Malicious encrypted traffic detection is a critical component of network security management. Previous detection methods can be categorized into two classes as follows: one is to use the feature engineering method to construct traffic features for classification and the other is to use the end-to-end method that directly inputs the original traffic to obtain traffic features for classification. Both of the abovementioned two methods have the problem that the obtained features cannot fully characterize the traffic. To this end, this paper proposes a hierarchical multimodal deep learning model (HMMED) for malicious encrypted traffic detection. This model adopts the abovementioned two feature generation methods to learn the features of payload and header, respectively, then fuses the features to get the final traffic features, and finally inputs the final traffic features into the softmax classifier for classification. In addition, since traditional deep learning is highly dependent on the training set size and data distribution, resulting in a model that is not very generalizable and difficult to adapt to unseen encrypted traffic, the model proposed in this paper uses a large amount of unlabeled encrypted traffic in the pretraining layer to pretrain a submodel used to obtain a generic packet payload representation. The test results on the USTC-TFC2016 dataset show that the proposed model can effectively solve the problem of insufficient feature extraction of traditional detection methods and improve the ACC of malicious encrypted traffic detection.
{"title":"HMMED: A Multimodal Model with Separate Head and Payload Processing for Malicious Encrypted Traffic Detection","authors":"Peng Xiao, Ying Yan, Jian Hu, Zhenhong Zhang","doi":"10.1155/2024/8725832","DOIUrl":"https://doi.org/10.1155/2024/8725832","url":null,"abstract":"Malicious encrypted traffic detection is a critical component of network security management. Previous detection methods can be categorized into two classes as follows: one is to use the feature engineering method to construct traffic features for classification and the other is to use the end-to-end method that directly inputs the original traffic to obtain traffic features for classification. Both of the abovementioned two methods have the problem that the obtained features cannot fully characterize the traffic. To this end, this paper proposes a hierarchical multimodal deep learning model (HMMED) for malicious encrypted traffic detection. This model adopts the abovementioned two feature generation methods to learn the features of payload and header, respectively, then fuses the features to get the final traffic features, and finally inputs the final traffic features into the softmax classifier for classification. In addition, since traditional deep learning is highly dependent on the training set size and data distribution, resulting in a model that is not very generalizable and difficult to adapt to unseen encrypted traffic, the model proposed in this paper uses a large amount of unlabeled encrypted traffic in the pretraining layer to pretrain a submodel used to obtain a generic packet payload representation. The test results on the USTC-TFC2016 dataset show that the proposed model can effectively solve the problem of insufficient feature extraction of traditional detection methods and improve the ACC of malicious encrypted traffic detection.","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"45 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141190201","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fan Li, Chenyang Liu, Zhenbo Dong, Zhibo Sun, Weipeng Qian
With the advancement of image steganography, coverless image steganography has gained widespread attention due to its ability to hide information without modifying the carrier of images. However, existing coverless image steganography methods often require both communicating parties to transmit an amount of additional information including image blocks’ locations or a large number of parameters, which will raise a serious suspicion. In light of this issue, we propose a robust coverless image steganography algorithm based on Speeded-Up Robust Features (SURF). Firstly, the proposed method allows both communicating parties to independently create multiple coverless image datasets (CIDs) using random seeds. Then, a mapping rule is designed for creating one-to-one correspondence between hash sequences and images in CIDs. Finally, the secret information will be carried by the images whose hash sequences are equal to the secret segments. At the receiver side, the robust SURF of images is utilized to retrieve the secret information. Experimental results demonstrate that the proposed algorithm outperforms other methods in terms of capacity, robustness, and security. Furthermore, it is worth noting that the proposed method eliminates the need to transmit a large amount of additional information, which is a significant security issue in existing coverless image steganography algorithms.
