International Journal of Computer Network and Information Security @ijcnis
Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1157

MUSIC 2D-DOA Estimation using Split Vertical Linear and Circular Arrays
Статья научная
In this paper, the MUSIC 2D-DOA estimation is estimated by splitting the angle into elevation and azimuth components. This technique is based on an array that is composed by a vertical uniform linear array located perpendicularly at the center of another uniform circular array. This array configuration is proposed to reduce the computational burden faced in MUSIC 2D-DOA estimation where the vertical array is used to determine the elevation DOAs (θs) which are used subsequently to determine the azimuth DOAs (∅s) by the circular array instead of searching in all space of the two angles in the case of using circular array only. The new Split beamformer is investigated and the performance of the MUSIC 2D-DOA under several signal conditions in the presence of noise is studied.
Бесплатно

Статья научная
Software-Defined Networking is a new network architecture that separates control and data planes. It has central network control and programmability facilities, so it improves manageability, scaling, and performance. However, it may suffer from creating a single point of failure against the controller, which represents the network control plane. So, defending the controller against attacks such as a distributed denial of service attack is a valuable and urgent issue. The advances of this paper are to implement an accurate and significant method to detect this attack with high accuracy using machine learning-based algorithms exploiting new advanced features obtained from traffic flow information and statistics. The developed model is trained with kernel radial basis function. The technique uses advanced features such as unknown destination addresses, packets inter-arrival time, transport layer protocol header, and type of service header. To the best knowledge of the authors, the proposed approach of the paper had not been used before. The proposed work begins with generating both normal and attack traffic flow packets through the network. When packets reach the controller, it extracts their headers and performs necessary flow calculations to get the needed features. The features are used to create a dataset that is used as an input to linear support vector machine classifier. The classifier is used to train the model with kernel radial basis function. Methods such as Naive Bayes, K-Nearest Neighbor, Decision Tree, and Random Forest are also utilized and compared with the SVM model to improve the detection operation. Hence, suspicious senders are blocked and their information is stored. The experimental results prove that the proposed technique detects the attack with high accuracy and low false alarm, compared to other related techniques.
Бесплатно

Machine Learning-based Intrusion Detection Technique for IoT: Simulation with Cooja
Статья научная
The Internet of Things (IoT) is one of the promising technologies of the future. It offers many attractive features that we depend on nowadays with less effort and faster in real-time. However, it is still vulnerable to various threats and attacks due to the obstacles of its heterogeneous ecosystem, adaptive protocols, and self-configurations. In this paper, three different 6LoWPAN attacks are implemented in the IoT via Contiki OS to generate the proposed dataset that reflects the 6LoWPAN features in IoT. For analyzed attacks, six scenarios have been implemented. Three of these are free of malicious nodes, and the others scenarios include malicious nodes. The typical scenarios are a benchmark for the malicious scenarios for comparison, extraction, and exploration of the features that are affected by attackers. These features are used as criteria input to train and test our proposed hybrid Intrusion Detection and Prevention System (IDPS) to detect and prevent 6LoWPAN attacks in the IoT ecosystem. The proposed hybrid IDPS has been trained and tested with improved accuracy on both KoU-6LoWPAN-IoT and Edge IIoT datasets. In the proposed hybrid IDPS for the detention phase, the Artificial Neural Network (ANN) classifier achieved the highest accuracy among the models in both the 2-class and N-class. Before the accuracy improved in our proposed dataset with the 4-class and 2-class mode, the ANN classifier achieved 95.65% and 99.95%, respectively, while after the accuracy optimization reached 99.84% and 99.97%, respectively. For the Edge IIoT dataset, before the accuracy improved with the 15-class and 2-class modes, the ANN classifier achieved 95.14% and 99.86%, respectively, while after the accuracy optimized up to 97.64% and 99.94%, respectively. Also, the decision tree-based models achieved lightweight models due to their lower computational complexity, so these have an appropriate edge computing deployment. Whereas other ML models reach heavyweight models and are required more computational complexity, these models have an appropriate deployment in cloud or fog computing in IoT networks.
Бесплатно

Malware Classification with Improved Convolutional Neural Network Model
Статья научная
Malware is a threat to people in the cyber world. It steals personal information and harms computer systems. Various developers and information security specialists around the globe continuously work on strategies for detecting malware. From the last few years, machine learning has been investigated by many researchers for malware classification. The existing solutions require more computing resources and are not efficient for datasets with large numbers of samples. Using existing feature extractors for extracting features of images consumes more resources. This paper presents a Convolutional Neural Network model with pre-processing and augmentation techniques for the classification of malware gray-scale images. An investigation is conducted on the Malimg dataset, which contains 9339 gray-scale images. The dataset created from binaries of malware belongs to 25 different families. To create a precise approach and considering the success of deep learning techniques for the classification of raising the volume of newly created malware, we proposed CNN and Hybrid CNN+SVM model. The CNN is used as an automatic feature extractor that uses less resource and time as compared to the existing methods. Proposed CNN model shows (98.03%) accuracy which is better than other existing CNN models namely VGG16 (96.96%), ResNet50 (97.11%) InceptionV3 (97.22%), Xception (97.56%). The execution time of the proposed CNN model is significantly reduced than other existing CNN models. The proposed CNN model is hybridized with a support vector machine. Instead of using Softmax as activation function, SVM performs the task of classifying the malware based on features extracted by the CNN model. The proposed fine-tuned model of CNN produces a well-selected features vector of 256 Neurons with the FC layer, which is input to SVM. Linear SVC kernel transforms the binary SVM classifier into multi-class SVM, which classifies the malware samples using the one-against-one method and delivers the accuracy of 99.59%.
Бесплатно

Malware-Free Intrusions: Exploitation of Built-in Pre-Authentication Services for APT Attack Vectors
Статья научная
Advanced Persistent Threat (APT) actors seek to maintain an undetected presence over a considerable duration and therefore use a myriad of techniques to achieve this requirement. This stealthy presence might be sought on the targeted victim or one of the victims used as pawns for further attacks. However, most of the techniques involve some malicious software leveraging the vulnerability induced by an exploit or leveraging the ignorance of the benign user. But then, malware generates a substantial amount of noise in form of suspicious network traffic or unusual system calls which usually do not go undetected by intrusion detection systems. Therefore, an attack vector that generates as little noise as possible or none at all is especially attractive to ATP threat actors as this perfectly suits the objective thereof. Malware-free intrusions present such attack vectors and indeed are difficult to detect because they mimic the behavior of normal applications and add no extra code for signature detection or anomaly behavior. This paper explores malware-free intrusions via backdoors created by leveraging the available at pre-authentication system tools availed to the common user. We explore two attack vectors used to implant the backdoor and demonstrate how such is accessible over the network via remote access while providing the highest level of system access. We further look at prevention, detection and mitigation measures which can be implemented in the case of compromise.
Бесплатно

MapReduce Algorithm for Single Source Shortest Path Problem
Статья научная
Computing single source shortest path is a popular problem in graph theory, extensively applied in many areas like computer networks, operation research and complex network analysis. SSSP is difficult to parallelize efficiently as more parallelization leads to more work done by any algorithm. MapReduce is a popular programming framework for large data processing in distributed and cloud environments. In this paper, we have proposed MR-DSMR, a Map reduce version of Dijkstra Strip-mined Relaxation (DSMR) algorithm and MR3-BFS algorithms. We have compared the performance of both the algorithms with BFS. It is observed that MR-DSMR takes lesser communication and computation time compared to existing algorithms.
Бесплатно

Mean Response Time Approximation for HTTP Transactions over Transport Protocols
Статья научная
This paper addresses mean response time that end-users experience when using the Internet. HTTP (Hyper Text Transfer Protocol) is a widely used transfer protocol to retrieve web objects in the Internet. Generally, HTTP uses TCP (Transmission Control Protocol) in a transport layer. But it is known that HTTP interacts with TCP inefficiently. As an example of such inefficiencies, HTTP does not require TCP to deliver the rigid order, which may cause head-of-line blocking. As another transport layer protocol, SCTP (Stream Control Transmission Protocol) has attractive features such as multi-streaming and multi-homing unlike TCP. Within an SCTP association, multi-streaming allows for independent delivery among streams, thus can avoid the head-of-line blocking. In addition, SCTP provides very large number of streams; therefore, it can transfer multiple objects more efficiently than the typical HTTP/1.1 over TCP which limits the number of pipelines. Mean response time is one of the main measures that end users using Internet concern. This paper presents the simple analytical model and algorithm to find the mean response time for HTTP over SCTP including the previous HTTP over TCP. Some computational experiences show that the proposed model and algorithm are well approximated to the real environment. Also, it is shown that mean response time for HTTP over SCTP can be less than that for HTTP over TCP.
Бесплатно

