Pub Date : 2023-05-18DOI: 10.13052/jcsm2245-1439.123.5
S.Ya. Hilgurt, Anatolii M. Davydenko, T.V. Matovka, Mykhailo P. Prygara
When creating signature-based cybersecurity systems for network intrusion detection (NIDS), spam filtering, protection against viruses, worms, etc., developers have to use hardware devices such as field programmable gate arrays (FPGA), since software solutions can no longer support the necessary speeds. There are many different approaches to build hardware circuits for pattern matching (where patterns are the parts of signatures). Choosing the optimal technical solution for certain conditions is not a trivial task. Developers of such hardware tend to act intuitively, heuristically. In this article, we provide tools to help them intelligently build cybersecurity systems using FPGAs. For the qualitative analysis of FPGA-based matching schemes, the classification of efficiency criteria and related indicators is considered. This classification was compiled by studying a large number of practical developments of FPGA-based cybersecurity systems, primarily NIDS. A method of rapid calculating numerical characteristics of the FPGA-based signature system components is proposed as a quantitative assessment tool. This method based on the use of so-called estimation functions allows avoiding the time-consuming execution of the digital circuit synthesis procedure. A number of experiments were carried out with the most promising matching schemes, allowing evaluating the above-mentioned tools. The rapid quantification method allows developers of hardware-accelerated cybersecurity systems to even apply it at each iteration within the optimization procedure cycle.
{"title":"Tools for Analyzing Signature-Based Hardware Solutions for Cyber Security Systems","authors":"S.Ya. Hilgurt, Anatolii M. Davydenko, T.V. Matovka, Mykhailo P. Prygara","doi":"10.13052/jcsm2245-1439.123.5","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.123.5","url":null,"abstract":"When creating signature-based cybersecurity systems for network intrusion detection (NIDS), spam filtering, protection against viruses, worms, etc., developers have to use hardware devices such as field programmable gate arrays (FPGA), since software solutions can no longer support the necessary speeds. There are many different approaches to build hardware circuits for pattern matching (where patterns are the parts of signatures). Choosing the optimal technical solution for certain conditions is not a trivial task. Developers of such hardware tend to act intuitively, heuristically. In this article, we provide tools to help them intelligently build cybersecurity systems using FPGAs. For the qualitative analysis of FPGA-based matching schemes, the classification of efficiency criteria and related indicators is considered. This classification was compiled by studying a large number of practical developments of FPGA-based cybersecurity systems, primarily NIDS. A method of rapid calculating numerical characteristics of the FPGA-based signature system components is proposed as a quantitative assessment tool. This method based on the use of so-called estimation functions allows avoiding the time-consuming execution of the digital circuit synthesis procedure. A number of experiments were carried out with the most promising matching schemes, allowing evaluating the above-mentioned tools. The rapid quantification method allows developers of hardware-accelerated cybersecurity systems to even apply it at each iteration within the optimization procedure cycle.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"28 1","pages":"339-366"},"PeriodicalIF":0.0,"publicationDate":"2023-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77556011","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-03DOI: 10.13052/jcsm2245-1439.1223
Florian Platzer, Alexandra Lux
The darknet terminology is not used consistently among scientific research papers. This can lead to difficulties in regards to the applicability and the significance of the results and also facilitates misinterpretation of them. As a consequence, comparisons of the different works are complicated.�In this paper, we conduct a review of previous darknet research papers in order to elaborate the distribution of the inconsistent usage of the darknet terminology. Overall, inconsistencies in darknet terminology in 63 out of 97 papers were observed. The most common statement indicated that the dark web is a part of the deep web. 19 papers equate the terms darknet and dark web. Others do not distinguish between dark web and deep web, or between deep web and darknet.
