Pub Date : 2017-04-27DOI: 10.1049/iet-ifs.2016.0076
H. Sahu, Indivar Gupta, N. R. Pillai, R. Sharma
Binary decision diagram (BDD) is a state-of-the-art data structure for representing and manipulating Boolean functions. In 2002, Krause proposed theoretical framework for BDD-based cryptanalysis of stream ciphers. Since then not much work have been reported in this area. In this study, the authors propose a practical approach for cryptanalysis of stream cipher using reduced ordered BDD (ROBDD). They propose various methods for ANDing operation on ROBDDs, required during process of cryptanalysis. Out of these proposed methods, ‘recursive symmetric ANDing’ gives optimal order of ANDing. They use their approach to demonstrate cryptanalysis of E 0 stream cipher. They also discuss some implementation results. The attack can recover 39 unknown key bits in 5 s on regular personal computer. BuDDy-2.4 library is used for performing operations on BDDs.
{"title":"BDD-based cryptanalysis of stream cipher: a practical approach","authors":"H. Sahu, Indivar Gupta, N. R. Pillai, R. Sharma","doi":"10.1049/iet-ifs.2016.0076","DOIUrl":"https://doi.org/10.1049/iet-ifs.2016.0076","url":null,"abstract":"Binary decision diagram (BDD) is a state-of-the-art data structure for representing and manipulating Boolean functions. In 2002, Krause proposed theoretical framework for BDD-based cryptanalysis of stream ciphers. Since then not much work have been reported in this area. In this study, the authors propose a practical approach for cryptanalysis of stream cipher using reduced ordered BDD (ROBDD). They propose various methods for ANDing operation on ROBDDs, required during process of cryptanalysis. Out of these proposed methods, ‘recursive symmetric ANDing’ gives optimal order of ANDing. They use their approach to demonstrate cryptanalysis of E 0 stream cipher. They also discuss some implementation results. The attack can recover 39 unknown key bits in 5 s on regular personal computer. BuDDy-2.4 library is used for performing operations on BDDs.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74177367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-04-27DOI: 10.1049/iet-ifs.2015.0433
Lei Zhang, Wenling Wu
Since the proposition of improved generalised Feistel structure (GFS), many researches and applications have been published. In this study, the authors further enhance the improved GFS with SP-type round function by extending the sub-block-wise permutation to word-wise permutation which can have better diffusion and security effect. Then, they study the security effect of different permutation choices for this kind of enhanced GFS cipher with SP-type round function. By proving several propositions about the equivalent situation, they can eliminate isomorphic permutations so as to narrow down the candidate space notably and propose a method to compute the number of effective permutation candidates. Finally, they take three typical scenes as example, and for each experimental scene, they compute the number of effective permutation candidates and exhaustively evaluate their security results. They also give an optimum permutation as example for each scene.
{"title":"Analysis of permutation choices for enhanced generalised Feistel structure with SP-type round function","authors":"Lei Zhang, Wenling Wu","doi":"10.1049/iet-ifs.2015.0433","DOIUrl":"https://doi.org/10.1049/iet-ifs.2015.0433","url":null,"abstract":"Since the proposition of improved generalised Feistel structure (GFS), many researches and applications have been published. In this study, the authors further enhance the improved GFS with SP-type round function by extending the sub-block-wise permutation to word-wise permutation which can have better diffusion and security effect. Then, they study the security effect of different permutation choices for this kind of enhanced GFS cipher with SP-type round function. By proving several propositions about the equivalent situation, they can eliminate isomorphic permutations so as to narrow down the candidate space notably and propose a method to compute the number of effective permutation candidates. Finally, they take three typical scenes as example, and for each experimental scene, they compute the number of effective permutation candidates and exhaustively evaluate their security results. They also give an optimum permutation as example for each scene.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90596970","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-03-06DOI: 10.1049/iet-ifs.2015.0052
Ting Cui, Chenhui Jin, Bin Zhang, Zhuo Chen, Guoshuang Zhang
This study concentrates on finding all truncated impossible differentials in substitution-permutation networks (SPNs) ciphers. Instead of using the miss-in-the-middle approach, the authors propose a mathematical description of the truncated impossible differentials. First, they prove that all truncated impossible differentials in an r� + 1 rounds SPN cipher could be obtained by searching entry `0' in D�(� P�)� r�, where D�(� P�) denotes the differential pattern matrix (DPM) of P�-layer, thus the length of impossible differentials of an SPN cipher is upper bounded by the minimum integer r� such that there is no entry `0' in D�(� P�)� r�. Second, they provide two efficient algorithms to compute the DPMs for both bit-shuffles and matrices over GF(2� n�). Using these tools they prove that the longest truncated impossible differentials in SPN structure is 2-round, if the P�-layer is designed as an maximum distance separable (MDS) matrix. Finally, all truncated impossible differentials of advanced encryption standard (AES), ARIA, AES-MDS, PRESENT, MAYA and Puffin are obtained.
