scispace - formally typeset

Journal

Journal of Information Security 

About: Journal of Information Security is an academic journal. The journal publishes majorly in the area(s): Encryption & Cloud computing security. Over the lifetime, 258 publication(s) have been published receiving 2770 citation(s).
Papers
More filters

Journal ArticleDOI
TL;DR: This survey paper provides an overview of techniques for analyzing and classifying the malwares and finds that behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknownmalwares into their known families using machine learning techniques.
Abstract: One of the major and serious threats on the Internet today is malicious software, often referred to as a malware. The malwares being designed by attackers are polymorphic and metamorphic which have the ability to change their code as they propagate. Moreover, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses which typically use signature based techniques and are unable to detect the previously unknown malicious executables. The variants of malware families share typical behavioral patterns reflecting their origin and purpose. The behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknown malwares into their known families using machine learning techniques. This survey paper provides an overview of techniques for analyzing and classifying the malwares.

277 citations


Journal ArticleDOI
TL;DR: The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption and are referred to as “common language of organizations around the world” for information security.
Abstract: With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security [1]. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.

153 citations


Journal ArticleDOI
TL;DR: This paper aims to present the Blockchain and smart contract for a specific domain which is real estate, a detailed design of smart contract is presented and a use case for renting residential and business buildings is examined.
Abstract: Blockchain is a fast-disruptive technology becoming a key instrument in share economy. In recent years, Blockchain has received considerable attention from many researchers and government institutions. This paper aims to present the Blockchain and smart contract for a specific domain which is real estate. A detailed design of smart contract is presented and then a use case for renting residential and business buildings is examined.

104 citations


Journal ArticleDOI
TL;DR: The EER results of the combined systems prove that the ECG has an excellent source of supplementary information to a multibiometric system, despite it shows moderate performance in a unimodal framework.
Abstract: This paper presents an evaluation of a new biometric electrocardiogram (ECG) for individual authentication. We report the potential of ECG as a biometric and address the research concerns to use ECG-enabled biometric authentication system across a range of conditions. We present a method to delineate ECG waveforms and their end fiducials from each heartbeat. A new authentication strategy is proposed in this work, which uses the delineated features and taking decision for the identity of an individual with respect to the template database on the basis of match scores. Performance of the system is evaluated in a unimodal framework and in the multibiometric framework where ECG is combined with the face biometric and with the fingerprint biometric. The equal error rate (EER) result of the unimodal system is reported to 10.8%, while the EER results of the multibiometric systems are reported to 3.02% and 1.52%, respectively for the systems when ECG combined with the face biometric and ECG combined with the fingerprint biometric. The EER results of the combined systems prove that the ECG has an excellent source of supplementary information to a multibiometric system, despite it shows moderate performance in a unimodal framework. We critically evaluate the concerns involved to use ECG as a biometric for individual authentication such as, the lack of standardization of signal features and the presence of acquisition variations that make the data representation more difficult. In order to determine large scale performance, individuality of ECG remains to be examined.

86 citations


Journal ArticleDOI
TL;DR: Results show that the Random Forest based proposed approach can select most important and relevant features useful for classification, which reduces not only the number of input features and time but also increases the classification accuracy.
Abstract: An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various ir-relevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most im-portant and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy.

65 citations


Network Information
Related Journals (5)
arXiv: Cryptography and Security

13.3K papers, 117.4K citations

81% related
Computers & Security

3.6K papers, 89.9K citations

77% related
arXiv: Networking and Internet Architecture

11.5K papers, 113.4K citations

76% related
Journal of Network and Computer Applications

2.7K papers, 92.5K citations

76% related
Performance
Metrics
No. of papers from the Journal in previous years
YearPapers
20214
202013
201914
201822
201723
201625