{"title":"A Robust Coverless Image Steganography Algorithm Based on Image Retrieval with SURF Features","authors":"Fan Li, Chenyang Liu, Zhenbo Dong, Zhibo Sun, Weipeng Qian","doi":"10.1155/2024/5034640","DOIUrl":"https://doi.org/10.1155/2024/5034640","url":null,"abstract":"With the advancement of image steganography, coverless image steganography has gained widespread attention due to its ability to hide information without modifying the carrier of images. However, existing coverless image steganography methods often require both communicating parties to transmit an amount of additional information including image blocks’ locations or a large number of parameters, which will raise a serious suspicion. In light of this issue, we propose a robust coverless image steganography algorithm based on Speeded-Up Robust Features (SURF). Firstly, the proposed method allows both communicating parties to independently create multiple coverless image datasets (CIDs) using random seeds. Then, a mapping rule is designed for creating one-to-one correspondence between hash sequences and images in CIDs. Finally, the secret information will be carried by the images whose hash sequences are equal to the secret segments. At the receiver side, the robust SURF of images is utilized to retrieve the secret information. Experimental results demonstrate that the proposed algorithm outperforms other methods in terms of capacity, robustness, and security. Furthermore, it is worth noting that the proposed method eliminates the need to transmit a large amount of additional information, which is a significant security issue in existing coverless image steganography algorithms.","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"139 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141061296","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Android is the most widely used mobile operating system and responsible for handling a wide variety of data from simple messages to sensitive banking details. The explosive increase in malware targeting this platform has made it imperative to adopt machine learning approaches for effective malware detection and classification. Since its release in 2008, the Android platform has changed substantially and there has also been a significant increase in the number, complexity, and evolution of malware that target this platform. This rapid evolution quickly renders existing malware datasets out of date and has a degrading impact on machine learning-based detection models. Many studies have been carried out to explore the effectiveness of various machine learning models for Android malware detection. Majority of these studies use datasets that have compiled using static or dynamic analysis of malware but the use of hybrid analysis approaches has not been addressed completely. Likewise, the impact of malware evolution has not been fully investigated. Although some of the models have achieved exceptional results, their performance deteriorated for evolving malware and they were also not effective against antidynamic malware. In this paper, we address both these limitations by creating an enhanced subset of the KronoDroid dataset and using it to develop a supervised machine learning model capable of detecting evolving and antidynamic malware. The original KronoDroid dataset contains malware samples from 2008 to 2020, making it effective for the detection of evolving malware and handling concept drift. Also, the dynamic features are collected by executing the malware on a real device, making it effective for handling antidynamic malware. We create an enhanced subset of this dataset by adding malware category labels with the help of multiple online repositories. Then, we train multiple supervised machine learning models and use the ExtraTree classifier to select the top 50 features. Our results show that the random forest (RF) model has the highest accuracy of 98.03% for malware detection and 87.56% for malware category classification (for 15 malware categories).
{"title":"Effective and Efficient Android Malware Detection and Category Classification Using the Enhanced KronoDroid Dataset","authors":"Mudassar Waheed, Sana Qadir","doi":"10.1155/2024/7382302","DOIUrl":"https://doi.org/10.1155/2024/7382302","url":null,"abstract":"Android is the most widely used mobile operating system and responsible for handling a wide variety of data from simple messages to sensitive banking details. The explosive increase in malware targeting this platform has made it imperative to adopt machine learning approaches for effective malware detection and classification. Since its release in 2008, the Android platform has changed substantially and there has also been a significant increase in the number, complexity, and evolution of malware that target this platform. This rapid evolution quickly renders existing malware datasets out of date and has a degrading impact on machine learning-based detection models. Many studies have been carried out to explore the effectiveness of various machine learning models for Android malware detection. Majority of these studies use datasets that have compiled using static or dynamic analysis of malware but the use of hybrid analysis approaches has not been addressed completely. Likewise, the impact of malware evolution has not been fully investigated. Although some of the models have achieved exceptional results, their performance deteriorated for evolving malware and they were also not effective against antidynamic malware. In this paper, we address both these limitations by creating an enhanced subset of the KronoDroid dataset and using it to develop a supervised machine learning model capable of detecting evolving and antidynamic malware. The original KronoDroid dataset contains malware samples from 2008 to 2020, making it effective for the detection of evolving malware and handling concept drift. Also, the dynamic features are collected by executing the malware on a real device, making it effective for handling antidynamic malware. We create an enhanced subset of this dataset by adding malware category labels with the help of multiple online repositories. Then, we train multiple supervised machine learning models and use the ExtraTree classifier to select the top 50 features. Our results show that the random forest (RF) model has the highest accuracy of 98.03% for malware detection and 87.56% for malware category classification (for 15 malware categories).","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"47 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140602008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The practical employment of network coding (NC) has shown major improvements when it comes to the transmission reliability of sender data and bandwidth utilization. Moreover, network coding has been employed recently to secure the transmission of data and prevent unauthorized recovery of sender packets. In this paper, we employ network coding (NC) in a practical way in networks with constrained resources with the goal of improving the reliability and security of data transfer. More specifically, we apply NC on the recent options of block-wise transfer (BWT) of the constrained application protocol (CoAP). The goal is to enhance the reliability of CoAP when used to transfer larger data blocks using BWT. Also, we employ an innovative homomorphic encryption approach to secure the BWT of CoAP.
{"title":"Securing the Transmission While Enhancing the Reliability of Communication Using Network Coding in Block-Wise Transfer of CoAP","authors":"Mohammed D. Halloush","doi":"10.1155/2024/7538203","DOIUrl":"https://doi.org/10.1155/2024/7538203","url":null,"abstract":"The practical employment of network coding (NC) has shown major improvements when it comes to the transmission reliability of sender data and bandwidth utilization. Moreover, network coding has been employed recently to secure the transmission of data and prevent unauthorized recovery of sender packets. In this paper, we employ network coding (NC) in a practical way in networks with constrained resources with the goal of improving the reliability and security of data transfer. More specifically, we apply NC on the recent options of block-wise transfer (BWT) of the constrained application protocol (CoAP). The goal is to enhance the reliability of CoAP when used to transfer larger data blocks using BWT. Also, we employ an innovative homomorphic encryption approach to secure the BWT of CoAP.","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"33 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140315714","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Frequency-hiding order-preserving encryption (FH-OPE) has emerged as an important tool in data security, particularly in cloud computing, because of its unique ability to preserve the order of plaintexts in their corresponding ciphertexts and enable efficient range queries on encrypted data. Despite its strong security model, indistinguishability under frequency analyzing ordered chosen plaintext attack (IND-FA-OCPA), our research identifies a vulnerability in its design, particularly the impact of range queries. In our research, we quantify the frequency of data exposure resulting from these range queries and present potential inference attacks on the FH-OPE scheme. Our findings are substantiated through experiments on real-world datasets, with the goal of measuring the frequency of data exposure resulting from range queries on FH-OPE encrypted databases. These results quantify the level of risk in practical applications of FH-OPE and reveal the potential for additional inference attacks and the urgency of addressing these threats. Consequently, our research highlights the need for a more comprehensive security model that considers the potential risks associated with range queries and underscores the importance of developing new range-query methods that prevent exposing these vulnerabilities.
{"title":"Exploring the Security Vulnerability in Frequency-Hiding Order-Preserving Encryption","authors":"JiHye Yang, Kee Sung Kim","doi":"10.1155/2024/2764345","DOIUrl":"https://doi.org/10.1155/2024/2764345","url":null,"abstract":"Frequency-hiding order-preserving encryption (FH-OPE) has emerged as an important tool in data security, particularly in cloud computing, because of its unique ability to preserve the order of plaintexts in their corresponding ciphertexts and enable efficient range queries on encrypted data. Despite its strong security model, indistinguishability under frequency analyzing ordered chosen plaintext attack (IND-FA-OCPA), our research identifies a vulnerability in its design, particularly the impact of range queries. In our research, we quantify the frequency of data exposure resulting from these range queries and present potential inference attacks on the FH-OPE scheme. Our findings are substantiated through experiments on real-world datasets, with the goal of measuring the frequency of data exposure resulting from range queries on FH-OPE encrypted databases. These results quantify the level of risk in practical applications of FH-OPE and reveal the potential for additional inference attacks and the urgency of addressing these threats. Consequently, our research highlights the need for a more comprehensive security model that considers the potential risks associated with range queries and underscores the importance of developing new range-query methods that prevent exposing these vulnerabilities.","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"10 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-02-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"140006023","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The growth of the Internet of Things (IoT) has recently impacted our daily lives in many ways. As a result, a massive volume of data are generated and need to be processed in a short period of time. Therefore, a combination of computing models such as cloud computing is necessary. The main disadvantage of the cloud platform is its high latency due to the centralized mainframe. Fortunately, a distributed paradigm known as fog computing has emerged to overcome this problem, offering cloud services with low latency and high-access bandwidth to support many IoT application scenarios. However, attacks against fog servers can take many forms, such as distributed denial of service (DDoS) attacks that severely affect the reliability and availability of fog services. To address these challenges, we propose mitigation of fog computing-based SYN Flood DDoS attacks using an adaptive neuro-fuzzy inference system (ANFIS) and software defined networking (SDN) assistance (FASA). The simulation results show that the FASA system outperforms other algorithms in terms of accuracy, precision, recall, and F1-score. This shows how crucial our system is for detecting and mitigating TCP-SYN floods and DDoS attacks.
