Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355348
Qimeng Lu, Shaopei Shi, Jianhua Xi, Jinhua Zeng, Yan Li, Xiao Mao
Video surveillance has become an important tool in various fields of social security, including criminal investigation, remote defense, information verification, etc. Non-universal video format also brings great challenges to data recovery. We explore a typical method that contains 4 steps for time code retrieval in practical case examination. These 4 steps are A) obtain existing video files, B) analyze the structure of existing video files and find the time field location, C) ascertain the time code location and change pattern and D) export and browse. Confirmed via comparison with 2 sets of questioned special format surveillance video files, this method has proved to be effective.
{"title":"A method of time code retrieval for special format surveillance video based on file header comparison","authors":"Qimeng Lu, Shaopei Shi, Jianhua Xi, Jinhua Zeng, Yan Li, Xiao Mao","doi":"10.1109/ISDFS.2018.8355348","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355348","url":null,"abstract":"Video surveillance has become an important tool in various fields of social security, including criminal investigation, remote defense, information verification, etc. Non-universal video format also brings great challenges to data recovery. We explore a typical method that contains 4 steps for time code retrieval in practical case examination. These 4 steps are A) obtain existing video files, B) analyze the structure of existing video files and find the time field location, C) ascertain the time code location and change pattern and D) export and browse. Confirmed via comparison with 2 sets of questioned special format surveillance video files, this method has proved to be effective.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124616813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355325
Semuel Franko, I. B. Parlak
This paper presents multiclass text analysis for the classification problem in Spanish documents. Even if Spanish language is considered as one the most spoken language, text classification problem has not yet been carried out for different problems in multiclass analysis. Two different approaches; Naive Bayes and Maximum Entropy were used as machine learning techniques. The corpus was created with 10 different categories. Smoothing parameters and three different document models were integrated to the study. During the comparative analysis, optimal parameters were determined using their sensitivity on the accuracy, the precision and the recall. Consequently, Maximum Entropy was found as the best technique even if both techniques were relevant in multiclass classification.
{"title":"A comparative approach for multiclass text analysis","authors":"Semuel Franko, I. B. Parlak","doi":"10.1109/ISDFS.2018.8355325","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355325","url":null,"abstract":"This paper presents multiclass text analysis for the classification problem in Spanish documents. Even if Spanish language is considered as one the most spoken language, text classification problem has not yet been carried out for different problems in multiclass analysis. Two different approaches; Naive Bayes and Maximum Entropy were used as machine learning techniques. The corpus was created with 10 different categories. Smoothing parameters and three different document models were integrated to the study. During the comparative analysis, optimal parameters were determined using their sensitivity on the accuracy, the precision and the recall. Consequently, Maximum Entropy was found as the best technique even if both techniques were relevant in multiclass classification.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125558862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355394
S. Elshafei, A. Abdelnaby
We show a new clustering procedure which can be considered a first step in an insider threat detection framework. The procedure relies on plainly unsupervised mining of typical behavior of insiders. In other words, the ranking of an individual observation on the feature space is of minimal importance. We use a publicly available data set composed of truncated Unix commands issued by insiders. Evaluation of the algorithm output, defined as the ability of the algorithm to detect violations of the allowed behavior grouping, is conducted through comparisons with the ground truth provided with the data set used.
