JOURNAL OF ELECTRONIC AND CYBER DEFENCE
Year:2015 | Volume:2 | Issue:4 (8) |Papers Count:6

Efficient and sustainable command and control networks have appropriate management and security policies and strong security components. In this kind of networks, even professional invaders for access to sensitive files or compromising entities such as host, user, service and network, require the implementation of multi-stage attacks. Therefore using multi-stage information fusion and impact projection of cyberattacks, it is possible to prevent from interruption in network tasks and lose of important data at very early stages of them. In this paper, while providing a new architecture of the impact projection of cyber-attacks, with simulation of different patterns of this architecture in simulation environment specified for random processes, it will be shown how this architecture using high level information fusion led to improve cyber situational awareness. For simulation of random processes in the environment will be shown how this architecture using high level data integration led to the recovery of knowledge positions will be backed cyber.

Although existing Planning methods can plan under uncertainty and decentralize situation, most of them malfunction in some complicated conditions of command and control scenarios such as real time decision making, need accurate planning, bounded communication between agents, dynamic worlds and partially observable environments. Among suitable models for these situations, we can consider extended models of DEC-POMDPs such as MAOP-COMM that can handle these conditions. It is possible to improve MAOP-COMM model to do planning for agents with double precision. In this paper we have improved the algorithm of MAOP-COMM model by upgrading value function heuristic and using "two steps lookahead" in the strategy of finding best policy and making correct decision. Improved algorithm performs online planning for agents in a multi agent system in uncertain condition with better performance and high percent of correct decision making. We experiment resulted algorithm on Grid Soccer benchmark. The results obtained prove efficiently of proposed improvements.

The computer networks are always vulnerable to various attacks and these attacks are typically include identification attacks, acquire attacks and disabling services attacks. At identification attacks, the attackers attempt to gather information and identify running services, in order to achieve damage, acquiring or disabling services. Port-Knocking (PKn) is a unique method to prevent detection and exploiting vulnerable services by the attackers and in facts the aim of PKn is hiding the services from attacker's view and combat identifying attacks, while the authenticated users are allowed to access these hidden services. In this article, a new method to establish simplicity and use of existing tools at the most operating systems to eliminate specific programs for running processes and open ports PKn at any time and anywhere have been introduced. This novel PKn can create more complexity at Knock operation utilizing the specific ICMP and synchronizing by the use of web browsers, to reduce of replay attacks and eliminate the risk of DoS attacks by hidden the services. To insure the efficiency and capabilities of the proposed method, this technique is successfully implemented and ran on a MikroTik RouterOS operation system.

The increasing amount of information as well as lack of existence of sufficient computational facilities and storage in organizations have caused various management problems. These problems on the one hand and the rapid expansion of storage services on the other hand have made different organizations to use cloud storage service providers in order to store and manage their organizational information. Using such services, causes organizational information to be stored outside of the organization environment and therefore the owner have less control over its information. Therefore, security concerns will be raised. Many security solutions are proposed to deal with these security concerns, but most of these solutions have focused on a particular aspect of data life cycle such as storage phases. Understanding and considering the data life cycle as well as the challenges and the opportunities facing organizations leads to provide appropriate solutions to overcome security concerns. This paper aims at discussing and analyzing the challenges and opportunities facing organizations using data outsourcing services, and then a new architecture for the database outsourcing with regards to the data life cycle will be presented.

Use of the LORAN C system is well considered due to it's protection against gamming. the main parameter of error in this system is sky wave interference. Frequency Estimation Algorithm for estimation sky wave as the frequency estimation Algorithm (TOA) and time division of arrival are applied. Through the frequency estimation algorithm the music algorithm has the performance in the presence of noise. For performance improvement and increasing the accuracy an algorithm is proposed which is combination of TOA and TDOA. this method has less error compared to TOA and TDOA. With respect to results, it is shown that the proposed method has considerable improvement in the accuracy of estimation of sky waves the proposed method improves 12. 9 percent and 8. 9 percent the system performance compared to TOA and TDOA respectively.

Nowadays, due to the increased use of web-based applications and storage and exchange of sensitive inforamtion by this category of programs, it is necessary to detect security vulnerabilities and remove them to keep them secure against the misuse of intrusions. In most cases, the Static Analysis is especially valuable in security assurance and detection of security vulnerabilities, while dynamic analysis goal is finding and debugging the errors. In this paper, we present a new approach that detects common vulnerabilities in web applications by Probable Data Flow Analysis on Vulnerability Probability Graph. VPG is designed to consider the points with more probable to vulnerability and PDF Analysis is designed for the increase of accuracy in vulnerability detection. The proposed approach was tested on a few web applications and the results were compared with a few other tools that we observed improvement in performance in some cases.