Images now-a-days are often used as an authenticated proof for any cyber-crime. Images that do not remain genuine can mislead the court of law. The fast and dynamically growing technology doubts the trust in the integrity of images. Tampering mostly refers to adding or removing important features from an image without leaving any obvious trace. In earlier days, digital signatures were used to preserve the integrity, but now a days various tools are available to tamper digital signatures as well. Even in various state-of-the-art works in tamper detection, there are various restrictions in the type of inputs and the type of tampering detection. In this paper, the researchers propose a prototype model in the form of a tool that will retrieve all the image files from given digital evidence and detect tampering in the images. For various types of tampering, different tampering detection algorithms have been used. The proposed prototype will detect if tampering has been done or not and will classify the image files into groups based on the type of tampering.
{"title":"Image Forensic Tool (IFT): Image Retrieval, Tampering Detection, and Classification","authors":"Digambar Pawar, Mayank Gajpal","doi":"10.4018/ijdcf.287606","DOIUrl":"https://doi.org/10.4018/ijdcf.287606","url":null,"abstract":"Images now-a-days are often used as an authenticated proof for any cyber-crime. Images that do not remain genuine can mislead the court of law. The fast and dynamically growing technology doubts the trust in the integrity of images. Tampering mostly refers to adding or removing important features from an image without leaving any obvious trace. In earlier days, digital signatures were used to preserve the integrity, but now a days various tools are available to tamper digital signatures as well. Even in various state-of-the-art works in tamper detection, there are various restrictions in the type of inputs and the type of tampering detection. In this paper, the researchers propose a prototype model in the form of a tool that will retrieve all the image files from given digital evidence and detect tampering in the images. For various types of tampering, different tampering detection algorithms have been used. The proposed prototype will detect if tampering has been done or not and will classify the image files into groups based on the type of tampering.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"128 1","pages":"1-15"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82264842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The current coverless text steganography methods have a low steganographic capacity, and yet some of them cannot assure a message can be concealed. How to achieve a high steganographic capacity has become the research hotspot in text steganography. This paper proposes a text coverless steganography method by encoding the Chinese characters’ component structures. Its main idea is that a binary bit string can be conveyed by the Chinese characters’ component structures. The positions of Chinese characters that carry a secret message will be expressed in two systems of the linear remainder equations, whose solutions will be secretly sent to the receiver to extract the secret message. In the method, a single Chinese character can express p bits. The analyses and statistics show that its capacity will be much higher when the same Chinese character is used more than once than existing methods, and it can conceal any message successfully. In addition, this method can also be employed in other languages.
{"title":"A Coverless Text Steganography by Encoding the Chinese Characters' Component Structures","authors":"Kaixi Wang, Xiangmei Yu, Ziyi Zou","doi":"10.4018/ijdcf.302135","DOIUrl":"https://doi.org/10.4018/ijdcf.302135","url":null,"abstract":"The current coverless text steganography methods have a low steganographic capacity, and yet some of them cannot assure a message can be concealed. How to achieve a high steganographic capacity has become the research hotspot in text steganography. This paper proposes a text coverless steganography method by encoding the Chinese characters’ component structures. Its main idea is that a binary bit string can be conveyed by the Chinese characters’ component structures. The positions of Chinese characters that carry a secret message will be expressed in two systems of the linear remainder equations, whose solutions will be secretly sent to the receiver to extract the secret message. In the method, a single Chinese character can express p bits. The analyses and statistics show that its capacity will be much higher when the same Chinese character is used more than once than existing methods, and it can conceal any message successfully. In addition, this method can also be employed in other languages.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"13 1","pages":"1-17"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81854810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Gait is a behavioural biometric which sometimes changes due to diseases but it is still a strong identification metric that is widely used in forensic works, state biometric preserve sectors, and medical laboratories. Gait analysis sometimes helps to identify person’s present mental state which reflects on physiological therapy for improved biological system. There are various gait measurement forms which expand the research area from crime detection to medical enhancement. Many research works have been done so far for gait recognition. Many researchers focused on skeleton image of people to extract gait features and many worked on stride length. Various sensors have been used to detect gait in various light forms. This paper is a brief survey of works on gait recognition, collected from various sources of science and technology literature. We have discussed few efficient models that worked best as well as we have discussed about few data sets available.