最近,物联网(IoT)的发展以多种方式影响着我们的日常生活。因此,产生了大量数据,需要在短时间内进行处理。因此,有必要结合云计算等计算模式。云平台的主要缺点是由于集中式主机而导致的高延迟。幸运的是,一种被称为雾计算的分布式计算模式的出现克服了这一问题,它提供低延迟和高访问带宽的云服务,支持许多物联网应用场景。然而,针对雾服务器的攻击有多种形式,例如严重影响雾服务可靠性和可用性的分布式拒绝服务(DDoS)攻击。为了应对这些挑战,我们提出利用自适应神经模糊推理系统(ANFIS)和软件定义网络(SDN)辅助(FASA)来缓解基于雾计算的 SYN Flood DDoS 攻击。仿真结果表明,FASA 系统在准确度、精确度、召回率和 F1 分数方面均优于其他算法。这表明我们的系统对检测和缓解 TCP-SYN 泛洪和 DDoS 攻击至关重要。
{"title":"Toward a Real-Time TCP SYN Flood DDoS Mitigation Using Adaptive Neuro-Fuzzy Classifier and SDN Assistance in Fog Computing","authors":"Radjaa Bensaid, Nabila Labraoui, Ado Adamou Abba Ari, Leandros Maglaras, Hafida Saidi, Ahmed Mahmoud Abdu Lwahhab, Sihem Benfriha","doi":"10.1155/2024/6651584","DOIUrl":"https://doi.org/10.1155/2024/6651584","url":null,"abstract":"The growth of the Internet of Things (IoT) has recently impacted our daily lives in many ways. As a result, a massive volume of data are generated and need to be processed in a short period of time. Therefore, a combination of computing models such as cloud computing is necessary. The main disadvantage of the cloud platform is its high latency due to the centralized mainframe. Fortunately, a distributed paradigm known as fog computing has emerged to overcome this problem, offering cloud services with low latency and high-access bandwidth to support many IoT application scenarios. However, attacks against fog servers can take many forms, such as distributed denial of service (DDoS) attacks that severely affect the reliability and availability of fog services. To address these challenges, we propose mitigation of fog computing-based SYN Flood DDoS attacks using an adaptive neuro-fuzzy inference system (ANFIS) and software defined networking (SDN) assistance (FASA). The simulation results show that the FASA system outperforms other algorithms in terms of accuracy, precision, recall, and <i>F</i>1-score. This shows how crucial our system is for detecting and mitigating TCP-SYN floods and DDoS attacks.","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"21 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139952834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Retracted: A Review of Motion Vector-Based Video Steganography","authors":"Security and Communication Networks","doi":"10.1155/2024/9824673","DOIUrl":"https://doi.org/10.1155/2024/9824673","url":null,"abstract":"<jats:p />","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"38 8","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139602354","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Retracted: Secure and Energy-Efficient Computational Offloading Using LSTM in Mobile Edge Computing","authors":"Security and Communication Networks","doi":"10.1155/2024/9762430","DOIUrl":"https://doi.org/10.1155/2024/9762430","url":null,"abstract":"<jats:p />","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"59 10","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139441622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Retracted: A K-Means Clustering Algorithm for Early Warning of Financial Risks in Agricultural Industry","authors":"Security and Communication Networks","doi":"10.1155/2024/9780872","DOIUrl":"https://doi.org/10.1155/2024/9780872","url":null,"abstract":"<jats:p />","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"53 15","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139442067","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Retracted: More General Form of Interval-Valued Fuzzy Ideals of BCK/BCI-Algebras","authors":"Security and Communication Networks","doi":"10.1155/2024/9794857","DOIUrl":"https://doi.org/10.1155/2024/9794857","url":null,"abstract":"<jats:p />","PeriodicalId":49554,"journal":{"name":"Security and Communication Networks","volume":"39 45","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139442567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: