Biblio

Steganography security is the main concern in today’s informative world. The fact is that communication takes place to hide information secretly. Steganography is the technique of hiding secret data within an ordinary, non-secret, file, text message and images. This technique avoids detection of the secret data then extracted at its destination. The main reason for using steganography is, we can hide any secret message behind its ordinary file. This work presents a unique technique for image steganography based on a 512-bit algorithm. The secure stego image is a very challenging task to give protection. Therefore we used the least significant bit (LSB) techniques for implementing stego and cover image. However, data encryption and decryption are used to embedded text and replace data into the least significant bit (LSB) for better approaches. Android-based interface used in encryption-decryption techniques that evaluated in this process.Contribution—this research work with 512-bit data simultaneously in a block cipher to reduce the time complexity of a system, android platform used for data encryption decryption process. Steganography model works with stego image that interacts with LSB techniques for data hiding.

Graphs have proved to be a promising data structure to solve complex problems in various domains. Graphs store data in an associative manner which is analogous to the manner in which humans store memories in the brain. Generathe chatbots lack the ability to recall details revealed by the user in long conversations. To solve this problem, we have used graph-based memory to recall-related conversations from the past. Thus, providing context feature derived from query systems to generative systems such as OpenAI GPT. Using graphs to detect important details from the past reduces the total amount of processing done by the neural network. As there is no need to keep on passingthe entire history of the conversation. Instead, we pass only the last few pairs of utterances and the related details from the graph. This paper deploys this system and also demonstrates the ability to deploy such systems in real-world applications. Through the effective usage of knowledge graphs, the system is able to reduce the time complexity from O(n) to O(1) as compared to similar non-graph based implementations of transfer learning- based conversational agents.

This paper presents the time complexity estimates for the methods of points exponentiation, which are basic for encrypting information flows in computer systems. As a result of numerical experiments, it is determined that the method of doubling-addition-subtraction has the lowest complexity. Mathematical models for determining the execution time of each considered algorithm for points exponentiation on elliptic curves were developed, which allowed to conduct in-depth analysis of their performance and resistance to special attacks, in particular timing analysis attack. The dependences of the cryptographic operations execution time on the key length and the sustainability of each method on the Hamming weight are investigated. It is proved that under certain conditions the highest sustainability of the system is achieved by the doubling-addition-subtraction algorithm. This allows to justify the choice of algorithm and its parameters for the implementation of cryptographic information security, which is resistant to special attacks.

We present an algorithm for generating perfect tabulation hashing functions by reduction to Boolean satisfaction (SAT). Tabulation hashing is a high-performance family of hash functions for hash tables that involves computing the XOR of random lookup tables. Given n keys of word size W, we show how to compute a perfect hash function in O(nW) worst-case time. This is competitive with other perfect hashing methods, and the resultant hash functions are simple and performant.

Although many digital signature algorithms are available nowadays, the speed of signing and/or verifying a digital signature is crucial for different applications. Some algorithms are fast for signing but slow for verification, but others are the inverse. Research efforts for an algorithm being fast in both signing and verification is essential. The traditional GOST algorithm has the shortest signing time but longest verification time compared with other DSA algorithms. Hence an improvement in its signature verification time is sought in this work. A modified GOST digital signature algorithm variant is developed improve the signature verification speed by reducing the computation complexity as well as benefiting from its efficient signing speed. The obtained signature verification execution speed for this variant was 1.5 time faster than that for the original algorithm. Obviously, all parameters' values used, such as public and private key, random numbers, etc. for both signing and verification processes were the same. Hence, this algorithm variant will prove suitable for applications that require short time for both, signing and verification processes. Keywords— Discrete Algorithms, Authentication, Digital Signature Algorithms DSA, GOST, Data Integrity

DDoS attack detection in a single dimension cannot cope with complex and new attacks. Aiming at the problems existing in single dimension detection, this paper proposes an algorithm to detect DDoS attack based on multi-dimensional entropy. Firstly, the algorithm selects multiple dimensions and establishes corresponding decision function for each dimension and calculates its information entropy. Secondly, the multidimensional sliding window CUSUM algorithm without parameters is used to synthesize the detection results of three dimensions to determine whether it is attacked by DDoS. Finally, the data set published by MIT Lincoln Laboratory is used for testing. Experimental results show that compared with single dimension detection algorithm, this method has good detection rate and low false alarm rate.

In recent years, with the rapid development of DNN, the algorithm complexity in a series of fields such as computer vision and natural language processing is increasing rapidly. FPGA-based DNN accelerators have demonstrated superior flexibility and performance, with higher energy efficiency compared to high-performance devices such as GPU. However, the computing resources of a single FPGA are limited and it is difficult to flexibly meet the requirements of high throughput and high energy efficiency of different computing scales. Therefore, this paper proposes a DNN implementation method based on the scalable heterogeneous FPGA cluster to adapt to different tasks and achieve high throughput and energy efficiency. Firstly, the method divides a single enormous task into multiple modules and running each module on different FPGA as the pipeline structure between multiple boards. Secondly, a task deployment method based on dichotomy is proposed to maximize the balance of task execution time of different pipeline stages to improve throughput and energy efficiency. Thirdly, optimize DNN computing module according to the relationship between computing power and bandwidth, and improve energy efficiency by reducing waste of ineffective resources and improving resource utilization. The experiment results on Alexnet and VGG-16 demonstrate that we use Zynq 7035 cluster can at most achieves ×25.23 energy efficiency of optimized AMD AIO processor. Compared with previous works of single FPGA and FPGA cluster, the energy efficiency is improved by 59.5% and 18.8%, respectively.

Structural analysis is the study of finding component functions for a given function. In this paper, we proceed with structural analysis of structures consisting of the S (nonlinear Substitution) layer and the A (Affine or linear) layer. Our main interest is the S1AS2 structure with different substitution layers and large input/output sizes. The purpose of our structural analysis is to find the functionally equivalent oracle F* and its component functions for a given encryption oracle F(= S2 ∘ A ∘ S1). As a result, we can construct the decryption oracle F*−1 explicitly and break the one-wayness of the building blocks used in a White-box implementation. Our attack consists of two steps: S layer recovery using multiset properties and A layer recovery using differential properties. We present the attack algorithm for each step and estimate the time complexity. Finally, we discuss the applicability of S1AS2 structural analysis in a White-box Cryptography environment.

Updating the structure of attack graph templates based on real-time alerts from Intrusion Detection Systems (IDS), in an Industrial Control System (ICS) network, is currently done manually by security experts. But, a highly-connected smart power systems, that can inadvertently expose numerous vulnerabilities to intruders for targeting grid resilience, needs automatic fast updates on learning attack graph structures, instead of manual intervention, to enable fast isolation of compromised network to secure the grid. Hence, in this work, we develop a technique to first construct a prior Bayesian Attack Graph (BAG) based on a predefined threat model and a synthetic communication network for a cyber-physical power system. Further, we evaluate a few score-based and constraint-based structural learning algorithms to update the BAG structure based on real-time alerts, based on scalability, data dependency, time complexity and accuracy criteria.

As the core infrastructure of cloud data operation, exchange and storage, data centerneeds to ensure its security and reliability, which are the important prerequisites for the development of cloud computing. Due to various illegal accesses, attacks, viruses and other security threats, it is necessary to protect the boundary of cloud data center through security gateway. Since the traffic growing up to gigabyte level, the secure gateway must ensure high transmission efficiency and different network services to support the cloud services. In addition, data center is gradually evolving from IPv4 to IPv6 due to excessive consumption of IP addresses. Packet classification algorithm, which can divide packets into different specific streams, is very important for QoS, real-time data stream application and firewall. Therefore, it is necessary to design a high performance IPv6 packet classification algorithm suitable for security gateway.AsIPv6 has a128-bitIP address and a different packet structure compared with IPv4, the traditional IPv4 packet classification algorithm is not suitable properly for IPv6 situations. This paper proposes a fast packet classification algorithm for IPv6 - PCHA (packet classification based on hash andAdelson-Velsky-Landis Tree). It adopts the three flow classification fields of source IPaddress(SA), destination IPaddress(DA) and flow label(FL) in the IPv6 packet defined by RFC3697 to implement fast three-tuple matching of IPv6 packet. It is through hash matching of variable length IPv6 address and tree matching of shorter flow label. Analysis and testing show that the algorithm has a time complexity close to O(1) in the acceptable range of space complexity, which meets the requirements of fast classification of IPv6 packetsand can adapt well to the changes in the size of rule sets, supporting fast preprocessing of rule sets. Our algorithm supports the storage of 500,000 3-tuple rules on the gateway device and can maintain 75% of the performance of throughput for small packets of 78 bytes.

Ciphertext-policy attribute-based encryption (CP-ABE) is applied to many data service platforms to provides secure and fine-grained access control. In this paper, a new CP-ABE system based on the algebraic decision diagram (ADD) is presented. The new system makes full use of both the powerful description ability and the high calculating efficiency of ADD to improves the performance and efficiency of algorithms contained in CP-ABE. First, the new system supports both positive and negative attributes in the description of access polices. Second, the size of the secret key is constant and is not affected by the number of attributes. Third, time complexity of the key generation and decryption algorithms are O(1). Finally, this scheme allows visitors to have different access permissions to access shared data or file. At the same time, PV operation is introduced into CP-ABE framework for the first time to prevent resource conflicts caused by read and write operations on shared files. Compared with other schemes, the new scheme proposed in this paper performs better in function and efficiency.

To accommodate the rapidly changing Internet requirements, Information-Centric Networking (ICN) was recently introduced as a promising architecture for the future Internet. One of the ICN primary features is `in-network caching'; due to its ability to minimize network traffic and respond faster to users' requests. Therefore, various caching algorithms have been presented that aim to enhance the network performance using different measures, such as cache hit ratio and cache hit distance. Choosing a caching strategy is critical, and an adequate replacement strategy is also required to decide which content should be dropped. Thus, in this paper, we propose a content replacement scheme for ICN, called Randomized LFU that is implemented with respect to content popularity taking the time complexity into account. We use Abilene and Tree network topologies in our simulation models. The proposed replacement achieves encouraging results in terms of the cache hit ratio, inner hit, and hit distance and it outperforms FIFO, LRU, and Random replacement strategies.

White-box cryptography protects cryptographic software in a white-box attack context (WBAC), where the dynamic execution of the cryptographic software is under full control of an adversary. Protecting AES in the white-box setting attracted many scientists and engineers, and several solutions emerged. However, almost all these solutions have been badly broken by various efficient white-box attacks, which target compositions of key-embedding lookup tables. In 2014, Luo, Lai, and You proposed a new WBAC-oriented AES implementation, and claimed that their implementation is secure against both Billet et al.'s attack and De Mulder et al.'s attack. In this study, based on the existing table-composition-targeting cryptanalysis techniques, the authors show that the secret key of the Luo-Lai-You (LLY) implementation can be recovered with a time complexity of about 244. Furthermore, the authors propose a new white-box AES implementation based on table lookups, which is shown to be resistant against the existing table-composition-targeting white-box attacks. The authors, key-embedding tables are obfuscated with large affine mappings, which cannot be cancelled out by table compositions of the existing cryptanalysis techniques. Although their implementation requires twice as much memory as the LLY WBAES to store the tables, its speed is about 63 times of the latter.

The emergence of integrated space-ground network (ISGN), with more complex network conditions compared with tradition network, requires packet classification to achieve high performance. Packet classification plays an important role in the field of network security. Although several existing classification schemes have been proposed recently to improve classification performance, the performance of these schemes is unable to meet the high-speed packet classification requirement in ISGN. To tackle this problem, a hybrid packet classification algorithm based on hash table and geometric space partition (HGSP) is proposed in this paper. HGSP falls into two sections: geometric space partition and hash matching. To improve the classification speed under the same accuracy, a parallel structure of hash table is designed to match the huge packets for classifying. The experimental results demonstrate that the matching time of HGSP algorithm is reduced by 40%-70% compared with traditional Hicuts algorithm. Particularly, with the growth of ruleset, the advantage of HGSP algorithm will become more obvious.

Face recognition is a fast-expanding field of research. Countless classification algorithms have found use in face recognition, with more still being developed, searching for better performance and accuracy. For high-dimensional data such as images, the K-Nearest-Neighbours classifier is a tempting choice. However, it is very computationally-intensive, as it has to perform calculations on all items in the stored dataset for each classification it makes. Fortunately, there is a way to speed up the process by performing some of the calculations in parallel. We propose a parallel CUDA implementation of the KNN classifier and then compare it to a serial implementation to demonstrate its performance superiority.

Internet is a widely used platform nowadays by people across the globe. This has led to the advancement in science and technology. Many surveys show that network intrusion has registered a consistent increase and lead to personal privacy theft and has become a major platform for attack in the recent years. Network intrusion is any unauthorized activity on a computer network. Hence there is a need to develop an effective intrusion detection system. In this paper we acquaint an intrusion detection system that uses improved genetic k-means algorithm(IGKM) to detect the type of intrusion. This paper also shows a comparison between an intrusion detection system that uses the k-means++ algorithm and an intrusion detection system that uses IGKM algorithm while using smaller subset of kdd-99 dataset with thousand instances and the KDD-99 dataset. The experiment shows that the intrusion detection that uses IGKM algorithm is more accurate when compared to k-means++ algorithm.

Cloud Computing is the most suitable environment for the collaboration of multiple organizations via its multi-tenancy architecture. However, due to the distributed management of policies within these collaborations, they may contain several anomalies, such as conflicts and redundancies, which may lead to both safety and availability problems. On the other hand, current cloud computing solutions do not offer verification tools to manage access control policies. In this paper, we propose a cloud policy verification service (CPVS), that facilitates to users the management of there own security policies within Openstack cloud environment. Specifically, the proposed cloud service offers a policy verification approach to dynamically choose the adequate policy using Aspect-Oriented Finite State Machines (AO-FSM), where pointcuts and advices are used to adopt Domain-Specific Language (DSL) state machine artifacts. The pointcuts define states' patterns representing anomalies (e.g., conflicts) that may occur in a security policy, while the advices define the actions applied at the selected pointcuts to remove the anomalies. In order to demonstrate the efficiency of our approach, we provide time and space complexities. The approach was implemented as middleware service within Openstack cloud environment. The implementation results show that the middleware can detect and resolve different policy anomalies in an efficient manner.

Influence Maximization is an important research content in the dissemination process of information and behavior in social networks. Because Hill Climbing and Greedy Algorithm have good dissemination effect on this topic, researchers have used it to solve this NP problem for a long time. These algorithms only consider the number of active nodes in each round, ignoring the characteristic that the influence will be accumulated, so its effect is still far from the optimal solution. Also, the time complexity of these algorithms is considerable. Aiming at the problem of Influence Maximization, this paper improves the traditional Hill Climbing and Greedy Algorithm. We propose a Hybrid Distribution Value Accumulation Algorithm for Influence Maximization, which has better activation effect than Hill Climbing and Greedy Algorithm. In the first stage of the algorithm, the region is numerically accumulating rapidly and is easy to activate through value-greed. Experiments are conducted on two data sets: the voting situation on Wikipedia and the transmission situation of Gnutella node-to-node file sharing network. Experimental results verify the efficiency of our methods.

The improvement of the implementation of the RSA cryptographic algorithm for encrypting / decoding information flows based on the use of the vector-modular method of modular exponential is presented in this paper. This makes it possible to replace the complex operation of modular multiplication with the addition operation, which increases the speed of the RSA cryptosystem. The scheme of algorithms of modular multiplication and modular exponentiation is presented. The analytical and graphical comparison of the time complexities of the proposed and known approaches shows that the use of the vector-modular method reduces the temporal complexity of the modular exponential compared to the classical one.

Rapid development of internet and network technologies has led to considerable increase in number of attacks. Intrusion detection system is one of the important ways to achieve high security in computer networks. However, it have curse of dimensionality which tends to increase time complexity and decrease resource utilization. To improve the ability of detecting anomaly intrusions, a combined algorithm is proposed based on Weighted Fuzzy C-Mean Clustering Algorithm (WFCM) and Fuzzy logic. Decision making is performed in two stages. In the first stage, WFCM algorithm is applied to reduce the input data space. The reduced dataset is then fed to Fuzzy Logic scheme to build the fuzzy sets, membership function and the rules that decide whether an instance represents an anomaly or not.

Resilient control systems should efficiently restore control into physical systems not only after the sabotage of themselves, but also after breaking physical systems. To enhance resilience of control systems, given an originally minimal-input controlled linear-time invariant(LTI) physical system, we address the problem of efficient control recovery into it after removing a known system vertex by finding the minimum number of inputs. According to the minimum input theorem, given a digraph embedded into LTI model and involving a precomputed maximum matching, this problem is modeled into recovering controllability of it after removing a known network vertex. Then, we recover controllability of the residual network by efficiently finding a maximum matching rather than recomputation. As a result, except for precomputing a maximum matching and the following removed vertex, the worst-case execution time of control recovery into the residual LTI physical system is linear.

Machine learning (ML) algorithms provide a good solution for many security sensitive applications, they themselves, however, face the threats of adversary attacks. As a key problem in machine learning, how to design robust feature selection algorithms against these attacks becomes a hot issue. The current researches on defending evasion attacks mainly focus on wrapped adversarial feature selection algorithm, i.e., WAFS, which is dependent on the classification algorithms, and time cost is very high for large-scale data. Since mRMR (minimum Redundancy and Maximum Relevance) algorithm is one of the most popular filter algorithms for feature selection without considering any classifier during feature selection process. In this paper, we propose a novel adversary-aware feature selection algorithm under filter model based on mRMR, named FAFS. The algorithm, on the one hand, takes the correlation between a single feature and a label, and the redundancy between features into account; on the other hand, when selecting features, it not only considers the generalization ability in the absence of attack, but also the robustness under attack. The performance of four algorithms, i.e., mRMR, TWFS (Traditional Wrapped Feature Selection algorithm), WAFS, and FAFS is evaluated on spam filtering and PDF malicious detection in the Perfect Knowledge attack scenarios. The experiment results show that FAFS has a better performance under evasion attacks with less time complexity, and comparable classification accuracy.

In this paper, we introduce an optical network with cross-layer security, which can enhance security performance. In the transmitter, the user's data is encrypted at first. After that, based on optical encoding, physical layer encryption is implemented. In the receiver, after the corresponding optical decoding process, decryption algorithm is used to restore user's data. In this paper, the security performance has been evaluated quantitatively.

The tree-based tags anti-collision algorithm is an important method in the anti-collision algorithms. In this paper, several typical tree algorithms are evaluated. The comparison of algorithms is summarized including time complexity, communication complexity and recognition, and the characteristics and disadvantages of each algorithm are pointed out. Finally, the improvement strategies of tree anti-collision algorithm are proposed, and the future research directions are also prospected.

Radio Frequency Identification (RFID) systems are widely used today because of their low price, usability and being wireless. As RFID systems use wireless communication, they may encounter challenging security problems. Several lightweight encryption algorithms have been proposed so far to solve these problems. The RBS block cipher is one of these algorithms. In designing RBS, conventional block cipher elements such as S-box and P-box are not used. RBS is based on inserting redundant bits between altered plaintext bits using an encryption key Kenc. In this paper, considering not having a proper diffusion as the main defect of RBS, we propose a chosen ciphertext attack against this algorithm. The data complexity of this attack equals to N pairs of text and its time complexity equals to N decryptions, where N is the size of the encryption key Kenc.