{"title":"Survey of Human Gait Analysis and Recognition for Medical and Forensic Applications","authors":"Shantanu Jana, N. Das, Subhadip Basu, M. Nasipuri","doi":"10.4018/ijdcf.289432","DOIUrl":"https://doi.org/10.4018/ijdcf.289432","url":null,"abstract":"Gait is a behavioural biometric which sometimes changes due to diseases but it is still a strong identification metric that is widely used in forensic works, state biometric preserve sectors, and medical laboratories. Gait analysis sometimes helps to identify person’s present mental state which reflects on physiological therapy for improved biological system. There are various gait measurement forms which expand the research area from crime detection to medical enhancement. Many research works have been done so far for gait recognition. Many researchers focused on skeleton image of people to extract gait features and many worked on stride length. Various sensors have been used to detect gait in various light forms. This paper is a brief survey of works on gait recognition, collected from various sources of science and technology literature. We have discussed few efficient models that worked best as well as we have discussed about few data sets available.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"23 1","pages":"1-20"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86747359","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"An Incremental Acquisition Method for Web Forensics","authors":"Guangxuan Chen, Guangxiao Chen, Lei Zhang, Qiang Liu","doi":"10.4018/IJDCF.2021110116","DOIUrl":"https://doi.org/10.4018/IJDCF.2021110116","url":null,"abstract":"Inordertosolvetheproblemsofrepeatedacquisition,dataredundancy,andlowefficiencyintheprocessofwebsiteforensics,thispaperproposesanincrementalacquisitionmethodorientedtodynamicwebsites.Thismethodrealizedtheincrementalcollectionondynamicallyupdatedwebsitesthroughacquiringandparsingwebpages,URLdeduplication,webpagedenoising,webpagecontentextraction,andhashing.Experimentsshowthatthealgorithmhasrelativehighacquisitionprecisionandrecallrateandcanbecombinedwithotherdatatoperformeffectivedigitalforensicsondynamicallyupdatedreal-timewebsites.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"102 1","pages":"1-13"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75882434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.4018/IJDCF.20211101.OA10
P. Keserwani, M. C. Govil, E. Pilli, Prajjval Govil
In this modern era, due to demand for cloud environments in business, the size, complexity, and chance of attacks to virtual cloud network (VCN) are increased. The protection of VCN is required to maintain the faith of the cloud users. Intrusion detection is essential to secure any network. The existing approaches that use the conventional neural network cannot utilize all information for identifying the intrusions. In this paper, the anomaly-based NIDS for VCN is proposed. For feature selection, grey wolf optimization (GWO) is hybridized with a bald eagle search (BES) algorithm. For classification, a deep learning approach—deep sparse auto-encoder (DSAE)—is employed. In this way, this paper proposes a NIDS model for VCN named GWO-DES-DSAE. The proposed system is simulated in the python programming environment. The proposed NIDS model’s performance is compared with other recent approaches for both binary and multi-class classification on the considered datasets—NSL-KDD, UNSW-NB15, and CICIDS 2017—and found better than other methods. Deep Sparse Autoencoder (DSAE) has been utilized to learn the underlying traffic data structure. The proposed system improves performance and, hence producing reliable predictions. Evaluation of the results shows the quality and effectiveness of the proposed NIDS model, and the main contributions of this work are as follows:
{"title":"An Optimal NIDS for VCN Using Feature Selection and Deep Learning Technique: IDS for VCN","authors":"P. Keserwani, M. C. Govil, E. Pilli, Prajjval Govil","doi":"10.4018/IJDCF.20211101.OA10","DOIUrl":"https://doi.org/10.4018/IJDCF.20211101.OA10","url":null,"abstract":"In this modern era, due to demand for cloud environments in business, the size, complexity, and chance of attacks to virtual cloud network (VCN) are increased. The protection of VCN is required to maintain the faith of the cloud users. Intrusion detection is essential to secure any network. The existing approaches that use the conventional neural network cannot utilize all information for identifying the intrusions. In this paper, the anomaly-based NIDS for VCN is proposed. For feature selection, grey wolf optimization (GWO) is hybridized with a bald eagle search (BES) algorithm. For classification, a deep learning approach—deep sparse auto-encoder (DSAE)—is employed. In this way, this paper proposes a NIDS model for VCN named GWO-DES-DSAE. The proposed system is simulated in the python programming environment. The proposed NIDS model’s performance is compared with other recent approaches for both binary and multi-class classification on the considered datasets—NSL-KDD, UNSW-NB15, and CICIDS 2017—and found better than other methods. Deep Sparse Autoencoder (DSAE) has been utilized to learn the underlying traffic data structure. The proposed system improves performance and, hence producing reliable predictions. Evaluation of the results shows the quality and effectiveness of the proposed NIDS model, and the main contributions of this work are as follows:","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"23 1","pages":"1-25"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89231526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Network Proxies and Virtual Private Networks (VPN) are tools that are used every day to facilitate various business functions. However, they have gained popularity amongst unintended userbases as tools that can be used to hide mask identities while using websites and web-services. Anonymising Proxies and/or VPNs act as an intermediary between a user and a web server with a Proxy and/or VPN IP address taking the place of the user’s IP address that is forwarded to the web server. This paper presents computational models based on intelligent machine learning techniques to address the limitations currently experienced by unauthorised user detection systems. A model to detect usage of anonymising proxies was developed using a Multi-layered perceptron neural network that was trained using data found in the Transmission Control Protocol (TCP) header of captured network packets
{"title":"Detection of Anonymising Proxies Using Machine Learning","authors":"Shane Miller, K. Curran, T. Lunney","doi":"10.4018/ijdcf.286756","DOIUrl":"https://doi.org/10.4018/ijdcf.286756","url":null,"abstract":"Network Proxies and Virtual Private Networks (VPN) are tools that are used every day to facilitate various business functions. However, they have gained popularity amongst unintended userbases as tools that can be used to hide mask identities while using websites and web-services. Anonymising Proxies and/or VPNs act as an intermediary between a user and a web server with a Proxy and/or VPN IP address taking the place of the user’s IP address that is forwarded to the web server. This paper presents computational models based on intelligent machine learning techniques to address the limitations currently experienced by unauthorised user detection systems. A model to detect usage of anonymising proxies was developed using a Multi-layered perceptron neural network that was trained using data found in the Transmission Control Protocol (TCP) header of captured network packets","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"13 1","pages":"1-17"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74553389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To improve the hidden capacity of a single question, further avoid the absence of authentication and provide self-repair ability, this paper proposes a high capacity test disguise method combined with interpolation backup and double authentications. Firstly, secret byte sequence is backed up and further encoded to a backup index sequence by secret information backup and encoding strategy. Secondly, a test question database divided into eight sets is created. Finally, the backup index sequence is disguised as a stego test paper using 24 different candidate answer orders and 4-bit hash values. In restoration, double authentications are applied to authenticate candidate restored value, and the most reliable candidate restored values are obtained by the reliable calculation to reconstruct secret information. The experimental results and analysis show that the proposed method can distinguish error candidate restored values, and calculate the reliability of each restored byte. Moreover, it has excellent self-repair ability with a higher hidden capacity of a single question.
{"title":"A High Capacity Test Disguise Method Combined With Interpolation Backup and Double Authentications","authors":"Haining Lu, Liping Shao, Qinglong Wang","doi":"10.4018/ijdcf.295815","DOIUrl":"https://doi.org/10.4018/ijdcf.295815","url":null,"abstract":"To improve the hidden capacity of a single question, further avoid the absence of authentication and provide self-repair ability, this paper proposes a high capacity test disguise method combined with interpolation backup and double authentications. Firstly, secret byte sequence is backed up and further encoded to a backup index sequence by secret information backup and encoding strategy. Secondly, a test question database divided into eight sets is created. Finally, the backup index sequence is disguised as a stego test paper using 24 different candidate answer orders and 4-bit hash values. In restoration, double authentications are applied to authenticate candidate restored value, and the most reliable candidate restored values are obtained by the reliable calculation to reconstruct secret information. The experimental results and analysis show that the proposed method can distinguish error candidate restored values, and calculate the reliability of each restored byte. Moreover, it has excellent self-repair ability with a higher hidden capacity of a single question.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"60 1","pages":"1-23"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80190728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Motion-compensated frame-interpolation (MCFI), synthesize intermediate frames between input frames guided by estimated motion, can be employed to falsify high bit-rate videos or high frame-rate videos with different frame-rates. Although existing MCFI identification methods have obtained satisfactory results, they are seriously degraded by stronger compression. Therefore, to conquer this issue, a blind forensics method is proposed to identify the adopted MCFI methods by considering the irregularities of optical flow produced by various MCFIs. In this paper, a set of compact features are constructed from the motion-aligned frame difference-weighted histogram of local binary pattern on the basis of optical flow (MAFD-WHLBP). Experimental results show that the proposed approach outperforms existing MCFI detectors under stronger compression.
