Journal of Information Security

Journal Information
ISSN / EISSN : 21531234 / 21531242
Current Publisher: Scientific Research Publishing, Inc. (10.4236)
Total articles ≅ 238
Archived in
SHERPA/ROMEO
Filter:

Latest articles in this journal

Estrada Debora, Tawalbeh Lo’Ai, Vinaja Robert, Debora Estrada, Lo’Ai Tawalbeh, Robert Vinaja
Journal of Information Security, Volume 11, pp 81-91; doi:10.4236/jis.2020.112005

Abstract:
Nowadays, technology has evolved to be in our daily lives to assist in making our lives easier. We now have technology helping us in our lives at home. Devices used to create our “smart home” have done a great deal in making our lives at home less burdensome, but sadly, these devices have secured our personal lives to be more accessible to outsiders. In this paper, the security of home smart devices and their communication will be researched by using other academic articles to support facts found. The operation of the devices will be discussed along with security risks and future trends on security attacks. The results found will be crucial to knowing exactly how well our own home is protected. After understanding where the risks lie and a demonstration of how hackers can take control of our smart home, solutions will be given to shield ourselves from security attacks. We protect our homes from physical threats by locking doors, but it is time we guard ourselves from cyber threats as well.
Abdulaziz Alshammari, Mohamed A Zohdy, Debatosh Debnath, George Corser
Journal of Information Security, Volume 11, pp 71-80; doi:10.4236/jis.2020.111004

Abstract:
Vehicular Ad-hoc Networks (VANETs) technology has recently emerged, and gaining significant attention from the research because it is promising technologies related to Intelligent Transportation System (ITSs) and smart cities. Wireless vehicular communication is employed to improve traffic safety and to reduce traffic congestion. Each vehicle in the ad-hoc network achieves as a smart mobile node categorized by high mobility and forming of dynamic networks. As a result of the movement of vehicles in a continuous way, VANETs are vulnerable to many security threats so it requisites capable and secure communication. Unfortunately, Ad hoc networks are liable to varied attacks like Block Hole attacks and Grey Hole attacks, Denial of service attacks, etc. Among the most known attacks are the Black Hole attacks while the malicious vehicle is able to intercept the data and drops it without forwarding it to the cars. The main goal of our simulation is to analyze the performance impact of black hole attack in real time vehicular traffic in the Greater Detroit Area using NS-2 and SUMO (Simulation of Urban). The simulation will be with AODV protocol.
Protais Ndagijimana, Fulgence Nahayo, Marc Kokou Assogba, Adoté François-Xavier Ametepe, Juma Shabani
Journal of Information Security, Volume 11, pp 149-160; doi:10.4236/jis.2020.113010

The publisher has not yet granted permission to display this abstract.
Baha Eldin Hamouda Hassan Hamouda
Journal of Information Security, Volume 11, pp 138-148; doi:10.4236/jis.2020.113009

Abstract:
With the increasing interconnection of computer networks and sophistication of cyber-attacks, Cryptography is one way to make sure that confidentiality, authentication, integrity, availability, and identification of data user can be maintained as well as security and privacy of data provided to the user. Symmetric key cryptography is a part of the cryptographic technique which ensures high security and confidentiality of data transmitted through the communication channel using a common key for both encryption and decryption. In this paper I have analyzed comparative encryption algorithms in performance, three most useful algorithms: Data Encryption Standard (DES), Triple DES (3DES) also known as Triple Data Encryption Algorithm (TDEA), and Advanced Encryption Standard (AES). They have been analyzed on their ability to secure data, time taken to encrypt data and throughput the algorithm requires. The performance of different algorithms differs according to the inputs.
Yasamin Alagrash, Azhar Drebee, Nedda Zirjawi, Alagrash Yasamin, Drebee Azhar, Zirjawi Nedda
Journal of Information Security, Volume 11, pp 1-18; doi:10.4236/jis.2020.111001

Abstract:
The network-based intrusion detection has become common to evaluate machine learning algorithms. Although the KDD Cup’99 Dataset has class imbalance over different intrusion classes, still it plays a significant role to evaluate machine learning algorithms. In this work, we utilize the singular valued decomposition technique for feature dimension reduction. We further reconstruct the features form reduced features and the selected eigenvectors. The reconstruction loss is used to decide the intrusion class for a given network feature. The intrusion class having the smallest reconstruction loss is accepted as the intrusion class in the network for that sample. The proposed system yield 97.90% accuracy on KDD Cup’99 dataset for the stated task. We have also analyzed the system with individual intrusion categories separately. This analysis suggests having a system with the ensemble of multiple classifiers; therefore we also created a random forest classifier. The random forest classifier performs significantly better than the SVD based system. The random forest classifier achieves 99.99% accuracy for intrusion detection on the same training and testing data set.
Hassan Mokalled, Rosario Catelli, Valentina Casola, Daniele Debertol, Ermete Meda, Rodolfo Zunino, Mokalled Hassan, Catelli Rosario, Casola Valentina, Debertol Daniele, et al.
Journal of Information Security, Volume 11, pp 46-70; doi:10.4236/jis.2020.111003

