Machine Learning in Network Security Using KNIME Analytics
Munther Abualkibash , Eastern Michigan University, USA
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Network Security, KNIME, NSL-KDD, and Machine Learning
For More Details :
http://aircconline.com/ijnsa/V11N5/11519ijnsa01.pdf
Quality Assessment of Access Security Controls over Financial Information
Angel R. Otero, Christian Sonnenberg and LuAnn Bean , Florida Institute of Technology, USA
Information security necessitates the implementation of safeguards to guarantee an adequate defense against attacks, threats, and breaches from occurring. Nonetheless, even with “adequate” defensive efforts, the taste for accessing sensitive and confidential financial information is too tempting, and attacks continue to escalate. Organizations must plan ahead so that identified attacks, threats, and breaches are appropriately managed to a successful resolution. A proven method to address information security problems is achieved through the effective implementation of access security controls. This paper proposes a quantitative approach for organizations to evaluate access security controls over financial information using Analytic Hierarchy Process (AHP), and determines which controls best suit management’s goals and objectives. Through a case study, the approach is proven successful in providing a way for measuring the quality of access security controls over financial information based on multiple application-specific criteria.
Information Security, Access Security Controls, Internal Controls, Analytic Hierarchy Process, Pairwise Comparisons
For More Details :
http://aircconline.com/ijnsa/V11N6/11619ijnsa01.pdf
Methods Toward Enhancing RSA Algorithm : A Survey
Engr. Shaheen Saad Al-Kaabi and Dr. Samir Brahim Belhaouari Hamad Bin Khalifa University (HBKU), Qatar
Cryptography defines different methods and technologies used in ensuring communication between two parties over any communication medium is secure, especially in presence of a third part. This is achieved through the use of several methods, such as encryption, decryption, signing, generating of pseudo-random numbers, among many others. Cryptography uses a key, or some sort of a password to either encrypt or decrypt a message that needs to be kept secret. This is made possible using two classes of key-based encryption and decryption algorithms, namely symmetric and asymmetric algorithms. The best known and the most widely used public key system is RSA. This algorithm comprises of three phases, which are the key generation phase, encryption phase, and the decryption phase. Owing to the advancement in computing technology, RSA is prone to some security risks, which makes it less secure. The following paper preview different proposals on different methods used to enhance the RSA algorithm and increase its security. Some of these enhancements include combining the RSA algorithm with Diffie-Hellman or ElGamal algorithm, modification of RSA to include three or four prime numbers, offline storage of generated keys, a secured algorithm for RSA where the message can be encrypted using dual encryption keys, etc.
Cryptography, RSA Algorithm, Encryption, Decryption, Cryptosystem, Security, Public Key, Private Key
For More Details :
http://aircconline.com/ijnsa/V11N3/11319ijnsa05.pdf
Security& Privacy Threats, Attacks and Countermeasures in Internet of Things
Faheem Masoodi1 Shadab Alam2 and Shams Tabrez Siddiqui2
,1University of Kashmir, India , 2Jazan University, KSA
The idea to connect everything to anything and at any point of time is what vaguely defines the concept of the Internet of Things (IoT). The IoT is not only about providing connectivity but also facilitating interaction among these connected things. Though the term IoT was introduced in 1999 but has drawn significant attention during the past few years, the pace at which new devices are being integrated into the system will profoundly impact the world in a good way but also poses some severe queries about security and privacy. IoT in its current form is susceptible to a multitudinous set of attacks. One of the most significant concerns of IoT is to provide security assurance for the data exchange because data is vulnerable to some attacks by the attackers at each layer of IoT. The IoT has a layered structure where each layer provides a service. The security needs vary from layer to layer as each layer serves a different purpose. This paper aims to analyze the various security and privacy threats related to IoT. Some attacks have been discussed along with some existing and proposed countermeasures.
Internet of Things, privacy, attacks, security, threats, protocols
For More Details :
http://aircconline.com/ijnsa/V11N2/11219ijnsa05.pdf
Xdoser, A Benchmarking Tool for System Load Measurement Using Denial of Service Features
AKM Bahalul Haque, Rabeya Sultana, Mohammad Sajid Fahad , MD Nasif Latif and Md. Amdadul Bari, North South University , Bangladesh
Technology has developed so fast that we feel both safe as well as unsafe in both ways. Systems used today are always prone to attack by malicious users. In most cases, services are hindered because these systems cannot handle the amount of over loads the attacker provides. So, proper service load measurement is necessary. The tool that is being described in this paper for developments is based on the Denial of Service methodologies. This tool, XDoser will put a synthetic load on the servers for testing purpose. The HTTP Flood method is used which includes an HTTP POST method as it forces the website to gather the maximum resources possible in response to every single request. The tool developed in this paper will focus on overloading the backend with multiple requests. So, the tool can be implemented for servers new or old for synthetic test endurance testing.
Denial-of-service, attack, unavailability, security, httprequests, OkHttpClient
For More Details :
http://aircconline.com/ijnsa/V11N3/11319ijnsa03.pdff
Performance Analysis of Routing Protocols in MANET under Malicious Attacks
Dr. Gorine1 and Rabia Saleh 1Gloucestershire University, England
MANETs routing protocols are vulnerable to various types of security attacks such as selfish nodes, grey hole and black-hole attacks. These routing protocols are unprotected and subsequently result in various kinds of malicious mobile nodes being injected into the networks. In this paper, three types of attacks such as selfish, gray-hole and black-hole attacks have been applied to two important MANET routing protocols; Ad-hoc on demand Distance Vector (OADV) and Dynamic Source Routing (DSR) in order to analyze and compare the impact of these attacks on the network performance based on throughput, average delay, packet loss and consumption of energy.
Mobile Ad-Hoc Networks, DSR, AODV, Routing Protocols, Wireless Network Security, Malicious Node, Network Performance
For More Details :
http://aircconline.com/ijnsa/V11N2/11219ijnsa01.pdf
Enhancing the Wordpress System: From Role to Attribute-Based Access Control
Lifeng Cao, Jia Ying Ou and Amirhossein Chinaei , York University, Canada
Role-Based Access Control (RBAC) is the most commonly used model on web applications. The advantages of RBAC are the ease of understanding, applying and managing privileges. The static RBAC model cannot alter access permission in real-time without human involvement and therefore the model suffers from increasing false negative (and/or false positive) outcomes. Hence, the Attribute-Based Access Control (ABAC) model has been proposed to introduce dynamicity and minimize human involvement in order to enhance security. WordPress is a very popular Role-Based content management system. To our best knowledge, no solution to merge from RBAC to ABAC model for WordPress applications has been found. Our contribution is a WordPress plug-in that we have developed to build ABAC upon the existing RBAC setups. In this journey, we have investigated various scenarios by studying different application categories to come up with an enhanced automatic model that adds real-time grant and revoke feature to WordPress.
Role-Base-Access-Control, Attribute-Base-Access-Control, WordPress, Content Management, Security
For More Details :
http://aircconline.com/ijnsa/V11N3/11319ijnsa01.pdf
Exploring Challenges and Opportunities in Cybersecurity Risk and Threat Communications Related to the Medical Internet of Things (MIOT)
George W. Jackson, Jr.1 and Shawon S. M. Rahman2 , 1Capella University, Minneapolis, USA , 2 University of Hawaii-Hilo, USA
As device interconnectivity and ubiquitous computing continues to proliferate healthcare, the Medical Internet of Things (MIoT), also well known as the, Internet of Medical Things (IoMT) or the Internet of Healthcare Things (IoHT), is certain to play a major role in the health, and well-being of billions of people across the globe. When it comes to issues of cybersecurity risks and threats connected to the IoT in all of its various flavors the emphasis has been on technical challenges and technical solution. However, especially in the area of healthcare there is another substantial and potentially grave challenge. It is the challenge of thoroughly and accurately communicating the nature and extent of cybersecurity risks and threats to patients who are reliant upon these interconnected healthcare technologies to improve and even preserve their lives. This case study was conducted to assess the scope and depth of cybersecurity risk and threat communications delivered to an extremely vulnerable patient population, semi-structured interviews were held with cardiac medical device specialists across the United States. This research contributes scientific data in the field of healthcare cybersecurity and assists scholars and practitioners in advancing education and research in the field of MIoT patient communications.
Internet of Things, IoT Security, Medical Internet of Things, Healthcare Cybersecurity, Thematic Analysis
For More Details :
http://aircconline.com/ijnsa/V11N4/11419ijnsa05.pdf