首页 > 最新文献

Int. J. Secur. Priv. Pervasive Comput.最新文献

英文 中文
Non-Contact Fingerprint Template Protection Using DFT Combined Random Projection 基于DFT组合随机投影的非接触指纹模板保护
Pub Date : 2022-01-01 DOI: 10.4018/ijsppc.302007
Boris Jerson Zannou, Tahirou Djara, A. Vianou
In view of the different dangers to which users of contactless biometric systems are exposed, we have developed a contactless secure revocable model based on random projection and DFT (Discret Fourier Tansformation) to enhance contactless fingerprint authentication. Two matrices emerge, namely that corresponding to the terminations and that corresponding to the bifurcations. These matrices are then transformed in a first time thanks to the random projection. In a second time we apply to them the Discret Fourier Transformation called the DFT.This proposed non-contact revocable fingerprint model meets the requirements of revocability, diversity, security and non-reversibility. The evaluation of our model through its results gives the most promising results compared to those existing. The equal error rate (EER) obtained are respectively equal to 0.19% for FVC2002 DB1, 1% for FVC2002 DB2, 4.29% for FVC2002 DB3 and 9.01% for FVC2004 DB2.
针对非接触式生物识别系统使用者可能面临的不同危险,我们开发了一种基于随机投影和离散傅立叶变换(DFT)的非接触式安全可撤销模型,以增强非接触式指纹认证。出现了两个矩阵,即对应于终止的矩阵和对应于分叉的矩阵。然后,由于随机投影,这些矩阵在第一时间被变换。第二次我们对它们应用离散傅里叶变换称为DFT。提出的非接触可撤销指纹模型满足可撤销性、多样性、安全性和不可逆性的要求。通过结果对我们的模型进行评价,得出了与现有模型相比最有希望的结果。得到的等错误率(EER)分别为FVC2002 DB1 0.19%、FVC2002 DB2 1%、FVC2002 DB3 4.29%和FVC2004 DB2 9.01%。
{"title":"Non-Contact Fingerprint Template Protection Using DFT Combined Random Projection","authors":"Boris Jerson Zannou, Tahirou Djara, A. Vianou","doi":"10.4018/ijsppc.302007","DOIUrl":"https://doi.org/10.4018/ijsppc.302007","url":null,"abstract":"In view of the different dangers to which users of contactless biometric systems are exposed, we have developed a contactless secure revocable model based on random projection and DFT (Discret Fourier Tansformation) to enhance contactless fingerprint authentication. Two matrices emerge, namely that corresponding to the terminations and that corresponding to the bifurcations. These matrices are then transformed in a first time thanks to the random projection. In a second time we apply to them the Discret Fourier Transformation called the DFT.This proposed non-contact revocable fingerprint model meets the requirements of revocability, diversity, security and non-reversibility. The evaluation of our model through its results gives the most promising results compared to those existing. The equal error rate (EER) obtained are respectively equal to 0.19% for FVC2002 DB1, 1% for FVC2002 DB2, 4.29% for FVC2002 DB3 and 9.01% for FVC2004 DB2.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131263797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Individual Processing of Phishing Emails: Towards a Phishing Detection Framework 网络钓鱼电子邮件的个人处理:迈向网络钓鱼检测框架
Pub Date : 2022-01-01 DOI: 10.4018/ijsppc.311060
Aymen Hamoud, E. Aimeur, M. Benmohammed
There is a prevailing prejudice that technology can solve all problems in many fields, including cybercrime. Still, recent reports of increasing data breaches have shown that this belief is not always true. This paper investigated social engineering scenarios, particularly phishing attacks, to analyze the psychological deception schemes used by attackers alongside the heuristics that affect users' vulnerability. Indeed, the authors explain how hackers use various technical tools besides certain psychological factors to design clever and successful attacks against businesses or individuals. This research provides a decision-making framework for e-mail processing; it consists of several verification stages covering cognitive and technical factors that help users identify inconsistencies and different classes of phishing. Furthermore, it supports the security awareness field with a reliable framework that has demonstrated promising results and low false positives. The solution aims to reduce phishing threats and help organizations establish security-conscious behavior among their employees.
