International Journal of Computer Network and Information Security @ijcnis
Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1166
Semi-Distributed Coordinative Switch Beamforming with Power Scheduling
Статья научная
Beam cooperative scheduling of a downlink transmission is an important technique to improve the spectrum efficiency in next generation mobile networks. This paper focuses on switched beams (the emission angles of the beams are fixed) and proposes a joint beam-power coordinative scheduling algorithm among neighbor sectors in the downlink of mobile systems. Each sector coordinates the applied order and transmitted power of the beams with adjacent interfering sector, so as to reduce inter-sector interference and maximize throughputs. The scheduling problem is modeled as a constrained optimization problem and solved by our proposed iterative approach. Computer simulation shows that the proposed approach significantly outperform the existing round robin beam servicing approach and the approach that applies only beam cooperative scheduling.
Бесплатно
Semi-Physical Simulation of RR/S Attitude Algorithm Based on Non-Holonomic IMU
Статья научная
Rolling Rocket/Shell (RR/S) can effectively overcome the impact point error caused by the asymmetry of aerodynamic appearance and mass eccentricity .etc. The spatial attitude of RR/S in the process of flight must be studied for that RR/S realizes the guidance control and improves the falling point precision. This paper introduces a semi physical simulation of RR/S attitude algorithm based on non-holonomic Inertial Measurement Unit (IMU) which is composed of 3 orthogonal import rate gyroscopes. It adopts the 902E-1 two-axis turntable to simulate the spatial attitude of RR/S, and uses the non-holonomic IMU, which is fixed on the turntable by ensuring the axes of them to be aimed, to measure the 3-axis angular rate motion of the turntable. By setting the motion condition of the turntable, we can get the 3-axis angular rate data of the IMU and the 3-axis angular position data of the turntable. The attitude algorithm simulation of IMU adopts the four-sample rotation vector algorithm based on MTLAB/Simulink. The simulation results show that the semi-physical simulation method can model the spatial attitude of RR/S truly and provide exact and real-time attitude information of RR/S which is rolling in the two-axis complex movement condition.
Бесплатно
Semifragile Watermarking Schemes for Image Authentication- A Survey
Статья научная
Digital images are very easy to manipulate, store, publish and secondary creation this juggle will lead to serious consequence in some applications such as military image, medical image. So, integrity of digital image must be authenticated. Tools that help us establish the authenticity and integrity of digital media are thus essential and can prove vital whenever questions are raised about the origin of an image and its content. To project authenticity of images semi fragile watermarking is very concerned by researchers because of its important function in content authentication. Semifragile watermarking aim to monitor contents of images not its representations. In present paper various semi fragile water marking algorithm are studied using some image quality matrices, insertion methods used, verification method . Finally some observations are given based on literature survey of algorithms and techniques of semifragile watermarking techniques
Бесплатно
Sensitive Data Identification and Security Assurance in Cloud and IoT based Networks
Статья научная
Sensitive data identification is a vital strategy in any distributed system. However, in the case of non-appropriate utilization of the system, sensitive data security can be at risk. Therefore, sensitive data identification and its security validation are mandatory. The paper primarily focuses on novel sensitive data recognition methodologies. Further, the sensitivity score of the attributes distinguishes non-sensitive attributes, and domain expert plays an important role in this process. The designing of the security assurance Algo and their corresponding decision tables make the system more robust and reliable. The result section is validated with the help of graphical representation, which clearly makes the authenticity of the research work. In summary, the authors may say that the sensitive data identification and security assurance of the proposed system is automated and work optimally in a cloud-based system.
Бесплатно
Sentiment Analysis CSAM Model to Discover Pertinent Conversations in Twitter Microblogs
Статья научная
In recent years, the most exploited sources of information such as Facebook, Instagram, LinkedIn and Twitter have been considered to be the main sources of misinformation. The presence of false information in these social networks has a very negative impact on the opinions and the way of thinking of Internet users. To solve this problem of misinformation, several techniques have been used and the most popular is the sentiment analysis. This technique, which consists in exploring opinions on corpora of texts, has become an essential topic in this field. In this article, we propose a new approach, called Conversational Sentiment Analysis Model (CSAM), allowing, from a text written on a subject through messages exchanged between different users, called a conversation, to find the passages describing feelings, emotions, opinions and attitudes. This approach is based on: (i) the conditional probability in order to analyse sentiments of different conversation items in Twitter microblog, which are characterized by small sizes, the presence of emoticons and emojis, (ii) the aggregation of conversation items using the uncertainty theory to evaluate the general sentiment of conversation. We conducted a series of experiments based on the standard Semeval2019 datasets, using three standard and different packages, namely a library for sentiment analysis TextBlob, a dictionary, a sentiment reasoner Flair and an integration-based framework for the Vader NLP task. We evaluated our model with two dataset SemEval 2019 and ScenarioSA, the analysis of the results, which we obtained at the end of this experimental study, confirms the feasibility of our model as well as its performance in terms of precision, recall and F-measurement.
Бесплатно
Server-Side Encrypting and Digital Signature Platform with Biometric Authorization
Статья научная
The most important shortcomings of solutions based on public key infrastructure and digital signatures are: costs, ambiguous laws, and nuisance of daily use. The purpose of this article is to discuss the motivation and benefits, as well as a presentation of concepts, high-level architecture, and demonstration of the operation of bioPKI; i.e., a server-side encryption and digital signature platform with biometric authorization. The usefulness of even the most advanced platform of any type is negligible if convenient and easy-to-implement mechanisms are not provided to integrate this solution with external systems and applications. Thus, the possibility of integrating the bioPKI platform with applications and systems supporting PKCS#11 or CryptoAPI CSP is discussed.
Бесплатно
Статья научная
Mobile Ad-Hoc networks (MANETs) can be classified as Decentralized, Independent and Self- Organizing dynamic networks of intellectual movable nodes. In such networks, devices are connected by provisional wireless links. Dynamic topology imposes challenges in developing an efficient routing protocol, for enabling successful communication between mobile devices. Based on the nature of working, proactive & reactive protocols are the two broadly classified categories of routing protocols. This paper presents, relative experimental analysis of proactive routing protocols viz., Optimized Link State Routing Protocol (OLSR) and its variant (Kenji Yamada et al., 2010) with Cooperative Multi-Point Relay (MPR) Selection. To compare OLSR and its variant protocol, the Network Simulator- 2.35 is used to carry out numerous simulations, on arbitrary scenarios, by varying the number of network nodes & mobility of nodes. As per the simulation outcomes, the OLSR with a cooperative MPR selection has outperformed the traditional OLSR protocol in static scenarios or when the network load has been varied. On the contrary, the traditional OLSR protocol has performed better in mobile scenarios. But, as demonstrated from various experimentations, it exhibits higher Routing Overheads as compared to its variant protocol. Further, on the basis of simulation results, efforts can be made in the direction of performance optimization of OLSR and its variant protocol, to improve its performance in highly mobile scenarios as well, keeping in view other performance metrics.
Бесплатно
Single Sign-On in Cloud Federation using CloudSim
Статья научная
Single Sign-On (SSO) is an authentication mechanism in which a Cloud Service Consumer (CSC) needs to be authenticated only once while accessing vari-ous services from multiple service providers, or when accessing multiple services from the same service provid-er. In the case of Cloud Federation, the consumers can get services from various Cloud Service Providers (CSPs) who are members of the federation, and SSO can be used to verify the legitimate users without requiring them to get authenticated with each service provider separately. CloudSim is a popular tool used for simulating various cloud computing scenarios. As of now, the simulator lacks effective user authentication and authorization methods with it. In this paper, we discuss the design and implementation of SSO mechanism in the Cloud Federa-tion scenario using the CloudSim toolkit. We have used the Fully Hashed Menezes-Qu-Vanstone (FHMQV) pro-tocol for the key exchange and the Symmetric Key En-cryption technique AES-128 for encrypting the identity tokens. We give the workflow model for the proposed approach of SSO in the Cloud Federation and also, the execution time taken in the simulation for various Single Sign-On scenarios where the number of SSO required varies are also shown.
Бесплатно
Статья научная
This article presents a method for detecting disinformation in news texts based on a combination of classic machine learning algorithms and deep learning models. The proposed approach was tested on the corpus of Ukrainian- and English-language news with the "fake/truth" classes marked. Before modelling, detailed data pre-processing was performed: deletion of duplicates, cleaning of HTML tags, links and special characters, normalisation of texts, unification of labels, class balancing, and tokenisation. A hybrid approach was used for vectorisation: frequency features (TF-IDF) were combined with contextual vector representations based on the IBM Granite multilingual model. Logistic regression is chosen as a classifier, which allows a balance to be achieved between quality and interpretation of results. Standard metrics are used to assess performance, such as Accuracy, Precision, Recall, F1-score, and ROC-AUC. According to the results of experiments, the model showed an Accuracy in the range of 0.91–0.93, a Precision of 0.89, a Recall of 0.92, an F1-score of 0.90, as well as an ROC-AUC over 0.94. The obtained values demonstrate the balanced ability of the system not only to accurately classify news, but also to minimise false positives, which is especially important in the conditions of information warfare. Priority is given to Recall's high scores, as the omission of fake messages can have critical consequences for information security. Thus, the proposed approach makes a scientific contribution to the field of automated disinformation detection by combining transparent and reproducible data processing with a hybrid text representation. The uniqueness of the study lies in the adaptation of NLP and machine learning methods to the Ukrainian-language information space and the context of modern hybrid warfare, which allows you to effectively identify the sources and routes of spreading fake news.
Бесплатно
Статья научная
The paper presents the development of a smart tool for automated analysis of news text content in order to identify propaganda narratives and disinformation. The relevance of the project is due to the growth of the information threat in the context of a hybrid war, in particular in the Ukrainian information space. The proposed solution is implemented in the form of a browser plugin that provides instant analysis of content without the need to switch to third-party services. The methodology is based on the use of modern natural language processing (NLP) and deep learning methods (in particular, BERT models) to classify content according to the level of propaganda impact and identify key narratives. As part of the study, modern models of transformers for text analysis, in particular BERT, were used. For the task of classifying propaganda, pre-trained GloVe vectors optimised for news articles were used, which provided the best results among the options considered. Instead, the BERT model was used to classify narratives, which showed higher accuracy in the processing of texts reflecting subjective thoughts. The adaptation included the use of a multilingual version of BERT (multilingual BERT), as it allows you to effectively work with Ukrainian-language data, which is a key advantage for localised analysis in the context of information warfare. Before using BERT, pre-processing of texts was carried out with the addition of syntactic, punctuation, emotional and stylistic features, which increased the accuracy of classification. For a more complete and reliable assessment of the effectiveness of propaganda classification models and narratives, a set of key metrics was used for propaganda/ narratives analyses Accuracy (0.94/0.86), Precision (0.95/0.69), Recall (0.96/0.71) and F1-score (0.96/0.70).The developed model showed high accuracy results: the F1-score for the propaganda classification problem was 0.96 and for the narrative classification problem – 0.70, which significantly exceeds the results of similar approaches, in particular XGBoost (0.92 and 0.50, respectively). In addition, the system supports full-fledged work with Ukrainian-language content, which is its key competitive advantage. The practical application of the tool covers journalism, fact-checking, analytics, and improving media literacy among citizens, contributing to the improvement of the state's information security.
Бесплатно
Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations
Статья научная
Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms.
Бесплатно
Social Networking for Botnet Command and Control
Статья научная
A botnet is a group of compromised computers—often a large group—under the command and control of a malicious botmaster. Botnets can be used for a wide variety of malicious attacks, including spamming, distributed denial of service, and identity theft. Botnets are generally recognized as a serious threat on the Internet. This paper discusses SocialNetworkingBot, a botnet we have developed that uses Twitter for command and control. In SocialNetworkingBot, the botmaster tweets commands that are acted on by the individual bots. We discuss the functionality and implementation of SocialNetworkingBot, as well as a small-scale experiment that we have conducted. The botnet presented here is intended to serve as a proof of concept and a platform to facilitate further research.
Бесплатно
Software Activation Using Multithreading
Статья научная
Software activation is an anti-piracy technology designed to verify that software products have been legitimately licensed. Activation should be quick and simple while simultaneously being secure and protecting customer privacy. The most common form of software activation is for the user to enter a legitimate product serial number. However, software activation based on serial numbers appears to be weak, since cracks for many programs are readily available on the Internet. Users can employ such cracks to bypass software activation. Serial number verification logic usually executes sequentially in a single thread. Such an approach is relatively easy to break since attackers can trace the code to understand how the logic works. In this paper, we develop a practical multi-threaded verification design. Our results show that by proper use of multi-threading, the amount of traceable code in a debugger can be reduced to a low percentage of the total and the traceable code in each run can differ as well. This makes it significantly more difficult for an attacker to reverse engineer the code as a means of bypassing a security check. Finally, we attempt to quantify the increased effort needed to break our verification logic.
Бесплатно
Статья научная
Quality is a consequential factor for the software product. During the software development at most care was taken at each step for the quality product. Development process generally embedded with several qualitative and quantitative techniques. The characteristics of final software product should reach all the standards. Reliability is a paramount element which quantifications the probability that a software product could able to work afore it authentically fails to perform its intended functionality. Software testing is paramount phase where gargantuan resources were consumed. Over around fifty percent of cost was consumed during this testing phase, that is why testing was performed in disciplined environment. Software product release time is considered to be crucial subject at which the software product testing was stopped and it could be release into market, such that the software product should have quality and reliability. In this paper we have investigated the concept of software testing effort dependent software reliability growth models by considering the exponentiated-gompertz function as testing effort function to determine the release time of the software. Thus, constructed testing effort dependent models was computed on three authentic time datasets. Parameter estimation is done through least square estimation and metrics like Mean square Error (MSE) and Absolute Error (AE) are utilized for model comparison. The proposed testing effort dependent model performance was better than the rest of the models.
Бесплатно
Software-defined Networking Controller for Detection of DDoS Attacks Based on Deep Neural Networks
Статья научная
Advancements in technology contribute to an increased vulnerability to cyberattacks, with Distributed Denial of Service (DDoS) attacks being a prominent threat. Attackers overwhelm network servers with excessive data, hindering legitimate users from accessing them. Software Defined Networking (SDN) is particularly susceptible due to its centralized architecture, making it a prime target for DDoS attacks aimed at the control planes. As cloud computing has grown rapidly, software-defined networks have been developed to provide dynamic management and enhanced performance. Several security concerns are growing, especially as DDoS attacks and malicious actors become more interested in SDN controllers. Many researchers have proposed detecting DDoS attacks. Due to their unqualified features and non-realistic data sets, these approaches have high false positive rates and low accuracy. As a result, SDN controllers can be protected against DDoS attacks using deep learning algorithms (DL). Furthermore, the suggested method comprises three phases: The process involves pre-processing the data, selecting significant features for DDoS detection based on correlation, and utilizing Deep Neural Networks (DNNs) for the detection. In order to evaluate the efficiency of the method proposed, we employ a benchmarking dataset to evaluate the false positive rate as well as detectability, with the traditional assessment indicators. In this paper, we propose a deep learning method for detection of DDoS attacks called DNNADSC, which is the first anomaly detection method based on deep neural network for DDoS attacks. The method proposed efficaciously recognizes DDoS attacks, with the detection rate of 99.39%, with a precision of 97.41% with a false-positive rate (FPR) that is 0.0665 with the F1 measure of 99.32%.
Бесплатно
Spam Reduction by using E-mail History and Authentication (SREHA)
Статья научная
Spam messages are today one of the most serious threats to users of E-mail messages. There are several ways to prevent and detect spam message, the most important way is filtering spam. Sometimes Filtering fails to discover some spam messages or even fails in the classification of non-spam messages as a spam messages. In this paper, we suggest a new effective method that reduces the spam messages by integrating prevention and detection techniques in one scheme. The reduction achieved by considering history and user authentication. This method based on issuing a certificate to each reliable user during the process of Email account Creation. The certificate used by Email servers to discard or forward ingoing or outgoing Emails. Each Server has to maintain white, gray and blacklist according to Email classification spam or ham, which determined by the user or by the contents examination of the message in terms of empty or contained only links without any text or by searching for a specific keywords in the subject and in the content. We believe that there are no bad or good E–mails forever, so the proposed model dynamically allows the transition of E-mail from one state to another state based on the number of received spam and ham messages.
Бесплатно
Статья научная
In the presented paper it is investigated the influence of the subjective perception of the objectively existing security values upon the security measures and indicators in the framework of the subjective entropy maximum principle. The subjective analysis theory entropy paradigm makes it possible to consider the security system based upon dynamic parameters as an active system governed by an individual (active element of the managerial system) with the help of her/his individual subjective preferences optimal distributions obtained in conditions of the available situation multi-alternativeness and those achievable alternatives presence, as well as the active system active element’s individual subjective preferences uncertainty. The described approach takes into account the simple two-alternative security situation in regards with the objectively existing effectiveness functions, related to security measures, in the view of a controlled parameter and a combination of it with its rate as the ratio. It is obtained the expressions for the objective functional extremal functions of the effectiveness and preferences, mathematically explicitly visualizing the security situation and allowing taking a good choice. The ideas of the required proper governing, managing, and control methods choice optimization with respect to only 2 alternative objective effectiveness functions arguments might be simple; nevertheless, increasing the number of parameters and further complication of the problem setting will not change the principle of the problem solution. This study is rather comparative. The significance and value of the study becomes clear in comparison with the theoretical results in the entropy paradigm field. Herein the solution obtained in the explicit view based upon the integral form objective functional. Such kind of dynamic optimization was not modeled in the background works.
Бесплатно
Split-Network in Wireless Sensor Network:Attack and Countermeasures
Статья научная
Wireless Sensor Network usually is deployed open environment to collect some sensitive information and has special features of its own are different from traditional network, which is vulnerable to internal and external attacks. Whole network can be split up into many separate subnets which cannot communicate with each other because some vital sensor nodes are attacked. This paper proposed an effective countermeasure based on ARMA prediction model and frequency hopping to react against split-network attack. ARMA model is used to evaluate the behavior of sensor nodes. Frequency hopping makes the communication frequency of the network escape from attack frequency. Then wireless sensor network is integrated into single network from split-network. Simulation results show the proposed countermeasure significantly reduces the success rate of split-network attack and increases the lifetime of network.
Бесплатно
Statistical Hiding Fuzzy Commitment Scheme for Securing Biometric Templates
Статья научная
By considering the security flaws in cryptographic hash functions, any commitment scheme designed straight through hash function usage in general terms is insecure. In this paper, we develop a general fuzzy commitment scheme called an ordinary fuzzy commitment scheme (OFCS), in which many fuzzy commitment schemes with variety complexity assumptions is constructed. The scheme is provably statistical hiding (the advisory gets almost no statistically advantages about the secret message). The efficiency of our scheme offers different security assurance, and the trusted third party is not involved in the exchange of commitment. The characteristic of our scheme makes it useful for biometrics systems. If the biometrics template is compromised, then there is no way to use it directly again even in secure biometrics systems. This paper combines biometrics and OFCS to achieve biometric protection scheme using smart cards with renewability of protected biometrics template property.
Бесплатно
Статья научная
Represented paper is currently topical, because of year on year increasing quantity and diversity of attacks on computer networks that causes significant losses for companies. This work provides abilities of such problems solving as: existing methods of location of anomalies and current hazards at networks, statistical methods consideration, as effective methods of anomaly detection and experimental discovery of choosed method effectiveness. The method of network traffic capture and analysis during the network segment passive monitoring is considered in this work. Also, the processing way of numerous network traffic indexes for further network information safety level evaluation is proposed. Represented methods and concepts usage allows increasing of network segment reliability at the expense of operative network anomalies capturing, that could testify about possible hazards and such information is very useful for the network administrator. To get a proof of the method effectiveness, several network attacks, whose data is storing in specialised DARPA dataset, were chosen. Relevant parameters for every attack type were calculated. In such a way, start and termination time of the attack could be obtained by this method with insignificant error for some methods.
Бесплатно
