Open Access
submit Opinions CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Indexed in Scopus

Journal of Cyber Security and Mobility

Editors-in-Chief:
Ashutosh Dutta, Johns Hopkins University, USA
Ruby Lee, Princeton University, USA
Neeli R. Prasad, International Technological University, San Jose, USA
Wojciech Mazurczyk, Warsaw University of Technology, Poland

Associate Editor:
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur, India


ISSN: 2245-1439 (Print Version),

ISSN: 2245-4578 (Online Version)
Vol: 6   Issue: 3

Published In:   July 2017

Publication Frequency: Quarterly


Search Available Volume and Issue for Journal of Cyber Security and Mobility


Journal Description        Read Full Articles        Editorial Board        Subscription        Indexed       Opinions

Machine Learning for Analyzing Malware

doi: https://doi.org/10.13052/jcsm2245-1439.631
Zhenyan Liu, Yifei Zeng, Yida Yan, Pengfei Zhang and Yong Wang

Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China

Abstract: [+]    |    Download File [ 986KB ]    |   Read Article Online

Abstract: The Internet has become an indispensable part of people’s work and life, but it also provides favorable communication conditions for malwares. Therefore, malwares are endless and spread faster and become one of the main threats of current network security. Based on the malware analysis process, from the original feature extraction and feature selection to malware analysis, this paper introduces the machine learning algorithms such as classification, clustering and association analysis, and how to use these machine learning algorithms to effectively analyze the malware and its variants.

Keywords: Malware analysis, Machine learning, Classification, Clustering, Association analysis.

Analytic Study of Features for the Detection of Covert Timing Channels in NetworkTraffic

doi: https://doi.org/10.13052/jcsm2245-1439.632
Félix Iglesias Vázquez, Robert Annessi and Tanja Zseby

CN Group, Institute of Telecommunications, TU Wien, Austria

Abstract: [+]    |    Download File [ 2294KB ]    |   Read Article Online

Abstract: Covert timing channels are security threats that have concerned the expert community from the beginnings of secure computer networks. In this paper we explore the nature of covert timing channels by studying the behavior of a selection of features used for their detection. Insights are obtained from experimental studies based on ten covert timing channels techniques published in the literature, which include popular and novel approaches. The study digs into the shapes of flows containing covert timing channels from a statistical perspective as well as using supervised and unsupervised machine learning algorithms. Our experiments reveal which features are recommended for building detection methods and draw meaningful representations to understand the problem space. Covert timing channels show high histogram-distance based outlierness, but insufficient to clearly discriminate them from normal traffic. On the other hand, traffic features do show dependencies that allow separating subspaces and facilitate the identification of covert timing channels. The conducted study shows the detection difficulties due to the high shape variability of normal traffic and suggests the implementation of semi-supervised techniques to develop accurate and reliable detectors.

Keywords: Covert timing channels, Network traffic analysis, Classification, Anomaly detection, Feature selection.

An Approach for Building Security Resilience in AUTOSAR Based Safety Critical Systems

doi: https://doi.org/10.13052/jcsm2245-1439.633
Ahmad MK Nasser1, Di Ma1 and Priya Muralidharan2

1University of Michigan, Dearborn, USA
2Renesas Electronics America

Abstract: [+]    |    Download File [ 1988KB ]    |   Read Article Online

Abstract: AUTOSAR, a worldwide development partnership among automotive parties to establish an open and standardized software architecture for electronic control units (ECUs), has seen great success in recent years by being widely adopted in deeply embedded automotive ECUs. Increasing the security resilience of AUTOSAR based systems is a crucial step in securing safety critical automotive systems. We study AUTOSAR safety mechanisms and demonstrate how they can be used as attack vectors to degrade the vehicle safety.We show the need to harmonize the fail-safe response with the secure state of the system. And we evaluate the overlap in the properties of safety mechanisms with security objectives to highlight methods for hardening automotive systems security.

Keywords: Automotive cyber security, AUTOSAR, Safety, Security, ISO26262, Embedded security.

Random Number Generators Based on EEG Non-linear and Chaotic CharacteristicsRETRACTED

doi: https://doi.org/10.13052/jcsm2245-1439.634
Dang Nguyen, Dat Tran, Wanli Ma and Dharmendra Sharma

Faculty of Science and Technology, University of Canberra, ACT 2601, Australia

Abstract: [+]    |    Download File [ 2039KB ]    |   Read Article Online

Abstract: Current electroencephalogram (EEG)-based methods in security have been mainly used for person authentication and identification purposes only. The non-linear and chaotic characteristics of EEG signal have not been taken into account. In this paper, we propose a new method that explores the use of these EEG characteristics in generating random numbers. EEG signal and its wavebands are transformed into bit sequences that are used as random number sequences or as seeds for pseudo-random number generators. EEG signal has the following advantages: 1) it is noisy, complex, chaotic and non-linear in nature, 2) it is very difficult to mimic because similar mental tasks are person dependent, and 3) it is almost impossible to steal because the brain activity is sensitive to the stress and the mood of the person and an aggressor cannot force the person to reproduce his/her mental pass-phrase. Our experiments were conducted on the four EEG datasets: AEEG, Alcoholism, DEAP and GrazA 2008. The randomness of the generated bit sequences was tested at a high level of significance by comprehensive battery of tests recommended by the National Institute of Standard and Technology (NIST) to verify the quality of random number generators, especially in cryptography application. Our experimental results showed high average success rates for all wavebands and the highest rate is 99.17% for the gamma band.

Keywords: Random number generator, EEG, NIST Test Suite, Security, Cryptography.

Secure Data Sharing in Cloud Using an Efficient Inner-Product Proxy Re-Encryption Scheme

doi: https://doi.org/10.13052/jcsm2245-1439.635
Masoomeh Sepehri1, Alberto Trombetta2 and Maryam Sepehri1

1Department of Computer Science, University of Milan, Milan, Italy
2Department of Computer Science and Communication, University of Insubria,Varese, Italy

Abstract: [+]    |    Download File [ 991KB ]    |   Read Article Online

Abstract: With the ever-growing production of data coming from multiple, scattered, highly dynamical sources (like those found in IoT scenarios), many providers are motivated to upload their data to the cloud servers and share them with other persons with different purposes. However, storing data on cloud imposes serious concerns in terms of data confidentiality and access control. These concerns get more attention when data is required to be shared among multiple users with different access policies. In order to update access policy without making re-encryption, we propose an efficient inner-product proxy re-encryption scheme that provides a proxy server with a transformation key with which a delegator’s ciphertext associated with an attribute vector can be transformed to a new ciphertext associated with delegatee’s attribute vector set. Our proposed policy updating scheme enables the delegatee to decrypt the shared data with its own key without requesting a new decryption key. We experimentally analyze the efficiency of our scheme and show that our scheme is adaptive attribute-secure against chosen-plaintext under standard Decisional Linear (D-Linear) assumption.

Keywords: Attribute-based cryptography, Secure data sharing, Fine-grained access control, Proxy re-encryption.

River Publishers: Journal of Cyber Security and Mobility