发布求助
文献互助 智能选刊 最新文献

信息安全(英文)最新文献

筛选
英文 中文
A Secure Image Steganography Using Advanced Encryption Standard and Discrete Cosine Transform 基于高级加密标准和离散余弦变换的安全图像隐写
信息安全(英文) Pub Date : 2019-06-14 DOI: 10.4236/JIS.2019.103007
Ashraful Tauhid, M. Tasnim, Saima Noor, Nuruzzaman Faruqui, M. Yousuf
{"title":"A Secure Image Steganography Using Advanced Encryption Standard and Discrete Cosine Transform","authors":"Ashraful Tauhid, M. Tasnim, Saima Noor, Nuruzzaman Faruqui, M. Yousuf","doi":"10.4236/JIS.2019.103007","DOIUrl":"https://doi.org/10.4236/JIS.2019.103007","url":null,"abstract":"Cryptography and Steganography are two prominent techniques to obtain secure communication over the shared media like the Internet. Steganography is slightly ahead of cryptography because of its stealthy characteristics. In this paper, a new method has been proposed which combines cryptography and steganography to ensure even more secure communication. The Advanced Encryption Standard (AES) in spatial domain of the carrier/cover image and Least Significant Bit (LSB) replacement in the transformed domain of the same image has been used after performing a Discrete Cosine Transform (DCT) on the pixels. An additional layer of security has been introduced by applying XOR operation on the AES encrypted message with the pixel values of the carrier image. The Peak Signal to Noise Ratio (PSNR) of the proposed algorithm is better than most of the similar algorithms. With better PSNR, the proposed method depicts a three layer of security of the information and error free decryption.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44665441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Android Security and Its Rooting—A Possible Improvement of Its Security Architecture 安卓系统的安全性及其根源——安全体系结构的可能改进
信息安全(英文) Pub Date : 2019-04-01 DOI: 10.4236/JIS.2019.102005
Nick Rahimi, J. Nolen, B. Gupta
{"title":"Android Security and Its Rooting—A Possible Improvement of Its Security Architecture","authors":"Nick Rahimi, J. Nolen, B. Gupta","doi":"10.4236/JIS.2019.102005","DOIUrl":"https://doi.org/10.4236/JIS.2019.102005","url":null,"abstract":"The advent of technology brought forth a myriad of developments that have streamlined the manner through which people operate. With the growing need to be at the forefront of communication and information, people have resorted to the use of mobile phones with a great percentile preferring android oriented systems. Similarly, the systems are susceptible to the various threats posed by technology with due summations showing that security flaws and unauthorized access to sensitive data pose a huge threat to the overarching efficacy of the android systems. The research presented lays a primal focus on how users can improve intrinsic android features through the use of Google services, rooting, custom kernels and ROM techniques. The research also focused on how Android security features can be improved when using or installing applications. Results indicate that the rooting process is the most conclusive and safest scheme. Summations drawn are indicative of the fact that system security is a moot research topic that requires further research into how it can be improved.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49188651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Associated Risks in Mobile Applications Permissions 移动应用程序权限中的相关风险
信息安全(英文) Pub Date : 2019-03-26 DOI: 10.4236/JIS.2019.102004
Mohammed Al Jutail, M. Al-Akhras, Abdulaziz A. Albesher
{"title":"Associated Risks in Mobile Applications Permissions","authors":"Mohammed Al Jutail, M. Al-Akhras, Abdulaziz A. Albesher","doi":"10.4236/JIS.2019.102004","DOIUrl":"https://doi.org/10.4236/JIS.2019.102004","url":null,"abstract":"Mobile applications affect user’s privacy based on the granted application’s permissions as attackers exploit mobile application permissions in Android and other mobile operating systems. This research divides permissions based on Google’s classification of dangerous permissions into three groups. The first group contains the permissions that can access user’s private data such as reading call log. The second group contains the permissions that can modify user’s data such as modifying the numbers in contacts. The third group contains the remaining permissions which can track the location, and use the microphone and other sensitive issues that can spy on the user. This research is supported by a study that was conducted on 100 participants in Saudi Arabia to show the level of users’ awareness of associated risks in mobile applications permissions. Associations among the collected data are also analyzed. This research fills the gap in user’s awareness by providing best practices in addition to developing a new mobile application to help users decide whether an application is safe to be installed and used or not. This application is called “Sparrow” and is available in Google Play Store.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45648992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Security of Password Hashing in Cloud 云中密码哈希的安全性
信息安全(英文) Pub Date : 2019-02-28 DOI: 10.4236/jis.2019.102003
P. Kamal
{"title":"Security of Password Hashing in Cloud","authors":"P. Kamal","doi":"10.4236/jis.2019.102003","DOIUrl":"https://doi.org/10.4236/jis.2019.102003","url":null,"abstract":"Though the History of using password in computing can be traced back to as far as mid of last century little focus has been implied on how to securely store and retrieve password to authenticate and authorize services to the end users. In this paper the current security of various password hashing schemes that are in use today will be investigated through practical proof of concept-GPU based, password hash dump cracking using the power of cloud computing. We will be providing comparison on different password hashing cracking time using the cloud GPU power in AWS. The focus of this paper is to show the possible use of cloud computing in cracking hash dumps and the way to countermeasures them by using secure hashing algorithm and using complex passwords.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46845811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
The Hazards of Misusing the Smart Contract: An AHP Approach to Its Risk 滥用智能合约的危害:一种AHP风险分析方法
信息安全(英文) Pub Date : 2019-01-23 DOI: 10.4236/jis.2019.101002
Romulo Luciano
{"title":"The Hazards of Misusing the Smart Contract: An AHP Approach to Its Risk","authors":"Romulo Luciano","doi":"10.4236/jis.2019.101002","DOIUrl":"https://doi.org/10.4236/jis.2019.101002","url":null,"abstract":"This article explores four critical groups of systematic risk embedded in smart contract employment using the analytic hierarchy process (AHP). The four principal risk analysis groups include: 1) transparency in the light of corporate governance 2) IT security 3) contract management automation and 4) legality. The AHP assists both decision-makers and stakeholders alike in the evaluation process essential for identifying potential technological constraints posed within a permissioned blockchain environment using peer-to-peer format in the absence of digital currency. Based upon critical assessment, the AHP methodology enables pairwise comparisons among different features and consequently increases the knowledge regarding these attributes in light of the software’s risk assessment.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44310516","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Implementation of Network Intrusion Detection System Using Soft Computing Algorithms (Self Organizing Feature Map and Genetic Algorithm) 利用软计算算法(自组织特征映射和遗传算法)实现网络入侵检测系统
信息安全(英文) Pub Date : 2019-01-01 DOI: 10.4236/JIS.2019.101001
J. T. Hounsou, Thierry Nsabimana, Jules Degila
{"title":"Implementation of Network Intrusion Detection System Using Soft Computing Algorithms (Self Organizing Feature Map and Genetic Algorithm)","authors":"J. T. Hounsou, Thierry Nsabimana, Jules Degila","doi":"10.4236/JIS.2019.101001","DOIUrl":"https://doi.org/10.4236/JIS.2019.101001","url":null,"abstract":"In today’s world, computer network is evolving very rapidly. Most public or/and private companies set up their own local networks system for the purpose of promoting communication and data sharing within the companies. Unfortunately, their data and local networks system are under risks. With the advanced computer networks, the unauthorized users attempt to access their local networks system so as to compromise the integrity, confidentiality and availability of resources. Multiple methods and approaches have to be applied to protect their data and local networks system against malicious attacks. The main aim of our paper is to provide an intrusion detection system based on soft computing algorithms such as Self Organizing Feature Map Artificial Neural Network and Genetic Algorithm to network intrusion detection system. KDD Cup 99 and 1998 DARPA dataset were employed for training and testing the intrusion detection rules. However, GA’s traditional Fitness Function was improved in order to evaluate the efficiency and effectiveness of the algorithm in classifying network attacks from KDD Cup 99 and 1998 DARPA dataset. SOFM ANN and GA training parameters were discussed and implemented for performance evaluation. The experimental results demonstrated that SOFM ANN achieved better performance than GA, where in SOFM ANN high attack detection rate is 99.98%, 99.89%, 100%, 100%, 100% and low false positive rate is 0.01%, 0.1%, 0%, 0%, 0% for DoS, R2L, Probe, U2R attacks, and Normal traffic respectively.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"70334656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Ontology-Based Cyber Security Policy Implementation in Saudi Arabia 基于本体论的沙特阿拉伯网络安全政策实施
信息安全(英文) Pub Date : 2018-10-26 DOI: 10.4236/jis.2018.94021
A. M. Talib, Fahad Omar Alomary, H. Alwadi, Rawan Albusayli
{"title":"Ontology-Based Cyber Security Policy Implementation in Saudi Arabia","authors":"A. M. Talib, Fahad Omar Alomary, H. Alwadi, Rawan Albusayli","doi":"10.4236/jis.2018.94021","DOIUrl":"https://doi.org/10.4236/jis.2018.94021","url":null,"abstract":"Cyber security is an important element of national security and the safekeeping of a nation’s constituency and assets. In Saudi Arabia, the point of interest on cyber security is particularly outstanding due to the fact that Saudi Arabia has a highly cyber attacks all over the Arab countries. This paper displays on contemporary studies done in Saudi Arabia in regards to cyber security policy coverage. The point of interest of this paper is the use of ontology to identify and suggest a formal, encoded description of the cyber security strategic environment, and propose the development of ontology to be able to permit the implementation of the sort of policy. The intention of the ontology is to become aware of and constitute the multi-layered company of gamers and their related roles and obligations within the cyber security environment. This could make contributions in large part to the improvement, implementation and rollout of a country wide cyber security policy in Saudi Arabia.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43868006","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
SecSPS: A Secure and Privacy-Preserving Framework for Smart Parking Systems SecSPS:智能停车系统的安全和隐私保护框架
信息安全(英文) Pub Date : 2018-10-15 DOI: 10.4236/JIS.2018.94020
Ali Alqazzaz, Ibrahim Alrashdi, E. Aloufi, M. Zohdy, Hua Ming
{"title":"SecSPS: A Secure and Privacy-Preserving Framework for Smart Parking Systems","authors":"Ali Alqazzaz, Ibrahim Alrashdi, E. Aloufi, M. Zohdy, Hua Ming","doi":"10.4236/JIS.2018.94020","DOIUrl":"https://doi.org/10.4236/JIS.2018.94020","url":null,"abstract":"Smart parking systems are a crucial component of the “smart city” concept, especially in the age of the Internet of Things (IoT). They aim to take the stress out of finding a vacant parking spot in city centers, due to the increasing number of cars, especially during peak hours. To realize the concept of smart parking, IoT-enabling technologies must be utilized, as the traditional way of developing smart parking solutions entails a lack of scalability, compatibility with IoT-constrained devices, security, and privacy awareness. In this paper, we propose a secure and privacy-preserving framework for smart parking systems. The framework relies on the publish/subscribe communication model for exchanging a huge volume of data with a large number of clients. On one hand, it provides functional services, including parking vacancy detection, real-time information for drivers about parking availability, driver guidance, and parking reservation. On the other hand, it provides security approaches on both the network and application layers. In addition, it supports mutual authentication mechanisms between entities to ensure device/ data authenticity, and provide security protection for users. That makes our proposed framework resilient to various types of security attacks, such as replay, phishing, and man-in-the-middle attacks. Finally, we analyze the performance of our framework, which is suitable for IoT devices, in terms of computation and network overhead.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48679166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Generating Rule-Based Signatures for Detecting Polymorphic Variants Using Data Mining and Sequence Alignment Approaches 使用数据挖掘和序列比对方法生成用于检测多态变体的基于规则的签名
信息安全(英文) Pub Date : 2018-10-11 DOI: 10.4236/JIS.2018.94019
Vijay Naidu, Jacqueline L. Whalley, A. Narayanan
{"title":"Generating Rule-Based Signatures for Detecting Polymorphic Variants Using Data Mining and Sequence Alignment Approaches","authors":"Vijay Naidu, Jacqueline L. Whalley, A. Narayanan","doi":"10.4236/JIS.2018.94019","DOIUrl":"https://doi.org/10.4236/JIS.2018.94019","url":null,"abstract":"Antiviral software systems (AVSs) have problems in detecting polymorphic variants of viruses without specific signatures for such variants. Previous alignment-based approaches for automatic signature extraction have shown how signatures can be generated from consensuses found in polymorphic variant code. Such sequence alignment approaches required variable length viral code to be extended through gap insertions into much longer equal length code for signature extraction through data mining of consensuses. Non-nested generalized exemplars (NNge) are used in this paper in an attempt to further improve the automatic detection of polymorphic variants. The important contribution of this paper is to compare a variable length data mining technique using viral source code to the previously used equal length data mining technique obtained through sequence alignment. This comparison was achieved by conducting three different experiments (i.e. Experiments I-III). Although Experiments I and II generated unique and effective syntactic signatures, Experiment III generated the most effective signatures with an average detection rate of over 93%. The implications are that future, syntactic-based smart AVSs may be able to generate effective signatures automatically from malware code by adopting data mining and alignment techniques to cover for both known and unknown polymorphic variants and without the need for semantic (run-time) analysis.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42761151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Social Engineering Threat and Defense: A Literature Survey 社会工程的威胁与防御:文献综述
信息安全(英文) Pub Date : 2018-09-18 DOI: 10.4236/JIS.2018.94018
Islam Abdalla Mohamed Abass
{"title":"Social Engineering Threat and Defense: A Literature Survey","authors":"Islam Abdalla Mohamed Abass","doi":"10.4236/JIS.2018.94018","DOIUrl":"https://doi.org/10.4236/JIS.2018.94018","url":null,"abstract":"This article surveys the literature on social engineering. There are lots of security application and hardware in market; still there are several methods that can be used to breach the information security defenses of an organization or individual. Social engineering attacks are interested in gaining information that may be used to carry out actions such as identity theft, stealing password or gaining information for another type of attack. The threat lies with the combinations of social engineering with another type of attacks like Phishing and Watering hole attack which make it hard to defense against. This research aims to investigate the impact of modern Social Engineering on the organization or individual. It describes the categories of Social Engineering, and how the attacker takes advantage of human behavior. At the same time, I also discuss the direct and indirect attack of social engineering and the defense mechanism against this attack.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46077424","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信