Abstract: Considering the complexities involved in Cloud computing, there are still plenty of issues that affect the privacy of data in cloud environment. Unless these problems get solved, we think that the problem of preserving privacy in cloud databases is still open. In tokenization and homomorphic cryptography based solutions for privacy preserving cloud database querying, there is possibility that by colluding with service provider adversary may run brute force attacks that will reveal the attribute values.
In this paper we propose a solution by defining the variant of K –means clustering algorithm that effectively detects such brute force attacks and enhances privacy of cloud database querying by preventing this attacks.
Abstract: Superfine pigments that consist of natural and artificial pigments and are made of mineral soil with special characteristics are used in cementitious materials for various purposes. These pigments can decrease the amount of cement needed without loss of performance and strength and also change the monotonous and turbid colours of concrete into various attractive and light colours. In this study, the mechanical strength and resistance against chloride and halogen attacks of cement mortars containing ceramic nano-pigments in an affected environment are studied. This research suggests utilisation of ceramic nano-pigments between 50 and 1000 nm, obtaining full-depth coloured concrete, preventing chlorine penetration in the concrete up to a certain depth, and controlling corrosion in steel rebar with the Potentiostat (EG&G) apparatus.
Abstract: A novel copy-move image forgery, CMIF, detection method is proposed. The proposed method presents a new approach which relies on electrostatic field theory, EFT. Solely for the purpose of reducing the dimension of a suspicious image, the proposed algorithm firstly performs discrete wavelet transform, DWT, of the suspicious image and extracts only the approximation subband. The extracted subband is then bijectively mapped onto a virtual electrostatic field where concepts of EFT are utilized to extract robust features. The extracted features are invariant to additive noise, JPEG compression, and affine transformation. Finally, same affine transformation selection, SATS, a duplication verification method, is applied to detect duplicated regions. SATS is a better option than the common shift vector method because SATS is insensitive to affine transformation. Consequently, the proposed CMIF algorithm is not only fast but also more robust to attacks compared to the existing related CMIF algorithms. The experimental results show high detection rates, as high as 100% in some cases.
Abstract: In today’s heterogeneous network environment, there is a growing demand for distrust clients to jointly execute secure network to prevent from malicious attacks as the defining task of propagating malicious code is to locate new targets to attack. Residual risk is always there no matter what solutions are implemented or whet so ever security methodology or standards being adapted. Security is the first and crucial phase in the field of Computer Science. The main aim of the Computer Security is gathering of information with secure network. No one need wonder what all that malware is trying to do: It's trying to steal money through data theft, bank transfers, stolen passwords, or swiped identities. From there, with the help of our survey we learn about the importance of white listing, antimalware programs, security patches, log files, honey pots, and more used in banks for financial data protection but there’s also a need of implementing the IPV6 tunneling with Crypto data transformation according to the requirements of new technology to prevent the organization from new Malware attacks and crafting of its own messages and sending them to the target. In this paper the writer has given the idea of implementing IPV6 Tunneling Secessions on private data transmission from financial organizations whose secrecy needed to be safeguarded.
Abstract: Several review papers exist in literature related to the concrete containing mineral admixtures; however this paper reviews the durability characteristics of the concrete containing fly ash (FA), silica fume (SF), ground granulated blast furnace slag (GGBS), metakaolin (MK) and rice husk ash (RHA). Durability related properties reviewed include permeability, resistance to sulfate attack, alkali-silica reaction (ASR), carbonation, chloride ion penetration, freezing and thawing, abrasion, fire, acid and efflorescence. From review of existing literature, it is found that permeability of concrete depends upon the content of alumina in mineral admixtures, i.e. higher the alumina content, lesser the permeability which results higher resistance to sulfate and chloride ion penetration. Highly reactive mineral admixtures prevent more ASR and reduce efflorescence. The carbonation increases with the mineral admixtures because higher water binder ratio and lesser content of portlandite in concrete due to pozzolanic reaction. Mineral admixtures require air entrainment except MK and RHA for better resistance to freezing and thawing.
Abstract: In recent years intrusions on computer network are the major security threat. Hence, it is important to impede such intrusions. The hindrance of such intrusions entirely relies on its detection, which is primary concern of any security tool like Intrusion detection system (IDS). Therefore, it is imperative to accurately detect network attack. Numerous intrusion detection techniques are available but the main issue is their performance. The performance of IDS can be improved by increasing the accurate detection rate and reducing false positive. The existing intrusion detection techniques have the limitation of usage of raw dataset for classification. The classifier may get jumble due to redundancy, which results incorrect classification. To minimize this problem, Principle component analysis (PCA), Linear Discriminant Analysis (LDA) and Local Binary Pattern (LBP) can be applied to transform raw features into principle features space and select the features based on their sensitivity. Eigen values can be used to determine the sensitivity. To further classify, the selected features greedy search, back elimination, and Particle Swarm Optimization (PSO) can be used to obtain a subset of features with optimal sensitivity and highest discriminatory power. This optimal feature subset is used to perform classification. For classification purpose, Support Vector Machine (SVM) and Multilayer Perceptron (MLP) are used due to its proven ability in classification. The Knowledge Discovery and Data mining (KDD’99) cup dataset was considered as a benchmark for evaluating security detection mechanisms. The proposed approach can provide an optimal intrusion detection mechanism that outperforms the existing approaches and has the capability to minimize the number of features and maximize the detection rates.
Abstract: Cyber terrors against specific enterprises or countries have been increasing recently. Such attacks against specific targets are called advanced persistent threat (APT), and they are giving rise to serious social problems. The malicious behaviors of APT attacks mostly affect websites and penetrate enterprise networks to perform malevolent acts. Although many enterprises invest heavily in security to defend against such APT threats, they recognize the APT attacks only after the latter are already in action. This paper discusses the characteristics of APT attacks at each step as well as the strengths and weaknesses of existing malicious code detection technologies to check their suitability for detecting APT attacks. It then proposes a network-based malicious behavior detection algorithm to protect the enterprise or national networks.
Abstract: Three-party password authenticated key exchange (3PAKE) protocols are widely deployed on lots of remote user authentication system due to its simplicity and convenience of maintaining a human-memorable password at client side to achieve secure
communication within a hostile network. Recently, an improvement of 3PAKE protocol by processing a built-in data attached to other party for identity authentication to individual data was proposed by some researchers. However, this paper points out that the improved 3PAKE protocol is still vulnerable to undetectable on-line dictionary attack and off-line dictionary attack.
Abstract: Study on corrosion propensity of welded mild steel- bar in soil media around the coastal area of University of Lagos has been carried out using gravimetric method. Six (6) samples each for welded and unwelded mild steels were cut, their initial weights were recorded and buried in two selected soil. The weight losses of these coupons were measured at regular intervals for a period of six months (180 days).
The corrosiveness of the soil media varied widely depending on the potency level of its constituents. The results revealed that soil in the studied area have marked variations in composition and contents. Soil medium with a lower pH and higher chloride ion concentration aggressively attacked the coupons with the welded steel coupon corroding faster than unwelded one. The medium resistivity to the flow of current is another strong factor affecting corrosion rate.
Abstract: Signature amortization schemes have been introduced
for authenticating multicast streams, in which, a single signature is
amortized over several packets. The hash value of each packet is
computed, some hash values are appended to other packets, forming
what is known as hash chain. These schemes divide the stream into
blocks, each block is a number of packets, the signature packet in
these schemes is either the first or the last packet of the block.
Amortization schemes are efficient solutions in terms of computation
and communication overhead, specially in real-time environment.
The main effictive factor of amortization schemes is it-s hash chain
construction. Some studies show that signing the first packet of each
block reduces the receiver-s delay and prevents DoS attacks, other
studies show that signing the last packet reduces the sender-s delay.
To our knowledge, there is no studies that show which is better, to
sign the first or the last packet in terms of authentication probability
and resistance to packet loss.
In th is paper we will introduce another scheme for authenticating
multicast streams that is robust against packet loss, reduces the
overhead, and prevents the DoS attacks experienced by the receiver
in the same time. Our scheme-The Multiple Connected Chain signing
the First packet (MCF) is to append the hash values of specific
packets to other packets,then append some hashes to the signature
packet which is sent as the first packet in the block. This scheme
is aspecially efficient in terms of receiver-s delay. We discuss and
evaluate the performance of our proposed scheme against those that
sign the last packet of the block.
Abstract: A novel behavioral detection framework is proposed
to detect zero day buffer overflow vulnerabilities (based on network
behavioral signatures) using zero-day exploits, instead of the
signature-based or anomaly-based detection solutions currently
available for IDPS techniques. At first we present the detection
model that uses shadow honeypot. Our system is used for the online
processing of network attacks and generating a behavior detection
profile. The detection profile represents the dataset of 112 types of
metrics describing the exact behavior of malware in the network. In
this paper we present the examples of generating behavioral
signatures for two attacks – a buffer overflow exploit on FTP server
and well known Conficker worm. We demonstrated the visualization
of important aspects by showing the differences between valid
behavior and the attacks. Based on these metrics we can detect
attacks with a very high probability of success, the process of
detection is however very expensive.
Abstract: In this paper, we present a non-blind technique of
adding the watermark to the Fourier spectral components of audio
signal in a way such that the modified amplitude does not exceed the
maximum amplitude spread (MAS). This MAS is due to individual
Discrete fourier transform (DFT) coefficients in that particular frame,
which is derived from the Energy Spreading function given by
Schroeder. Using this technique one can store double the information
within a given frame length i.e. overriding the watermark on the
host of equal length with least perceptual distortion. The watermark
is uniformly floating on the DFT components of original signal.
This helps in detecting any intentional manipulations done on the
watermarked audio. Also, the scheme is found robust to various signal
processing attacks like presence of multiple watermarks, Additive
white gaussian noise (AWGN) and mp3 compression.
Abstract: This paper investigates the encryption efficiency of RC6 block cipher application to digital images, providing a new mathematical measure for encryption efficiency, which we will call the encryption quality instead of visual inspection, The encryption quality of RC6 block cipher is investigated among its several design parameters such as word size, number of rounds, and secret key length and the optimal choices for the best values of such design parameters are given. Also, the security analysis of RC6 block cipher for digital images is investigated from strict cryptographic viewpoint. The security estimations of RC6 block cipher for digital images against brute-force, statistical, and differential attacks are explored. Experiments are made to test the security of RC6 block cipher for digital images against all aforementioned types of attacks. Experiments and results verify and prove that RC6 block cipher is highly secure for real-time image encryption from cryptographic viewpoint. Thorough experimental tests are carried out with detailed analysis, demonstrating the high security of RC6 block cipher algorithm. So, RC6 block cipher can be considered to be a real-time secure symmetric encryption for digital images.
Abstract: Vehicular Ad-hoc Network (VANET) is taking more
attention in automotive industry due to the safety concern of human
lives on roads. Security is one of the safety aspects in VANET. To be
secure, network availability must be obtained at all times since
availability of the network is critically needed when a node sends any
life critical information to other nodes. However, it can be expected
that security attacks are likely to increase in the coming future due to
more and more wireless applications being developed and deployed
onto the well-known expose nature of the wireless medium. In this
respect, the network availability is exposed to many types of attacks.
In this paper, Denial of Service (DOS) attack on network availability
is presented and its severity level in VANET environment is
elaborated. A model to secure the VANET from the DOS attacks has
been developed and some possible solutions to overcome the attacks
have been discussed.
Abstract: The goal of a network-based intrusion detection
system is to classify activities of network traffics into two major
categories: normal and attack (intrusive) activities. Nowadays, data
mining and machine learning plays an important role in many
sciences; including intrusion detection system (IDS) using both
supervised and unsupervised techniques. However, one of the
essential steps of data mining is feature selection that helps in
improving the efficiency, performance and prediction rate of
proposed approach. This paper applies unsupervised K-means
clustering algorithm with information gain (IG) for feature selection
and reduction to build a network intrusion detection system. For our
experimental analysis, we have used the new NSL-KDD dataset,
which is a modified dataset for KDDCup 1999 intrusion detection
benchmark dataset. With a split of 60.0% for the training set and the
remainder for the testing set, a 2 class classifications have been
implemented (Normal, Attack). Weka framework which is a java
based open source software consists of a collection of machine
learning algorithms for data mining tasks has been used in the testing
process. The experimental results show that the proposed approach is
very accurate with low false positive rate and high true positive rate
and it takes less learning time in comparison with using the full
features of the dataset with the same algorithm.
Abstract: Assassination of politicians, school mass murders, purported suicides, aircraft crash, mass shootings by police, sinking of sea ferries, mysterious car accidents, mass fire deaths and horrificterror attacks are some of the cases that bring forth scientific and legal conflicts. Questions about truth, justice and human rights are raised by both victims and perpetrators/offenders as they seek to understand why and how it happened to them. This kind of questioning manifests itself in medical-criminological-legalpsychological and scientific realms. An agreement towards truthinvestigations for possible legal-political-psychological transitory issues such as prosecution, victim-offender mediation, healing, reconciliation, amnesty, reparation, restitution, and policy formulations is seen as one way of transforming these conflicts. Forensic scientists and pathologists in particular have formed professional groups where the complexities between legal truth and scientific truth are dramatized and elucidated within the anatomy of courtrooms. This paper focuses on how pathological truth and legal truth interact with each other in Kenya’s criminal justice system.
Abstract: It is well-known that in wireless local area networks,
authenticating nodes by their MAC addresses is not secure since it is
very easy for an attacker to learn one of the authorized addresses and
change his MAC address accordingly. In this paper, in order to
prevent MAC address spoofing attacks, we propose to use
dynamically changing MAC addresses and make each address usable
for only one session. The scheme we propose does not require any
change in 802.11 protocols and incurs only a small performance
overhead. One of the nice features of our new scheme is that no third
party can link different communication sessions of the same user by
monitoring MAC addresses therefore our scheme is preferable also
with respect to user privacy.
Abstract: RFID system, in which we give identification number to each item and detect it with radio frequency, supports more variable service than barcode system can do. For example, a refrigerator with RFID reader and internet connection will automatically notify expiration of food validity to us. But, in spite of its convenience, RFID system has some security threats, because anybody can get ID information of item easily. One of most critical threats is privacy invasion. Existing privacy protection schemes or systems have been proposed, and these schemes or systems defend normal users from attempts that any attacker tries to get information using RFID tag value. But, these systems still have weakness that attacker can get information using analogous value instead of original tag value. In this paper, we mention this type of attack more precisely and suggest 'Tag Broker Model', which can defend it. Tag broker in this model translates original tag value to random value, and user can only get random value. Attacker can not use analogous tag value, because he/she is not able to know original one from it.
Abstract: Attack graph is an integral part of modeling the
overview of network security. System administrators use attack graphs to determine how vulnerable their systems are and to determine
what security measures to deploy to defend their systems. Previous methods on AGG(attack graphs generation) are aiming at
the whole network, which makes the process of AGG complex and
non-scalable. In this paper, we propose a new approach which is
simple and scalable to AGG by decomposing the whole network into atomic domains. Each atomic domain represents a host with a specific privilege. Then the process for AGG is achieved by communications
among all the atomic domains. Our approach simplifies the process
of design for the whole network, and can gives the attack graphs including each attack path for each host, and when the network changes we just carry on the operations of corresponding atomic
domains which makes the process of AGG scalable.
Abstract: This paper discusses a new heavy tailed distribution based data hiding into discrete cosine transform (DCT) coefficients of image, which provides statistical security as well as robustness against steganalysis attacks. Unlike other data hiding algorithms, the proposed technique does not introduce much effect in the stegoimage-s DCT coefficient probability plots, thus making the presence of hidden data statistically undetectable. In addition the proposed method does not compromise on hiding capacity. When compared to the generic block DCT based data-hiding scheme, our method found more robust against a variety of image manipulating attacks such as filtering, blurring, JPEG compression etc.