Measuring Corporate Social Responsibility Based on a Fuzzy Analytical Hierarchy Process
Статья научная
With increasing social awareness on the issue of corporate social responsibility (CSR), the measurement of CSR has received considerable attention in both academic literature and managerial practice. Following a review of CSR theory development and the literature on measures of CSR, this paper proposes a systematic approach to measure CSR using fuzzy analytical hierarchy process (FAHP). In addition, a preliminary investigation is presented to explain how the approach can help in evaluating CSR in practice.
Бесплатно

Статья научная
Steganography is the discipline of invisible communication by hiding the exchanged secret information (message) in another digital information media (image, video or audio). The existence of the message is kept indiscernible in sense that no one, other than the intended recipient, suspects the existence of the message. The majority of steganography techniques are implemented either in spatial domain or in frequency domain of the digital images while the embedded information can be in the form of plain or cipher message. Medical image steganography is classified as a distinctive case of image steganography in such a way that both the image and the embedded information have special requirements such as achieving utmost clarity reading of the medical images and the embedded messages. There is a contention between the amount of hidden information and the caused detectable distortion of image. The current paper studies the degradation of the medical image when undergoes the steganography process in the frequency domain.
Бесплатно

Статья научная
Internets of Things (IoT) are distinguished by different devices, which support the ability to provide innovative services in various applications. The main aspects of security which involves maintaining confidentiality and authentication of data, integrity within the IoT network, privacy and trust among IoT devices are important issues to be addressed. Conventional security policies cannot be used directly to IoT devices due to the limitation of memory and high power consumption factors. One of the security breaches in the intranet is lack of encryption due to the IoT devices infrastructure. The basic IoT devices are 8-bit, low-cost, limited memory and power consumption devices which limit the complex algorithm execution. The key distribution is another major challenge in IoT network. This paper proposes a solution to transmitting messages by adopting Random Number generation and distribution of session key for every message without any difficulty. It gives better result to resist from the brute force attack in a network.
Бесплатно

Method and System for Protection of Automated Control Systems for "Smart Buildings"
Статья научная
The paper is related to system and method for protection of an automated control system (ACS) against un-authorized devices connected to the ACS via wired or wireless channels that substantially obviates the disadvantages of the related art. The protection system monitors the signals spreading in the network analyzing the performance of the network for malicious code or hidden connections of attacker. The system is developed specifically for this purpose and it can protect the industrial control systems more effectively than standard anti-virus programs. Specific anti-virus software installed on a central server of the automated control system protects it from software-based attacks both from internal and external offenders. The system comprises a plurality of bus protection devices of different types, including any of a twisted-pair protection device, a power lines protection device, On-Board Diagnostics signal protocol protection device, and a wireless protection device.
Бесплатно

Статья научная
Countering the spread of calls for political extremism through graphic content on online social networks is becoming an increasingly pressing problem that requires the development of new technological solutions, since traditional approaches to countering are based on the results of recognizing destructive content only in text messages. Since in modern conditions neural network tools for analyzing graphic information are considered the most effective, it is assumed that it is advisable to use such tools for analyzing images and video materials in online social networks, taking into account the need to adapt them to the expected conditions of use, which are determined by the wide variability in the size of graphic content, the presence of typical interference, limited computing resources of recognition tools. Using this thesis, a method has been proposed that makes it possible to implement the construction of neural network recognition tools adapted to the specified conditions. For recognition, the author's neural network model was used, which, due to the reasonable determination of the architectural parameters of the low-resource convolutional neural network of the MobileNetV2 type and the recurrent neural network of the LSTM type, which makes up its structure, ensures high accuracy of recognition of scenes of political extremism both in static images and in video materials under limited computing conditions resources. A mechanism was used to adapt the input field of the neural network model to the variability of the size of graphic resources, which provides for scaling within acceptable limits of the input graphic resource and, if necessary, filling the input field with zeros. Levelling out typical noise is ensured by using advanced solutions in the method for correcting brightness, contrast and eliminating blur of local areas in images of online social networks. Neural network tools developed on the basis of the proposed method for recognizing scenes of political extremism in graphic materials of online social networks demonstrate recognition accuracy at the level of the most well-known neural network models, while ensuring a reduction in resource intensity by more than 10 times. This allows the use of less powerful equipment, increases the speed of content analysis, and also opens up prospects for the development of easily scalable recognition tools, which ultimately ensures an increase in security and a reduction in the spread of extremist content on online social networks. It is advisable to correlate the paths for further research with the introduction of the Attention mechanism into the neural network model used in the method, which will make it possible to increase the efficiency of neural network analysis of video materials.
Бесплатно

Method for Cyberincidents Network-Centric Monitoring in Critical Information Infrastructure
Статья научная
In this paper the method of network-centric monitoring of cyberincidents was developed, which is based on network-centric concept and implements in 8 stages. This method allows to determine the most important objects for protection, and predict the category of cyberincidents, which will arise as a result of cyberattack, and their level of criticality.
Бесплатно

Method for Effective Use of Cloudlet Network Resources
Статья научная
The article addresses the issue of balanced placement of mobile software applications of mobile users in cloudlets deployed near base stations of Wireless Metropolitan Area Networks (WMAN), taking into account their technical capabilities. It is noted that the proposed model is more efficient in meeting the demand for computing and memory resources of mobile devices, eliminating network delays and using a reliable communication channel. At the same time, a minimum of cloudlet-based communication channels with a mobile user was suggested, reducing the network load and reliability of the communication channel when using multimedia software on mobile devices. The article reviews the balanced distribution of the tasks in the cloudlet network. If a user offloads the task to the nearest cloud and resolves it there, then the delays and energy consumption will be less. When the cloudlet is far from the mobile device, as the number of communication channels increases the delays are observed. Moreover, the article discusses the issue of selecting the cloudlets that meet some of the user requirements. Using the possible values that determine the importance of cloudlets (vacant resources in cloudlets, closeness of cloudlets to the user, high reliability, etc.), the conditions, according to which the user's application is offloaded to the certain cloudlet, are studied and a method is proposed.
Бесплатно

Method of Calculating Information Protection from Mutual Influence of Users in Social Networks
Статья научная
Dynamic models of the information security system (DMoISS) in social networks (SN) are studied and the mutual influence between users (MIBU) was taken into account. Also, the stability of the security system (SoSS) was analyzed. There is a practical interest in studying the behavior of the of SN information security systems (ISS) using parameters of the MIBU. DMoISS in SN in the mathematical sense of this term is considered. A dynamic system is understood as an object or process for which the concept of state is unambiguously defined as a set of certain quantities at a given moment of time and a given law describes the change (evolution) of the initial state over time. SN is a set of users and connections between them. Individuals, social groups, organizations, cities, countries can be considered as users. Connections are understood not only as MIBU, but also as the exchange of various resources and activities. Theoretical study of the dynamic behavior of a real object requires the creation of its mathematical model. The procedure of developing the model is to compile mathematical equations based on physical laws. These laws were formulated in the language of differential equations. As a result of the research it is established the influence of parameters of MIBU on parameters of SN ISS. Phase portraits (PP) of the data protection system in the MatLab/Multisim program are determined, what indicates of the SoSS in the operating range of the parameters even at the maximum value of influences. This study is useful and important from the point of view of information security in the network, since the parameters of MIBU significantly affect the protection rate (with different values - up to 100%). The scientific value of the article lies in the fact that for the first time, on the basis of the study of the developed systems of nonlinear differential equations (NDE), it is shown the quantitative relationship between the parameters of the MIBU and the parameters of the SN ISS, as well as the SoSS is shown based on the study of the nonlinear equation of the second degree.
Бесплатно

Статья научная
The article reflects the views of the authors on the method for the operational calculation of the indicator of the functioning of special-purpose information and telecommunication networks of the tactical level of control according to the criterion of "network availability". Improvement of weapons and military equipment, forms and methods of combat, as well as a change in views on command and control, put forward ever more stringent requirements for the information and telecommunication system in general and for its elements in particular. The problems of development, planning of combat use and operation of information and telecommunication networks of the tactical control level are their heterogeneity, since they use heterogeneous transmission systems (radio and wire) together. The characteristic features of the planning, deployment and operation of information and telecommunication networks of the tactical control level are a high degree of uncertainty in the characteristics of their functioning and the lack of initial data in planning, which necessitates the improvement of the methodological basis for conducting operational calculations. Based on the analysis of ITU-T recommendations, scientific publications and the practice of combat use of the defense forces, it becomes clear that the operational calculation of individual criteria and indicators of the functioning of information and telecommunication systems of the tactical control level needs to be improved, since these systems have their own characteristic features. The material presented in the article makes it possible to develop new approaches to solving the problem of a reasonable calculation of the required bandwidth of the access node of the information and telecommunications network of the tactical control link. The significance and value of this study lies in the fact that in the conditions of continuous improvement of the forms and methods of warfare, high dynamism of changes in the states of information and telecommunication systems of the tactical control level, the correct choice of the apparatus for assessing the decisions made should play a decisive role in shortening the deployment planning cycle and sustainable functioning of the system management.
Бесплатно

