Top 10 Cited Papers

TOP 10 Software Engineering & Security Research Articles- 2017 Fall (September)

TOP 1

AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM

Mohammad Sazzadul Hoque, Md. Abdul Mukit and Md. Abu Naser Bikas

Shahjalal University of Science and Technology, Bangladesh

AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM

ABSTRACT:

Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of networkintrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reducethe complexity. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.

Full Article: http://airccse.org/journal/nsa/0312nsa08.pdf

TOP 2 

AN OVERVIEW OF THE SECURITY CONCERNS IN ENTERPRISE CLOUD COMPUTING 

Anthony Bisong1 and Syed (Shawon) M. Rahman2

1Capella University,USA and 2University of Hawaii-Hilo, USA

 ABSTRACT:
Deploying cloud computing in an enterprise infrastructure bring significant security concerns.Successful implementation of cloud computing in an enterprise requires proper planning and understanding of emerging risks, threats, vulnerabilities, and possible countermeasures. We believe enterprise should analyze the company/organization security risks, threats, and available countermeasures before adopting this technology. In this paper, we have discussed security risks and concerns in cloud computing and enlightened steps that an enterprise can take to reduce security risks and protect their resources. We have also explained cloud computing strengths/benefits, weaknesses, and applicable areas in information risk management.

TOP 3 
USING ROUGH SET AND SUPPORT VECTOR MACHINE FOR NETWORK INTRUSION DETECTION

Rung-Ching Chen, Kai-Fan Cheng and Chia-Fen Hsieh

Chaoyang University of Technology,Taiwan, R.O.C

ABSTRACT: 

The main function of IDS (Intrusion Detection System) is to protect the system, analyze and predict the behaviors of users. Then these behaviors will be considered an attack or a normal behavior. Though IDS has been developed for many years, the large number of return alert messages makes managers maintain system inefficiently. In this paper, we use RST (Rough Set Theory) and SVM (Support Vector Machine) to detect intrusions. First, RST is used to preprocess the data and reduce the dimensions. Next, the features were selected by RST will be sent to SVM model to learn and test respectively. The method is effective to decrease the space density of data. The experiments will compare the results with different methods and show RST and SVM schema could improve the false positive rate and accuracy.

TOP 4 
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTION

Dewan Md. Farid1, Nouria Harbi1, and Mohammad Zahidur Rahman2

1University Lumiere Lyon 2 – France and  2Jahangirnagar University, Bangladesh 

ABSTRACT: 

In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data mining based intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.

 Full Article : http://airccse.org/journal/nsa/0410ijnsa2.pdf

TOP 5 

EFFICIENT CONDITIONAL PROXY RE-ENCRYPTION WITH CHOSEN CIPHER TEXT SECURITY

Dewan Md. Farid1, Nouria Harbi1, and Mohammad Zahidur Rahman2

1University Lumiere Lyon 2 – France and  2Jahangirnagar University, Bangladesh 

 ABSTRACT:

In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data mining based intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.

Full Article :   http://airccse.org/journal/nsa/0312nsa14.pdf

TOP 6 

SECURITY CHALLENGES, ISSUES AND THEIR SOLUTIONS FOR VANET

Ram Shringar Raw, Manish Kumar and Nanhay Singh

Ambedkar Institute of Advanced Communication Technologies & Research, India

 ABSTRACT:

Vehicular Ad hoc Networks (VANETs) are the promising approach to provide safety and other applications to the drivers as well as passengers. It becomes a key component of the intelligent transport system. A lot of works have been done towards it but security in VANET got less attention. In this article, we have discussed about the VANET and its technical and security challenges. We have also discussed some major attacks and solutions that can be implemented against these attacks. We have compared the solution using different parameters. Lastly we have discussed the mechanisms that are used in the solutions. 

Full Article :  http://airccse.org/journal/nsa/5513nsa08.pdf

TOP 7 

CLOUD COMPUTING AND SECURITY ISSUES IN THE CLOUD

Monjur Ahmed1 and Mohammad Ashraf Hossain2

1Daffodil Institute of IT, Bangladesh and 2Freelance IT Consultant, Bangladesh

ABSTRACT:

Cloud computing has formed the conceptual and infrastructural basis for tomorrow’s computing. The global computing infrastructure is rapidly moving towards cloud based architecture. While it is important to take advantages of could based computing by means of deploying it in diversified sectors, the security aspects in a cloud based computing environment remains at the core of interest. Cloud based services and service providers are being evolved which has resulted in a new business trend based on cloud technology.With the introduction of numerous cloud based services and geographically dispersed cloud service providers, sensitive information of different entities are normally stored in remote servers and locations with the possibilities of being exposed to unwanted parties in situations where the cloud servers storing those information are compromised. If security is not robust and consistent, the flexibility and advantages that cloud computing has to offer will have little credibility. This paper presents a review on the cloud computing concepts as well as security issues inherent within the context of cloud computing and cloud infrastructure.

Full Article :  http://airccse.org/journal/nsa/6114nsa03.pdf

TOP 8 

STEGANALYSIS ALGORITHMS FOR DETECTING THE HIDDEN INFORMATION IN IMAGE, AUDIO AND VIDEO COVER MEDIA

Natarajan Meghanathan and Lopamudra Nayak

Jackson State University, USA

Abstract : 

Recently, there has been a lot of interest in the fields of Steganography and Steganalysis. Steganography involves hiding information in a cover (carrier) media to obtain the stego media, in such a way that the cover media is perceived not to have any embedded message for its unintended recipients. Steganalysis isthe mechanism of detecting the presence of hidden information in the stego media and it can lead to the prevention of disastrous security incidents. In this paper, we provide a critical review of the steganalysis algorithms available to analyze the characteristics of an image, audio or video stego media vis-à-vis the corresponding cover media (without the hidden information) and understand the process of embedding the information and its detection. It is noteworthy that each of these cover media has different special attributes that are altered by a steganography algorithm in such a way that the changes are not perceivable for the unintended recipients; but, the changes are identifiable using appropriate steganlysis algorithms. We anticipate that this paper can also give a clear picture of the current trends in steganography so that we can develop and improvise appropriate steganlysis algorithms.

Full Article :  http://airccse.org/journal/nsa/1010s4.pdf

TOP 9 

SECURITY ISSUES ASSOCIATED WITH BIG DATA IN CLOUD COMPUTING

Venkata Narasimha Inukollu1, Sailaja Arsi1 and Srinivasa Rao Ravuri2

1Texas Tech University, USA and 2Cognizant Technology Solutions, India

Abstract :  

In this paper, we discuss security issues for cloud computing, Big data, Map Reduce and Hadoop environment. The main focus is on security issues in cloud computing that are associated with bigdata. Big data applications are a great benefit to organizations, business, companies and many large scale and small scale industries.We also discuss various possible solutions for the issues in cloud computing security and Hadoop. Cloud computing security is developing at a rapid pace which includes computer security, network security, information security, and data privacy.Cloud computing plays a very vital role in protecting data, applications and the related infrastructure with the help of policies, technologies, controls, and big data tools. Moreover,cloud computing, big data and its applications, advantages are likely to represent the most promising new frontiers in science.

TOP 10 

AUTHENTICATION SCHEMES FOR SESSION PASSWORDS USING COLOR AND IMAGES

M Sreelatha1, M Shashi2, M Anirudh1, Md Sultan Ahamer1 and V Manoj Kumar1

1RVR & JC College of Engineering, India  and 2Andhra University College of Engineering, India

Abstract :

Textual passwords are the most common method used for authentication. But textual passwords are vulnerable to eves dropping, dictionary attacks, social engineering and shoulder surfing.Graphical passwords are introduced as alternative techniques to textual passwords. Most of the graphical schemes are vulnerable to shoulder surfing. To address this problem, text can be combined with images or colors to generate session passwords for authentication. Session passwords can be used only once and every time a new password is generated. In this paper, two techniques are proposed to generate session passwords using text and colors which are resistant to shoulder surfing. These methods are suitable for Personal Digital Assistants.

Advertisements