JOURNAL OF ELECTRONIC AND CYBER DEFENCE
Year:2018 | Volume:5 | Issue:4 (20) |Papers Count:9

"Botnet" is a network of infected computers connected to the Internet that is under management of the command and control server and is used for denial of service attacks, for sending spams and other malicious operations. The size of a botnet depends on the complexity and number of computers employed. Users usually do not know that their systems are remotely controled and abused. Botnets are attractive for cyber criminals, because they are capable of being reset for various offenses, moved to new hosting services, or they are reprogrammed in response to new developments in security. Despite the specific characteristics of each botnet, bots in a botnet exhibit homogeneous behaviors and this can be the starting point for identifying a botnet within a network. Discoverable behavior of bots in a botnet can lead to production of features and attributes. Analyzing of these features, we can classify traffic to malicious and non-malicious traffic. This approach uses network flow analysis and machine learning methods to detect peer to peer botnets. Furthermore, this approach is flow-based and analyzes features extracted from flows based on the behavior of well-known botnets such as Weasel, etc and determines that the new traffic is an attack or not.

In this paper, a new method has been presented for chaos synchronization using a nonlinear controller. In most so-far presented approaches, it is assumed that the mathematical models of the transmitter and reciever are completely the same. Due to the non-identical environmental circumstances in the transmitter and receiver and the influence of temperature on the chaotic system parameters, this assumption is not true. In this paper, a novel approach, in which uncertainties are modeled by a linear diffential equation with unknown constant coefficients, has been presented for estimation of these uncertainties. Since this function satisfies the conditions of the universal approximation theorem, it can estimate nonlinear functions with arbitrary small approximation error. However, since the coefficients are unknown, the parameters of these functions are unknown and should be estimated using the adaptation laws derived from the synchronization analysis. Simulation results verify the effectiveness of the proposed estimator. In comparison with other controllers such as fuzzy sliding mode controllers, the proposed controller response is faster. Moreover, its application in secure communications and cryptography has been studied, as well.

Software defined network (SDN) was born to make changes to existing network architectures and devices with specific function to reach an intelligent network. Recently, this networks have gained popularity in enterprise networks because of the flexibility in network service management and reduced operational cost. In this architecture, operating system and applications from the network switch are decoupled. They centralized in a virtual layer that called the controller. In the SDN, due to the centralized decision-making and resources controller limitations are exposed to all kinds of threats such as Distributed Denial of Service (DDoS) attacks. In this paper we will review SDN architecture and DDOS attacks in SDN. We proposed a novel detection and mitigation algorithm that takes advantage of unique features of the SDN architecture. In the proposed algorithm, for detecting DDOS attacks in SDN, a statistical method based on Hellinger distance and Exponential Weighted Moving Average (EWMA) technique are used. In this paper, DDOS attacks in SDN is simulated by MiniNet emulator with Pox controller. Our experiments performed in the simulator, showed the efficiency of the proposed method and its superiority compared to previous approaches.

Steganography is an information hiding application which aims to hide secret messages imperceptibly into commonly used media. In this paper, we describe an Optimal embedding method based on linear codes that conforms to least significant bit, that is, the secret data is embedded into a cover message by parity check matrix. The new method not only benefits from the field of location and detection and error correction bit stream received by the receiver, but also can increase the Resistance between 94% to 100%, the transparency (PSNR) up to 84.71, and the similarity (SSIM) up to % 9999.99.

In a strong designated verifier signature scheme, a signer can issue a signature for a special receiver; i.e. only the designated verifier can verify the validity of the issued signature. Of course, the signature scheme should be such that no third party will be able to validate the signature. In other words, the designated verifier cannot transfer the issued signature to a third party. In this article, we propose a new ID-based designated verifier signature scheme that has provable security in the random oracle model and BDH assumption. The proposed scheme satisfies all security requirements of an IDVSS. In addition, the proposed scheme protects from user's privacy and from the efficiency point of view, and more precisely, in terms of parameters such as the size of output signature and computations required for signing and verification phases. As a result, our proposed scheme is comparable with other existing schemes; in other words, the proposed scheme is a light-weight construction. Finally, we introduce some practical scenarios of the proposed scheme in the Internet of Things concept.

Ad hoc networks include some wireless nodes which do not need any pre-existing network’s substructure. The nodes communicate to each other without any infrastructure. Because of some specifications such as dynamic changes of network’s structure, presumptions trust each other and ignore the nodes' actions, Ad hoc networks are not protected against attacks of destructive nodes. In this study, a new method has been represented by combining a safe route detection method and an opposition method to destructive nodes to black hole attack countermeasure in AODV routing protocol. At the first step, the source node confirms the validity of the route reply packet sender's node by finding more than one route to the destination. When a route reply packet arrives to a source node, then that node extracts the complete route to destruction and waits for other packs of route reply. The idea of this solution is waiting to receive route reply packet from more than two nodes. In the next step, according to nodes’ manner in the network, a voting from neighboring nodes has been done and by use of predefined rules, destructive nodes are identified and destroyed. Simulations results of OMNet++simulator show some improvements of the proposed algorithm to the original AODV protocol which has been attacked by the black hole.

Search engines can be introduced as a best tool for managing, retrieving and extracting important information from a massive set of web data. These engines are scheduled to search the vast web environment and collect countless pages stored in every corner of the web. Search engines providers are always looking for improving the relationship between the results and reducing response times to users, but both of these can be influenced by the automated traffic sent by the bots. This article first defines bots and challenges of detecting them. Then, it provides a method named ‘boof’ for detecting Search robots. In ‘the boof method’, to achieve high accuracy in detecting anomaly robots, many different parameters are used to model the users’ behavior. After determining the priority of parameters in detecting users, decision tree is made and attempted to categorize users into groups of humans, bots, legal bots and the unknown. Robots detected in the decision tree, enable another part of the robot detection system to identify robots even with low request rate. This is done by detecting the botnet behavior pattern. Evaluation of the proposed method on test data shows 97.7 percent accuracy in recognizing users that this improves the accuracy of at least 9, 9 percent compared to the methods examined previously in this area. This is a significant digit that influences decision-making about 2230 users during each day.

Security is a significant issue in this world and is given several dimensions by varying circumstances. Among different security areas, cyber security can be claimed to have one of the most important places in new circumstances of this world. In this study, two virtual honeynets were designed in two different laboratories to help study unknown attacks. Other scientific datasets were also used for this purpose. Imbalanced data always cause problems for network datasets and reduce the efficiency for the prediction of minority classes. To cope with this problem, ensemble learning methods were applied in order to detect net-work attacks, and most specifically, unknown attacks, while taking advantage of different techniques and action model learning. Statistical analysis was used as the research method in order to measure the reliability and validity of the findings. Finally, statistical techniques and tests were applied to show that the algorithm designed by weighted voting that is based on the genetic algorithm has a better performance than other twelve classifiers. According to the Fisher's criterion, the proposed approach was in the first place in the actual laboratory context and in the second place in the standard data set.

In this paper, the structure of the various versions of the TETRA security protocol is investigated in the “formal model” using Proverif and Scyther automatic analysis tools. The TETRA's network security protocol is a key-exchange one, in which two parties also establish a session key while authenticating each other. This protocol also uses pre-distributed secret keys which are based on the symmetric-encryption schemes. The security analysis of the protocol has been done in the “formal model”, using the Proverif and Scyther automatic analysis tools. Firstly, eight security features including Confidentiality, Authentication, Forward Secrecy, Unknown Key-Share security, Identical Session Key, Unknown Key Security, Anonymity, and Integrity are modeled in these frameworks, and then using both of the two tools, the security of the protocol is investigated regarding the mentioned features. Comparing the results of the formal analysis of these features with the informal analysis resulted from the open sources indicates that there are new security flows in the structure of the protocol respect to “Forward Secrecy” and “integrity”. Finally, several solutions are suggested to overcome these weaknesses.