Search results for: phishing attacks

Authors: Joo-Hyung Oh, Sekwon Kim, Myoungsun Noh, Chaetae Im

Abstract:

The number of service users of 4G VoLTE (voice over LTE) using LTE data networks is rapidly growing. VoLTE based on All-IP network enables clearer and higher-quality voice calls than 3G. It does, however, pose new challenges; a voice call through IP networks makes it vulnerable to security threats such as wiretapping and forged or falsified information. Moreover, in particular, stealing other users’ phone numbers and forging or falsifying call request messages from outgoing voice calls within VoLTE result in considerable losses that include user billing and voice phishing to acquaintances. This paper focuses on the threats of caller phone number spoofing in the VoLTE and countermeasure technology as safety measures for mobile communication networks.

Keywords: LTE, 4G, VoLTE, phone number spoofing

Procedia PDF Downloads 489

Authors: Tigabu Dagne Akal

Abstract:

While advances in computer and communications technology have made the network ubiquitous, they have also rendered networked systems vulnerable to malicious attacks devised from a distance. These attacks or intrusions start with attackers infiltrating a network through a vulnerable host and then launching further attacks on the local network or Intranet. Nowadays, system administrators and network professionals can attempt to prevent such attacks by developing intrusion detection tools and systems using data mining technology. In this study, the experiments were conducted following the Knowledge Discovery in Database Process Model. The Knowledge Discovery in Database Process Model starts from selection of the datasets. The dataset used in this study has been taken from Massachusetts Institute of Technology Lincoln Laboratory. After taking the data, it has been pre-processed. The major pre-processing activities include fill in missed values, remove outliers; resolve inconsistencies, integration of data that contains both labelled and unlabelled datasets, dimensionality reduction, size reduction and data transformation activity like discretization tasks were done for this study. A total of 21,533 intrusion records are used for training the models. For validating the performance of the selected model a separate 3,397 records are used as a testing set. For building a predictive model for intrusion detection J48 decision tree and the Naïve Bayes algorithms have been tested as a classification approach for both with and without feature selection approaches. The model that was created using 10-fold cross validation using the J48 decision tree algorithm with the default parameter values showed the best classification accuracy. The model has a prediction accuracy of 96.11% on the training datasets and 93.2% on the test dataset to classify the new instances as normal, DOS, U2R, R2L and probe classes. The findings of this study have shown that the data mining methods generates interesting rules that are crucial for intrusion detection and prevention in the networking industry. Future research directions are forwarded to come up an applicable system in the area of the study.

Keywords: intrusion detection, data mining, computer science, data mining

Procedia PDF Downloads 268

Authors: Tejinder Singh

Abstract:

Information system is the flow of data from different levels to different directions for decision making and data operations in information system (IS). Data can be violated by different manner like manual or technical errors, data tampering or loss of integrity. Security system called firewall of IS is effected by such type of violations. The flow of data among various levels of Information System is done by networking system. The flow of data on network is in form of packets or frames. To protect these packets from unauthorized access, virus attacks, and to maintain the integrity level, network security is an important factor. To protect the data to get pirated, various security techniques are used. This paper represents the various security techniques and signifies different harmful attacks with the help of detailed data analysis. This paper will be beneficial for the organizations to make the system more secure, effective, and beneficial for future decisions making.

Keywords: information systems, data integrity, TCP/IP network, vulnerability, decision, data

Procedia PDF Downloads 272

Authors: Chowduru Ramachandra Sharma, Shatunjay Rawat

Abstract:

A false positive state is when the IDS/IPS identifies an activity as an attack, but the activity is acceptable behavior in the system. False positives in a Network Intrusion Detection System ( NIDS ) is an issue because they desensitize the administrator. It wastes computational power and valuable resources when rules are not tuned properly, which is the main issue with anomaly NIDS. Furthermore, most false positives reduction techniques are not performed during the real-time of attempted intrusions; instead, they have applied afterward on collected traffic data and generate alerts. Of course, false positives detection in ‘offline mode’ is tremendously valuable. Nevertheless, there is room for improvement here; automated techniques still need to reduce False Positives in real-time. This paper uses the Snort signature detection model to redirect the alerted attacks to Honeypots and verify attacks.

Keywords: honeypot, TPOT, snort, NIDS, honeybird, iptables, netfilter, redirection, attack detection, docker, snare, tanner

Procedia PDF Downloads 134

Authors: María Elena Menéndez Ibáñez

Abstract:

After the terrorist attacks of 9/11, new measures were adopted by powerful countries and regions like the United States and the European Union in order to safeguard their security. In 2002, the US created the Department of Homeland Security with one sole objective; to protect American soil and people. The US adopted new policies that made every immigrant a potential terrorist and a threat to their national security. Stronger border control became one of the key elements of the fight against organized crime and terrorism. The main objective of this paper is to compare some of the most important and radical measures adopted by the US, even those that resulted in systematic violations of human rights, with some of the European measures adopted after the 2015 Paris attacks of 2015, such as unlawful detainment of prisoners and other measures against foreigners. Through the Schengen agreement, the European Union has tried to eliminate tariffs and border controls, in order to guarantee successful economic growth. Terrorists have taken advantage of this and have made the region vulnerable to attacks. Authorities need to strengthen their surveillance methods in order to safeguard the region and its stability. Through qualitative methods applied to social sciences, this research will also try to explain why some of the mechanisms proven to be useful in the US would not be so in Europe, especially because they would result in human rights violations. Finally, solutions will be offered that would not put the whole Schengen Agreement at risk. Europe cannot reinstate border control, without making individuals vulnerable to human rights violations.

Keywords: border control, immigration, international cooperation, national security

Procedia PDF Downloads 106

Authors: Stepan Grebeniuk, Ersi Hodo, Henri Ruotsalainen, Paul Tavolato

Abstract:

Substation security plays an important role in the power delivery system. During the past years, there has been an increase in number of attacks on automation networks of the substations. In spite of that, there hasn’t been enough focus dedicated to the protection of such networks. Aiming to design a specialized anomaly detection system based on machine learning, in this paper we will discuss the IEC 60870-5-104 protocol that is used for communication between substation and control station and focus on the simulation of the substation traffic. Firstly, we will simulate the communication between substation slave and server. Secondly, we will compare the system's normal behavior and its behavior under the attack, in order to extract the right features which will be needed for building an anomaly detection system. Lastly, based on the features we will suggest the anomaly detection system for the asynchronous protocol IEC 60870-5-104.

Keywords: Anomaly detection, IEC-60870-5-104, Machine learning, Man-in-the-Middle attacks, Substation security

Procedia PDF Downloads 335

Authors: Mohamed Elkholy, Ahmed Elfatatry

Abstract:

Cloud computing has emerged as a flexible computing paradigm that reshaped the Information Technology map. However, cloud computing brought about a number of security challenges as a result of the physical distribution of computational resources and the limited control that users have over the physical storage. This situation raises many security challenges for data integrity and confidentiality as well as authentication and access control. This work proposes a security mechanism for data integrity that allows a data owner to be aware of any modification that takes place to his data. The data integrity mechanism is integrated with an extended Kerberos authentication that ensures authorized access control. The proposed mechanism protects data confidentiality even if data are stored on an untrusted storage. The proposed mechanism has been evaluated against different types of attacks and proved its efficiency to protect cloud data storage from different malicious attacks.

Keywords: access control, data integrity, data confidentiality, Kerberos authentication, cloud security

Procedia PDF Downloads 308

Authors: Settana M. Abdulh, Naila A. Sadalla, Yaseen H. Taha, Howaida Elshoush

Abstract:

Side channel attacks are based on side channel information, which is information that is leaked from encryption systems. This includes timing information, power consumption as well as electromagnetic or even sound leaking which can exploited by an attacker. Implementing side channel attacks are possible if and only if an attacker has access to a cryptosystem. In this case, the attacker can exploit bad implementation in software or hardware which is not controlled by encryption implementer. Thus, he/she will represent a real threat to the security system. Several countermeasures have been proposed to eliminate side channel information vulnerability.Cache timing attack is a special type of side channel attack. Here, timing information is collected and analyzed by an attacker to guess sensitive information such as encryption key or plaintext. This paper reviews the technique applied in this attack and surveys the countermeasures against it, evaluating the feasibility and usability of each. Based on this evaluation, finally we pose several recommendations about using these countermeasures.

Keywords: AES algorithm, side channel attack, cache timing attack, cache timing countermeasure

Procedia PDF Downloads 269

Authors: Reham Al-Zahrani, Noura Aleisa

Abstract:

The proliferation of Radio Frequency Identification (RFID) technology has raised concerns about system security, particularly regarding tag impersonation attacks. Regarding RFID systems, an appropriate authentication protocol must resist active and passive attacks. A tag impersonation occurs when an adversary's tag is used to fool an authenticating reader into believing it is a legitimate tag. This paper analyzed the security of the efficient, secure, and practical ultra-lightweight RFID Authentication Scheme (ESRAS). Then, the paper presents a comprehensive analysis of the Efficient, Secure, and Practical Ultra-Lightweight RFID Authentication Scheme (ESRAS) in the context of radio frequency identification (RFID) systems that employed the Scyther tool to examine the protocol's security against a tag impersonation attack.

Keywords: RFID, impersonation attack, authentication, ultra-lightweight protocols

Procedia PDF Downloads 36

Authors: Beulah Rani Inbanathan

Abstract:

In the present era, it is vivid from the numerous outcomes that data privacy is being compromised in various ways. Machine learning is one technology that uses the centralized server, and then data is given as input which is being analyzed by the algorithms present on this mentioned server, and hence outputs are predicted. However, each time the data must be sent by the user as the algorithm will analyze the input data in order to predict the output, which is prone to threats. The solution to overcome this issue is federated learning, where the models alone get updated while the data resides on the local machine and does not get exchanged with the other local models. Nevertheless, even on these local models, there are chances of data poisoning, and it is crystal clear from various experiments done by many people. This paper delves into many ways where data poisoning occurs and the many methods through which it is prevalent that data poisoning still exists. It includes the poisoning attacks on IoT devices, Edge devices, Autoregressive model, and also, on Industrial IoT systems and also, few points on how these could be evadible in order to protect our data which is personal, or sensitive, or harmful when exposed.

Keywords: data poisoning, federated learning, Internet of Things, edge computing

Procedia PDF Downloads 60

Authors: Piret Pernik

Abstract:

Based on strategic, operational, and technical analysis of the ongoing armed conflict in Ukraine, this paper will examine the opportunities and risks of using small commercial drones (dual-use unmanned aerial vehicles, UAV) for military purposes. The paper discusses the opportunities and risks in the information domain, encompassing both cyber and electromagnetic interference and attacks. The paper will draw conclusions on a possible strategic impact to the battlefield outcomes in the modern armed conflicts by the widespread use of dual-use UAVs. This article will contribute to filling the gap in the literature by examining based on empirical data cyberattacks and electromagnetic interference. Today, more than one hundred states and non-state actors possess UAVs ranging from low cost commodity models, widely are dual-use, available and affordable to anyone, to high-cost combat UAVs (UCAV) with lethal kinetic strike capabilities, which can be enhanced with Artificial Intelligence (AI) and Machine Learning (ML). Dual-use UAVs have been used by various actors for intelligence, reconnaissance, surveillance, situational awareness, geolocation, and kinetic targeting. Thus they function as force multipliers enabling kinetic and electronic warfare attacks and provide comparative and asymmetric operational and tactical advances. Some go as far as argue that automated (or semi-automated) systems can change the character of warfare, while others observe that the use of small drones has not changed the balance of power or battlefield outcomes. UAVs give considerable opportunities for commanders, for example, because they can be operated without GPS navigation, makes them less vulnerable and dependent on satellite communications. They can and have been used to conduct cyberattacks, electromagnetic interference, and kinetic attacks. However, they are highly vulnerable to those attacks themselves. So far, strategic studies, literature, and expert commentary have overlooked cybersecurity and electronic interference dimension of the use of dual use UAVs. The studies that link technical analysis of opportunities and risks with strategic battlefield outcomes is missing. It is expected that dual use commercial UAV proliferation in armed and hybrid conflicts will continue and accelerate in the future. Therefore, it is important to understand specific opportunities and risks related to the crowdsourced use of dual-use UAVs, which can have kinetic effects. Technical countermeasures to protect UAVs differ depending on a type of UAV (small, midsize, large, stealth combat), and this paper will offer a unique analysis of small UAVs both from the view of opportunities and risks for commanders and other actors in armed conflict.

Keywords: dual-use technology, cyber attacks, electromagnetic warfare, case studies of cyberattacks in armed conflicts

Procedia PDF Downloads 73

Authors: Joshua Chew, Vesa Cheng, David Thomson

Abstract:

Background: Hereditary angioedema (HAE) or C1 esterase deficiency is a relatively rare entity that has a potential for significant anesthetic complications. Methods: A literature review was performed of published cases of surgery in patients with HAE. Results were limited to English language only and cases were examined for management strategies and successful prevention of acute attacks. Results: The literature revealed the successful use of C1 esterase inhibitors as the most common agent in surgical prophylaxis therapy. Other therapeutic targets described included kallikrein inhibitors and bradykinin B2 receptor antagonists. Conclusions: Therapeutic targets that exist for the management of acute attacks in HAE have been successfully employed in the setting of surgery. The data is currently limited and could not be used as a firm evidence base, but the limited outcomes seen are positive and reassuring for the prospective anesthetic management of this potentially fatal condition.

Keywords: anesthesia, C1 esterase deficiency, hereditary angioedema, surgical prophylaxis

Procedia PDF Downloads 369

Authors: Vaibhav Rana, Nicholas Balaresque

Abstract:

The 3-cup anemometer is the most commonly used instrument for wind speed measurement and, consequently, for the wind resource assessment. Though the cup anemometer shows accurate measurement under quasi-static conditions, there is uncertainty in the measurement when subjected to field measurement. Sensitivity to the angle of attacks with respect to horizontal plane, dynamic response, and non-linear behavior in calibration due to friction. The presented work aimed to identify the sensitivity of anemometer to non-horizontal flow. The cup anemometer was investigated under low wind speed wind tunnel, first under the static flow direction changes and second under the dynamic direction changes, at a different angle of attacks, under the similar conditions of reference wind tunnel speeds. The cup anemometer response under both conditions was evaluated and compared. The results showed the anemometer under dynamic wind direction changes is highly sensitive compared to static conditions.

Keywords: wind energy, cup anemometer, directional sensitivity, dynamic behavior, wind tunnel

Procedia PDF Downloads 117

Authors: Malaw Ndiaye, Karim Konate

Abstract:

Smart contracts are computer protocols that facilitate, verify, and execute the negotiation or execution of a contract, or that render a contractual term unnecessary. Blockchain and smart contracts can be used to facilitate almost any financial transaction. Thanks to these smart contracts, the settlement of dividends and coupons could be automated. Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Smart contracts, although widely used in blockchain technology, are far from perfect due to security concerns. Since there are recent studies on smart contract security, none of them systematically study the strengths and weaknesses of smart contract security. Some have focused on an analysis of program-related vulnerabilities by providing a taxonomy of vulnerabilities. Other studies are responsible for listing the series of attacks linked to smart contracts. Although a series of attacks are listed, there is a lack of discussions and proposals on improving security. This survey takes stock of smart contract security from a more comprehensive perspective by correlating the level of vulnerability and systematic review of security levels in smart contracts.

Keywords: blockchain, Bitcoin, smart contract, criminal smart contract, security

Procedia PDF Downloads 138

Authors: Auwal Nata'ala

Abstract:

The Information and Communication Technology (ICT) has had impacts in almost every area human endeavor. From business, industries, banks to none profit organizations. ICT has simplified business process such as sorting, summarizing, coding, updating and generating a report in a real-time processing mode. However, the use of these ICT facilities such as computer and internet has also brought unintended consequences of criminal activities such as spamming, credit card frauds, ATM frauds, phishing, identity theft, denial of services and other related cyber crimes. This study sought to examined cyber-crime and its impact on the banking institution in Nigeria. It also examined the existing policy framework and assessed the success of the institutional countermeasures in combating cyber crime in the banking industry. This paper X-ray’s cyber crimes, policies issues and provides insight from a Nigeria perspective.

Keywords: cyber crimes, e-banking, policies, ICT

Procedia PDF Downloads 389

Authors: Leidy M. Aldana, Jorge E. Camargo

Abstract:

Adversarial Machine Learning has gained importance in recent years as Cybersecurity has gained too, especially malware, it has affected different entities and people in recent years. This paper shows a literature review about defense methods created to prevent adversarial machine learning attacks, firstable it shows an introduction about the context and the description of some terms, in the results section some of the attacks are described, focusing on detecting adversarial examples before coming to the machine learning algorithm and showing other categories that exist in defense. A method with five steps is proposed in the method section in order to define a way to make the literature review; in addition, this paper summarizes the contributions in this research field in the last seven years to identify research directions in this area. About the findings, the category with least quantity of challenges in defense is the Detection of adversarial examples being this one a viable research route with the adaptive approach in attack and defense.

Keywords: Malware, adversarial, machine learning, defense, attack

Procedia PDF Downloads 28

Authors: Haitham Assiri, Priyadarsi Nanda

Abstract:

The world is gradually entering the fourth industrial revolution. E-Government services are scaling government operations across the globe. However, as promising as an e-Government system would be, it is also susceptible to malicious attacks if not properly secured. This study found out that, in Saudi Arabia, the e-Government website, Yesser is vulnerable to external attacks. Obviously, this can lead to a breach of data integrity and privacy. In this paper, a Systematic Literature Review was conducted to explore possible ways the Kingdom of Saudi Arabia can take necessary measures to strengthen its e-Government system using Blockchain. Blockchain is one of the emerging technologies shaping the world through its applications in finance, elections, healthcare, etc. It secures systems and brings more transparency. A total of 28 papers were selected for this SLR, and 19 of the papers significantly showed that blockchain could enhance the security and privacy of Saudi’s e-government system. Other papers also concluded that blockchain is effective, albeit with the integration of other technologies like IoT, AI and big data. These papers have been analysed to sieve out the findings and set the stage for future research into the subject.

Keywords: blockchain, data integrity, e-government, security threats

Procedia PDF Downloads 216

Authors: Lakshmidevi Sreeramareddy, Komalpreet Kaur, Nane Pothier

Abstract:

For security purposes, it is important to detect passwords entered by unauthorized users. With traditional alphanumeric passwords, if the content of a password is acquired and correctly entered by an intruder, it is impossible to differentiate the password entered by the intruder from those entered by the authorized user because the password entries contain precisely the same character set. However, no two entries for the gesture-based passwords, even those entered by the person who created the password, will be identical. There are always variations between entries, such as the shape and length of each stroke, the location of each stroke, and the speed of drawing. It is possible that passwords entered by the unauthorized user contain higher levels of variations when compared with those entered by the authorized user (the creator). The difference in the levels of variations may provide cues to detect unauthorized entries. To test this hypothesis, we designed an empirical study, collected and analyzed the data with the help of machine-learning algorithms. The results of the study are significant.

Keywords: authentication, gesture-based passwords, shoulder-surfing attacks, usability

Procedia PDF Downloads 117

Authors: Ronald Villamar-Torres, Michael Staudt, Christopher Viot

Abstract:

Cotton Gossypium hirsutum L. is one of the most important industrial crops, producing the world leading natural textile fiber, but is very prone to arthropod attacks that reduce crop yield and quality. Cotton cultivation, therefore, makes an outstanding use of chemical pesticides. In reaction to herbivorous arthropods, cotton plants nevertheless show natural defense reactions, in particular through volatile organic compounds (VOCs) emissions. These natural defense mechanisms are nowadays underutilized but have a very high potential for cotton cultivation, and elucidating their genetic bases will help to improve their use. Simulating herbivory attacks by mechanical wounding of cotton plants in greenhouse, we studied by qPCR the changes in gene expression for genes of the terpenoids biosynthesis pathway. Differentially expressed genes corresponded to higher levels of the terpenoids biosynthesis pathway and not to enzymes synthesizing particular terpenoids. The genes were mapped on the G. hirsutum L. reference genome; their global relationships inside the general metabolic pathways and the biosynthesis of secondary metabolites were visualized with iPath2. The chromatographic profiles of VOCs emissions indicated first monoterpenes and sesquiterpenes emissions, dominantly four molecules known to be involved in plant reactions to arthropod attacks. As a result, the study permitted to identify potential key genes for the emission of volatile terpenoids by cotton plants in reaction to an arthropod attack, opening possibilities for molecular-assisted cotton breeding in benefit of smallholder cotton growers.

Keywords: biosynthesis pathways, cotton, mechanisms of plant defense, terpenoids, volatile organic compounds

Procedia PDF Downloads 334

Authors: Behzad Mohammadzadeh, Huyk Chun Noh

Abstract:

The plate is one of the popular structural elements used in a wide range of industries and structures. They may be subjected to blast loads during explosion events, missile attacks or aircraft attacks. This study is to investigate dynamic responses of the rectangular plate subjected to explosive loads. The effects of material properties and plate thickness on responses of the plate are to be investigated. The compressive pressure is applied to the surface of the plate. Different amounts of thickness in the range from 10mm to 30mm are considered for the plate to evaluate the changes in responses of the plate with respect to the plate thickness. Two different properties are considered for the steel. First, the analysis is performed by considering only the elastic-plastic properties for the steel plate. Later on damping is considered to investigate its effects on the responses of the plate. To do analysis, the numerical method using a finite element based package ABAQUS is applied. Finally, dynamic responses and graphs showing the relation between maximum displacement of the plate and aim parameters are provided.

Keywords: impulsive loaded plates, dynamic analysis, ABAQUS, material nonlinearity

Procedia PDF Downloads 496

Authors: Ali Abdrhman M. Ukasha

Abstract:

Data security needed in data transmission, storage, and communication to ensure the security. The single step parallel contour extraction (SSPCE) method is used to create the edge map as a key image from the different Gray level/Binary image. Performing the X-OR operation between the key image and each bit plane of the original image for image pixel values change purpose. The Arnold transform used to changes the locations of image pixels as image scrambling process. Experiments have demonstrated that proposed algorithm can fully encrypt 2D Gary level image and completely reconstructed without any distortion. Also shown that the analyzed algorithm have extremely large security against some attacks like salt & pepper and JPEG compression. Its proof that the Gray level image can be protected with a higher security level. The presented method has easy hardware implementation and suitable for multimedia protection in real time applications such as wireless networks and mobile phone services.

Keywords: SSPCE method, image compression-salt- peppers attacks, bitplanes decomposition, Arnold transform, lossless image encryption

Procedia PDF Downloads 400

Authors: Ahlem Abid, Farah Jemili

Abstract:

Intrusion detection has been the subject of numerous studies in industry and academia, but cyber security analysts always want greater precision and global threat analysis to secure their systems in cyberspace. To improve intrusion detection system, the visualisation of the security events in form of graphs and diagrams is important to improve the accuracy of alerts. In this paper, we propose an approach of an IDS based on cloud computing, big data technique and using a machine learning graph algorithm which can detect in real time different attacks as early as possible. We use the MAWILab intrusion detection dataset . We choose Microsoft Azure as a unified cloud environment to load our dataset on. We implement the k2 algorithm which is a graphical machine learning algorithm to classify attacks. Our system showed a good performance due to the graphical machine learning algorithm and spark structured streaming engine.

Keywords: Apache Spark Streaming, Graph, Intrusion detection, k2 algorithm, Machine Learning, MAWILab, Microsoft Azure Cloud

Procedia PDF Downloads 116

Authors: Ali A. Ukasha

Abstract:

Data security needed in data transmission, storage, and communication to ensure the security. The single step parallel contour extraction (SSPCE) method is used to create the edge map as a key image from the different Gray level/Binary image. Performing the X-OR operation between the key image and each bit plane of the original image for image pixel values change purpose. The Arnold transform used to changes the locations of image pixels as image scrambling process. Experiments have demonstrated that proposed algorithm can fully encrypt 2D Gary level image and completely reconstructed without any distortion. Also shown that the analyzed algorithm have extremely large security against some attacks like salt & pepper and JPEG compression. Its proof that the Gray level image can be protected with a higher security level. The presented method has easy hardware implementation and suitable for multimedia protection in real time applications such as wireless networks and mobile phone services.

Keywords: SSPCE method, image compression, salt and peppers attacks, bitplanes decomposition, Arnold transform, lossless image encryption

Procedia PDF Downloads 462

Authors: Volkan Kaya, Ersin Elbasi

Abstract:

Watermarking and stenography are getting importance recently because of copyright protection and authentication. In watermarking we embed stamp, logo, noise or image to multimedia elements such as image, video, audio, animation and text. There are several works have been done in watermarking for different purposes. In this research work, we used watermarking techniques to embed patient information into the medical magnetic resonance (MR) images. There are two methods have been used; frequency domain (Digital Wavelet Transform-DWT, Digital Cosine Transform-DCT, and Digital Fourier Transform-DFT) and spatial domain (Least Significant Bits-LSB) domain. Experimental results show that embedding in frequency domains resist against one type of attacks, and embedding in spatial domain is resist against another group of attacks. Peak Signal Noise Ratio (PSNR) and Similarity Ratio (SR) values are two measurement values for testing. These two values give very promising result for information hiding in medical MR images.

Keywords: watermarking, medical image, frequency domain, least significant bits, security

Procedia PDF Downloads 260

Authors: Gaurav Bansod, Swapnil Sutar, Abhijit Patil, Jagdish Patil

Abstract:

This paper proposes an ultra-lightweight cipher NUX. NUX is a generalized Feistel network. It supports 128/80 bit key length and block length of 64 bit. For 128 bit key length, NUX needs only 1022 GEs which is less as compared to all existing cipher design. NUX design results into less footprint area and minimal memory size. This paper presents security analysis of NUX cipher design which shows cipher’s resistance against basic attacks like Linear and Differential Cryptanalysis. Advanced attacks like Biclique attack is also mounted on NUX cipher design. Two different F function in NUX cipher design results in high diffusion mechanism which generates large number of active S-boxes in minimum number of rounds. NUX cipher has total 31 rounds. NUX design will be best-suited design for critical application like smart grid, IoT, wireless sensor network, where memory size, footprint area and the power dissipation are the major constraints.

Keywords: lightweight cryptography, Feistel cipher, block cipher, IoT, encryption, embedded security, ubiquitous computing

Procedia PDF Downloads 325

Authors: Jonathan K. Hill

Abstract:

The transportation networks throughout Africa remain the only transportation infrastructure system in the world that is attacked by terrorists at a high frequency, so the international community can learn from each attack. The targeting of transportation should be recognized as a direct attack against a civilian population, so the international community should work to better understand the types of attacks utilized, the types of improvised explosive device designs adapted to transportation targets, and the ways the various modes of transportation have been attacked throughout the continent. Some countries have seen grenade attacks that have resulted in only injuries, while some countries have experienced large vehicle bombings that have resulted in hundreds of injuries and numerous deaths. With insurgencies, explosive devices have been small, complex, and generally target an enemy of the insurgency. With terrorist bombings, the explosive devices have been large, brazen, and targeted at civilian populations. And, these civilian populations are easily targeted within the transportation system. The presentation provided by Assess Africa LLC is titled ‘Evolution of Bombings Against Transportation Infrastructure’ and covers improvised explosive device characteristics, how improvised explosive devices have been adapted to transportation targets in Africa, analyses recent incidents, and provides some advice for effective protective measures. A main component of the improvised explosive device characteristics portion of the presentation focuses on the link between explosive device components, the intelligence network, and the bomb-builder’s network. By understanding the components, how the use of various components can be linked to a terrorist group’s capabilities, and how the bomb-builder acquires materials, the analysis of improvised explosive device attacks takes on a new direction – one that focuses on defeating the network instead of merely reviewing incidents of the past.

Keywords: Africa, bombings, critical infrastructure protection, transportation security

Procedia PDF Downloads 392

Authors: Tao Feng, Xiaomei Ma, Xian Guo, Jing Wang

Abstract:

Named Data Network (NDN) is one of the future Internet architecture, all nodes (i.e., hosts, routers) are allowed to have a local cache, used to satisfy incoming requests for content. However, depending on caching allows an adversary to perform attacks that are very effective and relatively easy to implement, such as content pollution attack. In this paper, we use a method of secure network coding based on homomorphic signature system to solve this problem. Firstly ,we use a dynamic public key technique, our scheme for each generation authentication without updating the initial secret key used. Secondly, employing the homomorphism of hash function, intermediate node and destination node verify the signature of the received message. In addition, when the network topology of NDN is simple and fixed, the code coefficients in our scheme are generated in a pseudorandom number generator in each node, so the distribution of the coefficients is also avoided. In short, our scheme not only can efficiently prevent against Intra/Inter-GPAs, but also can against the content poisoning attack in NDN.

Keywords: named data networking, content polloution attack, network coding signature, internet architecture

Procedia PDF Downloads 305

Authors: Stephen M. Magu

Abstract:

The 9/11 and Christmas bombing attacks in the United States are mostly associated with the inability of intelligence agencies to connect dots based on intelligence that was already available. The 1998, 2002, 2013 and several 2014 terrorist attacks in Kenya, on the other hand, are probably driven by a completely different dynamic: the invisible hand of corruption. The World Bank and Transparency International annually compute the Worldwide Governance Indicators and the Corruption Perception Index respectively. What perhaps is not adequately captured in the corruption metrics is the impact of corruption on terrorism. The World Bank data includes variables such as the control of corruption, (estimates of) government effectiveness, political stability and absence of violence/terrorism, regulatory quality, rule of law and voice and accountability. TI's CPI does not include measures related to terrorism, but it is plausible that there is an expectation of some terrorism impact arising from corruption. This paper, by examining the incidence, frequency and total number of terrorist attacks that have occurred especially since 1990, and further examining the specific cases of Kenya and Nigeria, argues that in addition to having major effects on governance, corruption has an even more frightening impact: that of facilitating and/or violating security mechanisms to the extent that foreign nationals can easily obtain identification that enables them to perpetuate major events, targeting powerful countries' interests in countries with weak corruption-fighting mechanisms. The paper aims to model interactions that demonstrate the cost/benefit analysis and agents' rational calculations as being non-rational calculations, given the ultimate impact. It argues that eradication of corruption is not just a matter of a better business environment, but that it is implicit in national security, and that for anti-corruption crusaders, this is an argument more potent than the economic cost / cost of doing business argument.

Keywords: corruption, global south, identification, passports, terrorism

Procedia PDF Downloads 394

Authors: Majed Sanan, Mohammad Rammal, Wassim Rammal

Abstract:

Today, security is a major concern. Intrusion Detection, Prevention Systems and Honeypot can be used to moderate attacks. Many researchers have proposed to use many IDSs ((Intrusion Detection System) time to time. Some of these IDS’s combine their features of two or more IDSs which are called Hybrid Intrusion Detection Systems. Most of the researchers combine the features of Signature based detection methodology and Anomaly based detection methodology. For a signature based IDS, if an attacker attacks slowly and in organized way, the attack may go undetected through the IDS, as signatures include factors based on duration of the events but the actions of attacker do not match. Sometimes, for an unknown attack there is no signature updated or an attacker attack in the mean time when the database is updating. Thus, signature-based IDS fail to detect unknown attacks. Anomaly based IDS suffer from many false-positive readings. So there is a need to hybridize those IDS which can overcome the shortcomings of each other. In this paper we propose a new approach to IDS (Intrusion Detection System) which is more efficient than the traditional IDS (Intrusion Detection System). The IDS is based on Honeypot Technology and Anomaly based Detection Methodology. We have designed Architecture for the IDS in a packet tracer and then implemented it in real time. We have discussed experimental results performed: both the Honeypot and Anomaly based IDS have some shortcomings but if we hybridized these two technologies, the newly proposed Hybrid Intrusion Detection System (HIDS) is capable enough to overcome these shortcomings with much enhanced performance. In this paper, we present a modified Hybrid Intrusion Detection System (HIDS) that combines the positive features of two different detection methodologies - Honeypot methodology and anomaly based intrusion detection methodology. In the experiment, we ran both the Intrusion Detection System individually first and then together and recorded the data from time to time. From the data we can conclude that the resulting IDS are much better in detecting intrusions from the existing IDSs.

Keywords: security, intrusion detection, intrusion prevention, honeypot, anomaly-based detection, signature-based detection, cloud computing, kfsensor

Procedia PDF Downloads 344

Authors: Seema Singh Parmar, Shweta Chauhan

Abstract:

Aims & Objectives: To evaluate the presence of various psychiatric disorders in patients reporting with a headache as the only symptom. Methodology: 200 patients with the chief complain of a headache who visited the psychiatric OPD of a tertiary care were investigated. Out of them 50 who had pure psychiatric illness without any other neurological disease were investigated, and their diagnosis was made. Independent sample t-tests were applied to generate results. Results: The most common psychiatric diagnosis seen in the sample was Depression (64%) out of which 47% showed features of Depression with anxious distress. Other psychiatric disorders seen were Generalized Anxiety Disorder, Panic Attacks, Somatic Symptom Disorder and Obsessive Compulsive Disorder. For pure psychiatry, headache related illnesses female to male ratio was 1.64. Conclusion: The increasing frequency of psychiatric disorders among patients who only visit the doctor seeking treat a headache shows the need for better identification of psychiatric disorders because proper diagnosis and target of psychiatric treatment shall give complete relief to the patient’s symptomatology.

Keywords: anxiety disorders, depression, headache, panic attacks

Procedia PDF Downloads 348