Biblio

DefendR is a Security operation used to block the access of the user to edit or overwrite the contents in our personal file that is stored in our system. This approach of applying a certain filter for the sensitive or sensitive data that are applicable exclusively in read-only mode. This is an improvisation of security for the personal data that restricts undo or redo related operations in the shared file. We use a mini-filter driver tool. Specifically, IRP (Incident Response Plan)-based I/O operations, as well as fast FSFilter callback activities, may additionally all be filtered with a mini-filter driver. A mini-filter can register a preoperation callback procedure, a postoperative Each of the I/O operations it filters is filtered by a callback procedure. By registering all necessary callback filtering methods in a filter manager, a mini-filter driver interfaces to the file system indirectly. When a mini-filter is loaded, the latter is a Windows file system filter driver that is active and connects to the file system stack.

The Inertial Navigation System(INS) and Doppler Velocity Logs(DVL) which are used frequently on autonomous underwater vehicles can be fused under different types of integration architectures. These architectures differ in terms of algorithm requirements and complexity. DVL may experience acoustic beam losses during operation due to environmental factors and abilities of the sensor. In these situations, radial velocity information cannot be received from lost acoustic beam. In this paper, the performances of INS and DVL integration under tightly and loosely coupled architectures are comparatively presented with simulations. In the tightly coupled approach, navigation filter is updated with solely available beam measurements by using sequential measurement update method, and the sensitivity of this method is investigated for acoustic beam losses.

Disinformation, fake news, and unverified rumors spread quickly in online social networks (OSNs) and manipulate people's opinions and decisions about life events. The solid mathematical solutions of the strategic decisions in OSNs have been provided under game theory models, including multiple roles and features. This work proposes a game-theoretic opinion framework to model subjective opinions and behavioral strategies of attackers, users, and a defender. The attackers use information deception models to disseminate disinformation. We investigate how different game-theoretic opinion models of updating people's subject opinions can influence a way for people to handle disinformation. We compare the opinion dynamics of the five different opinion models (i.e., uncertainty, homophily, assertion, herding, and encounter-based) where an opinion is formulated based on Subjective Logic that offers the capability to deal with uncertain opinions. Via our extensive experiments, we observe that the uncertainty-based opinion model shows the best performance in combating disinformation among all in that uncertainty-based decisions can significantly help users believe true information more than disinformation.

Security of physical layer key generation is based on the randomness and reciprocity of wireless fading channel, which has attracted more and more attention in recent years. This paper proposes a rate adaptive key agreement scheme and utilizes the received signal strength (RSS) of the channel between two wireless devices to generate the key. In conventional information reconciliation process, the bit inconsistency rate is usually eliminated by using the filter method, which increases the possibility of exposing the generated key bit string. Building on the strengths of existing secret key extraction approaches, this paper develops a scheme that uses Reed-Solomon (RS) codes, one of forward error correction channel codes, for information reconciliation. Owing to strong error correction performance of RS codes, the proposed scheme can solve the problem of inconsistent key bit string in the process of channel sensing. At the same time, the composition of RS codes can help the scheme realize rate adaptation well due to the construction principle of error correction code, which can freely control the code rate and achieve the reconciliation method of different key bit string length. Through experiments, we find that when the number of inconsistent key bits is not greater than the maximum error correction number of RS codes, it can well meet the purpose of reconciliation.

Information system security is very important and very complicated, security is to prevent potential crisis. To detect both from external invasion behavior, also want to check the internal unauthorized behavior. Presented here ABHIDS hybrid intrusion detection system model, designed a component Agent, controller, storage, filter, manager component (database), puts forward a new detecting DDoS attacks (trinoo) algorithm and the implementation. ABHIDS adopts object-oriented design method, a study on intrusion detection can be used as a working mechanism of the algorithms and test verification platform.

USB flash drives are used widely to store or transfer data among the employees in the company. There was greater concern about leaks of information especially company crown jewel or intellectual property data inside the USB flash drives because of theft, loss, negligence or fraud. This study is a real case in XYZ company which aims to find remaining the company’s crown jewel or intellectual property data inside the USB flash drives that belong to the employees. The research result showed that sensitive information (such as user credentials, product recipes and customer credit card data) could be recovered from the employees’ USB flash drives. It could obtain a high-risk impact on the company as reputational damage and sabotage product from the competitor. This result will help many companies to increase security awareness in protecting their crown jewel by having proper access control and to enrich knowledge regarding digital forensic for investigation in the company or enterprise.

The fusion of infrared and visible images using traditional multi-scale decomposition methods often leads to the loss of detailed information or the blurring of image edges, which is because the contour information and the detailed information within the contour cannot be retained simultaneously in the fusion process. To obtain high-quality fused images, a hybrid multi-scale decomposition fusion method using co-occurrence and Gaussian filters is proposed in this research. At first, by making full use of the smoothing effect of the Gaussian filter and edge protection characteristic of the co-occurrence filter, source images are decomposed into multiple hierarchical structures with different characteristics. Then, characteristics of sub-images at each level are analyzed, and the corresponding fusion rules are designed for images at different levels. At last, the final fused image obtained by combining fused sub-images of each level has rich scene information and clear infrared targets. Compared with several traditional multi-scale fusion algorithms, the proposed method has great advantages in some objective evaluation indexes.

DDoS attacks have grown in popularity as a tactic for potential hackers, cyber blackmailers, and cyberpunks. These attacks have the potential to put a person unconscious in a matter of seconds, resulting in severe economic losses. Despite the vast range of conventional mitigation techniques available today, DDoS assaults are still happening to grow in frequency, volume, and intensity. A new network paradigm is necessary to meet the requirements of today's tough security issues. We examine the available detection and mitigation of DDoS attacks techniques in depth. We classify solutions based on detection of DDoS attacks methodologies and define the prerequisites for a feasible solution. We present a novel methodology named D3 for detecting and mitigating DDoS attacks using cuckoo filter.

Web pages aggressively track users for a variety of purposes from targeted advertisements to enhanced authentication. As browsers move to restrict traditional cookie-based tracking, web pages increasingly move to tracking based on browser fingerprinting. Unfortunately, the state-of-the-art to detect fingerprinting in browsers is often error-prone, resorting to imprecise heuristics and crowd-sourced filter lists. This paper presents EssentialFP, a principled approach to detecting fingerprinting on the web. We argue that the pattern of (i) gathering information from a wide browser API surface (multiple browser-specific sources) and (ii) communicating the information to the network (network sink) captures the essence of fingerprinting. This pattern enables us to clearly distinguish fingerprinting from similar types of scripts like analytics and polyfills. We demonstrate that information flow tracking is an excellent fit for exposing this pattern. To implement EssentialFP we leverage, extend, and deploy JSFlow, a state-of-the-art information flow tracker for JavaScript, in a browser. We illustrate the effectiveness of EssentialFP to spot fingerprinting on the web by evaluating it on two categories of web pages: one where the web pages perform analytics, use polyfills, and show ads, and one where the web pages perform authentication, bot detection, and fingerprinting-enhanced Alexa top pages.

Anonymity is an essential asset for a variety of communication systems, like humans' communication, the internet of things, and sensor networks. Establishing and maintaining such communication systems requires the exchange of information about their participants (called subjects). However, protecting anonymity reduces the availability of subject information, as these can be leveraged to break anonymity. Additionally, established techniques for providing anonymity often reduce the efficiency of communication networks. In this paper, we model four mechanisms to share routing information and discuss them with respect to their influence on anonymity and efficiency. While there is no ``one fits all'' solution, there are suitable trade-offs to establish routing information complying with the technical capabilities of the subjects. Distributed solutions like decentralized lookup tables reduce routing information in messages at the cost of local memory consumption; other mechanisms like multi-layer encrypted path information come with higher communication overhead but reduce memory consumption for each subject.

Most applications of Internet of Vehicles (IoVs) rely on collaboration between nodes. Therefore, false information flow in-between these nodes poses the challenging trust issue in rapidly moving IoV nodes. To resolve this issue, a number of mechanisms have been proposed in the literature for the detection of false information and establishment of trust in IoVs, most of which employ reputation scores as one of the important factors. However, it is critical to have a robust and consistent scheme that is suitable to aggregate a reputation score for each node based on the accuracy of the shared information. Such a mechanism has therefore been proposed in this paper. The proposed system utilises the results of any false message detection method to generate and share feedback in the network, this feedback is then collected and filtered to remove potentially malicious feedback in order to produce a dynamic reputation score for each node. The reputation system has been experimentally validated and proved to have high accuracy in the detection of malicious nodes sending false information and is robust or negligibly affected in the presence of spurious feedback.

At present, when the device management application programs the devices (such as mobile terminals, Internet of things terminals and devices, etc.), buffer overflow will inevitably occur due to the defects of filter input condition setting, variable type conversion error, logical judgment error, pointer reference error and so on. For this kind of software and its running environment, it is difficult to reduce the false positive rate and false negative rate with traditional static detection method for buffer overflow vulnerability, while the coverage rate of dynamic detection method is still insufficient and it is difficult to achieve full automation. In view of this, this paper proposes an automatic dynamic detection method based on boundary testing, which has complete test data set and full coverage of defects. With this method, the input test points of the software system under test are automatically traversed, and each input test point is analyzed automatically to generate complete test data; driven by the above complete test data, the software under test runs automatically, in which the embedded dynamic detection code automatically judges the conditions of overflow occurrence, and returns the overflow information including the location of the error code before the overflow really occurs. Because the overflow can be located accurately without real overflow occurrence, this method can ensure the normal detection of the next input test point, thus ensuring the continuity of the whole automatic detection process and the full coverage of buffer overflow detection. The test results show that all the indexes meet the requirements of the method and design.

In VANETs, pseudonyms are often used to replace the identity of vehicles in communication. When vehicles drive out of the network or misbehave, their pseudonym certificates need to be revoked by the certificate authority (CA). The certificate revocation lists (CRLs) are usually used to store the revoked certificates before their expiration. However, using CRLs would incur additional storage, communication and computation overhead. Some existing schemes have proposed to use Bloom Filter to compress the original CRLs, but they are unable to delete the expired certificates and introduce the false positive problem. In this paper, we propose an improved pseudonym certificates revocation scheme, using Cuckoo Filter for compression to reduce the impact of these problems. In order to optimize deletion efficiency, we propose the concept of Certificate Expiration List (CEL) which can be implemented with priority queue. The experimental results show that our scheme can effectively reduce the storage and communication overhead of pseudonym certificates revocation, while retaining moderately low false positive rates. In addition, our scheme can also greatly improve the lookup performance on CRLs, and reduce the revocation operation costs by allowing deletion.

Transferring the style of an image is a fundamental problem in computer vision. Which extracts the features of a context image and a style image, then fixes them to produce a new image with features of the both two input images. In this paper, we introduce an artificial system to separate and recombine the content and style of arbitrary images, providing a neural algorithm for the creation of artistic images. We use a pre-trained deep convolutional neural network VGG19 to extract the feature map of the input style image and context image. Then we define a loss function that captures the difference between the output image and the two input images. We use the gradient descent algorithm to update the output image to minimize the loss function. Experiment results show the feasibility of the method.

This SQL injection attack is one of the common means for hackers to attack database. With the development of B/S mode application development, more and more programmers use this mode to write applications. However, due to the uneven level and experience of programmers, a considerable number of programmers do not judge the legitimacy of user input data when writing code, which makes the application security risks. Users can submit a database query code and get some data they want to know according to the results of the program. SQL injection attack belongs to one of the means of database security attack. It can be effectively protected by database security protection technology. This paper introduces the principle of SQL injection, the main form of SQL injection attack, the types of injection attack, and how to prevent SQL injection. Discussed and illustrated with examples.

Nowadays, Internet Service Providers (ISPs) have been depending on Deep Packet Inspection (DPI) approaches, which are the most precise techniques for traffic identification and classification. However, constructing high performance DPI approaches imposes a vigilant and an in-depth computing system design because the demands for the memory and processing power. Membership query data structures, specifically Bloom filter (BF), have been employed as a matching check tool in DPI approaches. It has been utilized to store signatures fingerprint in order to examine the presence of these signatures in the incoming network flow. The main issue that arise when employing Bloom filter in DPI approaches is the need to use k hash functions which, in turn, imposes more calculations overhead that degrade the performance. Consequently, in this paper, a new design and implementation for a DPI approach have been proposed. This DPI utilizes a membership query data structure called Cuckoo filter (CF) as a matching check tool. CF has many advantages over BF like: less memory consumption, less false positive rate, higher insert performance, higher lookup throughput, support delete operation. The achieved experiments show that the proposed approach offers better performance results than others that utilize Bloom filter.

Named Data Networks provide a clean-slate redesign of the Future Internet for efficient content distribution. Because Internet of Things are expected to compose a significant part of Future Internet, most content will be managed by constrained devices. Such devices are often equipped with limited CPU, memory, bandwidth, and energy supply. However, the current Named Data Networks design neglects the specific requirements of Internet of Things scenarios and many data structures need to be further optimized. The purpose of this research is to provide an efficient strategy to route in Named Data Networks by constructing a Forwarding Information Base using Iterated Bloom Filters defined as I(FIB)F. We propose the use of content names based on iterative hashes. This strategy leads to reduce the overhead of packets. Moreover, the memory and the complexity required in the forwarding strategy are lower than in current solutions. We compare our proposal with solutions based on hierarchical names and Standard Bloom Filters. We show how to further optimize I(FIB)F by exploiting the structure information contained in hierarchical content names. Finally, two strategies may be followed to reduce: (i) the overall memory for routing or (ii) the probability of false positives.

Cross Site Scripting (XSS) and clickjacking have been ranked among the top web application threats in recent times. This paper introduces XBuster - our client-side defence against XSS, implemented as an extension to the Mozilla Firefox browser. XBuster splits each HTTP request parameter into HTML and JavaScript contexts and stores them separately. It searches for both contexts in the HTTP response and handles each context type differently. It defends against all XSS attack vectors including partial script injection, attribute injection and HTML injection. Also, existing XSS filters may inadvertently disable frame busting code used in web pages as a defence against clickjacking. However, XBuster has been designed to detect and neutralize such attempts.

With the rapid development of the information technology, more and more high-speed networks came out. The 4G LTE network as a recently emerging network has gradually entered the mainstream of the communication network. This paper proposed an effective content-based information filtering based on the 4G LTE high-speed network by combing the content-based filter and traditional simple filter. Firstly, raw information is pre-processed by five-tuple filter. Secondly, we determine the topics and character of the source data by key nearest neighbor text classification after minimum-risk Bayesian classification. Finally, the improved AdaBoost algorithm achieves the four-level content-based information filtering. The experiments reveal that the effective information filtering method can be applied to the network security, big data analysis and other fields. It has high research value and market value.

In response to the critical challenges of the current Internet architecture and its protocols, a set of so-called clean slate designs has been proposed. Common among them is an addressing scheme that separates location and identity with self-certifying, flat and non-aggregatable address components. Each component is long, reaching a few kilobits, and would consume an amount of fast memory in data plane devices (e.g., routers) that is far beyond existing capacities. To address this challenge, we present Caesar, a high-speed and length-agnostic forwarding engine for future border routers, performing most of the lookups within three fast memory accesses. To compress forwarding states, Caesar constructs scalable and reliable Bloom filters in Ternary Content Addressable Memory (TCAM). To guarantee correctness, Caesar detects false positives at high speed and develops a blacklisting approach to handling them. In addition, we optimize our design by introducing a hashing scheme that reduces the number of hash computations from k to log(k) per lookup based on hash coding theory. We handle routing updates while keeping filters highly utilized in address removals. We perform extensive analysis and simulations using real traffic and routing traces to demonstrate the benefits of our design. Our evaluation shows that Caesar is more energy-efficient and less expensive (in terms of total cost) compared to optimized IPv6 TCAM-based solutions by up to 67% and 43% respectively. In addition, the total cost of our design is approximately the same for various address lengths.

This paper presents an efficient implementation of key-value store using Bloom filters on FPGA. Bloom filters are used to reduce the number of unnecessary accesses to the hash tables, thereby improving the performance. Additionally, for better hash table utilization, we use a modified cuckoo hashing algorithm for the implementation. They are implemented in FPGA to further improve the performance. Experimental results show significant performance improvement over existing approaches.
 

Information fusion deals with the integration and merging of data and information from multiple (heterogeneous) sources. In many cases, the information that needs to be fused has security classification. The result of the fusion process is then by necessity restricted with the strictest information security classification of the inputs. This has severe drawbacks and limits the possible dissemination of the fusion results. It leads to decreased situational awareness: the organization knows information that would enable a better situation picture, but since parts of the information is restricted, it is not possible to distribute the most correct situational information. In this paper, we take steps towards defining fusion and data mining processes that can be used even when all the underlying data that was used cannot be disseminated. The method we propose here could be used to produce a classifier where all the sensitive information has been removed and where it can be shown that an antagonist cannot even in principle obtain knowledge about the classified information by using the classifier or situation picture.
 

Efficient and secure search on encrypted data is an important problem in computer science. Users having large amount of data or information in multiple documents face problems with their storage and security. Cloud services have also become popular due to reduction in cost of storage and flexibility of use. But there is risk of data loss, misuse and theft. Reliability and security of data stored in the cloud is a matter of concern, specifically for critical applications and ones for which security and privacy of the data is important. Cryptographic techniques provide solutions for preserving the confidentiality of data but make the data unusable for many applications. In this paper we report a novel approach to securely store the data on a remote location and perform search in constant time without the need for decryption of documents. We use bloom filters to perform simple as well advanced search operations like case sensitive search, sentence search and approximate search.
 

Cross-Site Scripting (XSS) is a common attack technique that lets attackers insert the code in the output application of web page which is referred to the web browser of visitor and then the inserted code executes automatically and steals the sensitive information. In order to prevent the users from XSS attack, many client- side solutions have been implemented; most of them being used are the filters that sanitize the malicious input. However, many of these filters do not provide prevention to the newly designed sophisticated attacks such as multiple points of injection, injection into script etc. This paper proposes and implements an approach based on encoding unfiltered reflections for detecting vulnerable web applications which can be exploited using above mentioned sophisticated attacks. Results prove that the proposed approach provides accurate higher detection rate of exploits. In addition to this, an implementation of blocking the execution of malicious scripts have contributed to XSS-Me: an open source Mozilla Firefox security extension that detects for reflected XSS vulnerabilities which can be considered as an effective solution if it is integrated inside the browser rather than being enforced as an extension.