Showing papers in "International journal of security and its applications in 2013"

Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph

Abstract: Malware stands for malicious software. It is software that is designed with a harmful intent. A malware detector is a system that attempts to identify malware using Application Programming Interface (API) call graph technique and/or other techniques. Matching the API call graph using graph matching algorithm have NP-complete problem and is slow because of computational complexity .In this study, a malware detection system based on API call graph is proposed. Each malware sample is represented as data dependent API call graph. After transforming the input sample into a simplified data dependent graph, graph matching algorithm is used to calculate similarity between the input sample and malware API call graph samples stored in a database. The graph matching algorithm is based on Longest Common Subsequence (LCS) algorithm which is used on the simplified graphs. Such strategy reduces the computation complexity by selecting paths with the same edge label in the API call graph. Experimental results on 85 samples demonstrate 98% detection rate and 0% false positive rate for the proposed malware detection system.

Performance and Information Security Evaluation with Firewalls

Abstract: Firewalls are an essential part of any information security system being the rst defense line against security attacks. The sea-saw eect between rewalls and network performance is most concerning to network users; where strict security settings result in weak network performance and permeant security settings allow for a stronger one. Hence, evaluating rewall platforms and their impact on network performance is important when assessing the eectiveness of network security. In this paper, we present an assessment methodol- ogy to analyze the performance of dierent rewalls platforms. The analysis considers the following metrics: delay, jitter, throughput, and packet loss. Moreover, the information security of the rewalls is also tested by applying a set of attacks and observing the reaction of the rewalls. The proposed assessment methodology is tested by performing real exper- iments on dierent types of rewalls including those that are personal and network-based. Moreover, a quantitative study is conducted to explore the level of knowledge among the educated category in the community, represented by a sample of college students, on the importance of rewall and their use.

Designated-Verifier Provable Data Possession in Public Cloud Storage

Abstract: Cloud storage is now an important development trend in information technology. However, information security has become an important problem to impede it for commercial application, such as data confidentiality, integrity, and availability. In this paper, we propose designated verifier provable data possession (DV-PDP). In public clouds, DV-PDP is a matter of crucial importance when the client cannot perform the remote data possession checking. We study the DV-PDP system security model and use ECC-based homomorphism authenticator to design DV-PDP scheme. The scheme removed expensive bilinear computing. Moreover in DV-PDP scheme, the cloud storage server is stateless and independent from verifier, which is an important secure property in PDP schemes. Through security analysis and performance analysis, our scheme is provable secure and high efficiency.

Digital Watermarking Method for Data Integrity Protection in Wireless Sensor Networks

Abstract: Wireless sensor networks are self-organized and data-centric, which have been well applied in many practical areas. But in these applications, data integrity from sensors has not been verified. Thereby in this paper, we have proposed a novel data integrity protection strategy based on digital watermarking technologies, mwhere source sensors use a one-way hash function for collected data to create watermark information, and then make it associated with the data by embedding it into the redundant space of the targeted bytes. At the base station side, a watermarking algorithm is designed to extract the watermarking information, which is compared to recalculated watermarking information to verify the integrity of the data during the transmission. Compare to other watermarking methods, our algorithm does not increase extra data storage space and remain data accuracy. According to the results of extensive experiments, our algorithm can effectively protect the integrity of the data and has more application values.

A Research on Security and Privacy Issues for Patient related Data in Medical Organization System

Abstract: Recently, with the rapid development and implementation of wireless medical sensors, electronic healthcare (e-healthcare) has gained increasing popularity. Monitor and record some vital parameters of patients are of importance to know the patient’s health condition. But malicious attacks happen occasionally, which may cause the patient-related data being leaked or modified. In this paper, we made a survey about some researches in the domain of e-healthcare for its data security and privacy issues, such as the security issues of the distributed data storage in wireless body area networks (WBANs) and the privacy of the patient-related information stored in the database of the medical organization systems. We also proposed a general three-tier medical architecture and discussed its security issues in detail. Finally, we concluded some of the achievements from our references.

Cryptography: A New Approach of Classical Hill Cipher

Abstract: The Hill cipher is the first polygraph cipher which has some advantages in symmetric data encryption. However, it is vulnerable to known plaintext attack. Another setback is that an invertible key matrix is needed for decryption and it is not suitable for encrypting a plaintext consisting of zeroes. The objective of this work is to modify the existing Hill cipher to overcome these three issues. Studies on previous results showed that the existing Hill algorithms are not yet sufficient. Some of these algorithms are still vulnerable to known plaintext attack. On the other hand, some of these algorithms have better randomization properties and as a result they are more resistant against known plaintext attack. Nevertheless, these enhanced Hill cipher algorithms still face the non invertible key matrix problem. Moreover, neither of these algorithms are suitable for all zeroes plaintext block encryption. In this paper, a robust Hill algorithm (Hill++) is proposed. The algorithm is an extension of the Affine Hill cipher. A random matrix key is introduced as an extra key for encryption. Moreover, an involuntary matrix key formulation is also implemented in the proposed algorithm. This formulation can produce an involuntary key where a same key can be used for both encryption and decryption. Testing on the proposed algorithm is carried out via two approaches, that is through comparative study and statistical analysis. Comparative study shows that Hill++ is resistant to all zeroes plaintext block encryption and does not face the non invertible key matrix problem as what was faced by the original Hill, AdvHill and HillMRIV algorithms. Apart from this, the encryption quality of the proposed algorithm is also measured by using the maximum deviation and correlation coefficient factors. Results from statistical analysis shows that Hill++ (when compared to Hill, AdvHill and HillMRIV algorithms) has the greatest maximum deviation value and its correlation coefficient value is the closest to zero. The results from these two measures proved that Hill++ has better encryption quality compared to HillMRIV.

Security in graphical authentication

Abstract: Graphical Authentication Systems are a potential replacement or supplement for conventional authentication systems. Several studies have suggested graphical authentication may offer greater resistance to guessing and capture attacks but there are other attacks against graphical authentication including social engineering, brute force attacks, shoulder surfing, intercepted communication and spyware. In this paper we give a brief description and classification of different graphical password schemes followed by information about vulnerabilities in the various schemes and recommendations for future development.

Grayscale Image Tamper Detection and Recovery Based on Vector Quantization

Abstract: This paper proposes a tamper detection and image recovery method for digital images. The proposed method not only locates the alterations but also recovers the tamper regions. In this method, the vector quantization scheme is employed to generate the authentication data. The image to be protected is first compressed by the vector quantization scheme to generate the indices for image blocks. Multi-copies of the indices are embedded into the selected blocks by the pseudo random number generator. To detect the tamper regions, the authenticaiton procedure employes the forward detection strategy and the backward detection mechanism to find out the image modifications. The tamper regions can then be recovered by using the authentication data that was embeded previously if needed. From the experimental results, it is shown that the tamper regions can be clearly detected and well recovered.

An Empirical Study to Compare the Performance of some Symmetric and Asymmetric Ciphers

Abstract: In this paper we present empirical results obtained from Java implementation of Elliptic curve Cryptosystem (ECC) as an asymmetric block cipher algorithm and a set of symmetric block cipher algorithms namely Triple-Data Encryption Standard (T-DES), Advanced Encryption Standard (AES), and Blowfish. Performance evaluation based on CPU execution time is presented under WinXP and Linux. We used in our implementation Java programming language, Java Cryptography Architecture (JCA) and Java Cryptography Extension (JCE). The evaluation of the performance of these algorithms is done for secret key generation and encryption and decryption operations. Results indicated that ECC outperforms the other encryption/decryption algorithms considered in this study regarding the security strength, speed, and key size of ECC. Also, ECC’s performance advantage increases as security needs increases for newly emerging applications.

Steganography in Digital Images Using Maximum Difference of Neighboring Pixel Values

Abstract: In this paper a pixel value differencing steganography based on the maximum difference of the neighboring pixel values have been proposed. There are four variants such as five, six, seven and eight neighbor differencing. In five neighbor differencing method the maximum difference amongst the five neighboring pixels such as upper, left, right, bottom and upperright corner are used to take embedding decision. In six neighbor differencing method the maximum difference amongst the six neighboring pixels such as upper, left, right, bottom, upper-right corner, and upper-left corner are used to take embedding decision. In seven neighbor differencing method the maximum difference amongst the seven neighboring pixels such as upper, left, right, bottom, upper-right corner, upper-left corner and bottom-left corner are used to take embedding decision. In eight neighbor differencing method the maximum difference amongst all the eight neighboring pixels are used to take embedding decision. The message extraction process is very simple and does not require any knowledge of the original image. The experimental results show that the distortion is the minimum in five neighbor differencing. But the theoretical studies reveal that the hiding capacity is the highest in eight neighbor differencing.

An Empirical Study of Metric-Based Methods to Detect Obfuscated Code

Abstract: Protecting data and applications from malware and other forms of malicious code has assumed a great relevance in the current era of pervasive web-based applications. Attackers often use code obfuscation to hide harmful programs from automatic detection. Several researchers have proposed methods to classify an unknown program as malicious or benign; however, little work has been done to identify obfuscated code. A promising approach to detect obfuscated code consists of using a set of metrics, collected by static analysis, to classify a program. In this paper we present an empirical evaluation of three text-based metrics to identify obfuscated code. Our experiment shows that the effectiveness of these metrics depends on the obfuscators: there are cases in which the metrics allow the proliferation of false positives (i.e., misclassification of clear code as obfuscated code), which is bothering but not dangerous, and cases where false negatives (i.e. misclassification of obfuscated as clear code) proliferate, which is definitely more dangerous. Based on our experiment, we propose a combination of these three metrics and show how this combination outperforms the individual metrics.

Intrusion Detection Ensemble Algorithm based on Bagging and Neighborhood Rough Set

Abstract: Intrusion detection data often have some characteristics such as nonlinearity, higher dimension, much redundancy and noise, and partial continuous-attribute. This paper presents a new ensemble algorithm to improve intrusion detection precision. Firstly, it generates multiple training subsets in difference by using bootstrap technology. Then using neighborhood rough sets with different radiuses to make attribute reduction in these subsets, obtained the training subsets with greater difference, while Particle Swarm Optimization is used to optimize parameters of support vector machine in order to get base classifiers with greater difference and higher precision. Finally, the above base classifiers were integrdinedd by weighted synthesis method. The result of the emulation experiment in KDD99 data set indicates that this algorithm can effectively improve intrusion detection precision ,and it has higher generalization and stability.

A Heuristics-based Static Analysis Approach for Detecting Packed PE Binaries

Abstract: Malware authors evade the signature based detection by packing the original malware using custom packers. In this paper, we present a static heuristics based approach for the detection of packed executables. We present 1) the PE heuristics considered for analysis and taxonomy of heuristics; 2) a method for computing the score using power distance based on weights and risks assigned to the defined heuristics; and 3) classification of packed executable based on the threshold obtained with the training data set, and the results achieved with the test data set. The experimental results show that our approach has a high detection rate of 99.82% with a low false positive rate of 2.22%. We also bring out difficulties in detecting packed DLL, CLR and Debug mode executables via header analysis.

Research on the Data and Transaction Security of Enterprise E-Commerce Countermeasure

Abstract: In the process of transmitting Business E-commerce information, there are various risks that can put it at stake at any time. So in this article, for the purpose of ensuring the security of the devices, operating systems and data transaction, elaborate the security of Business Ecommerce from the aspect of VLAN, application layer, session layer, dynamic password, symmetric key encryption and encryption of communication stack. In order to do that, we need to strengthen and improve education, publicity, and security awareness of enterprises; using multiple networks and cryptographic techniques to protect the security of information; strengthening risk analysis and prevention to reduce systemic risks; perfection of Ecommerce legislation; using security strategies which protect the interests of both parties.

An Encryption Based Black Hole Detection Mechanism in Mobile Ad Hoc Networks

Abstract: A black hole attack is one of the most serious attacks in mobile ad hoc networks. A malicious node can act as if it has a valid route to a destination and then respond with a false Route Reply (RREP) message to the source, when it receives a Route Request (RREQ). Then the malicious node absorbs data packets destined for the destination. We propose an Encrypted Verification Method (EVM) that effectively detects a black hole attack. It takes two steps. First, every node examines its neighbors by inspecting their data transmission behaviors. Second, a detection node that receives an RREP from the suspicious node sends an encrypted verification message directly to the destination along the path included in the RREP for verification. The approach not only pins down the black hole nodes, but also reduces control overhead significantly. We prove by resorting to simulation that the EVM is highly dependable against the black hole attack.

An Encryption Method for QR Code Image Based on ECA

Abstract: In order to improve security performance of the information stored in two-dimensional Code (Quick Response Code), a two-dimensional code encryption and decryption method based on Elementary Cellular Automata state rings is proposed in this paper. Cellular Automata can simulate complex phenomenon just using simple dynamical system. In addition, Cellular Automata and cryptography have a lot of similarities such as diffusivity and integrated chaos. Based on this feature, the method uses the Cellular Automata to encrypt and decrypt QR code binary image with the following parameters: the length is 8, the boundary condition is cyclic boundary condition and {0, 1} is the state space. The experimental results show that the method proposed in this paper has some advantages, such as high speed, good effect and high security.

A study on the live forensic techniques for anomaly detection in user terminals

Abstract: Digital forensics techniques that have been used to analyze system intrusion incidents traditionally are used to detect anomaly behavior that may occur in the user terminal environment. Particularly, for the method to analyze user terminals, automated live forensics techniques that are used as supporting tool for malicious code (malware) detection. We suggest a way to take advantage of the live forensic techniques for the anomaly detection of malware.

Byte-index Chunking Algorithm for Data Deduplication System

Abstract: This paper presents an algorithm and structure for a deduplication method which can be efficiently used for eliminating identical data between files existing different machines with high rate and performing it within rapid time. The algorithm predicts identical parts between source and destination files very fast, and then assures the identical parts and transfers only those parts of blocks that proved to be unique region. The fundamental aspect of reaching faster and high scalability determining duplicate result is that data are expressed as fixedsize block chunks which are distributed to “Index-table” by chunk’s both side boundary values. “Index-table” is a fixed sized table structure; chunk’s boundary byte values are used as their cell row and column numbers. Experiment result shows that the proposed solution enhances data deduplication performance and reduces data storage capacity extensively.

Efficient mCoupon Authentication Scheme for Smart Poster Environments based on Low-cost NFC

Abstract: Recently, smart devices for various services have been developed using converged telecommunications, and the market for near field communication (NFC) mobile services is expected to grow rapidly. This property makes the standard suitable for mobile coupon applications. However, mCoupons differ significantly from paper-based coupons because unprotected data can be easily copied or modified without significant cost by anyone. A high number of uncontrolled copies of coupons can result in a significant loss. In this paper, we proposed a secure mCoupon authentication scheme that is protected against illegal use in smart poster environment based on low-cost NFC to using limited resources.

A Novel Image Encryption Using Arnold Cat

Abstract: Hyper-chaos has more than one positive Lyapunov exponents and it has more complex dynamical characteristics than chaos. Hence it becomes a better choice for secure image encryption schemes. In this paper, 3D Arnold cat map can be applied in image encryption, and it has more security and better effect. However, its period is fixed. The original image will be returned to itself if iterating some times. On the basis of 3D Arnold cat map, it presented an algorithm of image encryption which separates the original image to many same blocks and no period. Theoretical and experimental analyses both confirm the security and the validity of the proposed algorithm.

Preventing and Detecting Plagiarism in Programming Course

Abstract: Student plagiarism is epidemic in universities. In computer programming education process, it is very common that students copy or modify other’s code as their own work. Because every course having numerous assignments, detected plagiarism will be very difficult and extremely time consuming. How to prevent the plagiarism in programming course is an important problem in education. This paper analyzes and expatiates the reasons and the methods about the code’s plagiarism, and thinks there are two phases in preventing this plagiarism: one is preventing plagiarism from occur, the other is to detect cases of plagiarism when the preventative measures fail. Preventing plagiarism methods mainly include the valid course assignment design and to forbid the electronic copy. This paper describes a code’s editor software which has been implemented use Java. When the preventative measures fail, this paper describes an automatic tool to help instructor find the suspicious targets. These phases’ aim is to cut down the plagiarism and improve the ability of the student’ programming

Optimized Ciphertext-Policy Attribute-Based Encryption with Efficient Revocation

Abstract: In this work, we design a method for efficient revocation within Ciphertext-Policy Attribute-Based Encryption scheme. Our main technical innovation is based on linear secret sharing and binary tree techniques, every user in system is assigned with both a set of attributes and a unique identifier. Any user can also be efficiently revoked by using this identifier. Furthermore, this technique resulted in two key contributions: the size of the cryptographic key material is smaller and encryption/decryption cannot be affected with an unbounded number of revoked users. Then, the scheme is proved to be secure under the q-MEBDH assumption in the standard model. The efficiency is also optimized that the size of user’s private key has only a constant increase. The revocation information is embedded in the ciphertext so that the fine-grained access control is more flexible.

Research on an Authentication Algorithm for an Electronic Attendance System in the Constructing of a Smart Campus

Abstract: This paper presents a proposal for a large-scale lecture authentication algorithm for an electronic attendance system The utilization rate for existing electronic attendance systems is low Because it couldn't solve the problems that occur by special conditions of university such as vicarious attendance, bottlenecking during attendance check-in, and attendees departure at intermission The most important things are not the authentication problems or errors on the technical issues Instead, issues are related to attempts to check attendance simultaneously by a number of students, failure to prevent vicarious attendance, and the uncertainties of students remaining in the classroom following check-in The authentication algorithm of the proposed system uses smartphone in attendance check So it will save time and prevent bottlenecks as large numbers of students will not need to stand in line to check-in their attendance in the wall-mounted attendance device And, it will minimize, if not eliminate, students who might leave at intermission Because the instructor can verify attendance many times with the simplicity of the attendance check verification procedure and the short authentication time Thus, the proposed algorithm will facilitate the implementation of a smart electronic attendance system in the construction of the smart campus

A Comparative Study on Tangerine Detection, Counting and Yield Estimation Algorithm

Abstract: In this present paper, a new counting algorithm for tangerine yield estimation is adapted to obtain better results with respect to partially / semi partially occluded tangerine and its clusters. To optimize tangerine counting, and to minimize typical background noises from orchards (i.e. bare soil, weeds, and man-made objects), a tangerine fruit counting algorithm is implemented, and compared between before harvesting, after harvesting tangerine fruits, and results of yield estimation through tangerine flower recognition. Under natural lighting conditions prediction of the tangerine fruits from the orchards is computed and compared based on observers, and with tangerine counting algorithm. The simulation outputs show that new counting algorithm is found to be suitable, and effective.

Trust-Based Clustering in Mobile Ad Hoc Networks: Challenges and Issues

Abstract: Mobile ad hoc networks are prone to various security attacks of malicious nodes and attackers. To protect the network clustering from security attacks, numerous trust-based clustering schemes have been presented in the literature. Analyzing the existing trust-based clustering solutions, the researchers illustrated their primary features and properties in this paper and mainly discussed about the trust management mechanisms which are integrated in each trust-based clustering solution. Besides it was illuminated how trust and reputation are used in the cluster formation and maintenance phases. At the end, all of their trust computation methods were compared and concluded with open research issues.

Audio Watermarking by Coefficient Quantization in the DWT-DCT Dual Domain

Abstract: Unauthorized copying and distribution of digital audio has been greatly facilitated by the wide availability of low-cost personal computers, portable devices, network access, and audio recording and editing software. One possible solution for copyright protection is audio watermarking. In this paper, we propose an effective and robust audio watermarking algorithm that employs both the discrete wavelet transform and the discrete cosine transform. The algorithm involves, first, pre-processing of the binary watermark image and then embedding it into the original audio by quantization of coefficients. Experiments on audio recordings of many different music styles confirm the robustness of the algorithm against a wide range of Stirmark attacks such as noise addition, compression, and filtering, as well as other common attacks.

Research of Data Security Model in Cloud Computing Platform for SMEs

Abstract: In recent years, cloud computing has become a major mode to address SMEs inefficient and help improve their competitiveness. As cloud providers have priority access to data, so it is difficult to guarantee the confidentiality and integrity of users’ data. For this reason this paper proposed a model to solve the problem of data security in cloud computing. The model adopts efficient encryption mechanisms to protect users’ data. As the encrypted data is difficult to retrieve, we present a method of cipher text retrieval. Experimental results show that the model can better ensure data confidentiality and integrity.

A Novel Multi Scale Approach for Detecting High Bandwidth Aggregates in Network Traffic

Abstract: Today the scale, complexity and intensity of Denial of Service attacks has increased many folds. These attacks have moved from simple flooding based attacks to sophisticated Application based attacks as well as Protocol specific attacks.The challenge is to develop detection algorithms that can distinguish between the attacks like the new pulsating denial of service and legitimate traffic like Flash events. The presence of self-similarity in computer network traffic has introduced a newer dimension in techniques being developed for anomaly detection in aggregated network traffic.We propose use of wavelets to distinguish between legitimate flash events and pulsating distributed denial of service attacks and generating images to show point-of-presence of the attack.The detection methodology has also been tested on KDD Dataset.

Design of Active Frequency Selective Surfaces for the RCS Reduction

Abstract: This paper presents a novel three-dimensional active frequency selective surfaces loading a varactor diode to achieve electrically controllable, by loading different values of paranoid voltage to control the variable capacitance diode. Simulation results show that the structure has excellent resonant characteristics in the range of 3.34GHz-1.59GHz, and has certain sensitivity for the change of the capacitance value,so it can achieve electrical controllable in the frequency band. The simulation results also show that this structure can satisfy characteristics for multiple perspectives in the whole plane, and be suitable to reduce radar cross section,when it is used on radomeofweapon systems in practical war.

RAMS Analysis of Hybrid Redundancy System of Subsea Blowout Preventer Based on Stochastic Petri Nets

Abstract: This paper presents the stochastic Petri net (SPN) model of the hybrid redundancy system. The capacity of fault detection is taken into account in the model. Besides, the method to perform reliability, availability, maintainability and safety (RAMS) analysis has been proposed based on the isomorphic Markov chain of the SPN model. The presented methodology is demonstrated by a case study of the output subsystem of the subsea blowout preventer. RAMS analysis of the presented case is conducted and the effects of the diagnostic rate and repair rate on the performance are studied. The results show that high diagnostic rate can improve the reliability, availability and safety of the system.