首页 > 最新文献

信息安全(英文)最新文献

英文 中文
Improved Smartphone Application for Remote Access by Network Administrators 用于网络管理员远程访问的改进的智能手机应用程序
Pub Date : 2019-10-25 DOI: 10.4236/jis.2019.104014
E. Nwabueze, E. Okon
This research attempts the implementation of an improved smartphone application for remote system administration. The work was motivated by the inability of network administrators to access their virtual servers from a remote location without worrying about the security implications, inaccurate and unreliable reports from a third party whenever he is out of town. The cloud server can be monitored and administered because various task such as creating users, manage users (grant access, block or delete users), restart server and shutdown server can be handled by the remote system administrator. This will involve of securing the system with a one-way hashing of encrypted password and a device ID for only whitelisted devices to be granted access. It will be observed that remote access for system administration can be implemented using a smartphone app based on a Point-to-Point Protocol and also reveal the advantages of PPP protocol, therefore making the enormous responsibilities of a remote system administrator much easier to accomplish.
本研究试图实现一种用于远程系统管理的改进智能手机应用程序。这项工作的动机是,网络管理员无法从远程位置访问他们的虚拟服务器,而不必担心第三方在外地时的安全影响、不准确和不可靠的报告。云服务器可以被监控和管理,因为远程系统管理员可以处理各种任务,如创建用户、管理用户(授予访问权限、阻止或删除用户)、重新启动服务器和关闭服务器。这将涉及到通过加密密码的单向哈希和仅允许访问白名单设备的设备ID来保护系统。可以观察到,系统管理的远程访问可以使用基于点对点协议的智能手机应用程序来实现,也揭示了PPP协议的优势,因此使远程系统管理员的巨大职责更容易完成。
{"title":"Improved Smartphone Application for Remote Access by Network Administrators","authors":"E. Nwabueze, E. Okon","doi":"10.4236/jis.2019.104014","DOIUrl":"https://doi.org/10.4236/jis.2019.104014","url":null,"abstract":"This research attempts the implementation of an improved smartphone application for remote system administration. The work was motivated by the inability of network administrators to access their virtual servers from a remote location without worrying about the security implications, inaccurate and unreliable reports from a third party whenever he is out of town. The cloud server can be monitored and administered because various task such as creating users, manage users (grant access, block or delete users), restart server and shutdown server can be handled by the remote system administrator. This will involve of securing the system with a one-way hashing of encrypted password and a device ID for only whitelisted devices to be granted access. It will be observed that remote access for system administration can be implemented using a smartphone app based on a Point-to-Point Protocol and also reveal the advantages of PPP protocol, therefore making the enormous responsibilities of a remote system administrator much easier to accomplish.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48810263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Design and Development of a Novel Symmetric Algorithm for Enhancing Data Security in Cloud Computing 一种增强云计算数据安全的新型对称算法的设计与开发
Pub Date : 2019-10-14 DOI: 10.4236/jis.2019.104012
M. Hossain, A. Ullah, Newaz Ibrahim Khan, Feroz Alam
Cloud computing is a kind of computing that depends on shared figuring assets instead of having nearby servers or individual gadgets to deal with applications. Technology is moving to the cloud more and more. It’s not just a trend, the shift away from ancient package models to package as service has steadily gained momentum over the last ten years. Looking forward, the following decade of cloud computing guarantees significantly more approaches to work from anyplace, utilizing cell phones. Cloud computing focused on better performances, better scalability and resource consumption but it also has some security issue with the data stored in it. The proposed algorithm intents to come with some solutions that will reduce the security threats and ensure far better security to the data stored in cloud.