Abstract:
The need for SIEM (Security Information and even Management) systems increased in the last years. Many companies seek to reinforce their security capabilities to better safeguard against cybersecurity threats, so they adopt multi-layered security strategies that include using a SIEM solution. However, implementing a SIEM solution is not just an installation phase that fits any scenario within any organization; the best SIEM system for an organization may not be suitable at all for another one. An organization should consider other factors along with the technical side when evaluating a SIEM solution. This paper proposes an approach to aid enterprises, in selecting an applicable SIEM. It starts by suggesting the requirements that should be addressed in a SIEM using a systematic way, and then proposes a methodology for evaluating SIEM solutions that measures the compliance and applicability of any SIEM solution. This approach aims to support companies that are seeking to adopt SIEM systems into their environments, suggesting suitable answers to preferred requirements that are believed to be valuable prerequisites an SIEM system should have; and to suggest criteria to judge SIEM systems using an evaluation process composed of quantitative and qualitative methods. This approach, unlike others, is customer driven which means that customer needs are taken into account when following the whole approach, specifically when defining the requirements and then evaluating the suppliers’ solutions.
Fabrice Djatsa, Djatsa Fabrice
Journal of Information Security, Volume 11, pp 19-45; doi:10.4236/jis.2020.111002

Abstract:
As the economy increases its dependence on the internet to increase efficiency and productivity in all aspects of society, close attention has been directed to solve the challenges related to internet security. Despite the large amount of resource invested so far in this area, cybersecurity challenges are still great as the media frequently report new cyber breaches. Although researchers acknowledge that great progress has been made in protecting digital assets, cybercriminals are still successful in their operations which are no longer limited to government entities and corporations but also individual computer users. To improve users’ security posture, the researcher examined the relationship between Millennials’ perceptions of cybersecurity threat, users’ online security behaviors and avoidance motivation. The study focused on three constructs which are Perceived Threat (PTH), Online Security Behaviors (OSB) and Avoidance Motivation (AMO). The researcher administered a survey to 109 participants randomly selected in the United States. The Spearman’s correlation test performed supported the analysis of the strength of the relationship and the level of significance between the independent variable and the dependent variables. The results from the statistical test provided enough evidence to fail to reject the null hypothesis related to relationships between PTH and OSB and to reject the null hypothesis regarding the relationship between PTH and AMO.
Ioannis Karamitsos, Aishwarya Afzulpurkar, Theodore B. Trafalis
Journal of Information Security, Volume 11, pp 103-120; doi:10.4236/jis.2020.112007

Abstract:
Memory forensics is a young but fast-growing area of research and a promising one for the field of computer forensics. The learned model is proposed to reside in an isolated core with strict communication restrictions to achieve incorruptibility as well as efficiency, therefore providing a probabilistic memory-level view of the system that is consistent with the user-level view. The lower level memory blocks are constructed using primary block sequences of varying sizes that are fed as input into Long-Short Term Memory (LSTM) models. Four configurations of the LSTM model are explored by adding bi- directionality as well as attention. Assembly level data from 50 Windows portable executable (PE) files are extracted, and basic blocks are constructed using the IDA Disassembler toolkit. The results show that longer primary block sequences result in richer LSTM hidden layer representations. The hidden states are fed as features into Max pooling layers or Attention layers, depending on the configuration being tested, and the final classification is performed using Logistic Regression with a single hidden layer. The bidirectional LSTM with Attention proved to be the best model, used on basic block sequences of size 29. The differences between the model’s ROC curves indicate a strong reliance on the lower level, instructional features, as opposed to metadata or string features.
Rodney Alexander
Journal of Information Security, Volume 11, pp 121-137; doi:10.4236/jis.2020.113008

Abstract:
Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce cyber threats. The methods used in this study consisted of scanning 24 peer reviewed Cybersecurity Articles from prominent Cybersecurity Journals using the Likert Scale Model for the article’s list of defense in depth measures (tools and procedures) and the threats that those measures were designed to reduce. The defense in depth tools and procedures are then compared to see whether the Likert scale and the Bayesian Network Model could be effectively applied to prioritize and combine the measures to reduce cyber threats attacks against organizational and private computing systems. The findings of the research reject the H0 null hypothesis that BNM does not affect the relationship between the prioritization and combining of 24 Cybersecurity Article’s defense in depth tools and procedures (independent variables) and cyber threats (dependent variables).
Ezer Osei Yeboah-Boateng, Grace Dzifa Kwabena-Adade
Journal of Information Security, Volume 11, pp 161-175; doi:10.4236/jis.2020.113011

The publisher has not yet granted permission to display this abstract.
Back to Top Top