{"title":"Searching all truncated impossible differentials in SPN","authors":"Ting Cui, Chenhui Jin, Bin Zhang, Zhuo Chen, Guoshuang Zhang","doi":"10.1049/iet-ifs.2015.0052","DOIUrl":"https://doi.org/10.1049/iet-ifs.2015.0052","url":null,"abstract":"This study concentrates on finding all truncated impossible differentials in substitution-permutation networks (SPNs) ciphers. Instead of using the miss-in-the-middle approach, the authors propose a mathematical description of the truncated impossible differentials. First, they prove that all truncated impossible differentials in an r\u0000 + 1 rounds SPN cipher could be obtained by searching entry `0' in D\u0000(\u0000 P\u0000)\u0000 r\u0000, where D\u0000(\u0000 P\u0000) denotes the differential pattern matrix (DPM) of P\u0000-layer, thus the length of impossible differentials of an SPN cipher is upper bounded by the minimum integer r\u0000 such that there is no entry `0' in D\u0000(\u0000 P\u0000)\u0000 r\u0000. Second, they provide two efficient algorithms to compute the DPMs for both bit-shuffles and matrices over GF(2\u0000 n\u0000). Using these tools they prove that the longest truncated impossible differentials in SPN structure is 2-round, if the P\u0000-layer is designed as an maximum distance separable (MDS) matrix. Finally, all truncated impossible differentials of advanced encryption standard (AES), ARIA, AES-MDS, PRESENT, MAYA and Puffin are obtained.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86174940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-03-01DOI: 10.1049/iet-ifs.2015.0461
Bahram Rashidi, R. R. Farashahi, S. Sayedi
In this study high-performance and high-speed field-programmable gate array (FPGA) implementations of polynomial basis Itoh–Tsujii inversion algorithm (ITA) over GF(2 m ) constructed by irreducible trinomials and pentanomials are presented. The proposed structures are designed by one field multiplier and k -times squarer blocks or exponentiation by 2 k , where k is a small positive integer. The k -times squarer blocks have an efficient tree structure with low critical path delay, and the multiplier is based on a proposed high-speed digit-serial architecture with minimum hardware resources. Furthermore, to reduce the computation time of ITA, the critical path of the circuit is broken to finer path using several registers. The computation times of the structure on Virtex-4 FPGA family are 0.262, 0.192 and 0.271 µs for GF(2163), GF(2193) and GF(2233), respectively. The comparison results with other implementations of the polynomial basis Itoh–Tsujii inversion algorithm verify the improvement in the proposed architecture in terms of speed and performance.
{"title":"High-performance and high-speed implementation of polynomial basis Itoh-Tsujii inversion algorithm over GF(2 m )","authors":"Bahram Rashidi, R. R. Farashahi, S. Sayedi","doi":"10.1049/iet-ifs.2015.0461","DOIUrl":"https://doi.org/10.1049/iet-ifs.2015.0461","url":null,"abstract":"In this study high-performance and high-speed field-programmable gate array (FPGA) implementations of polynomial basis Itoh–Tsujii inversion algorithm (ITA) over GF(2 m ) constructed by irreducible trinomials and pentanomials are presented. The proposed structures are designed by one field multiplier and k -times squarer blocks or exponentiation by 2 k , where k is a small positive integer. The k -times squarer blocks have an efficient tree structure with low critical path delay, and the multiplier is based on a proposed high-speed digit-serial architecture with minimum hardware resources. Furthermore, to reduce the computation time of ITA, the critical path of the circuit is broken to finer path using several registers. The computation times of the structure on Virtex-4 FPGA family are 0.262, 0.192 and 0.271 µs for GF(2163), GF(2193) and GF(2233), respectively. The comparison results with other implementations of the polynomial basis Itoh–Tsujii inversion algorithm verify the improvement in the proposed architecture in terms of speed and performance.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85143020","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-03-01DOI: 10.1049/iet-ifs.2015.0246
Z. Trabelsi, S. Zeidan, M. Masud
Recent network architectures utilise many types of security appliances to combat blended attacks. However, managing multiple separate security appliances can be overwhelming, inefficient and expensive. Thus, multiple security features are needed to be integrated into unified security architecture resulting in an unified threat management system (UTM). In most current UTM systems, whenever a security feature is needed, the corresponding module is just ‘attached or added on’. This approach of adding on may reduce the UTM performance dramatically, especially when security features such as IDS/IPS are enabled. In this study, a hybrid mechanism is proposed to solve UTM redundant packet classification problem. The mechanism is based on the use of splay tree filters and pattern-matching algorithms to enhance packet filtering and deep packet inspection (DPI) performance. The proposed mechanism uses network traffic statistics to dynamically optimise the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. The authors demonstrate the merit of their mechanism through simulations performed on firewall and snort as independent packet manipulation systems compared with the proposed hybrid mechanism that uses unified communication between them.
{"title":"Hybrid mechanism towards network packet early acceptance and rejection for unified threat management","authors":"Z. Trabelsi, S. Zeidan, M. Masud","doi":"10.1049/iet-ifs.2015.0246","DOIUrl":"https://doi.org/10.1049/iet-ifs.2015.0246","url":null,"abstract":"Recent network architectures utilise many types of security appliances to combat blended attacks. However, managing multiple separate security appliances can be overwhelming, inefficient and expensive. Thus, multiple security features are needed to be integrated into unified security architecture resulting in an unified threat management system (UTM). In most current UTM systems, whenever a security feature is needed, the corresponding module is just ‘attached or added on’. This approach of adding on may reduce the UTM performance dramatically, especially when security features such as IDS/IPS are enabled. In this study, a hybrid mechanism is proposed to solve UTM redundant packet classification problem. The mechanism is based on the use of splay tree filters and pattern-matching algorithms to enhance packet filtering and deep packet inspection (DPI) performance. The proposed mechanism uses network traffic statistics to dynamically optimise the order of the splay tree filters, allowing early acceptance and rejection of network packets. In addition, DPI signature rules are reordered according to their matching frequencies, allowing early packets acceptance. The authors demonstrate the merit of their mechanism through simulations performed on firewall and snort as independent packet manipulation systems compared with the proposed hybrid mechanism that uses unified communication between them.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89960395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, some research used classical and heavyweight encryption technology to realise data privacy and integrity protection in data aggregation of wireless sensor networks. The challenge is the balance between resource constraints and the complexity of the deployment. In this study, the authors proposed a lightweight and integrity-protecting oriented data aggregation scheme for wireless sensor networks (LIPDA) which has lightweight, secure and easy operability to preserve data privacy and integrity during data aggregation in wireless sensor network. First, a distance-based formation scheme of network topology is presented to balance the energy consumption of cluster heads. Then, a structure of complex number, which composes from the private factor of the nodes and the original data, is composed. The complex number is encrypted by additive homomorphic encryption method, which can realise the data aggregation without any decryption. Also, the reliability of data is ensured by using integrity verification method based on the complex operation. The theoretical analysis and simulation results show that the proposed scheme LIPDA can meet the requirement of privacy protection. Moreover, compared with related work, LIPDA has lower calculation, less traffic, higher accuracy and verifiable completeness.
{"title":"Lightweight and integrity-protecting oriented data aggregation scheme for wireless sensor networks","authors":"Xiaomin Zhao, Jiabin Zhu, Xueli Liang, Shuangshuang Jiang, Q. Chen","doi":"10.1049/iet-ifs.2015.0387","DOIUrl":"https://doi.org/10.1049/iet-ifs.2015.0387","url":null,"abstract":"In recent years, some research used classical and heavyweight encryption technology to realise data privacy and integrity protection in data aggregation of wireless sensor networks. The challenge is the balance between resource constraints and the complexity of the deployment. In this study, the authors proposed a lightweight and integrity-protecting oriented data aggregation scheme for wireless sensor networks (LIPDA) which has lightweight, secure and easy operability to preserve data privacy and integrity during data aggregation in wireless sensor network. First, a distance-based formation scheme of network topology is presented to balance the energy consumption of cluster heads. Then, a structure of complex number, which composes from the private factor of the nodes and the original data, is composed. The complex number is encrypted by additive homomorphic encryption method, which can realise the data aggregation without any decryption. Also, the reliability of data is ensured by using integrity verification method based on the complex operation. The theoretical analysis and simulation results show that the proposed scheme LIPDA can meet the requirement of privacy protection. Moreover, compared with related work, LIPDA has lower calculation, less traffic, higher accuracy and verifiable completeness.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83800441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-03-01DOI: 10.1049/iet-ifs.2016.0131
T. Cusick
The authors describe a method for producing Boolean functions of degree d ≥ 3 in n = 2dk − 1 (k = 1, 2, …) variables, such that the functions are plateaued and balanced, have high nonlinearity and have no linear structures. The nonlinearity is 2 n−1 − 2(n−1)/2, which is the same as the largest possible nonlinearity for a quadratic function in n (odd) variables (the so-called ‘quadratic bound’). Their theorem uses some new ideas to generalise a theorem, which gave the case d = 3, in a 2009 paper by Fengrong Zhang et al. They discuss the cryptographic properties and applications for the functions.
{"title":"Highly nonlinear plateaued functions","authors":"T. Cusick","doi":"10.1049/iet-ifs.2016.0131","DOIUrl":"https://doi.org/10.1049/iet-ifs.2016.0131","url":null,"abstract":"The authors describe a method for producing Boolean functions of degree d ≥ 3 in n = 2dk − 1 (k = 1, 2, …) variables, such that the functions are plateaued and balanced, have high nonlinearity and have no linear structures. The nonlinearity is 2 n−1 − 2(n−1)/2, which is the same as the largest possible nonlinearity for a quadratic function in n (odd) variables (the so-called ‘quadratic bound’). Their theorem uses some new ideas to generalise a theorem, which gave the case d = 3, in a 2009 paper by Fengrong Zhang et al. They discuss the cryptographic properties and applications for the functions.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88233904","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-03-01DOI: 10.1049/iet-ifs.2015.0492
Xiangling Ding, Y. Deng, Gaobo Yang, Yun Song, Dajiang He, Xingming Sun
In this study, a perceptual encryption algorithm is proposed for H.264/AVC video to enhance the scrambling effect and encryption space. Six new scan orders are designed for H.264/AVC encoder by analysing the energy distribution of discrete cosine transform coefficients. They are proven to have similar performance as the conventional zigzag scan order and its symmetrical scan order. These six new scan orders are combined with two existing scan orders to design a scan-order based perceptual encryption algorithm. Specifically, video encryption is achieved more specifically by randomly selecting one scan order from the eight scan orders with a security key, and the sign bit flipping of DC coefficients is also incorporated to further increase the encryption space. Experimental results show that the proposed approach has the advantages of both low bitrate increase and low computational cost. Furthermore, it is more flexible and has stronger security than the existing scan-order based video encryption schemes.
{"title":"Design of new scan orders for perceptual encryption of H.264/AVC videos","authors":"Xiangling Ding, Y. Deng, Gaobo Yang, Yun Song, Dajiang He, Xingming Sun","doi":"10.1049/iet-ifs.2015.0492","DOIUrl":"https://doi.org/10.1049/iet-ifs.2015.0492","url":null,"abstract":"In this study, a perceptual encryption algorithm is proposed for H.264/AVC video to enhance the scrambling effect and encryption space. Six new scan orders are designed for H.264/AVC encoder by analysing the energy distribution of discrete cosine transform coefficients. They are proven to have similar performance as the conventional zigzag scan order and its symmetrical scan order. These six new scan orders are combined with two existing scan orders to design a scan-order based perceptual encryption algorithm. Specifically, video encryption is achieved more specifically by randomly selecting one scan order from the eight scan orders with a security key, and the sign bit flipping of DC coefficients is also incorporated to further increase the encryption space. Experimental results show that the proposed approach has the advantages of both low bitrate increase and low computational cost. Furthermore, it is more flexible and has stronger security than the existing scan-order based video encryption schemes.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85718773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-03-01DOI: 10.1049/iet-ifs.2015.0518
Rongjia Li, Chenhui Jin
This study presents several meet-in-the-middle attacks on reduced-round Crypton and mCrypton block ciphers. Using the generalised δ-set, the authors construct 5-round distinguishers on Crypton and mCrypton. Based on these distinguishers, the authors propose meet-in-the-middle attacks on 8-round Crypton and mCrypton-96/128. The attack on Crypton needs 2121 chosen plaintexts, 2132 encryptions and 2130 128-bit blocks; the attacks on mCrypton need 261 chosen plaintexts, 280 encryptions and 278 64-bit blocks. Furthermore, the attack can be extended to 9 rounds for mCrypton-128 with complexities of 261 chosen plaintexts, 2112 encryptions and 282 64-bit blocks.
{"title":"Improved meet-in-the-middle attacks on Crypton and mCrypton","authors":"Rongjia Li, Chenhui Jin","doi":"10.1049/iet-ifs.2015.0518","DOIUrl":"https://doi.org/10.1049/iet-ifs.2015.0518","url":null,"abstract":"This study presents several meet-in-the-middle attacks on reduced-round Crypton and mCrypton block ciphers. Using the generalised δ-set, the authors construct 5-round distinguishers on Crypton and mCrypton. Based on these distinguishers, the authors propose meet-in-the-middle attacks on 8-round Crypton and mCrypton-96/128. The attack on Crypton needs 2121 chosen plaintexts, 2132 encryptions and 2130 128-bit blocks; the attacks on mCrypton need 261 chosen plaintexts, 280 encryptions and 278 64-bit blocks. Furthermore, the attack can be extended to 9 rounds for mCrypton-128 with complexities of 261 chosen plaintexts, 2112 encryptions and 282 64-bit blocks.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89725437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-01-16DOI: 10.1049/iet-ifs.2015.0211
Xi Xiao, Zhenlong Wang, Qing Li, Shutao Xia, Yong Jiang
Android has become the most prevalent mobile system, but in the meanwhile malware on this platform is widespread. System call sequences are studied to detect malware. However, malware detection with these approaches relies on common system-call-subsequences. It is not so efficient because it is difficult to decide the appropriate length of the common subsequences. To address this issue, the authors propose a new approach, back-propagation neural network on Markov chains from system call sequences (BMSCS). It treats one system call sequence as a homogeneous stationary Markov chain and applies back-propagation neural network (BPNN) to detect malware by comparing transition probabilities in the chain. Since transition probabilities from one system call to another in malware are significantly different from those in benign applications, BMSCS can efficiently detect malware by capturing the anomaly in state transitions with the help of BPNN. The authors evaluate the performance of BMSCS by experiments with real application samples. The experiment results show that the F �-score of BMSCS achieves up to 0.982773, which is higher than the other methods in the literature.
{"title":"Back-propagation neural network on Markov chains from system call sequences: a new approach for detecting Android malware with system call sequences","authors":"Xi Xiao, Zhenlong Wang, Qing Li, Shutao Xia, Yong Jiang","doi":"10.1049/iet-ifs.2015.0211","DOIUrl":"https://doi.org/10.1049/iet-ifs.2015.0211","url":null,"abstract":"Android has become the most prevalent mobile system, but in the meanwhile malware on this platform is widespread. System call sequences are studied to detect malware. However, malware detection with these approaches relies on common system-call-subsequences. It is not so efficient because it is difficult to decide the appropriate length of the common subsequences. To address this issue, the authors propose a new approach, back-propagation neural network on Markov chains from system call sequences (BMSCS). It treats one system call sequence as a homogeneous stationary Markov chain and applies back-propagation neural network (BPNN) to detect malware by comparing transition probabilities in the chain. Since transition probabilities from one system call to another in malware are significantly different from those in benign applications, BMSCS can efficiently detect malware by capturing the anomaly in state transitions with the help of BPNN. The authors evaluate the performance of BMSCS by experiments with real application samples. The experiment results show that the F \u0000-score of BMSCS achieves up to 0.982773, which is higher than the other methods in the literature.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89705308","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: