Advanced Defense Science and Technology
Year:2014 | Volume:5 | Issue:2 |Papers Count:6

In this paper, a new word-oriented stream cipher algorithm with a key length of 256 bit is designed and analyzed. The proposed algorithm is highly resistant against the known attacks. The main principles of the algorithm are based on improved word-oriented shift registers in clock control mode with cyclic period greater than 1214 2. With the improvement of certain nonlinear kernel of some algorithms, such as SNOW2 and using it as a nonlinear part of encryption, the proposed algorithm is much more resistant than other similar ciphers against distinguishing and algebraic attacks. According to the security analysis, the complexity of distinguishing attack is 9033 O(2 ) and complexity of algebraic attacks is 2839 O(2 ).

Nowadays, in spite of the presence of defence mechanisms and verification methods, parts of the security vulnerabilities still remain in systems. Therefore, protection of systems against all malicious behaviors and security attacks is nearly impossible. If the required countermeasures are not employed against the impacts of malwares, they may lead to intrusion and the violation of system security policies. On the other hand, intrusion-tolerant systems are used to increase the security of systems and software. Consideration of the trust concept among the entities can play an important role to increase the security in distributed environments such as Internet. However, like other security mechanisms, trust is vulnerable to malicious attacks. Therefore, devising methods against malicious behaviors are very important. In this paper, a trust-based approach for tolerating software against intrusion with emphasis to the relativity of trust concept is presented. So that, the precision of trust values for users in the whole system is increased, such that these values are closed to real values. The goal of the proposed approach is to diminish the challenges of absolute trust in order to make systems resilient against malicious behaviors through detecting real and non-real ideas of users and balancing them. The simulation results show that the proposed approach does not allow intruders to increase trust values unfairly and it is resilient against malicious and destructive behaviors. Furthermore, the addition of relativity to trust concept and the detection of malicious users lead to the improvement of the recommended method, comparing to the existing methods.

The passive defence strategies are used to protect the national security in the asymmetric defence conditions. The web application is one of the most widely used tools in the World Wide Web. Because of its dynamic nature, it is vulnerable to serious security risks. The discovery of cyber-attacks can be seen as a method of enhancing national resistance. Anomaly based intrusion detection is an approach that focuses on the new and unknown attacks. A method for anomaly detection in web applications using a combination of one-class classifiers is proposed. In the preprocessing phase, normal HTTP traffic is logged and features vector is extracted from each HTTP request. The proposed method consists of two steps; in the training phase, the extracted features vectors associated with each request enter the system and the model of normal requests, using combination of one-class classifiers, is learned. In the detection phase, anomaly detection operation is performed on the features vector of each HTTP request using the learned model of the training phase. S-OWA operator and other combination methods are used to combine the one-class classifiers. The data used for training and test are from CSIC2012 dataset. The detection and false alarm rates obtained from experiments, shows better results than those obtained by other methods.

Availability and continuity of information and key processes that support the core IT services􀀃 by hardening the computer systems against the attacks as a passive defence principle, has been one of the most important issues facing companies in electronic passive defences and cyber defence that are generally managed by implementing the relevant􀀃 security standards. In this research, 36 critical success factors for implementing business continuity management were extracted from the comprehensive study of literature. These indicators were sent to 83 experts, among which 64 were collected, analyzed and categorized in 9 factors after exploratory factorial analysis and also they were all approved by binomial test. Harmonic mean was used to calculate the weight of factors and components and finally a model including the effective factors and weight of their importance for organizational gap analysis to implement business continuity management system, was proposed. The proposed model was implemented and tested in two IT service provider companies.

Covert timing channels are used to transmit information through computer networks in a seamless or secret way. Inter-packet gap and packet reordering are among techniques of encoding information in covert channels. Several reports on evaluating the capacity and the robustness of covert channels are published in which the channel is evaluated using real environment field tests or by means of computational methods. Real environment field experiment lacks the repeatability property of the test and computational method is normally too simple to enable one to evaluate the channel under desired circumstances. In this paper, a hybrid coding schema is proposed compounding inter-packet gap and packet reordering techniques, and also a model for an end to end communication channel in the Internet is proposed using Coloured Petri net. The model is able to inject different types of noises such as packet loss, packet reordering, and jitter to a given traffic. The model was used to implement a controlled hybrid covert timing channel under desired noise levels. Then, the capacity and robustness of the proposed covert channel was measured using different noise scenarios. The evaluation results demonstrate that capacity and robustness of the proposed covert channel is improved compared with the previous reports. Also it is proved that the proposed model is effective for further covert channel evaluation in given circumstances.

In this article, a new method for detection and interception of Spywares specifically key loggers, blockers and screen recorders is proposed. After detecting a malicious behavior, at run time by dynamic behavioral analysis, its corresponding process and executable file are located. All the interaction of the underlying network are logged and analyzed to extract the destination and source of the stolen information which was support to be transferred by the spyware. After the malicious code is analyzed, the process in the main memory is terminated and its executable and image files are removed from the hard disk, in addition it can deliver junk information to spyware or caused diversion of its destination. The proposed method tracks and intercepts malicious code through the kernel drivers belonging to the operation system. In this way, all the system functions in user mode and all the limitations and constraint imposed by the operating system can be bypassed and ignored. In this article, the security of the proposed method is also considered and a new method for interception of blockers and construction of secure virtual keyboards is presented. In this way, the main target of the proposed method to secure the operation system environment of any spywares can be achieved. Finally, the accuracy of detection and success reaction against spywares are evaluated. The accuracy was 96% and reaction rate was 100%. Comparing these results with top famous anti-spyware application proved that the proposed methods is competitive and is better in some features.