Pub Date : 2022-12-31DOI: 10.32604/jcs.2022.031889
J. Pavithra, S. Selvakumarasamy
Machine learning (ML) is often used to solve the problem of malware detection and classification and various machine learning approaches are adapted to the problem of malware classification; still acquiring poor performance by the way of feature selection, and classification. To manage the issue, an efficient Adaptive Feature Centric XG Boost Ensemble Learner Classifier “AFC-XG Boost” novel algorithm is presented in this paper. The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set. The model turns the process of XG Boost classifier in several stages to optimize the performance. At preprocessing stage, the data set given has been noise removed, normalized and tamper removed using Feature Base Optimizer “FBO” algorithm. The FBO would normalize the data points as well as performs noise removal according to the feature values and their base information. Similarly, the performance of standard XG Boost has been optimized by adapting Feature selection using Class Based Principle Component Analysis “CBPCA” algorithm, which performs feature selection according to the fitness of any feature for different classes. Based on the selected features, the method generates regression tree for each feature considered. Based on the generated trees, the method performs classification by computing Tree Level Ensemble Similarity “TLES” and Class Level Ensemble Similarity “CLES”. Using both method computes the value of Class Match Similarity “CMS” based on which the malware has been classified. The proposed approach achieves 97% accuracy in malware detection and classification with the less time complexity of 34 seconds for 75000 samples
机器学习(ML)经常被用来解决恶意软件的检测和分类问题,各种机器学习方法都适用于恶意软件的分类问题;通过特征选择和分类的方法仍然获得较差的性能。为了解决这个问题,本文提出了一种高效的以自适应特征为中心的XG Boost集成学习分类器“AFC-XG Boost”新算法。该模型被设计用于处理从Kaggle数据集获得的各种恶意软件检测数据集。该模型将XG Boost分类器的过程分成几个阶段进行优化。在预处理阶段,使用Feature Base Optimizer“FBO”算法对给定的数据集进行去噪、归一化和去篡改。FBO将根据特征值及其基础信息对数据点进行归一化和去噪。同样,标准XG Boost的性能通过使用基于类的主成分分析(CBPCA)算法进行特征选择来优化,该算法根据不同类的任何特征的适应度进行特征选择。该方法根据所选择的特征,对所考虑的每个特征生成回归树。基于生成的树,该方法通过计算树级集成相似度“TLES”和类级集成相似度“CLES”进行分类。使用这两种方法计算类匹配相似度“CMS”的值,以此为基础对恶意软件进行分类。该方法对75000个样本的恶意软件检测和分类准确率达到97%,时间复杂度较低,仅为34秒
{"title":"An Adaptive-Feature Centric XGBoost Ensemble Classifier Model for Improved Malware Detection and Classification","authors":"J. Pavithra, S. Selvakumarasamy","doi":"10.32604/jcs.2022.031889","DOIUrl":"https://doi.org/10.32604/jcs.2022.031889","url":null,"abstract":"Machine learning (ML) is often used to solve the problem of malware detection and classification and various machine learning approaches are adapted to the problem of malware classification; still acquiring poor performance by the way of feature selection, and classification. To manage the issue, an efficient Adaptive Feature Centric XG Boost Ensemble Learner Classifier “AFC-XG Boost” novel algorithm is presented in this paper. The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set. The model turns the process of XG Boost classifier in several stages to optimize the performance. At preprocessing stage, the data set given has been noise removed, normalized and tamper removed using Feature Base Optimizer “FBO” algorithm. The FBO would normalize the data points as well as performs noise removal according to the feature values and their base information. Similarly, the performance of standard XG Boost has been optimized by adapting Feature selection using Class Based Principle Component Analysis “CBPCA” algorithm, which performs feature selection according to the fitness of any feature for different classes. Based on the selected features, the method generates regression tree for each feature considered. Based on the generated trees, the method performs classification by computing Tree Level Ensemble Similarity “TLES” and Class Level Ensemble Similarity “CLES”. Using both method computes the value of Class Match Similarity “CMS” based on which the malware has been classified. The proposed approach achieves 97% accuracy in malware detection and classification with the less time complexity of 34 seconds for 75000 samples","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"1 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2022-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83080459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-03DOI: 10.13052/jcsm2245-1439.1153