有一种普遍的偏见,认为技术可以解决许多领域的所有问题,包括网络犯罪。然而,最近关于数据泄露的报道表明,这种看法并不总是正确的。本文研究了社会工程场景,特别是网络钓鱼攻击,以分析攻击者使用的心理欺骗方案以及影响用户漏洞的启发式方法。事实上,作者解释了黑客如何利用各种技术工具,除了某些心理因素,设计出巧妙而成功的针对企业或个人的攻击。本研究为电子邮件处理提供了一个决策框架;它由几个验证阶段组成,涵盖了帮助用户识别不一致和不同类型的网络钓鱼的认知和技术因素。此外,它通过可靠的框架支持安全感知领域,该框架已经证明了有希望的结果和低误报。该解决方案旨在减少网络钓鱼威胁,并帮助组织在员工中建立安全意识。
{"title":"Individual Processing of Phishing Emails: Towards a Phishing Detection Framework","authors":"Aymen Hamoud, E. Aimeur, M. Benmohammed","doi":"10.4018/ijsppc.311060","DOIUrl":"https://doi.org/10.4018/ijsppc.311060","url":null,"abstract":"There is a prevailing prejudice that technology can solve all problems in many fields, including cybercrime. Still, recent reports of increasing data breaches have shown that this belief is not always true. This paper investigated social engineering scenarios, particularly phishing attacks, to analyze the psychological deception schemes used by attackers alongside the heuristics that affect users' vulnerability. Indeed, the authors explain how hackers use various technical tools besides certain psychological factors to design clever and successful attacks against businesses or individuals. This research provides a decision-making framework for e-mail processing; it consists of several verification stages covering cognitive and technical factors that help users identify inconsistencies and different classes of phishing. Furthermore, it supports the security awareness field with a reliable framework that has demonstrated promising results and low false positives. The solution aims to reduce phishing threats and help organizations establish security-conscious behavior among their employees.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117243089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A Study on Metaverse Awareness, Cyber Risks, and Steps for Increased Adoption 关于元宇宙意识、网络风险和提高采用步骤的研究
Pub Date : 2022-01-01 DOI: 10.4018/ijsppc.308785
Glorin Sebastian
Metaverse, also known as the successor of mobile internet, has become immensely popular given the increased focus of technology companies on Web 3.0 and virtual reality. Though its popularity has grown at least within the tech industry, there has not been a survey conducted to measure the awareness and perception of metaverse among regular technology users. Further, there have been studies conducted to apply the technology acceptance model to metaverse users. However, such studies have not been conducted from a cybersecurity risk perspective. This study fills this gap by understanding the awareness, perception, and concerns about metaverse adoption. Further, based on the technology acceptance model, the authors propose techniques that could improve perception and reduce concerns about this technology, enabling faster acceptance and use.
Metaverse也被称为移动互联网的继承者,由于科技公司越来越关注Web 3.0和虚拟现实,它变得非常受欢迎。尽管它的受欢迎程度至少在科技行业有所增长,但还没有一项调查来衡量普通科技用户对虚拟世界的认识和感知。此外,已有研究将技术接受模型应用于虚拟用户。然而,此类研究尚未从网络安全风险的角度进行。本研究通过理解对虚拟世界采用的认识、感知和关注来填补这一空白。此外,基于技术接受模型,作者提出了可以提高对该技术的感知并减少对该技术的关注的技术,从而实现更快的接受和使用。
{"title":"A Study on Metaverse Awareness, Cyber Risks, and Steps for Increased Adoption","authors":"Glorin Sebastian","doi":"10.4018/ijsppc.308785","DOIUrl":"https://doi.org/10.4018/ijsppc.308785","url":null,"abstract":"Metaverse, also known as the successor of mobile internet, has become immensely popular given the increased focus of technology companies on Web 3.0 and virtual reality. Though its popularity has grown at least within the tech industry, there has not been a survey conducted to measure the awareness and perception of metaverse among regular technology users. Further, there have been studies conducted to apply the technology acceptance model to metaverse users. However, such studies have not been conducted from a cybersecurity risk perspective. This study fills this gap by understanding the awareness, perception, and concerns about metaverse adoption. Further, based on the technology acceptance model, the authors propose techniques that could improve perception and reduce concerns about this technology, enabling faster acceptance and use.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132922453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A Systematic Survey of Automatic Loan Approval System Based on Machine Learning 基于机器学习的自动贷款审批系统研究
Pub Date : 2022-01-01 DOI: 10.4018/ijsppc.304893
Vandana Sharma, Rewa Sharma
The banking sector is an integral part of an economy as it helps in capital formation. One of the most critical issues of banks is the risk involved in loan applications. Employing machine learning to automate the loan approval process is a significant advancement. For this topic, all classification algorithms have been tested and assessed in previous researches; however, it is still unclear which methodology is best for a particular type of dataset. It is still difficult to identify which model is the most effective. Since each model is dependent on a certain dataset or classification approach, it is critical to create a versatile model appropriate for any dataset or attribute collection. The aim of the study is to provide detailed analysis of previous studies and to propose a predictive model for automatic loan prediction using four classification algorithms. Exploratory data analysis is performed to obtain correlation between various features and to get insights of banking datasets.
银行业是经济不可分割的一部分,因为它有助于资本形成。银行最关键的问题之一是贷款申请所涉及的风险。利用机器学习实现贷款审批流程的自动化是一项重大进步。对于这个课题,所有的分类算法在之前的研究中都经过了测试和评估;然而,对于特定类型的数据集,哪种方法是最好的仍然不清楚。要确定哪种模式最有效仍然很困难。由于每个模型都依赖于特定的数据集或分类方法,因此创建适合任何数据集或属性集合的通用模型至关重要。本研究的目的是对以往的研究进行详细的分析,并提出一个使用四种分类算法进行自动贷款预测的预测模型。通过探索性数据分析,获得各种特征之间的相关性,从而深入了解银行数据集。
{"title":"A Systematic Survey of Automatic Loan Approval System Based on Machine Learning","authors":"Vandana Sharma, Rewa Sharma","doi":"10.4018/ijsppc.304893","DOIUrl":"https://doi.org/10.4018/ijsppc.304893","url":null,"abstract":"The banking sector is an integral part of an economy as it helps in capital formation. One of the most critical issues of banks is the risk involved in loan applications. Employing machine learning to automate the loan approval process is a significant advancement. For this topic, all classification algorithms have been tested and assessed in previous researches; however, it is still unclear which methodology is best for a particular type of dataset. It is still difficult to identify which model is the most effective. Since each model is dependent on a certain dataset or classification approach, it is critical to create a versatile model appropriate for any dataset or attribute collection. The aim of the study is to provide detailed analysis of previous studies and to propose a predictive model for automatic loan prediction using four classification algorithms. Exploratory data analysis is performed to obtain correlation between various features and to get insights of banking datasets.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133327904","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Impact of Cryptographic Key on Scalable Computing 密钥对可扩展计算的影响
Pub Date : 2022-01-01 DOI: 10.4018/ijsppc.313046
P. Pradhan
The research has contributed to the development of the cryptographic control on the proposed RTS that aims to determine the high-performance computing at optimal cost and time to be invested into dynamic cryptographic control that decides on the major components of real-time operating system resources. Furthermore, the mechanism optimizes the cost, and resources are supposed to optimize the operating system risks. We have to optimize the technology and resource cost and maximizes the productivity and business (throughput) while improving the high performance of the operating system as per business requirement for the multiple locations. This proposed cryptographic control on the real-time system provides high computational services around the clock. The objective should be defined in such a way that the processor, memory, and encryption key are always utilized at minimal cost with high availability of data and services as per business and resource management.
该研究促进了所提出的RTS加密控制的发展,旨在确定以最优成本和时间投入到动态加密控制中的高性能计算,动态加密控制决定实时操作系统资源的主要组成部分。机制优化了成本,资源优化了操作系统风险。我们必须优化技术和资源成本,最大限度地提高生产力和业务(吞吐量),同时根据多个位置的业务需求提高操作系统的高性能。在实时系统上提出的这种加密控制可以提供全天候的高计算服务。应该以这样一种方式定义目标,即始终以最小的成本使用处理器、内存和加密密钥,并根据业务和资源管理提供高可用性的数据和服务。
{"title":"Impact of Cryptographic Key on Scalable Computing","authors":"P. Pradhan","doi":"10.4018/ijsppc.313046","DOIUrl":"https://doi.org/10.4018/ijsppc.313046","url":null,"abstract":"The research has contributed to the development of the cryptographic control on the proposed RTS that aims to determine the high-performance computing at optimal cost and time to be invested into dynamic cryptographic control that decides on the major components of real-time operating system resources. Furthermore, the mechanism optimizes the cost, and resources are supposed to optimize the operating system risks. We have to optimize the technology and resource cost and maximizes the productivity and business (throughput) while improving the high performance of the operating system as per business requirement for the multiple locations. This proposed cryptographic control on the real-time system provides high computational services around the clock. The objective should be defined in such a way that the processor, memory, and encryption key are always utilized at minimal cost with high availability of data and services as per business and resource management.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130917322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Optimized Taxonomy on Spot Sale Services Using Mathematical Methodology 用数学方法优化现货交易服务分类
Pub Date : 2022-01-01 DOI: 10.4018/ijsppc.313048
Ashish Tiwari, R. Garg
In reality, the most appropriate cloud standards are significant ideas for application administrations. OSCCS technique calculation gives a spot-like market in virtual space to the end clients. The OSCCS gives an on-spot showcasing framework in the virtual universe of processing. As fluffy hypothesis is giving the specific outcomes and close to correct outcomes that is the reason that authors have taken the idea of fluffy unpleasant set hypothesis in their OSCCS approach. This sort of approach depends on the determination of the best ideal cost and season of asset allotment to an end client by the suppliers in virtual advertising. The allotments of assets depend on powerful on-request demand upkeep so the end-client gets the cloud administration on a business premise like in continuous shopping advertising on events. By the OSCCS deals approach framework, an end client can get the assistance at the ideal expense. The OSCCS calculation is mimicked in cloud test systems.
实际上,最合适的云标准是应用程序管理的重要思想。OSCCS技术计算为终端用户提供了虚拟空间中的现货市场。OSCCS在虚拟处理领域提供了一个现场展示框架。由于蓬松的假设给出了具体的结果并且接近正确的结果,这就是作者在他们的OSCCS方法中采用蓬松的不愉快集假设的原因。这种方法依赖于虚拟广告中供应商对最终客户资产分配的最佳理想成本和季节的确定。资产分配依赖于强大的按需维护,因此终端客户可以在业务前提下获得云管理,例如在事件上连续发布购物广告。通过OSCCS交易方法框架,最终客户可以以理想的费用获得帮助。在云测试系统中模拟了OSCCS计算。
{"title":"A Optimized Taxonomy on Spot Sale Services Using Mathematical Methodology","authors":"Ashish Tiwari, R. Garg","doi":"10.4018/ijsppc.313048","DOIUrl":"https://doi.org/10.4018/ijsppc.313048","url":null,"abstract":"In reality, the most appropriate cloud standards are significant ideas for application administrations. OSCCS technique calculation gives a spot-like market in virtual space to the end clients. The OSCCS gives an on-spot showcasing framework in the virtual universe of processing. As fluffy hypothesis is giving the specific outcomes and close to correct outcomes that is the reason that authors have taken the idea of fluffy unpleasant set hypothesis in their OSCCS approach. This sort of approach depends on the determination of the best ideal cost and season of asset allotment to an end client by the suppliers in virtual advertising. The allotments of assets depend on powerful on-request demand upkeep so the end-client gets the cloud administration on a business premise like in continuous shopping advertising on events. By the OSCCS deals approach framework, an end client can get the assistance at the ideal expense. The OSCCS calculation is mimicked in cloud test systems.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"337 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115605585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Deep Convolutional Real Time Model (DCRTM) for American Sign Language (ASL) Recognition 美国手语识别的深度卷积实时模型(DCRTM
Pub Date : 2022-01-01 DOI: 10.4018/ijsppc.309079
Hadj Ahmed Bouarara, Bentadj Cheimaa, Mohamed Elhadi Rahmani
Sign language is a kind of communication rich of expressions, and it has the same properties as spoken languages. In this paper, the authors discuss the use of transfer learning techniques to develop an intelligent system that recognizes American Sign Language. The idea behind was that rather than creating a new model of deep convolutional neural network and spend a lot of time in experimentations, the authors used already pre-trained models to benefit from their advantages. In this study, they used four different models (YOLOv3, real-time model, VGG16, and AlexNet). The obtained results were very encouraging. All of them could recognize more than 90% of images.
手语是一种表达丰富的交际方式,具有与口语相同的特性。在本文中,作者讨论了使用迁移学习技术来开发一个识别美国手语的智能系统。背后的想法是,与其创建一个新的深度卷积神经网络模型并花费大量时间进行实验,作者使用已经预先训练好的模型来受益于它们的优势。在这项研究中,他们使用了四种不同的模型(YOLOv3,实时模型,VGG16和AlexNet)。获得的结果是非常令人鼓舞的。它们都能识别90%以上的图像。
{"title":"Deep Convolutional Real Time Model (DCRTM) for American Sign Language (ASL) Recognition","authors":"Hadj Ahmed Bouarara, Bentadj Cheimaa, Mohamed Elhadi Rahmani","doi":"10.4018/ijsppc.309079","DOIUrl":"https://doi.org/10.4018/ijsppc.309079","url":null,"abstract":"Sign language is a kind of communication rich of expressions, and it has the same properties as spoken languages. In this paper, the authors discuss the use of transfer learning techniques to develop an intelligent system that recognizes American Sign Language. The idea behind was that rather than creating a new model of deep convolutional neural network and spend a lot of time in experimentations, the authors used already pre-trained models to benefit from their advantages. In this study, they used four different models (YOLOv3, real-time model, VGG16, and AlexNet). The obtained results were very encouraging. All of them could recognize more than 90% of images.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127652662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Proposed Abelian ACM Method Optimizing: The Risk on a Real-Time Unix Operating System 提出的Abelian ACM方法优化:实时Unix操作系统的风险
Pub Date : 2021-10-01 DOI: 10.4018/ijsppc.2021100103
A. Asthana, P. Pradhan
This proposed UFS ACM is the best preventive control around the world for heterogeneous applications on multiple hardware and software. The subject and object can be able to map, integrate, synchronize, and communicate through reading, writing, and executing over a UFS on the complex web infrastructure. We have to investigate the basic concepts behind access control design and enforcement and point out different security requirements that may need to be taken into consideration as per business, resources, and technology available to us. This paper has to formulate and implement several access control mechanisms, methods, and models on normalizing them step by step, which has been highlighted in the proposed model for present and future requirements. This research paper contributes to the development of an optimization model that aims to determine the optimal cost, time, and maximize the quality of services to be invested into security model and mechanisms deciding on the measure components of UFS.
该提议的UFS ACM是世界上针对多种硬件和软件上的异构应用程序的最佳预防性控制。主题和对象可以通过在复杂的web基础设施上的UFS上的读、写和执行来映射、集成、同步和通信。我们必须研究访问控制设计和实施背后的基本概念,并指出可能需要根据我们可用的业务、资源和技术考虑的不同安全需求。本文需要制定和实现几种访问控制机制、方法和模型来逐步规范化它们,这在本文提出的模型中得到了强调,以满足当前和未来的需求。本研究有助于开发一个优化模型,该模型旨在确定投资于安全模型和决定UFS度量组件的机制的最优成本、时间和最大服务质量。
{"title":"Proposed Abelian ACM Method Optimizing: The Risk on a Real-Time Unix Operating System","authors":"A. Asthana, P. Pradhan","doi":"10.4018/ijsppc.2021100103","DOIUrl":"https://doi.org/10.4018/ijsppc.2021100103","url":null,"abstract":"This proposed UFS ACM is the best preventive control around the world for heterogeneous applications on multiple hardware and software. The subject and object can be able to map, integrate, synchronize, and communicate through reading, writing, and executing over a UFS on the complex web infrastructure. We have to investigate the basic concepts behind access control design and enforcement and point out different security requirements that may need to be taken into consideration as per business, resources, and technology available to us. This paper has to formulate and implement several access control mechanisms, methods, and models on normalizing them step by step, which has been highlighted in the proposed model for present and future requirements. This research paper contributes to the development of an optimization model that aims to determine the optimal cost, time, and maximize the quality of services to be invested into security model and mechanisms deciding on the measure components of UFS.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"384 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133716194","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Optimistic Security Model for Improving Cyber Security Using Adaptive Algorithms to Prevent SQL Injection Attacks 利用自适应算法提高网络安全防范SQL注入攻击的乐观安全模型
Pub Date : 2021-10-01 DOI: 10.4018/ijsppc.2021100102
P. S. Raju, Pallipamu Venkateswara Rao
Throughout today's economic and social life, the use of web-based services (such as e-commerce, online banking, and web-based communications, to name a few) has become a common habit. Countless applications operate worldwide on millions of servers, and their numbers are steadily increasing. It has become a focus of attackers and hackers for the attacks because of the huge growth of internet usage. It is necessary for all companies to develop and protect their applications in order to maintain their credibility and keep their products relevant for users. Web applications have brought in new classes of computer security vulnerabilities, such as SQL injection (SQLIA), and it has exceeded previously prominent vulnerability classes in recent years. SQL injection is the instance of the broader class of vulnerabilities that are based on input validation. The primary purpose of this research is to study the vulnerabilities of SQL injection and to propose an optimistic security model for secure data transmission. In this work, the authors proposed an adaptive algorithm to prevent SQL injections.
在当今的经济和社会生活中,使用基于web的服务(如电子商务、网上银行和基于web的通信,仅举几例)已经成为一种普遍的习惯。无数的应用程序在全世界数以百万计的服务器上运行,它们的数量正在稳步增长。由于互联网使用量的巨大增长,它已成为攻击者和黑客攻击的焦点。所有公司都有必要开发和保护他们的应用程序,以保持他们的信誉,并使他们的产品与用户相关。Web应用程序带来了新的计算机安全漏洞类别,例如SQL注入(SQLIA),并且近年来它已经超过了以前突出的漏洞类别。SQL注入是基于输入验证的更广泛的漏洞类别的实例。本研究的主要目的是研究SQL注入的漏洞,并提出一种安全数据传输的乐观安全模型。在这项工作中,作者提出了一种自适应算法来防止SQL注入。
{"title":"An Optimistic Security Model for Improving Cyber Security Using Adaptive Algorithms to Prevent SQL Injection Attacks","authors":"P. S. Raju, Pallipamu Venkateswara Rao","doi":"10.4018/ijsppc.2021100102","DOIUrl":"https://doi.org/10.4018/ijsppc.2021100102","url":null,"abstract":"Throughout today's economic and social life, the use of web-based services (such as e-commerce, online banking, and web-based communications, to name a few) has become a common habit. Countless applications operate worldwide on millions of servers, and their numbers are steadily increasing. It has become a focus of attackers and hackers for the attacks because of the huge growth of internet usage. It is necessary for all companies to develop and protect their applications in order to maintain their credibility and keep their products relevant for users. Web applications have brought in new classes of computer security vulnerabilities, such as SQL injection (SQLIA), and it has exceeded previously prominent vulnerability classes in recent years. SQL injection is the instance of the broader class of vulnerabilities that are based on input validation. The primary purpose of this research is to study the vulnerabilities of SQL injection and to propose an optimistic security model for secure data transmission. In this work, the authors proposed an adaptive algorithm to prevent SQL injections.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128445612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks 加扰键盘的安全Pin输入,以击败肩冲浪和推理攻击
Pub Date : 2021-07-01 DOI: 10.4018/IJSPPC.2021070102
Samuel Selassie Yakohene, Winfred Yaokumah, Ernest B. B. Gyebi
Personal identification number (PIN) is a common user authentication method widely used especially for automated teller machines and point-of-sales devices. The user's PIN entry is susceptible to shoulder-surfing and inference attacks, where the attacker can obtain the PIN by looking over the user's shoulder. The conventional keypad with a fixed layout makes it easy for the attacker to infer the PIN entered by casual observation. This paper proposes a method of authentication to address these challenges. The paper develops a prototype numeric keypad with a layout akin to the conventional keypad, with the keys randomized for each PIN entry. The shuffle algorithm, Durstenfeld shuffle algorithm, is implemented in an application developed using JavaScript, which is a prototype-based object-oriented programming application that conforms to the ECMAScript specification. The prototype is implemented on three computing platforms for evaluation. The test proves the effectiveness of the system to mitigate shoulder-surfing and inference attacks.
个人识别号码(PIN)是一种常用的用户认证方法,广泛应用于自动柜员机和销售点设备。用户的PIN输入容易受到肩部冲浪和推理攻击,攻击者可以通过查看用户的肩膀来获取PIN。传统键盘的固定布局使得攻击者很容易通过随意的观察来推断输入的PIN。本文提出了一种身份验证方法来解决这些挑战。本文开发了一个原型数字键盘,其布局与传统键盘相似,每个PIN输入的键是随机的。shuffle算法Durstenfeld shuffle算法是在使用JavaScript开发的应用程序中实现的,该应用程序是一个基于原型的面向对象编程应用程序,符合ECMAScript规范。原型在三个计算平台上实现以进行评估。测试证明了该系统对肩冲浪攻击和推理攻击的有效性。
{"title":"Scrambling Keypad for Secure Pin Entry to Defeat Shoulder Surfing and Inference Attacks","authors":"Samuel Selassie Yakohene, Winfred Yaokumah, Ernest B. B. Gyebi","doi":"10.4018/IJSPPC.2021070102","DOIUrl":"https://doi.org/10.4018/IJSPPC.2021070102","url":null,"abstract":"Personal identification number (PIN) is a common user authentication method widely used especially for automated teller machines and point-of-sales devices. The user's PIN entry is susceptible to shoulder-surfing and inference attacks, where the attacker can obtain the PIN by looking over the user's shoulder. The conventional keypad with a fixed layout makes it easy for the attacker to infer the PIN entered by casual observation. This paper proposes a method of authentication to address these challenges. The paper develops a prototype numeric keypad with a layout akin to the conventional keypad, with the keys randomized for each PIN entry. The shuffle algorithm, Durstenfeld shuffle algorithm, is implemented in an application developed using JavaScript, which is a prototype-based object-oriented programming application that conforms to the ECMAScript specification. The prototype is implemented on three computing platforms for evaluation. The test proves the effectiveness of the system to mitigate shoulder-surfing and inference attacks.","PeriodicalId":344690,"journal":{"name":"Int. J. Secur. Priv. Pervasive Comput.","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117302321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Int. J. Secur. Priv. Pervasive Comput.
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1