Articles

Towards the application of recommender systems to secure coding

Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack ...

Authors: Fitzroy D. Nembhard, Marco M. Carvalho and Thomas C. Eskridge

A new method of generating hard random lattices with short bases

This paper first gives a regularity theorem and its corollary. Then, a new construction of generating hard random lattices with short bases is obtained by using this corollary. This construction is from a new ...

Authors: Chengli Zhang, Wenping Ma, Hefeng Chen and Feifei Zhao

Metadata filtering for user-friendly centralized biometric authentication

While biometric authentication for commercial use so far mainly has been used for local device unlock use cases, there are great opportunities for using it also for central authentication such as for remote lo...

Authors: Christian Gehrmann, Marcus Rodan and Niklas Jönsson

Accuracy enhancement of biometric recognition using iterative weights optimization algorithm

A new approach is proposed to quantitatively evaluate the binary detection performance of the biometric personal recognition systems. The importance of correlation between the overall detection performance and...

Authors: Pallavi D. Deshpande, Prachi Mukherji and Anil S. Tavildar

A deep learning framework for predicting cyber attacks rates

Like how useful weather forecasting is, the capability of forecasting or predicting cyber threats can never be overestimated. Previous investigations show that cyber attack data exhibits interesting phenomena,...

Authors: Xing Fang, Maochao Xu, Shouhuai Xu and Peng Zhao

Machine learning-based dynamic analysis of Android apps with improved code coverage

This paper investigates the impact of code coverage on machine learning-based dynamic analysis of Android malware. In order to maximize the code coverage, dynamic analysis on Android typically requires the gen...

Authors: Suleiman Y. Yerima, Mohammed K. Alzaylaee and Sakir Sezer

Spark-based real-time proactive image tracking protection model

With rapid development of the Internet, images are spreading more and more quickly and widely. The phenomenon of image illegal usage emerges frequently, and this has marked impacts on people’s normal life. The...

Authors: Yahong Hu, Xia Sheng, Jiafa Mao, Kaihui Wang and Danhong Zhong

Implementing a blockchain from scratch: why, how, and what we learned

Blockchains are proposed for many application domains apart from financial transactions. While there are generic blockchains that can be molded for specific use cases, they often lack a lightweight and easy-to...

Authors: Fabian Knirsch, Andreas Unterweger and Dominik Engel

Transfer learning for detecting unknown network attacks

Network attacks are serious concerns in today’s increasingly interconnected society. Recent studies have applied conventional machine learning to network attack detection by learning the patterns of the networ...

Authors: Juan Zhao, Sachin Shetty, Jan Wei Pan, Charles Kamhoua and Kevin Kwiat

Detecting data manipulation attacks on physiological sensor measurements in wearable medical systems

Recent years have seen the emergence of wearable medical systems (WMS) that have demonstrated great promise for improved health monitoring and overall well-being. Ensuring that these WMS accurately monitor a u...

Authors: Hang Cai and Krishna K. Venkatasubramanian

A generic integrity verification algorithm of version files for cloud deduplication data storage

Data owners’ outsourced data on cloud data storage servers by the deduplication technique can reduce not only their own storage cost but also cloud’s. This paradigm also introduces new security issues such as ...

Authors: Guangwei Xu, Miaolin Lai, Jing Li, Li Sun and Xiujin Shi

HADEC: Hadoop-based live DDoS detection framework

Distributed denial of service (DDoS) flooding attacks are one of the main methods to destroy the availability of critical online services today. These DDoS attacks cannot be prevented ahead of time, and once i...

Authors: Sufian Hameed and Usman Ali

Cybersecurity: trends, issues, and challenges

Authors: Krzysztof Cabaj, Zbigniew Kotulski, Bogdan Księżopolski and Wojciech Mazurczyk

Detection of spoofed and non-spoofed DDoS attacks and discriminating them from flash crowds

Distributed computing technology is widely used by Internet-based business applications. Supply chain management (SCM), customer relationship management (CRM), e-Commerce, and banking are some of the applicati...

Authors: Jaideep Gera and Bhanu Prakash Battula

Towards 5G cellular network forensics

The fifth generation (5G) of cellular networks will bring 10 Gb/s user speeds, 1000-fold increase in system capacity, and 100 times higher connection density. In response to these requirements, the 5G networks...

Authors: Filipo Sharevski

Secrecy outage of threshold-based cooperative relay network with and without direct links

In this paper, we investigate the secrecy outage performance of a dual-hop decode-and-forward (DF) threshold-based cooperative relay network, both with and without the direct links between source-eavesdropper ...

Authors: Khyati Chopra, Ranjan Bose and Anupam Joshi

OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks

Current attacks are complex and stealthy. The recent WannaCry malware campaign demonstrates that this is true not only for targeted operations, but also for massive attacks. Complex attacks can only be describ...

Authors: Julio Navarro, Véronique Legrand, Aline Deruyver and Pierre Parrend

POS-originated transaction traces as a source of contextual information for risk management systems in EFT transactions

Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection purposes. However, they can also be used for designing and verification of contextual risk management systems f...

Authors: Albert Sitek and Zbigniew Kotulski

Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection

Behind firewalls, more and more cybersecurity attacks are specifically targeted to the very network where they are taking place. This review proposes a comprehensive framework for addressing the challenge of c...

Authors: Pierre Parrend, Julio Navarro, Fabio Guigou, Aline Deruyver and Pierre Collet

Security evaluation of Tree Parity Re-keying Machine implementations utilizing side-channel emissions

In this work, side-channel attacks (SCAs) are considered as a security metric for the implementation of hybrid cryptosystems utilizing the neural network-based Tree Parity Re-Keying Machines (TPM). A virtual s...

Authors: Jonathan Martínez Padilla, Uwe Meyer-Baese and Simon Foo

Towards constructive approach to end-to-end slice isolation in 5G networks

Although 5G (fifth generation) networks are still in the realm of ideas, their architecture can be considered as reaching a forming phase. There are several reports and white papers which attempt to precise 5G...

Authors: Zbigniew Kotulski, Tomasz Wojciech Nowak, Mariusz Sepczuk, Marcin Tunia, Rafal Artych, Krzysztof Bocianiak, Tomasz Osko and Jean-Philippe Wary

A trusted measurement model based on dynamic policy and privacy protection in IaaS security domain

In Infrastructure as a Service (IaaS) environments, the user virtual machine is the user’s private property. However, in the case of privacy protection, how to ensure the security of files in the user virtual ...

Authors: Liangming Wang and Fagui Liu

Research on fault diagnosis system of hall for workshop of meta-synthetic engineering based on information fusion

By analyzing multi-sensor information fusion system and hall for workshop of meta-synthetic engineering (HWME) essentially, a universal information fusion system of HWME based on multi-sensor is put forward. A...

Authors: Guang Yang, Shuofeng Yu and Shouwen Wen

Research on transmission of technology of downward information security for wellbore trajectory control

Information transmission is an important part of the wellbore trajectory automatic control system. Combined with the characteristics of the guided drilling system, drilling fluid pulse is selected as a tool fo...

Authors: Lin DeShu and Feng Ding

Secure first-price sealed-bid auction scheme

In modern times, people have paid more attention to their private information. The data confidentiality is very important in many economic aspects. In this paper, we proposed a secure auction system, in which ...

Authors: Zhen Guo, Yu Fu and Chunjie Cao

VISION: a video and image dataset for source identification

Forensic research community keeps proposing new techniques to analyze digital images and videos. However, the performance of proposed tools are usually tested on data that are far from reality in terms of reso...

Authors: Dasara Shullani, Marco Fontani, Massimo Iuliani, Omar Al Shaya and Alessandro Piva

Byzantine set-union consensus using efficient set reconciliation

Applications of secure multiparty computation such as certain electronic voting or auction protocols require Byzantine agreement on large sets of elements. Implementations proposed in the literature so far hav...

Authors: Florian Dold and Christian Grothoff

A new approach for managing Android permissions: learning users’ preferences

Today, permissions management solutions on mobile devices employ Identity Based Access Control (IBAC) models. If this approach was suitable when people had only a few games (like Snake or Tetris) installed on ...

Authors: Arnaud Oglaza, Romain Laborde, Pascale Zaraté, Abdelmalek Benzekri and François Barrère

Selection of Pareto-efficient response plans based on financial and operational assessments

Finding adequate responses to ongoing attacks on ICT systems is a pertinacious problem and requires assessments from different perpendicular viewpoints. However, current research focuses on reducing the impact...

Authors: Alexander Motzek, Gustavo Gonzalez-Granadillo, Hervé Debar, Joaquin Garcia-Alfaro and Ralf Möller

Hybrid focused crawling on the Surface and the Dark Web

Focused crawlers enable the automatic discovery of Web resources about a given topic by automatically navigating through the Web link structure and selecting the hyperlinks to follow by estimating their releva...

Authors: Christos Iliou, George Kalpakis, Theodora Tsikrika, Stefanos Vrochidis and Ioannis Kompatsiaris

Sensor Guardian: prevent privacy inference on Android sensors

Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e....

Authors: Xiaolong Bai, Jie Yin and Yu-Ping Wang

Pattern matching of signature-based IDS using Myers algorithm under MapReduce framework

The rapid increase in wired Internet speed and the constant growth in the number of attacks make network protection a challenge. Intrusion detection systems (IDSs) play a crucial role in discovering suspicious...

Authors: Monther Aldwairi, Ansam M. Abu-Dalo and Moath Jarrah

On the use of watermark-based schemes to detect cyber-physical attacks

We address security issues in cyber-physical systems (CPSs). We focus on the detection of attacks against cyber-physical systems. Attacks against these systems shall be handled both in terms of safety and secu...

Authors: Jose Rubio-Hernan, Luca De Cicco and Joaquin Garcia-Alfaro

An artificial immunity approach to malware detection in a mobile platform

Inspired by the human immune system, we explore the development of a new Multiple-Detector Set Artificial Immune System (mAIS) for the detection of mobile malware based on the information flows in Android apps...

Authors: James Brown, Mohd Anwar and Gerry Dozier

Multi-resolution privacy-enhancing technologies for smart metering

The availability of individual load profiles per household in the smart grid end-user domain combined with non-intrusive load monitoring to infer personal data from these load curves has led to privacy concern...

Authors: Fabian Knirsch, Günther Eibl and Dominik Engel

Anomaly detection through information sharing under different topologies

Early detection of traffic anomalies in networks increases the probability of effective intervention/mitigation actions, thereby improving the stability of system function. Centralized methods of anomaly detec...

Authors: Lazaros K. Gallos, Maciej Korczyński and Nina H. Fefferman

Honeypots and honeynets: issues of privacy

Honeypots and honeynets are popular tools in the area of network security and network forensics. The deployment and usage of these tools are influenced by a number of technical and legal issues, which need to ...

Authors: Pavol Sokol, Jakub Míšek and Martin Husák

Improved privacy of dynamic group services

We consider dynamic group services, where outputs based on small samples of privacy-sensitive user inputs are repetitively computed. The leakage of user input data is analysed, caused by producing multiple out...

Authors: Thijs Veugen, Jeroen Doumen, Zekeriya Erkin, Gaetano Pellegrino, Sicco Verwer and Jos Weber

Polymorphic malware detection using sequence classification methods and ensembles

Identifying malicious software executables is made difficult by the constant adaptations introduced by miscreants in order to evade detection by antivirus software. Such changes are akin to mutations in biolog...

Authors: Jake Drew, Michael Hahsler and Tyler Moore

A novel quality assessment for visual secret sharing schemes

To evaluate the visual quality in visual secret sharing schemes, most of the existing metrics fail to generate fair and uniform quality scores for tested reconstructed images. We propose a new approach to measure...

Authors: Feng Jiang and Brian King

Fuzzing binaries with Lévy flight swarms

We present a new method for random testing of binary executables inspired by biology. In our approach, we introduce the first fuzzer based on a mathematical model for optimal foraging. To minimize search time ...

Authors: Konstantin Böttinger

Guest editorial special issues on security trends in mobile cloud computing, web, and social networking

Authors: B. B. Gupta, Shingo Yamaguchi and Pethuru Raj Chelliah

Unlinkable improved multi-biometric iris fuzzy vault

Iris recognition technologies are deployed in numerous large-scale nation-wide projects in order to provide robust and reliable biometric recognition of individuals. Moreover, the iris has been found to be rat...

Authors: Christian Rathgeb, Benjamin Tams, Johannes Wagner and Christoph Busch

Quality-based iris segmentation-level fusion

Iris localisation and segmentation are challenging and critical tasks in iris biometric recognition. Especially in non-cooperative and less ideal environments, their impact on overall system performance has be...

Authors: Peter Wild, Heinz Hofbauer, James Ferryman and Andreas Uhl

Identification performance of evidential value estimation for ridge-based biometrics

Law enforcement agencies around the world use ridge-based biometrics, especially fingerprints, to fight crime. Fingermarks that are left at a crime scene and identified as potentially having evidential value (...

Authors: Johannes Kotzerke, Hao Hao, Stephen A. Davis, Robert Hayes, L. J. Spreeuwers, R. N. J. Veldhuis and K. J. Horadam

Double JPEG compression forensics based on a convolutional neural network

Double JPEG compression detection has received considerable attention in blind image forensics. However, only few techniques can provide automatic localization. To address this challenge, this paper proposes a...

Authors: Qing Wang and Rong Zhang

Hidost: a static machine-learning-based detector of malicious files

Malicious software, i.e., malware, has been a persistent threat in the information security landscape since the early days of personal computing. The recent targeted attacks extensively use non-executable malw...

Authors: Nedim Šrndić and Pavel Laskov

Privacy-preserving load profile matching for tariff decisions in smart grids

In liberalized energy markets, matching consumption patterns to energy tariffs is desirable, but practically limited due to privacy concerns, both on the side of the consumer and on the side of the utilities. ...

Authors: Andreas Unterweger, Fabian Knirsch, Günther Eibl and Dominik Engel

DST approach to enhance audio quality on lost audio packet steganography

Lost audio packet steganography (LACK) is a steganography technique established on the VoIP network. LACK provides a high-capacity covert channel over VoIP network by artificially delaying and dropping a numbe...

Authors: Qilin Qi, Dongming Peng and Hamid Sharif

Adaptive identity and access management—contextual data based policies

Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at...

Authors: Matthias Hummer, Michael Kunz, Michael Netter, Ludwig Fuchs and Günther Pernul