Earticle

Traditional negative selection algorithms often result in a number of black holes, which directly leads to the missing alarm drawback in the intrusion detection system. In order to settle the above problem, a novel negative selection algorithm based on Minkowsky distance is proposed. Firstly, the proposed algorithm computes the Minkowsky distance between the detectors. Then, compute the serial same numbers between the detector and self-set strings, which is helpful to improve the coverage area of the detector. Finally, the new detectors after training and renewal are put into the mature detector set to decline the number of black holes. Experimental results demonstrate that, compared with the traditional negative selection algorithms, the number of black holes and the missing alarm rate decline a lot in the proposed algorithm.

Cloud computing and related services, in combination with mobile computing, are becoming a major building block of new IT convergence. Therefore, cloud interoperability based service evaluation certification demands precise and professional requirements. This study presents the quality, interoperability, and security as three key areas of overall cloud services. It also presents a proposal to evaluate the quality and interoperability through an existing cloud service certification system considering practical convenience and reality in establishing the certification system.

Most software reliability growth models (SRGMs) take software faults detected that may be removed immediately into consideration. In fact, it costs often considerable resources to identify the root causes of faults detected and to remove them. In additional, detection effort and correction effort have the great effect on software debugging process. The detection effort function and correction effort function are defined as resource expenditures spent on software debugging process, respectively. In this paper, we investigate software debugging process using the queue theory. We propose finite server queuing models with resource and change-point under imperfect debugging environment. A real software failure project is demonstrated the effectiveness of proposed models, and numerical results demonstrate that new models can provide better fit and prediction.

With the increasing number of cores in multicore processors, it is challenging task how to take advantage of powerful parallel computing for the deep packet inspection. This paper introduces the deep packet inspection with a parallel method which exploits the message-passing interface (MPI). The parallel procedure includes the master thread and the slave thread. The master assigns the data packet to the slave. The slave executes the string matching with rules for inspecting. Both the master and the slave communicate by using MPI functions. The experimental results show that the parallel method is suitable for the trend of the increasing number of cores in multicore processors. Moreover, when the number of threads is equal to the number of cores in multicore processors, the performance arrives at the maximum throughput.

Authentication can be considered as the first wall of protection from unauthorized access of any system and most notably cloud environment. Its aim is to verify user’s identity and thus the user’s legitimacy of access to services. Nowadays, The most used method for policing user access is text password. However, Several studies have shown the inadequacy of this method due to the growth of network threats. In order to mitigate the deficiency of text password scheme, we propose an image-based one-time password scheme for the cloud environment called (imOTPc). The scheme uses an image as one-time password and mobile network, which makes the system more robust and, therefore, can withstand common types of attacks. The security of the proposed scheme is based on the one-way hash function, secret extraction and the IMEI.

In computer assisted surgery, one of the most important problems is to align the preoperative model with intraoperative data. The Iterative Closest Point (ICP) algorithm is undoubtedly the most popular algorithm for solving this kind of problem, which needs a good initialization. In this paper, an ICP algorithm based on the coordinate system direction fit is present to improve ICP algorithm’s shortcoming with easily falling into local optimum for intraoperative registration. Firstly, ICP registration algorithm and its problems are introduced. Secondly, based on the consistency between CT scans pose and surgical pose, a three-plane coordinate system on patients is established to reduce the rotation dislocation between CT image space and patient space. Then, an ICP algorithm experiment and its precision analysis are conducted. Finally, the error analysis is also given. The experimental results show that one of the benefits of the ICP algorithm based on the coordinate system direction fit is that it is easily convergent on the registration by a three-plane coordinate system on patients, which increases the registration accuracy and reduces the computational processing time .

Sendmail, an open-source-based software, is the most typical mail system that uses SMTP (Simple Mail Transfer Protocol). SMTP (Simple Mail Transfer Protocol), a protocol to deliver various types of files and messages, is being utilized not only in E-MAIL, but also in MMS (Multimedia Message Service) data transfer in mobile environment. Sendmail, an open source based software, is the most typical in mail systems using SMTP. It is exposed to service denial attacks such as mass spam mail because of its process structure that is vulnerable to external service attacks. In this paper, we discuss our design of a security architecture that can respond efficiently to mass mail and Sync Flooding attacks from the internet. Also, to apply our proposed service denial attack security architecture, we used SPT (Safe Proper Time) technology, which ensures the reliability of TCP/IP communication. By analyzing the pros and cons of the security architecture in accordance with each phase of the network, we propose a network architecture that can most efficiently fight external malicious attacks.

In order to improve vision tracking quality of the bionic robot, the new automatic tracking algorithm system is proposed in this paper. Base on design of FPGA image acquisition system, the scene noise is removed by adaptive wiener filtering. Aiming at the problem of ROI region extraction in the scene, the seed pixel is selected with background subtraction, orderly, the neighborhood point is judged, the label of the primary selection seed is calibrated. The scene image segmentation algorithm is proposed based on snake model. The matching process is to find the maximum optimization process of the similar function, and the gradient drop method is adopted in mean shift algorithm. Extended kalman filtering is used to realize the robustness state estimation and prediction of the target tracking system. The results given by tracing experiment indicate that the proposed detailed algorithm is effective for partial loss of maneuvering target.

Pervasive computing is the emerging field that needs ultra lightweight secure designs. In this paper, we have proposed a robust hybrid structure by fusion of RECTANGLE, LED and SPECK. With the help of a hybrid design, we have improved the key scheduling aspect of LED and related key attacks which were neglected in the LED cipher. In this paper, we also aimed at providing robust architecture by reducing footprint area to as less as possible. By using the S-box of RECTANGLE and the bit slicing technique, clustering of linear and differential trails are avoided which also strengthens the cipher. S-box of RECTANGLE is perfectly interfaced with LED design as their combination results in a differential path probability which is has an upper bound of 2-50 in its first round. The use of Bit slicing technique in this hybrid design results in good differential and linear properties, which provide resistance to cache and timing attacks. LED cipher which uses S-box of PRESENT results in clustering of linear and differential trails as S-box of PRESENT is specifically designed for compact hardware implementation. Column wise substitution and robust S-box design of RECTANGLE will make LED design robust and secure and enables it to provide resistance against any type of attack. SPECK which is designed by NSA has compact key scheduling and is best suited for our hybrid design, which helps in improving key scheduling of LED. In this paper, we have introduced a novel approach for robust design by amalgam of S-box of RECTANGLE & LED structure, and key scheduling by SPECK. This hybrid cipher design is secure against linear and differential cryptanalysis.

In this paper, we propose a hybrid optimization algorithm based on Improved Differential Evolution (IDE) algorithm and Gaussian Process (GP). Firstly, the paper constructs the assessment index system using Fault Tree Analysis (FTA) based on the summary and classification of the factors that could affect the power system security. Secondly, establish the risk assessment model of power system security based on the hybrid optimization GP algorithm. Hyper-parameter of GP has a great influence on construction of evaluation model, while conjugate gradient method which is usually used has strong dependence on initial values and is easy to fall into local optimal solution. So the paper uses the IDE algorithm for the traditional Hyper-parameter optimization, then the optimal Hyper-parameter is used to construct evaluation model for power grid security risk assessment. In the process of improvement, this paper adds the local search (Bees accelerated evolution operation) and global search (Bees scout operation) thought of ABC algorithm into the DE algorithm to reduce the population size required by the algorithm. After that, do the risk assessment of power system by using the established assessment model. Finally, do the simulation experiments using the standard data IEEE-39 and IEEE-118 bus example, and besides compare the IDE-GP with other optimization model like ABC-GP, DE-GP, MA-GP, GA-GP, and the experimental results show that hybrid optimization algorithm has better performance in accuracy while the time-consuming difference is minor. The validity of the proposed method is also demonstrated.

With the development of the networks, the security of computer networks is becoming more and more serious. The information openness, sharing and interconnection are three important characteristics of computer networks. However, the amounts of intruders and attackers have been grows with the popularization of computers. Therefore, the focus of network security is preventing systems from being invaded effectively. Intrusion detection as a key technology of network security active defense system is designed to distinguish normal behaviors and attack behaviors. Intrusion detection is divided into misuse detection and anomaly detection, and using clustering algorithm is one of the most effective methods for anomaly detection. In this paper, a clustering algorithm based on fast search and find of density peaks is used to distinguish the normal and abnormal network connections to achieve the purpose of anomaly detection. The performance of the algorithm is tested by a data set selected from KDD CUP99. Experiment results show that this algorithm is more suitable than the traditional K-means in data sets containing a large amount of data and uneven density distribution.

This paper reviews An’s enhanced biometric-based user authentication protocol and shows that it is weak against the password guessing attack and has a problem of verification in the authentication phase. They are very important features to be secured to the user authentication protocol. Furthermore, this paper proposes an enhanced biometric-based user authentication protocol using non-tamper resistant smart cards to solve the problems in An’s protocol. The overall security analyses show that the proposed protocol could achieve the desired security goals.

For Parts of complex structures with multiple characteristics, traditional methods are often difficult and inefficient, so the three-dimensional detection techniques have been developed. But the detection used for the complex structural components still get some problems, such as : it’s difficult to collect data of complex structural components in the data collection process, because of size is always limited ; features of parts retained difficultly in data processing; there are many iterations and calculations in the optimization algorithm of geometric error evaluation, and the search direction is blind. In this paper, the improved colony algorithm is used to get the cylindrical error by establishing the mathematical model with the point cloud data that has been processed. First, collect data acquisition of more structural parts with hand-held laser scanners; Secondly, denoise and streamline the raw point cloud collected before, and then make registration and alignment with the actual CAD model of part; Finally, according to the resultant point cloud data above, in accordance with the principle of minimum condition assessment, establish evaluation model of cylinder error based on improved bee colony algorithm. Experimental results show that for various structural parts, the precision of this detection method is high enough, and detecting speed is also fast.

Biometric authentication is the use of unique human features to provide a secure, reliable and convenient access to an environment or a computer system. However, there are numerous security and privacy concerns associated with the use of biometrics as a means of authentication. Unprotected biometric data can be used by an impostor to impersonate legitimate uses, to violate their privacy and steal their identity. This paper proposes a simplified, secure and privacy-preserving authentication scheme for face biometric based on modified shielding function. The modified shielding function is a simplified version of the generic shielding function which does not require additional preprocessing steps of quantization and reliable bit selection. Rotation invariant neighbour-based local binary pattern (RINLBP) is used to extract fixed length binary features directly from pre-processed face images. RINLBP is simple to calculate and has good performance. It is also robust against changes in illumination and image rotation. Concatenated error correction technique is used to address errors due to noise and intra-class variation. The concatenated technique corrects errors both block and bit errors in contrast to the generic shielding function in which only bit level errors are corrected. Results of experiments based on 200 face images obtained from the CASIA near infrared face database show a false acceptance rate of 0.47% and a false rejection rate of 1.56%. Our scheme has a key length of 120 bits, which is higher than the minimum requirement of 50 bits for biometric keys. It also has a large key space and entropy which makes it less susceptible to guessing attack (Pr =0.008).

The widespread use of Radio Frequency Identification (RFID) technologies help to trace a large number of commodity and share the tag information in the supply chain system. However, many ownership transfer protocols are subject to various attacks. We analyze the security of two protocols. Even if the designers claim that their protocols are security, we find that their schemes suffer from forward traceability attacks and tracing attacks. In addition, we show that a weak attacker can retrieve the secrets of the tag with a probability 1 in Kardaş et al.’s protocol. To resist against these attacks, we present an improved scheme based on Kardaş et al.’s protocol by adopting the new key-update mechanism. In the end, we show the enhanced versions provides the forward and backward untraceable security properties.

With the rapid development of wireless technologies, Privacy of personal location information of a vehicle ad-hoc network (VANET) users is becoming an increasingly important issue. Services provided by Location based services to VANETs users can breached by Sybil attacks i.e. by malicious vehicles claim multiple identities at the same time. The prevention of these attacks, which could occur in or out of the Road Side Units (RSUs) coverage have a challenge to detect, as it should meet a compromise between the ability to identify the real identity of the malicious vehicle, and prevention of vehicle users from being tracked by malicious entities (i.e unauthorized users). This paper proposes a solution to prevent and detect Sybil attacks in VANETs. The identification of attackers is based on two types of authentication techniques. The first uses identification tags (for example: RFID etc.) embedded in the vehicle to authenticate them to the RSU and obtain short lifetime certificates. The second uses certificates to authenticate vehicles to their neighbors. The vehicular network is divided into different zones brought under the control of different certification authorities (CAs), forcing a vehicle to change its certificate when moving from a zone to another. One important characteristic of the proposed solution is that it prevents attackers from tracking the mobility of the vehicles. Avoiding false negatives is also addressed using observers (for example: software components in charge of monitoring) in vehicle nodes. A set of simulation scenarios also are conducted to evaluate the performance of the proposed solution. In last, this paper summarizes the comparison between our proposed approach and other various existed techniques to detect Sybil attacks in LBSs.

In order to monitor the running status of IaaS cloud computing platforms, performance metric data are collected to perform anomaly detection for IaaS cloud computing platforms and determine whether the IaaS cloud computing platforms fail to run normally. However, it is challenging to effectively detect performance anomalies from a large amount of noisy and high dimensional performance metric data. In this paper, an efficient anomaly detection scheme is proposed for IaaS cloud computing platforms. The proposed scheme first designs a global locality preserving projection algorithm to perform feature extraction on performance metric data, and then introduces a local outlier factor algorithm to detect anomalies. A series of experiments are conducted on a private cloud computing platform. Experimental results show that our proposed global locality preserving projection algorithm outperforms the principal components analysis algorithm and the locality preserving projection algorithm and our proposed anomaly detection scheme is better than the state-of-the-art schemes for IaaS cloud computing platforms.

In large distributed networks, many computers must be mutual coordination to complete some works under the certain conditions, these computers may come from different domains. For ensuring secure cross domains to access resources among these computers in different domains, this paper proposes a multi-domain union authentication protocol. The protocol adopts blind signature to achieve mutual authentication among entities in different domains. This scheme overcomes the complexity of certificate transmission and the network bottlenecks in the scheme of PKI-based. It can trace the entity identity and supports two-way entities anonymous authentication, which avoid the authority counterfeiting its member to access other domain’s resources. Analysis shows that its advantages on security and communication-consumption.

With the quick progress and extensive use of internet, information transmission faces confronts of security and unauthorized access of secret data. In this situation steganography is considered as gifted approach. Steganography is the science of hidden writing schemes in which the presence of concealed information is not noticeable. This paper is the detailed experimental analysis and review of “Increased Capacity of Information Hiding in Least Significant Bit Method” of steganography. Analysis is based on popular steganalysis tools, image quality measures, security analysis and worst case situation. Experimental result of selected method of steganography is compared with the basic LSB substitution method, direct LSB substitution for two bits, for three bits and for four bits. The results shows the clear evidences of the fact that increased capacity method have preference over the direct LSB substitution, two bit substitution, three bits substitution and four bits substitution. All these results are checked for both the color and grayscale images. Moreover this review and analysis could be a deep understanding of steganography and will be a helpful analysis for presenting new approaches in this field.

The traditional location privacy protection means mainly employs reliable central server framework, and it mainly applies the anonymous region meeting the k-anonymity at the anonymous server to replace the real location of users. However, the disadvantages of the central server, such as being attacked easily, high communication cost, etc. are disclosed accordingly. In addition, the anonymous method of most locations is oriented for the European style, and it is not applicable to the road network. In order to solve the above problem, virtual user group-based centerless server framework is proposed for solving the location privacy protection in road network. This algorithm mainly forms the virtual user group with several virtual users in several road segments of the road network, and replaces the real position of the user with a certain point in the section, so as to realize the k-anonymity of user position with the increment nearest neighbor query. Since the algorithm adopts the accurate increment nearest neighbor query method, it guarantees the service quality. The experiment proves that the algorithm can reduce the communication cost effectively and improve the application safety.

Although current online social networks (OSNs) schemes propose to encrypt data before sharing, the enforcement of access policies over encrypted data has become a challenging task, and the OSNs currently do not provide any mechanism to allow users to update access policies. In this paper, we propose a ciphertext sharing scheme in cloud-based OSNs, which allows the users to outsource encrypted data to the OSNs service provider for sharing. In order to meet the authorization requirement, we present a multiparty access control model based on ciphertext-policy attribute-based proxy re-encryption, which enables the access control of encrypted data associated with multiple users. On the basis of ciphertext-policy attribute-based encryption, the owners can customize the access policy of their own data. Based on proxy re-encryption, the disseminators such as friends and group members can further customize the access policy of the owners’ data upon existing access policy. Besides, we achieve immediate user revocation based on secret sharing without issuing new attribute secret keys to unrevoked users. The security and performance analysis show that our proposed scheme is secure, efficient and practical.

Remote user authentication schemes provide a system to verify the legitimacy of remote users’ login request over insecure communication channel. Since last few years many authentication schemes have been proposed including several new features and ideas. But, due to the advancement of computational process they are suffering from various possible attacks. This is the reason because of which attaining the security becomes a prime issue and major challenge among the researchers. In this paper, we have proposed a new user friendly authentication scheme that can provide the higher security at lower computational cost. This scheme provides extra level of security by adopting the user-defined image for password generation. Finally, the security analysis and performance evaluation are made to proof the efficiency of our scheme.

In information hiding field, the robustness is the important performance. However, due to embedding a larger amount of the watermark into host signal, transparency and robustness of the watermarked image cannot be easily obtained, simultaneously. Utilizing measurement values of original image to produce hiding information block-based Compressed Sensing (BCS) theory in DWT domain, the paper presents a robust information hiding scheme for protecting digital content. When the scheme is achieved, embedding locations of the hiding information will be selected by visual features and relation of DWT coefficients between subbands LH3 and LH2 of the host image. Moreover the mechanism of JND (just-noticeable distortion) was used to adjust the embedding watermark strength. Experimental results show that the scheme is more robust compared with other hiding algorithm reported, and improves effectively the recovery quality of the hidden image.

For frequency tracking problem of non-stationary signals in power grid, we propose a unscented Kalman filter (UKF) and the weighted phase difference smoothing algorithm. It improved poor initial conditions sensitive situations of robustness UKF. In order to improve the accuracy of the algorithm, real-time and noise immunity, a suboptimal multiple fading factor and weighted smoothing method is added to improve UKF for frequency tracking of power signals. At last, The simulation results are given. It shows that this method has better accurate, real-time tracking of various frequency power signal and its performance is superior to similar documents tracking algorithm.

