Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856726
Aneesha Sethi, F. Paci, G. Wills
Cyber-security visualization is an up-and-coming area which aims to reduce security analysts' workload by presenting information as visual analytics rather than a string of text and characters. But the adoption of the resultant visualizations has not increased. The literature indicates a research gap of a lack of guidelines and standardized evaluation techniques for effective visualization in cyber-security, as a reason for it. Therefore, this research addresses the research gap by developing a framework called EEVi for effective cyber-security visualizations for the performed task. The term ‘effective visualization’ can be defined as the features of visualization that are crucial to perform a certain task successfully. EEVi has been developed by analyzing qualitative data that leads to the formation of cognitive relationships (called links) between data that act as guidelines for effective cyber-security visualization in terms of the performed task. The methodology to develop this framework can be applied to other fields to understand cognitive relationships between data. Additionally, the analysis presents a glimpse into the usage of EEVi in cyber-security visualization.
{"title":"EEVi - framework for evaluating the effectiveness of visualization in cyber-security","authors":"Aneesha Sethi, F. Paci, G. Wills","doi":"10.1109/ICITST.2016.7856726","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856726","url":null,"abstract":"Cyber-security visualization is an up-and-coming area which aims to reduce security analysts' workload by presenting information as visual analytics rather than a string of text and characters. But the adoption of the resultant visualizations has not increased. The literature indicates a research gap of a lack of guidelines and standardized evaluation techniques for effective visualization in cyber-security, as a reason for it. Therefore, this research addresses the research gap by developing a framework called EEVi for effective cyber-security visualizations for the performed task. The term ‘effective visualization’ can be defined as the features of visualization that are crucial to perform a certain task successfully. EEVi has been developed by analyzing qualitative data that leads to the formation of cognitive relationships (called links) between data that act as guidelines for effective cyber-security visualization in terms of the performed task. The methodology to develop this framework can be applied to other fields to understand cognitive relationships between data. Additionally, the analysis presents a glimpse into the usage of EEVi in cyber-security visualization.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122295060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856695
Neamah Al-Naffakh, N. Clarke, P. Dowland, Fudong Li
A secure, user-convenient approach to authenticate users on their mobile devices is required as current approaches (e.g., PIN or Password) suffer from security and usability issues. Transparent Authentication Systems (TAS) have been introduced to improve the level of security as well as offer continuous and unobtrusive authentication (i.e., user friendly) by using various behavioural biometric techniques. This paper presents the usefulness of using smartwatch motion sensors (i.e., accelerometer and gyroscope) to perform Activity Recognition for the use within a TAS. Whilst previous research in TAS has focused upon its application in computers and mobile devices, little attention is given to the use of wearable devices - which tend to be sensor-rich highly personal technologies. This paper presents a thorough analysis of the current state of the art in transparent and continuous authentication using acceleration and gyroscope sensors and a technology evaluation to determine the basis for such an approach. The best results are average Euclidean distance scores of 5.5 and 11.9 for users' intra acceleration and gyroscope signals respectively and 24.27 and 101.18 for users' inter acceleration and gyroscope activities accordingly. The findings demonstrate that the technology is sufficiently capable and the nature of the signals captured sufficiently discriminative to be useful in performing Activity Recognition.
{"title":"Activity Recognition using wearable computing","authors":"Neamah Al-Naffakh, N. Clarke, P. Dowland, Fudong Li","doi":"10.1109/ICITST.2016.7856695","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856695","url":null,"abstract":"A secure, user-convenient approach to authenticate users on their mobile devices is required as current approaches (e.g., PIN or Password) suffer from security and usability issues. Transparent Authentication Systems (TAS) have been introduced to improve the level of security as well as offer continuous and unobtrusive authentication (i.e., user friendly) by using various behavioural biometric techniques. This paper presents the usefulness of using smartwatch motion sensors (i.e., accelerometer and gyroscope) to perform Activity Recognition for the use within a TAS. Whilst previous research in TAS has focused upon its application in computers and mobile devices, little attention is given to the use of wearable devices - which tend to be sensor-rich highly personal technologies. This paper presents a thorough analysis of the current state of the art in transparent and continuous authentication using acceleration and gyroscope sensors and a technology evaluation to determine the basis for such an approach. The best results are average Euclidean distance scores of 5.5 and 11.9 for users' intra acceleration and gyroscope signals respectively and 24.27 and 101.18 for users' inter acceleration and gyroscope activities accordingly. The findings demonstrate that the technology is sufficiently capable and the nature of the signals captured sufficiently discriminative to be useful in performing Activity Recognition.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127531996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856759
Sivakumar Niranjan, C. Maxime, Boullier Dominique
Payments architectures are on the verge of a great bifurcation that must be documented in order to be debated. One one hand, actors like Google and Apple are moving towards becoming quasi-banks while they disseminate payment systems over smartphones. At the same time, the blockchain is a distributed ledger that introduces a radical new model of a trusted third-party for payments. The detailed history of credit card systems helps understand why the game of security has always been triggered by a delegation process of risk to third parties and by a cat-and-mouse game of security and fraud. Technologies were designed to solve these issues but have always been closely related to innovations in institutional assemblages. Payments systems shape our social life and the trust that we put in these architectures require an interdisciplinary examination that includes both technical and political concerns.
{"title":"Risk management in payment system architectures","authors":"Sivakumar Niranjan, C. Maxime, Boullier Dominique","doi":"10.1109/ICITST.2016.7856759","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856759","url":null,"abstract":"Payments architectures are on the verge of a great bifurcation that must be documented in order to be debated. One one hand, actors like Google and Apple are moving towards becoming quasi-banks while they disseminate payment systems over smartphones. At the same time, the blockchain is a distributed ledger that introduces a radical new model of a trusted third-party for payments. The detailed history of credit card systems helps understand why the game of security has always been triggered by a delegation process of risk to third parties and by a cat-and-mouse game of security and fraud. Technologies were designed to solve these issues but have always been closely related to innovations in institutional assemblages. Payments systems shape our social life and the trust that we put in these architectures require an interdisciplinary examination that includes both technical and political concerns.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127956694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856682
Neyire Deniz Sarier
In this paper, we describe the first generic construction for biometric Identity Based Encryption (IBE) considering two distance measures at the same time. Current protocols for fuzzy/biometric IBE consider either set overlap metric or Euclidean distance. However, the similarity measures for biometric templates can be quite different from those considered in theoretical works. For instance, a fingerprint template usually consists of a set of minutiae, and two templates are considered as similar if more than a certain number of minutiae in one template are near distinct minutiae in the other. In this case, the similarity measure has to consider both Euclidean distance and set difference at the same time. To achieve this property, our generic construction is based on two different biometric IBE systems encoding the same message. Specifically, we combine a fuzzy IBE-type scheme and the recently introduced Distance Based Encryption (DBE) scheme with minimum overhead in terms of public parameters, ciphertext and private key size. Also, we describe an efficient biometric IBE scheme denoted as ordFIBE, which is restricted for biometrics that can be represented as an ordered/grouped set of features. Finally, we instantiate the new construction based on ordFIBE and DBE of [1], which share the same setup phase, in particular, common public parameters.
{"title":"Efficient biometric-based Encryption for fingerprints","authors":"Neyire Deniz Sarier","doi":"10.1109/ICITST.2016.7856682","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856682","url":null,"abstract":"In this paper, we describe the first generic construction for biometric Identity Based Encryption (IBE) considering two distance measures at the same time. Current protocols for fuzzy/biometric IBE consider either set overlap metric or Euclidean distance. However, the similarity measures for biometric templates can be quite different from those considered in theoretical works. For instance, a fingerprint template usually consists of a set of minutiae, and two templates are considered as similar if more than a certain number of minutiae in one template are near distinct minutiae in the other. In this case, the similarity measure has to consider both Euclidean distance and set difference at the same time. To achieve this property, our generic construction is based on two different biometric IBE systems encoding the same message. Specifically, we combine a fuzzy IBE-type scheme and the recently introduced Distance Based Encryption (DBE) scheme with minimum overhead in terms of public parameters, ciphertext and private key size. Also, we describe an efficient biometric IBE scheme denoted as ordFIBE, which is restricted for biometrics that can be represented as an ordered/grouped set of features. Finally, we instantiate the new construction based on ordFIBE and DBE of [1], which share the same setup phase, in particular, common public parameters.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115599211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856719
Nouredine Seddiki, Amel Douli
The technological developments in microelectronics have enabled the integration of capacity for the achievement of several important tasks for monitoring the environment using very small components named sensors with low cost and low power consumption. A sensor node detects environmental phenomena to obtain data and transmits them to the sink via a single hop or multi-hop path in wireless sensor network applications. For monitoring applications, a topology of tree or forest is often used to collect data of global detection. The tree or forest is built after the initial deploying of nodes and are rebuilt on important topology changes. As the sensor node has limited energy, building a good tree to prolong the lifetime of the network is an important problem. In this paper we propose an approach for optimizing the lifetime of sensors network. First, we divide our network into disjoint sets, where each set represents a tree (tree construction). Then, we optimize the lifetime of network by using an efficient algorithm for balancing weight between trees in the network.
{"title":"Maximizing the wireless sensor networks lifetime","authors":"Nouredine Seddiki, Amel Douli","doi":"10.1109/ICITST.2016.7856719","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856719","url":null,"abstract":"The technological developments in microelectronics have enabled the integration of capacity for the achievement of several important tasks for monitoring the environment using very small components named sensors with low cost and low power consumption. A sensor node detects environmental phenomena to obtain data and transmits them to the sink via a single hop or multi-hop path in wireless sensor network applications. For monitoring applications, a topology of tree or forest is often used to collect data of global detection. The tree or forest is built after the initial deploying of nodes and are rebuilt on important topology changes. As the sensor node has limited energy, building a good tree to prolong the lifetime of the network is an important problem. In this paper we propose an approach for optimizing the lifetime of sensors network. First, we divide our network into disjoint sets, where each set represents a tree (tree construction). Then, we optimize the lifetime of network by using an efficient algorithm for balancing weight between trees in the network.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125357502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856724
Tiago Santos, C. Serrão
Currently, web and mobile-based systems exchange information with other services, mostly through APIs that extend the functionality and enable multipart interoperable information exchange. Most of this is accomplished through the usage of RESTful APIs and data exchange that is conducted using JSON over the HTTP or HTTPS protocol. In the case of the exchange requires some specific security requirements, SSL/TLS protocol is used to create a secure authenticated channel between the two communication end-points. This is a scenario where all the content of the channels is encrypted and is useful if the sender and the receptor are the only communicating parties, however this may not be the case. The authors of this paper, present a granular mechanism for selectively offering confidentiality and integrity to JSON documents, through the usage of public-key cryptography, based on the mechanisms that have been used also to provide XML security. The paper presents the proposal of the syntax for the SecJSON mechanism and an implementation that was created to offer developers the possibility to offer this security mechanism into their own services and applications.
