Pub Date : 2022-01-01DOI: 10.4018/ijisp.2022010103
M. D. J. S. Goonetillake, Rangana Jayashanka, S. V. Rathnayaka
Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.
{"title":"Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics","authors":"M. D. J. S. Goonetillake, Rangana Jayashanka, S. V. Rathnayaka","doi":"10.4018/ijisp.2022010103","DOIUrl":"https://doi.org/10.4018/ijisp.2022010103","url":null,"abstract":"Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458745","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Novel Chaotic Shark Smell Optimization With LSTM for Spatio-Temporal Analytics in Clustered WSN","authors":"M. KusumaS., N. VeenaK., B. Varun","doi":"10.4018/ijisp.308310","DOIUrl":"https://doi.org/10.4018/ijisp.308310","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-01DOI: 10.4018/ijisp.2022010102
Abdallah Soualmi, Adel Alti, L. Laouamer
One of the important issues in telemedicine field refers to an advanced secure communication. Digital image watermarking is an ideal solution since it protects the electronic patient information’s from unauthorized access. This paper presents a novel blind fragile-based image watermarking scheme in spatial domain that merges Speed Up Robust Features (SURF) descriptor with the well-known Weber Descriptors (WDs) and Arnold algorithm. It provides a good way for enhancing the image quality and time complexity for medical data integrity. Firstly, the watermark image is shuffled using Arnold chaotic map. Secondly, the SURF technique is practiced to Region of Interest (ROI) of the medical image and then the blocks around the SURF points are selected to insert the watermark. Finally, the watermark is encrusted and extracted using WDs. Experimental results show good image fidelity with the shortest execution time to ensure medical images integrity.
{"title":"An Imperceptible Watermarking Scheme for Medical Image Tamper Detection","authors":"Abdallah Soualmi, Adel Alti, L. Laouamer","doi":"10.4018/ijisp.2022010102","DOIUrl":"https://doi.org/10.4018/ijisp.2022010102","url":null,"abstract":"One of the important issues in telemedicine field refers to an advanced secure communication. Digital image watermarking is an ideal solution since it protects the electronic patient information’s from unauthorized access. This paper presents a novel blind fragile-based image watermarking scheme in spatial domain that merges Speed Up Robust Features (SURF) descriptor with the well-known Weber Descriptors (WDs) and Arnold algorithm. It provides a good way for enhancing the image quality and time complexity for medical data integrity. Firstly, the watermark image is shuffled using Arnold chaotic map. Secondly, the SURF technique is practiced to Region of Interest (ROI) of the medical image and then the blocks around the SURF points are selected to insert the watermark. Finally, the watermark is encrusted and extracted using WDs. Experimental results show good image fidelity with the shortest execution time to ensure medical images integrity.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Facial recognition systems use advanced computing to capture facial information and compare the same with proprietary databases for validation. The emergence of data capturing intermediaries and open access image repositories have compounded the need for a holistic perspective for handling the privacy and security challenges associated with FRS. The study presents the results of a bibliometric analysis conducted on the topic of privacy, ethical and security aspects of FRS. This study presents the level of academic discussion on the topic using bibliometric performance analysis. The results of the bibliographic coupling analysis to identify the research hotspots are also presented. The results also include the systematic literature review of 148 publications that are distributed across seven themes. Both the bibliometric and systematic analysis showed that privacy and security in FRS requires a holistic perspective that cuts across privacy, ethical, security, legal, policy and technological aspects.
{"title":"A Meta-Analysis of Privacy: Ethical and Security Aspects of Facial Recognition Systems","authors":"R. B. Unny, Nityesh Bhatt","doi":"10.4018/ijisp.285580","DOIUrl":"https://doi.org/10.4018/ijisp.285580","url":null,"abstract":"Facial recognition systems use advanced computing to capture facial information and compare the same with proprietary databases for validation. The emergence of data capturing intermediaries and open access image repositories have compounded the need for a holistic perspective for handling the privacy and security challenges associated with FRS. The study presents the results of a bibliometric analysis conducted on the topic of privacy, ethical and security aspects of FRS. This study presents the level of academic discussion on the topic using bibliometric performance analysis. The results of the bibliographic coupling analysis to identify the research hotspots are also presented. The results also include the systematic literature review of 148 publications that are distributed across seven themes. Both the bibliometric and systematic analysis showed that privacy and security in FRS requires a holistic perspective that cuts across privacy, ethical, security, legal, policy and technological aspects.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-01DOI: 10.4018/ijisp.2022010106
Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.
{"title":"Provably Secure Authentication Approach for Data Security in Cloud Using Hashing, Encryption, and Chebyshev-Based Authentication","authors":"","doi":"10.4018/ijisp.2022010106","DOIUrl":"https://doi.org/10.4018/ijisp.2022010106","url":null,"abstract":"Secure and efficient authentication mechanism becomes a major concern in cloud computing due to the data sharing among cloud server and user through internet. This paper proposed an efficient Hashing, Encryption and Chebyshev HEC-based authentication in order to provide security among data communication. With the formal and the informal security analysis, it has been demonstrated that the proposed HEC-based authentication approach provides data security more efficiently in cloud. The proposed approach amplifies the security issues and ensures the privacy and data security to the cloud user. Moreover, the proposed HEC-based authentication approach makes the system more robust and secured and has been verified with multiple scenarios. However, the proposed authentication approach requires less computational time and memory than the existing authentication techniques. The performance revealed by the proposed HEC-based authentication approach is measured in terms of computation time and memory as 26ms, and 1878bytes for 100Kb data size, respectively.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45234409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-10-01DOI: 10.4018/ijisp.2021100104
Shuru Liu, Zhanlei Shang, Junwei Lei
A definition of finite time synchronization of chaotic system was proposed, and a special theorem was proposed to solve the difficult problem of constructing a finite time stable system. After that, a hybrid construction method was proposed by integrating a common stable system and a finite time stable system. That reveals how to construct a finite time stable system, and it is very useful in secure communication since the convergence time is a very important factor that will affect its application in engineering realization. Above theorem and method was applied in the chaotic synchronization and two kinds of synchronization methods were proposed with estimation of unknown parameters. At last, a secure communication scheme was constructed by using above finite time synchronous method of chaotic systems. Also, numerical simulation was done, and the rightness of all the above proposed theorems and methods was shown.
{"title":"Finite Time Synchronization of Chaotic Systems Without Linear Term and Its Application in Secure Communication: A Novel Method of Information Hiding and Recovery With Chaotic Signals","authors":"Shuru Liu, Zhanlei Shang, Junwei Lei","doi":"10.4018/ijisp.2021100104","DOIUrl":"https://doi.org/10.4018/ijisp.2021100104","url":null,"abstract":"A definition of finite time synchronization of chaotic system was proposed, and a special theorem was proposed to solve the difficult problem of constructing a finite time stable system. After that, a hybrid construction method was proposed by integrating a common stable system and a finite time stable system. That reveals how to construct a finite time stable system, and it is very useful in secure communication since the convergence time is a very important factor that will affect its application in engineering realization. Above theorem and method was applied in the chaotic synchronization and two kinds of synchronization methods were proposed with estimation of unknown parameters. At last, a secure communication scheme was constructed by using above finite time synchronous method of chaotic systems. Also, numerical simulation was done, and the rightness of all the above proposed theorems and methods was shown.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-10-01DOI: 10.4018/ijisp.2021100105
Ahmed Elmorshidy
This paper aims to evaluate the factors affecting mobile applications used to access and control security cameras at home and office. Survey data from 397 mobile applications users in Southern California, USA were collected to test the proposed research model and hypotheses through structural equation modeling. This study finds that system quality, information quality, and service quality of mobile applications have a positive effect on the perceived usefulness and perceived ease of use of these applications and introduce several net benefit represented in increased control of users' security, increased convenience and flexibility and privacy when using those mobile applications for access their security cameras at both home and office. There is a lack of researches in this area which makes this study among the first to attempts to fill this gap by empirically investigating the factors affecting mobile applications of home and office security cameras as well as the benefits they introduce to uses.
