Bio-Inspired Cryptographic Techniques in Information Management Applications

Ogiela, Lidia; Ogiela, Marek R.

doi:10.1109/aina.2016.161

Cited by 37 publications

(34 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is a deviation from what can be observed in normal traffic, such as LAN traffic. Future studies using this anomaly detection approach can utilize techniques of a biological nature to predict behaviour such as artificial neural networks (ANN) or the fuzzy approach [34][35][36][37]. …”

Section: Discussionmentioning

confidence: 99%

Anomalous Traffic Detection and Self-Similarity Analysis in the Environment of ATMSim

et al. 2017

View full text Add to dashboard Cite

Abstract:Internet utilisation has steadily increased, predominantly due to the rapid recent development of information and communication networks and the widespread distribution of smartphones. As a result of this increase in Internet consumption, various types of services, including web services, social networking services (SNS), Internet banking, and remote processing systems have been created. These services have significantly enhanced global quality of life. However, as a negative side-effect of this rapid development, serious information security problems have also surfaced, which has led to serious to Internet privacy invasions and network attacks. In an attempt to contribute to the process of addressing these problems, this paper proposes a process to detect anomalous traffic using self-similarity analysis in the Anomaly Teletraffic detection Measurement analysis Simulator (ATMSim) environment as a research method. Simulations were performed to measure normal and anomalous traffic. First, normal traffic for each attack, including the Address Resolution Protocol (ARP) and distributed denial-of-service (DDoS) was measured for 48 h over 10 iterations. Hadoop was used to facilitate processing of the large amount of collected data, after which MapReduce was utilised after storing the data in the Hadoop Distributed File System (HDFS). A new platform on Hadoop, the detection system ATMSim, was used to identify anomalous traffic after which a comparative analysis of the normal and anomalous traffic was performed through a self-similarity analysis. There were four categories of collected traffic that were divided according to the attack methods used: normal local area network (LAN) traffic, DDoS attack, and ARP spoofing, as well as DDoS and ARP attack. ATMSim, the anomaly traffic detection system, was used to determine if real attacks could be identified effectively. To achieve this, the ATMSim was used in simulations for each scenario to test its ability to distinguish between normal and anomalous traffic. The graphic and quantitative analyses in this study, based on the self-similarity estimation for the four different traffic types, showed a burstiness phenomenon when anomalous traffic occurred and self-similarity values were high. This differed significantly from the results obtained when normal traffic, such as LAN traffic, occurred. In further studies, this anomaly detection approach can be utilised with biologically inspired techniques that can predict behaviour, such as the artificial neural network (ANN) or fuzzy approach.

show abstract

Section: Discussionmentioning

confidence: 99%

Anomalous Traffic Detection and Self-Similarity Analysis in the Environment of ATMSim

et al. 2017

View full text Add to dashboard Cite

show abstract

“…The development of IT techniques and a need to collect and store increasingly larger sets of secret data resulted in the need to develop new data protection protocols. This is why the class of data sharing algorithms has been enhanced by new solutions, described in the literature as linguistic and biometric threshold schemes …”

Section: Introductionmentioning

confidence: 99%

“…Another class of data sharing schemes are biometric threshold schemes, as proposed in previous works . These algorithms, similarly to the linguistic threshold schemes, have been developed as an extension of classic data concealment schemes.…”

Section: Introductionmentioning

confidence: 99%

Cognitive security paradigm for cloud computing applications

Ogiela¹,

Ogiela

2019

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

Summary This article presents new paradigms of confidential data protection. New classes of paradigms are dedicated to enhancing the already‐known cryptographic solutions belonging to the group of data sharing schemes. Data sharing schemes are dedicated to executing data protection tasks by means of splitting data into parts (called shadows) and distributing those shadows among a group of secret trustees. This process is enriched by linguistic and biometric solutions to guarantee protection of the shared data by means of biometric labeling or by means of user verification with the application of meaning interpretation of individual secret parts. The novelty in this solution is in the application of cognitive algorithms to describe correctly the shared secret. Cognitive paradigms guarantee an execution of information concealment protocols and their division at various levels of knowledge held by individual protocol participants. The paradigms of cognitive description of the concealed data have been introduced into a new class of data sharing protocols, ie, into the linguistic‐biometric threshold schemes. A special feature of the proposed solution is its universality, which is a possibility to apply the here‐discussed threshold schemes in the processes of data concealment with varying importance. At the same time, this solution can be applied to execute data protection tasks against unauthorized acquisition or disclosure. This paper will present also the possibilities of application of the paradigms presented here to conceal data dedicated to the data management processes.

show abstract

“…However, such information can be modified by attackers without any functional changes in executable files . In addition, some malware developers use customized packing code to protect the binary code of their malware . Since various packing techniques, including customized techniques, are used for malware development, packing detection and identification methods should be based on malware binary code characteristics.…”

Section: Introductionmentioning

confidence: 99%

Packer identification method based on byte sequences

Jung

Bae

Choi

et al. 2018

Concurrency and Computation

View full text Add to dashboard Cite

Summary With the growing number of malware, malware analysis technologies need to be advanced continuously. Malware authors use various packing techniques to hide their code from malware detection tools and techniques. The packing techniques are generally used to compress and encrypt executable code in executable files, and the unpacking code is usually embedded in the executable files. Therefore, packed executable files can be executed by itself, and the information associated with packing can be used to analyze and detect malware. Since different packing tools will generate different packed executable files, packing tools can be identified by analyzing packed executable files, and packer identification can reduce malware‐analyzing overheads, and the executable files can even be unpacked. However, most previous studies focused on packing detection using signatures of unpacking code, and these approaches can be avoided by placing unpacking code in other locations or by distributing unpacking code in multiple locations. In this paper, we propose a new packer identification method by analyzing only code sections to extract features of malware generated by different packing tools. Experimental results show that our approach can identify different packing tools with the accuracy of 91.6% on average. Considering packer identification is the harder problem than packing detection, we argue that our approach can contribute to reducing overheads of malware analysis.

show abstract

Bio-Inspired Cryptographic Techniques in Information Management Applications

Cited by 37 publications

References 12 publications

Anomalous Traffic Detection and Self-Similarity Analysis in the Environment of ATMSim

Anomalous Traffic Detection and Self-Similarity Analysis in the Environment of ATMSim

Cognitive security paradigm for cloud computing applications

Packer identification method based on byte sequences

Contact Info

Product

Resources

About