Pub Date : 2023-09-28DOI: 10.5121/ijnsa.2023.15501
Malgorzata Schwab, Ashis Biswas
This study combines research in machine learning and system engineering practices to conceptualize a paradigm-enhancing trustworthiness of a machine learning inference pipeline. We explore the topic of reversibility in deep neural networks and introduce its anomaly detection capabilities to build a framework of integrity verification checkpoints across the inference pipeline of a deployed model. We leverage previous findings and principles regarding several types of autoencoders, deep generative maximumlikelihood training and invertibility of neural networks to propose an improved network architecture for anomaly detection. We hypothesize and experimentally confirm that an Invertible Neural Network (INN) trained as a convolutional autoencoder is a superior alternative naturally suited to solve that task. This remarkable INN’s ability to reconstruct data from its compressed representation and to solve inverse problems is then generalized and applied in the field of Trustworthy AI to achieve integrity verification of an inference pipeline through the concept of an INN-based Trusted Neural Network (TNN) nodes placed around the mission critical parts of the system, as well as the end-to-end outcome verification. This work aspires to enhance robustness and reliability of applications employing artificial intelligence, which are playing increasingly noticeable role in highly consequential decision-making processes across many industries and problem domains. INNs are invertible by construction and tractably trained simultaneously in both directions. This feature has untapped potential to improve the explainability of machine learning pipelines in support of their trustworthiness and is a topic of our current studies.
{"title":"Invertible Neural Network for Inference Pipeline Anomaly Detection","authors":"Malgorzata Schwab, Ashis Biswas","doi":"10.5121/ijnsa.2023.15501","DOIUrl":"https://doi.org/10.5121/ijnsa.2023.15501","url":null,"abstract":"This study combines research in machine learning and system engineering practices to conceptualize a paradigm-enhancing trustworthiness of a machine learning inference pipeline. We explore the topic of reversibility in deep neural networks and introduce its anomaly detection capabilities to build a framework of integrity verification checkpoints across the inference pipeline of a deployed model. We leverage previous findings and principles regarding several types of autoencoders, deep generative maximumlikelihood training and invertibility of neural networks to propose an improved network architecture for anomaly detection. We hypothesize and experimentally confirm that an Invertible Neural Network (INN) trained as a convolutional autoencoder is a superior alternative naturally suited to solve that task. This remarkable INN’s ability to reconstruct data from its compressed representation and to solve inverse problems is then generalized and applied in the field of Trustworthy AI to achieve integrity verification of an inference pipeline through the concept of an INN-based Trusted Neural Network (TNN) nodes placed around the mission critical parts of the system, as well as the end-to-end outcome verification. This work aspires to enhance robustness and reliability of applications employing artificial intelligence, which are playing increasingly noticeable role in highly consequential decision-making processes across many industries and problem domains. INNs are invertible by construction and tractably trained simultaneously in both directions. This feature has untapped potential to improve the explainability of machine learning pipelines in support of their trustworthiness and is a topic of our current studies.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135469964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-28DOI: 10.5121/ijnsa.2023.15502
Chung-Li Wang
The fairness of multi-party computation has been investigated for long time. Classic results demonstrate that fair exchange can be achieved by utilizing cryptographic tools, as most of them are based on garbled circuits. For the secret-sharing schemes, such as SPDZ, it may incur significant overhead to simply apply a fair escrow scheme, since it encrypts all the shares of delivered results. To address this issue, we design a twolevel secret-sharing mechanism. The escrow encryption is only for the first level of sharing and performed in preprocessing. The second level of sharing is used for computation and always handled by plaintexts, such that the online phase is still efficient. Our work also employs a semi-trusted third party (TTP) which provide optimistic escrow for output delivery. The verification and delivery procedures prevent the malicious parties from corrupting the outcome or aborting, when there is at least one honest party. Furthermore, the TTP has no knowledge of output, so even if he is malicious and colluding, we only lose fairness. The escrow decryption is needed only when misconduct is detected for opening the first-level shares.
