Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355389
M. Baykara, Zahit Ziya Gürel
Phishing is a form of cybercrime where an attacker imitates a real person / institution by promoting them as an official person or entity through e-mail or other communication mediums. In this type of cyber attack, the attacker sends malicious links or attachments through phishing e-mails that can perform various functions, including capturing the login credentials or account information of the victim. These e-mails harm victims because of money loss and identity theft. In this study, a software called “Anti Phishing Simulator” was developed, giving information about the detection problem of phishing and how to detect phishing emails. With this software, phishing and spam mails are detected by examining mail contents. Classification of spam words added to the database by Bayesian algorithm is provided.
{"title":"Detection of phishing attacks","authors":"M. Baykara, Zahit Ziya Gürel","doi":"10.1109/ISDFS.2018.8355389","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355389","url":null,"abstract":"Phishing is a form of cybercrime where an attacker imitates a real person / institution by promoting them as an official person or entity through e-mail or other communication mediums. In this type of cyber attack, the attacker sends malicious links or attachments through phishing e-mails that can perform various functions, including capturing the login credentials or account information of the victim. These e-mails harm victims because of money loss and identity theft. In this study, a software called “Anti Phishing Simulator” was developed, giving information about the detection problem of phishing and how to detect phishing emails. With this software, phishing and spam mails are detected by examining mail contents. Classification of spam words added to the database by Bayesian algorithm is provided.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"191 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122301260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355344
Khushboo Rathi, Umit Karabiyik, Temilola Aderibigbe, H. Chi
Smartphone market is growing day by day and according to Statista, as of 2017, 68.4% of the U.S. population uses smartphones. Similarly, the amount of information stored on these mobile devices is tremendous and ranging from personal details, contacts, applications data, to exchange of texts and media. This information can become a significant evidence during a digital forensics investigation and thereafter in courts. As Android is one of the leading smartphone operating systems worldwide, it is important to have the knowledge of Android forensics. Moreover, chat messaging between the users becoming the most prominent communication medium particularly among the youth. The exponential increase in the interception of chat messages on mobile devices led to implementation of end to end encryption. This is mainly due to the concerns raised on privacy and security of user data on smartphones. In this paper we analyze widely used encrypted Instant Messaging (IM) applications namely WeChat, Telegram, Viber and Whatsapp. We also show how these applications store data in the Android file system. In addition we also discuss forensic implications of the IM applications that are utilizing encryption. Analysis of artifacts collected from these applications is performed using the Android Debugging Bridge (ADB) tool and some other open source tools. Moreover, we also present the challenges faced during the collection of the forensically important artifacts.
{"title":"Forensic analysis of encrypted instant messaging applications on Android","authors":"Khushboo Rathi, Umit Karabiyik, Temilola Aderibigbe, H. Chi","doi":"10.1109/ISDFS.2018.8355344","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355344","url":null,"abstract":"Smartphone market is growing day by day and according to Statista, as of 2017, 68.4% of the U.S. population uses smartphones. Similarly, the amount of information stored on these mobile devices is tremendous and ranging from personal details, contacts, applications data, to exchange of texts and media. This information can become a significant evidence during a digital forensics investigation and thereafter in courts. As Android is one of the leading smartphone operating systems worldwide, it is important to have the knowledge of Android forensics. Moreover, chat messaging between the users becoming the most prominent communication medium particularly among the youth. The exponential increase in the interception of chat messages on mobile devices led to implementation of end to end encryption. This is mainly due to the concerns raised on privacy and security of user data on smartphones. In this paper we analyze widely used encrypted Instant Messaging (IM) applications namely WeChat, Telegram, Viber and Whatsapp. We also show how these applications store data in the Android file system. In addition we also discuss forensic implications of the IM applications that are utilizing encryption. Analysis of artifacts collected from these applications is performed using the Android Debugging Bridge (ADB) tool and some other open source tools. Moreover, we also present the challenges faced during the collection of the forensically important artifacts.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134330164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355360
Mayank Jaiswal, Yasir Malik, Fehmi Jaafar
Android operating systems have become a prime target for attackers as most of the market is currently dominated by Android users. The situation gets worse when users unknowingly download or sideload cloning applications, especially gaming applications that look like benign games. In this paper, we present, a dynamic Android gaming malware detection system based on system call analysis to classify malicious and legitimate games. We performed the dynamic system call analysis on normal and malicious gaming applications while applications are in execution state. Our analysis reveals the similarities and differences between benign and malware game system calls and shows how dynamically analyzing the behavior of malicious activity through system calls during runtime makes it easier and is more effective to detect malicious applications. Experimental analysis and results shows the efficiency and effectiveness of our approach.
{"title":"Android gaming malware detection using system call analysis","authors":"Mayank Jaiswal, Yasir Malik, Fehmi Jaafar","doi":"10.1109/ISDFS.2018.8355360","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355360","url":null,"abstract":"Android operating systems have become a prime target for attackers as most of the market is currently dominated by Android users. The situation gets worse when users unknowingly download or sideload cloning applications, especially gaming applications that look like benign games. In this paper, we present, a dynamic Android gaming malware detection system based on system call analysis to classify malicious and legitimate games. We performed the dynamic system call analysis on normal and malicious gaming applications while applications are in execution state. Our analysis reveals the similarities and differences between benign and malware game system calls and shows how dynamically analyzing the behavior of malicious activity through system calls during runtime makes it easier and is more effective to detect malicious applications. Experimental analysis and results shows the efficiency and effectiveness of our approach.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"14 18","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113955871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355371
D. L. Msongaleli, K. Kucuk
Over the past decades, the Electronic Mail (email) has replaced the traditional postal system. Email service is ubiquitously used to transmit text and multimedia message globally. The high reliance on the email service has motivated criminals to exploit email applications for spreading malicious messages. Moreover, policing the cyberspace has been a complicated issue considering factors such as difficult to pinpoint culprits and jurisdictional complexity. Existing research publications address this problem by considering email header analysis techniques. Nevertheless, current email applications are susceptible to spoofed emails that often contain fake email header. This study presents the email investigation algorithm for criminal investigation and dispute settlement. We present the three-tiered algorithm that can be used by law enforcement and other investigation units in order to identify the culprits spreading malicious and disputed emails. Unlike existing publications, our study considers email header, email server logs, and local devices analysis in addressing email related disputes. Finally, we present a case study that shows the applicability of our algorithm.
{"title":"Electronic mail forensic algorithm for crime investigation and dispute settlement","authors":"D. L. Msongaleli, K. Kucuk","doi":"10.1109/ISDFS.2018.8355371","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355371","url":null,"abstract":"Over the past decades, the Electronic Mail (email) has replaced the traditional postal system. Email service is ubiquitously used to transmit text and multimedia message globally. The high reliance on the email service has motivated criminals to exploit email applications for spreading malicious messages. Moreover, policing the cyberspace has been a complicated issue considering factors such as difficult to pinpoint culprits and jurisdictional complexity. Existing research publications address this problem by considering email header analysis techniques. Nevertheless, current email applications are susceptible to spoofed emails that often contain fake email header. This study presents the email investigation algorithm for criminal investigation and dispute settlement. We present the three-tiered algorithm that can be used by law enforcement and other investigation units in order to identify the culprits spreading malicious and disputed emails. Unlike existing publications, our study considers email header, email server logs, and local devices analysis in addressing email related disputes. Finally, we present a case study that shows the applicability of our algorithm.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115656209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355322
S. Demirel, Resul Das
Requirement analysis is one of the key challenges in software development projects. Customer requirement specification and management entails various impacts to software projects and still is an improvement area on both academic and industrial fields. Models like CMMI also uncovers requirement development and management and specifies the specific goals and practices for them. In this paper, key challenges and issues of requirement management are listed with respect to a standardization activity, namely CMMI.
{"title":"Software requirement analysis: Research challenges and technical approaches","authors":"S. Demirel, Resul Das","doi":"10.1109/ISDFS.2018.8355322","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355322","url":null,"abstract":"Requirement analysis is one of the key challenges in software development projects. Customer requirement specification and management entails various impacts to software projects and still is an improvement area on both academic and industrial fields. Models like CMMI also uncovers requirement development and management and specifies the specific goals and practices for them. In this paper, key challenges and issues of requirement management are listed with respect to a standardization activity, namely CMMI.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123675611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355365
Muharrem Tuıncay Gençoğlu
In this work, an image encryption algorithm was proposed using the Fourier Series. Then, we mentioned the method of mathematical analysis that should be done to strengthen this algorithm against the statistical attack. The development of this last algorithm has been left to professionals.
{"title":"The use of fourier series for image encryptıon","authors":"Muharrem Tuıncay Gençoğlu","doi":"10.1109/ISDFS.2018.8355365","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355365","url":null,"abstract":"In this work, an image encryption algorithm was proposed using the Fourier Series. Then, we mentioned the method of mathematical analysis that should be done to strengthen this algorithm against the statistical attack. The development of this last algorithm has been left to professionals.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123158617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355393
S. Sarman, M. Sert
In this paper, we deal with the problem of violent scene detection. Although visual signal has been widely used in detection of violent scenes from video data, audio modality; on the other hand, has not been explored as much as visual modality of the video data. Also, in some scenarios such as video surveillance, visual modality can be missing or absent due to the environmental conditions. Therefore, we use the audio modality of video data to decide whether a video scene is violent or not. For this purpose, we propose an ensemble learning method to classify video scenes as “violent” or “non-violent”. We provide empirical analyses both for different audio features and classifiers. As a result, we obtain best classification performance by using the Random Forest algorithm along with the ZCR feature. We use MediaEval Violent Scene Detection task dataset for the evaluations and obtain superior results with the official metric MAP@100 of 66% compared with the literature.
{"title":"Audio based violent scene classification using ensemble learning","authors":"S. Sarman, M. Sert","doi":"10.1109/ISDFS.2018.8355393","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355393","url":null,"abstract":"In this paper, we deal with the problem of violent scene detection. Although visual signal has been widely used in detection of violent scenes from video data, audio modality; on the other hand, has not been explored as much as visual modality of the video data. Also, in some scenarios such as video surveillance, visual modality can be missing or absent due to the environmental conditions. Therefore, we use the audio modality of video data to decide whether a video scene is violent or not. For this purpose, we propose an ensemble learning method to classify video scenes as “violent” or “non-violent”. We provide empirical analyses both for different audio features and classifiers. As a result, we obtain best classification performance by using the Random Forest algorithm along with the ZCR feature. We use MediaEval Violent Scene Detection task dataset for the evaluations and obtain superior results with the official metric MAP@100 of 66% compared with the literature.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125270698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355321
Osman Eray, S. Tokat, S. Iplikci
Speech recognition systems aim to make human-machine communication quickly and easily. In recent years, various researches and studies have been carried out to develop speech recognition systems. Examples of these studies are speech recognition, speaker recognition and speaker verification. In this study, speech recognition systems were investigated, methods used in the literature were investigated and a Turkish speech recognition application was developed. The application consists of speech coding and speech recognition. Firstly 20 Turkish words which are frequently used on the computer were determined. There are 20 records from each word. A total of 400 words were recorded on the computer with a microphone. In the speech coding section of the application, these words recorded on the computer are encoded by the Linear Pre-estimation Coding (LPC) method and the LPC parameters for each word are obtained. In the speech recognition section of the application, the Support Vector Machines (SVM) method is used. Two types of SVM classifiers are designed. These are the Soft Margin SVM (SM-SVM) classifier and the Least Square SVM (LS-SVM) classifier. Classification consists of training and testing stages. Of the 400 coded words, 200 were used for the training phase and 200 were used for the testing phase. As a result, 91% accurate recognition success for the SM-SVM classifier; 71% correct recognition of the LS-SVM classifier has been achieved.
{"title":"An application of speech recognition with support vector machines","authors":"Osman Eray, S. Tokat, S. Iplikci","doi":"10.1109/ISDFS.2018.8355321","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355321","url":null,"abstract":"Speech recognition systems aim to make human-machine communication quickly and easily. In recent years, various researches and studies have been carried out to develop speech recognition systems. Examples of these studies are speech recognition, speaker recognition and speaker verification. In this study, speech recognition systems were investigated, methods used in the literature were investigated and a Turkish speech recognition application was developed. The application consists of speech coding and speech recognition. Firstly 20 Turkish words which are frequently used on the computer were determined. There are 20 records from each word. A total of 400 words were recorded on the computer with a microphone. In the speech coding section of the application, these words recorded on the computer are encoded by the Linear Pre-estimation Coding (LPC) method and the LPC parameters for each word are obtained. In the speech recognition section of the application, the Support Vector Machines (SVM) method is used. Two types of SVM classifiers are designed. These are the Soft Margin SVM (SM-SVM) classifier and the Least Square SVM (LS-SVM) classifier. Classification consists of training and testing stages. Of the 400 coded words, 200 were used for the training phase and 200 were used for the testing phase. As a result, 91% accurate recognition success for the SM-SVM classifier; 71% correct recognition of the LS-SVM classifier has been achieved.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125461131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355362
S. Akleylek, Nurşah Kaya
In this paper, we propose two new quantum secure key exchange protocols based on MaTRU. These protocols differ on the key agreement phase. They use ephemeral keys, i.e., they satisfy perfect forward secrecy property. We also give the parameter choices for the proposed key exchange protocols for different security levels. Then, we compare them with NTRU-KE in view of the number of required arithmetic operations.
{"title":"New quantum secure key exchange protocols based on MaTRU","authors":"S. Akleylek, Nurşah Kaya","doi":"10.1109/ISDFS.2018.8355362","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355362","url":null,"abstract":"In this paper, we propose two new quantum secure key exchange protocols based on MaTRU. These protocols differ on the key agreement phase. They use ephemeral keys, i.e., they satisfy perfect forward secrecy property. We also give the parameter choices for the proposed key exchange protocols for different security levels. Then, we compare them with NTRU-KE in view of the number of required arithmetic operations.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131335382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-22DOI: 10.1109/ISDFS.2018.8355377
Durmuş Özkan Şahin, Oğuz Emre Kural, S. Akleylek, E. Kılıç
Mobile devices' hardware have been enhancing day by day. With this development, mobile phones are supporting many programs and everyone takes advantage of them. Nevertheless, malware applications are increasing more and more so that people can come across lots of problems. Android is a mobile operating system that is the most used on the smart mobile phones. Because it is the most used and open source, it has been the target of attackers. Android security related to the permissions allowed by users to the applications. There have been many studies on the permission based Android malware detection. In this study, permission based Android malware system is analyzed. Unlike other studies, we propose permission weight approach. Each of permissions is given a different score by means of this approach. Then, K-nearest Neighbor (KNN) and Naïve Bayes (NB) algorithms are applied and the proposed method is compared with the previous studies. According to the experimental results, the proposed approach has better results than the other ones.
{"title":"New results on permission based static analysis for Android malware","authors":"Durmuş Özkan Şahin, Oğuz Emre Kural, S. Akleylek, E. Kılıç","doi":"10.1109/ISDFS.2018.8355377","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355377","url":null,"abstract":"Mobile devices' hardware have been enhancing day by day. With this development, mobile phones are supporting many programs and everyone takes advantage of them. Nevertheless, malware applications are increasing more and more so that people can come across lots of problems. Android is a mobile operating system that is the most used on the smart mobile phones. Because it is the most used and open source, it has been the target of attackers. Android security related to the permissions allowed by users to the applications. There have been many studies on the permission based Android malware detection. In this study, permission based Android malware system is analyzed. Unlike other studies, we propose permission weight approach. Each of permissions is given a different score by means of this approach. Then, K-nearest Neighbor (KNN) and Naïve Bayes (NB) algorithms are applied and the proposed method is compared with the previous studies. According to the experimental results, the proposed approach has better results than the other ones.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130048851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: