Showing papers in "Journal of Information Security in 2016"

Feature Selection for Intrusion Detection Using Random Forest

Abstract: An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various ir-relevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD’99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD’99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most im-portant and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy.

Investing in Cybersecurity: Insights from the Gordon-Loeb Model

Abstract: Given the importance of cybersecurity to the survival of an organization, a fundamental economics-based question that must be addressed by all organizations is: How much should be invested in cybersecurity related activities? Gordon and Loeb [1] presented a model to address this question, and that model has received a significant amount of attention in the academic and practitioner literature. The primary objective of this paper is to discuss the Gordon-Loeb Model with a focus on gaining insights for the model’s use in a practical setting.

Face Recognition across Time Lapse Using Convolutional Neural Networks

Abstract: Time lapse, characteristic of aging, is a complex process that affects the reliability and security of biometric face recognition systems. This paper reports the novel use and effectiveness of deep learning, in general, and convolutional neural networks (CNN), in particular, for automatic rather than hand-crafted feature extraction for robust face recognition across time lapse. A CNN architecture using the VGG-Face deep (neural network) learning is found to produce highly discriminative and interoperable features that are robust to aging variations even across a mix of biometric datasets. The features extracted show high inter-class and low intra-class variability leading to low generalization errors on aging datasets using ensembles of subspace discriminant classifiers. The classification results for the all-encompassing authentication methods proposed on the challenging FG-NET and MORPH datasets are competitive with state-of-the-art methods including commercial face recognition engines and are richer in functionality and interoperability than existing methods as it handles mixed biometric datasets, e.g., FG-NET and MORPH.

Information Availability: An Insight into the Most Important Attribute of Information Security

Abstract: This paper presents an in-depth understanding of Availability, which is one of the important pillars of Information Security and yet is not taken too seriously while talking about the security of an information system. The paper highlights the importance of Availability w.r.t. Security of information and the other attributes of security and also gives a realistic shape to the existing CIA triad security model. An in-depth understanding of the various factors that can impact the Availability of an information system (Software, Hardware and Network) is given. The paper also gives a categorization of the type of Availability that a system can have. The paper also explains the relation between Availability and other security attributes and also explains through what issues an information system may go while providing Availability.

Cybersecurity: A Statistical Predictive Model for the Expected Path Length

Abstract: The object of this study is to propose a statistical model for predicting the Expected Path Length (expected number of steps the attacker will take, starting from the initial state to compromise the security goal—EPL) in a cyber-attack. The model we developed is based on utilizing vulnerability information along with having host centric attack graph. Utilizing the developed model, one can identify the interaction among the vulnerabilities and individual variables (risk factors) that drive the Expected Path Length. Gaining a better understanding of the relationship between vulnerabilities and their interactions can provide security administrators a better view and an understanding of their security status. In addition, we have also ranked the attributable variables and their contribution in estimating the subject length. Thus, one can utilize the ranking process to take precautions and actions to minimize Expected Path Length.

A Comparison of Malware Detection Techniques Based on Hidden Markov Model

Abstract: Malware is a software which is designed with an intent to damage a network or computer resources. Today, the emergence of malware is on boom letting the researchers develop novel techniques to protect computers and networks. The three major techniques used for malware detection are heuristic, signature-based, and behavior based. Among these, the most prevalent is the heuristic based malware detection. Hidden Markov Model is the most efficient technique for malware detection. In this paper, we present the Hidden Markov Model as a cutting edge malware detection tool and a comprehensive review of different studies that employ HMM as a detection tool.

Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation

Abstract: The objective of the present study is to propose a risk evaluation statistical model for a given vulnerability by examining the Vulnerability Life Cycle and the CVSS score. Having a better understanding of the behavior of vulnerability with respect to time will give us a great advantage. Such understanding will help us to avoid exploitations and introduce patches for a particular vulnerability before the attacker takes the advantage. Utilizing the proposed model one can identify the risk factor of a specific vulnerability being exploited as a function of time. Measuring of the risk factor of a given vulnerability will also help to improve the security level of software and to make appropriate decisions to patch the vulnerability before an exploitation takes place.

Generation of Labelled Datasets to Quantify the Impact of Security Threats to Cloud Data Centers

Abstract: Anomaly based approaches in network intrusion detection suffer from evaluation, comparison and deployment which originate from the scarcity of adequate publicly available network trace datasets. Also, publicly available datasets are either outdated or generated in a controlled environment. Due to the ubiquity of cloud computing environments in commercial and government internet services, there is a need to assess the impacts of network attacks in cloud data centers. To the best of our knowledge, there is no publicly available dataset which captures the normal and anomalous network traces in the interactions between cloud users and cloud data centers. In this paper, we present an experimental platform designed to represent a practical interaction between cloud users and cloud services and collect network traces resulting from this interaction to conduct anomaly detection. We use Amazon web services (AWS) platform for conducting our experiments.

The “Iterated Weakest Link” Model of Adaptive Security Investment

Abstract: We devise a model for security investment that reflects dynamic interaction between a defender, who faces uncertainty, and an attacker, who repeatedly targets the weakest link. Using the model, we derive and compare optimal security investment over multiple periods, exploring the delicate balance between proactive and reactive security investment. We show how the best strategy depends on the defender’s knowledge about prospective attacks and the recoverability of costs when upgrading defenses reactively. Our model explains why security under-investment is sometimes rational even when effective defenses are available and can be deployed independently of other parties’ choices. Finally, we connect the model to real-world security problems by examining two case studies where empirical data are available: computers compromised for use in online crime and payment card security.

Cybersecurity Investment Guidance: Extensions of the Gordon and Loeb Model

Abstract: Extensions of the Gordon-Loeb [1] and the Gordon-Loeb-Lucyshyn-Zhou [2] models are presented based on mathematical equivalency with a generalized homeland security model. The extensions include limitations on changes in the probability of attack, simultaneous effects on probability and loss, diversion of attack, and shared non-information defenses. Legal cases are then investigated to assess approximate magnitudes of external effects and the extent they are internalized by the legal system.

A Secure Robust Gray Scale Image Steganography Using Image Segmentation

Abstract: Steganography is the art of hiding a secret message in some kind of media. The main goal is not to hide only the secret message but also the existence of communication and secure data transferring. There are a lot of methods that were utilized for building the steganography; such as LSB (Least Significant Bits), Discrete Cosine Transform (DCT), Discrete Fourier Transform, Spread-Spectrum Encoding, and Perceptual Masking, but all of them are challenged by steganalysis. This paper proposes a new technique for Gray Scale Image Steganography that uses the idea of image segmentation and LSB to deal with such problem. The proposed method deals with different types of images by converting them to a virtual gray scale 24 bitmaps, finds out the possible segments inside image and then computes the possible areas for each segment with boundaries. Any intruder trying to find the transformed image will not be able to understand it without the correct knowledge about the transformation process. The knowledge is represented by the key of image segmentation, key of data distribution inside segment (area selection), key of mapping within each area segment, key agreement of cryptography method, key of secret message length and key of message extension. Our method is distinguishing oneself by one master key to generate the area selection key, pixels selection keys and cryptography key. Thus, the existence of secret message is hard to be detected by the steganalysis. Experiment results show that the proposed technique satisfied the main requirements of steganography; visual appearance, modification rate, capacity, undetectability, and robustness against extraction (security). Also it achieved the maximum capacity of cover image with a modification rate equals 0.04 and visual quality for stego-image comparable to cover image.

Enhancing Mobile Cloud Computing Security Using Steganography

Abstract: Cloud computing is an emerging and popular method of accessing shared and dynamically configurable resources via the computer network on demand. Cloud computing is excessively used by mobile applications to offload data over the network to the cloud. There are some security and privacy concerns using both mobile devices to offload data to the facilities provided by the cloud providers. One of the critical threats facing cloud users is the unauthorized access by the insiders (cloud administrators) or the justification of location where the cloud providers operating. Although, there exist variety of security mechanisms to prevent unauthorized access by unauthorized user by the cloud administration, but there is no security provision to prevent unauthorized access by the cloud administrators to the client data on the cloud computing. In this paper, we demonstrate how steganography, which is a secrecy method to hide information, can be used to enhance the security and privacy of data (images) maintained on the cloud by mobile applications. Our proposed model works with a key, which is embedded in the image along with the data, to provide an additional layer of security, namely, confidentiality of data. The practicality of the proposed method is represented via a simple case study.

Multiresolution Video Watermarking Algorithm Exploiting the Block-Based Motion Estimation

Abstract: This paper presents a novel technique for embedding a digital watermark into video frames based on motion vectors and discrete wavelet transform (DWT). In the proposed scheme, the binary image watermark is divided into blocks and each watermark block is embedded several times in each selected video frame at different locations. The block-based motion estimation algorithm is used to select the video frame blocks having the greatest motion vectors magnitude. The DWT is applied to the selected frame blocks, and then, the watermark block is hidden into these blocks by modifying the coefficients of the Horizontal sub-bands (HL). Adding the watermark at different locations in the same video frame makes the scheme more robust against different types of attacks. The method was tested on different types of videos. The average peak signal to noise ratio (PSNR) and the normalized correlation (NC) are used to measure the performance of the proposed method. Experimental results show that the proposed algorithm does not affect the visual quality of video frames and the scheme is robust against a variety of attacks.

Data Compression for Next Generation Phasor Data Concentrators (PDCs) in a Smart Grid

Abstract: The storage space and cost for Smart Grid datasets has been growing exponentially due to its high data-rate of various sensor readings from Automated Metering Infrastructure (AMI), and Phasor Measurement Units (PMUs). The paper focuses on Phasor Data Concentrators (PDCs) that aggregate data from PMUs. PMUs measure real-time voltage, current and frequency parameters across the electrical grid. A typical PDC can process data from anywhere ten to forty PMUs. The paper exploits the need for appropriate security and data compression challenges simultaneously. As a result, an optimal compression method ER1c is investigated for efficient storage of IREG and C37.118 timestamped PDC data sets. We expect that our approach can greatly reduce the storage cost requirements of commercial available PDCs (SEL 3373, GE Multilin P30) by 80%. For example, 2 years of PDC data storage space can be easily replaced with only 10 days of storage space. In addition, our approach in combination with AES 256 encryption can protect PDC data to larger degree as per National Institute of Standards and Technology (NIST) standards.

Blue Screen of Death Observed for Microsoft Windows Server 2012 R2 under DDoS Security Attack

Abstract: Microsoft server Operating Systems are considered to have in-built, host based security features that should provide some protection against Distributed Denial of Service (DDoS) attacks. In this paper, we presented results of experiments that were conducted to test the security capability of the latest server Operating System from Microsoft Inc., namely Windows Server 2012 R2. Experiments were designed to evaluate its in-built security features in defending against a common Distributed Denial of Service (DDoS) attack, namely the TCP-SYN based DDoS attack. Surprisingly, it was found that the Windows Server 2012 R2 OS lacked sufficient host-based protection and was found to be unable to defend against even a medium intensity3.1 Gbps-magnitude of TCP-SYN attack traffic. The server was found to crash within minutes after displaying a Blue Screen of Death (BSoD) under such security attacks.

Cybersecurity: Integrating Information into the Microeconomics of the Consumer and the Firm

Abstract: The connectivity of information has changed many things but not the way economists model consumers, firms and government. Information is here newly modeled as a fundamental element of microeconomic choices and utility, cost and tax functions. The results are more clearly defined metrics for losses due to cyber breaches or productivity gains from cyber investments. The integration of information into standard microeconomics also allows use of econometric and other tools to analyze the empirics of the consumer and the firm. In particular, the results identify ways in which losses in the Gordon and Loeb [1] model can be specified in more detail.

Is Public Co-Ordination of Investment in Information Security Desirable?

Abstract: This paper provides for the presentation, in an integrated manner, of a sequence of results addressing the consequences of the presence of an information steward in an ecosystem under attack and establishes the appropriate defensive investment responses, thus allowing for a cohesive understanding of the nature of the information steward in a variety of attack contexts. We determine the level of investment in information security and attacking intensity when agents react in a non-coordinated manner and compare them to the case of the system’s coordinated response undertaken under the guidance of a steward. We show that only in the most well-designed institutional set-up the presence of the well-informed steward provides for an increase of the system’s resilience to attacks. In the case in which both the information available to the steward and its policy instruments are curtailed, coordinated policy responses yield no additional benefits to individual agents and in some case they actually compared unfavourably to atomistic responses. The system’s sustainability does improve in the presence of a steward, which deters attackers and reduces the numbers and intensity of attacks. In most cases, the resulting investment expenditure undertaken by the agents in the ecosystem exceeds its Pareto efficient magnitude.

Camera and Voice Control Based Location Services and Information Security on Android

Abstract: Increasing popularity of Android is making its security issue more crucial nowadays. This paper focuses on one-stop solution to secure Android device against information security and theft. Proposed application protects Android device against theft and helps to control Android device by SMS or using internet connection. By this application once the user has configured the account for anti theft, user can remotely track, sound a loud siren, lock, secretly capture photo of an intruder who tries to break in, get randomly recorded voice of intruder, get thief identity using device web history and can able to wipe all your private data. This data and tracking information will be stored in one central web server database and one can access it anytime through login.

Trusted Heartbeat Framework for Cloud Computing

Abstract: In cloud computing environment, as the infrastructure not owned by users, it is desirable that its security and integrity must be protected and verified time to time. In Hadoop based scalable computing setup, malfunctioning nodes generate wrong output during the run time. To detect such nodes, we create collaborative network between worker node (i.e. data node of Hadoop) and Master node (i.e. name node of Hadoop) with the help of trusted heartbeat framework (THF). We propose procedures to register node and to alter status of node based on reputation provided by other co-worker nodes.

Discussion and Research on Information Security Attack and Defense Platform Construction in Universities Based on Cloud Computing and Virtualization

Abstract: This paper puts forward the plan on constructing information security attack and defense platform based on cloud computing and virtualization, provides the hardware topology structure of the platform and technical framework of the system and the experimental process and technical principle of the platform The experiment platform can provide more than 20 attack classes Using the virtualization technology can build hypothesized target of various types in the laboratory and diversified network structure to carry out attack and defense experiment

Passwords Management via Split-Key

Abstract: This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share shall be based solely on a selected passphrase. The server’s share shall be generated from the user’s share and the encryption key. The security and trust are achieved by performing both encryption and decryption on the client side. We also address the issue of countering dictionary attack by providing a further enhancement of the scheme.

Authentication Method Using a Discrete Wavelet Transform for a Digital Moving Image

Abstract: Recently, several digital watermarking techniques have been proposed for hiding data in the frequency domain of moving image files to protect their copyrights. However, in order to detect the water marking sufficiently after heavy compression, it is necessary to insert the watermarking with strong intensity into a moving image, and this results in visible deterioration of the moving image. We previously proposed an authentication method using a discrete wavelet transform for a digital static image file. In contrast to digital watermarking, no additional information is inserted into the original static image in the previously proposed method, and the image is authenticated by features extracted by the wavelet transform and characteristic coding. In the present study, we developed an authentication method for a moving image by using the previously proposed method for astatic image and a newly proposed method for selecting several frames in the moving image. No additional information is inserted into the original moving image by the newly proposed method or into the original static image by the previously proposed method. The experimental results show that the proposed method has a high tolerance of authentication to both compressions and vicious attacks.

On Addition of Sets in Boolean Space

Abstract: In many problems of combinatory analysis, operations of addition of sets are used (sum, direct sum, direct product etc.). In the present paper, as well as in the preceding one [1], some properties of addition operation of sets (namely, Minkowski addition) in Boolean space Bn are presented. Also, sums and multisums of various “classical figures” as: sphere, layer, interval etc. are considered. The obtained results make possible to describe multisums by such characteristics of summands as: the sphere radius, weight of layer, dimension of interval etc. using the methods presented in [2], as well as possible solutions of the equation X+Y=A, where , are considered. In spite of simplicity of the statement of the problem, complexity of its solutions is obvious at once, when the connection of solutions with constructions of equidistant codes or existence the Hadamard matrices is apparent. The present paper submits certain results (statements) which are to be the ground for next investigations dealing with Minkowski summation operations of sets in Boolean space.

Empirical Investigation of Threats to Loyalty Programs by Using Models Inspired by the Gordon-Loeb Formulation of Security Investment

Abstract: Loyalty program (LP) is a popular marketing activity of enterprises. As a result of firms’ effort to increase customers’ loyalty, point exchange or redemption services are now available worldwide. These services attract not only customers but also attackers. In pioneering research, which first focused on this LP security problem, an empirical analysis based on Japanese data is shown to see the effects of LP-point liquidity on damages caused by security incidents. We revisit the empirical models in which the choice of variables is inspired by the Gordon-Loeb formulation of security investment: damage, investment, vulnerability, and threat. The liquidity of LP points corresponds to the threat in the formulation and plays an important role in the empirical study because it particularly captures the feature of LP networks. However, the actual proxy used in the former study is artificial. In this paper, we reconsider the liquidity definition based on a further observation of LP security incidents. By using newly defined proxies corresponding to the threat as well as other refined proxies, we test hypotheses to derive more implications that help LP operators to manage partnerships; the implications are consistent with recent changes in the LP network. Thus we can see the impacts of security investment models include a wider range of empirical studies.

Construction of New Codes from Given Ones in an Additive Channel

Abstract: In the present work, a construction making possible creation of an additive channel of cardinality s and rank r for arbitrary integers s, r, n (r≤min (n,s-1)), as well as creation of a code correcting errors of the channel A is presented.