Method of Parallel Information Object Search in Unified Information Spaces
Статья научная
The article describes the concept of a unified information space and an algorithm of its formation using a special information and computer system. The process of incoming object search in a unified information space is considered, which makes it possible to uniquely identify it by corresponding features. One of the main tasks of a unified information space is that each information object in it is uniquely identified. For this, the identification method was used, which is based on a step-by-step analysis of object characteristics. The method of parallel information object search in unified information spaces is proposed, when information object search will be conducted independently in all unified information spaces in parallel. Experimental studies of the method of parallel information object search in unified information spaces were conducted, on the basis of which the analysis of efficiency and incoming objects search time in unified information spaces was carried out. There was experimentally approved that the more parameters that describe the information object, the less the time of object identification depends on the length of the interval. Also, there was experimentally approved that the efficiency of the searching of the incoming objects in unified information spaces tends to a directly proportional relationship with a decrease in the length of the interval and an increase in the number of parameters, and vice versa.
Бесплатно

Method of Performing Operations on the Elements of GF(2m) Using a Sparse Table
Статья научная
For the implementation of error-correcting codes, cryptographic algorithms, and the construction of homomorphic methods for privacy-preserving, there is a need for methods of performing operations on elements GF(2m) that have low computational complexity. This paper analyzes the existing methods of performing operations on the elements GF(2m) and proposes a new method based on the use of a sparse table of elements of this field. The object of research is the processes of operations in information security systems. The subject of research is methods and algorithms for performing operations on elements GF(2m). The purpose of this research is to develop and improve methods and algorithms for performing operations on elements GF(2m) to reduce their computational complexity. Empirical methods and methods of mathematical and software modeling are used in the research. Existing and proposed algorithms are implemented using the C# programming language in the Visual Studio 2015 development environment. Experimental research of existing and developed algorithms was carried out according to the proposed method, which allows to level the influence of additional parameters on the results of the research. The conducted research on methods for performing operations on the elements GF(2m) shows the expediency of using a sparse table of field elements. This approach makes it possible to reduce the amount of RAM required for the software and hardware implementation of the developed method compared to the classical tabular method, which requires storage of a full table of correspondence of the polynomial and index representation of the field elements. In addition, the proposed method gives an increase in speed of more than 4 times for the operations of calculating the multiplicative inverse element and exponentiation. As a result, the proposed method allows to reduce the computational complexity of error-correcting codes, cryptographic algorithms, and the homomorphic methods for privacy-preserving.
Бесплатно

Статья научная
The paper describes the organization of the unified information space which is based on the uniform principles and the general rules that ensure the informational interaction of objects. In practice, in case when the communication with an information object of the unified information space is lost, the necessary information about this object should be collected by the analysis of previous interactions of the information object with the other information objects. The goal of this paper article is to develop a mechanism that will allow restore the missing parameters of information objects in case of communication loss with this object. There was performed the experimental researches with the proposed mechanisms. The experiments have shown that there is an unequivocal relationship between the quality of restoration of an information object and the topology of links within an unified information space.
Бесплатно

Methodology for Benchmarking IPsec Gateways
Статья научная
The paper analyses forwarding performance of IPsec gateway over the rage of offered loads. It focuses on the forwarding rate and packet loss particularly at the gateway's performance peak and at the state of gateway's overload. It explains possible performance degradation when the gateway is overloaded by excessive offered load. The paper further evaluates different approaches for obtaining forwarding performance parameters – a widely used throughput described in RFC 1242, maximum forwarding rate with zero packet loss and us proposed equilibrium throughput. According to our observations equilibrium throughput might be the most universal parameter for benchmarking security gateways as the others may be dependent on the duration of test trials. Employing equilibrium throughput would also greatly shorten the time required for benchmarking. Lastly, the paper presents methodology and a hybrid step/binary search algorithm for obtaining value of equilibrium throughput.
Бесплатно