Presently a number of techniques are used to restrict confidential image data from unauthorized access. In this paper, the authors have proposed an efficient lossless image cryptographic algorithm to transmit pictorial data securely. Initially we take a 64 bit key, we convert our decimal pixel value into binary 8 bits and we XOR the first 8 bits of the key with the pixel value. After that we take the next 8 bits of the key and XOR with the next pixel value. We perform the circular right shit operation when the key gets exhausted. We perform the first level haar wavelet decomposition thereafter. Dividing the LL1 into four equal sections we perform some swapping operations. Decryption follows the reverse of the encryption .Evaluation is done by some parametric tests which includes correlation analysis, NPCR, UACI readings etc. show that the proposed work is resilient and robust in the field of cryptography.

In Mobile Internet (MI), existing uncertain factors, such as randomness, fuzziness and unpredictability, brought many security issues to on-line transactions. In on-line transactions of the mobile commerce based on mobile Internet, the trust is the premise and key which makes transactions smoothly.. Trust measurement between entities involves in trading volume, transaction time, personal income of consumer entity and its risk attitude to trust, and so on, which is difficult to be given accurately quantitative calculation. To find out the essential features of this kind of trust relationship, combined with cognitive theory and methods of social network in real life, in the research background of mobile commerce in Mobile Internet, by the research on problems in MI, such as trust, influencing factors to trust and trust mechanism, based on multi-Agent system coordination theory, a dynamic trust calculation model based on mobile Agent is given. The model can achieve the qualitative and quantitative conversion of trust. In order to effectively prevent credit speculation and fraud of malicious user, the paper presents evaluation methods of special attributes and punishment methods of. trust. To implement incentive mechanism for achieving credibility, the paper defines the time-sensitive functions, which makes dynamic attenuation of the trust. The existing trust assignment methods of new users are improved, and a new method is proposed which sets dynamically initial trust of new users based on minimum trust of the previous system, and effectively resists moral hazard of discarding reputation information. Through leading the evaluation system of trading and weighting system into the multi-factor mechanism, the model reflects better the impact of subjective factors on trust calculation, such as individual preferences, risk attitudes, enhances the sensitivity of the trust algorithm on single property of transaction. The detailed theoretical analysis and simulation results show that the mechanism can effectively reveal and resolve the trust computing problem of mobile network transactions and provides a valuable new idea to transaction security in MI.

The topic of unrepairable system is an important content in system reliability theory. There are many reasons cannot be repaired, some because of technical reasons, cannot repair, some because of economic reasons, not worth to repair, and some because of making repairable system simplification. So it is essential to pay attention to unrepairable systems. In this paper, the lifetimes of unrepairable systems are considered as uncertain variables. Based on that, the fundamental mathematical models of series systems, parallel systems, series-parallel systems and parallel-series systems are established, respectively. Furthermore, we make reliability analysis of above four unrepairable systems, respectively. Some numerical examples are also given for illustration.

DNS is an integral part of the internet infrastructure. It’s one of the principal elements in all IP communications. Since its invention in 1983, the protocol has evolved to overcome its various limitations. This article proposes a new solution to secure DNS protocol which consists on encrypting query in DNS message between ‘master’ and ‘slave’ servers. We will see first an overview of the name resolution via DNS protocol. We will give the basic information about the resolution process in DNS. Then, we will expose some DNS vulnerabilities such as the creation or modification of messages and cache poisoning. After that, we will propose a new solution that will help to ensure the confidentiality in exchanges between DNS server and client and will also ensure the availability of the DNS architecture. Finally, we will conclude with an analysis of the benefits and the weaknesses of this solution.

The technique of model checking is playing a more and more important role in formal verification and automated software testing. When using the model checker tool NuSMV, people have to program the code for the model they built firstly. During the course of programming with the input language of NuSMV, for non-expert users, some manual mistakes may be brought in such as making syntax errors or omitting some transfer conditions etc. This paper introduces a tool XMI2SMV which is an automatic generator to be used to generate NuSMV programming codes for XMI files. This tool aims to bridge between a UML tool and the model checker tool NuSMV. We just need build our behavioral system model using a UML tool and export its corresponding XMI file, and this tool can help us to generate NuSMV code automatically, avoiding manual errors.