DOI: 10.3897/jucs.125999

Authors: Ryma Abassi

Abstract: As governments and organizations seek to strengthen cybersecurity measures, ethical considerations play a crucial role in shaping effective and responsible policies. This research article explores the ethical dimensions of cybersecurity policymaking, focusing on the balance between security imperatives and individual privacy rights. Drawing on principles of ethics, human rights, and legal frameworks, the article discusses challenges and dilemmas faced by policymakers in ensuring cybersecurity without compromising privacy and civil liberties. It proposes a set of ethical guidelines and best practices for designing and implementing cybersecurity policies that are both effective and respectful of fundamental rights and values.

HTML

PDF

DOI: 10.3897/jucs.108445

Authors: Emre Sadıkoğlu, İrfan Kösesoy, Murat Gök

Abstract: With the increasing popularity and usage of artificial intelligence systems, it has become crucial to address their vulnerability to cyber-attacks. In this study, we propose a novel gradient descent-based method to generate fake data that can be accepted as positive by a targeted machine learning model. Our method is designed to generate a large number of positive samples with a minimal number of probes to the model, making it difficult to detect by security systems. Additionally, we develop an alternative model to the attacked model using a reverse engineering approach, trained on a dataset composed of the samples generated by our method. We evaluate the success of our proposed method and the alternative model through a series of experiments. We conducted experiments on six distinct datasets, each of which was trained using three separate machine-learning algorithms. This resulted in a total of eighteen unique models that were evaluated and compared in our analysis. In the evaluation of results, the most commonly used metrics in the literature, including effective attack rate (EAR), accuracy, precision, recall, and F1 score, were employed. Focusing particularly on EAR-oriented assessments, our method demonstrates its effectiveness with a notably high EAR of 97% in the combination of the kNN method and the Cancer dataset. According to the results of our experiments, the proposed method demonstrates high effectiveness as a data-driven attack method.

HTML

PDF

DOI: 10.3897/jucs.104901

Authors: Tien Quang Dam, Nghia Thinh Nguyen, Trung Viet Le, Tran Duc Le, Sylvestre Uwizeyemungu, Thang Le-Dinh

Abstract: In recent years, the rapid evolution of ransomware has led to the development of numerous techniques designed to evade traditional malware detection methods. To address this issue, a novel approach is proposed in this study, leveraging machine learning to encode critical information from Portable Executable (PE) headers into visual representations of ransomware samples. The proposed method selects highly impactful features for data sample classification and encodes them as images based on predefined color rules. A deep learning model named peIRCECon (PE Header-Image-based Ransomware Classification Ensemble with Concatenating) is also developed by integrating prominent architectures, such as VGG16 and ResNet50, and incorporating the concatenating method to enhance ransomware detection and classification performance. Experimental results using self-collected datasets demonstrate the efficacy of this approach, achieving high accuracy of 99.85% in distinguishing between ransomware and benign samples. This promising approach holds the potential to significantly improve the effectiveness of ransomware detection and classification, thereby contributing to more robust cybersecurity defense systems.

HTML

PDF

DOI: 10.3897/jucs.85506

Authors: Mehdi Rouissat, Mohammed Belkheir, Hicham Sid Ahmed Belkhira, Sofiane Boukli Hacene, Pascal Lorenz, Merahi Bouziani

Abstract: The present work describes a new technique to mitigate the version number attack (VNA), which is classified as one among the known denial of service (DDoS) damaging attacks targeting RPL-based (Routing Protocol for Low Power and Lossy Networks) IoTs networks. Through a VNA, the malicious behavior induces an increase in the control overhead and affects nodes’ ressources in terms of processing and memory, thereby the network availability is directly targeted. The lightweight proposed algorithm is run by each node where the main purpose is to halt the spread of a faked version number over the network and to recover victim nodes. The proposed solution has been implemented and simulated using Cooja under Contiki OS. Simulation results obviously show that our proposed technique promises significant improvements in various measured metrics while optimizing the node resources in terms of processing and memory usage. Compared to the network under attack, the control overhead has been shortened by 83% and the energy consumption has been reduced by 74%. In addition, the packet delivery ratio (PDR) has been improved to reach (99,6%), and the latency has been restored to attain the same value as in the normal case.

HTML

XML

PDF

DOI: 10.3897/jucs.76528

Authors: Jing Qiu, Feng Dong, Guanglu Sun

Abstract: Disassembly is the basis of static analysis of binary code and is used in malicious code detection, vulnerability mining, software optimization, etc. Disassembly of arbitrary suspicious code blocks (e.g., for suspicious traffic packets intercepted by the network) is a difficult task. Traditional disassembly methods require manual specification of the starting address and cannot automate the disassembly of arbitrary code blocks. In this paper, we propose a disassembly method based on code extension selection network by combining traditional linear sweep and recursive traversal methods. First, each byte of a code block is used as the disassembly start address, and all disassembly results (control flow graphs) are combined into a single flow graph. Then a graph attention network is trained to pick the correct subgraph (control flow graph) as the final result. In the experiment, the compiler-generated executable file, as well as the executable file generated by hand-written assembly code, the data file and the byte sequence intercepted by the code segment were tested, and the disassembly accuracy was 93%, which can effectively distinguish the code from the data.

HTML

XML

PDF

DOI: 10.3897/jucs.77046

Authors: Mohamed Talha, Anas Abou El Kalam

Abstract: Big Data often refers to a set of technologies dedicated to deal with large volumes of data. Data Quality and Data Security are two essential aspects for any Big Data project. While Data Quality Management Systems are about putting in place a set of processes to assess and improve certain characteristics of data such as Accuracy, Consistency, Completeness, Timeliness, etc., Security Systems are designed to protect the Confidentiality, Integrity and Availability of data. In a Big Data environment, data quality processes can be blocked by data security mechanisms. Indeed, data is often collected from external sources that could impose their own security policies. In many research works, it has been recognized that merging and integrating access control policies are real challenges for Big Data projects. To address this issue, we suggest in this paper a framework to secure data collection in collaborative platforms. Our framework extends and combines two existing frameworks namely: PolyOrBAC and SLA- Framework. PolyOrBAC is a framework intended for the protection of collaborative environments. SLA-Framework, for its part, is an implementation of the WS-Agreement Specification, the standard for managing bilaterally negotiable SLAs (Service Level Agreements) in distributed systems; its integration into PolyOrBAC will automate the implementation and application of security rules. The resulting framework will then be incorporated into a data quality assessment system to create a secure and dynamic collaborative activity in the Big Data context.

HTML

XML

PDF

DOI: 10.3897/jucs.2020.045

Authors: Simon Vrhovec, Damjan Fujs, Luka Jelovčan, Anže Mihelič

Abstract: There is a growing number of scientific papers reporting on case studies and action research published each year. Consequently, evaluating the quality of pilling up research reports is becoming increasingly challenging. Several approaches for evaluation of quality of the scientific outputs exist however they appear to be fairly time-consuming and/or adapted for other research designs. In this paper, we propose a reasonably light-weight structure-based approach for evaluating case study and action research reports (SAE-CSAR) based on eight key parts of a real-world research report: research question, case description, data collection, data analysis, ethical considerations, results, discussion and limitations. To evaluate the feasibility of the proposed approach, we conducted a systematic literature survey of papers reporting on real-world cybersecurity research. A total of N = 102 research papers were evaluated. Results suggest that SAE-CSAR is useful and relatively efficient, and may offer a thought-provoking insight into the studied field. Although there is a positive trend for the inclusion of data collection, data analysis and research questions in papers, there is still room for improvement suggesting that the field of real-world cybersecurity research did not mature yet. The presence of a discussion in a paper appears to affect most its citation count. However, it seems that it is not uniformly accepted what a discussion should include. This paper explores this and other issues related to paper structure and provides guidance on how to improve the quality of research reports.

HTML

XML

PDF

DOI: 10.3217/jucs-025-11-1458

Authors: Anže Mihelič, Matej Jevšček, Simon Vrhovec, Igor Bernik

Abstract: To exploit the human as the "back door" to compromising well-protected information systems of organizations, phishing-type attacks are becoming increasingly sophisticated. There is however a significant lack of real-world studies of phishing campaigns in industrial settings even though it is a wide-spread way to hack information systems of organizations and many notorious cyberattacks started with some sort of a human exploitation. To fill this void, we conducted a case study in a large Central European manufacturing company Manco (fake company name) and observed the targeted employees' and IT department staff's response to a phishing campaign. Even though the IT department staff reacted very fast (their procedures started fifteen minutes after the first phishing e-mail was sent), results suggest significant data leakage and a high potential for successful malware installation. The observed click rate was 69.4 percent and real personal data submission rate was at least 49.0 percent. The average response time of targets (i.e., time between sending the phishing e-mail and visiting the phishing website) was 20 minutes, from 25 seconds to 203 minutes. The results suggest that a phishing campaign can be successful even if the targeted organization's response time is very short. Also, the phishing campaign may not be effective only due to the susceptibility of targets but also due to the investigative techniques of the first responders.

HTML

XML

PDF

DOI: 10.3217/jucs-025-10-1221

Authors: K. Shankar, Mohamed Elhoseny

Abstract: In wireless communication, Mobile Ad Hoc Network (MANET) consists of a number of mobile nodes which are communicated with each other without any base station. One of the security attacks in MANETs is Packet forwarding misbehaviour attack; this makes MANETs weak by showing message loss behavior. For securing message transmission in MANET, the work proposes Energy Efficient Clustering Protocol (EECP) with Radial Basis Function (RBF) based CH is elected for formed Clusters. Moreover, here some Network measures are considered to detect the malicious nodes and CH model that is speed, mobility, trust and so on. The trust value of the node is computed from the neighbor node which helps in further location to find a malicious node in the network to avail message drop and energy consumption (EC). After detecting malicious nodes, Multi secure Protocols that is Secure Efficient Distance Vector Routing (SEDV) and Secure Link State Routing Protocol (SLSP) with encryption technique used for message security. If the" HELLO" message sending by the sender, its encrypted and decrypted triples in receiver end to get the plain message, this technique is Triple Data Encryption Standard (TDES). Finally, the implementation results are evaluated to analyze the message security level of the proposed system in MANET in terms, of Packet to Delivery Ratio (PDR, Network Life Time (NLT) and some other important Measures.

HTML

XML

PDF

DOI: 10.3217/jucs-025-09-1066

Authors: Yosra Lakhdhar, Slim Rekhis, Noureddine Boudriga

Abstract: Presently, attackers succeed to damage different cyber systems no matter whether cyber security solutions are implemented or not. This fact can be explained by the information insufficiency regarding the attack environment and the deployed solutions, in addition to the predominant use of pre-built cyber attack databases, making the supervised system incapable of defending itself against zero-day attacks. We present in this paper an enhanced cyber defense model to assess the effectiveness of the deployed security solutions to defend against potential generated attack scenarios under various contexts (the configuration of distributed security solutions, named observer agents, the type and location of reaction systems, and the type of data visible by the deployed solutions). Furthermore, we propose a model ensuring the generation of known and unknown attack scenarios starting from the formal description of system variables and their interactions. In addition, we develop the concept of observable executable scenario that ensures the step by step observation of attack scenarios execution, the assessment of observer agents' reactions, and the detection of attack occurrence in a distributed system. The results of the conducted simulations using real case studies are presented to exemplify the proposal.

HTML

XML

PDF

DOI: 10.3217/jucs-025-03-0282

Authors: Xianmin Wang, Yu Zhang, Brij Gupta, Hongfei Zhu, Dongxi Liu

Abstract: Identity-based signcryption schemes based on large integer factorization and discrete logarithm problems were considered to be insecure for the quantum computer attack. Thus, choosing a quantum-resist platform and constructing secure schemes based on new hard assumptions are challenges. In this paper, we propose an alternative scheme - an identity-based signcryption on lattice, which does not need to rely on a trapdoor. Meanwhile, our scheme achieves IND-CCA2 and sUF-CMA security, and it is also secure against the current quantum algorithm attacks based on LWE problem for lattice. Furthermore, we demonstrate that the newly proposed scheme has much shorter secret key size, and higher speeds in signcryption and unsigncryption stages, compared with some exiting identity-based signcryption schemes.

HTML

XML

PDF

DOI: 10.3217/jucs-025-01-0002

Authors: Rafał Kozik, Michał Choraś, Jörg Keller

Abstract: This paper outlines and proposes a new approach to cyber attack detection on the basis of the practical application of the efficient lifelong learning cybersecurity system. One of the main difficulties in machine learning is to build intelligent systems that are capable of learning sequential tasks and then to transfer knowledge from a previously learnt foundation to learn new tasks. Such capability is termed as Lifelong Machine Learning (LML) or as Lifelong Learning Intelligent Systems (LLIS). This kind of solution would promptly address the current problems in the cybersecurity domain, where each new cyber attack can be considered as a new task. Our approach is an extension of the Efficient Lifelong Learning (ELLA) framework. Hereby, we propose the new B-ELLA (Balanced ELLA) framework to detect cyber attacks and to counter the problem of network data imbalance. Our proposition is evaluated on a malware benchmark dataset and we achieve promising results.

HTML

XML

PDF

DOI: 10.3217/jucs-024-09-1258

Authors: Nipon Theera-Umpon, Kun-Hee Han, Woo-Sik Bae, Sanghyuk Lee, Van Pham

Abstract: The evolving Internet of Things (IoT) technology has driven the advancement of communication technology for implantable devices and relevant services. Still, concerns are raised over implantable medical devices (IMDs), because the wireless transmission section between patients and devices is liable to intrusions on privacy attributable to hacking attacks and resultant leakage of patients' personal information. Also, manipulating and altering patients' medical information may lead to serious leakage of personal information and thus adverse medical incidents. To address the foregoing challenges, the present paper proposes a security protocol that copes with a range of vulnerabilities in communication between IMDs and other devices. In addition, the proposed protocol encrypts the communication process and data to eliminate the likelihood of personal information being leaked. The verification highlights the safety and security of the proposed protocol in wireless communication.

HTML

XML

PDF

DOI: 10.3217/jucs-024-01-0025

Authors: Flavio De Mello, José A. M. Xexéo

Abstract: This paper analyzes the use of machine learning techniques for the identification of encryption algorithms, from ciphertexts only. The experiment involved corpora of plain texts in seven different languages; seven encryption algorithms, each one in ECB and CBC modes; and six data mining algorithms for classification. The plain text files were encrypted with each cryptographic algorithm under both cipher modes. After that, the ciphertexts were processed to produce metadata, which were then used by the classification algorithms. The overall experiment involved not only a high quantity of ciphertexts, but also time consuming procedures for metadata creation as well as for identification. Therefore, a high performance computer and customized memory management were employed. As expected, the results for ECB mode encryption algorithm identification were significantly high, and also reached full recognition. On the other hand, algorithm identification under CBC is supposed to be marginal, but successful identification was up to six times higher than the probabilistic bid.

HTML

XML

PDF

DOI: 10.3217/jucs-020-02-0079

Authors: Carlos Blanco, Ignacio De Guzmán, Eduardo Fernández-Medina, Juan Trujillo

Abstract: Data Warehouses (DW) manage enterprise information that is queried for decision making purposes by using On-Line Analytical Processing (OLAP) tools. The establishment of security constraints in all development stages and operations of the DW is highly important since otherwise, unauthorized users may discover vital business information. The final users of OLAP tools access and analyze the information from the corporate DW by using specific views or cubes based on the multidimensional modelling containing the facts and dimensions (with the corresponding classification hierarchies) that a decision maker or group of decision makers are interested in. Thus, it is important that security constraints will be also established over this metadata layer that connects the DW's repository with the decision makers, that is, directly over the multidimensional structures that final users manage. In doing so, we will not have to define specific security constraints for every particular user, thereby reducing the developing time and costs for secure OLAP applications. In order to achieve this goal, a model driven architecture to automatically develop secure OLAP applications from models has been defined. This paper shows the benefits of this architecture by applying it to a case study in which an OLAP application for an airport DW is automatically developed from models. The architecture is composed of: (1) the secure conceptual modelling by using a UML profile; (2) the secure logical modelling for OLAP applications by using an extension of CWM; (3) the secure implementation into a specific OLAP tool, SQL Server Analysis Services (SSAS); and (4) the transformations needed to automatically generate logical models from conceptual models and the final secure implementation.

HTML

XML

PDF

DOI: 10.3217/jucs-017-06-0944

Authors: Sang Lee, Dong Kim, Jong Park

Abstract: E-mail spam is no more garbage but risk since it recently includes virus attachments and spyware agents which make the recipients' system ruined, therefore, there is an emerging need for spam detection. Many spam detection techniques based on machine learning techniques have been proposed. As the amount of spam has been increased tremendously using bulk mailing tools, spam detection techniques should counteract with it. To cope with this, parameters optimization and feature selection have been used to reduce processing overheads while guaranteeing high detection rates. However, previous approaches have not taken into account feature variable importance and optimal number of features. Moreover, to the best of our knowledge, there is no approach which uses both parameters optimization and feature selection together for spam detection. In this paper, we propose a spam detection model enabling both parameters optimization and optimal feature selection; we optimize two parameters of detection models using Random Forests (RF) so as to maximize the detection rates. We provide the variable importance of each feature so that it is easy to eliminate the irrelevant features. Furthermore, we decide an optimal number of selected features using two methods; (i) only one parameters optimization during overall feature selection and (ii) parameters optimization in every feature elimination phase. Finally, we evaluate our spam detection model with cost-sensitive measures to avoid misclassification of legitimate messages, since the cost of classifying a legitimate message as a spam far outweighs the cost of classifying a spam as a legitimate message. We perform experiments on Spambase dataset and show the feasibility of our approaches.

HTML

XML

PDF

DOI: 10.3217/jucs-015-03-0538

Authors: Joerg Muehlbacher, Christian Praher

Abstract: Besides the well established access control models, Discretionary Access Control (DAC) and Mandatory Access Control (MAC), the policy neutral Role Based Access Control (RBAC) is gaining increasingly momentum. An important step towards a wide acceptance of RBAC has been achieved by the standardization of RBAC through the American National Standards Institute (ANSI) in 2004. While the concept of sessions specified in the ANSI RBAC standard allows for differentiated role selections according to tasks that have to be performed by users, it is very likely that more roles will be activated in a session than are effectively needed to perform the intended activity. Dynamic Sessions in RBAC (DS RBAC) is an extension to the existing RBAC ANSI standard that dynamically deactivates roles in a session if they are not exercised for a certain period of time. This allows for the selection of an outer-shell of possibly needed permissions at the initation of a session through a user, while adhering to the principle of least privilege by automatically reducing the effective permission space to those roles really exercised in the session. Analogous to the working set model known from virtual memory, only the minimal roles containing permissions recently exercised by the user are left in a session in the DS RBAC model. If the user tries to access a role that has aged out due to inactivity, a role fault occurs. A role fault can be resolved by the role fault handler that is responsible for re-activating the expired role. As will be presented in this paper, role re-activation may be subject to constraints that have to be fulfilled by the user in order to re-access the aged role.

HTML

XML

PDF