{"title":"Using semantic variations in clustering insiders behavior","authors":"S. Elshafei, A. Abdelnaby","doi":"10.1109/ISDFS.2018.8355394","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355394","url":null,"abstract":"We show a new clustering procedure which can be considered a first step in an insider threat detection framework. The procedure relies on plainly unsupervised mining of typical behavior of insiders. In other words, the ranking of an individual observation on the feature space is of minimal importance. We use a publicly available data set composed of truncated Unix commands issued by insiders. Evaluation of the algorithm output, defined as the ability of the algorithm to detect violations of the allowed behavior grouping, is conducted through comparisons with the ground truth provided with the data set used.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"172 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127629043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355359
M. Afridi, Toqeer Ali, Turki G. Alghamdi, T. Ali, Muhammad Yasar
Currently over 2 billion active devices are running Android operating system. At present more than 2.2 million applications are accessible for download from Android's application store called Google Play. Android is the most popular opensource mobile operating system, though its security is still challenge-able. There are many reports of user's privacy being voilated due to vulnerable mobile applications. A report published by McAfee in 2016 showed that over 2.5 million new malwares were found just in the last quadrant of 2016. Various strategies have been proposed to recognize pernicious applications, some use sequences of permissions to determine the malicious nature of applications, while others look into different system calls triggered by applications during its execution. In this paper, we propose the use of intents raised by applications as a metric to identify the malicious behavior of an application. For this purpose, we generated a dataset that contained more than 30,000 applications (15,000 malicious and 15,000 benign applications), which were used to train the proposed model with different machine learning algorithms using most common events. The results have shown acceptable detection rate of malicious behavior with the help of intents. We can deduce that, our proposed model, is a novel and smart way of detecting malicious behavior in Android applications.
{"title":"Android application behavioral analysis through intent monitoring","authors":"M. Afridi, Toqeer Ali, Turki G. Alghamdi, T. Ali, Muhammad Yasar","doi":"10.1109/ISDFS.2018.8355359","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355359","url":null,"abstract":"Currently over 2 billion active devices are running Android operating system. At present more than 2.2 million applications are accessible for download from Android's application store called Google Play. Android is the most popular opensource mobile operating system, though its security is still challenge-able. There are many reports of user's privacy being voilated due to vulnerable mobile applications. A report published by McAfee in 2016 showed that over 2.5 million new malwares were found just in the last quadrant of 2016. Various strategies have been proposed to recognize pernicious applications, some use sequences of permissions to determine the malicious nature of applications, while others look into different system calls triggered by applications during its execution. In this paper, we propose the use of intents raised by applications as a metric to identify the malicious behavior of an application. For this purpose, we generated a dataset that contained more than 30,000 applications (15,000 malicious and 15,000 benign applications), which were used to train the proposed model with different machine learning algorithms using most common events. The results have shown acceptable detection rate of malicious behavior with the help of intents. We can deduce that, our proposed model, is a novel and smart way of detecting malicious behavior in Android applications.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127485537","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355392
E. Avci, Songul Karakus, Ozlem Ozmen, Derya Avcı
In this study, dataset named “Chronic_Kidney_Disease” obtained from UCI database is used. The dataset consists of 400 individuals' information and contains 25 features. With WEKA software, this dataset was classified according to whether it is chronic kidney disease using Naive Bayes (NB), K-Star, Support Vector Machines (SVM) and J48 classifiers used in data mining. Accuracy, precision, sensitivity, and F-measure values are used for performance comparisons of the performed classifications. According to the obtained results, more successful results were obtained in J48 algorithm with 99% accuracy.
{"title":"Performance comparison of some classifiers on Chronic Kidney Disease data","authors":"E. Avci, Songul Karakus, Ozlem Ozmen, Derya Avcı","doi":"10.1109/ISDFS.2018.8355392","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355392","url":null,"abstract":"In this study, dataset named “Chronic_Kidney_Disease” obtained from UCI database is used. The dataset consists of 400 individuals' information and contains 25 features. With WEKA software, this dataset was classified according to whether it is chronic kidney disease using Naive Bayes (NB), K-Star, Support Vector Machines (SVM) and J48 classifiers used in data mining. Accuracy, precision, sensitivity, and F-measure values are used for performance comparisons of the performed classifications. According to the obtained results, more successful results were obtained in J48 algorithm with 99% accuracy.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"31 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125849154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355337
A. Duka, B. Genge, P. Haller
In the context of the ever more increasing number of cyber attacks targeted against Industrial Control Systems, the protection of data (e.g., process variables) commonly exchanged between the system's components (e.g., between Programmable Logic Controllers — PLCs, and Human Machine Interfaces — HMIs), is of greatest importance. In spite of their modest computational resources, we show that, when compared to other computer systems (e.g., traditional PCs), it is possible to enhance the control programs running within PLCs with Message Authentication Codes (MACs) constructions. These enable to authenticate the exchanged data, therefore providing a means to simultaneously verify both the data integrity and the authentication of process variables. This paper presents PLC-specific details for several MAC implementations and assesses their efficiency, in terms of execution time, as tested on Phoenix Contact's ILC 350 PN controller.
{"title":"Enabling authenticated data exchanges in industrial control systems","authors":"A. Duka, B. Genge, P. Haller","doi":"10.1109/ISDFS.2018.8355337","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355337","url":null,"abstract":"In the context of the ever more increasing number of cyber attacks targeted against Industrial Control Systems, the protection of data (e.g., process variables) commonly exchanged between the system's components (e.g., between Programmable Logic Controllers — PLCs, and Human Machine Interfaces — HMIs), is of greatest importance. In spite of their modest computational resources, we show that, when compared to other computer systems (e.g., traditional PCs), it is possible to enhance the control programs running within PLCs with Message Authentication Codes (MACs) constructions. These enable to authenticate the exchanged data, therefore providing a means to simultaneously verify both the data integrity and the authentication of process variables. This paper presents PLC-specific details for several MAC implementations and assesses their efficiency, in terms of execution time, as tested on Phoenix Contact's ILC 350 PN controller.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125491304","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355383
F. Topaloğlu, H. Pehlivan
Wind power plant installation is an important issue for project developers and uncertain and ambiguous data are used in the decision making process. This study has been planned because of the lack of a generally accepted scale in this area until today and evaluation results' varying between firms. An inspection system has been designed in Matlab / Simulink for the meteorological parameters planned to be used in the installation of the wind power plants. Fuzzy logic controllers (FLC) with trapezoidal, Gaussian and triangular membership functions were applied separately under the supervision of the designed system. The effects of membership functions on the system were examined and the optimal membership function for the designed system was determined.
{"title":"Analysis of the effects of different fuzzy membership functions for wind power plant installation parameters","authors":"F. Topaloğlu, H. Pehlivan","doi":"10.1109/ISDFS.2018.8355383","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355383","url":null,"abstract":"Wind power plant installation is an important issue for project developers and uncertain and ambiguous data are used in the decision making process. This study has been planned because of the lack of a generally accepted scale in this area until today and evaluation results' varying between firms. An inspection system has been designed in Matlab / Simulink for the meteorological parameters planned to be used in the installation of the wind power plants. Fuzzy logic controllers (FLC) with trapezoidal, Gaussian and triangular membership functions were applied separately under the supervision of the designed system. The effects of membership functions on the system were examined and the optimal membership function for the designed system was determined.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"42 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132831042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355334
Nurhayat Varol
This study presents a dependency based mapping approach to automate the process of generating a flow. A flow is a customized sequence of operators that transforms one set of data items into a more refined set based on a set of rules. First, the classification of various operators is carried out based on their usage in generating different flows. Based on this classification a flow generating algorithm is provided. An example follows to describe the central idea of the algorithm. Then, a few future enhancements of the study are proposed.
{"title":"Generating flow based on dependencies","authors":"Nurhayat Varol","doi":"10.1109/ISDFS.2018.8355334","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355334","url":null,"abstract":"This study presents a dependency based mapping approach to automate the process of generating a flow. A flow is a customized sequence of operators that transforms one set of data items into a more refined set based on a set of rules. First, the classification of various operators is carried out based on their usage in generating different flows. Based on this classification a flow generating algorithm is provided. An example follows to describe the central idea of the algorithm. Then, a few future enhancements of the study are proposed.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115543584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355323
W. Mardini, Shadi A. Aljawarneh, Amnah Al-Abdi, Haneen Ta'amneh
IPv6 Routing Protocol for Low Power and Lossy Networks (RPL) is the standard routing protocol for Wireless Sensors Network (WSN). Two main Objective Functions (OF) are used in RPL; Objective Function Zero (OF0) and Minimum Rank with Hysteresis Objective Function (MRHOF), each of these two OFs provides a different way for selecting the parent toward the destination. In RPL, the standard interval for sending one control packet is approximately equal to one minute, this sending interval can be modified to be less than that. The target of this paper is to evaluate the performance of each previously mentioned RPL's OFs with two scenarios. In the first scenario, we fixed the network densities and changed the sending intervals and the transmission range values, and in the second scenario, we fixed the transmission range values, and changed the network densities and the sending intervals. Packet Delivery Ratio (PDR), and power consumption is the considered criteria for this evaluation. The experiments are simulated using Cooja simulator. The results show that there is a clear impact for varying the sending interval on the performance of the RPL's OFs taking in account the network density and the nodes transmission range. In general, increasing sending interval will increase PDR and decrease the power consumption. At the extent of our knowledge, this is the first work that evaluates the RPL objective functions by changing the default sending interval of the control packets taking into consideration the node densities and the transmission ranges.
{"title":"Performance evaluation of RPL objective functions for different sending intervals","authors":"W. Mardini, Shadi A. Aljawarneh, Amnah Al-Abdi, Haneen Ta'amneh","doi":"10.1109/ISDFS.2018.8355323","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355323","url":null,"abstract":"IPv6 Routing Protocol for Low Power and Lossy Networks (RPL) is the standard routing protocol for Wireless Sensors Network (WSN). Two main Objective Functions (OF) are used in RPL; Objective Function Zero (OF0) and Minimum Rank with Hysteresis Objective Function (MRHOF), each of these two OFs provides a different way for selecting the parent toward the destination. In RPL, the standard interval for sending one control packet is approximately equal to one minute, this sending interval can be modified to be less than that. The target of this paper is to evaluate the performance of each previously mentioned RPL's OFs with two scenarios. In the first scenario, we fixed the network densities and changed the sending intervals and the transmission range values, and in the second scenario, we fixed the transmission range values, and changed the network densities and the sending intervals. Packet Delivery Ratio (PDR), and power consumption is the considered criteria for this evaluation. The experiments are simulated using Cooja simulator. The results show that there is a clear impact for varying the sending interval on the performance of the RPL's OFs taking in account the network density and the nodes transmission range. In general, increasing sending interval will increase PDR and decrease the power consumption. At the extent of our knowledge, this is the first work that evaluates the RPL objective functions by changing the default sending interval of the control packets taking into consideration the node densities and the transmission ranges.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122839849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-03-01DOI: 10.1109/ISDFS.2018.8355363
Yinan Kong, Naila Mukhtar
Side-channel attacks have left the traditional methods of cryptanalysis far behind. The algorithms are mathematically secure, but the side-channel leakage poses a serious security threat. Innovative machine-learning classification methods have remarkably reduced the sampling time as well as the time required to recover the key. However, these results are constrained by high dimensionality, i.e. complex feature data increases the classification time, and at times results in false classification. In this paper, we a im to narrow down the feature space and determine which features contribute most, towards better classification accuracy, for key retrieval from an AES implementation running over Kintex-7. We have provided a comparison of classifying the key bit as 0 or 1 with a varying number of samples and different sets of features. This paper gives practical results of different properties becoming features for extracted power signals using both feature selection and extraction methods.
{"title":"On features suitable for power analysis — Filtering the contributing features for symmetric key recovery","authors":"Yinan Kong, Naila Mukhtar","doi":"10.1109/ISDFS.2018.8355363","DOIUrl":"https://doi.org/10.1109/ISDFS.2018.8355363","url":null,"abstract":"Side-channel attacks have left the traditional methods of cryptanalysis far behind. The algorithms are mathematically secure, but the side-channel leakage poses a serious security threat. Innovative machine-learning classification methods have remarkably reduced the sampling time as well as the time required to recover the key. However, these results are constrained by high dimensionality, i.e. complex feature data increases the classification time, and at times results in false classification. In this paper, we a im to narrow down the feature space and determine which features contribute most, towards better classification accuracy, for key retrieval from an AES implementation running over Kintex-7. We have provided a comparison of classifying the key bit as 0 or 1 with a varying number of samples and different sets of features. This paper gives practical results of different properties becoming features for extracted power signals using both feature selection and extraction methods.","PeriodicalId":154279,"journal":{"name":"2018 6th International Symposium on Digital Forensic and Security (ISDFS)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114854356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: