Pub Date : 2021-11-20DOI: 10.13052/jcsm2245-1439.1115
Nisha P. Shetty, Balachandra Muniyal, Arshia Anand, Sushant Kumar
Sybil accounts are swelling in popular social networking sites such as Twitter, Facebook etc. owing to cheap subscription and easy access to large masses. A malicious person creates multiple fake identities to outreach and outgrow his network. People blindly trust their online connections and fall into trap set up by these fake perpetrators. Sybil nodes exploit OSN’s ready-made connectivity to spread fake news, spamming, influencing polls, recommendations and advertisements, masquerading to get critical information, launching phishing attacks etc. Such accounts are surging in wide scale and so it has become very vital to effectively detect such nodes. In this research a new classifier (combination of Sybil Guard, Twitter engagement rate and Profile statistics analyser) is developed to combat such Sybil nodes. The proposed classifier overcomes the limitations of structure based, machine learning based and behaviour-based classifiers and is proven to be more accurate and robust than the base Sybil guard algorithm.
{"title":"An Enhanced Sybil Guard to Detect Bots in Online Social Networks","authors":"Nisha P. Shetty, Balachandra Muniyal, Arshia Anand, Sushant Kumar","doi":"10.13052/jcsm2245-1439.1115","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1115","url":null,"abstract":"Sybil accounts are swelling in popular social networking sites such as Twitter, Facebook etc. owing to cheap subscription and easy access to large masses. A malicious person creates multiple fake identities to outreach and outgrow his network. People blindly trust their online connections and fall into trap set up by these fake perpetrators. Sybil nodes exploit OSN’s ready-made connectivity to spread fake news, spamming, influencing polls, recommendations and advertisements, masquerading to get critical information, launching phishing attacks etc. Such accounts are surging in wide scale and so it has become very vital to effectively detect such nodes. In this research a new classifier (combination of Sybil Guard, Twitter engagement rate and Profile statistics analyser) is developed to combat such Sybil nodes. The proposed classifier overcomes the limitations of structure based, machine learning based and behaviour-based classifiers and is proven to be more accurate and robust than the base Sybil guard algorithm.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45175764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-20DOI: 10.13052/jcsm2245-1439.1112
T. Nguyen, K. Koblandin, S. Suleymanova, V. Volokh
In this day and age, information security is becoming a priority not only in the system of international economic relations but also at the state level. This study aims to study the effect of a ‘digital’ country’s information security on its political stability through quantitative analysis. The study is a mixed research design with a focus on the Russian Federation and the Republic of Kazakhstan. Its methodological basis is represented by the collection and analysis of data on the level and nature of cybersecurity threats (Global Cybersecurity Index, the number of cyber incidents) and on the level of political stability (Political Stability and Absence of Violence/Terrorism indicator of the Worldwide Governance Index). The results of the study show that Russia with a GCI 2020 score of 98.06 and Kazakhstan with a GCI score of 93.15 have relatively low levels of political stability. This is evidenced by their 45.7 and 25.7 percentile ranks on Political Stability and Absence of Violence/Terrorism and a high frequency of offenses using information and communication technologies. Findings suggest that with a high level of commitment to information security, the growth in cyber incidents will not necessarily affect political stability. The obtained findings provide countries an insight into cybersecurity within the national system as well as present a great deal of data on best practices to work through gaps in the national culture of cybersecurity at the state level. The results and methodology of this study can be used by officials to develop information security strategies and tactics, as well as by other researchers for quantitative analysis of the relationship between information security and political stability of different countries and regions.
{"title":"Effects of ‘Digital’ Country’s Information Security on Political Stability","authors":"T. Nguyen, K. Koblandin, S. Suleymanova, V. Volokh","doi":"10.13052/jcsm2245-1439.1112","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1112","url":null,"abstract":"In this day and age, information security is becoming a priority not only in the system of international economic relations but also at the state level. This study aims to study the effect of a ‘digital’ country’s information security on its political stability through quantitative analysis. The study is a mixed research design with a focus on the Russian Federation and the Republic of Kazakhstan. Its methodological basis is represented by the collection and analysis of data on the level and nature of cybersecurity threats (Global Cybersecurity Index, the number of cyber incidents) and on the level of political stability (Political Stability and Absence of Violence/Terrorism indicator of the Worldwide Governance Index). The results of the study show that Russia with a GCI 2020 score of 98.06 and Kazakhstan with a GCI score of 93.15 have relatively low levels of political stability. This is evidenced by their 45.7 and 25.7 percentile ranks on Political Stability and Absence of Violence/Terrorism and a high frequency of offenses using information and communication technologies. Findings suggest that with a high level of commitment to information security, the growth in cyber incidents will not necessarily affect political stability. The obtained findings provide countries an insight into cybersecurity within the national system as well as present a great deal of data on best practices to work through gaps in the national culture of cybersecurity at the state level. The results and methodology of this study can be used by officials to develop information security strategies and tactics, as well as by other researchers for quantitative analysis of the relationship between information security and political stability of different countries and regions.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46200965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-20DOI: 10.13052/jcsm2245-1439.1113
Ekhlas Abbas Albahrani, Tayseer Karam Alshekly, Sadeq H. Lafta
Due to the quick improvement in digital communications and multimedia applications during recent periods up to the current time, data protection of digital data such as image, audio and video becomes a significant challenge. The security of audio data that transfer through different networks was rated as a preferred research field in the preceding years. This review covers the recent contribution for audio encryption and gives the most evaluations for audio encryption algorithm involving security analysis, computational complexity and quality analysis and their requirements. This paper fundamentally concentrates on displaying the different types of audio encryption and decryption techniques based on chaotic maps. Digital and analog audio algorithms were displayed, discussed and compared with the illustration of the important features and drawbacks. Various digital and audio proposed projects for audio encryption using chaotic maps have been covered, which they showed extreme sensitivity to initial conditions, unpredictability and conducting in a quasi-random manner. A comparison among the proposed algorithms in the key space, chaotic maps sensitivity and statistical analysis were provided.
{"title":"A Review on Audio Encryption Algorithms Using Chaos Maps-Based Techniques","authors":"Ekhlas Abbas Albahrani, Tayseer Karam Alshekly, Sadeq H. Lafta","doi":"10.13052/jcsm2245-1439.1113","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1113","url":null,"abstract":"Due to the quick improvement in digital communications and multimedia applications during recent periods up to the current time, data protection of digital data such as image, audio and video becomes a significant challenge. The security of audio data that transfer through different networks was rated as a preferred research field in the preceding years. This review covers the recent contribution for audio encryption and gives the most evaluations for audio encryption algorithm involving security analysis, computational complexity and quality analysis and their requirements. This paper fundamentally concentrates on displaying the different types of audio encryption and decryption techniques based on chaotic maps. Digital and analog audio algorithms were displayed, discussed and compared with the illustration of the important features and drawbacks. Various digital and audio proposed projects for audio encryption using chaotic maps have been covered, which they showed extreme sensitivity to initial conditions, unpredictability and conducting in a quasi-random manner. A comparison among the proposed algorithms in the key space, chaotic maps sensitivity and statistical analysis were provided.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44233900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-08-30DOI: 10.13052/jcsm2245-1439.1111
Amirfarhad Nilizadeh, Shirin Nilizadeh, W. Mazurczyk, C. Zou, Gary T. Leavens
Almost all spatial domain image steganography methods rely on modifying the Least Significant Bits (LSB) of each pixel to minimize the visual distortions. However, these methods are susceptible to LSB blind attacks and quantitative steganalyses. This paper presents an adaptive spatial domain image steganography algorithm for hiding digital media based on matrix patterns, named “Adaptive Matrix Pattern” (AMP). The AMP method increases the security of the steganography scheme of largely hidden messages since it adaptively generates a unique codebook matrix pattern for each ASCII character in each image block. Therefore, each ASCII character gets a different codebook matrix pattern even in different regions of the same image. Moreover, it uses a preprocessing algorithm to identify the most suitable image blocks for hiding purposes. The resulting stego-images are robust against LSB blind attacks since the middle bits of green and blue channels generate matrix patterns and hiding secrets, respectively. Experimental results show that AMP is robust against quantitative steganalyses. Additionally, the quality of stego-images, based on the peak signal-to-noise ratio metric, remains high in both stego-RGB-image and in the stego-blue-channel. Finally, the AMP method provides a high hiding capacity, up to 1.33 bits per pixel.
{"title":"Adaptive Matrix Pattern Steganography on RGB Images","authors":"Amirfarhad Nilizadeh, Shirin Nilizadeh, W. Mazurczyk, C. Zou, Gary T. Leavens","doi":"10.13052/jcsm2245-1439.1111","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1111","url":null,"abstract":"Almost all spatial domain image steganography methods rely on modifying the Least Significant Bits (LSB) of each pixel to minimize the visual distortions. However, these methods are susceptible to LSB blind attacks and quantitative steganalyses. This paper presents an adaptive spatial domain image steganography algorithm for hiding digital media based on matrix patterns, named “Adaptive Matrix Pattern” (AMP). The AMP method increases the security of the steganography scheme of largely hidden messages since it adaptively generates a unique codebook matrix pattern for each ASCII character in each image block. Therefore, each ASCII character gets a different codebook matrix pattern even in different regions of the same image. Moreover, it uses a preprocessing algorithm to identify the most suitable image blocks for hiding purposes. The resulting stego-images are robust against LSB blind attacks since the middle bits of green and blue channels generate matrix patterns and hiding secrets, respectively. Experimental results show that AMP is robust against quantitative steganalyses. Additionally, the quality of stego-images, based on the peak signal-to-noise ratio metric, remains high in both stego-RGB-image and in the stego-blue-channel. Finally, the AMP method provides a high hiding capacity, up to 1.33 bits per pixel.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"53 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80779828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-06-15DOI: 10.13052/jcsm2245-1439.1042
Adarsh Anand, N. Bhatt, J. Kaur, Y. Tamura
With the increase in the discovery of vulnerabilities, the expected exploits occurred in various software platform has shown an increased growth with respect to time. Only after being discovered, the potential vulnerabilities might be exploited. There exists a finite time lag in the exploitation process; from the moment the hackers get information about the discovery of a vulnerability and the time required in the final exploitation. By making use of the time lag approach, we have developed a framework for the vulnerability exploitation process that occurred in multiple stages. The time lag between the discovery and exploitation of a vulnerability has been bridged via the memory kernel function over a finite time interval. The applicability of the proposed model has been validated using various software exploit datasets.
{"title":"Time Lag-Based Modelling for Software Vulnerability Exploitation Process","authors":"Adarsh Anand, N. Bhatt, J. Kaur, Y. Tamura","doi":"10.13052/jcsm2245-1439.1042","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1042","url":null,"abstract":"With the increase in the discovery of vulnerabilities, the expected exploits occurred in various software platform has shown an increased growth with respect to time. Only after being discovered, the potential vulnerabilities might be exploited. There exists a finite time lag in the exploitation process; from the moment the hackers get information about the discovery of a vulnerability and the time required in the final exploitation. By making use of the time lag approach, we have developed a framework for the vulnerability exploitation process that occurred in multiple stages. The time lag between the discovery and exploitation of a vulnerability has been bridged via the memory kernel function over a finite time interval. The applicability of the proposed model has been validated using various software exploit datasets.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"3 1","pages":"663-678"},"PeriodicalIF":0.0,"publicationDate":"2021-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78318902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-05-27DOI: 10.13052/JCSM2245-1439.1036
Chen Li, Junjun Zheng
Malicious software, called malware, can perform harmful actions on computer systems, which may cause economic damage and information leakage. Therefore, malware classification is meaningful and required to prevent malware attacks. Application programming interface (API) call sequences are easily observed and are good choices as features for malware classification. However, one of the main issues is how to generate a suitable feature for the algorithms of classification to achieve a high classification accuracy. Different malware sample brings API call sequence with different lengths, and these lengths may reach millions, which may cause computation cost and time complexities. Recurrent neural networks (RNNs) is one of the most versatile approaches to process time series data, which can be used to API call-based Malware calssification. In this paper, we propose a malware classification model with RNN, especially the long short-term memory (LSTM) and the gated recurrent unit (GRU), to classify variants of malware by using long-sequences of API calls. In numerical experiments, a benchmark dataset is used to illustrate the proposed approach and validate its accuracy. The numerical results show that the proposed RNN model works well on the malware classification.
{"title":"API Call-Based Malware Classification Using Recurrent Neural Networks","authors":"Chen Li, Junjun Zheng","doi":"10.13052/JCSM2245-1439.1036","DOIUrl":"https://doi.org/10.13052/JCSM2245-1439.1036","url":null,"abstract":"Malicious software, called malware, can perform harmful actions on computer systems, which may cause economic damage and information leakage. Therefore, malware classification is meaningful and required to prevent malware attacks. Application programming interface (API) call sequences are easily observed and are good choices as features for malware classification. However, one of the main issues is how to generate a suitable feature for the algorithms of classification to achieve a high classification accuracy. Different malware sample brings API call sequence with different lengths, and these lengths may reach millions, which may cause computation cost and time complexities. Recurrent neural networks (RNNs) is one of the most versatile approaches to process time series data, which can be used to API call-based Malware calssification. In this paper, we propose a malware classification model with RNN, especially the long short-term memory (LSTM) and the gated recurrent unit (GRU), to classify variants of malware by using long-sequences of API calls. In numerical experiments, a benchmark dataset is used to illustrate the proposed approach and validate its accuracy. The numerical results show that the proposed RNN model works well on the malware classification.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45990827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-05-27DOI: 10.13052/JCSM2245-1439.1034
Victor Odumuyiwa, Rukayat Alabi
The increase in the deployment of IOT networks has improved productivity of humans and organisations. However, IOT networks are increasingly becoming platforms for launching DDOS attacks due to inherent weaker security and resource-constrained nature of IOT devices. This paper focusses on detecting DDOS attack in IOT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDOS attacks. Emphasis was laid on exploitation based DDOS attacks which include Transmission Control Protocol SYN-Flood attacks and UDP-Lag attacks. Mirai, BASHLITE and CICDDOS2019 datasets were used in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
{"title":"DDOS Detection on Internet of Things Using Unsupervised Algorithms","authors":"Victor Odumuyiwa, Rukayat Alabi","doi":"10.13052/JCSM2245-1439.1034","DOIUrl":"https://doi.org/10.13052/JCSM2245-1439.1034","url":null,"abstract":"The increase in the deployment of IOT networks has improved productivity of humans and organisations. However, IOT networks are increasingly becoming platforms for launching DDOS attacks due to inherent weaker security and resource-constrained nature of IOT devices. This paper focusses on detecting DDOS attack in IOT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDOS attacks. Emphasis was laid on exploitation based DDOS attacks which include Transmission Control Protocol SYN-Flood attacks and UDP-Lag attacks. Mirai, BASHLITE and CICDDOS2019 datasets were used in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42005020","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-05-15DOI: 10.13052/jcsm2245-1439.1031
M. Holla, A. R. Pais, D. Suma
The logistic map is a class of chaotic maps. It is still in use in image cryptography. The logistic map cryptosystem has two stages, namely permutation, and diffusion. These two stages being computationally intensive, the permutation relocates the pixels, whereas the diffusion rescales them. The research on refining the logistic map is progressing to make the encryption more secure. Now there is a need to improve its efficiency to enable such models to fit for high-speed applications. The new invention of accelerators offers efficiency. But the inherent data dependencies hinder the use of accelerators. This paper discusses the novelty of identifying independent data-parallel tasks in a logistic map, handing them over to the accelerators, and improving their efficiency. Among the two accelerator models proposed, the first one achieves peak efficiency using coalesced memory access. The other cryptosystem further improves performance at the cost of more execution resources. In this investigation, it is noteworthy that the parallelly accelerated logistic map achieved a significant speedup to the larger grayscale image used. The objective security estimates proved that the two stages of the proposed systems progressively ensure security.
{"title":"An Accelerator-based Logistic Map Image Cryptosystems for Grayscale Images","authors":"M. Holla, A. R. Pais, D. Suma","doi":"10.13052/jcsm2245-1439.1031","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1031","url":null,"abstract":"The logistic map is a class of chaotic maps. It is still in use in image cryptography. The logistic map cryptosystem has two stages, namely permutation, and diffusion. These two stages being computationally intensive, the permutation relocates the pixels, whereas the diffusion rescales them. The research on refining the logistic map is progressing to make the encryption more secure. Now there is a need to improve its efficiency to enable such models to fit for high-speed applications. The new invention of accelerators offers efficiency. But the inherent data dependencies hinder the use of accelerators. This paper discusses the novelty of identifying independent data-parallel tasks in a logistic map, handing them over to the accelerators, and improving their efficiency. Among the two accelerator models proposed, the first one achieves peak efficiency using coalesced memory access. The other cryptosystem further improves performance at the cost of more execution resources. In this investigation, it is noteworthy that the parallelly accelerated logistic map achieved a significant speedup to the larger grayscale image used. The objective security estimates proved that the two stages of the proposed systems progressively ensure security.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"22 1","pages":"487-510"},"PeriodicalIF":0.0,"publicationDate":"2021-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74732529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-15DOI: 10.13052/jcsm2245-1439.1026
Yuji Sakurai, Takuya Watanabe, Tetsuya Okuda, Mitsuaki Akiyama, Tatsuya Mori
With the recent rise of HTTPS adoption on the Web, attackers have begun “HTTPSifying” phishing websites. HTTPSifying a phishing website has the advantage of making the website appear legitimate and evading conventional detection methods that leverage URLs or web contents in the network. Further, adopting HTTPS could also contribute to generating intrinsic footprints and provide defenders with a great opportunity to monitor and detect websites, including phishing sites, as they would need to obtain a public-key certificate issued for the preparation of the websites. The potential benefits of certificate-based detection include (1) the comprehensive monitoring of all HTTPSified websites by using certificates immediately after their issuance, even if the attacker utilizes dynamic DNS (DDNS) or hosting services; this could be overlooked with the conventional domain-registration-based approaches; and (2) to detect phishing websites before they are published on the Internet. Accordingly, we address the following research question: How can we make use of the footprints of TLS certificates to defend against phishing attacks? For this, we collected a large set of TLS certificates corresponding to phishing websites from Certificate Transparency (CT) logs and extensively analyzed these TLS certificates. We demonstrated that a template of common names, which are equivalent to the fully qualified domain names, obtained through the clustering analysis of the certificates can be used for the following promising applications: (1) The discovery of previously unknown phishing websites and (2) understanding the infrastructure used to generate the phishing websites. Furthermore, we developed a real-time monitoring system using the analysis techniques. We demonstrate its usefulness for the practical security operation. We use our findings on the abuse of free certificate authorities (CAs) for operating HTTPSified phishing websites to discuss possible solutions against such abuse and provide a recommendation to the CAs.
{"title":"Identifying the Phishing Websites Using the Patterns of TLS Certificates","authors":"Yuji Sakurai, Takuya Watanabe, Tetsuya Okuda, Mitsuaki Akiyama, Tatsuya Mori","doi":"10.13052/jcsm2245-1439.1026","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1026","url":null,"abstract":"With the recent rise of HTTPS adoption on the Web, attackers have begun “HTTPSifying” phishing websites. HTTPSifying a phishing website has the advantage of making the website appear legitimate and evading conventional detection methods that leverage URLs or web contents in the network. Further, adopting HTTPS could also contribute to generating intrinsic footprints and provide defenders with a great opportunity to monitor and detect websites, including phishing sites, as they would need to obtain a public-key certificate issued for the preparation of the websites. The potential benefits of certificate-based detection include (1) the comprehensive monitoring of all HTTPSified websites by using certificates immediately after their issuance, even if the attacker utilizes dynamic DNS (DDNS) or hosting services; this could be overlooked with the conventional domain-registration-based approaches; and (2) to detect phishing websites before they are published on the Internet. Accordingly, we address the following research question: How can we make use of the footprints of TLS certificates to defend against phishing attacks? For this, we collected a large set of TLS certificates corresponding to phishing websites from Certificate Transparency (CT) logs and extensively analyzed these TLS certificates. We demonstrated that a template of common names, which are equivalent to the fully qualified domain names, obtained through the clustering analysis of the certificates can be used for the following promising applications: (1) The discovery of previously unknown phishing websites and (2) understanding the infrastructure used to generate the phishing websites. Furthermore, we developed a real-time monitoring system using the analysis techniques. We demonstrate its usefulness for the practical security operation. We use our findings on the abuse of free certificate authorities (CAs) for operating HTTPSified phishing websites to discuss possible solutions against such abuse and provide a recommendation to the CAs.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"4 1","pages":"451-486"},"PeriodicalIF":0.0,"publicationDate":"2021-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73712180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-08DOI: 10.13052/jcsm2245-1439.1025
Rupali M. Chopade, V. Pachghare
The growth of service sector is increasing the usage of digital applications worldwide. These digital applications are making use of database to store the sensitive and secret information. As the database has distributed over the internet, cybercrime attackers may tamper the database to attack on such sensitive and confidential information. In such scenario, maintaining the integrity of database is a big challenge. Database tampering will change the database state by any data manipulation operation like insert, update or delete. Tamper detection techniques are useful for the detection of such data tampering which play an important role in database forensic investigation process. Use of NoSQL database has been attracted by big data requirements. Previous research work has limited to tamper detection in relational database and very less work has been found in NoSQL database. So there is a need to propose a mechanism to detect the tampering of NoSQL database systems. Whereas this article proposes an idea of tamper detection in NoSQL database such as MongoDB and Cassandra, which are widely used document-oriented and column-based NoSQL database respectively. This research work has proposed tamper detection technique which works in forensic environment to give more relevant outcome on data tampering and distinguish between suspicious and genuine tampering.
{"title":"Data Tamper Detection from NoSQL Database in Forensic Environment","authors":"Rupali M. Chopade, V. Pachghare","doi":"10.13052/jcsm2245-1439.1025","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1025","url":null,"abstract":"The growth of service sector is increasing the usage of digital applications worldwide. These digital applications are making use of database to store the sensitive and secret information. As the database has distributed over the internet, cybercrime attackers may tamper the database to attack on such sensitive and confidential information. In such scenario, maintaining the integrity of database is a big challenge. Database tampering will change the database state by any data manipulation operation like insert, update or delete. Tamper detection techniques are useful for the detection of such data tampering which play an important role in database forensic investigation process. Use of NoSQL database has been attracted by big data requirements. Previous research work has limited to tamper detection in relational database and very less work has been found in NoSQL database. So there is a need to propose a mechanism to detect the tampering of NoSQL database systems. Whereas this article proposes an idea of tamper detection in NoSQL database such as MongoDB and Cassandra, which are widely used document-oriented and column-based NoSQL database respectively. This research work has proposed tamper detection technique which works in forensic environment to give more relevant outcome on data tampering and distinguish between suspicious and genuine tampering. ","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"179 1","pages":"421-450"},"PeriodicalIF":0.0,"publicationDate":"2021-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78566257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: