Security and Communication Networks

Android is the most widely used mobile operating system and responsible for handling a wide variety of data from simple messages to sensitive banking details. The explosive increase in malware targeting this platform has made it imperative to adopt machine learning approaches for effective malware detection and classification. Since its release in 2008, the Android platform has changed substantially and there has also been a significant increase in the number, complexity, and evolution of malware that target this platform. This rapid evolution quickly renders existing malware datasets out of date and has a degrading impact on machine learning-based detection models. Many studies have been carried out to explore the effectiveness of various machine learning models for Android malware detection. Majority of these studies use datasets that have compiled using static or dynamic analysis of malware but the use of hybrid analysis approaches has not been addressed completely. Likewise, the impact of malware evolution has not been fully investigated. Although some of the models have achieved exceptional results, their performance deteriorated for evolving malware and they were also not effective against antidynamic malware. In this paper, we address both these limitations by creating an enhanced subset of the KronoDroid dataset and using it to develop a supervised machine learning model capable of detecting evolving and antidynamic malware. The original KronoDroid dataset contains malware samples from 2008 to 2020, making it effective for the detection of evolving malware and handling concept drift. Also, the dynamic features are collected by executing the malware on a real device, making it effective for handling antidynamic malware. We create an enhanced subset of this dataset by adding malware category labels with the help of multiple online repositories. Then, we train multiple supervised machine learning models and use the ExtraTree classifier to select the top 50 features. Our results show that the random forest (RF) model has the highest accuracy of 98.03% for malware detection and 87.56% for malware category classification (for 15 malware categories).

The practical employment of network coding (NC) has shown major improvements when it comes to the transmission reliability of sender data and bandwidth utilization. Moreover, network coding has been employed recently to secure the transmission of data and prevent unauthorized recovery of sender packets. In this paper, we employ network coding (NC) in a practical way in networks with constrained resources with the goal of improving the reliability and security of data transfer. More specifically, we apply NC on the recent options of block-wise transfer (BWT) of the constrained application protocol (CoAP). The goal is to enhance the reliability of CoAP when used to transfer larger data blocks using BWT. Also, we employ an innovative homomorphic encryption approach to secure the BWT of CoAP.

Frequency-hiding order-preserving encryption (FH-OPE) has emerged as an important tool in data security, particularly in cloud computing, because of its unique ability to preserve the order of plaintexts in their corresponding ciphertexts and enable efficient range queries on encrypted data. Despite its strong security model, indistinguishability under frequency analyzing ordered chosen plaintext attack (IND-FA-OCPA), our research identifies a vulnerability in its design, particularly the impact of range queries. In our research, we quantify the frequency of data exposure resulting from these range queries and present potential inference attacks on the FH-OPE scheme. Our findings are substantiated through experiments on real-world datasets, with the goal of measuring the frequency of data exposure resulting from range queries on FH-OPE encrypted databases. These results quantify the level of risk in practical applications of FH-OPE and reveal the potential for additional inference attacks and the urgency of addressing these threats. Consequently, our research highlights the need for a more comprehensive security model that considers the potential risks associated with range queries and underscores the importance of developing new range-query methods that prevent exposing these vulnerabilities.

The growth of the Internet of Things (IoT) has recently impacted our daily lives in many ways. As a result, a massive volume of data are generated and need to be processed in a short period of time. Therefore, a combination of computing models such as cloud computing is necessary. The main disadvantage of the cloud platform is its high latency due to the centralized mainframe. Fortunately, a distributed paradigm known as fog computing has emerged to overcome this problem, offering cloud services with low latency and high-access bandwidth to support many IoT application scenarios. However, attacks against fog servers can take many forms, such as distributed denial of service (DDoS) attacks that severely affect the reliability and availability of fog services. To address these challenges, we propose mitigation of fog computing-based SYN Flood DDoS attacks using an adaptive neuro-fuzzy inference system (ANFIS) and software defined networking (SDN) assistance (FASA). The simulation results show that the FASA system outperforms other algorithms in terms of accuracy, precision, recall, and F1-score. This shows how crucial our system is for detecting and mitigating TCP-SYN floods and DDoS attacks.

Objective. Wireless sensor networks, crucial for various applications, face growing security challenges due to the escalating complexity and diversity of attack behaviours. This paper presents an advanced intrusion detection algorithm, leveraging feature-weighted Naive Bayes (NB), to enhance network attack detection accuracy. Methodology. Initially, a feature weighting algorithm is introduced to assign context-based weights to different feature terms. Subsequently, the NB algorithm is enhanced by incorporating Jensen–Shannon (JS) divergence, feature weighting, and inverse category frequency (ICF). Eventually, the improved NB algorithm is integrated into the intrusion detection model, and network event classification results are derived through a series of data processing steps applied to corresponding network traffic data. Results. The effectiveness of the proposed intrusion detection algorithm is evaluated through a comprehensive comparative analysis using the NSL-KDD dataset. Results demonstrate a significant enhancement in the detection accuracy of various attack types, including normal, denial of service (DoS), probe, remote-to-local (R2L), and user-to-root (U2R). Moreover, the proposed algorithm exhibits a lower false alarm rate compared to other algorithms. Conclusion. This paper introduces a wireless network intrusion algorithm that not only ensures improved detection accuracy and rate but also reduces the incidence of false detections. Addressing the evolving threat landscape faced by wireless sensor networks, this contribution represents a valuable advancement in intrusion detection technology.

Linkable ring signatures (LRSs) are ring signatures with the extended property that a verifier can detect whether two messages were signed by the same ring member. LRSs play an important role in many application scenarios such as cryptocurrency and confidential transactions. The first code-based LRS scheme was put forward in 2018. However, this scheme was pointed out to be insecure. In this paper, we put forward a code-based LRS scheme by constructing a new Stern-like interactive protocol and prove that it meets the security requirements of LRSs. We also give the specific parameters and the performance on the platform of our scheme.