首页 > 最新文献

International Journal of Information Security and Privacy最新文献

英文 中文
An Imperceptible Watermarking Scheme for Medical Image Tamper Detection 一种用于医学图像篡改检测的不可察觉水印方案
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.2022010102
Abdallah Soualmi, Adel Alti, L. Laouamer
One of the important issues in telemedicine field refers to an advanced secure communication. Digital image watermarking is an ideal solution since it protects the electronic patient information’s from unauthorized access. This paper presents a novel blind fragile-based image watermarking scheme in spatial domain that merges Speed Up Robust Features (SURF) descriptor with the well-known Weber Descriptors (WDs) and Arnold algorithm. It provides a good way for enhancing the image quality and time complexity for medical data integrity. Firstly, the watermark image is shuffled using Arnold chaotic map. Secondly, the SURF technique is practiced to Region of Interest (ROI) of the medical image and then the blocks around the SURF points are selected to insert the watermark. Finally, the watermark is encrusted and extracted using WDs. Experimental results show good image fidelity with the shortest execution time to ensure medical images integrity.
远程医疗领域的一个重要问题是先进的安全通信。数字图像水印是一种理想的解决方案,因为它可以保护电子患者信息免受未经授权的访问。本文提出了一种新的基于空间域的盲脆弱性图像水印方案,该方案将加速鲁棒特征(SURF)描述符与韦伯描述符(WDs)和阿诺德算法相结合。它为提高图像质量和时间复杂度,保证医疗数据的完整性提供了一种很好的方法。首先,利用Arnold混沌映射对水印图像进行洗牌;其次,将SURF技术应用于医学图像的感兴趣区域(ROI),然后选择SURF点周围的块插入水印;最后,利用WDs对水印进行包层和提取。实验结果表明,该算法具有良好的图像保真度和最短的执行时间,保证了医学图像的完整性。
{"title":"An Imperceptible Watermarking Scheme for Medical Image Tamper Detection","authors":"Abdallah Soualmi, Adel Alti, L. Laouamer","doi":"10.4018/ijisp.2022010102","DOIUrl":"https://doi.org/10.4018/ijisp.2022010102","url":null,"abstract":"One of the important issues in telemedicine field refers to an advanced secure communication. Digital image watermarking is an ideal solution since it protects the electronic patient information’s from unauthorized access. This paper presents a novel blind fragile-based image watermarking scheme in spatial domain that merges Speed Up Robust Features (SURF) descriptor with the well-known Weber Descriptors (WDs) and Arnold algorithm. It provides a good way for enhancing the image quality and time complexity for medical data integrity. Firstly, the watermark image is shuffled using Arnold chaotic map. Secondly, the SURF technique is practiced to Region of Interest (ROI) of the medical image and then the blocks around the SURF points are selected to insert the watermark. Finally, the watermark is encrusted and extracted using WDs. Experimental results show good image fidelity with the shortest execution time to ensure medical images integrity.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-18"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
A Meta-Analysis of Privacy: Ethical and Security Aspects of Facial Recognition Systems 隐私的元分析:面部识别系统的道德和安全方面
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.285580
R. B. Unny, Nityesh Bhatt
Facial recognition systems use advanced computing to capture facial information and compare the same with proprietary databases for validation. The emergence of data capturing intermediaries and open access image repositories have compounded the need for a holistic perspective for handling the privacy and security challenges associated with FRS. The study presents the results of a bibliometric analysis conducted on the topic of privacy, ethical and security aspects of FRS. This study presents the level of academic discussion on the topic using bibliometric performance analysis. The results of the bibliographic coupling analysis to identify the research hotspots are also presented. The results also include the systematic literature review of 148 publications that are distributed across seven themes. Both the bibliometric and systematic analysis showed that privacy and security in FRS requires a holistic perspective that cuts across privacy, ethical, security, legal, policy and technological aspects.
面部识别系统使用先进的计算技术来捕获面部信息,并将其与专有数据库进行比较以进行验证。数据捕获中介和开放存取图像存储库的出现,使得我们需要一个整体的视角来处理与数据存储系统相关的隐私和安全挑战。本研究展示了对数据存储系统的隐私、道德和安全方面进行的文献计量分析的结果。本研究展示了使用文献计量绩效分析对该主题的学术讨论水平。本文还介绍了通过文献耦合分析确定研究热点的结果。结果还包括对分布在七个主题的148份出版物的系统文献综述。文献计量学和系统分析都表明,FRS中的隐私和安全需要一个跨越隐私、伦理、安全、法律、政策和技术等方面的整体视角。
{"title":"A Meta-Analysis of Privacy: Ethical and Security Aspects of Facial Recognition Systems","authors":"R. B. Unny, Nityesh Bhatt","doi":"10.4018/ijisp.285580","DOIUrl":"https://doi.org/10.4018/ijisp.285580","url":null,"abstract":"Facial recognition systems use advanced computing to capture facial information and compare the same with proprietary databases for validation. The emergence of data capturing intermediaries and open access image repositories have compounded the need for a holistic perspective for handling the privacy and security challenges associated with FRS. The study presents the results of a bibliometric analysis conducted on the topic of privacy, ethical and security aspects of FRS. This study presents the level of academic discussion on the topic using bibliometric performance analysis. The results of the bibliographic coupling analysis to identify the research hotspots are also presented. The results also include the systematic literature review of 148 publications that are distributed across seven themes. Both the bibliometric and systematic analysis showed that privacy and security in FRS requires a holistic perspective that cuts across privacy, ethical, security, legal, policy and technological aspects.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-22"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Provably Secure Authentication Approach for Data Security in Cloud Using Hashing, Encryption, and Chebyshev-Based Authentication 基于哈希、加密和chebyhev认证的云数据安全可证明安全认证方法
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.2022010106
Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.
由于云服务器和用户之间通过互联网进行数据共享,安全高效的身份验证机制成为云计算领域关注的焦点。为了保证数据通信的安全性,本文提出了一种高效的基于哈希、加密和Chebyshev hec的认证方法。通过正式和非正式的安全性分析,证明了所提出的基于hec的认证方法能够更有效地提供云环境下的数据安全性。该方法放大了安全问题,保证了云用户的隐私和数据安全。此外,所提出的基于hec的认证方法使系统具有更强的鲁棒性和安全性,并已在多个场景中得到验证。然而,与现有的身份验证技术相比,所提出的身份验证方法需要更少的计算时间和内存。所提出的基于hec的身份验证方法所显示的性能在计算时间和内存方面分别为26ms和1878字节(100Kb数据大小)。
{"title":"Provably Secure Authentication Approach for Data Security in Cloud Using Hashing, Encryption, and Chebyshev-Based Authentication","authors":"","doi":"10.4018/ijisp.2022010106","DOIUrl":"https://doi.org/10.4018/ijisp.2022010106","url":null,"abstract":"Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"1 1","pages":""},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45234409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
AMAKA: Anonymous Mutually Authenticated Key Agreement Scheme for Wireless Sensor Networks AMAKA:无线传感器网络匿名相互认证密钥协议方案
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2022-01-01 DOI: 10.4018/ijisp.303660
Monica Malik, Khushi Gandhi, Bhawna Narwal
{"title":"AMAKA: Anonymous Mutually Authenticated Key Agreement Scheme for Wireless Sensor Networks","authors":"Monica Malik, Khushi Gandhi, Bhawna Narwal","doi":"10.4018/ijisp.303660","DOIUrl":"https://doi.org/10.4018/ijisp.303660","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-31"},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Finite Time Synchronization of Chaotic Systems Without Linear Term and Its Application in Secure Communication: A Novel Method of Information Hiding and Recovery With Chaotic Signals 无线性项混沌系统的有限时间同步及其在保密通信中的应用——一种利用混沌信号进行信息隐藏与恢复的新方法
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2021-10-01 DOI: 10.4018/ijisp.2021100104
Shuru Liu, Zhanlei Shang, Junwei Lei
A definition of finite time synchronization of chaotic system was proposed, and a special theorem was proposed to solve the difficult problem of constructing a finite time stable system. After that, a hybrid construction method was proposed by integrating a common stable system and a finite time stable system. That reveals how to construct a finite time stable system, and it is very useful in secure communication since the convergence time is a very important factor that will affect its application in engineering realization. Above theorem and method was applied in the chaotic synchronization and two kinds of synchronization methods were proposed with estimation of unknown parameters. At last, a secure communication scheme was constructed by using above finite time synchronous method of chaotic systems. Also, numerical simulation was done, and the rightness of all the above proposed theorems and methods was shown.
给出了混沌系统有限时间同步的定义,并提出了一个特殊定理来解决构造有限时间稳定系统的难题。在此基础上,提出了一种将普通稳定系统与有限时间稳定系统相结合的混合构造方法。这揭示了如何构造一个有限时间稳定的系统,对于安全通信是非常有用的,因为收敛时间是影响其在工程实现中的应用的一个非常重要的因素。将上述定理和方法应用于混沌同步,提出了两种带未知参数估计的混沌同步方法。最后,利用混沌系统的有限时间同步方法构造了一种安全通信方案。最后进行了数值模拟,验证了上述定理和方法的正确性。
{"title":"Finite Time Synchronization of Chaotic Systems Without Linear Term and Its Application in Secure Communication: A Novel Method of Information Hiding and Recovery With Chaotic Signals","authors":"Shuru Liu, Zhanlei Shang, Junwei Lei","doi":"10.4018/ijisp.2021100104","DOIUrl":"https://doi.org/10.4018/ijisp.2021100104","url":null,"abstract":"A definition of finite time synchronization of chaotic system was proposed, and a special theorem was proposed to solve the difficult problem of constructing a finite time stable system. After that, a hybrid construction method was proposed by integrating a common stable system and a finite time stable system. That reveals how to construct a finite time stable system, and it is very useful in secure communication since the convergence time is a very important factor that will affect its application in engineering realization. Above theorem and method was applied in the chaotic synchronization and two kinds of synchronization methods were proposed with estimation of unknown parameters. At last, a secure communication scheme was constructed by using above finite time synchronous method of chaotic systems. Also, numerical simulation was done, and the rightness of all the above proposed theorems and methods was shown.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"19 1","pages":"54-78"},"PeriodicalIF":0.8,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
M-Commerce Security: Assessing the Value of Mobile Applications Used in Controlling Internet Security Cameras at Home and Office - An Empirical Study 移动商务安全:评估用于控制家庭和办公室互联网安全摄像头的移动应用程序的价值-一项实证研究
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2021-10-01 DOI: 10.4018/ijisp.2021100105
Ahmed Elmorshidy
This paper aims to evaluate the factors affecting mobile applications used to access and control security cameras at home and office. Survey data from 397 mobile applications users in Southern California, USA were collected to test the proposed research model and hypotheses through structural equation modeling. This study finds that system quality, information quality, and service quality of mobile applications have a positive effect on the perceived usefulness and perceived ease of use of these applications and introduce several net benefit represented in increased control of users' security, increased convenience and flexibility and privacy when using those mobile applications for access their security cameras at both home and office. There is a lack of researches in this area which makes this study among the first to attempts to fill this gap by empirically investigating the factors affecting mobile applications of home and office security cameras as well as the benefits they introduce to uses.
本文旨在评估影响用于访问和控制家庭和办公室安全摄像头的移动应用程序的因素。收集美国南加州397个移动应用用户的调查数据,通过结构方程模型对提出的研究模型和假设进行检验。本研究发现,移动应用程序的系统质量、信息质量和服务质量对这些应用程序的感知有用性和感知易用性有积极的影响,并在使用这些移动应用程序访问家庭和办公室的安全摄像头时,带来了对用户安全控制的增加、便利性、灵活性和隐私性的增加等几个净收益。这一领域缺乏研究,这使得本研究成为第一个试图通过实证调查影响家庭和办公室安全摄像头移动应用的因素以及它们给用户带来的好处来填补这一空白的研究。
{"title":"M-Commerce Security: Assessing the Value of Mobile Applications Used in Controlling Internet Security Cameras at Home and Office - An Empirical Study","authors":"Ahmed Elmorshidy","doi":"10.4018/ijisp.2021100105","DOIUrl":"https://doi.org/10.4018/ijisp.2021100105","url":null,"abstract":"This paper aims to evaluate the factors affecting mobile applications used to access and control security cameras at home and office. Survey data from 397 mobile applications users in Southern California, USA were collected to test the proposed research model and hypotheses through structural equation modeling. This study finds that system quality, information quality, and service quality of mobile applications have a positive effect on the perceived usefulness and perceived ease of use of these applications and introduce several net benefit represented in increased control of users' security, increased convenience and flexibility and privacy when using those mobile applications for access their security cameras at both home and office. There is a lack of researches in this area which makes this study among the first to attempts to fill this gap by empirically investigating the factors affecting mobile applications of home and office security cameras as well as the benefits they introduce to uses.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"15 1","pages":"79-97"},"PeriodicalIF":0.8,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Trust-Integrated RPL Protocol to Detect Blackhole Attack in Internet of Things 基于信任集成的RPL协议检测物联网黑洞攻击
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2021-10-01 DOI: 10.4018/ijisp.2021100101
Anshuman Patel, D. Jinwala
Internet of things (IoT) offers communication between user-to-machine and machine-to-machine. Due to their inherent characteristics of open medium, very dynamic topology, lack of infrastructure and lack of centralized management authority, IoT present serious vulnerabilities to security attacks. The routing protocol for low-power and lossy networks (RPL) does not have an inherent mechanism to detect routing attacks. Popular among these IoT attacks is blackhole attack. An attacker can exploit the routing system of RPL to launch blackhole attack against an IoT network. To secure IoT networks from blackhole attack, trust-integrated RPL protocol (TRPL) is proposed and implemented. The trust system is embedded in the RPL protocol to detect and isolate a blackhole attack while optimizing network performance. The trust is calculated from successful interaction between two nodes. The calculated trust value is considered in parent selection. TRPL demonstrates its superior performance over the standard RPL protocol and existing techniques in the detection and isolation of blackhole attacks.
物联网(IoT)提供用户对机器和机器对机器之间的通信。物联网由于其固有的开放介质、非常动态的拓扑结构、缺乏基础设施和缺乏集中管理权限等特点,存在严重的安全漏洞。低功耗损耗网络(RPL)路由协议没有检测路由攻击的固有机制。这些物联网攻击中最流行的是黑洞攻击。攻击者可以利用RPL路由系统对物联网网络发起黑洞攻击。为了保护物联网网络免受黑洞攻击,提出并实现了信任集成RPL协议(TRPL)。在RPL协议中嵌入信任系统,在检测和隔离黑洞攻击的同时优化网络性能。从两个节点之间成功的交互中计算信任。在父代选择中考虑计算得到的信任值。在黑洞攻击的检测和隔离方面,TRPL证明了其优于标准RPL协议和现有技术的性能。
{"title":"A Trust-Integrated RPL Protocol to Detect Blackhole Attack in Internet of Things","authors":"Anshuman Patel, D. Jinwala","doi":"10.4018/ijisp.2021100101","DOIUrl":"https://doi.org/10.4018/ijisp.2021100101","url":null,"abstract":"Internet of things (IoT) offers communication between user-to-machine and machine-to-machine. Due to their inherent characteristics of open medium, very dynamic topology, lack of infrastructure and lack of centralized management authority, IoT present serious vulnerabilities to security attacks. The routing protocol for low-power and lossy networks (RPL) does not have an inherent mechanism to detect routing attacks. Popular among these IoT attacks is blackhole attack. An attacker can exploit the routing system of RPL to launch blackhole attack against an IoT network. To secure IoT networks from blackhole attack, trust-integrated RPL protocol (TRPL) is proposed and implemented. The trust system is embedded in the RPL protocol to detect and isolate a blackhole attack while optimizing network performance. The trust is calculated from successful interaction between two nodes. The calculated trust value is considered in parent selection. TRPL demonstrates its superior performance over the standard RPL protocol and existing techniques in the detection and isolation of blackhole attacks.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"15 1","pages":"1-17"},"PeriodicalIF":0.8,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459096","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
SCAFFY SCAFFY
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2021-07-01 DOI: 10.4018/ijisp.2021070107
Muraleedharan N., Janet B.
Denial of service (DoS) attack is one of the common threats to the availability of critical infrastructure and services. As more and more services are online enabled, the attack on the availability of these services may have a catastrophic impact on our day-to-day lives. Unlike the traditional volumetric DoS, the slow DoS attacks use legitimate connections with lesser bandwidth. Hence, it is difficult to detect slow DoS by monitoring bandwidth usage and traffic volume. In this paper, a novel machine learning model called ‘SCAFFY' to classify slow DoS on HTTP traffic using flow level parameters is explained. SCAFFY uses a multistage approach for the feature section and classification. Comparison of the classification performance of decision tree, random forest, XGBoost, and KNN algorithms are carried out using the flow parameters derived from the CICIDS2017 and SUEE datasets. A comparison of the result obtained from SCAFFY with two recent works available in the literature shows that the SCAFFY model outperforms the state-of-the-art approaches in classification accuracy.
拒绝服务(DoS)攻击是对关键基础设施和服务可用性的常见威胁之一。随着越来越多的服务启用在线,对这些服务可用性的攻击可能会对我们的日常生活产生灾难性的影响。与传统的容量DoS不同,慢速DoS攻击使用带宽较小的合法连接。因此,很难通过监视带宽使用情况和通信量来检测缓慢的DoS。本文解释了一种名为“scaffold”的新型机器学习模型,该模型使用流量级别参数对HTTP流量上的慢DoS进行分类。脚手架使用多阶段方法进行特征切片和分类。利用CICIDS2017和SUEE数据集的流量参数,对决策树、随机森林、XGBoost和KNN算法的分类性能进行了比较。将从SCAFFY得到的结果与最近的两个文献中可用的结果进行比较,表明脚手架模型在分类精度上优于最先进的方法。
{"title":"SCAFFY","authors":"Muraleedharan N., Janet B.","doi":"10.4018/ijisp.2021070107","DOIUrl":"https://doi.org/10.4018/ijisp.2021070107","url":null,"abstract":"Denial of service (DoS) attack is one of the common threats to the availability of critical infrastructure and services. As more and more services are online enabled, the attack on the availability of these services may have a catastrophic impact on our day-to-day lives. Unlike the traditional volumetric DoS, the slow DoS attacks use legitimate connections with lesser bandwidth. Hence, it is difficult to detect slow DoS by monitoring bandwidth usage and traffic volume. In this paper, a novel machine learning model called ‘SCAFFY' to classify slow DoS on HTTP traffic using flow level parameters is explained. SCAFFY uses a multistage approach for the feature section and classification. Comparison of the classification performance of decision tree, random forest, XGBoost, and KNN algorithms are carried out using the flow parameters derived from the CICIDS2017 and SUEE datasets. A comparison of the result obtained from SCAFFY with two recent works available in the literature shows that the SCAFFY model outperforms the state-of-the-art approaches in classification accuracy.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"57 1","pages":""},"PeriodicalIF":0.8,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80160153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
CSMCSM CSMCSM
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2021-01-01 DOI: 10.4018/ijisp.2021010103
H. Salama, Mohamed Zaki Abd El Mageed, G. Salama, K. Badran
Many MANET research works are based on the popular informal definition that MANET is a wireless ad-hoc network that has neither infrastructure nor backbone and every network node is autonomous and moves depending on its mobility. Unfortunately, this definition pays no attention to the network servers that are essential in core-based, mission-critical, and military MANETs. In core-based MANETs, external intrusion detection systems (IDS) cannot detect internal Byzantine attacks; in addition, internal Byzantine fault tolerant (BFT) systems are unqualified to detect typical external wireless attack. Therefore, there is a real need to combine both internal and external mobile ad-hoc network (MANET) ID systems. Here, CSMCSM is presented as a two-level client server model for comprehensive security in MANETs that integrates internal and external attack detectors in one device. The internal component is based on a BFT consensus algorithm while the external component employs decision tree to classify the MANET attacks.
许多MANET研究工作都是基于一种流行的非正式定义,即MANET是一种既没有基础设施也没有骨干网的无线自组织网络,每个网络节点都是自主的,并根据其移动性进行移动。不幸的是,这个定义没有注意到在基于核心的、关键任务的和军用manet中必不可少的网络服务器。在基于核心的manet中,外部入侵检测系统(IDS)无法检测到内部拜占庭攻击;此外,内部拜占庭容错(BFT)系统无法检测到典型的外部无线攻击。因此,确实需要将内部和外部移动自组织网络(MANET) ID系统结合起来。在这里,CSMCSM作为两级客户端服务器模型提出,用于manet中的综合安全性,该模型将内部和外部攻击检测器集成在一个设备中。内部组件基于BFT一致性算法,外部组件采用决策树对MANET攻击进行分类。
{"title":"CSMCSM","authors":"H. Salama, Mohamed Zaki Abd El Mageed, G. Salama, K. Badran","doi":"10.4018/ijisp.2021010103","DOIUrl":"https://doi.org/10.4018/ijisp.2021010103","url":null,"abstract":"Many MANET research works are based on the popular informal definition that MANET is a wireless ad-hoc network that has neither infrastructure nor backbone and every network node is autonomous and moves depending on its mobility. Unfortunately, this definition pays no attention to the network servers that are essential in core-based, mission-critical, and military MANETs. In core-based MANETs, external intrusion detection systems (IDS) cannot detect internal Byzantine attacks; in addition, internal Byzantine fault tolerant (BFT) systems are unqualified to detect typical external wireless attack. Therefore, there is a real need to combine both internal and external mobile ad-hoc network (MANET) ID systems. Here, CSMCSM is presented as a two-level client server model for comprehensive security in MANETs that integrates internal and external attack detectors in one device. The internal component is based on a BFT consensus algorithm while the external component employs decision tree to classify the MANET attacks.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"128 1","pages":""},"PeriodicalIF":0.8,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88702433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Information Security and Privacy: 26th Australasian Conference, ACISP 2021, Virtual Event, December 1–3, 2021, Proceedings 信息安全和隐私:第26届澳大拉西亚会议,ACISP 2021,虚拟事件,2021年12月1日至3日,论文集
IF 0.8 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING Pub Date : 2021-01-01 DOI: 10.1007/978-3-030-90567-5
{"title":"Information Security and Privacy: 26th Australasian Conference, ACISP 2021, Virtual Event, December 1–3, 2021, Proceedings","authors":"","doi":"10.1007/978-3-030-90567-5","DOIUrl":"https://doi.org/10.1007/978-3-030-90567-5","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"38 1","pages":""},"PeriodicalIF":0.8,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75685007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
期刊
International Journal of Information Security and Privacy
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1