{"title":"M-Commerce Security: Assessing the Value of Mobile Applications Used in Controlling Internet Security Cameras at Home and Office - An Empirical Study","authors":"Ahmed Elmorshidy","doi":"10.4018/ijisp.2021100105","DOIUrl":"https://doi.org/10.4018/ijisp.2021100105","url":null,"abstract":"This paper aims to evaluate the factors affecting mobile applications used to access and control security cameras at home and office. Survey data from 397 mobile applications users in Southern California, USA were collected to test the proposed research model and hypotheses through structural equation modeling. This study finds that system quality, information quality, and service quality of mobile applications have a positive effect on the perceived usefulness and perceived ease of use of these applications and introduce several net benefit represented in increased control of users' security, increased convenience and flexibility and privacy when using those mobile applications for access their security cameras at both home and office. There is a lack of researches in this area which makes this study among the first to attempts to fill this gap by empirically investigating the factors affecting mobile applications of home and office security cameras as well as the benefits they introduce to uses.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70458844","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-10-01DOI: 10.4018/ijisp.2021100101
Anshuman Patel, D. Jinwala
Internet of things (IoT) offers communication between user-to-machine and machine-to-machine. Due to their inherent characteristics of open medium, very dynamic topology, lack of infrastructure and lack of centralized management authority, IoT present serious vulnerabilities to security attacks. The routing protocol for low-power and lossy networks (RPL) does not have an inherent mechanism to detect routing attacks. Popular among these IoT attacks is blackhole attack. An attacker can exploit the routing system of RPL to launch blackhole attack against an IoT network. To secure IoT networks from blackhole attack, trust-integrated RPL protocol (TRPL) is proposed and implemented. The trust system is embedded in the RPL protocol to detect and isolate a blackhole attack while optimizing network performance. The trust is calculated from successful interaction between two nodes. The calculated trust value is considered in parent selection. TRPL demonstrates its superior performance over the standard RPL protocol and existing techniques in the detection and isolation of blackhole attacks.
{"title":"A Trust-Integrated RPL Protocol to Detect Blackhole Attack in Internet of Things","authors":"Anshuman Patel, D. Jinwala","doi":"10.4018/ijisp.2021100101","DOIUrl":"https://doi.org/10.4018/ijisp.2021100101","url":null,"abstract":"Internet of things (IoT) offers communication between user-to-machine and machine-to-machine. Due to their inherent characteristics of open medium, very dynamic topology, lack of infrastructure and lack of centralized management authority, IoT present serious vulnerabilities to security attacks. The routing protocol for low-power and lossy networks (RPL) does not have an inherent mechanism to detect routing attacks. Popular among these IoT attacks is blackhole attack. An attacker can exploit the routing system of RPL to launch blackhole attack against an IoT network. To secure IoT networks from blackhole attack, trust-integrated RPL protocol (TRPL) is proposed and implemented. The trust system is embedded in the RPL protocol to detect and isolate a blackhole attack while optimizing network performance. The trust is calculated from successful interaction between two nodes. The calculated trust value is considered in parent selection. TRPL demonstrates its superior performance over the standard RPL protocol and existing techniques in the detection and isolation of blackhole attacks.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70459096","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-07-01DOI: 10.4018/ijisp.2021070107
Muraleedharan N., Janet B.
Denial of service (DoS) attack is one of the common threats to the availability of critical infrastructure and services. As more and more services are online enabled, the attack on the availability of these services may have a catastrophic impact on our day-to-day lives. Unlike the traditional volumetric DoS, the slow DoS attacks use legitimate connections with lesser bandwidth. Hence, it is difficult to detect slow DoS by monitoring bandwidth usage and traffic volume. In this paper, a novel machine learning model called ‘SCAFFY' to classify slow DoS on HTTP traffic using flow level parameters is explained. SCAFFY uses a multistage approach for the feature section and classification. Comparison of the classification performance of decision tree, random forest, XGBoost, and KNN algorithms are carried out using the flow parameters derived from the CICIDS2017 and SUEE datasets. A comparison of the result obtained from SCAFFY with two recent works available in the literature shows that the SCAFFY model outperforms the state-of-the-art approaches in classification accuracy.
{"title":"SCAFFY","authors":"Muraleedharan N., Janet B.","doi":"10.4018/ijisp.2021070107","DOIUrl":"https://doi.org/10.4018/ijisp.2021070107","url":null,"abstract":"Denial of service (DoS) attack is one of the common threats to the availability of critical infrastructure and services. As more and more services are online enabled, the attack on the availability of these services may have a catastrophic impact on our day-to-day lives. Unlike the traditional volumetric DoS, the slow DoS attacks use legitimate connections with lesser bandwidth. Hence, it is difficult to detect slow DoS by monitoring bandwidth usage and traffic volume. In this paper, a novel machine learning model called ‘SCAFFY' to classify slow DoS on HTTP traffic using flow level parameters is explained. SCAFFY uses a multistage approach for the feature section and classification. Comparison of the classification performance of decision tree, random forest, XGBoost, and KNN algorithms are carried out using the flow parameters derived from the CICIDS2017 and SUEE datasets. A comparison of the result obtained from SCAFFY with two recent works available in the literature shows that the SCAFFY model outperforms the state-of-the-art approaches in classification accuracy.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.8,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80160153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: