JOURNAL OF ELECTRONIC AND CYBER DEFENCE
Year:2022 | Volume:10 | Issue:2|Papers Count:12

In passive defense, communication security is very important. Free space optic (FSO) communication has a lot of advantages such as high security and high bandwidth, but it suffers from atmospheric turbulence. For the mitigation of this effect on FSO performance, some methods have been proposed, such as adaptive rate (AR) transmission and automatic repeat request (ARQ). In this paper, the performance of hybrid multi-layer design FSO/RF systems with AR transmission and ARQ, in different atmospheric turbulence conditions is evaluated using the ℳ distribution model for the optical channel. For two designs (namely multi-layer with AR and standard-ARQ, and multi-layer with AR and frame combining ARQ), the spectral efficiency (SE) criteria, the average expected number (AEN) and the level crossing rate (LCR) have been compared. The simulation results show that at the first transmission rate, the maximum LCR= 80, occurs at SNRs 6dB and 2dB, for the first and second designs, respectively. Also, at average spectral efficiency (3. 5 bits /sym) and at the persistence level k=2, the maximum LCR= 80 occurs at the SNRs equals to 25dB and 20dB, for the first and second designs, respectively,which shows the advantages of the second design over the first, although these advantages are achieved at higher costs. For example, when SNR equals to 20 dB, the average expected number is 1. 00057 in the first and 1. 35 in the second design, which indicates the higher energy consumption of the second design.

The number of cyber-attacks affecting power systems and leading to physical and economic damages has grown rapidly over the last decade. Among the most significant types of cyber-attacks, are the class of false data injection attacks (FDIAs) which affect the power network monitoring systems. FDIAs endanger the power grid with manipulating the power system state estimation (SE). Also, the electricity theft has recently become another purpose of the FDAIs. Machine learning based methods are known as one of the FDIAs detection approaches. In this paper, first, using the deep auto-encoder method, the dimensions of the problem and the number of data entry for problem classification and detection are reduced. Then, by employing the support vector machine (SVM) approach and the data learning method, the procedure of cyber-attack detection is formed. Also, the precision of the proposed approach is improved by changing the number of data being trained. The presented method is evaluated on the IEEE 14 and 118 bus systems. The obtained simulation results demonstrate that the new method can successfully be applied for an accurate and effective detection of FDIAs.

Using the ad hoc approach is one of the desirable options for configuration of wireless networks because of the features such as distributed management between nodes, facilitating their entry and exit into the network and the possibility of better mobility. This scheme leads to the dynamic behavior of the traffic generated by applications in such networks, which affects the issue of network management and traffic control between nodes. Identifying and classifying the network traffic can help to deal with these challenges in wireless networks. Because conventional traffic detection and classification methods are not able to provide proper performance with such traffic, applied machine-learning-based methods can improve the detection and classification performance. As the precision required to find a specific network traffic implies a high probability of detection, and the elimination of wrong decisions needs the false alarm rate reduction, in this paper a new hybrid method, based on the combination of machine learning methods is introduced to increase the accuracy and efficiency of identifying and classifying traffic in ad hoc wireless networks based on purposeful combination of various machine learning methods. The results show that in addition to improving the evaluation criteria of traffic classification, the proposed method increases the detection probability and reduces the false alarm rate, in comparison to the cases where only a single machine learning method is used.

Using the ad hoc approach is one of the desirable options for configuration of wireless networks because of the features such as distributed management between nodes, facilitating their entry and exit into the network and the possibility of better mobility. This scheme leads to the dynamic behavior of the traffic generated by applications in such networks, which affects the issue of network management and traffic control between nodes. Identifying and classifying the network traffic can help to deal with these challenges in wireless networks. Because conventional traffic detection and classification methods are not able to provide proper performance with such traffic, applied machine-learning-based methods can improve the detection and classification performance. As the precision required to find a specific network traffic implies a high probability of detection, and the elimination of wrong decisions needs the false alarm rate reduction, in this paper a new hybrid method, based on the combination of machine learning methods is introduced to increase the accuracy and efficiency of identifying and classifying traffic in ad hoc wireless networks based on purposeful combination of various machine learning methods. The results show that in addition to improving the evaluation criteria of traffic classification, the proposed method increases the detection probability and reduces the false alarm rate, in comparison to the cases where only a single machine learning method is used.

Nowadays, similar texts recognition is a subject with many applications and due to its significance, has been analyzed and studied in various languages by researchers. In the past, sentences were often used as a set of words to be understood by computer systems. But today, with the spread of technology and the use of deep neural networks, the main concept of sentences can be extracted from the sentences themselves. Therefore, achieving a model that can encode sentences and extract the main concept of the sentence as accurately as possible is one of the essential needs for this purpose. This paper intends to use deep learning methods to evaluate the degree of semantic similarity between sentences. As the deep learning methods need many data, this paper employs an inter-linguistic mapping idea. The proposed method maps an English word embedding vector space into Persian, and Persian sentence similarity is calculated by a trained model in English and finally the outcome is compared with human scores. The results of the proposed method show the accuracy of the proposed system to be 89%, which is superior to other deep learning models.

Fuzzing means repeatedly running the program being tested, by modified inputs, with the aim of finding its vulnerabilities. If the program has a complex input structure, generating modified inputs for fuzzing is not an easy task. The best solution in such cases is to use the input structure of the program under test to produce accurate test data. The problem is that the input structure documentation of program under test may not be available. Human understanding of such complex structures is also hard to achieve, costly, time consuming, and prone to errors. To overcome to above problems, this research proposes the use of machine learning and deep neural networks, which automatically learn the complex structures of program inputs and generate test data tailored to this structure. One of main challenges in this field is choosing the appropriate deep learning model which suits the intended application. In this paper, suitable deep learning models for learning and test data generation in file-based fuzzers are studied. Also, the evaluation is performed by introducing and applying the appropriate performance evaluation parameters. So the recurrent neural network and its derivations are introduced as the best deep learning models for text data. Also, effective parameters considered for performance evaluation include the training time, loss value in training and evaluation time. The loss value as the main parameter is evaluated once in various deep learning models with same structure and again in the same deep learning models with various structures and the best deep learning model is selected and proposed.

With the development of web application software, the lack of access to the application layer and web platform features has become the challenge of conventional intrusion detection systems against web-based attacks. The proliferation of PHP server-side languages has led to the creation of unreliable applications and security issues in this language’s software. Remote code execution attack is one of the most important web attacks due to allowing remote access to the processor device and executing the operating system shell commands. Modifying the architecture of network layer intrusion detection systems to the application layer and applying a layered detection approach using the detections methods based on the signature and behavior in PHP application software, facilitates the detection of remote code execution attacks. In this research, remote code execution attacks are detected using the layered approach of PHP web application intrusion detection system, with 90. 4% and 95% accuracy in the signature and behavior based approaches respectively.

The EEG-based guilty knowledge test (GKT) is one of the most frequent lie detection methods. Recurrence plot analysis is a conventional chaotic signal processing method applied in different lie detection studies. One of the most important challenges of this method is selecting the appropriate threshold as the criterion of state recurrence in the phase space. Inappropriate selection of this threshold significantly affects the performance of this method. So in this study, the fuzzy recurrence plot is applied to overcome this challenge. This method is applied to transform EEG trials into grayscale texture images. Then, the gray-level co-occurrence matrix (GLCM) is used to extract the texture features from these images. Finally, The extracted features are classified using the K-NN classifier. The classification results of the 4-D feature vectors with 90% accuracy indicate the superiority of this method compared to the classic RQA method with 13-D feature vectors. This reduction in feature vector dimension improves the train and test speed and generalization of the KNN as a lazy learner. Moreover, the subject-based EEG-trial processing approach of this research eliminates the need for data set from various subjects and the only data set required to determine the sincerity of each subject is solely its own data set.

The detection of slippery road conditions is one of the main factors needed in order to increase the road and passenger safety, as well as the development of autonomous vehicles and related technologies. In this regard, various researches have been done with different methods and sensors, using data in the different forms of image, sound and wave frequencies. In this article, we have detected the slippery road condition without the use of expensive sensors and methods by using CCTV images of the roads and based on convolutional neural networks. The main idea of this research is the use of transfer learning approach. Therefore, first, the importance and benefits of using transfer learning are presented in the form of network training with InceptionNetv3 architecture. In the next step, a ResNet50 CNN and a recurrent neural network are combined using a new framework called GFNet and are trained by using transfer learning. Finally, a tool with the ability to detect the road surface, in three classes of dry, wet and snow, has been obtained with an accuracy of 96. 33%.

Today, large-scale vehicles are scattered in different parts of the city and therefore need to be controlled by programmed systems. Automatically finding vehicles in the images and categorizing them is complicated because vehicles come in so many different shapes, colors, and models, and their designs are so different. Therefore, different methods of image analysis have been proposed to solve this problem. But there are some challenges such as the multiplicity of images in a scene, the coherence of the image of the vehicle and the image background, the presence of noise in the images and the tolerance to changes in light. In recent years, the use of deep neural networks has been proposed as an effective tool in identification despite the diversity of environmental conditions and objects. But the challenge of using deep neural networks is their high computational load. In this paper, a new approach is used to identify the type of vehicles, which uses a combination of VGG neural network and the Yolo image separation and tracking algorithm. This method improves the challenges of the previous methods and also reduces the computational load. The images are taken from two databases, ImageNet and COCO, and these databases are used to train and test the neural network. The results show that the designed system solves many problems well, including the speed of vehicle detection and the problem of computational load. The detection accuracy has increased by 2 to 3% compared to previous systems and has reached about 98%. The advantages of this approach include high-quality image detection and the use of a YOLO algorithm with an acceptable speed in detecting the type of vehicle.

Cyber deception technology is a part of the process of identifying and responding to incidents. This technology helps the security team identify and analyze advanced threats by persuading an attacker to strike fake resources. The deception approach is to create a high-precision warning about high-risk behaviors. Deception occurs in a variety of ways, including an active defense approach. Active defense is an approach that is based on the establishment of measures to detect, analyze, identify and reduce threats to communication systems and networks in real time by default, which ultimately leads to cyber security. To better understand the techniques used in active defense, we can mention the Honeypot. The Honeypot is a trick that is deliberately placed on the net to be explored by an attacker in order to record, track and analyze the activities performed. In this project, we have used a low-interaction Honeypot to identify malicious activities. Using these technologies and strategies, we have designed an active cyber defense system (SDF). Taking into account the IP, this system has the capability of monitoring and real-time detection of abnormalities that occur in the form of functional level of attackers. Both the cyber deception and the honeypot concentrate on trapping the attacker by misleading, confusing, and etc. But active cyber deception (SDF) technology is an evolution of Honeypot, extending its limited capabilities.

The growing number of malware is one of the major threats in the field of cyber and malware detection has always been associated with challenges. Windows-based malicious executable files perform malicious activities at the target operating system level or any other application by manipulating features in their header and obscuring their behavior. Detecting suspicious specimens from a large volume of input samples as well as discovering new and unknown malware is one of the researchers' favorite topics. In this study, a combined method has been proposed to determine the level of maliciousness of suspicious executable files. Kashef's proposed method consists of two static modules for extracting executable file header properties, and two behavioral modules for extracting signature-generating properties and a thoughtful behavioral model based on machine learning methods. The purpose of this study is to identify suspicious Windows executable files from a large volume of files and determine their maliciousness level. This method detects malware based on the maliciousness probability assigned to each file. Experiments have been done to determine the malignancy percentage of six malware by four types of detectors. The results show the malignancy percentage for the PE header detector module, to be in the range of 62. 7 to 70% and for the Yara-based detector module, to be in the range of 70. 8 to 78. 2%, whilst for the behavioral signature-based detector module, the malignancy percentage is 98% and for the ML-based detector module using the random forest learning algorithm it is equal to 99%. The experimental results also show that Kashef detected 94% of protected malware with a 2% improvement compared to the achievements of 10 similar rival products, and it detected 98% of unprotected malware, demonstrating a 5% improvement compared to counterpart results of 10 similar products.