Articles

A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm

Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applicat...

Authors: Oluwakemi Christiana Abikoye, Abdullahi Abubakar, Ahmed Haruna Dokoro, Oluwatobi Noah Akande and Aderonke Anthonia Kayode

Scalable, efficient, and secure RFID with elliptic curve cryptosystem for Internet of Things in healthcare environment

The rapid development of IoT technology has led to the usage of various devices in our daily life. Along with the ever-increasing rise of the Internet of Things, the use of appropriate methods for establishing...

Authors: Davood Noori, Hassan Shakeri and Masood Niazi Torshiz

Trembling triggers: exploring the sensitivity of backdoors in DNN-based face recognition

Backdoor attacks against supervised machine learning methods seek to modify the training samples in such a way that, at inference time, the presence of a specific pattern (trigger) in the input data causes mis...

Authors: Cecilia Pasquini and Rainer Böhme

Reversible data hiding for binary images based on adaptive overlapping pattern

Pattern substitution (PS) method (Ho et al., Comput. Stand. Interfaces 31:787–794, 2009) is a recent reversible data hiding method for binary images. It generates one pattern pair, the patterns in which are ca...

Authors: Keming Dong, Hyoung Joong Kim, Xiaohan Yu and Xiaoqing Feng

Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation

In recent years, classification techniques based on deep neural networks (DNN) were widely used in many fields such as computer vision, natural language processing, and self-driving cars. However, the vulnerab...

Authors: Olga Taran, Shideh Rezaeifar, Taras Holotyak and Slava Voloshynovskiy

ELSA: efficient long-term secure storage of large datasets (full version) ^∗

An increasing amount of information today is generated, exchanged, and stored digitally. This also includes long-lived and highly sensitive information (e.g., electronic health records, governmental documents)...

Authors: Philipp Muth, Matthias Geihs, Tolga Arul, Johannes Buchmann and Stefan Katzenbeisser

IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process

Security vulnerabilities of the modern Internet of Things (IoT) systems are unique, mainly due to the complexity and heterogeneity of the technology and data. The risks born out of these IoT systems cannot eas...

Authors: Kamalanathan Kandasamy, Sethuraman Srinivas, Krishnashree Achuthan and Venkat P. Rangan

Low-cost data partitioning and encrypted backup scheme for defending against co-resident attacks

Aiming at preventing user data leakage and the damage that is caused by co-resident attacks in the cloud environment, a data partitioning and encryption backup (P&XE) scheme is proposed. After the data have be...

Authors: Junfeng Tian, Zilong Wang and Zhen Li

Swapped face detection using deep learning and subjective assessment

The tremendous success of deep learning for imaging applications has resulted in numerous beneficial advances. Unfortunately, this success has also been a catalyst for malicious uses such as photo-realistic fa...

Authors: Xinyi Ding, Zohreh Raziei, Eric C. Larson, Eli V. Olinick, Paul Krueger and Michael Hahsler

Deep neural rejection against adversarial examples

Despite the impressive performances reported by deep neural networks in different application domains, they remain largely vulnerable to adversarial examples, i.e., input samples that are carefully perturbed t...

Authors: Angelo Sotgiu, Ambra Demontis, Marco Melis, Battista Biggio, Giorgio Fumera, Xiaoyi Feng and Fabio Roli

Evaluation of stability of swipe gesture authentication across usage scenarios of mobile device

User interaction with a mobile device predominantly consists of touch motions, otherwise known as swipe gestures, which are used as a behavioural biometric modality to verify the identity of a user. Literature re...

Authors: Elakkiya Ellavarason, Richard Guest and Farzin Deravi

Understanding visual lip-based biometric authentication for mobile devices

This paper explores the suitability of lip-based authentication as a behavioural biometric for mobile devices. Lip-based biometric authentication is the process of verifying an individual based on visual infor...

Authors: Carrie Wright and Darryl William Stewart

Keystroke biometrics in the encrypted domain: a first study on search suggestion functions of web search engines

A feature of search engines is prediction and suggestion to complete or extend input query phrases, i.e. search suggestion functions (SSF). Given the immediate temporal nature of this functionality, alongside ...

Authors: Nicholas Whiskerd, Nicklas Körtge, Kris Jürgens, Kevin Lamshöft, Salatiel Ezennaya-Gomez, Claus Vielhauer, Jana Dittmann and Mario Hildebrandt

Combining PRNU and noiseprint for robust and efficient device source identification

PRNU-based image processing is a key asset in digital multimedia forensics. It allows for reliable device identification and effective detection and localization of image forgeries, in very general conditions....

Authors: Davide Cozzolino, Francesco Marra, Diego Gragnaniello, Giovanni Poggi and Luisa Verdoliva

Long-term integrity protection of genomic data

Genomic data is crucial in the understanding of many diseases and for the guidance of medical treatments. Pharmacogenomics and cancer genomics are just two areas in precision medicine of rapidly growing utiliz...

Authors: Johannes Buchmann, Matthias Geihs, Kay Hamacher, Stefan Katzenbeisser and Sebastian Stammler

Multi-layer intrusion detection system with ExtraTrees feature selection, extreme learning machine ensemble, and softmax aggregation

Recent advances in intrusion detection systems based on machine learning have indeed outperformed other techniques, but struggle with detecting multiple classes of attacks with high accuracy. We propose a meth...

Authors: Jivitesh Sharma, Charul Giri, Ole-Christoffer Granmo and Morten Goodwin

Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves

Many applications are built upon private algorithms, and executing them in untrusted, remote environments poses confidentiality issues. To some extent, these problems can be addressed by ensuring the use of se...

Authors: Kubilay Ahmet Küçük, David Grawrock and Andrew Martin

Situation prediction of large-scale Internet of Things network security

The Internet of Things (IoT) is a new technology rapidly developed in various fields in recent years. With the continuous application of the IoT technology in production and life, the network security problem ...

Authors: Wenjun Yang, Jiaying Zhang, Chundong Wang and Xiuliang Mo

Fingerprint template protection using minutia-pair spectral representations

Storage of biometric data requires some form of template protection in order to preserve the privacy of people enrolled in a biometric database. One approach is to use a Helper Data System. Here it is necessar...

Authors: Taras Stanko, Bin Chen and Boris Škorić

Crowdsourcing for click fraud detection

Mobile ads are plagued with fraudulent clicks which is a major challenge for the advertising community. Although popular ad networks use many techniques to detect click fraud, they do not protect the client fr...

Authors: Riwa Mouawi, Imad H. Elhajj, Ali Chehab and Ayman Kayssi

Fine-grain watermarking for intellectual property protection

The current online digital world, consisting of thousands of newspapers, blogs, social media, and cloud file sharing services, is providing easy and unlimited access to a large treasure of text contents. Makin...

Authors: Stefano Giovanni Rizzo, Flavio Bertini and Danilo Montesi

Towards the application of recommender systems to secure coding

Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack ...

Authors: Fitzroy D. Nembhard, Marco M. Carvalho and Thomas C. Eskridge

A new method of generating hard random lattices with short bases

This paper first gives a regularity theorem and its corollary. Then, a new construction of generating hard random lattices with short bases is obtained by using this corollary. This construction is from a new ...

Authors: Chengli Zhang, Wenping Ma, Hefeng Chen and Feifei Zhao

Metadata filtering for user-friendly centralized biometric authentication

While biometric authentication for commercial use so far mainly has been used for local device unlock use cases, there are great opportunities for using it also for central authentication such as for remote lo...

Authors: Christian Gehrmann, Marcus Rodan and Niklas Jönsson

Accuracy enhancement of biometric recognition using iterative weights optimization algorithm

A new approach is proposed to quantitatively evaluate the binary detection performance of the biometric personal recognition systems. The importance of correlation between the overall detection performance and...

Authors: Pallavi D. Deshpande, Prachi Mukherji and Anil S. Tavildar

A deep learning framework for predicting cyber attacks rates

Like how useful weather forecasting is, the capability of forecasting or predicting cyber threats can never be overestimated. Previous investigations show that cyber attack data exhibits interesting phenomena,...

Authors: Xing Fang, Maochao Xu, Shouhuai Xu and Peng Zhao

Machine learning-based dynamic analysis of Android apps with improved code coverage

This paper investigates the impact of code coverage on machine learning-based dynamic analysis of Android malware. In order to maximize the code coverage, dynamic analysis on Android typically requires the gen...

Authors: Suleiman Y. Yerima, Mohammed K. Alzaylaee and Sakir Sezer

Spark-based real-time proactive image tracking protection model

With rapid development of the Internet, images are spreading more and more quickly and widely. The phenomenon of image illegal usage emerges frequently, and this has marked impacts on people’s normal life. The...

Authors: Yahong Hu, Xia Sheng, Jiafa Mao, Kaihui Wang and Danhong Zhong

Implementing a blockchain from scratch: why, how, and what we learned

Blockchains are proposed for many application domains apart from financial transactions. While there are generic blockchains that can be molded for specific use cases, they often lack a lightweight and easy-to...

Authors: Fabian Knirsch, Andreas Unterweger and Dominik Engel

Transfer learning for detecting unknown network attacks

Network attacks are serious concerns in today’s increasingly interconnected society. Recent studies have applied conventional machine learning to network attack detection by learning the patterns of the networ...

Authors: Juan Zhao, Sachin Shetty, Jan Wei Pan, Charles Kamhoua and Kevin Kwiat

Detecting data manipulation attacks on physiological sensor measurements in wearable medical systems

Recent years have seen the emergence of wearable medical systems (WMS) that have demonstrated great promise for improved health monitoring and overall well-being. Ensuring that these WMS accurately monitor a u...

Authors: Hang Cai and Krishna K. Venkatasubramanian

A generic integrity verification algorithm of version files for cloud deduplication data storage

Data owners’ outsourced data on cloud data storage servers by the deduplication technique can reduce not only their own storage cost but also cloud’s. This paradigm also introduces new security issues such as ...

Authors: Guangwei Xu, Miaolin Lai, Jing Li, Li Sun and Xiujin Shi

HADEC: Hadoop-based live DDoS detection framework

Distributed denial of service (DDoS) flooding attacks are one of the main methods to destroy the availability of critical online services today. These DDoS attacks cannot be prevented ahead of time, and once i...

Authors: Sufian Hameed and Usman Ali

Cybersecurity: trends, issues, and challenges

Authors: Krzysztof Cabaj, Zbigniew Kotulski, Bogdan Księżopolski and Wojciech Mazurczyk

Detection of spoofed and non-spoofed DDoS attacks and discriminating them from flash crowds

Distributed computing technology is widely used by Internet-based business applications. Supply chain management (SCM), customer relationship management (CRM), e-Commerce, and banking are some of the applicati...

Authors: Jaideep Gera and Bhanu Prakash Battula

Towards 5G cellular network forensics

The fifth generation (5G) of cellular networks will bring 10 Gb/s user speeds, 1000-fold increase in system capacity, and 100 times higher connection density. In response to these requirements, the 5G networks...

Authors: Filipo Sharevski

Secrecy outage of threshold-based cooperative relay network with and without direct links

In this paper, we investigate the secrecy outage performance of a dual-hop decode-and-forward (DF) threshold-based cooperative relay network, both with and without the direct links between source-eavesdropper ...

Authors: Khyati Chopra, Ranjan Bose and Anupam Joshi

OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks

Current attacks are complex and stealthy. The recent WannaCry malware campaign demonstrates that this is true not only for targeted operations, but also for massive attacks. Complex attacks can only be describ...

Authors: Julio Navarro, Véronique Legrand, Aline Deruyver and Pierre Parrend

POS-originated transaction traces as a source of contextual information for risk management systems in EFT transactions

Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection purposes. However, they can also be used for designing and verification of contextual risk management systems f...

Authors: Albert Sitek and Zbigniew Kotulski

Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection

Behind firewalls, more and more cybersecurity attacks are specifically targeted to the very network where they are taking place. This review proposes a comprehensive framework for addressing the challenge of c...

Authors: Pierre Parrend, Julio Navarro, Fabio Guigou, Aline Deruyver and Pierre Collet

Security evaluation of Tree Parity Re-keying Machine implementations utilizing side-channel emissions

In this work, side-channel attacks (SCAs) are considered as a security metric for the implementation of hybrid cryptosystems utilizing the neural network-based Tree Parity Re-Keying Machines (TPM). A virtual s...

Authors: Jonathan Martínez Padilla, Uwe Meyer-Baese and Simon Foo

Towards constructive approach to end-to-end slice isolation in 5G networks

Although 5G (fifth generation) networks are still in the realm of ideas, their architecture can be considered as reaching a forming phase. There are several reports and white papers which attempt to precise 5G...

Authors: Zbigniew Kotulski, Tomasz Wojciech Nowak, Mariusz Sepczuk, Marcin Tunia, Rafal Artych, Krzysztof Bocianiak, Tomasz Osko and Jean-Philippe Wary

A trusted measurement model based on dynamic policy and privacy protection in IaaS security domain

In Infrastructure as a Service (IaaS) environments, the user virtual machine is the user’s private property. However, in the case of privacy protection, how to ensure the security of files in the user virtual ...

Authors: Liangming Wang and Fagui Liu

Research on fault diagnosis system of hall for workshop of meta-synthetic engineering based on information fusion

By analyzing multi-sensor information fusion system and hall for workshop of meta-synthetic engineering (HWME) essentially, a universal information fusion system of HWME based on multi-sensor is put forward. A...

Authors: Guang Yang, Shuofeng Yu and Shouwen Wen

Research on transmission of technology of downward information security for wellbore trajectory control

Information transmission is an important part of the wellbore trajectory automatic control system. Combined with the characteristics of the guided drilling system, drilling fluid pulse is selected as a tool fo...

Authors: Lin DeShu and Feng Ding

Secure first-price sealed-bid auction scheme

In modern times, people have paid more attention to their private information. The data confidentiality is very important in many economic aspects. In this paper, we proposed a secure auction system, in which ...

Authors: Zhen Guo, Yu Fu and Chunjie Cao

VISION: a video and image dataset for source identification

Forensic research community keeps proposing new techniques to analyze digital images and videos. However, the performance of proposed tools are usually tested on data that are far from reality in terms of reso...

Authors: Dasara Shullani, Marco Fontani, Massimo Iuliani, Omar Al Shaya and Alessandro Piva

Byzantine set-union consensus using efficient set reconciliation

Applications of secure multiparty computation such as certain electronic voting or auction protocols require Byzantine agreement on large sets of elements. Implementations proposed in the literature so far hav...

Authors: Florian Dold and Christian Grothoff

A new approach for managing Android permissions: learning users’ preferences

Today, permissions management solutions on mobile devices employ Identity Based Access Control (IBAC) models. If this approach was suitable when people had only a few games (like Snake or Tetris) installed on ...

Authors: Arnaud Oglaza, Romain Laborde, Pascale Zaraté, Abdelmalek Benzekri and François Barrère

Selection of Pareto-efficient response plans based on financial and operational assessments

Finding adequate responses to ongoing attacks on ICT systems is a pertinacious problem and requires assessments from different perpendicular viewpoints. However, current research focuses on reducing the impact...

Authors: Alexander Motzek, Gustavo Gonzalez-Granadillo, Hervé Debar, Joaquin Garcia-Alfaro and Ralf Möller