{"title":"Secure Javascript Object Notation (SecJSON) Enabling granular confidentiality and integrity of JSON documents","authors":"Tiago Santos, C. Serrão","doi":"10.1109/ICITST.2016.7856724","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856724","url":null,"abstract":"Currently, web and mobile-based systems exchange information with other services, mostly through APIs that extend the functionality and enable multipart interoperable information exchange. Most of this is accomplished through the usage of RESTful APIs and data exchange that is conducted using JSON over the HTTP or HTTPS protocol. In the case of the exchange requires some specific security requirements, SSL/TLS protocol is used to create a secure authenticated channel between the two communication end-points. This is a scenario where all the content of the channels is encrypted and is useful if the sender and the receptor are the only communicating parties, however this may not be the case. The authors of this paper, present a granular mechanism for selectively offering confidentiality and integrity to JSON documents, through the usage of public-key cryptography, based on the mechanisms that have been used also to provide XML security. The paper presents the proposal of the syntax for the SecJSON mechanism and an implementation that was created to offer developers the possibility to offer this security mechanism into their own services and applications.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"10 17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122589311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856701
Dennis M. Lupiana, F. Mtenzi
A context model plays a significant role in developing context-aware architectures and consequently on realizing context-awareness, which is important in today's dynamic computing environments. These architectures monitor and analyse their environments to enable context-aware applications to effortlessly and appropriately respond to users' computing needs. These applications make the use of computing devices intuitive and less intrusive. A context model is an abstract and simplified representation of the real world, where the users and their computing devices interact. It is through a context model that knowledge about the real world can be represented in and reasoned by a context-aware architecture. This paper presents a Knowledge-intensive Context Model (KiCM). KiCM improves the existing context models by including knowledge about more entities that are essential for describing an occurrence of users' real context such as a meeting.
{"title":"KiCM: A knowledge-intensive context model","authors":"Dennis M. Lupiana, F. Mtenzi","doi":"10.1109/ICITST.2016.7856701","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856701","url":null,"abstract":"A context model plays a significant role in developing context-aware architectures and consequently on realizing context-awareness, which is important in today's dynamic computing environments. These architectures monitor and analyse their environments to enable context-aware applications to effortlessly and appropriately respond to users' computing needs. These applications make the use of computing devices intuitive and less intrusive. A context model is an abstract and simplified representation of the real world, where the users and their computing devices interact. It is through a context model that knowledge about the real world can be represented in and reasoned by a context-aware architecture. This paper presents a Knowledge-intensive Context Model (KiCM). KiCM improves the existing context models by including knowledge about more entities that are essential for describing an occurrence of users' real context such as a meeting.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133049382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856728
Samaneh Rashidibajgan
Opportunistic networks (OppNet) enable users to connect each other via wireless communication without connecting to the Internet. These networks have fragile structures and the topology of the network is changed frequently, so it is impossible to have a Trust Third Party as a certificate authority. There are many different attacks against these networks and one of them is Sybil Attack. In this paper, we proposed a new trust connection structure for Sybil attacks detection in OppNet. According to the Bayes rules and node's observation, we calculate the utility of nodes in different situations and demonstrated when nodes can trust each other. Furthermore, we considered the probability of receiving incorrect signal, in order to improve accuracy and false positive rate in the network. Results indicate that proposed algorithm improves False Positive Rate and Accuracy of the network.
{"title":"A trust structure for detection of sybil attacks in opportunistic networks","authors":"Samaneh Rashidibajgan","doi":"10.1109/ICITST.2016.7856728","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856728","url":null,"abstract":"Opportunistic networks (OppNet) enable users to connect each other via wireless communication without connecting to the Internet. These networks have fragile structures and the topology of the network is changed frequently, so it is impossible to have a Trust Third Party as a certificate authority. There are many different attacks against these networks and one of them is Sybil Attack. In this paper, we proposed a new trust connection structure for Sybil attacks detection in OppNet. According to the Bayes rules and node's observation, we calculate the utility of nodes in different situations and demonstrated when nodes can trust each other. Furthermore, we considered the probability of receiving incorrect signal, in order to improve accuracy and false positive rate in the network. Results indicate that proposed algorithm improves False Positive Rate and Accuracy of the network.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129350905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856700
M. Kassim, Nor Azura Ayop
This paper present an analysis of live internet traffic and development of an Adaptive Policing Algorithms to control burst traffic based on fitted traffic model. Objectives of this research is to characterize inbound IP-based campus internet traffic, then traffic is fitted to 2-parameters Cumulative Distribution Function (CDF) traffic model. A Percentage level Policing and algorithm is developed to control the bandwidth used. Open Distribution Fitting application is used to fit to the collected data. Maximum Log likelihood estimation technique is used to fit the best 2-parameter CDF which are Generalized Pareto, Weibull, Normal and Rician distribution model. Results presents best CDF fitted model is Generalized Pareto which present highest maximum likelihood value for this case. Thus, a percentage level of 5% under original bandwidth used is developed on policing algorithms to control internet bandwidth using Pareto traffic model. Result present performances upgraded around 3% to 5% of time processing and approximately 74% of bandwidth saved with Gen Pareto model. This result help to expand the view of new idea in modelling the tele-traffic algorithm based on bandwidth management and time processing improvement. Control algorithms on bandwidth can be developed especially on new Software Defined Network with this algorithms.
{"title":"Adaptive Policing Algorithms on inbound internet traffic using Generalized Pareto model","authors":"M. Kassim, Nor Azura Ayop","doi":"10.1109/ICITST.2016.7856700","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856700","url":null,"abstract":"This paper present an analysis of live internet traffic and development of an Adaptive Policing Algorithms to control burst traffic based on fitted traffic model. Objectives of this research is to characterize inbound IP-based campus internet traffic, then traffic is fitted to 2-parameters Cumulative Distribution Function (CDF) traffic model. A Percentage level Policing and algorithm is developed to control the bandwidth used. Open Distribution Fitting application is used to fit to the collected data. Maximum Log likelihood estimation technique is used to fit the best 2-parameter CDF which are Generalized Pareto, Weibull, Normal and Rician distribution model. Results presents best CDF fitted model is Generalized Pareto which present highest maximum likelihood value for this case. Thus, a percentage level of 5% under original bandwidth used is developed on policing algorithms to control internet bandwidth using Pareto traffic model. Result present performances upgraded around 3% to 5% of time processing and approximately 74% of bandwidth saved with Gen Pareto model. This result help to expand the view of new idea in modelling the tele-traffic algorithm based on bandwidth management and time processing improvement. Control algorithms on bandwidth can be developed especially on new Software Defined Network with this algorithms.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"138 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132374495","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856710
K. Alghafli, T. Martin
In digital forensics, file carving of video files is an important process in the recovery of video evidence needed for many criminal cases. Traditional carving techniques recover video files based on their file structure. However, these techniques fail in cases where the file is split into several fragments, especially if some of the fragments were overwritten. In this paper, we present a method for identification and recovery process of video fragments if the video Codec specifications were overwritten. It consists of two parts which are detector and validators. The detector looks for sequences of bytes that could be video fragments in forensics image. The validator decides to accept or reject that a given fragment is a part of a video file. Based on the proposed method we implement a prototype which is called VidCarve. We have conducted several experiments to evaluate the proposed method with current video carving tools. Experimental results show that the discussed method can identify video fragments with high rates of precision and recall. The overall performance rate can produce forensically sound evidence and play a vital role in the process of recovery of digital evidence in many criminal cases.
{"title":"Identification and recovery of video fragments for forensics file carving","authors":"K. Alghafli, T. Martin","doi":"10.1109/ICITST.2016.7856710","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856710","url":null,"abstract":"In digital forensics, file carving of video files is an important process in the recovery of video evidence needed for many criminal cases. Traditional carving techniques recover video files based on their file structure. However, these techniques fail in cases where the file is split into several fragments, especially if some of the fragments were overwritten. In this paper, we present a method for identification and recovery process of video fragments if the video Codec specifications were overwritten. It consists of two parts which are detector and validators. The detector looks for sequences of bytes that could be video fragments in forensics image. The validator decides to accept or reject that a given fragment is a part of a video file. Based on the proposed method we implement a prototype which is called VidCarve. We have conducted several experiments to evaluate the proposed method with current video carving tools. Experimental results show that the discussed method can identify video fragments with high rates of precision and recall. The overall performance rate can produce forensically sound evidence and play a vital role in the process of recovery of digital evidence in many criminal cases.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131176925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: