检索结果-南通市图书馆

A User-friendly Model for Ransomware Analysis Using Sandboxing

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2021年第6期67卷 3833-3846页

作者： Akhtar Kamal Morched Derbali Sadeeq Jan Javed Iqbal Bangash Fazal Qudus Khan Houssem Jerbi Rabeh Abbassi Gulzar Ahmad Department of Computer Science&Information Technology National Center for Cyber SecurityUniversity of Engineering&TechnologyPeshawar25120Pakistan Department of Information Technology Faculty of Computing and Information TechnologyKing Abdulaziz UniversityJeddah21589Saudi Arabia Institute of Computer Sciences and Information Technology(ICS/IT) University of AgriculturePeshawar25130Pakistan Department of Industrial/Electrical Engineering College of EngineeringUniversity of Ha’ilHail1234Saudi Arabia Department of Electrical Engineering University of Engineering&TechnologyPeshawar25120Pakistan

Ransomware is a type of malicious software that blocks access to a computer by encrypting user’s files until a ransom is paid to the *** have been several reported high-profile ransomware attacks including WannaCry,Petya,and Bad Rabbit resulting in losses of over a billion dollars to various individuals and businesses in the *** analysis of ransomware is often carried out via sandbox environments;however,the initial setup and configuration of such environments is a challenging ***,it is difficult for an ordinary computer user to correctly interpret the complex results presented in the reports generated by such environments and analysis *** this research work,we aim to develop a user-friendly model to understand the taxonomy and analysis of ransomware ***,we aim to present the results of analysis in the form of summarized reports that can easily be understood by an ordinary computer *** model is built on top of the well-known Cuckoo sandbox environment for identification of the ransomware as well as generation of the summarized *** addition,for evaluating the usability and accessibility of our proposed model,we conduct a comprehensive user survey consisting of participants from various fields,e.g.,professional developers from software houses,people from academia(professors,students).Our evaluation results demonstrate a positive feedback of approximately 92%on the usability of our proposed model.

关键词： Ransomware sandbox user-friendly model survey

A Framework for Systematic Classification of Assets for security Testing

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2021年第1期66卷 631-645页

作者： Sadeeq Jan Omer Bin Tauqeer Fazal Qudus Khan George Tsaramirsis Awais Ahmad Iftikhar Ahmad Imran Maqsood Niamat Ullah National center for cyber security Department of CS&ITUniversity of Engineering&TechnologyPeshawarPakistan Department of Information Technology FCITKing Abdulaziz UniversityJeddahSaudi Arabia Dipartimento di Informatica(DI) UniversitàDegli Studi di Milano StataleVia Celoria 18MilanoItaly Department of Computer Science&IT University of Engineering&TechnologyPeshawarPakistan Department of Software Engineering University of Engineering&TechnologyMardanPakistan University of Buner BunerPakistan

Over the last decade,a significant increase has been observed in the use of web-based Information systems that process sensitive information,e.g.,personal,financial,*** this increased use,the security of such systems became a crucial aspect to ensure safety,integrity and authenticity of the *** achieve the objectives of data safety,security testing is ***,with growth and diversity of information systems,it is challenging to apply security testing for each and every ***,it is important to classify the assets based on their required level of security using an appropriate *** this paper,we propose an asset security classification technique to classify the System Under Test(SUT)based on various factors such as system exposure,data criticality and security *** perform an extensive evaluation of our technique on a sample of 451 information ***,we use security testing on a sample extracted from the resulting prioritized systems to investigate the presence of *** technique achieved promising results of successfully assigning security levels to various assets in the tested environments and also found several vulnerabilities in them.

关键词： security security testing privacy asset classification

Reverse Engineering of Mobile Banking Applications

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computer Systems Science & Engineering 2021年第9期38卷 265-278页

作者： Syeda Warda Asher Sadeeq Jan George Tsaramirsis Fazal Qudus Khan Abdullah Khalil Muhammad Obaidullah National center for cyber security Department of Computer Science&Information TechnologyUniversity of Engineering&TechnologyPeshawar25120Pakistan Higher Colleges of Technology Abu Dhabi Women’s CollegeAbu DhabiUAE Department of Information Technology Faculty of Computing and Information TechnologyKing Abdulaziz UniversityJeddah21589Saudi Arabia Department of Computer Software Engineering University of Engineering&TechnologyMardan23200Pakistan

Software reverse engineering is the process of analyzing a software system to extract the design and implementation *** engineering provides the source code of an application,the insight view of the architecture and the third-party *** a security perspective,it is mostly used for finding vulnerabilities and attacking or cracking an *** process is carried out either by obtaining the code in plaintext or reading it through the binaries or ***,reverse engineering is widely used for mobile applications and is considered a security *** Open Web Application security Project(OWASP),a leading security research forum,has included reverse engineering in its top 10 list of mobile application *** applications are used in many sectors,e.g.,banking,education,*** particular,the banking applications are critical in terms of security as they are used for financial transactions.A security breach of such applications can result in huge financial losses for the customers as well as the *** exist various tools for reverse engineering of mobile applications,however,they have deficiencies,e.g.,complex configurations,lack of detailed analysis *** this research work,we perform an analysis of the available tools for reverse engineering of mobile *** dataset consists of the mobile banking applications of the banks providing services in *** results indicate that none of the existing tools can carry out the complete reverse engineering process as a standalone *** addition,we observe significant differences in terms of the execution time and the number of files generated by each tool for the same file.

关键词： Reverse engineering mobile banking applications security analysis

A Novel Approach of Image Steganography for Secure

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computers, Materials & Continua 2020年第7期64卷 31-61页

作者： Shahid Rahman Fahad Masood Wajid Ullah Khan Niamat Ullah Fazal Qudus Khan Georgios Tsaramirsis Sadeeq Jan Majid Ashraf University of Buner Buner19290Pakistan Abasyn University Peshawar25000Pakistan Department of Information Technology Faculty of Computing and Information TechnologyKing Abdulaziz UniversityJeddah21577Saudi Arabia National center for cyber security-UETP Department of CS&ITUniversity of Engineering&TechnologyPeshawar25000Pakistan Department of Electrical Engineering University of Engineering&TechnologyPeshawar25000Pakistan

Steganography aims to hide the messages from unauthorized persons for various purposes,e.g.,military correspondence,financial transaction *** the data during transmission is of utmost importance these *** confidentiality,integrity,and availability of the data are at risk because of the emerging technologies and complexity in software applications,and therefore,there is a need to secure such systems and *** are various methodologies to deal with security issues when utilizing an open system like the *** research proposes a new technique in steganography within RGB shading space to achieve enhanced security compared with existing *** evaluate our approach with the help of diverse image quality evaluation techniques including MSE(Mean Square Error),RMSE(Root Mean Square Error),PSNR(Peak Signal-to-Noise Ratio),MAE(Mean Absolute Error),NCC(Normalized Cross-Correlation)and SSIM(Structural Similarity Index).Our experimental results demonstrate improved strength,intangibility,and security when contrasted with existing techniques and vindicate the effectiveness of this exploration *** proposed approach achieved a 3.6701%average higher score for PSNR Correlation than the next best existing ***,in PSNR with a variable amount of cipher embedded in the same images of the same dimensions,the proposed approach attained a 5.22%better *** the same size of cipher in images of different size resulted a 3.56%better score.

关键词： Image steganography least significant bits MLEA and RGB color space

cyber Secure Framework for Smart Containers Based on Novel Hybrid DTLS Protocol

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Computer Systems Science & Engineering 2022年第12期43卷 1297-1313页

作者： Waseem Ullah Khan Safdar Nawaz Khan Marwat Salman Ahmed Department of Computer Systems Engineering University of Engineering and Technology PeshawarPeshawar25120Pakistan

The Internet of Things (IoTs) is apace growing, billions of IoT devicesare connected to the Internet which communicate and exchange data among eachother. Applications of IoT can be found in many fields of engineering and sciencessuch as healthcare, traffic, agriculture, oil and gas industries, and logistics. Inlogistics, the products which are to be transported may be sensitive and perishable, and require controlled environment. Most of the commercially availablelogistic containers are not integrated with IoT devices to provide controlled environment parameters inside the container and to transmit data to a remote *** necessitates the need for designing and fabricating IoT based smart containers. Due to constrained nature of IoT devices, these are prone to different cybersecurity attacks such as Denial of Service (DoS), Man in Middle (MITM) andReplay. Therefore, designing efficient cyber security framework are required forsmart container. The Datagram Transport Layer security (DTLS) Protocol hasemerged as the de facto standard for securing communication in IoT ***, it is unable to minimize cyber security attacks such as Denial of Serviceand Distributed Denial of Service (DDoS) during the handshake process. Themain contribution of this paper is to design a cyber secure framework by implementing novel hybrid DTLS protocol in smart container which can efficientlyminimize the effects of cyber attacks during handshake process. The performanceof our proposed framework is evaluated in terms of energy efficiency, handshaketime, throughput and packet delivery ratio. Moreover, the proposed framework istested in IoT based smart containers. The proposed framework decreases handshake time more than 9% and saves 11% of energy efficiency for transmissionin compare of the standard DTLS, while increases packet delivery ratio andthroughput by 83% and 87% respectively.

关键词： Logistic container logistics security cyber security perishable products monitoring

Efficient network immunization under limited knowledge

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

National Science Review 2021年第1期8卷 127-134页

作者： Yangyang Liu Hillel Sanhedrai Gao Gao Dong Louis M.Shekhtman Fan Wang Sergey V.Buldyrev Shlomo Havlin Department of Systems Science National University of Defense Technology Department of Physics Bar-Ilan University Faculty of Science Jiangsu University Network Science Institute Northeastern University Department of Physics Yeshiva University

Targeted immunization of centralized nodes in large-scale networks has attracted significant ***, in real-world scenarios, knowledge and observations of the network may be limited, thereby precluding a full assessment of the optimal nodes to immunize（or quarantine） in order to avoid epidemic spreading such as that of the current coronavirus disease（COVID-19） epidemic. Here, we study a novel immunization strategy where only n nodes are observed at a time and the most central among these n nodes is immunized. This process can globally immunize a network. We find that even for small n（≈10） there is significant improvement in the immunization（quarantine）, which is very close to the levels of immunization with full knowledge. We develop an analytical framework for our method and determine the critical percolation threshold p;and the size of the giant component P∞ for networks with arbitrary degree distributions P（k）. In the limit of n →∞ we recover prior work on targeted immunization, whereas for n = 1 we recover the known case of random immunization. Between these two extremes, we observe that, as n increases,p;increases quickly towards its optimal value under targeted immunization with complete information. In particular, we find a new general scaling relationship between |p;（∞）-p;（n）| and n as |p;（∞）-p;（n）| ～n;exp（-αn）. For scale-free（SF） networks, where P（k）～ k;, 2 < γ < 3, we find that p;has a transition from zero to nonzero when n increases from n = 1 to O（log N）(where N is the size of the network). Thus, for SF networks, having knowledge of ≈log N nodes and immunizing the most optimal among them can dramatically reduce epidemic spreading. We also demonstrate our limited knowledge immunization strategy on several real-world networks and confirm that in these real networks, p;increases significantly even for small n.

关键词： percolation complex networks network immunization critical phenomena

Blockchain applied to the construction supply chain:A case study with threat model

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Frontiers of Engineering Management 2020年第4期7卷 564-577页

作者： Gjorgji SHEMOV Borja GARCIA de SOTO Hoda ALKHZAIMI Division of Engineering New York University Abu Dhabi(NYUAD)Saadiyat IslandAbu Dhabi 129188United Arab Emirates

The construction industry has long faced the challenge of introducing collaborative systems among multiple *** challenge creates a high level of rigidity in terms of processing shared information related to different processes,robust holistic regulations,payment actualizations,and resource utilization across different *** need for a digital platform to crossconnect all stakeholders is necessary.A blockchain-based platform is a prime candidate to improve the industry in general and the construction supply chain(CSC)in *** this paper,a literature review is presented to establish the main challenges that CSC faces in terms of its effects on productivity and *** addition,the effect of applying blockchain platforms on a case study is presented and analyzed from performance and security *** analysis aims to emphasize that blockchain,as presented in this paper,is a viable solution to the challenges in the CSC regardless of the risks associated with the security and robustness of the flow of information and data ***,a threat analysis of applying a blockchain model on the CSC industry is *** model indicates potential attacks and possible countermeasures to prevent the *** work is needed to expand,quantify,and optimize the threat model and conduct simulations considering proposed countermeasures for the different blockchain attacks outlined in this study.

关键词： blockchain taxonomy construction supply chain threat model analysis security level analysis cybersecurity vulnerability smart contract cyber-attack

Identifying malicious accounts in blockchains using domain names and associated temporal properties

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Blockchain(Research and Applications) 2023年第3期4卷 39-51页

作者： Rohit Kumar Sachan Rachit Agarwal Sandeep Kumar Shukla C3i Hub Indian Institute of Technology KanpurKanpur 208016India CSE Department Indian Institute of Technology KanpurKanpur 208016India Bennet University Greater Noida 201310India Merkle Science Bangalore 560102India

The rise in the adoption of blockchain technology has led to increased illegal activities by cybercriminals costing billions of *** machine learning algorithms are applied to detect such illegal *** algorithms are often trained on the transaction behavior and,in some cases,trained on the vulnerabilities that exist in the *** our approach,we study the feasibility of using the Domain Name(DN)associated with the account in the blockchain and identify whether an account should be tagged malicious or ***,we leverage the temporal aspects attached to the *** approach achieves 89.53%balanced-accuracy in detecting malicious blockchain *** our results identify 73769 blockchain DNs that show malicious behavior at least once,out of these,34171 blockchain DNs show persistent malicious behavior,resulting in 2479 malicious blockchain DNs over ***,none of these identified malicious DNs were reported in new officially tagged malicious blockchain DNs.

关键词： Blockchain Machine learning Suspect identification Domain name Temporal properties

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

云上基于错误学习的可验证多关键词搜索方案

Journal of Southeast University(English Edition) 2023年第2期39卷 169-175页

作者：汪攀蒋睿东南大学网络空间安全学院南京210096

为了解决公钥加密关键字搜索(PEKS)算法面临的多种难题,提出了一种基于错误学习的可验证多关键字搜索方案(LWE-VMKS).该方案利用格加密的算法生成关键字索引,搜索查询和签名,以抵抗量子计算攻击.该方案将单个搜索查询中多个关键字合并,... 详细信息

为了解决公钥加密关键字搜索(PEKS)算法面临的多种难题,提出了一种基于错误学习的可验证多关键字搜索方案(LWE-VMKS).该方案利用格加密的算法生成关键字索引,搜索查询和签名,以抵抗量子计算攻击.该方案将单个搜索查询中多个关键字合并,实现多关键字搜索.该方案结合基于格的签名,保证用户可以在不解密密文的情况下验证搜索结果的正确性.另外,该方案应用陷门函数为不同的数据所有者生成不同的密钥,从而抵抗关键词猜测攻击(KGA).最后,形式化证明了所提出的方案是安全的,能够实现高效的多关键词搜索并实现搜索结果的验证,并且能抵抗KGA.

关键词：格基加密错误学习公钥加密关键字搜索(PEKS) 多关键词搜索可验证关键词猜测攻击(KGA)