{"title":"SPDZ-Based Optimistic Fair Multi-Party Computation Detection","authors":"Chung-Li Wang","doi":"10.5121/ijnsa.2023.15502","DOIUrl":"https://doi.org/10.5121/ijnsa.2023.15502","url":null,"abstract":"The fairness of multi-party computation has been investigated for long time. Classic results demonstrate that fair exchange can be achieved by utilizing cryptographic tools, as most of them are based on garbled circuits. For the secret-sharing schemes, such as SPDZ, it may incur significant overhead to simply apply a fair escrow scheme, since it encrypts all the shares of delivered results. To address this issue, we design a twolevel secret-sharing mechanism. The escrow encryption is only for the first level of sharing and performed in preprocessing. The second level of sharing is used for computation and always handled by plaintexts, such that the online phase is still efficient. Our work also employs a semi-trusted third party (TTP) which provide optimistic escrow for output delivery. The verification and delivery procedures prevent the malicious parties from corrupting the outcome or aborting, when there is at least one honest party. Furthermore, the TTP has no knowledge of output, so even if he is malicious and colluding, we only lose fairness. The escrow decryption is needed only when misconduct is detected for opening the first-level shares.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135469965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-09-28DOI: 10.5121/ijnsa.2023.15503
Khawla Azwee, Mokhtar Alkhattali, Mostafa Dow
The rapid development of technology in communications has transformed the operations of companies and institutions, paving the way for increased productivity, revenue growth, and enhanced customer service. Multimedia calls and other modern communication technologies boost mobile network, thus their utilization is critical to moving the business forward. However, these widely used networks are also vulnerable to security threats, leading network vendors and technicians to implement various techniques to ensure network safety. As the need to safeguard technologies grow and there has been a significant increase in growth the idea of a virtual private network (VPN) emerged as a key strategy for tackling the threat to network security. the authors suggested looking into this issue and presenting the findings of a study that contained insightful observations from the literature reviews that served as the primary source of research besides questionnaire responses as opinions from those who have experience in the network industry and its security. Through this research, it became evident that several technologies and approaches exist to safeguard networks, but the Transport Layer Security (TLS) architecture stood out as a superior solution, particularly for mobile networks.
{"title":"Exploring the Effectiveness of VPN Architecture in Enhancing Network Security for Mobile Networks: An Investigation Study","authors":"Khawla Azwee, Mokhtar Alkhattali, Mostafa Dow","doi":"10.5121/ijnsa.2023.15503","DOIUrl":"https://doi.org/10.5121/ijnsa.2023.15503","url":null,"abstract":"The rapid development of technology in communications has transformed the operations of companies and institutions, paving the way for increased productivity, revenue growth, and enhanced customer service. Multimedia calls and other modern communication technologies boost mobile network, thus their utilization is critical to moving the business forward. However, these widely used networks are also vulnerable to security threats, leading network vendors and technicians to implement various techniques to ensure network safety. As the need to safeguard technologies grow and there has been a significant increase in growth the idea of a virtual private network (VPN) emerged as a key strategy for tackling the threat to network security. the authors suggested looking into this issue and presenting the findings of a study that contained insightful observations from the literature reviews that served as the primary source of research besides questionnaire responses as opinions from those who have experience in the network industry and its security. Through this research, it became evident that several technologies and approaches exist to safeguard networks, but the Transport Layer Security (TLS) architecture stood out as a superior solution, particularly for mobile networks.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135470170","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-27DOI: 10.5121/ijnsa.2023.15303
Jane Kinanu Kiruki, Geoffrey Muchiri Muketha, Gabriel Kamau
An alert correlation is a high-level alert evaluation technique for managing large volumes of irrelevant and redundant intrusion alerts raised by Intrusion Detection Systems (IDSs).Recent trends show that pure intrusion detection no longer can satisfy the security needs of organizations. One problem with existing alert correlation techniques is that they group related alerts together without putting their severity into consideration. This paper proposes a novel alert correlation technique that can filter unnecessary and low impact alerts from a large volume of intrusion. The proposed technique is based on a supervised feature selection method that usesclass type to define the correlation between alerts. Alerts of similar class type are identified using a class label. Class types are further classified based on their metric ranks of low, medium and high level. Findings show that the technique is able detect and report high level intrusions.
{"title":"A NOVEL ALERT CORRELATION TECHNIQUE FOR FILTERING NETWORK ATTACKS","authors":"Jane Kinanu Kiruki, Geoffrey Muchiri Muketha, Gabriel Kamau","doi":"10.5121/ijnsa.2023.15303","DOIUrl":"https://doi.org/10.5121/ijnsa.2023.15303","url":null,"abstract":"An alert correlation is a high-level alert evaluation technique for managing large volumes of irrelevant and redundant intrusion alerts raised by Intrusion Detection Systems (IDSs).Recent trends show that pure intrusion detection no longer can satisfy the security needs of organizations. One problem with existing alert correlation techniques is that they group related alerts together without putting their severity into consideration. This paper proposes a novel alert correlation technique that can filter unnecessary and low impact alerts from a large volume of intrusion. The proposed technique is based on a supervised feature selection method that usesclass type to define the correlation between alerts. Alerts of similar class type are identified using a class label. Class types are further classified based on their metric ranks of low, medium and high level. Findings show that the technique is able detect and report high level intrusions.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135950868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-31DOI: 10.5121/ijnsa.2022.14103
F. Alsuhimat, F. Mohamad
One of the most important processes used by companies to safeguard the security of information and prevent it from unauthorized access or penetration is the signature process. As businesses and individuals move into the digital age, a computerized system that can discern between genuine and faked signatures is crucial for protecting people's authorization and determining what permissions they have. In this paper, we used Pre-Trained CNN for extracts features from genuine and forged signatures, and three widely used classification algorithms, SVM (Support Vector Machine), NB (Naive Bayes) and KNN (k-nearest neighbors), these algorithms are compared to calculate the run time, classification error, classification loss, and accuracy for test-set consist of signature images (genuine and forgery). Three classifiers have been applied using (UTSig) dataset; where run time, classification error, classification loss and accuracy were calculated for each classifier in the verification phase, the results showed that the SVM and KNN got the best accuracy (76.21), while the SVM got the best run time (0.13) result among other classifiers, therefore the SVM classifier got the best result among the other classifiers in terms of our measures.
{"title":"Offline Signature Recognition via Convolutional Neural Network and Multiple Classifiers","authors":"F. Alsuhimat, F. Mohamad","doi":"10.5121/ijnsa.2022.14103","DOIUrl":"https://doi.org/10.5121/ijnsa.2022.14103","url":null,"abstract":"One of the most important processes used by companies to safeguard the security of information and prevent it from unauthorized access or penetration is the signature process. As businesses and individuals move into the digital age, a computerized system that can discern between genuine and faked signatures is crucial for protecting people's authorization and determining what permissions they have. In this paper, we used Pre-Trained CNN for extracts features from genuine and forged signatures, and three widely used classification algorithms, SVM (Support Vector Machine), NB (Naive Bayes) and KNN (k-nearest neighbors), these algorithms are compared to calculate the run time, classification error, classification loss, and accuracy for test-set consist of signature images (genuine and forgery). Three classifiers have been applied using (UTSig) dataset; where run time, classification error, classification loss and accuracy were calculated for each classifier in the verification phase, the results showed that the SVM and KNN got the best accuracy (76.21), while the SVM got the best run time (0.13) result among other classifiers, therefore the SVM classifier got the best result among the other classifiers in terms of our measures.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"201 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2022-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76005611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-31DOI: 10.5121/ijnsa.2022.14104
T. Barakat, Nahed Mahmoud, Ihab A. Ali, Mohamed Hamdi
One of the essential challenges nowadays; is how to secure data with the increase of its volume as well as its transmission rate. The most frequent approach used to give a high degree of protection, preserve data from hackers, and accomplish multilayer security is steganography combined with encryption. DNA (Deoxyribonucleic Acid) is considered as a new promising carrier for data security while achieving powerful security and maximum protection. In this paper, a secure DNA cryptosystem model which combines steganography with encryption is introduced and categorized into two layers. The original data are hidden in the first layer into a reference DNA based on the insertion method to obtain a fake DNA sequence. In the second layer, this fake DNA sequence, which is the first layer's output, is encrypted using an indexing cipher to produce an encrypted message in the form of indexes. The proposed model guarantees multilayer security to the secret data with high performance and low-time wasting. It addresses the long-generation key problem of the DNA cryptography. The experimental results assess and validate the theoretical security analysis and model performance.
{"title":"A Secure DNA Cryptosystem based on Steganography and Indexing Cipher","authors":"T. Barakat, Nahed Mahmoud, Ihab A. Ali, Mohamed Hamdi","doi":"10.5121/ijnsa.2022.14104","DOIUrl":"https://doi.org/10.5121/ijnsa.2022.14104","url":null,"abstract":"One of the essential challenges nowadays; is how to secure data with the increase of its volume as well as its transmission rate. The most frequent approach used to give a high degree of protection, preserve data from hackers, and accomplish multilayer security is steganography combined with encryption. DNA (Deoxyribonucleic Acid) is considered as a new promising carrier for data security while achieving powerful security and maximum protection. In this paper, a secure DNA cryptosystem model which combines steganography with encryption is introduced and categorized into two layers. The original data are hidden in the first layer into a reference DNA based on the insertion method to obtain a fake DNA sequence. In the second layer, this fake DNA sequence, which is the first layer's output, is encrypted using an indexing cipher to produce an encrypted message in the form of indexes. The proposed model guarantees multilayer security to the secret data with high performance and low-time wasting. It addresses the long-generation key problem of the DNA cryptography. The experimental results assess and validate the theoretical security analysis and model performance.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"28 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2022-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78848682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-01-31DOI: 10.5121/ijnsa.2022.14102
Artemis C. Voulkidis, T. Zahariadis, A. Papadakis, Charalambos Ipektsidis
This paper describes a framework to facilitate the adoption of the Blockchain technology and streamline the development of decentralised applications (DAPPs). It describes four enablers, as self-contained core modules, offering specific, key functionality using the Blockchain technology. The enabler functionality includes a) Blockchain-based ID management allowing for authentication and authorization, b) the storage of data in the IPFS distributed filesystem with guarantees of data integrity and authenticity, c) the trustworthy registration of entities, services, and bindings, d) the performance of trustworthy negotiations towards external marketplaces with the support of the Blockchain. The design and interactions of the enablers are described using sequence diagrams. The usage of the functionality provided by the enablers is also being evaluated. In parallel, we present the application of the Blockchain technology, mainly in the context of EU project Block.IS in three economic areas agriculture, finance, and logistics. We provide and discuss a digest of the decentralised applications designed and developed over a period of approximately 3 years (2019-2021). Key areas of interest, processes, workflows, and assets where Blockchain technology has been applied are described. Findings, in terms of Blockchain application, challenges and technical selections as well as third-party tools are also identified and discussed.
{"title":"Enablers to Boost Blockchain Adoption in EU","authors":"Artemis C. Voulkidis, T. Zahariadis, A. Papadakis, Charalambos Ipektsidis","doi":"10.5121/ijnsa.2022.14102","DOIUrl":"https://doi.org/10.5121/ijnsa.2022.14102","url":null,"abstract":"This paper describes a framework to facilitate the adoption of the Blockchain technology and streamline the development of decentralised applications (DAPPs). It describes four enablers, as self-contained core modules, offering specific, key functionality using the Blockchain technology. The enabler functionality includes a) Blockchain-based ID management allowing for authentication and authorization, b) the storage of data in the IPFS distributed filesystem with guarantees of data integrity and authenticity, c) the trustworthy registration of entities, services, and bindings, d) the performance of trustworthy negotiations towards external marketplaces with the support of the Blockchain. The design and interactions of the enablers are described using sequence diagrams. The usage of the functionality provided by the enablers is also being evaluated. In parallel, we present the application of the Blockchain technology, mainly in the context of EU project Block.IS in three economic areas agriculture, finance, and logistics. We provide and discuss a digest of the decentralised applications designed and developed over a period of approximately 3 years (2019-2021). Key areas of interest, processes, workflows, and assets where Blockchain technology has been applied are described. Findings, in terms of Blockchain application, challenges and technical selections as well as third-party tools are also identified and discussed.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"63 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2022-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80179324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-30DOI: 10.5121/ijnsa.2021.13606
Paulus Kautwima, Titus Haiduwa, K. Sai, V. Hashiyana, N. Suresh
As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.
{"title":"System End-User Actions as a Threat to Information System Security","authors":"Paulus Kautwima, Titus Haiduwa, K. Sai, V. Hashiyana, N. Suresh","doi":"10.5121/ijnsa.2021.13606","DOIUrl":"https://doi.org/10.5121/ijnsa.2021.13606","url":null,"abstract":"As universities migrate online due to the advent of Covid-19, there is a need for enhanced security in information systems in the institution of higher learning. Many opted to invest in technological approaches to mitigate cybersecurity threats; however, the most common types of cybersecurity breaches happen due to the human factor, well known as end-user error or actions. Thus, this study aimed to identify and explore possible end-user errors in academia and the resulting vulnerabilities and threats that could affect the integrity of the university's information system. The study further presented state-of-the-art humanoriented security threats countermeasures to compliment universities' cybersecurity plans. Countermeasures include well-tailored ICT policies, incident response procedures, and education to protect themselves from security events (disruption, distortion, and exploitation). Adopted is a mixedmethod research approach with a qualitative research design to guide the study. An open-ended questionnaire and semi-structured interviews were used as data collection tools. Findings showed that system end-user errors remain the biggest security threat to information systems security in institutions of higher learning. Indeed errors make information systems vulnerable to certain cybersecurity attacks and, when exploited, put legitimate users, institutional network, and its computers at risk of contracting viruses, worms, Trojan, and expose it to spam, phishing, e-mail fraud, and other modern security attacks such as DDoS, session hijacking, replay attack and many more. Understanding that technology has failed to fully protect systems, specific recommendations are provided for the institution of higher education to consider improving employee actions and minimizing security incidents in their eLearning platforms, post Covid-19.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"69 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84175995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-30DOI: 10.5121/ijnsa.2021.13602
N. Hong Son, Ha Thanh Dung
Malicious JavaScript code is still a problem for website and web users. The complication and equivocation of this code make the detection which is based on signatures of antivirus programs becomes ineffective. So far, the alternative methods using machine learning have achieved encouraging results, and have detected malicious JavaScript code with high accuracy. However, according to the supervised learning method, the models, which are introduced, depend on the number of labeled symbols and require significant computational resources to activate. The rapid growth of malicious JavaScript is a real challenge to the solutions based on supervised learning due to the lacking of experience in detecting new forms of malicious JavaScript code. In this paper, we deal with the challenge by the method of detecting malicious JavaScript based on clustering techniques. The known symbols that will be analyzed, the characteristics which are extracted, and a detection processing technique applied on output clusters are included in the model. This method is not computationally complicated, as well as the typical case experiments gave positive results; specifically, it has detected new forms of malicious JavaScript code.
{"title":"Malicious Javascript Detection based on Clustering Techniques","authors":"N. Hong Son, Ha Thanh Dung","doi":"10.5121/ijnsa.2021.13602","DOIUrl":"https://doi.org/10.5121/ijnsa.2021.13602","url":null,"abstract":"Malicious JavaScript code is still a problem for website and web users. The complication and equivocation of this code make the detection which is based on signatures of antivirus programs becomes ineffective. So far, the alternative methods using machine learning have achieved encouraging results, and have detected malicious JavaScript code with high accuracy. However, according to the supervised learning method, the models, which are introduced, depend on the number of labeled symbols and require significant computational resources to activate. The rapid growth of malicious JavaScript is a real challenge to the solutions based on supervised learning due to the lacking of experience in detecting new forms of malicious JavaScript code. In this paper, we deal with the challenge by the method of detecting malicious JavaScript based on clustering techniques. The known symbols that will be analyzed, the characteristics which are extracted, and a detection processing technique applied on output clusters are included in the model. This method is not computationally complicated, as well as the typical case experiments gave positive results; specifically, it has detected new forms of malicious JavaScript code.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"3 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88912586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-30DOI: 10.5121/ijnsa.2021.13601
David Noever, Samantha E. Miller Noever
A malicious firmware update may prove devastating to the embedded devices both that make up the Internet of Things (IoT) and that typically lack the same security verifications now applied to full operating systems. This work converts the binary headers of 40,000 firmware examples from bytes into 1024-pixel thumbnail images to train a deep neural network. The aim is to distinguish benign and malicious variants using modern deep learning methods without needing detailed functional or forensic analysis tools. One outcome of this image conversion enables contact with the vast machine learning literature already applied to handle digit recognition (MNIST). Another result indicates that greater than 90% accurate classifications prove possible using image-based convolutional neural networks (CNN) when combined with transfer learning methods. The envisioned CNN application would intercept firmware updates before their distribution to IoT networks and score their likelihood of containing malicious variants. To explain how the model makes classification decisions, the research applies traditional statistical methods such as both single and ensembles of decision trees with identifiable pixel or byte values that contribute the malicious or benign determination.
{"title":"Detection Method for Classifying Malicious Firmware","authors":"David Noever, Samantha E. Miller Noever","doi":"10.5121/ijnsa.2021.13601","DOIUrl":"https://doi.org/10.5121/ijnsa.2021.13601","url":null,"abstract":"A malicious firmware update may prove devastating to the embedded devices both that make up the Internet of Things (IoT) and that typically lack the same security verifications now applied to full operating systems. This work converts the binary headers of 40,000 firmware examples from bytes into 1024-pixel thumbnail images to train a deep neural network. The aim is to distinguish benign and malicious variants using modern deep learning methods without needing detailed functional or forensic analysis tools. One outcome of this image conversion enables contact with the vast machine learning literature already applied to handle digit recognition (MNIST). Another result indicates that greater than 90% accurate classifications prove possible using image-based convolutional neural networks (CNN) when combined with transfer learning methods. The envisioned CNN application would intercept firmware updates before their distribution to IoT networks and score their likelihood of containing malicious variants. To explain how the model makes classification decisions, the research applies traditional statistical methods such as both single and ensembles of decision trees with identifiable pixel or byte values that contribute the malicious or benign determination.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"47 10 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89638412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: