A survey on machine learning-based malware detection in executable files

Aiming at the problemsof too much iterative times in selecting initial centroids stochastically for K-Means algorithm,a method is proposed to optimize the initial centroids through cutting the set into k segmentations and select one point in each segmentation as initial centroids for iterative computing. A new valid function called clustering-index is defined as the sum of clustering-density and clustering-significance and can be used to search the optimization of k in the internal of [1,n(1/2) ]. The simulation experiment with IRIS data set shows that the proposed algorithm converges faster and the value k found is close to the actual value,which proves the validity of the algorithm.

An Improved K-Means Clustering Algorithm

Personal health record system (PHR system) stores health-related information of an individual. PHR system allows the data owner to manage and share his/her data with selected individuals. The originality or tamper resistance feature is crucial for PHR system because of the irreversible consequence of incorrect information. Blockchain technology becomes a potential solution due to its immutability and irreversibility properties. Unfortunately, some technical impediments such as limited storage, privacy concern, consent irrevocability, inefficient performance, and energy consumption exist. This work aims to handle these blockchain drawbacks and propose a blockchain-based PHR model. The proposed model is built using the blockchain technology to support a tamper resistance feature. Proxy reencryption and other cryptographic techniques are employed to preserve privacy. Features of the proposed model include fine-grained and flexible access control, revocability of consent, auditability, and tamper resistance. A detailed security analysis shows that the proposed model is provably secure for privacy and tamper resistance. The performance analysis shows that the proposed model achieves a better overall performance compared with the existing approach in the literature. Thus the proposed model is more suitable for the PHR system usage.

/pdf/blockchain-based-access-control-model-to-preserve-privacy-4y6wj5hli9.pdf

Blockchain-Based Access Control Model to Preserve Privacy for Personal Health Record Systems

Cyber attacks are currently blooming, as the attackers reap significant profits from them and face a limited risk when compared to committing the “classical” crimes. One of the major components that leads to the successful compromising of the targeted system is malicious software. It allows using the victim’s machine for various nefarious purposes, e.g., making it a part of the botnet, mining cryptocurrencies, or holding hostage the data stored there. At present, the complexity, proliferation, and variety of malware pose a real challenge for the existing countermeasures and require their constant improvements. That is why, in this paper we first perform a detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade. On this basis, we review the evolution of modern threats in the communication networks, with a particular focus on the techniques employing information hiding. Next, we present the bird’s eye view portraying the main development trends in detection methods with a special emphasis on the machine learning techniques. The survey is concluded with the description of potential future research directions in the field of malware detection.

/pdf/tight-arms-race-overview-of-current-malware-threats-and-v5uvnz2n7d.pdf

Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

With the development of emerging engineering technology and industrialization, there are greater changes in the life style of people in smart urban cities; therefore, there is also more chance of various health problems in urban areas. The life style of persons in metro urban areas with the expansive volume of population is similarly influenced by different application and administration frameworks. These are affecting the human health system up to an extended extent and there are more health-related issues and health hazard concerns that can be identified in urban areas. The purpose of this paper is to present an analytical study on various aspects of the smart health care system in a smart perspective by analyzing them with respect to emerging engineering technologies such as mobile network, cloud computing, Internet of Things (IoT), big data analytics and ubiquitous computing. This paper also carries out a detailed survey of health issues and improved solutions in automated systems using these technologies. Second, the paper also presents a novel health care system using smart and safe ambulances and their appropriate control at traffic points with safety and security features in a smart city, so that the valuable life of patients can be saved in time by immediate treatment in nearest hospital or health care units.,In this paper, an analytical survey was conducted for improvement in the health care sector using computer technology and IoT-based various modern health care applications. An idea of Smart Health Care Hospital using sensors, mobile agent smart vehicle configuration and safety traffic control for ambulance was proposed.,A simulation was carried out to see the performance of a safety mechanism in the proposed approach. Comparative analysis was carried out with other approaches to know the execution time, response time and probable delay due to the implementation of this approach.,It is an original research work with motivation inspired from current emergent technology to apply in the health care system.

Technological improvement in modern health care applications using Internet of Things (IoT) and proposal of novel health care approach

A Survey on malware analysis and mitigation techniques

In recent times, ransomware has become the most significant cyber-attack targeting individuals, enterprises, healthcare industries, and the Internet of Things (IoT). Existing security systems like Intrusion Detection and Prevention System (IDPS) and Anti-virus (AV) as a single monitoring agent is complicated and time-consuming, thus fails in ransomware detection. A robust Intrusion Detection Honeypot (IDH) is proposed to address the issues mentioned above. IDH consists of i) Honeyfolder, ii) Audit Watch, and iii) Complex Event Processing (CEP). Honeyfolder is a decoy folder modeled using Social Leopard Algorithm (SoLA), especially for getting attacked and acting as an early warning system to alert the user during the suspicious file activities. AuditWatch is an Entropy module that verifies the entropy of the files and folders. CEP engine is used to aggregate data from different security systems to confirm the ransomware behavior, attack pattern, and promptly respond to them. The proposed IDH is experimentally tested in a secured testbed using more than 20 variants of recent ransomware of all types. The experimental result confirms that the proposed IDH significantly improves the ransomware detection time, rate, and accuracy compared with the existing state of the art ransomware detection model.

/pdf/design-of-intrusion-detection-honeypot-using-social-leopard-2cn3sn94j2.pdf

Design of Intrusion Detection Honeypot Using Social Leopard Algorithm to Detect IoT Ransomware Attacks

Modern healthcare system collects health information from health assisted gadgets of different sources and stores them in the cloud storage servers as an electronic record called the patients health records (PHR) and ensures the availability whenever and wherever needed. An important issue in this centralized cloud storage is the loss of privacy and security of sensitive PHR. Existing and the most recent solutions on privacy and security provisioning are purely based on role-based access control (RBAC). However, these RBAC schemes suffer from role explosion due to the increasing number of different roles. Furthermore, managing all those roles in order to provide proper access permissions can become a complex problem. Dynamic segregation of duty relations reduces the number of potential permissions that can be made available to a user by placing constraints on the users by assigning a set of roles. In order to address the above stated problem, this paper proposes a hybrid framework called MediTrust. The proposed MediTrust combines two schemes namely RBAC and attribute-based encryption (ABE) and works on semantic database, ensuring the accessibility of patient data for different access controls. The patient data are encrypted at the provider side before outsourcing it to the cloud server and then it is decrypted again at the user end after being downloaded from the cloud server. The general information of the patient collected as PHR is stored in a separate cloud server, and the medical reports are stored separately in yet another cloud server. A second-step security control is provided using CAPTCHA which is mainly used as a security check to ensure that only human users can log in to the MediTrust. A third-step security control is also provided in which one key is shared to user’s registered mobile number and another key is shared to user’s e-mail id. In MediTrust, combination of these two keys is required to decrypt the PHR. Further, ABE polices and access control security mechanisms for privacy preservation have been validated on PHR using Amazon AWS EC2 CA. Performance evaluation results show that the proposed MediTrust is better than existing work in terms of time complexity and computational overhead.

Role-based policy to maintain privacy of patient health records in cloud

Phishing is a criminal offense which involves theft of user’s sensitive data. The phishing websites target individuals, organizations, the cloud storage hosting sites and government websites. Currently, hardware based approaches for anti-phishing is widely used but due to the cost and operational factors software based approaches are preferred. The existing phishing detection approaches fails to provide solution to problem like zero-day phishing website attacks. To overcome these issues and precisely detect phishing occurrence a three phase attack detection named as Web Crawler based Phishing Attack Detector(WC-PAD) has been proposed. It takes the web traffics, web content and Uniform Resource Locator(URL) as input features, based on these features classification of phishing and non phishing websites are done. The experimental analysis of the proposed WC-PAD is done with datasets collected from real phishing cases. From the experimental results, it is found that the proposed WC-PAD gives 98.9% accuracy in both phishing and zero-day phishing attack detection.

WC-PAD: Web Crawling based Phishing Attack Detection

Recent trends show major advancements in Wireless Sensor Networks (WSN), incorporated in communication network applications. The extensive scope of devices in WSN has varying energy demands. Energy limitation, being the major concern, is efficiently managed using clustering. This involves the need for energy efficiency in heterogeneous WSNs. Effective energy management is handled by optimally choosing the cluster head. Distributed Energy Efficient Clustering (DEEC), Enhanced Distributed Energy Efficient Clustering (EDEEC), Developed Distributed Energy Efficient Clustering (DDEEC) and Balanced Energy Efficient Network Integrated Super Heterogeneous (BEENISH) protocol performs this election process by classifying the nodes into different types and then utilizing them. BEENISH protocol is considered to be the best way to elect a Cluster Head (CH), as it ameliorates the network lifetime up to a certain extent. This paper proposes a modified and improvised algorithm in electing the cluster head and an overall cluster head, which shows drastic improvement in the network lifetime. The proposed modified-BEENISH (m-BEENISH) algorithm is implemented in NS-2 (Network Simulator-2) and the simulated results are compared with the other protocols. An enhancement in the throughput ratio, along with a reduced energy consumption and end-to-end delay provides an overall efficiency of 16.3%. This differentiates and makes the proposed m-BEENISH protocol better than the existing BEENISH protocol.

D. Sangeetha

Papers

A Survey on malware analysis and mitigation techniques

Design of Intrusion Detection Honeypot Using Social Leopard Algorithm to Detect IoT Ransomware Attacks

Role-based policy to maintain privacy of patient health records in cloud

WC-PAD: Web Crawling based Phishing Attack Detection

Modified balanced energy efficient network integrated super heterogeneous protocol