Bing Bai
The presence of anomalous traffic on the network causes some dangers to network security. To address the issue of monitoring and identifying abnormal traffic on the network, this paper first selected the traffic features with the mutual information-based method and then compared different mathematical models, including k-Nearest Neighbor (KNN), Back-Propagation Neural Network (BPNN), and Elman. Then, parameters were optimized by the Grasshopper Optimization Algorithm (GOA) based on the defects of BPNN and Elman to obtain GOA-BPNN and GOA-Elman models. The performance of these mathematical models was compared on UNSW-UB15. It was found that the KNN model had the worst performance and the Elman model performed better than the BPNN model. After GOA optimization, the performance of the models was improved. The GOA-Elman model had the best performance in monitoring and recognizing abnormal traffic, with an accuracy of 97.33%, and it performed well in monitoring and recognizing different types of traffic. The research results demonstrate the reliability of the GOA-Elman model, providing a new approach for network security.
{"title":"Monitoring and Identification of Abnormal Network Traffic by Different Mathematical Models","authors":"Bing Bai","doi":"10.13052/jcsm2245-1439.1153","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1153","url":null,"abstract":"The presence of anomalous traffic on the network causes some dangers to network security. To address the issue of monitoring and identifying abnormal traffic on the network, this paper first selected the traffic features with the mutual information-based method and then compared different mathematical models, including k-Nearest Neighbor (KNN), Back-Propagation Neural Network (BPNN), and Elman. Then, parameters were optimized by the Grasshopper Optimization Algorithm (GOA) based on the defects of BPNN and Elman to obtain GOA-BPNN and GOA-Elman models. The performance of these mathematical models was compared on UNSW-UB15. It was found that the KNN model had the worst performance and the Elman model performed better than the BPNN model. After GOA optimization, the performance of the models was improved. The GOA-Elman model had the best performance in monitoring and recognizing abnormal traffic, with an accuracy of 97.33%, and it performed well in monitoring and recognizing different types of traffic. The research results demonstrate the reliability of the GOA-Elman model, providing a new approach for network security.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"2014 1","pages":"695-712"},"PeriodicalIF":0.0,"publicationDate":"2022-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86551505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-03DOI: 10.13052/jcsm2245-1439.1151
Sunardi, Herman, Syifa Riski Ardiningtias
Technological developments make it easier for people to communicate and share information. Facebook Messenger is an instant messenger that contains multi-platform for sending text, image, sound, and video messages. Besides being used for positive purposes, this technology can also be used to carry out harmful activities. This study conducts a forensic investigation on a crime simulation in pornographic content distribution using Facebook Messenger as a communication medium on Android smartphones. Perpetrators communicate and send pornographic content in the shape of conversations, audio, and video, then delete them to eliminate traces. Every crime can leave evidence therefore after erasing the track, it can be revealed through digital forensic investigations on the smartphone devices that are used as objects to find digital evidence. The collection of evidence in this study is used four forensic tools with the research stages the National Institute of Justice (NIJ) framework. The study result can be used as evidence by investigators on handling criminal cases with the results obtained in the shape of application versions, accounts, emails, conversation, time of occurrence, pictures, audio, and video. MOBILedit Forensic Express has an accuracy of 84.85%, Wondershare Dr. Fone 36.36%, Magnet Axiom 75.76%, and Belkasoft Evidence Center 69.70%.
科技的发展使人们更容易交流和分享信息。Facebook Messenger是一个包含多平台的即时通讯工具,可以发送文本、图像、声音和视频信息。除了被用于积极的目的,这项技术也可以被用来进行有害的活动。本研究对在Android智能手机上使用Facebook Messenger作为通信媒介进行色情内容分发的犯罪模拟进行了法医调查。犯罪者以对话、音频和视频的形式交流和发送色情内容,然后删除它们以消除痕迹。每一起犯罪都会留下证据,因此,在清除痕迹后,可以通过作为寻找数字证据对象的智能手机进行数字法医调查。本研究中的证据收集使用了四种法医工具,研究阶段为国家司法研究所(NIJ)框架。研究结果可以作为侦查人员办理刑事案件的证据,以应用程序版本、账号、邮件、对话、发生时间、图片、音频、视频等形式获得。MOBILedit Forensic Express的准确率为84.85%,Wondershare Dr. Fone的准确率为36.36%,Magnet Axiom的准确率为75.76%,Belkasoft Evidence Center的准确率为69.70%。
{"title":"A Comparative Analysis of Digital Forensic Investigation Tools on Facebook Messenger Applications","authors":"Sunardi, Herman, Syifa Riski Ardiningtias","doi":"10.13052/jcsm2245-1439.1151","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1151","url":null,"abstract":"Technological developments make it easier for people to communicate and share information. Facebook Messenger is an instant messenger that contains multi-platform for sending text, image, sound, and video messages. Besides being used for positive purposes, this technology can also be used to carry out harmful activities. This study conducts a forensic investigation on a crime simulation in pornographic content distribution using Facebook Messenger as a communication medium on Android smartphones. Perpetrators communicate and send pornographic content in the shape of conversations, audio, and video, then delete them to eliminate traces. Every crime can leave evidence therefore after erasing the track, it can be revealed through digital forensic investigations on the smartphone devices that are used as objects to find digital evidence. The collection of evidence in this study is used four forensic tools with the research stages the National Institute of Justice (NIJ) framework. The study result can be used as evidence by investigators on handling criminal cases with the results obtained in the shape of application versions, accounts, emails, conversation, time of occurrence, pictures, audio, and video. MOBILedit Forensic Express has an accuracy of 84.85%, Wondershare Dr. Fone 36.36%, Magnet Axiom 75.76%, and Belkasoft Evidence Center 69.70%.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"56 1","pages":"655-672"},"PeriodicalIF":0.0,"publicationDate":"2022-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78452312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-03DOI: 10.13052/jcsm2245-1439.1154
Dongliang Bian, Jun Pan, Yanhui Wang
The involvement of the Internet in the production of daily life has increased the demand for the security of private data on the Internet. This paper briefly introduced the principles of advanced encryption standard (AES) and data encryption standard (DES) algorithms and then conducted simulation experiments on the two encryption algorithms in a laboratory server. The results showed that both algorithms had excellent sensitivity to plaintext keys, and the sensitivity of the AES algorithm was higher; the encryption and decryption time of both algorithms increased as the file got larger, and the encryption and decryption time of the same algorithm was not much different; the encryption and decryption time of the AES algorithm was less than that of the DES algorithm for the same file, and the time taken to crack the AES-encrypted data by brute force was also much longer; during the transmission of encrypted data, as the data increased, the integrity of the ciphertext decryption by the third-party decreased, and the integrity of the AES algorithm-encrypted file was significantly smaller than that of the DES algorithm-encrypted file when it was decrypted.
{"title":"Study of Encrypted Transmission of Private Data During Network Communication: Performance Comparison of Advanced Encryption Standard and Data Encryption Standard Algorithms","authors":"Dongliang Bian, Jun Pan, Yanhui Wang","doi":"10.13052/jcsm2245-1439.1154","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1154","url":null,"abstract":"The involvement of the Internet in the production of daily life has increased the demand for the security of private data on the Internet. This paper briefly introduced the principles of advanced encryption standard (AES) and data encryption standard (DES) algorithms and then conducted simulation experiments on the two encryption algorithms in a laboratory server. The results showed that both algorithms had excellent sensitivity to plaintext keys, and the sensitivity of the AES algorithm was higher; the encryption and decryption time of both algorithms increased as the file got larger, and the encryption and decryption time of the same algorithm was not much different; the encryption and decryption time of the AES algorithm was less than that of the DES algorithm for the same file, and the time taken to crack the AES-encrypted data by brute force was also much longer; during the transmission of encrypted data, as the data increased, the integrity of the ciphertext decryption by the third-party decreased, and the integrity of the AES algorithm-encrypted file was significantly smaller than that of the DES algorithm-encrypted file when it was decrypted.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"24 1","pages":"713-726"},"PeriodicalIF":0.0,"publicationDate":"2022-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81037438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-03DOI: 10.13052/jcsm2245-1439.1152
El Hassane Laaji, A. Azizi
The BB84 quantum key distribution (QKD) protocol is based on the no-cloning quantum physic property, so if an attacker measures a photon state, he disturbs that state. This protocol uses two channels: (1) A quantum channel for sending the quantum information (photons polarized). (2) And a classical channel for exchanging the polarization and the measurement information (base sets or filters). The BB84 supposes that the classical channel is secure, but it is not always right, because it depends on the methods used during the communication over this channel. If an eavesdropper gets the sender or the receiver filters or both of them, he can leak some or all bits of the constructed key. In this context, we contribute by creating a protocol that combines the BB84 protocol with an improved scheme of NTRU post-quantum cryptosystem, which will secure the transmitted information over the classical channel. NTRU is a structured lattice scheme, and it is based on the hardness to solve lattice problems in Rn. Actually, it is one of the most important candidates for the NIST post-quantum standardization project.
{"title":"A Combination of BB84 Quantum Key Distribution and An Improved Scheme of NTRU Post-Quantum Cryptosystem","authors":"El Hassane Laaji, A. Azizi","doi":"10.13052/jcsm2245-1439.1152","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1152","url":null,"abstract":"The BB84 quantum key distribution (QKD) protocol is based on the no-cloning quantum physic property, so if an attacker measures a photon state, he disturbs that state. This protocol uses two channels: (1) A quantum channel for sending the quantum information (photons polarized). (2) And a classical channel for exchanging the polarization and the measurement information (base sets or filters). The BB84 supposes that the classical channel is secure, but it is not always right, because it depends on the methods used during the communication over this channel. If an eavesdropper gets the sender or the receiver filters or both of them, he can leak some or all bits of the constructed key. In this context, we contribute by creating a protocol that combines the BB84 protocol with an improved scheme of NTRU post-quantum cryptosystem, which will secure the transmitted information over the classical channel. NTRU is a structured lattice scheme, and it is based on the hardness to solve lattice problems in Rn. Actually, it is one of the most important candidates for the NIST post-quantum standardization project.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"1 1","pages":"673-694"},"PeriodicalIF":0.0,"publicationDate":"2022-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82908301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-07DOI: 10.13052/jcsm2245-1439.1141
Daniel Kyalo Ndambuki, Hitmi Khalifa Alhitmi
This research entails an investigation into enhanced attack detection techniques as a security feature in vehicular platooning. The paper evaluates critical challenges in the security of Vehicular Ad hoc Networks (VANETs) with a focus on vulnerabilities in vehicle platooning. We evaluate the possibilities of securing a platoon through enhanced attack detection following an inside attack while considering current communication-based approaches to vehicular platoon security that have been effective at isolating infected platoon members. This study proposes the use of color-shift keying (CSK) as a security tool for enhanced detection of an apparent platoon attack. We simulate various attack scenarios involving a vehicular platoon communicating via a VLC network and assess the degree of exposure of such networks to three types of attacks – Sybil attacks, delay attacks, and denial-of-service (DoS) attacks. We recommend the use of a light-to-frequency (LTF) converter comprising of a receiver to collect and decode transmitted symbols with regard to the frequency of transmission. Once there is a drop in the intensity of the light transmitted in the platoon, CSK is implemented to alter the intensity of the red, green, and blue (RGB) spectrum coupled with radiofrequency to ensure the security of the communication. CSK will use coded symbols to transmit the control information from the leader using a microcontroller.
{"title":"Attack Mitigation and Security for Vehicle Platoon","authors":"Daniel Kyalo Ndambuki, Hitmi Khalifa Alhitmi","doi":"10.13052/jcsm2245-1439.1141","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1141","url":null,"abstract":"This research entails an investigation into enhanced attack detection techniques as a security feature in vehicular platooning. The paper evaluates critical challenges in the security of Vehicular Ad hoc Networks (VANETs) with a focus on vulnerabilities in vehicle platooning. We evaluate the possibilities of securing a platoon through enhanced attack detection following an inside attack while considering current communication-based approaches to vehicular platoon security that have been effective at isolating infected platoon members. This study proposes the use of color-shift keying (CSK) as a security tool for enhanced detection of an apparent platoon attack. We simulate various attack scenarios involving a vehicular platoon communicating via a VLC network and assess the degree of exposure of such networks to three types of attacks – Sybil attacks, delay attacks, and denial-of-service (DoS) attacks. We recommend the use of a light-to-frequency (LTF) converter comprising of a receiver to collect and decode transmitted symbols with regard to the frequency of transmission. Once there is a drop in the intensity of the light transmitted in the platoon, CSK is implemented to alter the intensity of the red, green, and blue (RGB) spectrum coupled with radiofrequency to ensure the security of the communication. CSK will use coded symbols to transmit the control information from the leader using a microcontroller.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"86 4 1","pages":"497-530"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89359545","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-07DOI: 10.13052/jcsm2245-1439.1143
S. K. Nanda, D. Ghai, P. Ingole
The video forensics world is a developing network of experts associated with the computerized video forensics industry. With quickly developing innovation, the video turned out to be the most significant weapon in the battle against individuals who violate the law by catching them in the act. Proof caught on video is viewed as more dependable, more exact, and more persuading than observer declaration alone. But, proof can be effortlessly tempered by utilizing programming. Video forensics examination, tells us about the accuracy of the input video. It has become a challenge for law enforcement agencies to deal with the increasing violence rate which involves the use of masks and weapons. The identification of a person becomes difficult with the use of face masks. The proposed method uses an efficient technique that is YOLO to detect guns, masks and suspicious persons from a video by extracting frames and features. It further compares the obtained frame with the available images in the dataset and generates output with bounding boxes detecting guns, masks and suspicious persons. This paper also examined the domain of video forensics and its outcomes. Experimental results show that the proposed method outperforms the existing techniques tested on different datasets. The precision for YOLO design for guns and masks is 100% and 75% respectively. The precision for customized CNN engineering for guns and face masks is 61.54% and 61.5% respectively. Execution measurements for both models have shown that the YOLO design outperformed the customized CNN with its presentation.
{"title":"Analysis of Video Forensics System for Detection of Gun, Mask and Anomaly Using Soft Computing Techniques","authors":"S. K. Nanda, D. Ghai, P. Ingole","doi":"10.13052/jcsm2245-1439.1143","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1143","url":null,"abstract":"The video forensics world is a developing network of experts associated with the computerized video forensics industry. With quickly developing innovation, the video turned out to be the most significant weapon in the battle against individuals who violate the law by catching them in the act. Proof caught on video is viewed as more dependable, more exact, and more persuading than observer declaration alone. But, proof can be effortlessly tempered by utilizing programming. Video forensics examination, tells us about the accuracy of the input video. It has become a challenge for law enforcement agencies to deal with the increasing violence rate which involves the use of masks and weapons. The identification of a person becomes difficult with the use of face masks. The proposed method uses an efficient technique that is YOLO to detect guns, masks and suspicious persons from a video by extracting frames and features. It further compares the obtained frame with the available images in the dataset and generates output with bounding boxes detecting guns, masks and suspicious persons. This paper also examined the domain of video forensics and its outcomes. Experimental results show that the proposed method outperforms the existing techniques tested on different datasets. The precision for YOLO design for guns and masks is 100% and 75% respectively. The precision for customized CNN engineering for guns and face masks is 61.54% and 61.5% respectively. Execution measurements for both models have shown that the YOLO design outperformed the customized CNN with its presentation.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"16 1","pages":"549-574"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90271696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-07DOI: 10.13052/jcsm2245-1439.1142
K. R. Rao, Aditya Kolpe, Tribikram Pradhan, B. B. Zarpelão
Role Based Access Control (RBAC) systems face an essential issue related to systematic handling of users’ access requests known as the User Authentication Query (UAQ) Problem. In this paper, we show that the UAQ problem can be resolved using Unsupervised machine learning following the guaranteed access request and Dynamic Separation of Duty relations. The use of Agglomerative Hierarchical Clustering not only improves efficiency but also avoids disordered merging of existing roles to create new ones and steers clear of duplication. With a time complexity of O(n^3), the algorithm proves to be one of the fastest and promising models in state-of-the-art. The proposed model has been compared with the existing models and experimentally evaluated.
{"title":"An Efficient Solution to User Authorization Query Problem in RBAC Systems Using Hierarchical Clustering","authors":"K. R. Rao, Aditya Kolpe, Tribikram Pradhan, B. B. Zarpelão","doi":"10.13052/jcsm2245-1439.1142","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1142","url":null,"abstract":" Role Based Access Control (RBAC) systems face an essential issue related to systematic handling of users’ access requests known as the User Authentication Query (UAQ) Problem. In this paper, we show that the UAQ problem can be resolved using Unsupervised machine learning following the guaranteed access request and Dynamic Separation of Duty relations. The use of Agglomerative Hierarchical Clustering not only improves efficiency but also avoids disordered merging of existing roles to create new ones and steers clear of duplication. With a time complexity of O(n^3), the algorithm proves to be one of the fastest and promising models in state-of-the-art. The proposed model has been compared with the existing models and experimentally evaluated.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"35 1","pages":"531-548"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75168536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-07DOI: 10.32604/cmc.2022.026749
H. Tekleselassie
Internet of Things (IoT) networks leverage wireless communication protocol, which adversaries can exploit. Impersonation attacks, injection attacks, and flooding are several examples of different attacks existing in Wi-Fi networks. Intrusion Detection System (IDS) became one solution to distinguish those attacks from benign traffic. Deep learning techniques have been intensively utilized to classify the attacks. However, the main issue of utilizing deep learning models is projecting the data, notably tabular data, into image-based data. This study proposes a novel projection from wireless network attacks data into grid-like data for feeding one of the Convolutional Neural Network (CNN) models, EfficientNet. We define the particular sequence of placing the attribute values in a matrix that would be captured as an image. By combining the most important subset of attributes and EfficientNet, we aim for an accurate and lightweight IDS module deployed in IoT networks. We examine the proposed model using the Wi-Fi attacks dataset, called AWID dataset. We achieve the best performance by a 99.91% F1 score and 0.11% false positive rate. In addition, our proposed model achieved comparable results with other statistical machine learning models, which shows that our proposed model successfully exploited the spatial information of tabular data to maintain detection accuracy. We also successfully maintain the false positive rate of about 0.11%. We also compared the proposed model with other machine learning models, and it is shown that our proposed model achieved comparable results with the other three models. We believe the spatial information must be considered by projecting the tabular data into grid-like data.
{"title":"Two-Dimensional Projection Based Wireless Intrusion Classification Using Lightweight EfficientNet","authors":"H. Tekleselassie","doi":"10.32604/cmc.2022.026749","DOIUrl":"https://doi.org/10.32604/cmc.2022.026749","url":null,"abstract":"Internet of Things (IoT) networks leverage wireless communication protocol, which adversaries can exploit. Impersonation attacks, injection attacks, and flooding are several examples of different attacks existing in Wi-Fi networks. Intrusion Detection System (IDS) became one solution to distinguish those attacks from benign traffic. Deep learning techniques have been intensively utilized to classify the attacks. However, the main issue of utilizing deep learning models is projecting the data, notably tabular data, into image-based data. This study proposes a novel projection from wireless network attacks data into grid-like data for feeding one of the Convolutional Neural Network (CNN) models, EfficientNet. We define the particular sequence of placing the attribute values in a matrix that would be captured as an image. By combining the most important subset of attributes and EfficientNet, we aim for an accurate and lightweight IDS module deployed in IoT networks. We examine the proposed model using the Wi-Fi attacks dataset, called AWID dataset. We achieve the best performance by a 99.91% F1 score and 0.11% false positive rate. In addition, our proposed model achieved comparable results with other statistical machine learning models, which shows that our proposed model successfully exploited the spatial information of tabular data to maintain detection accuracy. We also successfully maintain the false positive rate of about 0.11%. We also compared the proposed model with other machine learning models, and it is shown that our proposed model achieved comparable results with the other three models. We believe the spatial information must be considered by projecting the tabular data into grid-like data.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"4 1","pages":"601-620"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81683448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-07DOI: 10.13052/jcsm2245-1439.1146
B. Chaithanya, S. Brahmananda
Ransomware is a type of revenue-generating tactic that cybercriminals utilize to improve their income. Businesses have spent billions of dollars recovering control of their resources, which may include confidential data, operational applications and models, financial transactions, and other information, as a result of malicious software. Ransomware can infiltrate a resource or device and restrict the owner from accessing or utilizing it. There are various obstacles that a business must overcome in order to avoid ransomware attacks. Traditional ransomware detection systems employ a static detection method in which a finite dataset is provided into the system and a logical check is performed to prevent ransomware attacks against the system. This was effective in the early stages of the internet, but the scenario of recent times is far more advanced, and as more and more cyber world contrivances have been analyzed, multiple gaps have been identified, to the benefit of ransomware attackers, who use these gaps to generate astronomically large sums of money. As a result, the suggested methodology aims to efficiently detect diverse patterns associated with various file formats by starting with their sources, data collecting, probabilistic identification of target devices, and deep learning classifier with intelligent detection. An organization can use the recommended approach to safeguard its data and prepare for future ransomware attacks by using it as a roadmap to lead them through their security efforts.
{"title":"AI-enhanced Defense Against Ransomware Within the Organization's Architecture","authors":"B. Chaithanya, S. Brahmananda","doi":"10.13052/jcsm2245-1439.1146","DOIUrl":"https://doi.org/10.13052/jcsm2245-1439.1146","url":null,"abstract":"Ransomware is a type of revenue-generating tactic that cybercriminals utilize to improve their income. Businesses have spent billions of dollars recovering control of their resources, which may include confidential data, operational applications and models, financial transactions, and other information, as a result of malicious software. Ransomware can infiltrate a resource or device and restrict the owner from accessing or utilizing it. There are various obstacles that a business must overcome in order to avoid ransomware attacks. Traditional ransomware detection systems employ a static detection method in which a finite dataset is provided into the system and a logical check is performed to prevent ransomware attacks against the system. This was effective in the early stages of the internet, but the scenario of recent times is far more advanced, and as more and more cyber world contrivances have been analyzed, multiple gaps have been identified, to the benefit of ransomware attackers, who use these gaps to generate astronomically large sums of money. As a result, the suggested methodology aims to efficiently detect diverse patterns associated with various file formats by starting with their sources, data collecting, probabilistic identification of target devices, and deep learning classifier with intelligent detection. An organization can use the recommended approach to safeguard its data and prepare for future ransomware attacks by using it as a roadmap to lead them through their security efforts.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"7 1","pages":"621-654"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85821054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: