Research Article
Farnoush Manavi; Ali Hamzeh
Abstract
With the spread of information technology in human life, data protection is a critical task. On the other hand, malicious programs are developed, which can manipulate sensitive and critical data and restrict access to this data. Ransomware is an example of such a malicious program that encrypts data, ...
Read More
With the spread of information technology in human life, data protection is a critical task. On the other hand, malicious programs are developed, which can manipulate sensitive and critical data and restrict access to this data. Ransomware is an example of such a malicious program that encrypts data, restricts users' access to the system or their data, and then request a ransom payment. Many types of research have been proposed for ransomware detection. Most of these methods attempt to identify ransomware by relying on program behavior during execution. The main weakness of these methods is that it is not explicit how long the program should be monitored to show its real behavior. Therefore, sometimes, these researches cannot detect ransomware early. In this paper, a new method for ransomware detection is proposed that does not need executing the program and uses the PE header of the executable file. To extract effective features from the PE header file, an image is constructed based on PE header. Then, according to the advantages of Convolutional Neural Networks in extracting features from images and classifying them, CNN is used. The proposed method achieves high detection rates. Our results indicate the usefulness and practicality of our method for ransomware detection.
Research Article
Hajar Dastanpour; Ali Fanian
Abstract
Today, intrusion detection systems are used in the networks as one of the essential methods to detect new attacks. Usually, these systems deal with a broad set of data and many features. Therefore, selecting proper features and benefitting from previously learned knowledge is suitable for efficiently ...
Read More
Today, intrusion detection systems are used in the networks as one of the essential methods to detect new attacks. Usually, these systems deal with a broad set of data and many features. Therefore, selecting proper features and benefitting from previously learned knowledge is suitable for efficiently detecting new attacks. A new graph-based method for online feature selection is proposed in this article to increase the accuracy in detecting attacks. In the proposed method, irrelevant features are first removed by inputting a limited number of instances. Then, features are clustered based on graph theory to reduce the search space. After the arrival of new instances at each stage, new clusters of features are created that may differ from the clusters created in the previous step. Therefore, to find the appropriate clusters, these two clusters are combined to select some relevant features with minimum redundancy. The evaluation results show that the proposed method has better performance, for instance classification with a lesser run time than similar online feature selection methods. The proposed method is also faster with a suitable accuracy in instances classification compared to some offline methods.
Research Article
Hamid Amiryousefi; Zahra Ahmadian
Abstract
This paper analyses the security and efficiency of some notable privacy preserving data aggregation schemes, SP2DAS, 3PDA, and EPPA. For SP2DAS and 3PDA schemes, We show that despite the designers’ claims, there are efficient forgery attacks on the signature scheme used. We present aselective forgery ...
Read More
This paper analyses the security and efficiency of some notable privacy preserving data aggregation schemes, SP2DAS, 3PDA, and EPPA. For SP2DAS and 3PDA schemes, We show that despite the designers’ claims, there are efficient forgery attacks on the signature scheme used. We present aselective forgery attack on the signature scheme of SP2DAS in the key-only attack model and a selective forgery attack on the 3PDA’s signature scheme in the known-message attack model,requiring only two pairs of message-signature. These attacks enable the attacker to inject any arbitrary faulty data into the data aggregated by the network, without being detected, which is a serious threat to the performance of the whole network. We also present an improved version of the broadcast encryption scheme used in EPPA scheme, in which the decryption key is half, the decryption complexity is half, and the ciphertext size is 3=4 of the original one. The semantic security of the proposed scheme is proved under the same assumption as the original scheme.
Research Article
Faeze Rasouli; Mohammad Taheri
Abstract
Fragile watermarking is a technique of authenticating the originality of the media (e.g., image). Although the watermark is destroyed with any small modification (tamper), it may be used to recover the original image. There is no method yet, based on our knowledge, to guarantee the perfect recovery of ...
Read More
Fragile watermarking is a technique of authenticating the originality of the media (e.g., image). Although the watermark is destroyed with any small modification (tamper), it may be used to recover the original image. There is no method yet, based on our knowledge, to guarantee the perfect recovery of small tampers. Although data-bits are embedded in Least Significant Bits of some other pixel(s), a tamper may destroy both data and authentication sets which makes recovery impossible. In this paper, a novel fragile watermarking scheme is proposed for both tamper detection and tampered image recovery. Here, all bits are reorganized in virtual pixels distributed in the image called as Distributed Pixels (DP). Distance of each pair of bits in a DP is sufficiently large. This is why; tampers smaller than a threshold, cannot destroy more than one bit of a DP. Hamming code guarantees that changing at most one bit can be perfectly detected and recovered. Then, Hamming (7,4) is extended to (8,5) to support embedding in eight-bits pixels. According to the experimental results, the proposed method could perfectly detect and recover the tampered parts not greater than a quarter of image in diameter. It also achieved acceptable performance in other conditions, compared to state-of-the-art methods.