JOURNAL OF ELECTRONIC AND CYBER DEFENCE
Year:2020 | Volume:8 | Issue:2 (30)|Papers Count:12

A Botnet is a set of infected computers and smart devices on the Internet that are controlled remotely by a Botmaster to perform various malicious activities like distributed denial of service attacks(DDoS), sending spam, click-fraud and etc. When a Botmaster communicates with its own Bots, it generates traffic that analyzing this traffic to detect the traffic of the Botnet can be one of the influential factors for intrusion detection systems (IDS). In this paper, the long short term memory (LSTM) method is proposed to classify P2P Botnet activities. The proposed approach is based on the characteristics of the transfer control protocol (TCP) packets and the performance of the method is evaluated using both ISCX and ISOT datasets. The experimental results show that our proposed approach has a high capability in identifying P2P network activities based on evaluation criteria. The proposed method offers a 99. 65% precision rate, a 96. 32% accuracy rate and a recall rate of 99. 63% with a false positive rate (FPR) of 0. 67%.

The analysis of large scale dynamic networks provides useful information for the network administrator. This plays an important role in modern societies. The prediction of missing links or possible links in the future is an important and interesting issue on social networks that can support important applications with features such as new recommendations for users, friendship suggestions, and discovery of forged connections. Many real-world social networks display communications in multi-layers (for example, several social networking platforms). In this research, the problem of link prediction in multiple networks has been studied and a new link prediction method in multiplex networks, based on unsupervized graph structure and the gravitational search algorithms is presented. Different layers of the multiplex network have been used to increase the accuracy of the proposed method and we have presented a methodology that uses information from other layers and community information where people are associated. We have provided this information in the form of a rating. These privileges, in a way, determine the prediction of the edges between individuals in these types of networks. One of the criteria for comparing predictive algorithms is to calculate the AUC for these algorithms and using this criterion for comparison accompanied by a travian data set used as a benchmark, it is seen that the AUC of our method has improved 7% compared to Adamic which is a similar method. The results demonstrate that using community information and the gravitational algorithm in layered networks improves link prediction.

Long-Range-Navigation (LORAN) transmitter is an essential part of a local positioning system (LPS) that provides high power and high precision pulses with a specific waveform. In this paper, a new method for design and implementation of the LPS transmitter, based on class I amplifiers, has been proposed. Each block of the transmitter includes MOSFET amplifier modules driven by pulse width modulation (PWM). The pulse width at each cycle has been calculated by an algorithm based on the least square method (LSM). Simulation results show that the obtained maximum zero crossing error in the 4th to 12th half-cycles is 18 ns, the generated pulse width is 4. 9 kHz and the MMSE of the pulse, which is directly proportional to the ECD, is equal to 0. 009, demonstrating that with the proposed method it is possible to produce an accurate LORAN pulse with all the required parameters. High efficiency of class I amplifiers, makes this method a good candidate for light-weighted, highly accurate and flexible tactical LPS transmitters.

Sharing secret key is an essential prerequisite of symmetric key cryptography and one way to share the key, is to agree on a secret key. In this research, we consider a source model for information theoretic secret key agreement based on the distance among the nodes. Secret key agreement based on information theory, unlike computational models, guarantees full information secrecy so that eavesdroppers receive no efficient information. The model is a basic system consisting of two legitimate users and an eavesdropper. The legitimate nodes try to agree on a reliable and secure key based on their (noisy) observation of the distance between them. The eavesdropper observes the distance, too. Since the distance between the nodes is under control of none of them, the model for secret key agreement is a source model. First, we model the distance estimation by the nodes to study the performance of the system (secret key capacity bounds). Error of distance estimation is modeled by a gaussian process with zero mean and a variance equal to the Cramer-Rao bound. Then we propose two methods to enhance system utility: artificial noise forwarding (ANF) and multi-antenna transmission (transmission in different beam directions). In the first method artificial noise is used to worsen eavesdropper's distance estimation and in the second method beacon signals are sent in different directions and the virtual distances, that is equal to total distances the beacon signal has traveled, in different beam directions are used as the randomness sources. We show that if the eavesdropper is not equipped with a multi-directional antenna, then artificial noise forwarding is a useful method while in the case of users equipped with multi-directional antenna, artificial noise forwarding leaks more information to the eavesdropper and transmitting in different directions is a suitable way to increase the secret key rate, since the eavesdropper gains little information about virtual distances and most of the observations of the legitimate nodes and the eavesdropper are independent.

Nowadays, the Hadoop open-source project with the MapReduce framework has become very popular as it processes vast amounts of data in parallel on large clusters of commodity hardware in a reliable and fault-tolerant manner. MapReduce was introduced to solve large-data computational problems, and is dependent on the divide and conquer principle. Time and scheduling are always the most important aspects, hence in the past decades in the MapReduce environment, many scheduling algorithms have been proposed. The main ideas of these algorithms are increasing data locality rate, and decreasing response time and completion time. In this research we have proposed a new hybrid scheduling algorithm (HSMRPL) which uses dynamic job priority and identity localization techniques, and focuses on increasing data locality rate and decreasing completion time. We have evaluated and compared our algorithm with hadoop default schedulers by running concurrent workloads consisting of the WordCount and Terasort benchmarks. The results show that our proposed algorithm has increased the localization rate by 10. 4% and 18. 5% and the speed by 3. 14% and 3. 3% compared to the FIFO algorithm and the Fair algorithm respectively.

One of the most important threats for computer systems and cyber space in recent years are cyber attacks, particularly the emerging obfuscated cyber attacks. Obfuscation at the attack level means change of attack, without change in the behavior and type of impact of attack on the victim. So the highlighted problems are the complexity and ambiguity of these attacks and the difficulty in detecting and issueing alarms on time. This paper suggests the acquisition and deployment of a new model of multi-stage cyber-attacks that enables network security defenders to create a deterrent to enemies in addition to timely diagnosis of cyber attacks. Using this model of attack to multi stage and obfuscate attacks, the attacker can imply false classification in the attack sequence and break the dependence between the attack warnings, actions, steps and strategies, thus making changes in the sequence of attacks. As a result, network security managers cannot easily recognize the ultimate goal of the attacker. To assess the presented model, we have used the Bayesian algorithm. The results of the research and implementation of the model indicate that the accuracy of classification (in terms of log) for the best case of clean attacks is-0. 04 whilst for multi-stage obfuscate attacks it reduces to-35. This indicates that the proposed model for multi-stage obfuscate cyber attacks is more efficient than the obfuscate logic of single-stage attacks, because of the ability to deceive intrusion detection systems and make uncertainties in penetration warnings.

This paper investigates the relationship between vulnerability types and their workarounds. Via a workaround solution, users prevent or mitigate the risk of a vulnerability without the need of eliminating it. So far, little attention has been paid to this fruitful approach, whereas workaround solutions can perform so efficiently when dealing with vulnerabilities. In this research, a proper dataset from four mostly referred vulnerability databases (OSVDB, Security Tracker, Cert CC Vulnerability Notes and NVD) is compiled. In this dataset which we have called VuWaDB, the workarounds are organized in six main categories: configuration, code modification, route alteration, elimination, access restriction and utility tools. The CWEs that the NVD was assigned to, are used to determine vulnerability types. In order to discover the relationship between vulnerabilities and their related workaround solutions, after a statistical survey, a relevant bipartite graph is constructed. The obtained results are analyzed and presented in related tables, which provide the relation between software vulnerabilities and their workarounds.

There are various parameters for conceptual design of a LORAN transmitter based on multi-level pulse width modulation (PWM), such as structural arrangement of amplifiers and number of modulation levels. The parameters should be considered in different aspects, such as implementation possibility, realization of LORAN signal standards and reliability analysis. In this paper, the overall measure of efectiveness (OMOE) indicator is used to simulate the reliability results of various open-loop LORAN transmitters based on multi-level PWM. So, by selecting the basic parameters and determining the weight of each parameter, the target value and the minimum acceptable value of each parameter, based on LORAN standards, are determined and OMOE is derived for several scenarios. The results of simulations show that the nine-level PWM arrangement is the most reliable structure. The OMOE of this structure is equal to 0. 573, 0. 506 and 0. 451 (with average of 0. 510) for the three states of all-safe amplifier blocks, and one-and two-damaged blocks, respectively. The average of this indicator for the same states are equal to 0. 455, 0. 463 and 0. 485 for pulse amplitude modulation, and seven-and eleven-levels PWM structures, respectively, which have smaller values relative to the optimum structure.

In recent years, cloud computing is becoming eminent in the field of information technology. In a cloud computing environment, there is a potential for faults. There are different methods for dealing with faults, but with regard to the features and characteristics of the cloud computing environment, the use of fault tolerance methods is the best choice for this environment. One of the biggest issues in fault tolerance methods is the efficient use of resources. The optimal use of resources is important for cloud providers and customers. Unfortunately, the optimal use of resources in fault tolerance methods has not been much considered by researchers and cloud service providers. In this paper taking into account the dependence between tasks, an attempt has been made to provide a fault tolerance method on virtual machines, which in addition to being tolerant of fault, achieves optimum use of resources. In this method, by using a priority scheduler, each task is assigned a priority, then tasks are sent by the order of priority to their virtual machines for processing. The results of simulation by the cloudsim simulator show that the proposed method has been able to improve the use of resources more than other methods and with 95% confidence intervals it has achieved (29. 15% and 22. 74%) improvement in the number of processors, (30. 76% and 22. 34%) improvement in memory usage and (29. 71% and 22. 88%) improvement in the use of bandwidth.

With the growing number of Persian electronic documents and texts, the use of quick and inexpensive methods to access desired texts from the extensive collection of these documents becomes more important. One of the effective techniques to achieve this goal is the extraction of the keywords which represent the main concept of the text. For this purpose, the frequency of a word in the text can not be a proper indication of its significance and its crucial role. Also, most of the keyword extraction methods ignore the concept and semantic of the text. On the other hand, the unstructured nature of new texts in news and electronic documents makes it difficult to extract these words. In this paper, an automated, unsupervised method for keywords extraction in the Persian language that does not have a proper structure is proposed. This method not only takes into account the probability of occurrence of a word and its frequency in the text, but it also understands the concept and semantic of the text by learning word2vec model on the text. In the proposed method, which is a combination of statistical and machine learning methods, after learning word2vec on the text, the words that have the smallest distance with other words are extracted. Then, a statistical equation is proposed to calculate the score of each extracted word using co-occurence and frequency. Finally, words which have the highest scores are selected as the keywords. The evaluations indicate that the efficiency of the method by the F-measure is 53. 92% which is 11% superior to other methods.

One of the communication platforms commonly used in C4I backing layers is the free space optical communication platform. In this paper, the modulation of polarization is proposed to strengthen the free space optical communication platform against atmospheric perturbations. In this method, instead of using conventional modulation methods such as amplitude, phase or frequency modulations, the polarization states are modulated on the optical beam. Conventional modulation methods are highly sensitive to turbulence fluctuations. Polarization modulation is highly resistant to the phase noise of laser beams and it maintains the polarization states on a long path in free space. Generally, binary polarization modulation, works better than conventional modulations by about 2 dB or more. More specifically, in this paper, different polarization modulation constellations in Poincaré are plotted and their probability of error is evaluated in different positions. Finally, the optimal states of the constellation are extracted by simulations.

In this paper, a device-based localization method is proposed based on the weighted least square error. The most important challenge in localization is the effect of non-line of sight signals (NLoS) at reference nodes which cause outliers and degrade the estimation accuracy of localization. To meet this challenge and avoid such consequences, a new method is introduced based on the combination of weighted reference nodes method and identification and elimination of the NLoS signals method. Another challenge is the dependency of NLoS signals on the transmission environment. Based on this reason, obtaining a probability density function (PDF) to analyze the behavior of NLoS signals is complex and time-consuming, specifically in device-based localization methods that run on mobile wireless targets with limited battery. Therefore, in this paper, a low-complexity method of identification and weighting of NLoS signals is proposed without requiring priority knowledge regarding NLoS bias PDFs. In this method, the frequency of reference nodes in different estimation groups is used to identify and weight the NLoS signals. Finally, the target location is modeled via a constraint non-linear optimization problem and is solved through the Lagrange method. Simulation results illustrate that the proposed method improves the performance of localization in comparison to linear and nonlinear unweighted-localization methods. In the proposed method, 35% of localization errors are lower than 0. 25 m showing approximately 30% improvement in the localization performance. Moreover, 95% of localization errors are lower than 2 m, and the performance increase by 20% in comparison to the unweighted-localization methods. In the case that the number of reference nodes is small, the proposed method provides higher reliability in the location estimation and specifically, when 35% of reference nodes are the line of sight, the estimation accuracy is increased significantly.