发布求助
文献互助 智能选刊 最新文献

Int. J. Inf. Comput. Secur.最新文献

筛选
英文 中文
SQL injection attacks - a systematic review SQL注入攻击-系统回顾
Int. J. Inf. Comput. Secur. Pub Date : 2019-08-27 DOI: 10.1504/ijics.2019.10023476
Kirti Sharma, Shobha Bhatt
{"title":"SQL injection attacks - a systematic review","authors":"Kirti Sharma, Shobha Bhatt","doi":"10.1504/ijics.2019.10023476","DOIUrl":"https://doi.org/10.1504/ijics.2019.10023476","url":null,"abstract":"In today's era, each and every person is utilising websites and so many different web applications for online administrations, for example: booking of railway tickets, movie ticketing, shopping, communication and so forth. These websites consists sensitive and confidential information. With the linearity of web applications in the last decade, the unconstructive crash of security has also matured either. SQL injection attack is one such attack where the anonymous user can append SQL code to input query. This research paper starts with developing criteria for systematic literature review based on research questions, quality assessment and data samples. The paper presents various SQL injection techniques with their intended attacks. Further studies explore different techniques to prevent attacks. Tabular representation of quality evaluation criteria was presented with grades. Lastly, different research questions and solutions were provided related to SQL injection attacks.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114880247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
On mapping of address and port using translation 地址和端口的转换映射
Int. J. Inf. Comput. Secur. Pub Date : 2019-04-10 DOI: 10.1504/IJICS.2019.099419
Xing Li, Jing Wang, Xiaofeng Zhong, A. Bhattacharjya
{"title":"On mapping of address and port using translation","authors":"Xing Li, Jing Wang, Xiaofeng Zhong, A. Bhattacharjya","doi":"10.1504/IJICS.2019.099419","DOIUrl":"https://doi.org/10.1504/IJICS.2019.099419","url":null,"abstract":"Due to the shortage of IPv4 addresses, many hosts are currently assigned to a single IPv4 address by using one or a number of NAT devices. However, numerous NAT devices cannot be upgraded for executing 6to4 due to technical and/or economic reasons. Solutions depending on Double Network Address Translation 64 are a good way to utilise shared IP4 addressing. Mapping of address and port using translation (MAP-T) is a technique that accomplishes double translation on Border Relay (BR) and customer edge (CE) devices. IPv4 and IPv6 forwarding, IPv4 and IPv6 fragmentation functions, and NAT64 translation functions are used by MAP-T. This enables increasing numbers of IPv6 in both clients and servers in order to possess the best defence against certain attacks, such as routing loop attacks, spoofing attacks, denial-of-service attacks. We have here proposed some procedures for creating frameworks and sustaining secure IPv6 networks according to applications, environs and architecture.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114695898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Lightweight R-LWE-based privacy preservation scheme for smart grid network 基于轻量级r - lwe的智能电网隐私保护方案
Int. J. Inf. Comput. Secur. Pub Date : 2019-04-10 DOI: 10.1504/IJICS.2019.10019163
A. Agarkar, H. Agrawal
{"title":"Lightweight R-LWE-based privacy preservation scheme for smart grid network","authors":"A. Agarkar, H. Agrawal","doi":"10.1504/IJICS.2019.10019163","DOIUrl":"https://doi.org/10.1504/IJICS.2019.10019163","url":null,"abstract":"Privacy preservation is one of the important research challenges in IoT applications. In one such IoT application; smart grid network, billing information and energy profiling information of the customer may be collected, aggregated, and forwarded to control centre for further analytics. Based on the research findings, traditional public key cryptography is not secured against quantum attacks. Our study is motivated by the recent developments in the lattice-cryptography schemes. This paper presents a lightweight R-LWE lattice-cryptography-based scheme to sign and encrypt message traffic in smart grid. Security analysis suggests that proposed scheme preserves the privacy of customer. Performance analysis shows that proposed scheme cause less communication overhead as compared to traditional public key cryptography yet maintain parallel with NTRU-based scheme and outperforms both formats of public key cryptography in regards to computation overhead.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116673390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
What's in your honeypot: a privacy compliance perspective 你的蜜罐里有什么:隐私合规的视角
Int. J. Inf. Comput. Secur. Pub Date : 2019-04-10 DOI: 10.1504/IJICS.2019.10020554
Adam J. Brown, T. Andel
{"title":"What's in your honeypot: a privacy compliance perspective","authors":"Adam J. Brown, T. Andel","doi":"10.1504/IJICS.2019.10020554","DOIUrl":"https://doi.org/10.1504/IJICS.2019.10020554","url":null,"abstract":"Honeypots, a form of active cyber defence, assist in frustrating cyber aggressors through a detect and deceive strategy. However, significant legal questions arise in the USA from the emulation of a production host for purposes of recording information pertaining to access sessions. Taking a holistic perspective, this research explores credible legal claims that may arise when using a honeypot. Situations consider issues pertaining to setting up a honeypot to not violate US federal and state privacy laws, to operating a honeypot without becoming exposed to first or third party liability, and to providing data gathered by a honeypot to law enforcement officials to contribute to an investigation.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"182 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114065418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CSPS: catchy short passwords making offline and online attacks impossible CSPS:引人注目的短密码使离线和在线攻击不可能
Int. J. Inf. Comput. Secur. Pub Date : 2019-04-10 DOI: 10.1504/IJICS.2019.10018618
Jaryn Shen, Qingkai Zeng
{"title":"CSPS: catchy short passwords making offline and online attacks impossible","authors":"Jaryn Shen, Qingkai Zeng","doi":"10.1504/IJICS.2019.10018618","DOIUrl":"https://doi.org/10.1504/IJICS.2019.10018618","url":null,"abstract":"This paper proposes to address online and offline attacks to passwords without increasing users' efforts in choosing and memorising their passwords. In CSPS, a password consists of two parts, a user-chosen short password and a server-generated long password. The short password should be memorised and secured by its user while the long password be encrypted and stored on the server side. To keep the secret key for protecting the long password secure, an additional sever is introduced to store the secret key and provide encryption/decryption services. On top of balloon, CSPS integrates expensive hash with secure encryption. It is mathematically proved that computationally unbounded attackers cannot succeed in offline dictionary or brute-force attacks or a combination of offline and online attacks. The criteria of security are established, which quantifies the security. To our best knowledge, CSPS is the first technique to make security quantifiable in password authentication mechanisms.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130477207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An ensemble algorithm for discovery of malicious web pages 一种用于发现恶意网页的集成算法
Int. J. Inf. Comput. Secur. Pub Date : 2019-04-10 DOI: 10.1504/IJICS.2019.10020533
H. Sajedi
{"title":"An ensemble algorithm for discovery of malicious web pages","authors":"H. Sajedi","doi":"10.1504/IJICS.2019.10020533","DOIUrl":"https://doi.org/10.1504/IJICS.2019.10020533","url":null,"abstract":"Internet has become one of our daily life activities that all of us agree on its important role. It is necessary to know how it can either have misuse. Identity theft, brand reputation damage and loss of customer's confidence in e-commerce and online banking are examples of the damages it can cause. In this paper, we proposed an ensemble learning algorithm for discovery of malicious web pages. The goal is to provide more learning chance to the data instances, which are misclassified by previous classifiers. To this aim, we employ a genetic algorithm (GA) to improve classification accuracy. In this algorithm a weight is assigned to a weak classifier and GA chooses the best set of committee members of weak classifiers to make an optimal ensemble. Experimental results demonstrate that this algorithm leads to the classification accuracy improvement.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128164505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A study of the internet financial interest rate risk evaluation index system in cloud computing 云计算环境下互联网金融利率风险评价指标体系研究
Int. J. Inf. Comput. Secur. Pub Date : 2019-03-07 DOI: 10.1504/IJICS.2019.098198
Sheng-dong Mu, Yixiang Tian, Yiwei Luo
{"title":"A study of the internet financial interest rate risk evaluation index system in cloud computing","authors":"Sheng-dong Mu, Yixiang Tian, Yiwei Luo","doi":"10.1504/IJICS.2019.098198","DOIUrl":"https://doi.org/10.1504/IJICS.2019.098198","url":null,"abstract":"Cloud computing is a product of computer technologies combined with network technologies and it has been widely applied in China. Experts and scholars in all fields begin to make many studies of cloud computing infrastructure construction and effective resource utilisation. With ITFIN, people can enjoy financial services in dealing with various problems. However, one person can play many identities in the network. This phenomenon posed a severe challenge to ITFIN network security and has largely intensified the risks, including the operational risk, market selection risk and network and information security risk. ITFIN resolves the risks by establishing a reliable, reasonable and effective risk assessment model. We conducted theoretical and empirical analysis, then constructed an assessment model against China's ITFIN risk. The model integrates rough set and particle swarm optimisation support vector machine (PSO-SVM). Finally, the model was used to assess the ITFIN risk in China. The empirical research results indicate that the model can effectively reduce redundant data information with rough set theory. The theory also guarantees a reliable, reasonable and scientific model, enhance the classification effect of the model. The parameters of SVM model obtained by optimising with PSO can effectively avoid local optimum, improve the effect of the classification model. Overall, the model has good generalisation ability and learning ability.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121598033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Reconfigurable design and implementation of nonlinear Boolean function for cloud computing security platform 云计算安全平台非线性布尔函数的可重构设计与实现
Int. J. Inf. Comput. Secur. Pub Date : 2019-03-07 DOI: 10.1504/IJICS.2019.098201
Su Yang, Shen Junwei, Wang Wei
{"title":"Reconfigurable design and implementation of nonlinear Boolean function for cloud computing security platform","authors":"Su Yang, Shen Junwei, Wang Wei","doi":"10.1504/IJICS.2019.098201","DOIUrl":"https://doi.org/10.1504/IJICS.2019.098201","url":null,"abstract":"Nonlinear Boolean function plays a pivotal role in the stream cipher algorithms and cloud computing security platforms. Based on the analysis of multiple algorithms, this paper proposes a hardware structure of reconfigurable nonlinear Boolean function. This structure can realise the number of variables and AND terms less than 80 arbitrary nonlinear Boolean function in stream cipher algorithms. The entire architecture is verified on the FPGA platform and synthesised under the 0.18 μm CMOS technology, the clock frequency reaches 248.7 MHz, the result proves that the design is propitious to carry out the most nonlinear Boolean functions in stream ciphers which have been published, compared with other designs, the structure can achieve relatively high flexibility, and it has an obvious advantage in the area of circuits and processing speed.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129499066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Proofs of retrievability from linearly homomorphic structure-preserving signatures 线性同态保结构签名的可恢复性证明
Int. J. Inf. Comput. Secur. Pub Date : 2019-03-07 DOI: 10.1504/IJICS.2019.098205
Xiao Zhang, Shengli Liu, Shuai Han
{"title":"Proofs of retrievability from linearly homomorphic structure-preserving signatures","authors":"Xiao Zhang, Shengli Liu, Shuai Han","doi":"10.1504/IJICS.2019.098205","DOIUrl":"https://doi.org/10.1504/IJICS.2019.098205","url":null,"abstract":"Proofs of retrievability (PoR) enables clients to outsource huge amount of data to cloud servers, and provides an efficient audit protocol, which can be employed to check that all the data is being maintained properly and can be retrieved from the server. In this paper, we present a generic construction of PoR from linearly homomorphic structure-preserving signature (LHSPS), which makes public verification possible. Authenticity and retrievability of our PoR scheme are guaranteed by the unforgeability of LHSPS. We further extend our result to dynamic PoR, which supports dynamic update of outsourced data. Our construction is free of complicated data structures like Merkle hash tree. With an instantiation of a recent LHSPS scheme proposed by Kiltz and Wee (EuroCrypt15), we derive a publicly verifiable (dynamic) PoR scheme. The security is based on standard assumptions and proved in the standard model.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128055955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Network optimisation for improving security and safety level of dangerous goods transportation based on cloud computing 基于云计算的提升危险品运输安全保障水平的网络优化
Int. J. Inf. Comput. Secur. Pub Date : 2019-03-07 DOI: 10.1504/IJICS.2019.10018470
Haixing Wang, Guiping Xiao, Zhen Wei, Tao Hai
{"title":"Network optimisation for improving security and safety level of dangerous goods transportation based on cloud computing","authors":"Haixing Wang, Guiping Xiao, Zhen Wei, Tao Hai","doi":"10.1504/IJICS.2019.10018470","DOIUrl":"https://doi.org/10.1504/IJICS.2019.10018470","url":null,"abstract":"Network optimisation for improving security and safety level of dangerous goods transportation (NOISSLDGT) belongs to NP-hard problems with strict constraints, and that makes it harder to solve. In order to dealing with NOISSLDGT, an improved risk analysis which combining the features and factors was devised. A network optimisation model to minimise the total cost was established considering the network capacity and the maximum risk limits. The problem has been discussed with LINGO first. Furthermore, the cloud computing technology is introduced, and the task scheduling in cloud computing environment was analysed. Based on cloud computing task scheduling, a detailed design of the simulated annealing algorithm (SAA) was presented. An example was analysed to demonstrate that the improved algorithms are efficient and feasible in solving NOISSLDGT.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125209334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信