•Journal•ISSN: 2153-1234
Journal of Information Security
About: Journal of Information Security is an academic journal. The journal publishes majorly in the area(s): Computer science & Encryption. It has an ISSN identifier of 2153-1234. It is also open access. Over the lifetime, 289 publications have been published receiving 3454 citations. The journal is also known as: JIS.
Topics: Computer science, Encryption, Security information and event management, The Internet, Cloud computing security
Papers published on a yearly basis
Papers
More filters
••
TL;DR: This survey paper provides an overview of techniques for analyzing and classifying the malwares and finds that behavioral patterns obtained either statically or dynamically can be exploited to detect and classify unknownmalwares into their known families using machine learning techniques.
Abstract: One of the major and serious threats on the
Internet today is malicious software, often referred to as a malware. The
malwares being designed by attackers are polymorphic and metamorphic which have
the ability to change their code as they propagate. Moreover, the diversity and
volume of their variants severely undermine the effectiveness of traditional
defenses which typically use signature based techniques and are unable to
detect the previously unknown malicious executables. The variants of malware
families share typical behavioral patterns reflecting their origin and purpose.
The behavioral patterns obtained either statically or dynamically can be
exploited to detect and classify unknown malwares into their known families
using machine learning techniques. This survey paper provides an overview of
techniques for analyzing and classifying the malwares.
350 citations
••
TL;DR: The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption and are referred to as “common language of organizations around the world” for information security.
Abstract: With the increasing significance of information technology, there is
an urgent need for adequate measures of information security.
Systematic information security management is one of most important initiatives
for IT management. At least since reports about privacy and security breaches,
fraudulent accounting practices, and attacks on IT systems appeared
in public, organizations have recognized their responsibilities to safeguard
physical and information assets. Security standards can be used as guideline or
framework to develop and maintain an adequate information security management
system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international
standards that are receiving growing recognition and adoption. They are
referred to as “common language of organizations around the world” for
information security [1]. With ISO/IEC 27001 companies can have their ISMS
certified by a third-party organization and thus show their customers evidence
of their security measures.
177 citations
••
TL;DR: This paper aims to present the Blockchain and smart contract for a specific domain which is real estate, a detailed design of smart contract is presented and a use case for renting residential and business buildings is examined.
Abstract: Blockchain is a fast-disruptive technology becoming a key instrument in share economy. In recent years, Blockchain has received considerable attention from many researchers and government institutions. This paper aims to present the Blockchain and smart contract for a specific domain which is real estate. A detailed design of smart contract is presented and then a use case for renting residential and business buildings is examined.
155 citations
••
TL;DR: The EER results of the combined systems prove that the ECG has an excellent source of supplementary information to a multibiometric system, despite it shows moderate performance in a unimodal framework.
Abstract: This paper presents an evaluation of a new biometric electrocardiogram (ECG) for individual authentication. We report the potential of ECG as a biometric and address the research concerns to use ECG-enabled biometric authentication system across a range of conditions. We present a method to delineate ECG waveforms and their end fiducials from each heartbeat. A new authentication strategy is proposed in this work, which uses the delineated features and taking decision for the identity of an individual with respect to the template database on the basis of match scores. Performance of the system is evaluated in a unimodal framework and in the multibiometric framework where ECG is combined with the face biometric and with the fingerprint biometric. The equal error rate (EER) result of the unimodal system is reported to 10.8%, while the EER results of the multibiometric systems are reported to 3.02% and 1.52%, respectively for the systems when ECG combined with the face biometric and ECG combined with the fingerprint biometric. The EER results of the combined systems prove that the ECG has an excellent source of supplementary information to a multibiometric system, despite it shows moderate performance in a unimodal framework. We critically evaluate the concerns involved to use ECG as a biometric for individual authentication such as, the lack of standardization of signal features and the presence of acquisition variations that make the data representation more difficult. In order to determine large scale performance, individuality of ECG remains to be examined.
100 citations
••
TL;DR: Results show that the Random Forest based proposed approach can select most important and relevant features useful for classification, which reduces not only the number of input features and time but also increases the classification accuracy.
Abstract: An intrusion detection system
collects and analyzes information from different areas within a computer or a
network to identify possible security threats that include threats from both
outside as well as inside of the organization. It deals with large amount of
data, which contains various ir-relevant and redundant features and results in
increased processing time and low detection rate. Therefore, feature selection
should be treated as an indispensable pre-processing step to improve the
overall system performance significantly while mining on huge datasets. In this
context, in this paper, we focus on a two-step approach of feature selection based
on Random Forest. The first step selects the features with higher variable
importance score and guides the initialization of search process for the second
step whose outputs the final feature subset for classification and
in-terpretation. The effectiveness of this algorithm is demonstrated on KDD’99
intrusion detection datasets, which are based on DARPA 98 dataset, provides
labeled data for researchers working in the field of intrusion detection. The
important deficiency in the KDD’99 data set is the huge number of redundant
records as observed earlier. Therefore, we have derived a data set RRE-KDD by
eliminating redundant record from KDD’99 train and test dataset, so the
classifiers and feature selection method will not be biased towards more
frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+
dataset for training and testing purposes, respectively. The experimental
results show that the Random Forest based proposed approach can select most
im-portant and relevant features useful for classification, which, in turn,
reduces not only the number of input features and time but also increases the
classification accuracy.
88 citations