云计算是一种计算,它依赖于共享的计算资源,而不是使用附近的服务器或单独的设备来处理应用程序。技术越来越多地转移到云端。这不仅仅是一种趋势,从古老的打包模式到打包即服务的转变在过去十年中稳步增长。展望未来,云计算的未来十年将保证更多使用手机在任何地方工作的方式。云计算侧重于更好的性能、更好的可伸缩性和资源消耗,但它也存在存储在其中的数据的一些安全问题。提出的算法旨在提供一些解决方案,以减少安全威胁,并确保存储在云中的数据具有更好的安全性。
{"title":"Design and Development of a Novel Symmetric Algorithm for Enhancing Data Security in Cloud Computing","authors":"M. Hossain, A. Ullah, Newaz Ibrahim Khan, Feroz Alam","doi":"10.4236/jis.2019.104012","DOIUrl":"https://doi.org/10.4236/jis.2019.104012","url":null,"abstract":"Cloud computing \u0000is a kind of computing that depends on shared figuring assets instead of having \u0000nearby servers or individual gadgets to deal with applications. Technology is moving to the cloud more and more. \u0000It’s not just a trend, the shift away from ancient package models to package as \u0000service has steadily gained momentum over \u0000the last ten years. Looking forward, the following decade of cloud computing guarantees \u0000significantly more approaches to work from anyplace, utilizing cell phones. Cloud computing \u0000focused on better performances, better scalability and resource consumption but \u0000it also has some security issue with the data stored in it. The proposed \u0000algorithm intents to come with some solutions that will reduce the security \u0000threats and ensure far better security to the data stored in cloud.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45379168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Systematizing IT Risks IT风险系统化
Pub Date : 2019-10-14 DOI: 10.4236/jis.2019.104013
Georg Disterer
IT risks—risks associated with the operation or use of information technology—have taken on great importance in business, and IT risk management is accordingly important in the science and practice of information management. Therefore, it is necessary to systematize IT risks in order to plan, manage and control for different risk-specific measures. In order to choose and implement suitable measures for managing IT risks, effect-based and cause-based procedures are necessary. These procedures are explained in detail for IT security risks because of their special importance.
IT风险——与信息技术的操作或使用相关的风险——在业务中占有非常重要的地位,因此IT风险管理在信息管理的科学和实践中非常重要。因此,有必要将it风险系统化,以便计划、管理和控制不同的风险特定措施。为了选择和实施合适的措施来管理IT风险,基于效果和基于原因的程序是必要的。由于IT安全风险的特殊重要性,我们将详细解释这些步骤。
{"title":"Systematizing IT Risks","authors":"Georg Disterer","doi":"10.4236/jis.2019.104013","DOIUrl":"https://doi.org/10.4236/jis.2019.104013","url":null,"abstract":"IT \u0000risks—risks associated with the operation or use of information technology—have \u0000taken on great importance in business, and IT risk management is accordingly \u0000important in the science and practice of information management. Therefore, it \u0000is necessary to systematize IT risks in order to plan, manage and control for \u0000different risk-specific measures. In order to choose and implement suitable \u0000measures for managing IT risks, effect-based and cause-based \u0000procedures are necessary. These procedures are explained in detail for IT \u0000security risks because of their special importance.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42855446","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Can Routers Provide Sufficient Protection against Cyber Security Attacks? 路由器能为网络安全攻击提供足够的保护吗?
Pub Date : 2019-10-14 DOI: 10.4236/jis.2019.104017
David L. Leal, Sanjeev Kumar
Nowadays many devices that make up a computer network are being equipped with security hardware and software features to prevent cyber security attacks. The idea is to distribute security features to intermediate systems in the network to mitigate the overall adverse effect of cyber attacks. In this paper, we will be focusing on the Juniper J4350 router with the Junos Software Enhanced, and it has security-attack protections in the router. We are going to evaluate how the Juniper router with built-in security protections affected the overall server performance under a cyber security attack.
如今,许多组成计算机网络的设备都配备了安全硬件和软件功能,以防止网络安全攻击。其思想是将安全特性分发到网络中的中间系统,以减轻网络攻击的总体不利影响。在本文中,我们将重点介绍带有Junos软件增强的Juniper J4350路由器,它在路由器中具有安全攻击保护功能。我们将评估内置安全保护的Juniper路由器如何在网络安全攻击下影响服务器的整体性能。
{"title":"Can Routers Provide Sufficient Protection against Cyber Security Attacks?","authors":"David L. Leal, Sanjeev Kumar","doi":"10.4236/jis.2019.104017","DOIUrl":"https://doi.org/10.4236/jis.2019.104017","url":null,"abstract":"Nowadays many devices that make up a computer network are being equipped with security hardware and software features to prevent cyber security attacks. The idea is to distribute security features to intermediate systems in the network to mitigate the overall adverse effect of cyber attacks. In this paper, we will be focusing on the Juniper J4350 router with the Junos Software Enhanced, and it has security-attack protections in the router. We are going to evaluate how the Juniper router with built-in security protections affected the overall server performance under a cyber security attack.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43411915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
How Perceived Benefits and Barriers Affect Millennial Professionals’ Online Security Behaviors 感知的利益和障碍如何影响千禧一代专业人士的网络安全行为
Pub Date : 2019-10-14 DOI: 10.4236/jis.2019.104016
Fabrice Djatsa
Over the past decade, there has been an increase in cybersecurity breaches through identity theft, hacking, phishing attacks, and the use of malware such as viruses, worms, or trojans. The breaches have triggered an increase in investment in information security in organizations. As technology continues to improve, the risks of having cybersecurity incidents also increase. Cybersecurity firms reported that in 2016, there were 1209 total breaches with 1.1 billion identities exposed. Most experts agree that human vulnerability is a significant factor in cybersecurity. Most issues related to advanced threats come from human nature and ignorance. For the study, the researcher examined the relationship between Millennial professionals’ perceptions of cybersecurity risks and users’ online security behaviors. The study focused on two elements of perception which are perceived benefits and perceived barriers. The researcher administered a survey to 109 participants randomly selected among Survey Monkey audience members. The Spearman’s correlation test performed supported the analysis of the strength of the relationship and the level of significance between each of the independent variables and the dependent variable. The results from the statistical test provided enough evidence to reject each of the null hypothesis tested in this study. There were significant correlations between each of the independent variables, Perceived Benefits (PBE) and Perceived Barriers (PBA) and the dependent variable Online Security Behaviors (OSB).
在过去的十年中,通过身份盗窃、黑客攻击、网络钓鱼攻击以及病毒、蠕虫或木马等恶意软件的使用,网络安全漏洞有所增加。这些漏洞引发了企业在信息安全方面的投资增加。随着技术的不断进步,发生网络安全事件的风险也在增加。网络安全公司报告称,2016年共发生1209起数据泄露事件,泄露了11亿个身份信息。大多数专家都认为,人类的脆弱性是网络安全的一个重要因素。大多数与高级威胁有关的问题源于人性和无知。在这项研究中,研究人员调查了千禧一代专业人士对网络安全风险的看法与用户在线安全行为之间的关系。该研究主要关注感知的两个要素,即感知利益和感知障碍。研究人员对调查猴子的观众中随机挑选的109名参与者进行了调查。进行的Spearman相关检验支持对每个自变量和因变量之间的关系强度和显著性水平的分析。统计检验的结果提供了足够的证据来拒绝本研究中检验的每一个零假设。自变量感知利益(PBE)和感知障碍(PBA)与因变量网络安全行为(OSB)之间存在显著相关。
{"title":"How Perceived Benefits and Barriers Affect Millennial Professionals’ Online Security Behaviors","authors":"Fabrice Djatsa","doi":"10.4236/jis.2019.104016","DOIUrl":"https://doi.org/10.4236/jis.2019.104016","url":null,"abstract":"Over the past decade, there has been an increase in cybersecurity breaches through identity theft, hacking, phishing attacks, and the use of malware such as viruses, worms, or trojans. The breaches have triggered an increase in investment in information security in organizations. As technology continues to improve, the risks of having cybersecurity incidents also increase. Cybersecurity firms reported that in 2016, there were 1209 total breaches with 1.1 billion identities exposed. Most experts agree that human vulnerability is a significant factor in cybersecurity. Most issues related to advanced threats come from human nature and ignorance. For the study, the researcher examined the relationship between Millennial professionals’ perceptions of cybersecurity risks and users’ online security behaviors. The study focused on two elements of perception which are perceived benefits and perceived barriers. The researcher administered a survey to 109 participants randomly selected among Survey Monkey audience members. The Spearman’s correlation test performed supported the analysis of the strength of the relationship and the level of significance between each of the independent variables and the dependent variable. The results from the statistical test provided enough evidence to reject each of the null hypothesis tested in this study. There were significant correlations between each of the independent variables, Perceived Benefits (PBE) and Perceived Barriers (PBA) and the dependent variable Online Security Behaviors (OSB).","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43747712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Multi-Value Sequence Generated over Sub Extension Field and Its Properties 子可拓域上生成的多值序列及其性质
Pub Date : 2019-07-02 DOI: 10.4236/JIS.2019.103008
Md. Arshad Ali, Yuta Kodera, Takuya Kusaka, S. Uehara, Y. Nogami, R. Morelos-Zaragoza
Pseudo-random sequences with long period, low correlation, high linear complexity, and uniform distribution of bit patterns are widely used in the field of information security and cryptography. This paper proposes an approach for generating a pseudo-random multi-value sequence (including a binary sequence) by utilizing a primitive polynomial, trace function, and k-th power residue symbol over the sub extension field. All our previous sequences are defined over the prime field, whereas, proposed sequence in this paper is defined over the sub extension field. Thus, it’s a new and innovative perception to consider the sub extension field during the sequence generation procedure. By considering the sub extension field, two notable outcomes are: proposed sequence holds higher linear complexity and more uniform distribution of bit patterns compared to our previous work which defined over the prime field. Additionally, other important properties of the proposed multi-value sequence such as period, autocorrelation, and cross-correlation are theoretically shown along with some experimental results.
伪随机序列具有周期长、相关性低、线性复杂度高、比特模式分布均匀等特点,在信息安全和密码学领域得到了广泛应用。本文提出了一种利用原始多项式、跟踪函数和子扩展域上的k次方残差符号生成伪随机多值序列(包括二进制序列)的方法。我们以前的序列都是在素域上定义的,而本文提出的序列是在子可拓域上定义。因此,在序列生成过程中考虑子可拓域是一种新的创新观念。通过考虑子扩展域,两个显著的结果是:与我们之前在素数域上定义的工作相比,所提出的序列具有更高的线性复杂性和更均匀的比特模式分布。此外,还从理论上展示了所提出的多值序列的其他重要性质,如周期、自相关和互相关,以及一些实验结果。
{"title":"Multi-Value Sequence Generated over Sub Extension Field and Its Properties","authors":"Md. Arshad Ali, Yuta Kodera, Takuya Kusaka, S. Uehara, Y. Nogami, R. Morelos-Zaragoza","doi":"10.4236/JIS.2019.103008","DOIUrl":"https://doi.org/10.4236/JIS.2019.103008","url":null,"abstract":"Pseudo-random sequences with long period, low correlation, high linear complexity, and uniform distribution of bit patterns are widely used in the field of information security and cryptography. This paper proposes an approach for generating a pseudo-random multi-value sequence (including a binary sequence) by utilizing a primitive polynomial, trace function, and k-th power residue symbol over the sub extension field. All our previous sequences are defined over the prime field, whereas, proposed sequence in this paper is defined over the sub extension field. Thus, it’s a new and innovative perception to consider the sub extension field during the sequence generation procedure. By considering the sub extension field, two notable outcomes are: proposed sequence holds higher linear complexity and more uniform distribution of bit patterns compared to our previous work which defined over the prime field. Additionally, other important properties of the proposed multi-value sequence such as period, autocorrelation, and cross-correlation are theoretically shown along with some experimental results.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48884657","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
An Intelligent Model for Online Recruitment Fraud Detection 一种在线招聘欺诈检测的智能模型
Pub Date : 2019-06-14 DOI: 10.4236/JIS.2019.103009
Bandar Alghamdi, Fahad M. Alharby
This study research attempts to prohibit privacy and loss of money for individuals and organization by creating a reliable model which can detect the fraud exposure in the online recruitment environments. This research presents a major contribution represented in a reliable detection model using ensemble approach based on Random forest classifier to detect Online Recruitment Fraud (ORF). The detection of Online Recruitment Fraud is characterized by other types of electronic fraud detection by its modern and the scarcity of studies on this concept. The researcher proposed the detection model to achieve the objectives of this study. For feature selection, support vector machine method is used and for classification and detection, ensemble classifier using Random Forest is employed. A freely available dataset called Employment Scam Aegean Dataset (EMSCAD) is used to apply the model. Pre-processing step had been applied before the selection and classification adoptions. The results showed an obtained accuracy of 97.41%. Further, the findings presented the main features and important factors in detection purpose include having a company profile feature, having a company logo feature and an industry feature.
这项研究试图通过创建一个可靠的模型来防止个人和组织的隐私和金钱损失,该模型可以检测在线招聘环境中的欺诈暴露。本研究的主要贡献在于使用基于随机森林分类器的集成方法来检测在线招聘欺诈(ORF)的可靠检测模型。网络招聘欺诈检测的特点是其他类型的电子欺诈检测以其现代性和稀缺性对这一概念进行研究。为了达到本研究的目的,研究人员提出了检测模型。特征选择采用支持向量机方法,分类检测采用随机森林集成分类器。一个名为就业骗局爱琴海数据集(EMSCAD)的免费数据集用于应用该模型。在选择和分类采用之前,已经应用了预处理步骤。结果显示,获得的准确率为97.41%。此外,研究结果提出了检测目的的主要特征和重要因素,包括具有公司简介特征、公司标志特征和行业特征。
{"title":"An Intelligent Model for Online Recruitment Fraud Detection","authors":"Bandar Alghamdi, Fahad M. Alharby","doi":"10.4236/JIS.2019.103009","DOIUrl":"https://doi.org/10.4236/JIS.2019.103009","url":null,"abstract":"This study research attempts to prohibit privacy and loss of money for individuals and organization by creating a reliable model which can detect the fraud exposure in the online recruitment environments. This research presents a major contribution represented in a reliable detection model using ensemble approach based on Random forest classifier to detect Online Recruitment Fraud (ORF). The detection of Online Recruitment Fraud is characterized by other types of electronic fraud detection by its modern and the scarcity of studies on this concept. The researcher proposed the detection model to achieve the objectives of this study. For feature selection, support vector machine method is used and for classification and detection, ensemble classifier using Random Forest is employed. A freely available dataset called Employment Scam Aegean Dataset (EMSCAD) is used to apply the model. Pre-processing step had been applied before the selection and classification adoptions. The results showed an obtained accuracy of 97.41%. Further, the findings presented the main features and important factors in detection purpose include having a company profile feature, having a company logo feature and an industry feature.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49529990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Unlink Attack Defense Method Based on New Chunk Structure 基于新区块结构的Unlink攻击防御方法
Pub Date : 2019-06-14 DOI: 10.4236/JIS.2019.103010
Yuan-Zhi Huo, Gang Wang, Fachang Yang
The Unlink attack is a way of attacking the heap overflow vulnerability under the Linux platform. However, because the heap overflow data seldom directly leads to program control flow hijacking and related protection mechanism limitations, the existing detection technology is difficult to judge whether the program meets the heap overflow attack condition. There are certain inspection measures in the existing unlink mechanism, but with carefully constructing the contents of the heap, you can bypass the inspection measures. The unlink mechanism must be triggered with the free function, and this principle is similar to function-exit of stacks. The paper obtains the inspiration through the canary protection mechanism in the stack, adds it to the chunk structure, encrypts the canary value, and defends the unlink attack from the fundamental structure. The experimental results show that this method can effectively prevent the occurrence of unlink attacks and has the ability to detect common heap overflows.
Unlink攻击是在Linux平台下攻击堆溢出漏洞的一种方式。然而,由于堆溢出数据很少直接导致程序控制流劫持和相关保护机制的限制,现有的检测技术很难判断程序是否满足堆溢出攻击条件。在现有的取消链接机制中有一些检查措施,但通过仔细构建堆的内容,可以绕过检查措施。取消链接机制必须由自由函数触发,这一原理类似于堆栈的函数退出。本文通过栈中的金丝雀保护机制获得启示,将其添加到块结构中,对金丝雀值进行加密,并从基本结构上防御unlink攻击。实验结果表明,该方法可以有效地防止unlink攻击的发生,并具有检测常见堆溢出的能力。
{"title":"Unlink Attack Defense Method Based on New Chunk Structure","authors":"Yuan-Zhi Huo, Gang Wang, Fachang Yang","doi":"10.4236/JIS.2019.103010","DOIUrl":"https://doi.org/10.4236/JIS.2019.103010","url":null,"abstract":"The Unlink attack is a way of attacking the heap overflow vulnerability \u0000under the Linux platform. However, because the heap overflow data seldom \u0000directly leads to program control flow hijacking and related protection \u0000mechanism limitations, the existing detection technology is difficult to judge whether \u0000the program meets the heap overflow attack condition. There are certain \u0000inspection measures in the existing unlink mechanism, but with carefully \u0000constructing the contents of the heap, you can bypass the inspection measures. \u0000The unlink mechanism must be triggered with the free function, and this \u0000principle is similar to function-exit of stacks. The \u0000paper obtains the inspiration through the canary protection mechanism in the \u0000stack, adds it to the chunk structure, encrypts the canary value, and defends the \u0000unlink attack from the fundamental structure. The experimental results show \u0000that this method can effectively prevent the occurrence of unlink attacks and \u0000has the ability to detect common heap overflows.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42907804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Comparative Study and Performance Analysis of ATM Card Fraud Detection Techniques ATM卡欺诈检测技术的比较研究与性能分析
Pub Date : 2019-06-14 DOI: 10.4236/JIS.2019.103011
Md. Mijanur Rahman, A. Saha
ATM card fraud is increasing gradually with the expansion of modern technology and global communication. In the whole world, it is resulting in the loss of billions of dollars each year. Fraud detection systems have become essential for all ATM card issuing banks to minimize their losses. The main goals are, firstly, to review alternative techniques that have been used in fraud detection and secondly compare and analyze these techniques that are already used in ATM card fraud detection. Recently different card security systems used different fraud detection techniques; these techniques are based on neural network, genetic algorithm, hidden Markov model, Bayesian network, decision tree, clustering method, support vector machine, etc. According to our survey, the most important parameters used for comparing these fraud detection systems are accuracy, speed and cost of fraud detection. This study is very useful for any ATM card provider to choose an appropriate solution for fraud detection problem and also enable us to build a hybrid approach for developing some effective algorithms which can perform properly on fraud detection mechanism.
随着现代技术和全球通信的发展,ATM卡诈骗逐渐增多。在全世界,它每年造成数十亿美元的损失。欺诈检测系统已成为所有ATM发卡银行将损失降至最低的关键。主要目标是,首先,回顾已用于欺诈检测的替代技术,然后比较和分析已用于ATM卡欺诈检测的这些技术。最近,不同的卡安全系统使用了不同的欺诈检测技术;这些技术基于神经网络、遗传算法、隐马尔可夫模型、贝叶斯网络、决策树、聚类方法、支持向量机等。根据我们的调查,用于比较这些欺诈检测系统的最重要参数是欺诈检测的准确性、速度和成本。这项研究对任何ATM卡提供商选择合适的欺诈检测问题解决方案都非常有用,也使我们能够建立一种混合方法来开发一些有效的算法,这些算法可以在欺诈检测机制上正确执行。
{"title":"A Comparative Study and Performance Analysis of ATM Card Fraud Detection Techniques","authors":"Md. Mijanur Rahman, A. Saha","doi":"10.4236/JIS.2019.103011","DOIUrl":"https://doi.org/10.4236/JIS.2019.103011","url":null,"abstract":"ATM card fraud is increasing gradually with the expansion of modern technology and global communication. In the whole world, it is resulting in the loss of billions of dollars each year. Fraud detection systems have become essential for all ATM card issuing banks to minimize their losses. The main goals are, firstly, to review alternative techniques that have been used in fraud detection and secondly compare and analyze these techniques that are already used in ATM card fraud detection. Recently different card security systems used different fraud detection techniques; these techniques are based on neural network, genetic algorithm, hidden Markov model, Bayesian network, decision tree, clustering method, support vector machine, etc. According to our survey, the most important parameters used for comparing these fraud detection systems are accuracy, speed and cost of fraud detection. This study is very useful for any ATM card provider to choose an appropriate solution for fraud detection problem and also enable us to build a hybrid approach for developing some effective algorithms which can perform properly on fraud detection mechanism.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48918757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Quantitative Evaluation of Cyber-Attacks on a Hypothetical School Computer Network 对假想学校计算机网络的网络攻击的定量评估
Pub Date : 2019-06-14 DOI: 10.4236/JIS.2019.103006
A. A. Akinola, A. Adekoya, A. Kuye, A. Ayodeji
This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.
本文提出了一种攻击树建模技术,用于量化对假设的学校网络系统的网络攻击。攻击树是通过分解网络系统中可能发生攻击的路径来构建的。网络系统考虑了两种可能的网络攻击路径。一条网络路径代表通过互联网的攻击,另一条代表通过学校网络中的无线接入点(WAP)的攻击。对于叶节点,估计事件的成功概率,即1)攻击回报和2)攻击者渗透网络的承诺。这些用于计算根节点处的攻击回报率(ROA)。对于第一阶段,“原样”网络,两条攻击路径的ROA值都高于7(分别为8.00和9.35),这是一个高值,在操作上是不可接受的。在第二阶段,实施了对策,并对两棵攻击树进行了重新评估。然后重新估计事件的成功概率、攻击回报和攻击者的承诺。此外,在执行对策后,将重新评估根节点的攻击回报率(ROA)。对于一个攻击树,根节点的ROA值从8.0降低到4.83,而对于另一个攻击树根节点的ROA值从9.35变为3.30。4.83和3.30的ROA值是可以接受的,因为它们属于中等值范围。通过部署攻击树来减轻计算机网络风险,并使用它来评估计算机网络的脆弱性,这种方法的有效性得到了定量证实。
{"title":"Quantitative Evaluation of Cyber-Attacks on a Hypothetical School Computer Network","authors":"A. A. Akinola, A. Adekoya, A. Kuye, A. Ayodeji","doi":"10.4236/JIS.2019.103006","DOIUrl":"https://doi.org/10.4236/JIS.2019.103006","url":null,"abstract":"This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":" ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43712114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
期刊
信息安全(英文)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1