Articles

POS-originated transaction traces as a source of contextual information for risk management systems in EFT transactions

Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection purposes. However, they can also be used for designing and verification of contextual risk management systems f...

Authors: Albert Sitek and Zbigniew Kotulski

Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection

Behind firewalls, more and more cybersecurity attacks are specifically targeted to the very network where they are taking place. This review proposes a comprehensive framework for addressing the challenge of c...

Authors: Pierre Parrend, Julio Navarro, Fabio Guigou, Aline Deruyver and Pierre Collet

Security evaluation of Tree Parity Re-keying Machine implementations utilizing side-channel emissions

In this work, side-channel attacks (SCAs) are considered as a security metric for the implementation of hybrid cryptosystems utilizing the neural network-based Tree Parity Re-Keying Machines (TPM). A virtual s...

Authors: Jonathan Martínez Padilla, Uwe Meyer-Baese and Simon Foo

Towards constructive approach to end-to-end slice isolation in 5G networks

Although 5G (fifth generation) networks are still in the realm of ideas, their architecture can be considered as reaching a forming phase. There are several reports and white papers which attempt to precise 5G...

Authors: Zbigniew Kotulski, Tomasz Wojciech Nowak, Mariusz Sepczuk, Marcin Tunia, Rafal Artych, Krzysztof Bocianiak, Tomasz Osko and Jean-Philippe Wary

A trusted measurement model based on dynamic policy and privacy protection in IaaS security domain

In Infrastructure as a Service (IaaS) environments, the user virtual machine is the user’s private property. However, in the case of privacy protection, how to ensure the security of files in the user virtual ...

Authors: Liangming Wang and Fagui Liu

Research on fault diagnosis system of hall for workshop of meta-synthetic engineering based on information fusion

By analyzing multi-sensor information fusion system and hall for workshop of meta-synthetic engineering (HWME) essentially, a universal information fusion system of HWME based on multi-sensor is put forward. A...

Authors: Guang Yang, Shuofeng Yu and Shouwen Wen

Research on transmission of technology of downward information security for wellbore trajectory control

Information transmission is an important part of the wellbore trajectory automatic control system. Combined with the characteristics of the guided drilling system, drilling fluid pulse is selected as a tool fo...

Authors: Lin DeShu and Feng Ding

Secure first-price sealed-bid auction scheme

In modern times, people have paid more attention to their private information. The data confidentiality is very important in many economic aspects. In this paper, we proposed a secure auction system, in which ...

Authors: Zhen Guo, Yu Fu and Chunjie Cao

VISION: a video and image dataset for source identification

Forensic research community keeps proposing new techniques to analyze digital images and videos. However, the performance of proposed tools are usually tested on data that are far from reality in terms of reso...

Authors: Dasara Shullani, Marco Fontani, Massimo Iuliani, Omar Al Shaya and Alessandro Piva

Byzantine set-union consensus using efficient set reconciliation

Applications of secure multiparty computation such as certain electronic voting or auction protocols require Byzantine agreement on large sets of elements. Implementations proposed in the literature so far hav...

Authors: Florian Dold and Christian Grothoff

A new approach for managing Android permissions: learning users’ preferences

Today, permissions management solutions on mobile devices employ Identity Based Access Control (IBAC) models. If this approach was suitable when people had only a few games (like Snake or Tetris) installed on ...

Authors: Arnaud Oglaza, Romain Laborde, Pascale Zaraté, Abdelmalek Benzekri and François Barrère

Selection of Pareto-efficient response plans based on financial and operational assessments

Finding adequate responses to ongoing attacks on ICT systems is a pertinacious problem and requires assessments from different perpendicular viewpoints. However, current research focuses on reducing the impact...

Authors: Alexander Motzek, Gustavo Gonzalez-Granadillo, Hervé Debar, Joaquin Garcia-Alfaro and Ralf Möller

Hybrid focused crawling on the Surface and the Dark Web

Focused crawlers enable the automatic discovery of Web resources about a given topic by automatically navigating through the Web link structure and selecting the hyperlinks to follow by estimating their releva...

Authors: Christos Iliou, George Kalpakis, Theodora Tsikrika, Stefanos Vrochidis and Ioannis Kompatsiaris

Sensor Guardian: prevent privacy inference on Android sensors

Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e....

Authors: Xiaolong Bai, Jie Yin and Yu-Ping Wang

Pattern matching of signature-based IDS using Myers algorithm under MapReduce framework

The rapid increase in wired Internet speed and the constant growth in the number of attacks make network protection a challenge. Intrusion detection systems (IDSs) play a crucial role in discovering suspicious...

Authors: Monther Aldwairi, Ansam M. Abu-Dalo and Moath Jarrah

On the use of watermark-based schemes to detect cyber-physical attacks

We address security issues in cyber-physical systems (CPSs). We focus on the detection of attacks against cyber-physical systems. Attacks against these systems shall be handled both in terms of safety and secu...

Authors: Jose Rubio-Hernan, Luca De Cicco and Joaquin Garcia-Alfaro

An artificial immunity approach to malware detection in a mobile platform

Inspired by the human immune system, we explore the development of a new Multiple-Detector Set Artificial Immune System (mAIS) for the detection of mobile malware based on the information flows in Android apps...

Authors: James Brown, Mohd Anwar and Gerry Dozier

Multi-resolution privacy-enhancing technologies for smart metering

The availability of individual load profiles per household in the smart grid end-user domain combined with non-intrusive load monitoring to infer personal data from these load curves has led to privacy concern...

Authors: Fabian Knirsch, Günther Eibl and Dominik Engel

Anomaly detection through information sharing under different topologies

Early detection of traffic anomalies in networks increases the probability of effective intervention/mitigation actions, thereby improving the stability of system function. Centralized methods of anomaly detec...

Authors: Lazaros K. Gallos, Maciej Korczyński and Nina H. Fefferman

Honeypots and honeynets: issues of privacy

Honeypots and honeynets are popular tools in the area of network security and network forensics. The deployment and usage of these tools are influenced by a number of technical and legal issues, which need to ...

Authors: Pavol Sokol, Jakub Míšek and Martin Husák

Improved privacy of dynamic group services

We consider dynamic group services, where outputs based on small samples of privacy-sensitive user inputs are repetitively computed. The leakage of user input data is analysed, caused by producing multiple out...

Authors: Thijs Veugen, Jeroen Doumen, Zekeriya Erkin, Gaetano Pellegrino, Sicco Verwer and Jos Weber

Polymorphic malware detection using sequence classification methods and ensembles

Identifying malicious software executables is made difficult by the constant adaptations introduced by miscreants in order to evade detection by antivirus software. Such changes are akin to mutations in biolog...

Authors: Jake Drew, Michael Hahsler and Tyler Moore

A novel quality assessment for visual secret sharing schemes

To evaluate the visual quality in visual secret sharing schemes, most of the existing metrics fail to generate fair and uniform quality scores for tested reconstructed images. We propose a new approach to measure...

Authors: Feng Jiang and Brian King

Fuzzing binaries with Lévy flight swarms

We present a new method for random testing of binary executables inspired by biology. In our approach, we introduce the first fuzzer based on a mathematical model for optimal foraging. To minimize search time ...

Authors: Konstantin Böttinger

Guest editorial special issues on security trends in mobile cloud computing, web, and social networking

Authors: B. B. Gupta, Shingo Yamaguchi and Pethuru Raj Chelliah

Unlinkable improved multi-biometric iris fuzzy vault

Iris recognition technologies are deployed in numerous large-scale nation-wide projects in order to provide robust and reliable biometric recognition of individuals. Moreover, the iris has been found to be rat...

Authors: Christian Rathgeb, Benjamin Tams, Johannes Wagner and Christoph Busch

Quality-based iris segmentation-level fusion

Iris localisation and segmentation are challenging and critical tasks in iris biometric recognition. Especially in non-cooperative and less ideal environments, their impact on overall system performance has be...

Authors: Peter Wild, Heinz Hofbauer, James Ferryman and Andreas Uhl

Identification performance of evidential value estimation for ridge-based biometrics

Law enforcement agencies around the world use ridge-based biometrics, especially fingerprints, to fight crime. Fingermarks that are left at a crime scene and identified as potentially having evidential value (...

Authors: Johannes Kotzerke, Hao Hao, Stephen A. Davis, Robert Hayes, L. J. Spreeuwers, R. N. J. Veldhuis and K. J. Horadam

Double JPEG compression forensics based on a convolutional neural network

Double JPEG compression detection has received considerable attention in blind image forensics. However, only few techniques can provide automatic localization. To address this challenge, this paper proposes a...

Authors: Qing Wang and Rong Zhang

Hidost: a static machine-learning-based detector of malicious files

Malicious software, i.e., malware, has been a persistent threat in the information security landscape since the early days of personal computing. The recent targeted attacks extensively use non-executable malw...

Authors: Nedim Šrndić and Pavel Laskov

Privacy-preserving load profile matching for tariff decisions in smart grids

In liberalized energy markets, matching consumption patterns to energy tariffs is desirable, but practically limited due to privacy concerns, both on the side of the consumer and on the side of the utilities. ...

Authors: Andreas Unterweger, Fabian Knirsch, Günther Eibl and Dominik Engel

DST approach to enhance audio quality on lost audio packet steganography

Lost audio packet steganography (LACK) is a steganography technique established on the VoIP network. LACK provides a high-capacity covert channel over VoIP network by artificially delaying and dropping a numbe...

Authors: Qilin Qi, Dongming Peng and Hamid Sharif

Adaptive identity and access management—contextual data based policies

Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at...

Authors: Matthias Hummer, Michael Kunz, Michael Netter, Ludwig Fuchs and Günther Pernul

The role and security of firewalls in cyber-physical cloud computing

Clouds are here to stay, and the same holds for cyber-physical systems—not to forget their combination. In light of these changing paradigms, it is of utter importance to reconsider security as both introduce ...

Authors: Johanna Ullrich, Jordan Cropper, Peter Frühwirt and Edgar Weippl

A flexible framework for mobile device forensics based on cold boot attacks

Mobile devices, like tablets and smartphones, are common place in everyday life. Thus, the degree of security these devices can provide against digital forensics is of particular interest. A common method to a...

Authors: Manuel Huber, Benjamin Taubmann, Sascha Wessel, Hans P. Reiser and Georg Sigl

DB-SECaaS: a cloud-based protection system for document-oriented NoSQL databases

The trend of cloud databases is leaning towards Not Only SQL (NoSQL) databases as they provide better support for scalable storage and quick retrieval of exponentially voluminous data. One of the more prominen...

Authors: Yumna Ghazi, Rahat Masood, Abid Rauf, Muhammad Awais Shibli and Osman Hassan

Experimental comparison of simulation tools for efficient cloud and mobile cloud computing applications

Cloud computing provides a convenient and on-demand access to virtually unlimited computing resources. Mobile cloud computing (MCC) is an emerging technology that integrates cloud computing technology with mob...

Authors: Khadijah Bahwaireth, Lo’ai Tawalbeh, Elhadj Benkhelifa, Yaser Jararweh and Mohammad A. Tawalbeh

An adaptive approach for Linux memory analysis based on kernel code reconstruction

Memory forensics plays an important role in security and forensic investigations. Hence, numerous studies have investigated Windows memory forensics, and considerable progress has been made. In contrast, resea...

Authors: Shuhui Zhang, Xiangxu Meng and Lianhai Wang

A secure cloud storage system combining time-based one-time password and automatic blocker protocol

Cloud storages in cloud data centers can be used for enterprises and individuals to store and access their data remotely anywhere anytime without any additional burden. By data outsourcing, users can be reliev...

Authors: Sheren A. El-Booz, Gamal Attiya and Nawal El-Fishawy

Generalized weighted tree similarity algorithms for taxonomy trees

Taxonomy trees are used in machine learning, information retrieval, bioinformatics, and multi-agent systems for matching as well as matchmaking in e-business, e-marketplaces, and e-learning. A weighted tree si...

Authors: Pramodh Krishna D. and Venu Gopal Rao K.

An efficient privacy-preserving comparison protocol in smart metering systems

In smart grids, providing power consumption statistics to the customers and generating recommendations for managing electrical devices are considered to be effective methods that can help to reduce energy cons...

Authors: Majid Nateghizad, Zekeriya Erkin and Reginald L. Lagendijk

ASIC implementation of random number generators using SR latches and its evaluation

A true random number generator (TRNG) is proposed and evaluated by field-programmable gate arrays (FPGA) implementation that generates random numbers by exclusive-ORing (XORing) the outputs of many SR latches ...

Authors: Naoya Torii, Hirotaka Kokubo, Dai Yamamoto, Kouichi Itoh, Masahiko Takenaka and Tsutomu Matsumoto

A novel approach to protect against phishing attacks at client side using auto-updated white-list

Most of the anti-phishing solutions are having two major limitations; the first is the need of a fast access time for a real-time environment and the second is the need of high detection rate. Black-list-based...

Authors: Ankit Kumar Jain and B. B. Gupta

Software control and intellectual property protection in cyber-physical systems

Software control is a critical issue in cyber-physical systems (CPS); if the expected behavior of the software embedded in a single device of a CPS cannot be enforced then the behavior of the whole CPS may be ...

Authors: Raphael C. S. Machado, Davidson R. Boccardo, Vinícius G. Pereira de Sá and Jayme L. Szwarcfiter

A new usage control protocol for data protection of cloud environment

With the rapid development of the cloud computing service, utilizing traditional access control models was difficult to meet the complex requirements of data protection in cloud environment. In cloud environme...

Authors: Kefeng Fan, Xiangzhen Yao, Xiaohe Fan, Yong Wang and Mingjie Chen

HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting

The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on ne...

Authors: Martin Husák, Milan Čermák, Tomáš Jirsík and Pavel Čeleda

Secured ECG signal transmission for human emotional stress classification in wireless body area networks

Information security is key important when we are trying to interconnect the wireless body sensor network with the healthcare social network via mobile facilities. In this paper, we specially work on a secured...

Authors: Hansong Xu and Kun Hua

A landmark calibration-based IP geolocation approach

Aiming at the existing IP geolocation approaches does not consider the errors of landmarks and delay; a new geolocation approach-utilized landmark calibration is proposed in this paper. At first, we find out t...

Authors: Jingning Chen, Fenlin Liu, Xiangyang Luo, Fan Zhao and Guang Zhu

Asymptotics of fingerprinting and group testing: capacity-achieving log-likelihood decoders

We study the large-coalition asymptotics of fingerprinting and group testing and derive explicit decoders that provably achieve capacity for many of the considered models. We do this both for simple decoders (...

Authors: Thijs Laarhoven

Combating online fraud attacks in mobile-based advertising

Smartphone advertisement is increasingly used among many applications and allows developers to obtain revenue through in-app advertising. Our study aims at identifying potential security risks of mobile-based ...

Authors: Geumhwan Cho, Junsung Cho, Youngbae Song, Donghyun Choi and Hyoungshick Kim