisions made should play a decisive role in shortening the deployment planning cycle and sustainable functioning of the system management.
Бесплатно