JOURNAL OF ELECTRONIC AND CYBER DEFENCE
Year:2019 | Volume:6 | Issue:4 (24) |Papers Count:12

"Nowadays there are so many tools available for capturing the events and alerts within networks. The need for a system that could aggregate the information generated by these tools and combine them to make better decisions is strongly acknowledged. If we could predict cyber attacks and estimate their effects before they actually occur, we would be able to apply a better defense strategy and reduce the damage to our critical assets. The projection of cyber attacks is to predict them based on a certain framework using mathematical methods. One of these methods is the Transferable Belief Model (TBM). In this paper, we used the TBM to combine capability and opportunity of attackers-which are cyber attacks' projection components-to project the future situation of attacks. We have also tested our results against our customized high-level attack tracks dataset. The result of comparison between our algorithm and the previously presented algorithm at the Information Fusion Centre of Malek-Ahstar University of Technology shows an average improvement of 7%.

Throughout the history of software engineering, the existence of software defects at the heart of a system and lack of proper treatment before operational use has always led to serious personal and financial disasters. A test that can provide an appropriate coverage at the code-level of software can prevent many of these incidents. The basis path test is considered as the strongest coverage criterion in the white software box test. The prerequisite for a basis path testing is to have a set of test paths. The greater the number of test paths to be scanned, the greater the amount of software source code that will be covered and so more software holes will be discovered. As a result, a basic challenge before running a software path test is to produce the maximum test paths that can be scrolled. So far, some work has been done to maximize the number of scrollable test paths, including the GSO method, but the results indicate that the number of test paths can be greater than currently achieved. In this paper we have proposed a method to achieve this goal by a hybrid solution based on two evolutionary genetic and birds algorithms. The results of evaluations show that using the proposed solution has led to an increase in the number of scrollable test paths up to 91% comparing with the GSO method.

One of the challenges in the hardware security is withstanding cloning and hardware duplication. In fact this attack aims hardware originality so the defense mechanism should be different from common system security and algorithm protection. Applying Physically Unclonable Functions (PUFs) is one of the most effective protection methods. Physically Unclonable Functions (PUFs) are functions that generate a set of random responses when stimulated by a set of pre-defined requests or challenges. Since these challenge-response schemes extract hidden parameters of complex physical unpredictable properties of substrate materials, such as delay of interconnections and wiring in the CMOS process and devices, they are called physically unclonable functions. They are mainly used for electronic security purposes such as hardware verification and/or device authentication mechanisms, protection of sensitive intellectual property (IP) on devices and protection against insecure hardware connections and communications. PUF-based security mechanisms have some obvious advantages compared to traditional cryptography-based techniques, including more resistance against physical and side channel attacks and suitability for lightweight devices such as RFIDs. In FPGA devices, PUFs are instantiated by exploiting the propagation delay differences of signals caused by manufacturing process variations. However, real implementation of PUFs on FPGAs is a big challenge given the fact that the resources inside FPGAs are limited, and that it is not easy to simulate the behavior of PUF using existing software tools. In addition, there are a few articles that explain details of the implementation of PUFs on FPGAs. In practice, it usually takes a long time to get a simple PUF to work both in simulations and on board. In this work, we describe a practical realization of a ring-oscillator based PUF on Xilinx FPGAs and illustrate how such architecture is mapped into some FPGAs from this device family. Using this architecture, we obtain a unique 10-bit code which can be used to identify a chip between many similar devices of the same family in order to provide a reliable access control and authentication mechanism. Simulations are carried out using a dual core computer with 2 GHz clock frequency and 4 GBytes RAM memory.

Smart malware samples have two different types of behaviors, namely defensive and aggrasive which they exhibit according to environmental conditions. This article offers a new method for detection of environmental conditions suitable for exhibition of aggrasive behaviors. Considering the list of system functions, apparant in the IAT table of a malware, those APIs which are not invoked at runtime could be identified as grounds for suspecting the executable file as a malware. Analyzing the functionality and task of these APIs and the ones invoked at runtime, the conditions and resources required for the malware to reveal its malicious behavior, could be determined. In fact, supplying all the required conditions and resources requested through one or more API calls, at a run, the malware could be prepared for asking for the next possible resource in the next run. This process could be repeated as far as no more conditions or resources are looked for. In order to evaluate the suggested method, three known malware samples are analysed in our sandboxing environment, Parsa.

Radio frequency identification (RFID) has many advantages in the field of large-scale identification, including speed increase and cost reduction. For this reason, this system has many applications in the modern world and can be used as an essential tool for improving human life. Since this technology faces serious challenges in the field of security and privacy, its applications has been limited due to security concerns and delays in standardization. Given the widespread use of RFID technology in large-scale systems, and importance of privacy in these systems, this article introduces a mutual anonymous private authentication protocol (MAPAP); a protocol which adds privacy and scalability features to a mutual authentication protocol. In this new protocol the privacy is measured using the information leakage criterion and it is seen that the amount of information disclosed by this protocol when compromised is significantly less than group-based authentication. In a system with 220 tags, with the increase in the number of compromised tags, the difference in information leakage between this protocol and the group-based authentication protocol increases, such that, when the number of compromised tags in this system reaches 150, information disclosed by the proposed protocol is about 65 percent less than group-based authentication and this difference increases with increasing system size.

Threat assessment is one of the most important pillars of data fusion systems. In this paper, we use two graphical models: fuzzy cognitive map and bayesian network to implement a complete threat assessment network. The structure of this network includes numerous variables of threat assessment and relates them well to each other. Given the uncertainty in all threat assessment issues, various types of uncertainty and how to deal with them are considered in this article. A comprehensive review has also been carried out on a variety of methods for incorporating both types of fuzzy and probabilistic uncertainties and a new approach is proposed. In this method, two separated fuzzy and bayesian networks are used to consider uncertainties. The approach of the proposed method is fully described, step-by-step. Furthermore, this paper addresses the major challenges of the threat assessment problem and shows that the proposed method is capable of solving these issues. To illustrate the effectiveness of the proposed method, a set of qualitative and quantitative validation criteria is presented. As a test a scenario for air targets is simulated and the results of the proposed method are qualitatively and quantitatively compared with fuzzy cognitive map and bayesian network methods. These results indicate that the proposed method works better than other methods regarding root mean square error, total and trivial sensitivity degree and seperation degree. Moreover, the effectiveness of the proposed structure and method has been confirmed by experts in the field of battle management.

By expanding Internet-based services and developing websites, cyber threats are also increasing. One of these threats is to perform denial-of-service attacks and interfere with the services of a website. Web or application-layer service blocking attacks by creation of artificial traffic impose a heavy traffic on the web server and thus disrupt the Web service. In this research, to detect these attacks, Web server logs are classified by applying 20 second time windows and calculating the activity level and the entropy of different IPs in each time window. Using entropy variance, time windows with continuity are determined. In the next stage, through the backup machine algorithm, the network is trained to store abnormal time windows, and ultimately IP addresses that lead to blocked service attacks or service disruptions are classified and labelled. The proposed model was implemented on the EPA-HTTP standard dataset indicating improvement compared to previous studies.

The targets that either have low radar cross-section typically, or their return signal has been deliberately reduced are referred to as weak targets in radar terminology. There are several algorithms for detection of a weak moving target. When such a target is in the vicinity of a large target, the side lobes of the matched filter output due to the large target mask or hide the weak target. The adaptive pulse compression filter that uses the RMMSE estimator has the ability to detect the masked weak target. However, there are at least three factors (computational load, Doppler robustness and pulse eclipsing) which limit the practical application of RMMSE. In this paper, an optimized and integrated algorithm based on adaptive post-processing is proposed to detect targets and to overcome the challenges of RMMSE in electronic defense systems. The FFL-APCR proposed algorithm when compared qualitatively to other algorithms indicates better performance for different SNRs and various target velocities, showing that it is more suitable for implementation in real-time systems. The FFL-APCR algorithm can detect high speed and pulse eclipsed weak targets with lower computational load.

Recently, cloud computing has become very popular. Due to this popularity, the number of cloud services’ features is increasing continuously. To find a reliable provider in the cloud environment and select the best resources in the heterogeneous infrastructures, trust plays an important role. Customers distrust in cloud service providers is considered as a barrier to cloud service acceptance. This research develops a model for identifying invalid cloud service providers, in which validation is examined using cloud providers’ trust evaluation features. In this approach, in order to detect cloud providers, the neural network method with a robust hierarchical weight estimation is proposed; analytical hierarchical process is being used for its capability in finding and detecting optimal values. The simulation results indicate an error rate of 0. 055%, showing this method to be more accurate compared to the state-of-the-art methods.

Given the inefficiency of static analysis methods due to malware techniques such as code polymorphism, metamorphism, and obfuscation, and self-modifying code, leveraging dynamic and heuristic analysis methods that are based on the analysis of runtime behavior of malwares, have become particularly important. Environment-aware malware that attempts to conceal its malicious behavior through dynamic anti-analysis methods has caused problems for dynamic analysis detection methods in practice. The purpose of this study is to present an effective method for environment-aware malware detection. Regarding to split– personality of such malware behaviors, this research has proposed an effective way to detect environment-aware malware. This method is based on system call monitoring of malicious and benign samples under the two NtTrace and drstrace softwares with different monitoring techniques and calculating behavioral distances as training data to create a Support Vector Machine model. Finally, the resulted support vector machine classifier is used to detect this type of malware with an average precision, recall and accuracy up to 100%, whereas the evaluation of previous related work shows an average precision, recall and accuracy 96. 85%, 95. 68% and 96. 12%, respectively.

In this paper, we find a lower-bound for the information ratio of the cartesian product of an arbitrary tree with diameter at least 3 and a cycle Cm for every m 3. Moreover, we determine the best information ratio of the perfect secret sharing scheme based on the graph constructed from the cartesian product of a cycle of length 6 with the d-dimensional cube Qd. More precisely, it is shown that for every d 1, the information ratio of is exactly.

Intrusion detection is an important subject of research in the cyberspace field. In an Intrusion DetectionSystem (IDS), redundant and irrelevant features have a negative impact on the IDS performance. Therefore, an appropriate feature selection method is an important part of IDSs for eliminating unrelated and redundant features. In this paper, a new feature selection method is proposed that joins features level to level and step by step to select a subset of proper features in order to finally detect intrusion more accurately and speedily. The purpose of the proposed method is applying it in intrusion detection systems to distinguish a normal the connection from an intruding connection to the network. The experiments on the NSL-KDD dataset show that the proposed method in comparison with other methods selects only six important features among the 41 features in the baseline, and can detect an intrusion with precision above 99. 58% by relying only on these six features. In other words, the proposed method's failure has been 42 in 10, 000 connections of the network and has correctly identified other 9958 regular connections and labeled them as normal. Finally, improvement in the algorithm runtime and the percentage accuracy of the proposed method in comparison with other methods has been verified and reported.