scispace - formally typeset
Search or ask a question

Showing papers in "Security and Communication Networks in 2015"


Journal ArticleDOI
TL;DR: This paper analyzed the security of the proposed scheme in random oracle model which confirms the robustness of the scheme against all known attacks and proposed a supplemented scheme to overcome security weaknesses of Kumari et al.
Abstract: Very recently, Kumari et al. proposed a symmetric key and smart card-based remote user password authentication scheme to enhance Chung et al.'s scheme. They claimed their enhanced scheme to provide anonymity while resisting all known attacks. In this paper, we analyze that Kumari et al.'s scheme is still vulnerable to anonymity violation attack as well as smart card stolen attack. Then we propose a supplemented scheme to overcome security weaknesses of Kumari et al.'s scheme. We have analyzed the security of the proposed scheme in random oracle model which confirms the robustness of the scheme against all known attacks. We have also verified the security of our scheme using automated tool ProVerif. Copyright © 2015 John Wiley & Sons, Ltd.

85 citations


Journal ArticleDOI
TL;DR: A false data detection system that integrated the anomaly detection mechanism with a watermarking-based detection scheme that prevents more stealthy attacks that involve subtle manipulation of the measurement data is developed.
Abstract: The Smart Grid is a new type of power grid that will use advanced communication network technologies to support more efficient energy transmission and distribution. The grid infrastructure was designed for reliability; but security, especially against cyber threats, is also a critical need. In particular, an adversary can inject false data to disrupt system operation. In this paper, we develop a false data detection system that integrates two techniques that are tailored to the different attack types that we consider. We adopt anomaly-based detection to detect strong attacks that feature the injection of large amounts of spurious measurement data in a very short time. We integrate the anomaly detection mechanism with a watermarking-based detection scheme that prevents more stealthy attacks that involve subtle manipulation of the measurement data. We conduct a theoretical analysis to derive the closed-form formulae for the performance metrics that allow us to investigate the effectiveness of our proposed detection techniques. Our experimental data show that our integrated detection system can accurately detect both strong and stealthy attacks. Copyright © 2014 John Wiley & Sons, Ltd.

83 citations


Journal ArticleDOI
TL;DR: An intelligent alarm filter based on a multi-class k-nearest-neighbor classifier to filter out unwanted alarms and employs a rating mechanism by means of expert knowledge to classify incoming alarms to proper clusters for labeling is designed.
Abstract: Network intrusion detection systems NIDSs have been widely deployed in various network environments to defend against different kinds of network attacks. However, a large number of alarms especially unwanted alarms such as false alarms and non-critical alarms could be generated during the detection, which can greatly decrease the efficiency of the detection and increase the burden of analysis. To address this issue, we advocate that constructing an alarm filter in terms of expert knowledge is a promising solution. In this paper, we develop a method of knowledge-based alert verification and design an intelligent alarm filter based on a multi-class k-nearest-neighbor classifier to filter out unwanted alarms. In particular, the alarm filter employs a rating mechanism by means of expert knowledge to classify incoming alarms to proper clusters for labeling. We further analyze the effect of different classifier settings on classification accuracy with two alarm datasets. In the evaluation, we investigate the performance of the alarm filter with a real dataset and in a network environment, respectively. Experimental results indicate that our alarm filter can effectively filter out a number of NIDS alarms and can achieve a better outcome under the advanced mode. Copyright © 2015 John Wiley & Sons, Ltd.

73 citations


Journal ArticleDOI
TL;DR: A critical review of the mathematical models proposed to date to simulate malware propagation in a network of computers or mobile devices to determine the deficits and possible alternatives for improving them is offered.
Abstract: In the present work, we offer a critical review of the mathematical models that have been proposed to date to simulate malware propagation in a network of computers or mobile devices. We analyze the models proposed determining the deficits and possible alternatives for improving them. Copyright © 2015 John Wiley & Sons, Ltd.

72 citations


Journal ArticleDOI
TL;DR: This paper proposes a new user access control scheme with attribute-based encryption using elliptic curve cryptography in hierarchical WSNs and demonstrates that the scheme has the ability to tolerate different known attacks required for a users' access control designed for W SNs.
Abstract: For critical applications, real-time data access is essential from the nodes inside a wireless sensor network WSN. Only the authorized users with unique access privilege should access the specific, but not all, sensing information gathered by the cluster heads in a hierarchical WSNs. Access rights for the correct information and resources for different services from the cluster heads to the genuine users can be provided with the help of efficient user access control mechanisms. In this paper, we propose a new user access control scheme with attribute-based encryption using elliptic curve cryptography in hierarchical WSNs. In attribute-based encryption, the ciphertexts are labeled with sets of attributes and secret keys of the users that are associated with their own access structures. The authorized users with the relevant set of attributes can able to decrypt the encrypted message coming from the cluster heads. Our scheme provides high security. Moreover, our scheme is efficient as compared with those for other existing user access control schemes. Through both the formal and informal security analysis, we show that our scheme has the ability to tolerate different known attacks required for a user access control designed for WSNs. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications tool. The simulation results demonstrate that our scheme is secure. Copyright © 2014 John Wiley & Sons, Ltd.

68 citations


Journal ArticleDOI
TL;DR: This paper proposes a general security architecture of opportunistic networks, makes an in-depth analysis on authentication and access control, secure routing, privacy protection, trust management, and incentive cooperation mechanisms, and presents a comparison of various security and trust solutions for opportunism networks.
Abstract: As a new networking paradigm, opportunistic networking communications have great vision in animal migration tracking, mobile social networking, network communications in remote areas and intelligent transportation, and so on. Opportunistic networks are one of the evolutionary mobile ad hoc networks, whose communication links often suffer from frequent disruption and long communication delays. Therefore, many opportunistic forwarding protocols present major security issues, and the design of opportunistic networks faces serious challenges such as how to effectively protect data confidentiality and integrity and how to ensure routing security, privacy, cooperation, and trust management. In this paper, we first systematically describe the security threats and requirements in opportunistic networks; then propose a general security architecture of opportunistic networks; and then make an in-depth analysis on authentication and access control, secure routing, privacy protection, trust management, and incentive cooperation mechanisms; and at the same time, we present a comparison of various security and trust solutions for opportunistic networks. Finally, we conclude and give future research directions. Copyright © 2014 John Wiley & Sons, Ltd.

61 citations


Journal ArticleDOI
TL;DR: This paper presents some of the most recent approaches of key generation based on the channel impulse response on the physical layer of wireless communications and discusses some other physical layer methods.
Abstract: Traditional security mechanisms are mainly based on the distribution of shared secret keys. Yet, this task is nontrivial in large wireless networks, because of mobility and scalability issues. Recently, it has been found that some properties of the physical layer of wireless communications can be leveraged for the purpose of secret key generation. In particular, the wireless channel has been investigated as a common source of secrecy to generate a shared secret key. We explore the most recent approaches in this area. Received signal strength indicator based key generation is firstly investigated. After that, we present some of the most recent approaches of key generation based on the channel impulse response. Moreover, we discuss some other physical layer methods. Thus, this paper provides a survey on the latest key generation mechanisms on the physical layer of wireless communications.Copyright © 2014 John Wiley & Sons, Ltd.

59 citations


Journal ArticleDOI
TL;DR: The detailed analyses provide evidence that the proposed bilinear pairing and MTP hash-function-free CL-MRE scheme with chosen ciphertext attack resilience achieves forward secrecy, backward secrecy, and low computation costs than others.
Abstract: Recently, numerous multireceiver identity-based encryption or identity-based broadcast encryption schemes have been introduced with bilinear pairing and probabilistic map-to-point MTP function. As the bilinear pairing and MTP functions are expensive operations, any cryptographic schemes based on these operations experience high computational burden. The certificateless public key cryptography sidesteps the private key escrow problem occurring in identity-based cryptosystem and certificate management troubles of certificate authority-based public key cryptography CA-PKC. We observed that certificateless multireceiver encryption CL-MRE scheme without pairing and MTP hash function has not yet been considered in the literature. In this paper, we proposed a bilinear pairing and MTP hash-function-free CL-MRE scheme with chosen ciphertext attack resilience. The detailed analyses provide evidence that our scheme achieves forward secrecy, backward secrecy, and low computation costs than others. The scheme also provides confidentiality of the message and receiver anonymity in the random oracle model with the hardness of computational Diffie-Hellman problem. Copyright © 2014 John Wiley & Sons, Ltd.

58 citations


Journal ArticleDOI
TL;DR: The experimental results indicate that the proposed intrusion detection mechanism based on binary particle swarm optimization PSO and random forests RF algorithms called PSO-RF performs better than the other approaches for the detection of all kinds of attacks present in the dataset.
Abstract: Network security risks grow with increase in the network size. In recent past, the attacks on computer networks have increased tremendously and require efficient network intrusion detection mechanisms. Data mining and machine-learning techniques have been used for network intrusion detection during the past few years and have gained much popularity. In this paper, we propose an intrusion detection mechanism based on binary particle swarm optimization PSO and random forests RF algorithms called PSO-RF and investigate the performance of various dimension reduction techniques along with a set of different classifiers including the proposed approach. Binary PSO is used to find more appropriate set of attributes for classifying network intrusions, and RF is used as a classifier. In the preprocessing step, we reduce the dimensions of the dataset by using different state-of-the-art dimension reduction techniques, and then this reduced dataset is presented to the proposed PSO-RF approach that further optimizes the dimensions of the data and finds an optimal set of features. PSO is an optimization method that has a strong global search capability and is used here for dimension optimization. We perform extensive experimentation to prove the worth of the proposed approach by using different performance metrics. The standard benchmark, that is, KDD99Cup dataset, is used that contains the information about various kinds of network intrusions. The experimental results indicate that the proposed approach performs better than the other approaches for the detection of all kinds of attacks present in the dataset. Copyright © 2012 John Wiley & Sons, Ltd.

53 citations


Journal ArticleDOI
TL;DR: An efficient method based on quotients of correlation coefficients between local binary patterns LBPs coded frames is proposed, which has high detection accuracy and low computational complexity.
Abstract: Frame insertion and deletion are common inter-frame forgery in digital videos. In this paper, an efficient method based on quotients of correlation coefficients between local binary patterns LBPs coded frames is proposed. This method is composed of two parts: feature extraction and abnormal point detection. In the feature extraction, each frame of a video is coded by LBP. Then, quotients of correlation coefficients among sequential LBP-coded frames are calculated. In the abnormal point detection, insertion and deletion localization is achieved by using Tchebyshev inequality twice followed by abnormal points detection based on decision-thresholding. Experimental results show that our method has high detection accuracy and low computational complexity. Copyright © 2014 John Wiley & Sons, Ltd.

53 citations


Journal ArticleDOI
TL;DR: It is demonstrated that the improved authentication scheme proposed not only overcomes the drawbacks of the Lee et al., Hsiang-Shih, and Liao-Wang schemes but also satisfies crucial design criteria for secure remote user authentication schemes in multi-server environments.
Abstract: In a multi-server environment, remote user authentication is essential for secure communication. Recently, Liao and Wang, Hsiang and Shih, and Lee et al. have successively proposed various remote user authentication schemes for multi-server environments. However, each of these schemes exhibits distinct security weaknesses. The Liao-Wang scheme is vulnerable to insider attacks and masquerade attacks, and fails to provide two-factor security and mutual authentication. The Hsiang-Shih scheme is vulnerable to masquerade attacks and cannot provide mutual authentication. This paper shows that the Lee et al. scheme does not provide two-factor security and cannot withstand masquerade attacks. Their scheme demonstrates poor reparability and fails to provide mutual authentication. Its password change process is inconvenient and inefficient for users who wish to update passwords. Therefore, we propose a novel two-factor authentication scheme with anonymity for multi-server environments and use the Burrows-Abadi-Needham logic method to verify our scheme. We compare the performance and functionality of the proposed scheme with those of previous schemes. Cryptanalysis demonstrated that our improved scheme not only overcomes the drawbacks of the Lee et al., Hsiang-Shih, and Liao-Wang schemes but also satisfies crucial design criteria for secure remote user authentication schemes in multi-server environments. This paper presents a real-case scenario and provides practical examples. We show that our improved authentication scheme provides more functionality than the mentioned schemes do, and can enhance effectiveness in protecting multi-server environments. We also show that the proposed scheme is efficient and can enhance the efficiency of the authentication scheme in a multi-server environment. Copyright © 2014 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: A group-based access authentication scheme, by which a good deal of MTC devices can be simultaneously authenticated by the network and establish an independent session key with the network respectively, which can achieve robust security including key forward/backward secrecy and non-repudiation verification.
Abstract: Machine-type communication MTC, as one of the most important communication approaches in the future mobile communication, has drawn more and more attention. To meet the requirements of low power consumption of devices and mass device transmission is the key issue to achieve MTC applications security in the long-term evolution LTE networks. When a large number of MTC devices simultaneously connect to the network, each MTC device needs to implement an independent access authentication procedure in the current third generation partnership project standard, which will cause a severe signaling congestion in the LTE network. In this paper, we propose a group-based access authentication scheme, by which a good deal of MTC devices can be simultaneously authenticated by the network and establish an independent session key with the network respectively. Our scheme not only can greatly reduce the signal transmission for mass of devices to the network and thus avoid the signaling overload over the LTE network but also can achieve robust security including key forward/backward secrecy and non-repudiation verification. The experimental results and formal verification by using the temporal logic actions and temporal logic checker show that the proposed scheme is secure against various malicious attacks. Copyright © 2015 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: A robust biometrics and public-key techniques-based authentication scheme is presented, which is a significant enhancement to the scheme recently proposed by Mishra et al. and is efficient compared with other related authenticated key agreement schemes.
Abstract: With the rapid development of computer networks, multi-server architecture has attracted much attention in many network environments. Moreover, in order to achieve non-repudiation which both passwords and cryptographic keys cannot provide, several password authentication schemes combining a user's biometrics for multi-server environments have been proposed in the past. In 2014, Chuang et al. presented a biometrics-based multi-server authenticated key agreement scheme and declared that their scheme was efficient and secure. Later, Mishra et al. commented that the scheme by Chuang et al. was susceptible to stolen smart card, impersonation and denial of service attacks. To conquer these weaknesses, Mishra et al. presented an efficient biometrics-based multi-server authenticated key agreement scheme using hash functions. However, we prove that the scheme by Mishra et al. is insecure against forgery, server masquerading and lacks perfect forward secrecy. The focus of this paper is to present a robust biometrics and public-key techniques-based authentication scheme, which is a significant enhancement to the scheme recently proposed by Mishra et al. The highlight of our scheme is that it not only conquers the flaws but also is efficient compared with other related authenticated key agreement schemes. Copyright © 2015John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: Based on Bayesian and Entropy, this paper proposes a lightweight trust management for wireless sensor networks that uses effective history records rather than all the records to save nodes' memory and the adaptive decay factor enhances the algorithm's accuracy and dynamic.
Abstract: With the rapid development of wireless sensor networks, the issue of designing a reasonable trust management has attracted more and more research attention. Based on Bayesian and Entropy, this paper proposes a lightweight trust management for wireless sensor networks. First, the evaluated node's direct trust value is calculated by Bayesian and periodically updated according to the combination of effective history records and adaptive decay factor. We use effective history records rather than all the records to save nodes' memory, and the adaptive decay factor enhances the algorithm's accuracy and dynamic. Then, according to the confidence level of the direct trust value, we decide whether the direct trust is credible enough to be the integrated trust. This can reduce the energy computation and make the algorithm lightweight. Last, if the direct trust is not credible enough, the overall indirect trust value will be calculated. The Entropy Theory is adopted to distribute weights to different trust values, which can improve the problems caused by distributing weights subjectively and also enhance adaptability of the model. Simulation experiments are provided to assess the performance of the proposed trust management in terms of attack-defeat ability and energy consumption. Copyright © 2014 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: This study analyzes the differentiation between users behaviors, as two feature sequences from Web logs are extracted to represent characteristics of user behavior, and then, application layer DDoS attack detection system architecture based on feature sequences is presented.
Abstract: Distributed Denial of Service attack DDoS has been one of the greatest threats to network security for years. In recent years, DDoS attackers turn to application layer, which makes DDoS attack detection systems based on net layer and transport layer lose their performance. In this layer, Web service is the most vulnerable application. In this study, we analyze the differentiation between users behaviors, as we extract two feature sequences from Web logs to represent characteristics of user behavior, and then, application layer DDoS attack detection system architecture based on feature sequences is presented. This architecture is divided into two parts. For each part, we propose detection methods, respectively. Specially, we consider users request frequency sequence as sparse vector, and then put forward a kind of classification algorithm called sparse vector decomposition and rhythm matching SVD-RM, which is based on sparse vector decomposition and rhythm matching. This algorithm is fully considering the discrepancy of different users in access behavior. A cluster algorithm with label, called L-Kmeans, is also proposed as embedded classifier in SVD-RM. Finally, we simulate four kinds of prevalent application layer DDoS attack and conduct experiments to certify the effectiveness of our methods. Experimental results show that proposed methods are good to distinguish legal users and attackers in application layer. Copyright © 2015 John Wiley & Sons, Ltd.

Journal ArticleDOI
Michael Zuba1, Zhijie Shi1, Zheng Peng1, Jun-Hong Cui1, Shengli Zhou1 
TL;DR: This paper develops their own jammer hardware and signals in order to analyze the characteristics of different jamming attack models on a network, and shows that UANs can be easily jammed using carefully timed attacks, which are energy efficient.
Abstract: Recent surges in the development of underwater acoustic networks UANs have lead to a rapid acceptance of this technology in scientific, commercial, and military applications. However, limited work has been performed on developing secure communication mechanisms and techniques to protect these networks. Security mechanisms are wildly studied in terrestrial networks, and various defense mechanisms have been developed as safeguards. Because of the difference in communication mediums and physical environments, the existing solutions for terrestrial networks cannot be directly applied for UANs. In this paper, we study the effects of denial-of-service jamming attacks on UANs using real-world field tests. We develop our own jammer hardware and signals in order to analyze the characteristics of different jamming attack models on a network. Our tests are performed on multiple commercial brand acoustic modems and an orthogonal frequency division multiplexing modem prototype. We show that UANs can be easily jammed using carefully timed attacks, which are energy efficient. Copyright © 2012 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: This paper proposes a novel privacy-preserving dual-functional aggregation scheme PDA for smart grid communications based on the lattice cryptographic technique, which is efficient in terms of computational and communication overheads when the number of considered users is within an acceptable range.
Abstract: Privacy-preserving aggregation for smart grid communications, which precisely meets the requirement of periodically collecting users' electricity consumption while preserving privacy of each individual user, has been extensively studied in recent years. However, most of existing privacy-preserving aggregation schemes are only focused on the summation aggregation. In this paper, based on the lattice cryptographic technique, we propose a novel privacy-preserving dual-functional aggregation scheme PDA for smart grid communications. With our proposed PDA scheme, each individual user just reports one data, then multiple statistic values, that is, mean and variance, of all users can be computed by the data & control center in the smart grid, while the privacy of each individual user can still be protected. Detailed security analyses demonstrate that our proposed PDA scheme is secure and robust. In addition, extensive performance evaluations also show that our proposed PDA scheme is efficient in terms of computational and communication overheads when the number of considered users is within an acceptable range. Copyright © 2015 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: In this paper, attempts were made to do a comprehensive review on various aspects and state-of-the-art of CAPTCHA in general and its alternatives in particular to help researchers easily focus on specific issues for the sake of proposing new solutions and ideas.
Abstract: Nowadays, because of the undeniable impact of the Internet on all aspects of human life, security preserving has received more attention. To reach an acceptable level of security, Completely Automatic Public Turing test to tell Computer and Human Apart or simply CAPTCHA as a security preserving tool has been tailored for situations that need to prevent bots from doing a specific action; for example, signing up and downloading. Simultaneously, it should be also designed in such a way to allow humans to perform the same action. Despite its advantageous applications, there are several important issues such as security, usability, and accessibility that make its use controversial. In this paper, attempts were made to do a comprehensive review on various aspects and state-of-the-art of CAPTCHA in general and its alternatives in particular to help researchers easily focus on specific issues for the sake of proposing new solutions and ideas. Regarding the advancement in CAPTCHA development, new classifications were proposed to categorize different variations of CAPTCHAs and their problems and then compare them. Moreover, different types of CAPTCHAs' alternatives were classified and evaluated by introducing several proposed measures. This evaluation could come in handy for future studies that aim to develop new techniques for overcoming current deficiencies. Copyright © 2014 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: A combination of space-filling curve with chaos has been used for encryption process and deoxyribonucleic acid-based complementary addition rule is integrated to make the proposed scheme robust against statistical attacks, which also provides immense parallelism to generate the final encrypted image.
Abstract: Multimedia is ruling the digital era where data storage and transmission have gained huge importance. The refuge of such data transfer has been a chief apprehension and becomes the study in the limelight, probably, forever. The universal phenomenon is to send the desired data in disguise so that only the beneficiary can avail it. In this paper, a combination of space-filling curve with chaos has been used for encryption process. Initially, three chaotic sequences were generated using Chua's equations followed by quantification of those sequences. Key based on Hilbert curve is used for scrambling. For introducing confusion, the image is further scrambled using row and column shifting operations using the first two chaotic sequences used with space-filling curve. Then pixel replacement has been done by bit XOR between scrambled image and the third chaotic sequence. Finally, Gould transform is applied to enhance image authentication and tamper proofing of the encrypted image. In addition, deoxyribonucleic acid-based complementary addition rule is integrated to make the proposed scheme robust against statistical attacks, which also provides immense parallelism to generate the final encrypted image. The proposed methodology has been implemented in MATLAB 7.1. The results are compared with the existing methods. To validate the proposed system, image metrics like correlation coefficient, number of pixels change rate, unified average changing intensity, key sensitivity, cropping attacks, and noise have been computed. Copyright © 2015 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: A new CLAS scheme is proposed, which leads to the advantages of both certificateless cryptography and aggregate signature, and only depends on constant pairing operations to verify a large number of signatures per time.
Abstract: Certificateless public key cryptography CL-PKC is a cryptosystem solving the key escrow problem of identity-based cryptography. One of the applications of CL-PKC is certificateless aggregate signature CLAS that in practice can be used to efficiently verify concealed data aggregation in wireless sensor networks. CLAS is referred to as an extension of certificateless signature, which in particular performs verification for many signatures efficiently. Therefore, not only plenty of CLAS schemes have been proposed but also the security models of CLAS were introduced in the literature. Recently, some CLAS schemes are extended from specific certificateless signature CLS schemes. However, we found that two certificateless signature CLS and their corresponding CLAS schemes are not secure. In this paper, we simplify the relation of security definitions of CLS and CLAS. Then, a new CLAS scheme is proposed, which leads to the advantages of both certificateless cryptography and aggregate signature. Moreover, our scheme only depends on constant pairing operations to verify a large number of signatures per time, because pairing is a complicated operation with high cost in computations. Copyright © 2014 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: The results show that the combination of expert knowledge and n-grams outperforms each separate technique and that the GeFS measure can greatly reduce the number of features, thus enhancing both the effectiveness and efficiency of WAFs.
Abstract: In the detection of web attacks, it is necessary that Web Application Firewalls WAFs are effective, at the same time than efficient. In this paper, we propose a new methodology for web attack detection that enhances these two aspects of WAFs. It involves both feature construction and feature selection. For the feature construction phase, many professionals rely on their expert knowledge to define a set of important features, what normally leads to high and reliable attack detection rates. Nevertheless, it is a manual process and not quickly adaptive to the changing network environments. Alternatively, automatic feature construction methods such as n-grams overcome this drawback, but they provide unreliable results. Therefore, in this paper, we propose to combine expert knowledge with n-gram feature construction method for reliable and efficient web attack detection. However, the number of n-grams grows exponentially with n, which usually leads to high dimensionality problems. Hence, we propose to apply feature selection to reduce the number of redundant and irrelevant features. In particular, we study the recently proposed Generic Feature Selection GeFS measure, which has been successfully tested in intrusion detection systems. Additionally, we use several decision tree algorithms as classifiers of WAFs. The experiments are conducted on the publicly available ECML/PKDD 2007 dataset. The results show that the combination of expert knowledge and n-grams outperforms each separate technique and that the GeFS measure can greatly reduce the number of features, thus enhancing both the effectiveness and efficiency of WAFs. Copyright © 2012 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: It is proved that the scheme is secure with a formal security model containing the feature of strong forward security and has low time, storage, and communication cost and is suitable for communicating applications in network.
Abstract: Recently, Li proposed an authenticated key exchange AKE scheme based on elliptic curve cryptosystem with smart cards in two versions We point out that the two versions of Li's scheme are not secure and then we present an improved authentication scheme to overcome general disadvantages Also, we deem that the notion of forward security is old for modern AKE schemes based on smart cards and enhance it as strong forward security We prove that our scheme is secure with a formal security model containing the feature of strong forward security Then, via the concrete security analysis and comparison, our scheme resists common attacks and has general security characters Compared with other schemes, our scheme has low time, storage, and communication cost It is suitable for communicating applications in network Copyright © 2014 John Wiley & Sons, Ltd

Journal ArticleDOI
TL;DR: This paper introduces a graph-based attack description that comes with different analysis methods for alert correlation and shows that the system can correlate a huge number of alerts more than 442000 alerts into a dozens of attack graphs.
Abstract: This paper introduces a graph-based attack description that comes with different analysis methods for alert correlation. The system encompasses an attack scenario detection method, an alert correlation method that recognizes multistep attacks, and graph-based classification method to extract different types of alerts. The performance analysis shows that the system can correlate a huge number of alerts more than 442000 alerts into a dozens of attack graphs. The attack graph has permitted us to extract several attack properties with high precision. Copyright © 2015 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: The experimental results show the feasibility and effectiveness of the proposed trust dynamic task allocation algorithm, which can obtain a good balance between local solution and global exploration and achieve superior energy efficiency and network reliability within a short period.
Abstract: Task allocation is an important issue in wireless sensor networks WSNs, and the existing traditional solutions to this problem in high-performance computing cannot be directly implemented in WSNs because of limitations such as resource availability and shared communication medium. In this paper, we address the task allocation problem for a heterogeneous WSN, and a trust dynamic task allocation algorithm is proposed. Firstly, to ensure the nodes in the same coalition are mutually closer in distance, a discrete particle swarm optimization PSO is designed to generate a structure of the parallel coalitions. Secondly, in order to minimize the execution time of the tasks, save the energy cost of the nodes and balance the load of the network, we design task strategies and payoff functions by invoking the game theory in WSNs and propose a PSO with the redesigned fitness function to find the Nash equilibrium point for the purpose of improving the effectiveness of scheduling and the reliability of the network. In this step, the sink node will play the role of trust manager, and it will allocate tasks based on the Nash equilibrium point, which is a trust solution to make sure all tasks can be finished. Finally, the extensive experiments are conducted to compare our algorithm with two other algorithms. The experimental results show the feasibility and effectiveness of our algorithm, which can obtain a good balance between local solution and global exploration and achieve superior energy efficiency and network reliability within a short period. Copyright © 2014 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: This paper proposes a promising M2M application model that connects a mobile user with the home network using the existing popular Time Division-Synchronous Code Division Multiple Access TD-SCDMA network and proposes a password-based authentication and key establishment protocol to identify the communicating parties and establish a secure channel for data transmissions.
Abstract: Machine-to-machine M2M techniques have significant application potential in the emerging internet of things, which may cover many fields from intelligence to ubiquitous environment. However, because of the data exposure when transmitted via cable, wireless mobile devices, and other technologies, its security vulnerability has become a great concern during its further extending development. This problem may even get worse if the user privacy and property are considered. Therefore, the authentication process of communicating entities has attracted wide investigation. Meanwhile, the data confidentiality also becomes an important issue in M2M, especially when the data are transmitted in a public and thereby insecure channel. In this paper, we propose a promising M2M application model that connects a mobile user with the home network using the existing popular Time Division-Synchronous Code Division Multiple Access TD-SCDMA network. Subsequently, a password-based authentication and key establishment protocol is designed to identify the communicating parties and hence establish a secure channel for data transmissions. The final analysis shows the reliability of our proposed protocol. Copyright © 2012 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: This paper proposes an effective and efficient heuristic technique based on static analysis that not only detect malware with a very high accuracy, but also is robust against common evasion techniques such as junk injection and packing.
Abstract: Existing anti-malware products usually use signature-based techniques as their main detection engine. Although these methods are very fast, they are unable to provide effective protection against newly discovered malware or mutated variant of old malware. Heuristic approaches are the next generation of detection techniques to mitigate the problem. These approaches aim to improve the detection rate by extracting more behavioral characteristics of malware. Although these approaches cover the disadvantages of signature-based techniques, they usually have a high false positive, and evasion is still possible from these approaches. In this paper, we propose an effective and efficient heuristic technique based on static analysis that not only detect malware with a very high accuracy, but also is robust against common evasion techniques such as junk injection and packing. Our proposed system is able to extract behavioral features from a unique structure in portable executable, which is called dynamic-link library dependency tree, without actually executing the application. Copyright © 2015 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: This paper presents two types of packed ciphertexts, one of which is based on the message encoding technique proposed by Brakerski and Vaikuntanathan, and enables efficient secure computation of more complex functionalities such as multiple inner products and multiple Hamming distances.
Abstract: Somewhat homomorphic encryption is public key encryption supporting a limited number of additions and multiplications on encrypted data. This encryption gives a powerful tool in performing meaningful computations with protecting data confidentiality, whose property is suitable mainly in cloud computing. In this paper, we focus on the scheme proposed by Brakerski and Vaikuntanathan, and present two types of packed ciphertexts in order to improve performance and reduce size of the encrypted data. One type of our packed ciphertexts is based on the message encoding technique proposed by Lauter, Naehrig and Vaikuntanathan. While their technique empowers efficient secure computation of sums and products over the integers, our second type of packed ciphertexts enables efficient secure computation of more complex functionalities such as multiple inner products and multiple Hamming distances. We apply our packing method to construct several protocols for secure biometric authentication and secure pattern matching computations. Our implementation shows that our method gives faster performance than the state-of-the-art work in such applications. Copyright © 2015 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: This paper applies artificial bee colony for anomaly-based intrusion detection systems and outperforms all methods reported in the literature, in addition to reducing the amount of data used for detection and classification.
Abstract: The demand for better intrusion detection systems, especially anomaly intrusion detection, increases daily, as new attacks arise and Internet speeds increase. The criterion for a good intrusion detection system is to detect emerging attacks with high accuracy at line rates. Existing systems suffer from high false positives and negatives, and are unable to handle increasing traffic rates. This paper applies artificial bee colony for anomaly-based intrusion detection systems. In addition, it uses two feature selection techniques to reduce the amount of data used for detection and classification. KDD Cup 99 dataset was used to evaluate the proposed algorithm. Experimental results show that artificial bee colony achieves average accuracy rate of 97.5% for known attacks and 93.2% overall for known and unknown attacks. The new algorithm outperforms all methods reported in the literature. Copyright © 2012 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: This paper proposes a cryptographically secure and efficient scheme for a client to prove to the server his ownership on the basis of actual possession of the entire original file instead of only partial information about it.
Abstract: With the rapid adoption of cloud storage services, a great deal of data is being stored at remote servers, so a new technology, client-side deduplication, which stores only a single copy of repeating data, is proposed to identify the client's deduplication and save the bandwidth of uploading copies of existing files to the server. It was recently found, however, that this promising technology is vulnerable to a new kind of attack in which by learning just a small piece of information about the file, namely its hash value, an attacker is able to obtain the entire file from the server. In this paper, to solve this problem, we propose a cryptographically secure and efficient scheme for a client to prove to the server his ownership on the basis of actual possession of the entire original file instead of only partial information about it. Our scheme utilizes the technique of spot checking in which the client only needs to access small portions of the original file, dynamic coefficients and randomly chosen indices of the original files. Our extensive security analysis shows that the proposed scheme can generate provable ownership of the file and maintain high detection probability of client misbehavior. Both performance analysis and simulation results demonstrate that our proposed scheme is much more efficient than the existing schemes, especially in reducing the burden of the client. Copyright © 2013 John Wiley & Sons, Ltd.

Journal ArticleDOI
TL;DR: By focusing on important static heuristic features and fuzzy classification algorithms, this paper tried to detect malwares and packed files and used preprocessing to evade anomaly exceptions in benign files that improved the detection results.
Abstract: Nowadays malware writers usually employ several obfuscation techniques to evade detection. The number of variants detected each day has been increasing significantly. Unfortunately traditional detection approaches such as signature scanning are becoming inefficient to detect such malwares. Researches show that these obfuscations make some anomalies in Portable Executable files. In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomaly exceptions in benign files that improved our detection results. The experimental results, using over 63000 file samples, indicate that the proposed detector achieves high detection results with low false positive and false negative rates. Furthermore, our experimental results on new malware samples that had been undetectable for many years by antivirus products and new custom packers, show that our system works well with new and unknown samples too. Copyright © 2015 John Wiley & Sons, Ltd.