{"title":"Identification of Interpolated Frames by Motion-Compensated Frame-Interpolation via Measuring Irregularity of Optical Flow","authors":"Xiangling Ding, Yanming Huang, Dengyong Zhang, Junlin Ouyang","doi":"10.4018/ijdcf.295813","DOIUrl":"https://doi.org/10.4018/ijdcf.295813","url":null,"abstract":"Motion-compensated frame-interpolation (MCFI), synthesize intermediate frames between input frames guided by estimated motion, can be employed to falsify high bit-rate videos or high frame-rate videos with different frame-rates. Although existing MCFI identification methods have obtained satisfactory results, they are seriously degraded by stronger compression. Therefore, to conquer this issue, a blind forensics method is proposed to identify the adopted MCFI methods by considering the irregularities of optical flow produced by various MCFIs. In this paper, a set of compact features are constructed from the motion-aligned frame difference-weighted histogram of local binary pattern on the basis of optical flow (MAFD-WHLBP). Experimental results show that the proposed approach outperforms existing MCFI detectors under stronger compression.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"23 1","pages":"1-13"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87545649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Web bots are destructive programs that automatically fill the web form and steal the data from web sites. According to numerous web bot traffic reports, web bots traffic comprises of more than fifty percent of the total web traffic. An effective guard against the stealing of the data from web sites and automated web form is to identify and confirm the human user presence on web sites. In this paper, an efficient k-Nearest Neighbor algorithm using hierarchical clustering for web bot detection is proposed. Proposed technique exploits a novel taxonomy of web bot features known as Biostatistics Features. Numerous attack scenarios for web bot attacks such as automatic account registration, automatic form filling, bulk message posting, and web scrapping are created to imitate the zero-day web bot attacks. The proposed technique is evaluated with number of experiments using standard evaluation parameters. The experimental result analysis demonstrates that the proposed technique is extremely efficient in differentiating human users from web bots.
{"title":"Web Bot Detection System Based on Divisive Clustering and K-Nearest Neighbor Using Biostatistics Features Set","authors":"Rizwan Ur Rahman, D. Tomar","doi":"10.4018/ijdcf.302136","DOIUrl":"https://doi.org/10.4018/ijdcf.302136","url":null,"abstract":"Web bots are destructive programs that automatically fill the web form and steal the data from web sites. According to numerous web bot traffic reports, web bots traffic comprises of more than fifty percent of the total web traffic. An effective guard against the stealing of the data from web sites and automated web form is to identify and confirm the human user presence on web sites. In this paper, an efficient k-Nearest Neighbor algorithm using hierarchical clustering for web bot detection is proposed. Proposed technique exploits a novel taxonomy of web bot features known as Biostatistics Features. Numerous attack scenarios for web bot attacks such as automatic account registration, automatic form filling, bulk message posting, and web scrapping are created to imitate the zero-day web bot attacks. The proposed technique is evaluated with number of experiments using standard evaluation parameters. The experimental result analysis demonstrates that the proposed technique is extremely efficient in differentiating human users from web bots.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"50 1","pages":"1-27"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84748660","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.4018/IJDCF.20211101.OA7
Alex Zhu, W. Yan, R. Sinha
Most intrusion detection systems (IDS)/intrusion prevention systems (IPS) cannot defend the attacks from a return-oriented program (ROP) that applies code reusing and exploiting techniques without the need for code injection. Malicious attackers chain a short sequence as a gadget and execute this gadget as an arbitrary (Turing-complete) behavior in the target program. Lots of ROP defense tools have been developed with satisfactory performance and low costs overhead, but malicious attackers can evade ROP tools. Therefore, it needs security researchers to continually improve existing ROP defense tools because the defense ability of target devices such as smartphones is weak, and such devices are being increasingly targeted. The contribution in this paper is to propose an ROP defense method that has provided a better performance of defense against ROP attacks than existing ROP defense tools.
{"title":"ROP Defense Using Trie Graph for System Security","authors":"Alex Zhu, W. Yan, R. Sinha","doi":"10.4018/IJDCF.20211101.OA7","DOIUrl":"https://doi.org/10.4018/IJDCF.20211101.OA7","url":null,"abstract":"Most intrusion detection systems (IDS)/intrusion prevention systems (IPS) cannot defend the attacks from a return-oriented program (ROP) that applies code reusing and exploiting techniques without the need for code injection. Malicious attackers chain a short sequence as a gadget and execute this gadget as an arbitrary (Turing-complete) behavior in the target program. Lots of ROP defense tools have been developed with satisfactory performance and low costs overhead, but malicious attackers can evade ROP tools. Therefore, it needs security researchers to continually improve existing ROP defense tools because the defense ability of target devices such as smartphones is weak, and such devices are being increasingly targeted. The contribution in this paper is to propose an ROP defense method that has provided a better performance of defense against ROP attacks than existing ROP defense tools.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"20 1","pages":"1-12"},"PeriodicalIF":0.7,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89541735","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: