JOURNAL OF ELECTRONIC AND CYBER DEFENCE
Year:2020 | Volume:7 | Issue:4|Papers Count:12

Nowadays, botnets have become an inconsistency in the process of exchanging information and tampering network resources. Botnet detection methods have always faced challenges and have been investigated and promoted as subjects of research. The main characteristics of botnets is the command and control (C&C) channel through which a botmaster sends malicious commands to the victim's system. By detecting the C&C channel of a botnet, the botnet is not essentially able to communicate with the botmaster and loses its efficiency. For this reason, botmasters try to evade detection by using a variety of methods. Covert command and control channel is a concept that the new generation of botnets use to hide their communications. In this paper, a Botnet is proposed, in which botmaster’ s commands are sent by using Inter Packet Delays (IPDs) and their sequences. The commands are sent via a timing-based covert command and control channel. In the following, a detection method is proposed by applying the concept of group activity of bots. A three-layer architecture is proposed which consists of traffic data collection and processing, pattern processing, and two-step detection methods. Using the two-step detection method including similarity matrix and entropy, hosts infected with the bot are detected. To evaluate the method, five covert timing channels are simulated and each of them is used to send botmaster commands. The results of the experiments showed the effectiveness of the detection method with the minimum number of two bots in the network.

In this paper, we call a hypergraph constructed by (non) binary linear\nonlinear codes a code-based hypergraph and study its properties. A transitive equivalence relation on any arbitrary code (as vertices) and its equivalence classes is defined as hyperedges of a hypergraph. This transitive relation, transfers the original information considered as a special code from the source in a form of subsets of special codes to hyper edges and therefore as a result, it puts each hyper edge in a one to one correspondence with a subset of special code. This research, shows that any transitive equivalence relation on codes provides a code-based hypergraph structure, and the significance of this topic is that the information in the form of linear\nonlinear codes can be transferred in different ways. Finally, this study relates code-based hypergraphs to code-based graphs via a binary relation, so that one could study and use its importance and application in different networks. In addition, one example of its application is introduced and described in wireless sensor networks.

Signal identification’ s intrinsic application is in the military field, where the detection, analysis and identification of unknown signals from potentially hostile communication sources is a vital task in signal interception, radio surveillance, interference identification and mitigation, and electronic warfare. So signal identification has continued to be a major part of intelligent radios employed in military wireless communications up to present. With the deployment of the MIMO, new and challenging signal identification problems have emerged, which did not exist for single antenna systems. An example of identifying these types of signals is identifying the space-time block (STBC) code in the MIMO-OFDM system. MIMO-OFDM systems have different types, three of which are identified in this paper. These three types of systems include SM-OFDM, AL-OFDM, STC3-OFDM. Previously, these three types of systems were identified by the second-order moment of the signal method. In this paper, this identification is performed by the second-order rotating stationarity of the signal. This method can perform better in lower SNRs. In addition, the proposed method provides good performance with low sensitivity to time offset and channel conditions.

One of the most challenging issues in the field of hardware security is to protect the hardware from reverse engineering, counterfeiting and cloning. Using Physically Unclonable Functions (PUFs) is among the most efficient ways to improve security against these kinds of threats. In this work, we used a multiplexer-based or the so-called arbiter PUF to improve resilience of FPGAs from Xilinx family against these types of compromises. At first, a 32-bit random code was generated as the initial seed for a linear feedback shift register (LFSR). Then, a 64-bit unique authentication code was generated by XORing the outputs of the shift register and outputs of a ring oscillator-based random number generator and passing out the result from the Von Neumann corrector. The scheme is implemented in such a way that the generated code is robust against reverse engineering or modeling, and therefore is unrecoverable. The implementation results, on Side-Channel Attack User Reference Architecture (SAKURA G-II) which includes XC6SLX75 demonstrated that the design utilizes almost 15% of FPGA resources to generate a 64-bit unique authentication code.

The International Data Encryption Algorithm (IDEA)is a symmetric block Cipher with 64 block size and a 128-bit secret key. This algorithm maps a 64-bits plaintext into 64-bits ciphertext in 8. 5 encryption rounds. This algorithm has so far been resistant against most known attacks. In this paper, the resistance of IDEA algorithm against correlation power side channel attack is evaluated. By implementing this algorithm on PIC micro controller platform, several samples of power consumption were measured during processing. The results of analyzing the measured samples indicate the resistance of the algorithm to the correlation power side channel analysis.

Systolic architecture is one of most important parallel processing architectures. In the systolic array, ALU units are arranged as an array. This array acts synchronously and executes the recursive equations in parallel by applying the proper input. In this paper, the systolic array for the SL0 is designed and simulated. Simulation results showed that the implementation of this algorithm with a single processor, assuming 4 clocks for executing each recursive equation, requires 4N ^ 3 + 9. 7N ^ 2 + 3. 2N + 18 clocks, while doing it with a systolic array requires 48n + 32 clocks due to parallel computing and pipelines.

Complex malwares which infiltrate systems in a country’ s critical infrastructure with the purpose of destruction or espionage are major threats in cyber space. What is presented in this article is a smart solution to discover zero day worms which can be polymorphic and encrypted and their nature is still unknown to defense tools. To do this, we first outlined our desirable detector and then presented a solution based on data mining methods for detecting malicious extensions with the emphasis on worm’ s scanning feature, communication model of the infected hosts and the packets’ headers transmitted across the network. By clustering clean data, and using clean and contaminated data classifications, experimental samples and the C5 decision tree, we managed to present the best model with an accuracy of 94. 49%, precision of 92. 92%, and a recall of 94. 70% in identifying infected packages from the clean ones. Finally, we also showed that the use of clustering in the patterns of clean hosts’ traffic could reach better results in identifying infected traffic.

In Cyber Security Analysis, in addition to data and information obtained from machine-based sensors like intrusion detection systems, firewalls and vulnerability scanners (hard data), human observations and conclusions from world's state including problems reported by users and network administrators, and assessments made by security analysts about network security status (soft data), can be used to obtain more accurate and more reliable estimation and decision. Hard and soft data fusion in cyber security analysis has many challenges such as framework design for problem modeling and representation of different types of uncertainty. This paper presents a new model based on ontology for fusion of hard and soft data in cyber security analysis. First, the concepts and problem variables are modeled and then the inference of assets’ security status is made by using a set of rules. Also, for fusion of data and unified modeling of different uncertainties, transferable belief model (TBM) and Dempster-Shafer combination rule are used. Results of applying the proposed model in a sample scenario of cyber security analysis show its operability for hard and soft data fusion. Considering the extensibility of ontology and knowledge base, high flexibility and dynamism are characteristics of the proposed model.

One of the most important threats of recent years in computer systems and cyber space is ambiguous cyber-attack. Obfuscation at the level of attack means change of attack, without change in behavior and change in the type of impact of attack on the victim. In this paper, a new classification method has been proposed for modeling cyber attacks, a method based on the technique of insertion attacks. In this method, by increasing the wrong classification in attack strategies, the dependency between the warnings and precautions is separated; so, by increasing the length of the attack, network security managers cannot easily distinguish cyber-attacks. The proposed model is based on Bayesian algorithm. Tables and the assessment figures show the proper formulation of the mechanisms provided for the sequence of attacks so that the detection of obfuscation attacks is far less likely than clean attacks. By increasing the sequence of attacks, the correct classification accuracy tends to zero. The proposed method for obfuscation of the attacks due to the ability to mislead the intrusion detection systems and to create uncertainty in the sequence of the observed attacks, has better performance than the obfuscation logic at both code and action level.

Human errors in design and configuration of networks and systems are potentials for attacks. Security Operation Center often used in wide networks, is a solution for continuous monitoring and detection, and human workers have key role in it. Through study of visualization subject and comparison between commercial samples of SOCs, this paper proposed a method that helping early detection in wide networks. The proposed method (MAPSA) is adding a cyber-attack real-time visualization module in SOC which SOC's analyzers may use it to early decide about modifications requirement in networks. This method leads to human error reduction, growth of personnel's effectiveness and increase in speed of modification. Therefore decreases the effects of attacks on wide networks.

The ability in Unmanned Aerial Vehicle Guidance and Control has become an important priority in the air defense field of any country, as one of the modern tools of technology in aerospace systems. In this paper, a group of networked UAVs are considered that follow closely the same objectives. The UAVs communicate with each other and exchange important information such as their velocities and positions with other members in the network. For this purpose, the controller is designed in a distributed approach. Due to the nature of the system, the distributed optimization algorithm is used to implement the network structure as well as to reduce the volume of computation. There are many challenges in the networked system and its optimal solution, such as maintaining optimal arrangement, communication delay and efficient use of energy. It is necessary that the designed controller holds the appropriate performance in the presence of aforementioned challenges. Finally, simulations are carried out in the Matlab software for investigating the performance of the proposed approach. The results indicate a higher rate of convergence and a more acceptable rate of delay compared to previous methods.

While private clouds provide high security and low cost for scheduling workflow, public clouds in addition to higher costs, are potentially exposed to the risk of data and computation breach. However, in real world, needs for high performance resources and high capacity storage devices encourage organizations to use resources in public clouds. Task scheduling, therefore, is one of the most important challenges in cloud computing. In this paper, whilst considering the security issue, a new scheduling method is proposed for workflow applications in hybrid cloud. Specifically, sensitivity of tasks, which has been considered in recent works, as well as security requirement for data and security strength for both resources and channels are taken into account. The proposed scheduling method is implemented in improved Particle Swarm Optimization (PSO-WSCS) algorithm. The goal function, is minimizing the security distance of data and workflow from security strengths of resources and channels such that time and budget constraints are observed. The proposed PSO-WSCS algorithm, which is based on original PSO with some modifications, is compared with three similar scheduling algorithms, namely VNPSO, MPSO and MPSO-SA, in hybrid cloud. Evaluations show the effectiveness of our algorithm in finding resources whose security aspects have high resemblance to the security requirements. This is displayed by an average improvement of 40% in the studied samples.