{"title":"Inconsistencies in Darknet Researches","authors":"Florian Platzer, Alexandra Lux","doi":"10.13052/jcsm2245-1439.1223","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1223","url":null,"abstract":"The darknet terminology is not used consistently among scientific research papers. This can lead to difficulties in regards to the applicability and the significance of the results and also facilitates misinterpretation of them. As a consequence, comparisons of the different works are complicated.\u0000In this paper, we conduct a review of previous darknet research papers in order to elaborate the distribution of the inconsistent usage of the darknet terminology. Overall, inconsistencies in darknet terminology in 63 out of 97 papers were observed. The most common statement indicated that the dark web is a part of the deep web. 19 papers equate the terms darknet and dark web. Others do not distinguish between dark web and deep web, or between deep web and darknet.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"12 1","pages":"187-204"},"PeriodicalIF":0.0,"publicationDate":"2023-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87314678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-03DOI: 10.13052/jcsm2245-1439.1225
Usman Rauf, Fadi Mohsen, Zhiyuan Wei
In the last two decades, the number of rapidly increasing cyber incidents (i.e., data theft and privacy breaches) shows that it is becoming enormously difficult for conventional defense mechanisms and architectures to neutralize modern cyber threats in a real-time situation. Disgruntled and rouge employees/agents and intrusive applications are two notorious classes of such modern threats, referred to as Insider Threats, which lead to data theft and privacy breaches. To counter such state-of-the-art threats, modern defense mechanisms require the incorporation of active threat analytics to proactively detect and mitigate any malicious intent at the employee or application level. Existing solutions to these problems intensively rely on co-relation, distance-based risk metrics, and human judgment. Especially when humans are kept in the loop for access-control policy-related decision-making against advanced persistent threats. As a consequence, the situation can escalate and lead to privacy/data breaches in case of insider threats. To confront such challenges, the security community has been striving to identify anomalous intent for advanced behavioral anomaly detection and auto-resiliency (the ability to deter an ongoing threat by policy tuning). Towards this dimension, we aim to review the literature in this domain and evaluate the effectiveness of existing approaches per our proposed criteria. According to our knowledge, this is one of the first endeavors toward developing evaluation-based standards to assess the effectiveness of relevant approaches in this domain while considering insider employees and intrusive applications simultaneously. There have been efforts in literature towards describing and understanding insider threats in general. However, none have addressed the detection and deterrence element in its entirety, hence making our contribution one of a kind. Towards the end of this article, we enlist and discuss the existing data sets. The data sets can help understand the attributes that play crucial roles in insider threat detection. In addition, they can be beneficial for testing the newly designed security solutions in this domain. We also present recommendations for establishing a baseline standard for analyzing insider-threat data sets. This baseline standard could be used in the future to design resilient architectures and provide a road map for organizations to enhance their defense capabilities against insider threats.
{"title":"A Taxonomic Classification of Insider Threats: Existing Techniques, Future Directions & Recommendations","authors":"Usman Rauf, Fadi Mohsen, Zhiyuan Wei","doi":"10.13052/jcsm2245-1439.1225","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1225","url":null,"abstract":"In the last two decades, the number of rapidly increasing cyber incidents (i.e., data theft and privacy breaches) shows that it is becoming enormously difficult for conventional defense mechanisms and architectures to neutralize modern cyber threats in a real-time situation. Disgruntled and rouge employees/agents and intrusive applications are two notorious classes of such modern threats, referred to as Insider Threats, which lead to data theft and privacy breaches. To counter such state-of-the-art threats, modern defense mechanisms require the incorporation of active threat analytics to proactively detect and mitigate any malicious intent at the employee or application level. Existing solutions to these problems intensively rely on co-relation, distance-based risk metrics, and human judgment. Especially when humans are kept in the loop for access-control policy-related decision-making against advanced persistent threats. As a consequence, the situation can escalate and lead to privacy/data breaches in case of insider threats. To confront such challenges, the security community has been striving to identify anomalous intent for advanced behavioral anomaly detection and auto-resiliency (the ability to deter an ongoing threat by policy tuning). Towards this dimension, we aim to review the literature in this domain and evaluate the effectiveness of existing approaches per our proposed criteria. According to our knowledge, this is one of the first endeavors toward developing evaluation-based standards to assess the effectiveness of relevant approaches in this domain while considering insider employees and intrusive applications simultaneously. There have been efforts in literature towards describing and understanding insider threats in general. However, none have addressed the detection and deterrence element in its entirety, hence making our contribution one of a kind. Towards the end of this article, we enlist and discuss the existing data sets. The data sets can help understand the attributes that play crucial roles in insider threat detection. In addition, they can be beneficial for testing the newly designed security solutions in this domain. We also present recommendations for establishing a baseline standard for analyzing insider-threat data sets. This baseline standard could be used in the future to design resilient architectures and provide a road map for organizations to enhance their defense capabilities against insider threats.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"39 1","pages":"221-252"},"PeriodicalIF":0.0,"publicationDate":"2023-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76656363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-03DOI: 10.13052/jcsm2245-1439.1224
Xin Jiang, Huawei Huang, Geyang Pan
A tropical encryption scheme is analyzed in this paper, which uses double key exchange protocol (KEP). The key exchange protocol is divided into two stages: The first stage of the key exchange uses matrix power function in a tropical semiring; the obtained shared key at the first phase of the key exchange serves as an input for the second phase. This paper proves that the common secret key of the first key exchange phase can be obtained by solving linear equations, and when the order of the matrix is 50, the time to solve the shared key is less than 1 second. Finally, the common secret key of the second phase can be obtained through KU attack and common secret key of the first key exchange. So the protocol isn’t secure.
{"title":"Cryptanalysis of Tropical Encryption Scheme Based on Double Key Exchange","authors":"Xin Jiang, Huawei Huang, Geyang Pan","doi":"10.13052/jcsm2245-1439.1224","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1224","url":null,"abstract":"A tropical encryption scheme is analyzed in this paper, which uses double key exchange protocol (KEP). The key exchange protocol is divided into two stages: The first stage of the key exchange uses matrix power function in a tropical semiring; the obtained shared key at the first phase of the key exchange serves as an input for the second phase. This paper proves that the common secret key of the first key exchange phase can be obtained by solving linear equations, and when the order of the matrix is 50, the time to solve the shared key is less than 1 second. Finally, the common secret key of the second phase can be obtained through KU attack and common secret key of the first key exchange. So the protocol isn’t secure.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"145 1","pages":"205-220"},"PeriodicalIF":0.0,"publicationDate":"2023-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89068270","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-03DOI: 10.13052/jcsm2245-1439.1221
M. Steinebach, Tiberius Berwanger, Huajian Liu
Image recognition is an important mechanism used in various scenarios. In the context of multimedia forensics, its most significant task is to automatically detect already known child and adolescent pornography in a large set of images. When fighting disinformation, it is used to identify images taken out of context or image montages. For this purpose, numerous methods based on robust hashing and feature extraction are already known, and recently also supported by machine learning. However, in general, these methods are either only partially robust to changes such as rotation and pruning, or they require a large amount of data and computation. We present a method based on a simple block hash that is efficient to compute and memory efficient. To be robust against cropping and rotation, we combine the method with image segmentation and a method to normalize the rotation of the objects. Our evaluation shows that the method produces results comparable to much more complex approaches, but requires fewer resources.
{"title":"Image Hashing Robust Against Cropping and Rotation","authors":"M. Steinebach, Tiberius Berwanger, Huajian Liu","doi":"10.13052/jcsm2245-1439.1221","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1221","url":null,"abstract":"Image recognition is an important mechanism used in various scenarios. In the context of multimedia forensics, its most significant task is to automatically detect already known child and adolescent pornography in a large set of images. When fighting disinformation, it is used to identify images taken out of context or image montages. For this purpose, numerous methods based on robust hashing and feature extraction are already known, and recently also supported by machine learning. However, in general, these methods are either only partially robust to changes such as rotation and pruning, or they require a large amount of data and computation. We present a method based on a simple block hash that is efficient to compute and memory efficient. To be robust against cropping and rotation, we combine the method with image segmentation and a method to normalize the rotation of the objects. Our evaluation shows that the method produces results comparable to much more complex approaches, but requires fewer resources.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"2 1","pages":"129-160"},"PeriodicalIF":0.0,"publicationDate":"2023-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90483551","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-03DOI: 10.13052/jcsm2245-1439.1222
York Yannikos, J. Heeger, M. Steinebach
Darknet marketplaces in the Tor network are popular places to anonymously buy and sell various kinds of illegal goods. Previous research on marketplaces ranged from analyses of type, availability and quality of goods to methods for identifying users. Although many darknet marketplaces exist, their lifespan is usually short, especially for very popular marketplaces that are in focus of law enforcement agencies.�We built a data acquisition architecture to collect data from White House Market, one of the largest darknet marketplaces in 2021. In this paper we describe our architecture and the problems we had to solve, and present findings from our analysis of the collected data.
{"title":"Scraping and Analyzing Data of a Large Darknet Marketplace","authors":"York Yannikos, J. Heeger, M. Steinebach","doi":"10.13052/jcsm2245-1439.1222","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1222","url":null,"abstract":"Darknet marketplaces in the Tor network are popular places to anonymously buy and sell various kinds of illegal goods. Previous research on marketplaces ranged from analyses of type, availability and quality of goods to methods for identifying users. Although many darknet marketplaces exist, their lifespan is usually short, especially for very popular marketplaces that are in focus of law enforcement agencies.\u0000We built a data acquisition architecture to collect data from White House Market, one of the largest darknet marketplaces in 2021. In this paper we describe our architecture and the problems we had to solve, and present findings from our analysis of the collected data.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"23 1","pages":"161-186"},"PeriodicalIF":0.0,"publicationDate":"2023-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88254149","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-07DOI: 10.13052/jcsm2245-1439.1213
Junlin Zhang
Wireless sensor network (WSN) is the Internet of Things by a large number of sensors in the external physical environment to obtain data information, and use wireless communication technology to provide users with information transmission services. At this stage, communication and security mechanisms are the main problems faced by WSN. This is because most of the existing sensors are powered by batteries with very limited energy, and most of them are deployed in an outdoor open environment, which is easy to be captured as a malicious node. Network attacks. However, the existing malicious node detection methods have shortcomings such as low efficiency, high energy consumption, and insufficient performance. Therefore, this paper proposes a WSN malicious node intrusion detection method based on genetic algorithm optimization of LEACH hierarchical routing protocol. Based on the optimization of the LEACH protocol by genetic algorithm, the method integrates the reputation evaluation mechanism, and screens and eliminates malicious nodes by calculating direct reputation, indirect reputation and comprehensive reputation, thereby ensuring the safe operation of WSN. The simulation results show that this method can effectively resist the attack of malicious nodes on WSN, and has obvious advantages over other methods.
{"title":"WSN Network Node Malicious Intrusion Detection Method Based on Reputation Score","authors":"Junlin Zhang","doi":"10.13052/jcsm2245-1439.1213","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1213","url":null,"abstract":"Wireless sensor network (WSN) is the Internet of Things by a large number of sensors in the external physical environment to obtain data information, and use wireless communication technology to provide users with information transmission services. At this stage, communication and security mechanisms are the main problems faced by WSN. This is because most of the existing sensors are powered by batteries with very limited energy, and most of them are deployed in an outdoor open environment, which is easy to be captured as a malicious node. Network attacks. However, the existing malicious node detection methods have shortcomings such as low efficiency, high energy consumption, and insufficient performance. Therefore, this paper proposes a WSN malicious node intrusion detection method based on genetic algorithm optimization of LEACH hierarchical routing protocol. Based on the optimization of the LEACH protocol by genetic algorithm, the method integrates the reputation evaluation mechanism, and screens and eliminates malicious nodes by calculating direct reputation, indirect reputation and comprehensive reputation, thereby ensuring the safe operation of WSN. The simulation results show that this method can effectively resist the attack of malicious nodes on WSN, and has obvious advantages over other methods.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"1 1","pages":"55-76"},"PeriodicalIF":0.0,"publicationDate":"2023-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73114929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-07DOI: 10.13052/jcsm2245-1439.1215
Mohammed Mujeer Ulla, Deepak S. Sakkari
Very recent attacks like ladder leak demonstrated feasibility to recover private key with side channel attacks using just one bit of secret nonce. ECDSA nonce bias can be exploited in many ways. Some attacks on ECDSA involve complicated Fourier analysis and lattice mathematics. In this paper will enable cryptographers to identify efficient ways in which ECDSA can be cracked on curves NIST256p, SECP256k1, NIST521p and weak nonce, kind of attacks that can crack ECDSA and how to protect yourself. Initially we begin with ECDSA signature to sign a message using private key and validate the generated signature using the shared public key. Then we use a nonce or a random value to randomize the generated signature. Every time we sign, a new verifiable random nonce value is created and way in which the intruder can discover the private key if the signer leaks any one of the nonce value. Then we use Lenstra–Lenstra–Lovasz (LLL) method as a black box, we will try to attack signatures generated from bad nonce or bad random number generator (RAG) on NIST256p, SECP256k1 curves. The analysis is performed by considering all the three curves for implementation of Elliptic Curve Digital Signature Algorithm (ECDSA).The comparative analysis for each of the selected curves in terms of computational time is done with leak of nonce and with Lenstra–Lenstra–Lovasz method to crack ECDSA. The average computational costs to break ECDSA with curves NIST256p, NIST521p and SECP256k1 are 0.016, 0.34, 0.46 respectively which is almost to zero depicts the strength of algorithm. The average computational costs to break ECDSA with curves SECP256K1 and NIST256p using LLL are 2.9 and 3.4 respectively.
{"title":"Research on Elliptic Curve Crypto System with Bitcoin Curves - SECP256k1, NIST256p, NIST521p and LLL","authors":"Mohammed Mujeer Ulla, Deepak S. Sakkari","doi":"10.13052/jcsm2245-1439.1215","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1215","url":null,"abstract":"Very recent attacks like ladder leak demonstrated feasibility to recover private key with side channel attacks using just one bit of secret nonce. ECDSA nonce bias can be exploited in many ways. Some attacks on ECDSA involve complicated Fourier analysis and lattice mathematics. In this paper will enable cryptographers to identify efficient ways in which ECDSA can be cracked on curves NIST256p, SECP256k1, NIST521p and weak nonce, kind of attacks that can crack ECDSA and how to protect yourself. Initially we begin with ECDSA signature to sign a message using private key and validate the generated signature using the shared public key. Then we use a nonce or a random value to randomize the generated signature. Every time we sign, a new verifiable random nonce value is created and way in which the intruder can discover the private key if the signer leaks any one of the nonce value. Then we use Lenstra–Lenstra–Lovasz (LLL) method as a black box, we will try to attack signatures generated from bad nonce or bad random number generator (RAG) on NIST256p, SECP256k1 curves. The analysis is performed by considering all the three curves for implementation of Elliptic Curve Digital Signature Algorithm (ECDSA).The comparative analysis for each of the selected curves in terms of computational time is done with leak of nonce and with Lenstra–Lenstra–Lovasz method to crack ECDSA. The average computational costs to break ECDSA with curves NIST256p, NIST521p and SECP256k1 are 0.016, 0.34, 0.46 respectively which is almost to zero depicts the strength of algorithm. The average computational costs to break ECDSA with curves SECP256K1 and NIST256p using LLL are 2.9 and 3.4 respectively.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"446 1","pages":"103-128"},"PeriodicalIF":0.0,"publicationDate":"2023-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75081539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-07DOI: 10.13052/jcsm2245-1439.1211
Zhihong Zhang
In this paper, the forward selection (FS) algorithm is introduced on the basis of information and communication technology, and the design of intrusion detection method for communication network is carried out. By studying the classification and detection pattern matching of communication network intrusion behavior, extracting the intrusion behavior features of communication network based on FS algorithm, and optimizing the intrusion detection and learning effect based on the limit learning machine, the intrusion behavior attributes of communication network are clarified, and a new detection method is proposed to solve the problems of low detection accuracy and low recall in the current intrusion behavior detection of complex communication network environments. Compared with the intrusion detection method based on GA-SVM algorithm, the accuracy of the detection results reaches 94.23%, and the recall rate exceeds 97%, which is obviously better than the 85% accuracy and 75% recall rate of the traditional detection method, which can ensure the security of the communication network environment. In addition, this paper proposes the APDR dynamic comprehensive information security assurance system model, which has considerable flexibility and can respond to current network security requirements.
{"title":"Analysis of Network Security Countermeasures From the Perspective of Improved FS Algorithm and ICT Convergence","authors":"Zhihong Zhang","doi":"10.13052/jcsm2245-1439.1211","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1211","url":null,"abstract":"In this paper, the forward selection (FS) algorithm is introduced on the basis of information and communication technology, and the design of intrusion detection method for communication network is carried out. By studying the classification and detection pattern matching of communication network intrusion behavior, extracting the intrusion behavior features of communication network based on FS algorithm, and optimizing the intrusion detection and learning effect based on the limit learning machine, the intrusion behavior attributes of communication network are clarified, and a new detection method is proposed to solve the problems of low detection accuracy and low recall in the current intrusion behavior detection of complex communication network environments. Compared with the intrusion detection method based on GA-SVM algorithm, the accuracy of the detection results reaches 94.23%, and the recall rate exceeds 97%, which is obviously better than the 85% accuracy and 75% recall rate of the traditional detection method, which can ensure the security of the communication network environment. In addition, this paper proposes the APDR dynamic comprehensive information security assurance system model, which has considerable flexibility and can respond to current network security requirements.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"50 10 1","pages":"1-24"},"PeriodicalIF":0.0,"publicationDate":"2023-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90988846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-07DOI: 10.13052/jcsm2245-1439.1212
Ekhlas Abbas Albahrani, Sadeq H. Lafta, Naeem Howrie Ghayad
This paper introduces a new Database Transposition, Substitution and XORing Algorithm (DTSXA) based on using chaotic maps. It is based primarily on two well-known security properties: confusion and diffusion. A random number generator was depended on to produce the keys for the algorithm of encryption and decryption. The encryption of the Arabic language in addition to the English language was done, besides it can encrypt a table, individual row and individual column. The suggested algorithm was obeyed and analyzed by different tests involving brute force attack analyses, statistical attack analyses (security analysis histogram, correlation coefficient analysis and information entropy analysis), key sensitivity analysis, differential attack analysis, and mean square error analysis. This algorithm passed all the applied analyses well-deservedly, which indicates that the presented encryption algorithm has a high security level due to its large key space and high sensitivity to the change in the cipher keys.
{"title":"A Chaos-Based Encryption Algorithm for Database System","authors":"Ekhlas Abbas Albahrani, Sadeq H. Lafta, Naeem Howrie Ghayad","doi":"10.13052/jcsm2245-1439.1212","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1212","url":null,"abstract":"This paper introduces a new Database Transposition, Substitution and XORing Algorithm (DTSXA) based on using chaotic maps. It is based primarily on two well-known security properties: confusion and diffusion. A random number generator was depended on to produce the keys for the algorithm of encryption and decryption. The encryption of the Arabic language in addition to the English language was done, besides it can encrypt a table, individual row and individual column. The suggested algorithm was obeyed and analyzed by different tests involving brute force attack analyses, statistical attack analyses (security analysis histogram, correlation coefficient analysis and information entropy analysis), key sensitivity analysis, differential attack analysis, and mean square error analysis. This algorithm passed all the applied analyses well-deservedly, which indicates that the presented encryption algorithm has a high security level due to its large key space and high sensitivity to the change in the cipher keys.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"17 1","pages":"25-54"},"PeriodicalIF":0.0,"publicationDate":"2023-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91001326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: